2014-02-04 16:50:02 +01:00
|
|
|
#
|
2017-01-31 15:30:48 +01:00
|
|
|
# spec file for package python-defusedxml
|
2014-02-04 16:50:02 +01:00
|
|
|
#
|
2021-03-08 09:11:12 +01:00
|
|
|
# Copyright (c) 2021 SUSE LLC
|
2014-02-04 16:50:02 +01:00
|
|
|
#
|
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2018-12-04 14:23:01 +01:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2014-02-04 16:50:02 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
2017-04-18 22:34:02 +02:00
|
|
|
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
|
2018-12-04 18:12:02 +01:00
|
|
|
%bcond_without tests
|
2014-02-04 16:50:02 +01:00
|
|
|
Name: python-defusedxml
|
2021-03-23 22:04:51 +01:00
|
|
|
Version: 0.7.1
|
2014-02-04 16:50:02 +01:00
|
|
|
Release: 0
|
|
|
|
|
Summary: XML bomb protection for Python stdlib modules
|
|
|
|
|
License: Python-2.0
|
|
|
|
|
Group: Development/Languages/Python
|
2018-12-04 18:12:02 +01:00
|
|
|
URL: https://pypi.python.org/pypi/defusedxml
|
2017-04-20 00:20:29 +02:00
|
|
|
Source: https://files.pythonhosted.org/packages/source/d/defusedxml/defusedxml-%{version}.tar.gz
|
2017-04-18 22:34:02 +02:00
|
|
|
BuildRequires: %{python_module setuptools}
|
2021-05-18 11:33:28 +02:00
|
|
|
# SECTION test requirements
|
|
|
|
|
BuildRequires: %{python_module lxml}
|
|
|
|
|
BuildRequires: %{python_module pytest}
|
2017-04-18 22:34:02 +02:00
|
|
|
BuildRequires: %{python_module xml}
|
2021-05-18 11:33:28 +02:00
|
|
|
# /SECTION
|
2018-12-04 14:23:01 +01:00
|
|
|
BuildRequires: fdupes
|
|
|
|
|
BuildRequires: python-rpm-macros
|
2017-01-31 15:30:48 +01:00
|
|
|
Requires: python-xml
|
2014-02-04 16:50:02 +01:00
|
|
|
BuildArch: noarch
|
2017-04-18 22:34:02 +02:00
|
|
|
%python_subpackages
|
2014-02-04 16:50:02 +01:00
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
The results of an attack on a vulnerable XML library can be fairly dramatic.
|
|
|
|
|
With just a few hundred bytes of XML data an attacker can occupy several
|
|
|
|
|
gigabytes of memory within seconds. An attacker can also keep
|
|
|
|
|
CPUs busy for a long time with a small to medium size request.
|
|
|
|
|
|
|
|
|
|
This library allows for XML to be parsed in a manner that avoids these
|
|
|
|
|
pitfalls.
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%setup -q -n defusedxml-%{version}
|
|
|
|
|
|
|
|
|
|
%build
|
2017-04-18 22:34:02 +02:00
|
|
|
%python_build
|
2014-02-04 16:50:02 +01:00
|
|
|
|
|
|
|
|
%install
|
2017-04-18 22:34:02 +02:00
|
|
|
%python_install
|
|
|
|
|
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
2014-02-04 16:50:02 +01:00
|
|
|
|
2017-04-18 22:34:02 +02:00
|
|
|
%if %{with tests}
|
2014-02-04 16:50:02 +01:00
|
|
|
%check
|
2021-05-18 11:33:28 +02:00
|
|
|
# see test_main() in tests.py; test_html_arg: deprecation warning is not raised, perhaps capturing wrongly setup?
|
|
|
|
|
usable_tests=$(grep addTests tests.py | sed 's:.*makeSuite(\([a-zA-Z]*\)).*:\1:' | tr '\n' ' ' | sed -e 's: $::' -e 's: : or :g')
|
|
|
|
|
%pytest -s -k "($usable_tests) and not test_html_arg"
|
2017-04-18 22:34:02 +02:00
|
|
|
%endif
|
2014-02-04 16:50:02 +01:00
|
|
|
|
2017-04-18 22:34:02 +02:00
|
|
|
%files %{python_files}
|
2018-12-04 18:12:02 +01:00
|
|
|
%license LICENSE
|
|
|
|
|
%doc README.txt CHANGES.txt
|
2014-02-04 16:50:02 +01:00
|
|
|
%{python_sitelib}/*
|
|
|
|
|
|
|
|
|
|
%changelog
|
