Accepting request 943802 from devel:languages:python

- update to 4.6.5 (bsc#1193752, CVE-2021-43818): * A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images. * A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs. OBS-URL: https://build.opensuse.org/request/show/943802 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-lxml?expand=0&rev=87
2022-01-07 11:44:35 +00:00 · 2022-01-07 11:44:35 +00:00 · dff286884d
commit dff286884d
parent e3e4edec2f 0a81b21484
4 changed files with 15 additions and 6 deletions
--- a/lxml-4.6.4.tar.gz
+++ b/lxml-4.6.4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:daf9bd1fee31f1c7a5928b3e1059e09a8d683ea58fb3ffc773b6c88cb8d1399c
-size 3177833
--- a/lxml-4.6.5.tar.gz
+++ b/lxml-4.6.5.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6e84edecc3a82f90d44ddee2ee2a2630d4994b8471816e226d2b771cda7ac4ca
+size 3188254
--- a/python-lxml.changes
+++ b/python-lxml.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Jan  4 16:03:54 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 4.6.5 (bsc#1193752, CVE-2021-43818):
+  * A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
+    content through SVG images.
+  * A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
+    content through CSS imports and other crafted constructs.
+
 -------------------------------------------------------------------
 Wed Nov 24 21:23:34 UTC 2021 - Dirk Müller <dmueller@suse.com>

--- a/python-lxml.spec
+++ b/python-lxml.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-lxml
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@

 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-lxml
-Version:        4.6.4
+Version:        4.6.5
 Release:        0
 Summary:        Pythonic XML processing library
 License:        BSD-3-Clause AND GPL-2.0-or-later
@ -30,7 +30,7 @@ BuildRequires:  %{python_module Cython >= 0.29.7}
 BuildRequires:  %{python_module cssselect >= 0.9.1}
 BuildRequires:  %{python_module setuptools >= 18.0.1}
 BuildRequires:  fdupes
-BuildRequires:  libxml2-devel >= 2.7.0
+BuildRequires:  libxml2-devel >= 2.9.5
 BuildRequires:  libxslt-devel >= 1.1.23
 BuildRequires:  python-rpm-macros
 Requires:       python-cssselect >= 0.9.1