Accepting request 1219092 from devel:languages:python

OBS-URL: https://build.opensuse.org/request/show/1219092
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-xmltodict?expand=0&rev=10

python-xmltodict.changes

@@ -1,64 +1,3 @@
--------------------------------------------------------------------
-Mon Nov 24 09:03:54 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
-
-- Update to 1.0.2
-  * allow DOCTYPE with disable_entities=True (default)
-- from version 1.0.1
-  * fail closed when entities disabled
-  * validate XML comments
-  * add SECURITY.md
-  * clarify behavior for empty lists
-  * clarify process_comments docs
-  * clarify strip whitespace comment behavior
-  * create AGENTS.md for coding agents
-  * replace travis with actions badge
-  * update CONTRIBUTING.md
-- Drop skip-tests-expat-245.patch, no longer required
-
--------------------------------------------------------------------
-Fri Sep 12 19:34:16 UTC 2025 - Martin Hauke <mardnh@gmx.de>
-
-- Update to version 1.0.0
-  BREAKING CHANGES
-  * modernize for Python 3.9+; drop legacy compat paths.
-  Features
-  * unparse: add limited XML comment round-trip; unify _emit
-    behavior (e43537e).
-  * unparse: add selective force_cdata support
-    (bool/tuple/callable) (a497fed), closes #375.
-  Bug Fixes
-  * namespaces: attach [@xmlns](https://github.com/xmlns) to
-    declaring element when process_namespaces=True.
-  * streaming: avoid parent accumulation at item_depth; add
-    regression tests (220240c).
-  * unparse: handle non-string #text with attributes; unify
-    value conversion (927a025).
-  * unparse: skip empty lists to keep pretty/compact outputs
-    consistent (ab4c86f).
-  Reverts
-  * remove initial Release Drafter config (c0b74ed).
-
--------------------------------------------------------------------
-Tue Sep  9 07:46:33 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
-
-- Update to version 0.15.1
-  * Security: Further harden XML injection prevention during unparse (follow-up
-    to v0.15.0). In addition to '<'/'>' rejection, now also reject element and
-    attribute names (including `@xmlns` prefixes) that:
-    - start with '?' or '!'
-    - contain '/' or any whitespace
-    - contain quotes (' or ") or '='
-    - are non-strings (names must be `str`; no coercion)
-
--------------------------------------------------------------------
-Mon Sep  8 11:26:39 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
-
-- Update to version 0.15.0
-  * Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in
-    element and attribute names (including `@xmlns` prefixes) during unparse.
-    This limits validation to avoiding tag-context escapes; attribute values
-    continue to be escaped by the SAX `XMLGenerator`. (bsc#1249036, CVE-2025-9375)
-
 -------------------------------------------------------------------
 Tue Oct 29 16:11:13 UTC 2024 - Martin Hauke <mardnh@gmx.de>
 

python-xmltodict.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-xmltodict
 #
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,12 +18,13 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-xmltodict
-Version:        1.0.2
+Version:        0.14.2
 Release:        0
 Summary:        Module to make XML working resemble JSON
 License:        MIT
 URL:            https://github.com/martinblech/xmltodict
 Source:         https://files.pythonhosted.org/packages/source/x/xmltodict/xmltodict-%{version}.tar.gz
+Patch0:         skip-tests-expat-245.patch
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module setuptools}

skip-tests-expat-245.patch

@@ -0,0 +1,28 @@
+Index: xmltodict-0.12.0/tests/test_xmltodict.py
+===================================================================
+--- xmltodict-0.12.0.orig/tests/test_xmltodict.py
++++ xmltodict-0.12.0/tests/test_xmltodict.py
+@@ -8,6 +8,7 @@ except ImportError:
+ 
+ from xml.parsers.expat import ParserCreate
+ from xml.parsers import expat
++import pyexpat
+ 
+ 
+ def _encode(s):
+@@ -167,6 +168,7 @@ class XMLToDictTestCase(unittest.TestCas
+         self.assertEqual(parse(xml),
+                          parse(xml.encode('utf-8')))
+ 
++    @unittest.skipIf(pyexpat.version_info >= (2, 4, 5), reason="Makes no sense with current Expat")
+     def test_namespace_support(self):
+         xml = """
+         <root xmlns="http://defaultns.com/"
+@@ -195,6 +197,7 @@ class XMLToDictTestCase(unittest.TestCas
+         res = parse(xml, process_namespaces=True)
+         self.assertEqual(res, d)
+ 
++    @unittest.skipIf(pyexpat.version_info >= (2, 4, 5), reason="Makes no sense with current Expat")
+     def test_namespace_collapse(self):
+         xml = """
+         <root xmlns="http://defaultns.com/"

xmltodict-1.0.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:54306780b7c2175a3967cad1db92f218207e5bc1aba697d887807c0fb68b7649
-size 25725