Update to 4.6.5

Fixes CVE-2021-43818 Resolves: rhbz#2032572
2022-01-06 16:38:36 +01:00
9 changed files with 34 additions and 156 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -1 +0,0 @@
-1
--- a/.gitignore
+++ b/.gitignore
@ -56,5 +56,4 @@ lxml-2.2.7.tar.gz.asc
 /lxml-4.5.1.tgz
 /lxml-4.6.2.tar.gz
 /lxml-4.6.3.tar.gz
-/lxml-4.7.1.tar.gz
-/lxml-4.9.1.tar.gz
+/lxml-4.6.5.tar.gz
--- a/ci.fmf
+++ b/ci.fmf
@ -1 +0,0 @@
-resultsdb-testcase: separate
--- a/fix-namespace-count.patch
+++ b/fix-namespace-count.patch
@ -1,53 +0,0 @@
-From c742576c105f40fc8b754fcae56fee4aa35840a3 Mon Sep 17 00:00:00 2001
-From: Stefan Behnel <stefan_ml@behnel.de>
-Date: Tue, 19 Jul 2022 08:25:20 +0200
-Subject: [PATCH] Work around libxml2 bug in affected versions that failed to
- reset the namespace count in the parser context.
-
-See https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
---
- src/lxml/includes/xmlparser.pxd | 1 +
- src/lxml/parser.pxi             | 3 +++
- src/lxml/tests/test_etree.py    | 3 +--
- 3 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/lxml/includes/xmlparser.pxd b/src/lxml/includes/xmlparser.pxd
-index a196e34bd..45acfc846 100644
--- a/src/lxml/includes/xmlparser.pxd
-+++ b/src/lxml/includes/xmlparser.pxd
-@@ -144,6 +144,7 @@ cdef extern from "libxml/parser.h":
-         void* userData
-         int* spaceTab
-         int spaceMax
-+        int nsNr
-         bint html
-         bint progressive
-         int inSubset
-diff --git a/src/lxml/parser.pxi b/src/lxml/parser.pxi
-index f5baf29b9..f0c8c6b64 100644
--- a/src/lxml/parser.pxi
-+++ b/src/lxml/parser.pxi
-@@ -569,6 +569,9 @@ cdef class _ParserContext(_ResolverContext):
-                 self._c_ctxt.disableSAX = 0 # work around bug in libxml2
-             else:
-                 xmlparser.xmlClearParserCtxt(self._c_ctxt)
-+                # work around bug in libxml2 [2.9.10 .. 2.9.14]:
-+                # https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
-+                self._c_ctxt.nsNr = 0
- 
-     cdef int prepare(self, bint set_document_loader=True) except -1:
-         cdef int result
-diff --git a/src/lxml/tests/test_etree.py b/src/lxml/tests/test_etree.py
-index 8bf82c084..0339796d6 100644
--- a/src/lxml/tests/test_etree.py
-+++ b/src/lxml/tests/test_etree.py
-@@ -1491,8 +1491,7 @@ def test_walk_after_parse_failure(self):
-             # This would be the expected result, because there was no namespace
-             pass
-         else:
-            # This is a bug in libxml2
-            assert not ns, repr(ns)
-+            assert False, "Found unexpected namespace '%s'" % ns
- 
-     def test_itertext_comment_pi(self):
-         # https://bugs.launchpad.net/lxml/+bug/1844674
--- a/gating.yaml
+++ b/gating.yaml
@ -1,8 +0,0 @@
--- !Policy
-product_versions:
-  - fedora-*
-decision_contexts:
-  - bodhi_update_push_testing
-  - bodhi_update_push_stable
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/smoke.functional}
--- a/plans/etree-fromstring.py
+++ b/plans/etree-fromstring.py
@ -1,7 +0,0 @@
-import lxml.etree as et
-s = '<foo><bar baz="xyzzy">a<![CDATA[b]]>c</bar></foo>'
-x = et.fromstring(s)
-t = x.find('bar').text
-print(t)
-if t != 'abc':
-    raise Exception()
--- a/plans/smoke.fmf
+++ b/plans/smoke.fmf
@ -1,12 +0,0 @@
-summary: Basic smoke test
-discover:
-  how: shell
-  tests:
-    - name: /smoke/import-python-module
-      test: |
-        python3 -c 'import importlib as il; print(il.import_module("lxml"))'
-    - name: /smoke/etree-fromstring
-      test: |
-        python3 plans/etree-fromstring.py
-execute:
-  how: tmt
--- a/python-lxml.spec
+++ b/python-lxml.spec
@ -1,113 +1,74 @@
-Name:           python-lxml
-Version:        4.9.1
+%global modname lxml
+
+Name:           python-%{modname}
+Version:        4.6.5
 Release:        1%{?dist}
 Summary:        XML processing library combining libxml2/libxslt with the ElementTree API

-# The lxml project is licensed under BSD-3-Clause
+# The lxml project is licensed under BSD
 # Some code is derived from ElementTree and cElementTree
-# thus using the MIT-CMU elementtree license
-# .xsl schematron files are under the MIT license
-License:        BSD-3-Clause AND MIT-CMU AND MIT
+# thus using the MIT-like elementtree license
+# .xsl schematron files are under the MIT and zlib license
+License:        BSD and MIT and zlib
 URL:            https://github.com/lxml/lxml
-Source:         %{pypi_source lxml}
-
-# Work around libxml2 bug in affected versions that failed to reset the
-# namespace count in the parser context.
-# Resolved upstream: https://github.com/lxml/lxml/commit/c742576c105f40fc8b754fcae56fee4aa35840a3
-Patch:          fix-namespace-count.patch
+Source0:        %{pypi_source %{modname}}

 BuildRequires:  gcc
 BuildRequires:  libxml2-devel
 BuildRequires:  libxslt-devel
-BuildRequires:  python3-devel
-
-# It is a good idea to BuildRequire the runtime requirements of the [extras] we build.
-# That way, we ensure all the [extras] we build are installable,
-# and we possibly run tests that would otherwise be skipped.
-# However, some of the extras here create a dependency loop.
-# - [cssselect] Requires cssselect BuildRequires lxml
-# - [html5] Requires html5lib BuildRequires lxml
-# - [htmlsoup] Requires beautifulsoup4 Requires lxml
-# Hence we provide a bcond to disable this buildtime requirement.
-%bcond buildrequire_extras 1

 %global _description \
 lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It\
 provides safe and convenient access to these libraries using the ElementTree It\
 extends the ElementTree API significantly to offer support for XPath, RelaxNG,\
-XML Schema, XSLT, C14N and much more.
+XML Schema, XSLT, C14N and much more.To contact the project, go to the project\
+home page < or see our bug tracker at case you want to use the current ...

 %description %{_description}

-%package -n     python3-lxml
+%package -n     python3-%{modname}
 Summary:        %{summary}
-Suggests:       python3-lxml+cssselect
-Suggests:       python3-lxml+html5
-Suggests:       python3-lxml+htmlsoup
+BuildRequires:  python3-devel
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-Cython
+Suggests:       python%{python3_version}dist(cssselect) >= 0.7
+Suggests:       python%{python3_version}dist(html5lib)
+Suggests:       python%{python3_version}dist(beautifulsoup4)
+%{?python_provide:%python_provide python3-%{modname}}

-%description -n python3-lxml %{_description}
+%description -n python3-%{modname} %{_description}

 Python 3 version.

-%pyproject_extras_subpkg -n python3-lxml cssselect html5 htmlsoup
-
 %prep
-%autosetup -n lxml-%{version} -p1
-
-%generate_buildrequires
-%pyproject_buildrequires -x source%{?with_buildrequire_extras:,cssselect,html5,htmlsoup}
+%autosetup -n %{modname}-%{version} -p1
 # Remove pregenerated Cython C sources
-# We need to do this after %%pyproject_buildrequires because setup.py errors
-# without Cython and without the .c files.
-find -type f -name '*.c' -print -delete >&2
+find -type f -name '*.c' -print -delete

 %build
-export WITH_CYTHON=true
-%pyproject_wheel
+env WITH_CYTHON=true %py3_build

 %install
-%pyproject_install
-%pyproject_save_files lxml
+%py3_install

 %check
 # The tests assume inplace build, so we copy the built library to source-dir.
 # If not done that, Python can either import the tests or the extension modules, but not both.
-cp -a build/lib.%{python3_platform}-*/* src/
+cp -a build/lib.%{python3_platform}-%{python3_version}/* src/
 # The options are: verbose, unit, functional
 %{python3} test.py -vuf

-%files -n python3-lxml -f %{pyproject_files}
-%license doc/licenses/BSD.txt doc/licenses/elementtree.txt
+%files -n python3-%{modname}
+%license LICENSES.txt doc/licenses/BSD.txt doc/licenses/elementtree.txt
 %doc README.rst src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt
+%{python3_sitearch}/%{modname}/
+%{python3_sitearch}/%{modname}-*.egg-info/

 %changelog
-* Wed Sep 14 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.9.1-1
- Update to 4.9.1
- Fix for CVE-2022-2309
- Resolves: rhbz#2107571, rhbz#2110131
-
-* Wed Aug 31 2022 Miro Hrončok <mhroncok@redhat.com> - 4.7.1-6
- Use SPDX license identifiers
- The schematron files are not Zlib licensed, but MIT
- Package the lxml[cssselect], lxml[html5] and lxml[htmlsoup] extras
-
-* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.7.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Wed Jun 22 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.7.1-4
- Fix FTBFS with setuptools >= 62.1
- Resolves: rhbz#2097102
-
-* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 4.7.1-3
- Rebuilt for Python 3.11
-
-* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Thu Jan 06 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.7.1-1
- Update to 4.7.1
+* Thu Jan 06 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.6.5-1
+- Update to 4.6.5
 - Fixes CVE-2021-43818
- Resolves: rhbz#2031686, rhbz#2032572
+- Resolves: rhbz#2032572

 * Fri Nov 26 2021 Miro Hrončok <mhroncok@redhat.com> - 4.6.3-5
 - Run the tests during build
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (lxml-4.9.1.tar.gz) = d7ec55c7db2c63a716ca5f4d833706d90fc76c944885e010fcdb96786bcfe796994e438450cf4e8e6e75d702e21fb16971f28f854d7a1f76c34e4ae315414d84
+SHA512 (lxml-4.6.5.tar.gz) = b9d2398b7c50539add66a82635fc869694d0a9facf17fc0f4182f2449f6a226e19007b48036f954637651e3319d2f877f38d667bcd414a6c6b72850b710a306b