Overview

File python3-lxml.spec of Package python3-lxml

%global modname lxml

Name:           python3-%{modname}
Version:        4.2.5
Release:        5%{?dist}
Summary:        XML processing library combining libxml2/libxslt with the ElementTree API

License:        BSD
URL:            http://lxml.de
Source0:        http://lxml.de/files/%{modname}-%{version}.tgz

# Fix for CVE-2020-27783: mXSS due to the use of improper parser
# Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1901633
# Two upstream commits combined:
#   Version 4.6.1: https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e
#   Version 4.6.2: https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7
Patch0:         python-lxml-4.2.5-CVE-2020-27783.patch

# Fix for CVE-2021-28957: missing input sanitization
# for formaction HTML5 attributes which may lead to XSS
# Fixed upstream: https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
Patch1:         python-lxml-4.2.5-CVE-2021-28957.patch
 
# Fix for CVE-2021-43818: HTML Cleaner allows crafted
# and SVG embedded scripts to pass through
# Fixed upstream:
# https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a
# https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0
Patch2:         python-lxml-4.2.5-CVE-2021-43818.patch
 
# Make test more resilient against changes in latest libxslt releases
# Fixed upstream: https://github.com/lxml/lxml/commit/acef361ca80ff9afd828d91c98ea91c92f9d09af
Patch3:         python-lxml-4.2.5-fix-threading-tests.patch

BuildRequires:  gcc
BuildRequires:  libxml2-devel
BuildRequires:  libxslt-devel

%global _description \
lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It\
provides safe and convenient access to these libraries using the ElementTree It\
extends the ElementTree API significantly to offer support for XPath, RelaxNG,\
XML Schema, XSLT, C14N and much more. To contact the project, go to the project\
home page < or see our bug tracker at case you want to use the current ...

%description %{_description}

# Mainline Python 3 subpackage
%global python3_name %{expand:python%{python3_pkgversion}-%{modname}}
%package -n     %{python3_name}
Summary:        %{summary}
BuildRequires:  python34-devel
BuildRequires:  python34-setuptools
BuildRequires:  python34-Cython
# Skip optional libraries for the moment: cssselect is totally optional (and
# rarely used), html5lib and beautifulsoup4 are used only for HTML support,
# while primary use of lxml is processing XML.
#Requires:       python%{python3_pkgversion}-cssselect
#Requires:       python%{python3_pkgversion}-html5lib
#Requires:       python%{python3_pkgversion}-beautifulsoup4
%{?python_provide:%python_provide %{python3_name}}

%description -n %{python3_name} %{_description}

Python 3 version.

# Alternative Python 3 subpackage
%if %{with python3_other}
%global python3_other_name %{expand:python%{python3_other_pkgversion}-%{modname}}
%package -n    %{python3_other_name}
Summary:       %{summary}
BuildRequires:  python%{python3_other_pkgversion}-devel
BuildRequires:  python%{python3_other_pkgversion}-setuptools
BuildRequires:  python%{python3_other_pkgversion}-Cython
# Skip optional libraries for the moment: cssselect is totally optional (and
# rarely used), html5lib and beautifulsoup4 are used only for HTML support,
# while primary use of lxml is processing XML.
#Requires:       python%{python3_other_pkgversion}-cssselect
#Requires:       python%{python3_other_pkgversion}-html5lib
#Requires:       python%{python3_other_pkgversion}-beautifulsoup4
%{?python_provide:%python_provide %{python3_other_name}}

%description -n %{python3_other_name} %{_description}

Python 3 version.
%endif

%prep
%autosetup -n %{modname}-%{version} -p1

%build
export WITH_CYTHON=true
%py3_build
%{?with_python3_other:%py3_other_build}

%install
%if %{with python3_other}
%py3_other_install
%endif
%py3_install

#%check
#%{__python3} setup.py test



%files -n %{python3_name}
#%license doc/licenses/ZopePublicLicense.txt LICENSES.txt
#%doc README.rst src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt
%{python3_sitearch}/%{modname}/
%{python3_sitearch}/%{modname}-*.egg-info/

%if %{with python3_other}
%files -n %{python3_other_name}
#%license doc/licenses/ZopePublicLicense.txt LICENSES.txt
#%doc README.rst src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt
%{python3_other_sitearch}/%{modname}/
%{python3_other_sitearch}/%{modname}-*.egg-info/
%endif

%changelog
* Tue May 10 2022 Robert Scheck <robert@fedoraproject.org> - 4.2.5-5
- Add patch to fix pass through of certain crafted script content
  and SVG embedded scripts via HTML Cleaner in lxml.html (#2032569)
openSUSE Build Service is sponsored by
Places