diff --git a/.babel.metadata b/.babel.metadata deleted file mode 100644 index 71eaf65..0000000 --- a/.babel.metadata +++ /dev/null @@ -1 +0,0 @@ -5605f75353368d32500afb30e60fc8f0edbca506 SOURCES/Babel-2.7.0.tar.gz diff --git a/.gitignore b/.gitignore index 3b8030b..54ebb4b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/Babel-2.7.0.tar.gz +Babel-2.13.1.tar.gz diff --git a/SOURCES/CVE-2021-20095.patch b/SOURCES/CVE-2021-20095.patch deleted file mode 100644 index f26a334..0000000 --- a/SOURCES/CVE-2021-20095.patch +++ /dev/null @@ -1,128 +0,0 @@ -diff --git a/babel/localedata.py b/babel/localedata.py -index e012abb..dea0a0f 100644 ---- a/babel/localedata.py -+++ b/babel/localedata.py -@@ -13,6 +13,8 @@ - """ - - import os -+import re -+import sys - import threading - from itertools import chain - -@@ -22,6 +24,7 @@ from babel._compat import pickle, string_types, abc - _cache = {} - _cache_lock = threading.RLock() - _dirname = os.path.join(os.path.dirname(__file__), 'locale-data') -+_windows_reserved_name_re = re.compile("^(con|prn|aux|nul|com[0-9]|lpt[0-9])$", re.I) - - - def normalize_locale(name): -@@ -38,6 +41,22 @@ def normalize_locale(name): - return locale_id - - -+def resolve_locale_filename(name): -+ """ -+ Resolve a locale identifier to a `.dat` path on disk. -+ """ -+ -+ # Clean up any possible relative paths. -+ name = os.path.basename(name) -+ -+ # Ensure we're not left with one of the Windows reserved names. -+ if sys.platform == "win32" and _windows_reserved_name_re.match(os.path.splitext(name)[0]): -+ raise ValueError("Name %s is invalid on Windows" % name) -+ -+ # Build the path. -+ return os.path.join(_dirname, '%s.dat' % name) -+ -+ - def exists(name): - """Check whether locale data is available for the given locale. - -@@ -49,7 +68,7 @@ def exists(name): - return False - if name in _cache: - return True -- file_found = os.path.exists(os.path.join(_dirname, '%s.dat' % name)) -+ file_found = os.path.exists(resolve_locale_filename(name)) - return True if file_found else bool(normalize_locale(name)) - - -@@ -102,6 +121,7 @@ def load(name, merge_inherited=True): - :raise `IOError`: if no locale data file is found for the given locale - identifer, or one of the locales it inherits from - """ -+ name = os.path.basename(name) - _cache_lock.acquire() - try: - data = _cache.get(name) -@@ -119,7 +139,7 @@ def load(name, merge_inherited=True): - else: - parent = '_'.join(parts[:-1]) - data = load(parent).copy() -- filename = os.path.join(_dirname, '%s.dat' % name) -+ filename = resolve_locale_filename(name) - with open(filename, 'rb') as fileobj: - if name != 'root' and merge_inherited: - merge(data, pickle.load(fileobj)) -diff --git a/tests/test_localedata.py b/tests/test_localedata.py -index dbacba0..4730096 100644 ---- a/tests/test_localedata.py -+++ b/tests/test_localedata.py -@@ -11,11 +11,17 @@ - # individuals. For the exact contribution history, see the revision - # history and logs, available at http://babel.edgewall.org/log/. - -+import os -+import pickle -+import sys -+import tempfile - import unittest - import random - from operator import methodcaller - --from babel import localedata -+import pytest -+ -+from babel import localedata, Locale, UnknownLocaleError - - - class MergeResolveTestCase(unittest.TestCase): -@@ -131,3 +137,34 @@ def test_locale_identifiers_cache(monkeypatch): - localedata.locale_identifiers.cache = None - assert localedata.locale_identifiers() - assert len(listdir_calls) == 2 -+ -+ -+def test_locale_name_cleanup(): -+ """ -+ Test that locale identifiers are cleaned up to avoid directory traversal. -+ """ -+ no_exist_name = os.path.join(tempfile.gettempdir(), "babel%d.dat" % random.randint(1, 99999)) -+ with open(no_exist_name, "wb") as f: -+ pickle.dump({}, f) -+ -+ try: -+ name = os.path.splitext(os.path.relpath(no_exist_name, localedata._dirname))[0] -+ except ValueError: -+ if sys.platform == "win32": -+ pytest.skip("unable to form relpath") -+ raise -+ -+ assert not localedata.exists(name) -+ with pytest.raises(IOError): -+ localedata.load(name) -+ with pytest.raises(UnknownLocaleError): -+ Locale(name) -+ -+ -+@pytest.mark.skipif(sys.platform != "win32", reason="windows-only test") -+def test_reserved_locale_names(): -+ for name in ("con", "aux", "nul", "prn", "com8", "lpt5"): -+ with pytest.raises(ValueError): -+ localedata.load(name) -+ with pytest.raises(ValueError): -+ Locale(name) diff --git a/SPECS/babel.spec b/babel.spec similarity index 63% rename from SPECS/babel.spec rename to babel.spec index 35432d2..ec60bb9 100644 --- a/SPECS/babel.spec +++ b/babel.spec @@ -1,58 +1,48 @@ -%global srcname Babel -%global sum Library for internationalizing Python applications - # There is some bootstrapping involved when upgrading Python 3 # First of all we need babel (this package) to use sphinx # And pytest is at this point not yet ready -%bcond_without bootstrap +%bcond bootstrap 0 -%bcond_with python2 +# Since babel 2.12, the pytz dependency is optional. +# However, pytz is preferred when installed. +# Running tests with pytz is optional as well. +# We don't want to pull pytz into ELN/RHEL just to test integration with it, +# but we don't want to ship babel in Fedora with an untested default, +# so we make the dependency conditional. +# Ideally, the dependency would be conditional on pytz availability in the repo, +# but that's not possible in 2023 yet. +# Additionally, the date/time tests require freezegun, which is unwanted in RHEL. +%bcond datetime_tests %{undefined rhel} Name: babel -Version: 2.7.0 -Release: 11%{?dist} +Version: 2.13.1 +Release: 5%{?dist} Summary: Tools for internationalizing Python applications -License: BSD -URL: http://babel.pocoo.org/ -Source0: https://files.pythonhosted.org/packages/source/B/%{srcname}/%{srcname}-%{version}.tar.gz - -# Fix CVE-2021-20095: relative path traversal allows an attacker to load -# arbitrary locale files on disk and execute arbitrary code -# Resolved upstream: https://github.com/python-babel/babel/pull/782/ -# CVE bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1955615 -Patch1: CVE-2021-20095.patch +License: BSD-3-Clause +URL: https://babel.pocoo.org/ +Source: %{pypi_source Babel} BuildArch: noarch -# Exclude i686 arch. Due to a modularity issue it's being added to the -# x86_64 compose of CRB, but we don't want to ship it at all. -# See: https://projects.engineering.redhat.com/browse/RCM-72605 -ExcludeArch: i686 -%if %{with python2} -BuildRequires: python2-devel -BuildRequires: python2-setuptools -%if %{with python2_pytest} -BuildRequires: python2-pytz -BuildRequires: python2-pytest -BuildRequires: python2-freezegun -%endif -%endif -BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-rpm-macros -%if !%{with bootstrap} -BuildRequires: python%{python3_pkgversion}-pytz -BuildRequires: python%{python3_pkgversion}-pytest -BuildRequires: python%{python3_pkgversion}-freezegun -%endif +BuildRequires: python3-devel +%if %{without bootstrap} +BuildRequires: coreutils +# The Python test dependencies are not generated from tox.ini, +# because it would require complex patching to be usable +# and becasue we want to avoid the tox dependency in ELN/RHEL. +BuildRequires: python3-pytest +%if %{with datetime_tests} +BuildRequires: python3-freezegun +# The pytz tests are skipped when pytz is missing +BuildRequires: python3-pytz +%endif # build the documentation BuildRequires: make - -%if !%{with bootstrap} -BuildRequires: python%{python3_pkgversion}-sphinx +BuildRequires: python3-sphinx %endif +Requires: python3-babel = %{?epoch:%{epoch}:}%{version}-%{release} %description @@ -65,35 +55,10 @@ Babel is composed of two major parts: and date formatting, etc. -%if %{with python2} -%package -n python2-babel -Summary: %sum +%package -n python3-babel +Summary: Library for internationalizing Python applications -Requires: python2-setuptools -Requires: python2-pytz - -%{?python_provide:%python_provide python2-babel} - -%description -n python2-babel -Babel is composed of two major parts: - -* tools to build and work with gettext message catalogs - -* a Python interface to the CLDR (Common Locale Data Repository), - providing access to various locale display names, localized number - and date formatting, etc. -%endif - - -%package -n python%{python3_pkgversion}-babel -Summary: %sum - -Requires: python%{python3_pkgversion}-setuptools -Requires: python%{python3_pkgversion}-pytz - -%{?python_provide:%python_provide python%{python3_pkgversion}-babel} - -%description -n python%{python3_pkgversion}-babel +%description -n python3-babel Babel is composed of two major parts: * tools to build and work with gettext message catalogs @@ -102,90 +67,185 @@ Babel is composed of two major parts: providing access to various locale display names, localized number and date formatting, etc. -%if !%{with bootstrap} +%if %{without bootstrap} %package doc Summary: Documentation for Babel -Provides: python-babel-doc = %{version}-%{release} -Provides: python2-babel-doc = %{version}-%{release} -Provides: python3-babel-doc = %{version}-%{release} +%py_provides python3-babel-doc %description doc Documentation for Babel %endif %prep -%autosetup -n %{srcname}-%{version} -p1 +%autosetup -p1 -n Babel-%{version} + +%generate_buildrequires +%pyproject_buildrequires %build -%if %{with python2} -%py2_build -%endif -%py3_build +%pyproject_wheel BUILDDIR="$PWD/built-docs" rm -rf "$BUILDDIR" -%if !%{with bootstrap} +%if %{without bootstrap} pushd docs make \ SPHINXBUILD=sphinx-build-3 \ BUILDDIR="$BUILDDIR" \ - html + html man popd rm -f "$BUILDDIR/html/.buildinfo" %endif %install -%if %{with python2} -%py2_install -%endif -%py3_install +%pyproject_install +%pyproject_save_files babel -mv %{buildroot}%{_bindir}/pybabel %{buildroot}%{_bindir}/pybabel-%{python3_version} +%if %{without bootstrap} +install -D -m 0644 built-docs/man/babel.1 %{buildroot}%{_mandir}/man1/pybabel.1 +%endif %check -export TZ=America/New_York -%if %{with python2} && %{with python2_pytest} -%{__python2} -m pytest -%endif -%if !%{with bootstrap} -%{__python3} -m pytest +export TZ=UTC +%pyproject_check_import +%if %{without bootstrap} +# The deselected doctests fail without pytz when run during Eastern Daylight Time +# https://github.com/python-babel/babel/issues/988 +# The ignored files use freezegun +%pytest %{!?with_datetime_tests:\ + -k "not (babel.dates.format_time or babel.dates.get_timezone_name)" \ + --ignore tests/test_dates.py --ignore tests/messages/test_frontend.py} %endif -%if %{with python2} -%files -n python2-babel -%doc CHANGES AUTHORS -%license LICENSE -%{python2_sitelib}/Babel-%{version}-py*.egg-info -%{python2_sitelib}/babel +%files +%doc CHANGES.rst AUTHORS +%{_bindir}/pybabel + +%if %{without bootstrap} +%{_mandir}/man1/pybabel.1* %endif -%files -n python%{python3_pkgversion}-babel -%doc CHANGES AUTHORS -%license LICENSE -%{python3_sitelib}/Babel-%{version}-py*.egg-info -%{python3_sitelib}/babel -%{_bindir}/pybabel-%{python3_version} +%files -n python3-babel -f %{pyproject_files} -%if !%{with bootstrap} +%if %{without bootstrap} %files doc +%license LICENSE %doc built-docs/html/* %endif %changelog -* Wed May 12 2021 Charalampos Stratakis - 2.7.0-11 -- Fix CVE-2021-20095 -Resolves: rhbz#1955615 +* Tue Oct 29 2024 Troy Dawson - 2.13.1-5 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 -* Fri Dec 13 2019 Tomas Orsava - 2.7.0-10 -- Exclude unsupported i686 arch +* Mon Jun 24 2024 Troy Dawson - 2.13.1-4 +- Bump release for June 2024 mass rebuild -* Tue Dec 03 2019 Tomas Orsava - 2.7.0-9 -- Rename the pybabel executable to pybabel-3.8 and move it to the - python38-babel package +* Tue Jan 23 2024 Fedora Release Engineering - 2.13.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -* Wed Nov 20 2019 Lumír Balhar - 2.7.0-8 -- Adjusted for Python 3.8 module in RHEL 8 +* Fri Jan 19 2024 Fedora Release Engineering - 2.13.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 2.12.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Fri Jun 16 2023 Python Maint - 2.12.1-5 +- Rebuilt for Python 3.12 + +* Tue Jun 13 2023 Python Maint - 2.12.1-4 +- Bootstrap for Python 3.12 + +* Mon Jun 05 2023 Yaakov Selkowitz - 2.12.1-3 +- Avoid libfaketime and python-freezegun deps in RHEL builds + +* Mon Apr 10 2023 Miro Hrončok - 2.12.1-2 +- Fix DST-related test failures + +* Wed Mar 01 2023 Miro Hrončok - 2.12.1-1 +- Update to 2.12.1 + +* Tue Feb 28 2023 Miro Hrončok - 2.12.0-1 +- Update to 2.12.0 +- No longer depends on pytz +- No longer depends on setuptools +- Update the License tag to SPDX + +* Wed Jan 18 2023 Fedora Release Engineering - 2.11.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sun Jan 01 2023 Felix Schwarz - 2.11.0-1 +- update to 2.11.0 + +* Wed Jul 20 2022 Fedora Release Engineering - 2.10.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon Jun 20 2022 Felix Schwarz - 2.10.3-2 +- backport patch to remove usage of cgi module (rhbz #2083956) + +* Mon Jun 20 2022 Felix Schwarz - 2.10.3-1 +- update to 2.10.3 + +* Mon Jun 13 2022 Python Maint - 2.10.1-4 +- Rebuilt for Python 3.11 + +* Mon Jun 13 2022 Python Maint - 2.10.1-3 +- Bootstrap for Python 3.11 + +* Mon May 16 2022 Nils Philippsen - 2.10.1-2 +- Build and distribute man page for pybabel (#1611174) + +* Fri Apr 22 2022 Felix Schwarz - 2.10.1-1 +- update to 2.10.1 + +* Wed Jan 19 2022 Fedora Release Engineering - 2.9.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jul 21 2021 Fedora Release Engineering - 2.9.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu Jun 03 2021 Python Maint - 2.9.1-3 +- Rebuilt for Python 3.10 + +* Wed Jun 02 2021 Python Maint - 2.9.1-2 +- Bootstrap for Python 3.10 + +* Wed Apr 28 2021 Felix Schwarz - 2.9.1-1 +- update to 2.9.1 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.9.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Dec 21 2020 Miro Hrončok - 2.9.0-3 +- Disable Python 2 build entirely + +* Tue Nov 24 2020 Miro Hrončok +- Disable Python 2 build on RHEL 9+ + +* Mon Nov 16 22:22:25 CET 2020 Felix Schwarz - 2.9.0-1 +- update to 2.9.0 + +* Mon Jul 27 2020 Fedora Release Engineering - 2.8.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sat May 23 2020 Miro Hrončok - 2.8.0-6 +- Rebuilt for Python 3.9 + +* Fri May 22 2020 Miro Hrončok - 2.8.0-5 +- Bootstrap for Python 3.9 + +* Fri May 08 2020 Felix Schwarz - 2.8.0-4 +- reenable Python 2 subpackage for Fedora 33+ (rhbz #1737930) + +* Tue May 05 2020 Felix Schwarz - 2.8.0-3 +- add patch for compatibility with Python 3.9a6 + +* Tue Jan 28 2020 Fedora Release Engineering - 2.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jan 02 2020 Felix Schwarz - 2.8.0-1 +- update to upstream version 2.8.0 * Thu Oct 31 2019 Nils Philippsen - 2.7.0-7 - drop python2-babel only from F33 on as it is needed for trac (for the time diff --git a/sources b/sources new file mode 100644 index 0000000..82c8952 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (Babel-2.13.1.tar.gz) = c27c76456094927bd43ae46cd3e08fcc729dd810a6092da6c86e863523c10746bb3759e7fc9f5396504ab914743ef013904b63b3aa63338602f23aaf83d42cba