import UBI babel-2.13.1-5.el10

2025-05-14 19:33:41 +00:00
5 changed files with 175 additions and 243 deletions
--- a/.babel.metadata
+++ b/.babel.metadata
@ -1 +0,0 @@
-5605f75353368d32500afb30e60fc8f0edbca506 SOURCES/Babel-2.7.0.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/Babel-2.7.0.tar.gz
+Babel-2.13.1.tar.gz
--- a/SOURCES/CVE-2021-20095.patch
+++ b/SOURCES/CVE-2021-20095.patch
@ -1,128 +0,0 @@
-diff --git a/babel/localedata.py b/babel/localedata.py
-index e012abb..dea0a0f 100644
--- a/babel/localedata.py
-+++ b/babel/localedata.py
-@@ -13,6 +13,8 @@
- """
- 
- import os
-+import re
-+import sys
- import threading
- from itertools import chain
- 
-@@ -22,6 +24,7 @@ from babel._compat import pickle, string_types, abc
- _cache = {}
- _cache_lock = threading.RLock()
- _dirname = os.path.join(os.path.dirname(__file__), 'locale-data')
-+_windows_reserved_name_re = re.compile("^(con|prn|aux|nul|com[0-9]|lpt[0-9])$", re.I)
- 
- 
- def normalize_locale(name):
-@@ -38,6 +41,22 @@ def normalize_locale(name):
-             return locale_id
- 
- 
-+def resolve_locale_filename(name):
-+    """
-+    Resolve a locale identifier to a `.dat` path on disk.
-+    """
-+
-+    # Clean up any possible relative paths.
-+    name = os.path.basename(name)
-+
-+    # Ensure we're not left with one of the Windows reserved names.
-+    if sys.platform == "win32" and _windows_reserved_name_re.match(os.path.splitext(name)[0]):
-+        raise ValueError("Name %s is invalid on Windows" % name)
-+
-+    # Build the path.
-+    return os.path.join(_dirname, '%s.dat' % name)
-+
-+
- def exists(name):
-     """Check whether locale data is available for the given locale.
- 
-@@ -49,7 +68,7 @@ def exists(name):
-         return False
-     if name in _cache:
-         return True
-    file_found = os.path.exists(os.path.join(_dirname, '%s.dat' % name))
-+    file_found = os.path.exists(resolve_locale_filename(name))
-     return True if file_found else bool(normalize_locale(name))
- 
- 
-@@ -102,6 +121,7 @@ def load(name, merge_inherited=True):
-     :raise `IOError`: if no locale data file is found for the given locale
-                       identifer, or one of the locales it inherits from
-     """
-+    name = os.path.basename(name)
-     _cache_lock.acquire()
-     try:
-         data = _cache.get(name)
-@@ -119,7 +139,7 @@ def load(name, merge_inherited=True):
-                     else:
-                         parent = '_'.join(parts[:-1])
-                 data = load(parent).copy()
-            filename = os.path.join(_dirname, '%s.dat' % name)
-+            filename = resolve_locale_filename(name)
-             with open(filename, 'rb') as fileobj:
-                 if name != 'root' and merge_inherited:
-                     merge(data, pickle.load(fileobj))
-diff --git a/tests/test_localedata.py b/tests/test_localedata.py
-index dbacba0..4730096 100644
--- a/tests/test_localedata.py
-+++ b/tests/test_localedata.py
-@@ -11,11 +11,17 @@
- # individuals. For the exact contribution history, see the revision
- # history and logs, available at http://babel.edgewall.org/log/.
- 
-+import os
-+import pickle
-+import sys
-+import tempfile
- import unittest
- import random
- from operator import methodcaller
- 
-from babel import localedata
-+import pytest
-+
-+from babel import localedata, Locale, UnknownLocaleError
- 
- 
- class MergeResolveTestCase(unittest.TestCase):
-@@ -131,3 +137,34 @@ def test_locale_identifiers_cache(monkeypatch):
-     localedata.locale_identifiers.cache = None
-     assert localedata.locale_identifiers()
-     assert len(listdir_calls) == 2
-+
-+
-+def test_locale_name_cleanup():
-+    """
-+    Test that locale identifiers are cleaned up to avoid directory traversal.
-+    """
-+    no_exist_name = os.path.join(tempfile.gettempdir(), "babel%d.dat" % random.randint(1, 99999))
-+    with open(no_exist_name, "wb") as f:
-+        pickle.dump({}, f)
-+
-+    try:
-+        name = os.path.splitext(os.path.relpath(no_exist_name, localedata._dirname))[0]
-+    except ValueError:
-+        if sys.platform == "win32":
-+            pytest.skip("unable to form relpath")
-+        raise
-+
-+    assert not localedata.exists(name)
-+    with pytest.raises(IOError):
-+        localedata.load(name)
-+    with pytest.raises(UnknownLocaleError):
-+        Locale(name)
-+
-+
-+@pytest.mark.skipif(sys.platform != "win32", reason="windows-only test")
-+def test_reserved_locale_names():
-+    for name in ("con", "aux", "nul", "prn", "com8", "lpt5"):
-+        with pytest.raises(ValueError):
-+            localedata.load(name)
-+        with pytest.raises(ValueError):
-+            Locale(name)
--- a/SPECS/babel.spec
+++ b/SPECS/babel.spec
@ -1,58 +1,48 @@
-%global srcname Babel
-%global sum Library for internationalizing Python applications
-
 # There is some bootstrapping involved when upgrading Python 3
 # First of all we need babel (this package) to use sphinx
 # And pytest is at this point not yet ready
-%bcond_without bootstrap
+%bcond bootstrap 0

-%bcond_with python2
+# Since babel 2.12, the pytz dependency is optional.
+# However, pytz is preferred when installed.
+# Running tests with pytz is optional as well.
+# We don't want to pull pytz into ELN/RHEL just to test integration with it,
+# but we don't want to ship babel in Fedora with an untested default,
+# so we make the dependency conditional.
+# Ideally, the dependency would be conditional on pytz availability in the repo,
+# but that's not possible in 2023 yet.
+# Additionally, the date/time tests require freezegun, which is unwanted in RHEL.
+%bcond datetime_tests %{undefined rhel}

 Name:           babel
-Version:        2.7.0
-Release:        11%{?dist}
+Version:        2.13.1
+Release:        5%{?dist}
 Summary:        Tools for internationalizing Python applications

-License:        BSD
-URL:            http://babel.pocoo.org/
-Source0:        https://files.pythonhosted.org/packages/source/B/%{srcname}/%{srcname}-%{version}.tar.gz
-
-# Fix CVE-2021-20095: relative path traversal allows an attacker to load
-# arbitrary locale files on disk and execute arbitrary code
-# Resolved upstream: https://github.com/python-babel/babel/pull/782/
-# CVE bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1955615
-Patch1:         CVE-2021-20095.patch
+License:        BSD-3-Clause
+URL:            https://babel.pocoo.org/
+Source:         %{pypi_source Babel}

 BuildArch:      noarch
-# Exclude i686 arch. Due to a modularity issue it's being added to the
-# x86_64 compose of CRB, but we don't want to ship it at all.
-# See: https://projects.engineering.redhat.com/browse/RCM-72605
-ExcludeArch:    i686

-%if %{with python2}
-BuildRequires:  python2-devel
-BuildRequires:  python2-setuptools
-%if %{with python2_pytest}
-BuildRequires:  python2-pytz
-BuildRequires:  python2-pytest
-BuildRequires:  python2-freezegun
-%endif
-%endif
-BuildRequires:  python%{python3_pkgversion}-devel
-BuildRequires:  python%{python3_pkgversion}-setuptools
-BuildRequires:  python%{python3_pkgversion}-rpm-macros
-%if !%{with bootstrap}
-BuildRequires:  python%{python3_pkgversion}-pytz
-BuildRequires:  python%{python3_pkgversion}-pytest
-BuildRequires:  python%{python3_pkgversion}-freezegun
-%endif
+BuildRequires:  python3-devel

+%if %{without bootstrap}
+BuildRequires:  coreutils
+# The Python test dependencies are not generated from tox.ini,
+# because it would require complex patching to be usable
+# and becasue we want to avoid the tox dependency in ELN/RHEL.
+BuildRequires:  python3-pytest
+%if %{with datetime_tests}
+BuildRequires:  python3-freezegun
+# The pytz tests are skipped when pytz is missing
+BuildRequires:  python3-pytz
+%endif
 # build the documentation
 BuildRequires:  make
-
-%if !%{with bootstrap}
-BuildRequires:  python%{python3_pkgversion}-sphinx
+BuildRequires:  python3-sphinx
 %endif
+Requires:       python3-babel = %{?epoch:%{epoch}:}%{version}-%{release}


 %description
@ -65,35 +55,10 @@ Babel is composed of two major parts:
  and date formatting, etc.


-%if %{with python2}
-%package -n python2-babel
-Summary:        %sum
+%package -n python3-babel
+Summary:        Library for internationalizing Python applications

-Requires:       python2-setuptools
-Requires:       python2-pytz
-
-%{?python_provide:%python_provide python2-babel}
-
-%description -n python2-babel
-Babel is composed of two major parts:
-
-* tools to build and work with gettext message catalogs
-
-* a Python interface to the CLDR (Common Locale Data Repository),
-  providing access to various locale display names, localized number
-  and date formatting, etc.
-%endif
-
-
-%package -n python%{python3_pkgversion}-babel
-Summary:        %sum
-
-Requires:       python%{python3_pkgversion}-setuptools
-Requires:       python%{python3_pkgversion}-pytz
-
-%{?python_provide:%python_provide python%{python3_pkgversion}-babel}
-
-%description -n python%{python3_pkgversion}-babel
+%description -n python3-babel
 Babel is composed of two major parts:

 * tools to build and work with gettext message catalogs
@ -102,90 +67,185 @@ Babel is composed of two major parts:
  providing access to various locale display names, localized number
  and date formatting, etc.

-%if !%{with bootstrap}
+%if %{without bootstrap}
 %package doc
 Summary:        Documentation for Babel
-Provides:       python-babel-doc = %{version}-%{release}
-Provides:       python2-babel-doc = %{version}-%{release}
-Provides:       python3-babel-doc = %{version}-%{release}
+%py_provides    python3-babel-doc

 %description doc
 Documentation for Babel
 %endif

 %prep
-%autosetup -n %{srcname}-%{version} -p1
+%autosetup -p1 -n Babel-%{version}
+
+%generate_buildrequires
+%pyproject_buildrequires

 %build
-%if %{with python2}
-%py2_build
-%endif
-%py3_build
+%pyproject_wheel

 BUILDDIR="$PWD/built-docs"
 rm -rf "$BUILDDIR"

-%if !%{with bootstrap}
+%if %{without bootstrap}
 pushd docs
 make \
    SPHINXBUILD=sphinx-build-3 \
    BUILDDIR="$BUILDDIR" \
-    html
+    html man
 popd
 rm -f "$BUILDDIR/html/.buildinfo"
 %endif

 %install
-%if %{with python2}
-%py2_install
-%endif
-%py3_install
+%pyproject_install
+%pyproject_save_files babel

-mv %{buildroot}%{_bindir}/pybabel %{buildroot}%{_bindir}/pybabel-%{python3_version}
+%if %{without bootstrap}
+install -D -m 0644 built-docs/man/babel.1 %{buildroot}%{_mandir}/man1/pybabel.1
+%endif

 %check
-export TZ=America/New_York
-%if %{with python2} && %{with python2_pytest}
-%{__python2} -m pytest
-%endif
-%if !%{with bootstrap}
-%{__python3} -m pytest
+export TZ=UTC
+%pyproject_check_import
+%if %{without bootstrap}
+# The deselected doctests fail without pytz when run during Eastern Daylight Time
+# https://github.com/python-babel/babel/issues/988
+# The ignored files use freezegun
+%pytest %{!?with_datetime_tests:\
+  -k "not (babel.dates.format_time or babel.dates.get_timezone_name)" \
+  --ignore tests/test_dates.py --ignore tests/messages/test_frontend.py}
 %endif

-%if %{with python2}
-%files -n python2-babel
-%doc CHANGES AUTHORS
-%license LICENSE
-%{python2_sitelib}/Babel-%{version}-py*.egg-info
-%{python2_sitelib}/babel
+%files
+%doc CHANGES.rst AUTHORS
+%{_bindir}/pybabel
+
+%if %{without bootstrap}
+%{_mandir}/man1/pybabel.1*
 %endif

-%files -n python%{python3_pkgversion}-babel
-%doc CHANGES AUTHORS
-%license LICENSE
-%{python3_sitelib}/Babel-%{version}-py*.egg-info
-%{python3_sitelib}/babel
-%{_bindir}/pybabel-%{python3_version}
+%files -n python3-babel -f %{pyproject_files}

-%if !%{with bootstrap}
+%if %{without bootstrap}
 %files doc
+%license LICENSE
 %doc built-docs/html/*
 %endif

 %changelog
-* Wed May 12 2021 Charalampos Stratakis <cstratak@redhat.com> - 2.7.0-11
- Fix CVE-2021-20095
-Resolves: rhbz#1955615
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.13.1-5
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018

-* Fri Dec 13 2019 Tomas Orsava <torsava@redhat.com> - 2.7.0-10
- Exclude unsupported i686 arch
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.13.1-4
+- Bump release for June 2024 mass rebuild

-* Tue Dec 03 2019 Tomas Orsava <torsava@redhat.com> - 2.7.0-9
- Rename the pybabel executable to pybabel-3.8 and move it to the
-  python38-babel package
+* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.13.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

-* Wed Nov 20 2019 Lumír Balhar <lbalhar@redhat.com> - 2.7.0-8
- Adjusted for Python 3.8 module in RHEL 8
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.13.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.12.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jun 16 2023 Python Maint <python-maint@redhat.com> - 2.12.1-5
+- Rebuilt for Python 3.12
+
+* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 2.12.1-4
+- Bootstrap for Python 3.12
+
+* Mon Jun 05 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 2.12.1-3
+- Avoid libfaketime and python-freezegun deps in RHEL builds
+
+* Mon Apr 10 2023 Miro Hrončok <mhroncok@redhat.com> - 2.12.1-2
+- Fix DST-related test failures
+
+* Wed Mar 01 2023 Miro Hrončok <mhroncok@redhat.com> - 2.12.1-1
+- Update to 2.12.1
+
+* Tue Feb 28 2023 Miro Hrončok <mhroncok@redhat.com> - 2.12.0-1
+- Update to 2.12.0
+- No longer depends on pytz
+- No longer depends on setuptools
+- Update the License tag to SPDX
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sun Jan 01 2023 Felix Schwarz <fschwarz@fedoraproject.org> - 2.11.0-1
+- update to 2.11.0
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.10.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 20 2022 Felix Schwarz <fschwarz@fedoraproject.org> - 2.10.3-2
+- backport patch to remove usage of cgi module (rhbz #2083956)
+
+* Mon Jun 20 2022 Felix Schwarz <fschwarz@fedoraproject.org> - 2.10.3-1
+- update to 2.10.3
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 2.10.1-4
+- Rebuilt for Python 3.11
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 2.10.1-3
+- Bootstrap for Python 3.11
+
+* Mon May 16 2022 Nils Philippsen <nils@redhat.com> - 2.10.1-2
+- Build and distribute man page for pybabel (#1611174)
+
+* Fri Apr 22 2022 Felix Schwarz <fschwarz@fedoraproject.org> - 2.10.1-1
+- update to 2.10.1
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 03 2021 Python Maint <python-maint@redhat.com> - 2.9.1-3
+- Rebuilt for Python 3.10
+
+* Wed Jun 02 2021 Python Maint <python-maint@redhat.com> - 2.9.1-2
+- Bootstrap for Python 3.10
+
+* Wed Apr 28 2021 Felix Schwarz <fschwarz@fedoraproject.org> - 2.9.1-1
+- update to 2.9.1
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Dec 21 2020 Miro Hrončok <mhroncok@redhat.com> - 2.9.0-3
+- Disable Python 2 build entirely
+
+* Tue Nov 24 2020 Miro Hrončok <mhroncok@redhat.com>
+- Disable Python 2 build on RHEL 9+
+
+* Mon Nov 16 22:22:25 CET 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 2.9.0-1
+- update to 2.9.0
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 2.8.0-6
+- Rebuilt for Python 3.9
+
+* Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 2.8.0-5
+- Bootstrap for Python 3.9
+
+* Fri May 08 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 2.8.0-4
+- reenable Python 2 subpackage for Fedora 33+ (rhbz #1737930)
+
+* Tue May 05 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 2.8.0-3
+- add patch for compatibility with Python 3.9a6
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jan 02 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 2.8.0-1
+- update to upstream version 2.8.0

 * Thu Oct 31 2019 Nils Philippsen <nils@tiptoe.de> - 2.7.0-7
 - drop python2-babel only from F33 on as it is needed for trac (for the time
--- a/1
+++ b/1
@ -0,0 +1 @@
+SHA512 (Babel-2.13.1.tar.gz) = c27c76456094927bd43ae46cd3e08fcc729dd810a6092da6c86e863523c10746bb3759e7fc9f5396504ab914743ef013904b63b3aa63338602f23aaf83d42cba
				`@ -1 +0,0 @@`
				`5605f75353368d32500afb30e60fc8f0edbca506 SOURCES/Babel-2.7.0.tar.gz`
				`@ -0,0 +1 @@`
				`SHA512 (Babel-2.13.1.tar.gz) = c27c76456094927bd43ae46cd3e08fcc729dd810a6092da6c86e863523c10746bb3759e7fc9f5396504ab914743ef013904b63b3aa63338602f23aaf83d42cba`