4 changed files with 27 additions and 166 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/python-dateutil-2.8.1.tar.gz
+SOURCES/dateutil-2.6.1.tar.gz
--- a/.python-dateutil.metadata
+++ b/.python-dateutil.metadata
@ -1 +1 @@
-bd26127e57f83a10f656b62c46524c15aeb844dd SOURCES/python-dateutil-2.8.1.tar.gz
+33b66da1a9118550d4ef5350b0cfdb72e1f7774a SOURCES/dateutil-2.6.1.tar.gz
--- a/SOURCES/1295.patch
+++ b/SOURCES/1295.patch
@ -1,57 +0,0 @@
 From a97d0ff4b7559a431f42102b6208fb876f511194 Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <encukou@gmail.com>
 Date: Tue, 27 Jun 2023 15:28:36 +0200
 Subject: [PATCH 1/2] zoneinfo.rebuild: Extract using tarfile data filter (PEP
 706) if available
 ---
 src/dateutil/zoneinfo/rebuild.py | 8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git a/src/dateutil/zoneinfo/rebuild.py b/src/dateutil/zoneinfo/rebuild.py
 index 684c6586f..1b6e34b15 100644
 --- a/dateutil/zoneinfo/rebuild.py
 +++ b/dateutil/zoneinfo/rebuild.py
@@ -4,6 +4,7 @@
 import shutil
 import json
 from subprocess import check_call
 +import tarfile
 from tarfile import TarFile
 from dateutil.zoneinfo import METADATA_FN, ZONEFILENAME
@@ -20,6 +21,13 @@ def rebuild(filename, tag=None, format="gz", zonegroups=[], metadata=None):
     moduledir = os.path.dirname(__file__)
     try:
         with TarFile.open(filename) as tf:
 +
 +            # Limit extraction to safe, plain data files, if this Python
 +            # allows it easily. If not, just trust the input.
 +            # See: https://docs.python.org/3/library/tarfile.html#supporting-older-python-versions
 +            tf.extraction_filter = getattr(tarfile, 'data_filter',
 +                                           (lambda member, path: member))
 +
             for name in zonegroups:
                 tf.extract(name, tmpdir)
             filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
 From 4790f9d64451002fd3c31c2fbe0d70322019a92a Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <encukou@gmail.com>
 Date: Tue, 27 Jun 2023 16:12:14 +0200
 Subject: [PATCH 2/2] Add changelog entry
 ---
 changelog.d/1295.misc.rst | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 changelog.d/1295.misc.rst
 diff --git a/changelog.d/1295.misc.rst b/changelog.d/1295.misc.rst
 new file mode 100644
 index 000000000..c2876dd65
 --- /dev/null
 +++ b/changelog.d/1295.misc.rst
@@ -0,0 +1,4 @@
 +On Python versions that support it, ``zoneinfo.rebuild`` now uses the
 +tarfile ``data`` filter to limit damage in case it's used with a
 +malicious tarball, and to avoid a deprecation warning on Python 3.12.
 +Reported and fixed by @encukou (gh pr #1295)
--- a/SPECS/python-dateutil.spec
+++ b/SPECS/python-dateutil.spec
@ -1,53 +1,37 @@
 %global modname dateutil
 Name:           python-%{modname}
-Version:        2.8.1
+Version:        2.6.1
-Release:        7%{?dist}
+Release:        6%{?dist}
 Epoch:          1
 Summary:        Powerful extensions to the standard datetime module
 Group:          Development/Languages
 License:        BSD
 URL:            https://github.com/dateutil/dateutil
-Source:         %{pypi_source}
+Source0:        https://github.com/dateutil/dateutil/archive/%{version}/%{modname}-%{version}.tar.gz
 # Mitigate CVE-2007-4559 (tarfile directory traversal).
 # `dateutil.zoneinfo.rebuild` handles "pure data" tarballs,
 # here we disable tar features that are potentially unsafe.
 # Submitted upstream, but rejected because they're removing this
 # code entirely.
 # BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2203905
 Patch1:         https://github.com/dateutil/dateutil/pull/1295.patch
 # Disable tests to avoid pulling in test dependencies on RHEL9
 # Specify --with tests to run the tests e.g. on EPEL
 %bcond_with tests
 BuildArch:      noarch
 BuildRequires: make
 BuildRequires:  python3-sphinx
 BuildRequires:  python3-sphinx_rtd_theme
-%global _description \
+%description
-The dateutil module provides powerful extensions to the standard datetime\
+The dateutil module provides powerful extensions to the standard datetime
 module available in Python.
 %description %_description
 %package -n python3-%{modname}
-Summary:        %summary
+Summary:        Powerful extensions to the standard datetime module
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 BuildRequires:  python3-setuptools_scm
 %if %{with tests}
 BuildRequires:  python3-freezegun
 BuildRequires:  python3-hypothesis
 BuildRequires:  python3-pytest
 BuildRequires:  python3-six
 %endif
 Requires:       tzdata
 %{?python_provide:%python_provide python3-%{modname}}
 BuildRequires:  python3-devel
 BuildRequires:  python3-six
 BuildRequires:  python3-setuptools
 Requires:       tzdata
 Requires:       python3-six
-%description -n python3-%{modname}  %_description
+%description -n python3-dateutil
 The dateutil module provides powerful extensions to the standard datetime
 module available in Python.
 This is the version for Python 3.
 %package doc
 Summary: API documentation for python-dateutil
@ -55,7 +39,7 @@ Summary: API documentation for python-dateutil
 This package contains %{summary}.
 %prep
-%autosetup -p1
+%autosetup -p0 -n %{modname}-%{version}
 iconv --from=ISO-8859-1 --to=UTF-8 NEWS > NEWS.new
 mv NEWS.new NEWS
@ -66,10 +50,8 @@ make -C docs html
 %install
 %py3_install
 %if %{with tests}
 %check
-%{__python3} -m pytest -W ignore::pytest.PytestUnknownMarkWarning
+%{__python3} setup.py test
 %endif
 %files -n python3-%{modname}
 %license LICENSE
@ -82,78 +64,14 @@ make -C docs html
 %doc docs/_build/html
 %changelog
-* Wed Jul 12 2023 Petr Viktorin <pviktori@redhat.com> - 1:2.8.1-7
+* Mon Jul 16 2018 Honza Horak <hhorak@redhat.com> - 1:2.6.1-6
- Mitigate CVE-2007-4559 (tarfile directory traversal).
+- Change license to BSD
  Resolves: rhbz#2203905
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.8.1-6
+* Wed Jun 13 2018 Petr Viktorin <pviktori@redhat.com> - 1:2.6.1-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Drop the python2 subpackage
  Related: rhbz#1991688
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.8.1-5
+* Wed Jun 13 2018 Miro Hrončok <mhroncok@redhat.com> - 1:2.6.1-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Use Python 3 Sphinx
 * Mon Mar 08 2021 Charalampos Stratakis <cstratak@redhat.com> - 1:2.8.1-4
 - Disable tests on RHEL9 to remove the test dependencies
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.8.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.8.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Sun May 31 2020 Gwyn Ciesla <gwync@protonmail.com> - 1:2.8.1-1
 - 2.8.1
 * Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 1:2.8.0-10
 - Rebuilt for Python 3.9
 * Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 1:2.8.0-9
 - Bootstrap for Python 3.9
 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.8.0-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Thu Jan 16 2020 Miro Hrončok <mhroncok@redhat.com> - 1:2.8.0-7
 - Subpackage python2-dateutil has been removed
  See https://fedoraproject.org/wiki/Changes/RetirePython2
 * Fri Sep 13 2019 Miro Hrončok <mhroncok@redhat.com> - 1:2.8.0-6
 - Reduce Python 2 build dependencies on Fedora 32
 * Thu Aug 15 2019 Miro Hrončok <mhroncok@redhat.com> - 1:2.8.0-5
 - Rebuilt for Python 3.8
 * Thu Aug 15 2019 Miro Hrončok <mhroncok@redhat.com> - 1:2.8.0-4
 - Bootstrap for Python 3.8
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.8.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Wed Mar 06 2019 Petr Viktorin <pviktori@redhat.com> - 1:2.8.0-2
 - Enable tests (but keep a few skipped on Python 2)
 - Add explicit dependency on python3-sphinx_rtd_theme
 - Remove test dependency on python2-hypothesis
 * Wed Feb 06 2019 Gwyn Ciesla <limburgher@gmail.com> - 1:2.8.0-1
 - 2.8.0
 * Thu Jan 31 2019 Gwyn Ciesla <limburgher@gmail.com> - 1:2.7.5-1
 - 2.7.5
 * Sat Sep 08 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:2.7.3-1
 - Update to 2.7.3
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.7.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Sat Jun 16 2018 Miro Hrončok <mhroncok@redhat.com> - 1:2.7.0-2
 - Rebuilt for Python 3.7
 * Mon Mar 12 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1:2.7.0-1
 - Fix license tag (should be BSD)
 - Update to latest version (#1469314)
  See https://github.com/dateutil/dateutil/blob/master/NEWS for details.
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
`@ -1 +1 @@`
	`SOURCES/python-dateutil-2.8.1.tar.gz`	`SOURCES/dateutil-2.6.1.tar.gz`
`@ -1 +1 @@`
	`bd26127e57f83a10f656b62c46524c15aeb844dd SOURCES/python-dateutil-2.8.1.tar.gz`	`33b66da1a9118550d4ef5350b0cfdb72e1f7774a SOURCES/dateutil-2.6.1.tar.gz`