From a5aa9160dfda4a79e6225cd724c59868af940302 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Wed, 14 May 2025 15:27:54 +0000
Subject: [PATCH] import UBI python-lxml-5.2.1-4.el10

---
 .gitignore                                 |   2 +-
 .python-lxml.metadata                      |   1 -
 417.patch                                  |  40 +++
 SOURCES/CVE-2020-27783.patch               | 121 --------
 SOURCES/CVE-2021-28957.patch               |  39 ---
 SOURCES/CVE-2021-43818.patch               | 127 ---------
 SOURCES/fix-threading-tests.patch          |  26 --
 get-lxml-source.sh                         |  28 ++
 SPECS/python-lxml.spec => python-lxml.spec | 312 +++++++++++++++++----
 sources                                    |   1 +
 10 files changed, 321 insertions(+), 376 deletions(-)
 delete mode 100644 .python-lxml.metadata
 create mode 100644 417.patch
 delete mode 100644 SOURCES/CVE-2020-27783.patch
 delete mode 100644 SOURCES/CVE-2021-28957.patch
 delete mode 100644 SOURCES/CVE-2021-43818.patch
 delete mode 100644 SOURCES/fix-threading-tests.patch
 create mode 100755 get-lxml-source.sh
 rename SPECS/python-lxml.spec => python-lxml.spec (84%)
 create mode 100644 sources

diff --git a/.gitignore b/.gitignore
index ebd5ae7..bf4ccad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/lxml-4.2.3.tgz
+lxml-5.2.1-no-isoschematron-rng.tar.gz
diff --git a/.python-lxml.metadata b/.python-lxml.metadata
deleted file mode 100644
index 50a1e9c..0000000
--- a/.python-lxml.metadata
+++ /dev/null
@@ -1 +0,0 @@
-536c9ced5d03e8d871ebf21748ed36a2f7ddf668 SOURCES/lxml-4.2.3.tgz
diff --git a/417.patch b/417.patch
new file mode 100644
index 0000000..c748c0a
--- /dev/null
+++ b/417.patch
@@ -0,0 +1,40 @@
+From f5f64df808b35969794ba3ea8c19079276aa0cb0 Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Thu, 4 Apr 2024 11:11:38 +0200
+Subject: [PATCH] Skip test_feedparser_data if lxml_html_clean is not available
+
+This is useful mostly for distributors shipping lxml without
+lxml_html_clean.
+---
+ src/lxml/html/tests/test_feedparser_data.py | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/src/lxml/html/tests/test_feedparser_data.py b/src/lxml/html/tests/test_feedparser_data.py
+index 36fba1acb..264c0d4b5 100644
+--- a/src/lxml/html/tests/test_feedparser_data.py
++++ b/src/lxml/html/tests/test_feedparser_data.py
+@@ -9,7 +9,11 @@
+ from lxml.tests.common_imports import doctest
+ from lxml.doctestcompare import LHTMLOutputChecker
+ 
+-from lxml.html.clean import clean, Cleaner
++try:
++    from lxml.html.clean import clean, Cleaner
++    html_clean_available = True
++except ImportError:
++    html_clean_available = False
+ 
+ feed_dirs = [
+     os.path.join(os.path.dirname(__file__), 'feedparser-data'),
+@@ -80,6 +84,11 @@ def shortDescription(self):
+ 
+ def test_suite():
+     suite = unittest.TestSuite()
++
++    if not html_clean_available:
++        print("Skipping tests in feedparser_data - external lxml_html_clean package is not installed")
++        return suite
++
+     for dir in feed_dirs:
+         for fn in os.listdir(dir):
+             fn = os.path.join(dir, fn)
diff --git a/SOURCES/CVE-2020-27783.patch b/SOURCES/CVE-2020-27783.patch
deleted file mode 100644
index 5d7baaf..0000000
--- a/SOURCES/CVE-2020-27783.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-diff --git a/src/lxml/html/clean.py b/src/lxml/html/clean.py
-index adc3f45..6f3f7de 100644
---- a/src/lxml/html/clean.py
-+++ b/src/lxml/html/clean.py
-@@ -61,12 +61,15 @@ __all__ = ['clean_html', 'clean', 'Cleaner', 'autolink', 'autolink_html',
- 
- # This is an IE-specific construct you can have in a stylesheet to
- # run some Javascript:
--_css_javascript_re = re.compile(
--    r'expression\s*\(.*?\)', re.S|re.I)
-+_replace_css_javascript = re.compile(
-+    r'expression\s*\(.*?\)', re.S|re.I).sub
- 
- # Do I have to worry about @\nimport?
--_css_import_re = re.compile(
--    r'@\s*import', re.I)
-+_replace_css_import = re.compile(
-+    r'@\s*import', re.I).sub
-+
-+_looks_like_tag_content = re.compile(
-+    r'</?[a-zA-Z]+|\son[a-zA-Z]+\s*=', re.ASCII).search
- 
- # All kinds of schemes besides just javascript: that can cause
- # execution:
-@@ -292,8 +295,8 @@ class Cleaner(object):
-             if not self.inline_style:
-                 for el in _find_styled_elements(doc):
-                     old = el.get('style')
--                    new = _css_javascript_re.sub('', old)
--                    new = _css_import_re.sub('', new)
-+                    new = _replace_css_javascript('', old)
-+                    new = _replace_css_import('', new)
-                     if self._has_sneaky_javascript(new):
-                         # Something tricky is going on...
-                         del el.attrib['style']
-@@ -305,9 +308,9 @@ class Cleaner(object):
-                         el.drop_tree()
-                         continue
-                     old = el.text or ''
--                    new = _css_javascript_re.sub('', old)
-+                    new = _replace_css_javascript('', old)
-                     # The imported CSS can do anything; we just can't allow:
--                    new = _css_import_re.sub('', old)
-+                    new = _replace_css_import('', new)
-                     if self._has_sneaky_javascript(new):
-                         # Something tricky is going on...
-                         el.text = '/* deleted */'
-@@ -509,6 +512,12 @@ class Cleaner(object):
-             return True
-         if 'expression(' in style:
-             return True
-+        if '</noscript' in style:
-+            # e.g. '<noscript><style><a title="</noscript><img src=x onerror=alert(1)>">'
-+            return True
-+        if _looks_like_tag_content(style):
-+            # e.g. '<math><style><img src=x onerror=alert(1)></style></math>'
-+            return True
-         return False
- 
-     def clean_html(self, html):
-diff --git a/src/lxml/html/tests/test_clean.py b/src/lxml/html/tests/test_clean.py
-index 3bcaaf5..451eec2 100644
---- a/src/lxml/html/tests/test_clean.py
-+++ b/src/lxml/html/tests/test_clean.py
-@@ -69,6 +69,26 @@ class CleanerTest(unittest.TestCase):
-         s = lxml.html.fromstring('<invalid tag>child</another>')
-         self.assertEqual('child', clean_html(s).text_content())
- 
-+    def test_sneaky_noscript_in_style(self):
-+        # This gets parsed as <noscript> -> <style>"...</noscript>..."</style>
-+        # thus passing the </noscript> through into the output.
-+        html = '<noscript><style><a title="</noscript><img src=x onerror=alert(1)>">'
-+        s = lxml.html.fragment_fromstring(html)
-+
-+        self.assertEqual(
-+            b'<noscript><style>/* deleted */</style></noscript>',
-+            lxml.html.tostring(clean_html(s)))
-+
-+    def test_sneaky_js_in_math_style(self):
-+        # This gets parsed as <math> -> <style>"..."</style>
-+        # thus passing any tag/script/whatever content through into the output.
-+        html = '<math><style><img src=x onerror=alert(1)></style></math>'
-+        s = lxml.html.fragment_fromstring(html)
-+
-+        self.assertEqual(
-+            b'<math><style>/* deleted */</style></math>',
-+            lxml.html.tostring(clean_html(s)))
-+
- 
- def test_suite():
-     suite = unittest.TestSuite()
-diff --git a/src/lxml/html/tests/test_clean.txt b/src/lxml/html/tests/test_clean.txt
-index c78ab4f..c901871 100644
---- a/src/lxml/html/tests/test_clean.txt
-+++ b/src/lxml/html/tests/test_clean.txt
-@@ -104,7 +104,11 @@
- >>> print(Cleaner(page_structure=False, safe_attrs_only=False).clean_html(doc))
- <html>
-   <head>
--    <style>/* deleted */</style>
-+    <style>
-+      body {background-image: url()};
-+      div {background-image: url()};
-+      div {color: };
-+    </style>
-   </head>
-   <body>
-     <a href="">a link</a>
-@@ -168,7 +172,11 @@
-     <link rel="alternate" type="text/rss" src="evil-rss">
-     <link rel="alternate" type="text/rss" href="http://example.com">
-     <link rel="stylesheet" type="text/rss" href="http://example.com">
--    <style>/* deleted */</style>
-+    <style>
-+      body {background-image: url()};
-+      div {background-image: url()};
-+      div {color: };
-+    </style>
-   </head>
-   <body>
-     <a href="">a link</a>
diff --git a/SOURCES/CVE-2021-28957.patch b/SOURCES/CVE-2021-28957.patch
deleted file mode 100644
index 0368606..0000000
--- a/SOURCES/CVE-2021-28957.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-diff --git a/src/lxml/html/defs.py b/src/lxml/html/defs.py
-index caf6b21..ea3c016 100644
---- a/src/lxml/html/defs.py
-+++ b/src/lxml/html/defs.py
-@@ -21,6 +21,8 @@ link_attrs = frozenset([
-     'usemap',
-     # Not standard:
-     'dynsrc', 'lowsrc',
-+    # HTML5 formaction
-+    'formaction'
-     ])
- 
- # Not in the HTML 4 spec:
-diff --git a/src/lxml/html/tests/test_clean.py b/src/lxml/html/tests/test_clean.py
-index 451eec2..e40cdad 100644
---- a/src/lxml/html/tests/test_clean.py
-+++ b/src/lxml/html/tests/test_clean.py
-@@ -89,6 +89,21 @@ class CleanerTest(unittest.TestCase):
-             b'<math><style>/* deleted */</style></math>',
-             lxml.html.tostring(clean_html(s)))
- 
-+    def test_formaction_attribute_in_button_input(self):
-+        # The formaction attribute overrides the form's action and should be
-+        # treated as a malicious link attribute
-+        html = ('<form id="test"><input type="submit" formaction="javascript:alert(1)"></form>'
-+        '<button form="test" formaction="javascript:alert(1)">X</button>')
-+        expected = ('<div><form id="test"><input type="submit" formaction=""></form>'
-+        '<button form="test" formaction="">X</button></div>')
-+        cleaner = Cleaner(
-+            forms=False,
-+            safe_attrs_only=False,
-+        )
-+        self.assertEqual(
-+            expected,
-+            cleaner.clean_html(html))
-+
- 
- def test_suite():
-     suite = unittest.TestSuite()
diff --git a/SOURCES/CVE-2021-43818.patch b/SOURCES/CVE-2021-43818.patch
deleted file mode 100644
index 7413abc..0000000
--- a/SOURCES/CVE-2021-43818.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-diff --git a/src/lxml/html/clean.py b/src/lxml/html/clean.py
-index 6f3f7de..da5af16 100644
---- a/src/lxml/html/clean.py
-+++ b/src/lxml/html/clean.py
-@@ -73,18 +73,25 @@ _looks_like_tag_content = re.compile(
- 
- # All kinds of schemes besides just javascript: that can cause
- # execution:
--_is_image_dataurl = re.compile(
--    r'^data:image/.+;base64', re.I).search
-+_find_image_dataurls = re.compile(
-+    r'^data:image/(.+);base64,', re.I).findall
- _is_possibly_malicious_scheme = re.compile(
--    r'(?:javascript|jscript|livescript|vbscript|data|about|mocha):',
--    re.I).search
-+    r'(javascript|jscript|livescript|vbscript|data|about|mocha):',
-+    re.I).findall
-+# SVG images can contain script content
-+_is_unsafe_image_type = re.compile(r"(xml|svg)", re.I).findall
-+
- def _is_javascript_scheme(s):
--    if _is_image_dataurl(s):
--        return None
--    return _is_possibly_malicious_scheme(s)
-+    is_image_url = False
-+    for image_type in _find_image_dataurls(s):
-+        is_image_url = True
-+        if _is_unsafe_image_type(image_type):
-+            return True
-+    if is_image_url:
-+        return False
-+    return bool(_is_possibly_malicious_scheme(s))
- 
- _substitute_whitespace = re.compile(r'[\s\x00-\x08\x0B\x0C\x0E-\x19]+').sub
--# FIXME: should data: be blocked?
- 
- # FIXME: check against: http://msdn2.microsoft.com/en-us/library/ms537512.aspx
- _conditional_comment_re = re.compile(
-@@ -512,6 +519,8 @@ class Cleaner(object):
-             return True
-         if 'expression(' in style:
-             return True
-+        if '@import' in style:
-+            return True
-         if '</noscript' in style:
-             # e.g. '<noscript><style><a title="</noscript><img src=x onerror=alert(1)>">'
-             return True
-diff --git a/src/lxml/html/tests/test_clean.py b/src/lxml/html/tests/test_clean.py
-index e40cdad..ad9a598 100644
---- a/src/lxml/html/tests/test_clean.py
-+++ b/src/lxml/html/tests/test_clean.py
-@@ -1,3 +1,5 @@
-+import base64
-+import gzip
- import unittest, sys
- from lxml.tests.common_imports import make_doctest
- from lxml.etree import LIBXML_VERSION
-@@ -89,6 +91,69 @@ class CleanerTest(unittest.TestCase):
-             b'<math><style>/* deleted */</style></math>',
-             lxml.html.tostring(clean_html(s)))
- 
-+    def test_sneaky_import_in_style(self):
-+        # Prevent "@@importimport" -> "@import" replacement.
-+        style_codes = [
-+            "@@importimport(extstyle.css)",
-+            "@ @  import import(extstyle.css)",
-+            "@ @ importimport(extstyle.css)",
-+            "@@  import import(extstyle.css)",
-+            "@ @import import(extstyle.css)",
-+            "@@importimport()",
-+        ]
-+        for style_code in style_codes:
-+            html = '<style>%s</style>' % style_code
-+            s = lxml.html.fragment_fromstring(html)
-+
-+            cleaned = lxml.html.tostring(clean_html(s))
-+            self.assertEqual(
-+                b'<style>/* deleted */</style>',
-+                cleaned,
-+                "%s  ->  %s" % (style_code, cleaned))
-+
-+    def test_svg_data_links(self):
-+        # Remove SVG images with potentially insecure content.
-+        svg = b'<svg onload="alert(123)" />'
-+        svgz = gzip.compress(svg)
-+        svg_b64 = base64.b64encode(svg).decode('ASCII')
-+        svgz_b64 = base64.b64encode(svgz).decode('ASCII')
-+        urls = [
-+            "data:image/svg+xml;base64," + svg_b64,
-+            "data:image/svg+xml-compressed;base64," + svgz_b64,
-+        ]
-+        for url in urls:
-+            html = '<img src="%s">' % url
-+            s = lxml.html.fragment_fromstring(html)
-+
-+            cleaned = lxml.html.tostring(clean_html(s))
-+            self.assertEqual(
-+                b'<img src="">',
-+                cleaned,
-+                "%s  ->  %s" % (url, cleaned))
-+
-+    def test_image_data_links(self):
-+        data = b'123'
-+        data_b64 = base64.b64encode(data).decode('ASCII')
-+        urls = [
-+            "data:image/jpeg;base64," + data_b64,
-+            "data:image/apng;base64," + data_b64,
-+            "data:image/png;base64," + data_b64,
-+            "data:image/gif;base64," + data_b64,
-+            "data:image/webp;base64," + data_b64,
-+            "data:image/bmp;base64," + data_b64,
-+            "data:image/tiff;base64," + data_b64,
-+            "data:image/x-icon;base64," + data_b64,
-+        ]
-+        for url in urls:
-+            html = '<img src="%s">' % url
-+            s = lxml.html.fragment_fromstring(html)
-+
-+            cleaned = lxml.html.tostring(clean_html(s))
-+            self.assertEqual(
-+                html.encode("UTF-8"),
-+                cleaned,
-+                "%s  ->  %s" % (url, cleaned))
-+
-     def test_formaction_attribute_in_button_input(self):
-         # The formaction attribute overrides the form's action and should be
-         # treated as a malicious link attribute
diff --git a/SOURCES/fix-threading-tests.patch b/SOURCES/fix-threading-tests.patch
deleted file mode 100644
index 27a5052..0000000
--- a/SOURCES/fix-threading-tests.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/src/lxml/tests/test_threading.py b/src/lxml/tests/test_threading.py
-index 8948c3e..5ede3f8 100644
---- a/src/lxml/tests/test_threading.py
-+++ b/src/lxml/tests/test_threading.py
-@@ -130,7 +130,7 @@ class ThreadingTestCase(HelperTestCase):
-     <xsl:template match="tag" />
-     <!-- extend time for parsing + transform -->
- ''' + '\n'.join('<xsl:template match="tag%x" />' % i for i in range(200)) + '''
--    <xsl:foo />
-+    <xsl:UnExpectedElement />
- </xsl:stylesheet>''')
-         self.assertRaises(etree.XSLTParseError,
-                           etree.XSLT, style)
-@@ -153,9 +153,10 @@ class ThreadingTestCase(HelperTestCase):
-             self.assertTrue(len(log))
-             if last_log is not None:
-                 self.assertEqual(len(last_log), len(log))
--            self.assertEqual(4, len(log))
-+            self.assertTrue(len(log) >= 2, len(log))
-             for error in log:
--                self.assertTrue(':ERROR:XSLT:' in str(error))
-+                self.assertTrue(':ERROR:XSLT:' in str(error), str(error))
-+            self.assertTrue(any('UnExpectedElement' in str(error) for error in log), log)
-             last_log = log
- 
-     def test_thread_xslt_apply_error_log(self):
diff --git a/get-lxml-source.sh b/get-lxml-source.sh
new file mode 100755
index 0000000..ae069f1
--- /dev/null
+++ b/get-lxml-source.sh
@@ -0,0 +1,28 @@
+#! /bin/bash -ex
+
+# Download a release of lxml (if missing) and remove the isoschematron module from it
+
+version=$1
+
+if [ -z "${version}" ]; then
+    echo "Usage: $0 VERSION" >& 2
+    echo "" >& 2
+    echo "example: $0 4.9.2" >& 2
+    exit 1
+fi
+
+versionedname=lxml-${version}
+orig_archive=${versionedname}.tar.gz
+new_archive=${versionedname}-no-isoschematron-rng.tar.gz
+
+if [ ! -e ${orig_archive} ]; then
+    wget -N https://files.pythonhosted.org/packages/source/l/lxml/${orig_archive}
+fi
+
+deleted_directory=lxml-${version}/src/lxml/isoschematron/resources/rng
+
+# tar --delete does not operate on compressed archives, so do
+# gz decompression explicitly
+gzip --decompress ${orig_archive}
+tar -v --delete -f ${orig_archive//.gz} ${deleted_directory}
+gzip -cf ${orig_archive//.gz} > ${new_archive}
diff --git a/SPECS/python-lxml.spec b/python-lxml.spec
similarity index 84%
rename from SPECS/python-lxml.spec
rename to python-lxml.spec
index 3247621..b9ab4d8 100644
--- a/SPECS/python-lxml.spec
+++ b/python-lxml.spec
@@ -1,105 +1,293 @@
-%global modname lxml
+## START: Set by rpmautospec
+## (rpmautospec version 0.6.5)
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+    release_number = 4;
+    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
+    print(release_number + base_release_number - 1);
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
+## END: Set by rpmautospec
 
-Name:           python-%{modname}
-Version:        4.2.3
-Release:        4%{?dist}
+Name:           python-lxml
+Version:        5.2.1
+Release:        %autorelease
 Summary:        XML processing library combining libxml2/libxslt with the ElementTree API
 
-License:        BSD
-URL:            http://lxml.de
-Source0:        http://lxml.de/files/%{modname}-%{version}.tgz
+# The lxml project is licensed under BSD-3-Clause
+# Some code is derived from ElementTree and cElementTree
+# thus using the MIT-CMU elementtree license
+# .xsl schematron files are under the MIT license
+License:        BSD-3-Clause AND MIT-CMU AND MIT
+URL:            https://github.com/lxml/lxml
 
-# Fix for CVE-2020-27783: mXSS due to the use of improper parser
-# Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1901633
-# Two upstream commits combined:
-#   Version 4.6.1: https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e
-#   Version 4.6.2: https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7
-Patch0:         CVE-2020-27783.patch
+# We use the get-lxml-source.sh script to generate the tarball
+# without the isoschematron RNG validation file under a problematic license.
+# See: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/154
+Source0:        lxml-%{version}-no-isoschematron-rng.tar.gz
+Source1:        get-lxml-source.sh
 
-# Fix for CVE-2021-28957: missing input sanitization
-# for formaction HTML5 attributes which may lead to XSS
-# Fixed upstream: https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
-Patch1: CVE-2021-28957.patch
-
-# Fix for CVE-2021-43818: HTML Cleaner allows crafted
-# and SVG embedded scripts to pass through
-# Fixed upstream:
-# https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a
-# https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0
-Patch2: CVE-2021-43818.patch
-
-# Make test more resilient against changes in latest libxslt releases
-# Fixed upstream: https://github.com/lxml/lxml/commit/acef361ca80ff9afd828d91c98ea91c92f9d09af
-Patch3: fix-threading-tests.patch
+# Skip some tests if lxml_html_clean is not available
+Patch:          https://github.com/lxml/lxml/pull/417.patch
 
 BuildRequires:  gcc
 BuildRequires:  libxml2-devel
 BuildRequires:  libxslt-devel
+BuildRequires:  python3-devel
+
+# Some of the extras create a build dependency loop.
+# - [cssselect] Requires cssselect BuildRequires lxml
+# - [html5] Requires html5lib BuildRequires lxml
+# - [htmlsoup] Requires beautifulsoup4 Requires lxml
+# - [html_clean] Requires lxml-html-clean Requires lxml
+# Hence we provide a bcond to disable the extras altogether.
+# By default, the extras are disabled in RHEL, to avoid dependencies.
+%bcond extras %{undefined rhel}
 
 %global _description \
 lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It\
 provides safe and convenient access to these libraries using the ElementTree It\
 extends the ElementTree API significantly to offer support for XPath, RelaxNG,\
-XML Schema, XSLT, C14N and much more.To contact the project, go to the project\
-home page < or see our bug tracker at case you want to use the current ...
+XML Schema, XSLT, C14N and much more.
 
 %description %{_description}
 
-%package -n     python3-%{modname}
+%package -n     python3-lxml
 Summary:        %{summary}
-BuildRequires:  python3-devel
-BuildRequires:  python3-setuptools
-BuildRequires:  python3-Cython
-Recommends:     python3-cssselect
-Recommends:     python3-html5lib
-Recommends:     python3-beautifulsoup4
-%{?python_provide:%python_provide python3-%{modname}}
+%if %{with extras}
+Suggests:       python3-lxml+cssselect
+Suggests:       python3-lxml+html5
+Suggests:       python3-lxml+htmlsoup
+Suggests:       python3-lxml+html_clean
+%endif
 
-%description -n python3-%{modname} %{_description}
+%description -n python3-lxml %{_description}
 
 Python 3 version.
 
+%if %{with extras}
+%pyproject_extras_subpkg -n python3-lxml cssselect html5 htmlsoup html_clean
+%endif
+
 %prep
-%autosetup -n %{modname}-%{version} -p1
+%autosetup -n lxml-%{version} -p1
+# Don't run html5lib tests --without extras
+%{!?without_extras:rm src/lxml/html/tests/test_html5parser.py}
+
+# Remove limit for version of Cython
+sed -i "s/Cython.*/Cython/" requirements.txt
+sed -i 's/"Cython.*",/"Cython",/' pyproject.toml
+
+%generate_buildrequires
+%pyproject_buildrequires -x source%{?with_extras:,cssselect,html5,htmlsoup,html_clean}
 
 %build
+# Remove pregenerated Cython C sources
+# We need to do this after %%pyproject_buildrequires because setup.py errors
+# without Cython and without the .c files.
+find -type f -name '*.c' -print -delete >&2
 export WITH_CYTHON=true
-%py3_build
+%pyproject_wheel
 
 %install
-%py3_install
+%pyproject_install
+%pyproject_save_files lxml
 
 %check
 # The tests assume inplace build, so we copy the built library to source-dir.
 # If not done that, Python can either import the tests or the extension modules, but not both.
-cp -a build/lib.%{python3_platform}-%{python3_version}/* src/
+cp -a build/lib.%{python3_platform}-*/* src/
 # The options are: verbose, unit, functional
 %{python3} test.py -vuf
 
-%files -n python3-%{modname}
-%license doc/licenses/ZopePublicLicense.txt LICENSES.txt
-%doc README.rst src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt
-%{python3_sitearch}/%{modname}/
-%{python3_sitearch}/%{modname}-*.egg-info/
+%files -n python3-lxml -f %{pyproject_files}
+%license doc/licenses/BSD.txt doc/licenses/elementtree.txt
+%doc README.rst
 
 %changelog
-* Thu Jan 06 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.2.3-4
-- Security fix for CVE-2021-43818
-Resolves: rhbz#2032569
+## START: Generated by rpmautospec
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 5.2.1-4
+- Bump release for October 2024 mass rebuild:
 
-* Wed Mar 24 2021 Charalampos Stratakis <cstratak@redhat.com> - 4.2.3-3
-- Security fix for CVE-2021-28957
-Resolves: rhbz#1941534
+* Tue Jul 30 2024 Miro Hrončok <miro@hroncok.cz> - 5.2.1-3
+- Convert the gating configuration to RHEL
 
-* Tue Dec 08 2020 Charalampos Stratakis <cstratak@redhat.com> - 4.2.3-2
-- Security fix for CVE-2020-27783: mXSS due to the use of improper parser
-Resolves: rhbz#1901633
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 5.2.1-2
+- Bump release for June 2024 mass rebuild
 
-* Thu Aug 02 2018 Sebastian Kisela <skisela@redhat.com> - 4.2.3-1
-- New upstream release 4.2.3
+* Thu Apr 04 2024 Lumir Balhar <lbalhar@redhat.com> - 5.2.1-1
+- Update to 5.2.1 (rhbz#2272165)
 
-* Sun Jul 22 2018 Charalampos Stratakis <cstratak@redhat.com> - 4.1.1-3
-- Conditionalize the python2 subpackage
+* Wed Mar 06 2024 Miro Hrončok <miro@hroncok.cz> - 5.1.0-7
+- Revert "Reduce the type safety as a workaround for build failures in
+  Fedora 40+"
+- The workaround has been moved to Cython
+
+* Mon Mar 04 2024 Miro Hrončok <miro@hroncok.cz> - 5.1.0-6
+- Fix test_elementtree with Expat 2.6.0
+- Fixes: rhbz#2264859
+
+* Wed Feb 07 2024 Miro Hrončok <miro@hroncok.cz> - 5.1.0-5
+- Reduce the type safety as a workaround for build failures in Fedora 40+
+- Fixes: rhbz#2261034
+- Fixes: rhbz#2256232
+
+* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 08 2024 Lumír Balhar <lbalhar@redhat.com> - 5.1.0-1
+- Update to 5.1.0 (rhbz#2256232)
+
+* Wed Dec 20 2023 Lumír Balhar <lbalhar@redhat.com> - 4.9.4-1
+- Update to 4.9.4 (rhbz#2255267)
+
+* Sun Nov 26 2023 David King <amigadave@amigadave.com> - 4.9.3-4
+- Fix building against libxml2 2.12.0
+- Resolves: rhbz#2250838
+
+* Mon Oct 30 2023 Miro Hrončok <mhroncok@redhat.com> - 4.9.3-3
+- Fix build with a future mock version
+
+* Fri Jul 28 2023 Miro Hrončok <mhroncok@redhat.com> - 4.9.3-2
+- Fix build with Cython 3
+
+* Fri Jul 21 2023 Lumír Balhar <lbalhar@redhat.com> - 4.9.3-1
+- Update to 4.9.3 (rhbz#2219811)
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.2-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jul 14 2023 Miro Hrončok <mhroncok@redhat.com> - 4.9.2-8
+- Bring back the isoschematron submodule,
+  but without the validation of the schema file itself
+
+* Fri Jun 16 2023 Python Maint <python-maint@redhat.com> - 4.9.2-7
+- Rebuilt for Python 3.12
+
+* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 4.9.2-6
+- Bootstrap for Python 3.12
+
+* Wed May 31 2023 Miro Hrončok <mhroncok@redhat.com> - 4.9.2-5
+- Remove the isoschematron submodule
+
+* Tue May 30 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 4.9.2-4
+- Disable extra subpackages in RHEL builds
+
+* Mon May 29 2023 Tomáš Hrnčiar <thrnciar@redhat.com> - 4.9.2-3
+- Skip failing test to avoid FTBFS
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Dec 14 2022 Lumír Balhar <lbalhar@redhat.com> - 4.9.2-1
+- Update to 4.9.2 (rhbz#2153063)
+
+* Wed Sep 14 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.9.1-1
+- Update to 4.9.1
+- Fix for CVE-2022-2309
+- Resolves: rhbz#2107571, rhbz#2110131
+
+* Wed Aug 31 2022 Miro Hrončok <mhroncok@redhat.com> - 4.7.1-6
+- Use SPDX license identifiers
+- The schematron files are not Zlib licensed, but MIT
+- Package the lxml[cssselect], lxml[html5] and lxml[htmlsoup] extras
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.7.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Jun 22 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.7.1-4
+- Fix FTBFS with setuptools >= 62.1
+- Resolves: rhbz#2097102
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 4.7.1-3
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jan 06 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.7.1-1
+- Update to 4.7.1
+- Fixes CVE-2021-43818
+- Resolves: rhbz#2031686, rhbz#2032572
+
+* Fri Nov 26 2021 Miro Hrončok <mhroncok@redhat.com> - 4.6.3-5
+- Run the tests during build
+- Resolves: rhbz#2026941
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.6.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 03 2021 Charalampos Stratakis <cstratak@redhat.com> - 4.6.3-3
+- Update the license information
+
+* Wed Jun 02 2021 Python Maint <python-maint@redhat.com> - 4.6.3-2
+- Rebuilt for Python 3.10
+
+* Thu May 20 2021 Charalampos Stratakis <cstratak@redhat.com> - 4.6.3-1
+- Update to 4.6.3
+- Fixes CVE-2021-28957
+- Fixes: rhbz#1941773
+- Fixes: rhbz#1941535
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.6.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec 01 2020 Miro Hrončok <mhroncok@redhat.com> - 4.6.2-1
+- Update to 4.6.2
+- Fixes CVE-2020-27783 and another vulnerability in the HTML Cleaner
+- Fixes: rhbz#1855415
+- Fixes: rhbz#1901634
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.5.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jun 01 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 4.5.1-1
+- Update to 4.5.1
+
+* Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 4.4.1-5
+- Rebuilt for Python 3.9
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Nov 20 2019 Miro Hrončok <mhroncok@redhat.com> - 4.4.1-3
+- Subpackage python2-lxml has been removed
+  See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
+
+* Sat Sep 07 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.4.1-2
+- Generate C files using py3 Cython
+
+* Sat Sep 07 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.4.1-1
+- Update to 4.4.1
+
+* Fri Aug 16 2019 Miro Hrončok <mhroncok@redhat.com> - 4.4.0-2
+- Rebuilt for Python 3.8
+
+* Sat Aug 03 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.4.0-1
+- Update to 4.4.0
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Dec 18 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.2.5-1
+- Update to 4.2.5
+
+* Sun Sep 02 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.2.4-1
+- Update to 4.2.4
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Sat Jul 07 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.2.3-1
+- Update to 4.2.3
+
+* Sun Jun 17 2018 Miro Hrončok <mhroncok@redhat.com> - 4.2.1-2
+- Rebuilt for Python 3.7
+
+* Wed Apr 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.2.1-1
+- Update to 4.2.1
 
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
@@ -1585,3 +1773,5 @@ Resolves: rhbz#1901633
 
 * Tue Dec 13 2005 Shahms E. King <shahms@shahms.com> 0.8-1
 - Initial package
+
+## END: Generated by rpmautospec
diff --git a/sources b/sources
new file mode 100644
index 0000000..2274f55
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+SHA512 (lxml-5.2.1-no-isoschematron-rng.tar.gz) = 7bfd9caf7e45157726e16c7286bdcb1b4dfa24df000df96d6571d65f59760ea5747e364da788cee3116977810b870ab90e451b519701f5cc26f1111a2528c996