Browse code
Added python-xml to requires of python-defusedxml. Change-Id: Idc84a9c0181043956556e772167acef2463fe4fc Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3380 Tested-by: gerrit-photon <photon-checkins@vmware.com> Reviewed-by: Rongrong Qiu <rqiu@vmware.com>
xiaolin-vmware authored on 2017/08/02 04:20:48Showing 1 changed files
| ... | ... |
@@ -4,7 +4,7 @@ |
| 4 | 4 |
Summary: XML bomb protection for Python stdlib modules |
| 5 | 5 |
Name: python-defusedxml |
| 6 | 6 |
Version: 0.5.0 |
| 7 |
-Release: 1%{?dist}
|
|
| 7 |
+Release: 2%{?dist}
|
|
| 8 | 8 |
Url: https://pypi.python.org/pypi/defusedxml |
| 9 | 9 |
License: PSFL |
| 10 | 10 |
Group: Development/Languages/Python |
| ... | ... |
@@ -22,6 +22,7 @@ BuildRequires: python-setuptools |
| 22 | 22 |
|
| 23 | 23 |
Requires: python2 |
| 24 | 24 |
Requires: python2-libs |
| 25 |
+Requires: python-xml |
|
| 25 | 26 |
|
| 26 | 27 |
%description |
| 27 | 28 |
The results of an attack on a vulnerable XML library can be fairly dramatic. With just a few hundred Bytes of XML data an attacker can occupy several Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a long time with a small to medium size request. Under some circumstances it is even possible to access local files on your server, to circumvent a firewall, or to abuse services to rebound attacks to third parties. |
| ... | ... |
@@ -75,5 +76,7 @@ popd |
| 75 | 75 |
%{python3_sitelib}/*
|
| 76 | 76 |
|
| 77 | 77 |
%changelog |
| 78 |
+* Tue Aug 01 2017 Xiaolin Li <xiaolinl@vmware.com> 0.5.0-2 |
|
| 79 |
+- Added python-xml to requires of python-defusedxml. |
|
| 78 | 80 |
* Thu Mar 09 2017 Xiaolin Li <xiaolinl@vmware.com> 0.5.0-1 |
| 79 | 81 |
- Initial packaging for Photon |