diff options
author | Markus Rinne <markus.ka.rinne@gmail.com> | 2017-11-02 22:34:05 +0000 |
---|---|---|
committer | David Spencer <idlemoor@slackbuilds.org> | 2017-11-03 23:18:37 +0000 |
commit | d4460393ce13da7fe7372a5da0cd6c6eadc82b8e (patch) | |
tree | 02733e51b379b4c779b510c7b4f0312e78dcfde2 /python/defusedxml | |
parent | 15fbb173471ec0b17eca1702456a6ef1d2e3feff (diff) |
python/defusedxml: Added (XML bomb protection for Python).
Signed-off-by: David Spencer <idlemoor@slackbuilds.org>
Diffstat (limited to 'python/defusedxml')
-rw-r--r-- | python/defusedxml/README | 7 | ||||
-rw-r--r-- | python/defusedxml/defusedxml.SlackBuild | 87 | ||||
-rw-r--r-- | python/defusedxml/defusedxml.info | 10 | ||||
-rw-r--r-- | python/defusedxml/slack-desc | 19 |
4 files changed, 123 insertions, 0 deletions
diff --git a/python/defusedxml/README b/python/defusedxml/README new file mode 100644 index 0000000000000..c1fa82803057f --- /dev/null +++ b/python/defusedxml/README @@ -0,0 +1,7 @@ +The results of an attack on a vulnerable XML library can be fairly dramatic. +With just a few hundred Bytes of XML data an attacker can occupy several +Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a +long time with a small to medium size request. Under some circumstances it is +even possible to access local files on your server, to circumvent a firewall, +or to abuse services to rebound attacks to third parties. This library allows +for XML to be parsed in a manner that avoids these pitfalls. diff --git a/python/defusedxml/defusedxml.SlackBuild b/python/defusedxml/defusedxml.SlackBuild new file mode 100644 index 0000000000000..6c429dddc9511 --- /dev/null +++ b/python/defusedxml/defusedxml.SlackBuild @@ -0,0 +1,87 @@ +#!/bin/sh + +# Slackware build script for defusedxml + +# Copyright 2017 Markus Rinne Finland +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=defusedxml +VERSION=${VERSION:-0.5.0} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +python setup.py install --root=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a \ + CHANGES.txt LICENSE README.txt \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/python/defusedxml/defusedxml.info b/python/defusedxml/defusedxml.info new file mode 100644 index 0000000000000..8fc091bb74105 --- /dev/null +++ b/python/defusedxml/defusedxml.info @@ -0,0 +1,10 @@ +PRGNAM="defusedxml" +VERSION="0.5.0" +HOMEPAGE="https://pypi.python.org/pypi/defusedxml" +DOWNLOAD="https://github.com/tiran/defusedxml/archive/v0.5.0/defusedxml-0.5.0.tar.gz" +MD5SUM="3aa135375954a9705633aad3d5abfeda" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="Markus Rinne" +EMAIL="markus.ka.rinne@gmail.com" diff --git a/python/defusedxml/slack-desc b/python/defusedxml/slack-desc new file mode 100644 index 0000000000000..2498c6aa2794b --- /dev/null +++ b/python/defusedxml/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +defusedxml: defusedxml (XML bomb protection for Python stdlib modules) +defusedxml: +defusedxml: The results of an attack on a vulnerable XML library can be fairly +defusedxml: dramatic. With just a few hundred Bytes of XML data an attacker can +defusedxml: occupy several Gigabytes of memory within seconds. An attacker can +defusedxml: also keep CPUs busy for a long time with a small to medium size +defusedxml: request. Under some circumstances it is even possible to access local +defusedxml: files on your server, to circumvent a firewall, or to abuse services +defusedxml: to rebound attacks to third parties. This library allows for XML to +defusedxml: be parsed in a manner that avoids these pitfalls. +defusedxml: |