python-defusedxml: add new package

The defusedxml package contains several Python-only workarounds and
fixes for denial of service and other vulnerabilities in Python's XML
libraries. In order to benefit from the protection you just have to
import and use the listed functions / classes from the right defusedxml
module instead of the original module.

Currently, openpyxl detects, and uses defusedxml, if installed.

Signed-off-by: Eneas U de Queiroz <redacted>

diff --git a/lang/python/python-defusedxml/Makefile b/lang/python/python-defusedxml/Makefile
new file mode 100644 (file)
index 0000000..d483177
--- /dev/null
+++ b/lang/python/python-defusedxml/Makefile
@@ -0,0 +1,68 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=python-defusedxml
+PKG_VERSION:=0.6.0
+PKG_RELEASE:=1
+PKG_LICENSE:=Python-2.0
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+PKG_SOURCE:=defusedxml-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/d/defusedxml
+PKG_HASH:=f684034d135af4c6cbb949b8a4d2ed61634515257a67299e5f940fbaa34377f5
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-defusedxml-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+include ../python-package.mk
+include ../python3-package.mk
+
+PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+
+define Package/python-defusedxml/Default
+  SUBMENU:=Python
+  SECTION:=lang
+  CATEGORY:=Languages
+  TITLE:=XML bomb protection for Python stdlib modules.
+  URL:=https://github.com/tiran/defusedxml
+endef
+
+define Package/python-defusedxml
+  $(call Package/python-defusedxml/Default)
+  DEPENDS:= \
+       +PACKAGE_python-defusedxml:python-light \
+       +PACKAGE_python-defusedxml:python-codecs \
+       +PACKAGE_python-defusedxml:python-xml
+  VARIANT:=python
+endef
+
+define Package/python3-defusedxml
+  $(call Package/python-defusedxml/Default)
+  DEPENDS:= \
+       +PACKAGE_python3-defusedxml:python3-light \
+       +PACKAGE_python3-defusedxml:python3-xml
+  VARIANT:=python3
+endef
+
+define Package/python-defusedxml/description
+  The defusedxml package contains several Python-only workarounds and fixes for
+  denial of service and other vulnerabilities in Python’s XML libraries.
+endef
+
+define Package/python3-defusedxml/description
+$(call Package/python-defusedxml/description)
+.
+(Variant for Python3)
+endef
+
+$(eval $(call PyPackage,python-defusedxml))
+$(eval $(call BuildPackage,python-defusedxml))
+$(eval $(call BuildPackage,python-defusedxml-src))
+
+$(eval $(call Py3Package,python3-defusedxml))
+$(eval $(call BuildPackage,python3-defusedxml))
+$(eval $(call BuildPackage,python3-defusedxml-src))