packages/PyYAML
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:acdc262478360c9e3f81222974e75c876850ba5d
Branches Tags
packages:main
...
compare: packages:0f956d5359bc0b815f20cd63037b4d2efd6eb5c5
Branches Tags
packages:main

10 Commits
acdc262478 ... 0f956d5359

Author SHA1 Message Date
openeuler-ci-bot
0f956d5359
!27 Fix build failure due to cython updated 
From: @wang--ge 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530
 2024-02-07 06:26:51 +00:00
wang--ge
8bdb87a4bc fix build error due to cython updated 2024-02-07 10:10:14 +08:00
openeuler-ci-bot
c0d30c29a2
!26 update package to version 6.0.1 
From: @S--Sh 
Reviewed-by: @shinwell_hu 
Signed-off-by: @shinwell_hu
 2023-07-31 05:50:18 +00:00
sunhui
95ffb10558 PyYAML 2023-07-26 14:43:52 +08:00
openeuler-ci-bot
4de6e20118
!24 [sync] PR-22: 【轻量级 PR】:rebuild for next release 
From: @openeuler-sync-bot 
Reviewed-by: @xiezhipeng1, @shinwell_hu 
Signed-off-by: @shinwell_hu, @xiezhipeng1
 2022-11-24 01:31:43 +00:00
zhuofeng
b2e52c1978 update for mass rebuild and upgrade verification 
Signed-off-by: zhuofeng <zhuofeng2@huawei.com>
(cherry picked from commit 3452da934d680cd820ea6b9ce39569cf4d6e6811)
 2022-10-31 09:24:21 +08:00
openeuler-ci-bot
2be709c8d6 !17 Upgrade to 6.0 
Merge pull request !17 from tianwei/master
 2021-12-29 02:20:56 +00:00
weiwei_tiantian
d3af8f3ed5 Upgrade to 6.0 2021-12-24 19:27:23 +08:00
openeuler-ci-bot
4361b60255 !15 Upgrade to 5.4.1 to support OpenStack-W 
From: @huangtianhua
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2021-07-13 09:24:32 +00:00
huangtianhua
13511bfce9 Upgrade to 5.4.1 to support OpenStack-W 
This upgrades to 5.4.1 and drop the CVE patch
which has been upstreamed.
 2021-07-13 08:54:29 +00:00
5 changed files with 52 additions and 132 deletions
Show Stats Expand all files Collapse all files

BIN
5.3.1.tar.gz
View File

Binary file not shown.

124
CVE-2020-14343.patch
View File

@ -1,124 +0,0 @@
From 7adc0db3f613a82669f2b168edd98379b83adb3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingy=20d=C3=B6t=20Net?= <ingy@ingy.net>
Date: Sat, 9 Jan 2021 10:53:23 -0500
Subject: [PATCH] Fix for CVE-2020-14343
Per suggestion https://github.com/yaml/pyyaml/issues/420#issuecomment-663888344
move a few constructors from full_load to unsafe_load.
---
lib/yaml/constructor.py | 24 ++++++++++++------------
lib3/yaml/constructor.py | 24 ++++++++++++------------
tests/lib/test_recursive.py | 2 +-
tests/lib3/test_recursive.py | 2 +-
4 files changed, 26 insertions(+), 26 deletions(-)
diff --git a/lib/yaml/constructor.py b/lib/yaml/constructor.py
index 794681cb..c42ee344 100644
--- a/lib/yaml/constructor.py
+++ b/lib/yaml/constructor.py
@@ -722,18 +722,6 @@ def construct_python_object_new(self, suffix, node):
u'tag:yaml.org,2002:python/name:',
FullConstructor.construct_python_name)
-FullConstructor.add_multi_constructor(
- u'tag:yaml.org,2002:python/module:',
- FullConstructor.construct_python_module)
-
-FullConstructor.add_multi_constructor(
- u'tag:yaml.org,2002:python/object:',
- FullConstructor.construct_python_object)
-
-FullConstructor.add_multi_constructor(
- u'tag:yaml.org,2002:python/object/new:',
- FullConstructor.construct_python_object_new)
-
class UnsafeConstructor(FullConstructor):
def find_python_module(self, name, mark):
@@ -750,6 +738,18 @@ def set_python_instance_state(self, instance, state):
return super(UnsafeConstructor, self).set_python_instance_state(
instance, state, unsafe=True)
+UnsafeConstructor.add_multi_constructor(
+ u'tag:yaml.org,2002:python/module:',
+ UnsafeConstructor.construct_python_module)
+
+UnsafeConstructor.add_multi_constructor(
+ u'tag:yaml.org,2002:python/object:',
+ UnsafeConstructor.construct_python_object)
+
+UnsafeConstructor.add_multi_constructor(
+ u'tag:yaml.org,2002:python/object/new:',
+ UnsafeConstructor.construct_python_object_new)
+
UnsafeConstructor.add_multi_constructor(
u'tag:yaml.org,2002:python/object/apply:',
UnsafeConstructor.construct_python_object_apply)
diff --git a/lib3/yaml/constructor.py b/lib3/yaml/constructor.py
index 1948b125..619acd30 100644
--- a/lib3/yaml/constructor.py
+++ b/lib3/yaml/constructor.py
@@ -710,18 +710,6 @@ def construct_python_object_new(self, suffix, node):
'tag:yaml.org,2002:python/name:',
FullConstructor.construct_python_name)
-FullConstructor.add_multi_constructor(
- 'tag:yaml.org,2002:python/module:',
- FullConstructor.construct_python_module)
-
-FullConstructor.add_multi_constructor(
- 'tag:yaml.org,2002:python/object:',
- FullConstructor.construct_python_object)
-
-FullConstructor.add_multi_constructor(
- 'tag:yaml.org,2002:python/object/new:',
- FullConstructor.construct_python_object_new)
-
class UnsafeConstructor(FullConstructor):
def find_python_module(self, name, mark):
@@ -738,6 +726,18 @@ def set_python_instance_state(self, instance, state):
return super(UnsafeConstructor, self).set_python_instance_state(
instance, state, unsafe=True)
+UnsafeConstructor.add_multi_constructor(
+ 'tag:yaml.org,2002:python/module:',
+ UnsafeConstructor.construct_python_module)
+
+UnsafeConstructor.add_multi_constructor(
+ 'tag:yaml.org,2002:python/object:',
+ UnsafeConstructor.construct_python_object)
+
+UnsafeConstructor.add_multi_constructor(
+ 'tag:yaml.org,2002:python/object/new:',
+ UnsafeConstructor.construct_python_object_new)
+
UnsafeConstructor.add_multi_constructor(
'tag:yaml.org,2002:python/object/apply:',
UnsafeConstructor.construct_python_object_apply)
diff --git a/tests/lib/test_recursive.py b/tests/lib/test_recursive.py
index 312204ea..04c57985 100644
--- a/tests/lib/test_recursive.py
+++ b/tests/lib/test_recursive.py
@@ -30,7 +30,7 @@ def test_recursive(recursive_filename, verbose=False):
output2 = None
try:
output1 = yaml.dump(value1)
- value2 = yaml.load(output1, yaml.FullLoader)
+ value2 = yaml.load(output1, yaml.UnsafeLoader)
output2 = yaml.dump(value2)
assert output1 == output2, (output1, output2)
finally:
diff --git a/tests/lib3/test_recursive.py b/tests/lib3/test_recursive.py
index 74c2ee65..08042c81 100644
--- a/tests/lib3/test_recursive.py
+++ b/tests/lib3/test_recursive.py
@@ -31,7 +31,7 @@ def test_recursive(recursive_filename, verbose=False):
output2 = None
try:
output1 = yaml.dump(value1)
- value2 = yaml.full_load(output1)
+ value2 = yaml.unsafe_load(output1)
output2 = yaml.dump(value2)
assert output1 == output2, (output1, output2)
finally:

29
Fix-build-Error-due-to-cython-updated.patch Normal file
View File

@ -0,0 +1,29 @@
From 293a0cead0d90fb19cbfa0e4138f0b3886414b92 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 31 Jan 2024 09:57:35 +0800
Subject: [PATCH] fix build Error due to cython updated
---
setup.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index 65b0ea0..4461580 100644
--- a/setup.py
+++ b/setup.py
@@ -82,7 +82,11 @@ if 'sdist' in sys.argv or os.environ.get('PYYAML_FORCE_CYTHON') == '1':
with_cython = True
try:
from Cython.Distutils.extension import Extension as _Extension
- from Cython.Distutils import build_ext as _build_ext
+ try:
+ from Cython.Distutils.old_build_ext import old_build_ext as _build_ext
+ except ImportError:
+ from Cython.Distutils import build_ext as _build_ext
+
with_cython = True
except ImportError:
if with_cython:
--
2.33.0

BIN
PyYAML-6.0.1.tar.gz Normal file
View File

Binary file not shown.

31
PyYAML.spec
View File

@ -1,14 +1,14 @@
%bcond_without python2 %bcond_without python2
%bcond_without python3 %bcond_without python3
Name: pyyaml Name: pyYAML
Version: 5.3.1 Version: 6.0.1
Release: 4 Release: 2
Summary: YAML parser and emitter for Python Summary: YAML parser and emitter for Python
License: MIT License: MIT
URL: https://github.com/yaml/pyyaml URL: https://github.com/yaml/pyyaml
Source0: https://github.com/yaml/pyyaml/archive/%{version}.tar.gz Source0: https://files.pythonhosted.org/packages/source/P/PyYAML/PyYAML-%{version}.tar.gz
Patch0000: CVE-2020-14343.patch Patch0: Fix-build-Error-due-to-cython-updated.patch
BuildRequires: gcc libyaml-devel BuildRequires: gcc libyaml-devel
@ -56,8 +56,8 @@ files to object serialization and persistence.
%endif %endif
%prep %prep
%setup -q -n %{name}-%{version} %setup -q -n PyYAML-%{version}
%patch0000 -p1 %patch0 -p1
%build %build
%if %{with python3} %if %{with python3}
@ -78,11 +78,26 @@ files to object serialization and persistence.
%if %{with python3} %if %{with python3}
%files -n python3-pyyaml %files -n python3-pyyaml
%license LICENSE %license LICENSE
%doc CHANGES README examples %doc CHANGES examples
%{python3_sitearch}/* %{python3_sitearch}/*
%endif %endif
%changelog %changelog
* Wed Jan 31 2024 Ge Wang <wang__ge@126.com> - 6.0.1-2
- fix build error due to cython updated
* Wed Jul 26 2023 sunhui <sunhui@kylinos.cn> - 6.0.1-1
- Update package to version 6.0.1
* Wed Oct 26 2022 zhuofeng <zhuofeng2@huawei.com> - 6.0-2
- rebuild for next release
* Fri Dec 24 2021 tianwei <tianwei12@huawei.com> - 6.0-1
- Upgrade to 6.0
* Tue Jul 13 2021 huangtianhua <huangtianhua@huawei.com> - 5.4.1-1
- Upgrade to 5.4.1
* Fri Jun 11 2021 zhaomengchao <zhaomengchao3@huawei.com> - 5.3.1-4 * Fri Jun 11 2021 zhaomengchao <zhaomengchao3@huawei.com> - 5.3.1-4
* Fix CVE-2020-14343 * Fix CVE-2020-14343