diff options
| author |   Virgil Dupras <vdupras@gentoo.org> | 2019-04-07 19:31:14 -0400 |
|---|---|---|
| committer | Virgil Dupras <vdupras@gentoo.org> | 2019-04-07 19:31:14 -0400 |
| commit | 79ba924d94cb0cf8559565178414c2a1d687b90c (patch) | |
| tree | 30455c4a5369ddd4679bd1b1abbb3b27774f8edb /dev-python/pyyaml | |
| parent | media-sound/mp3info: amd64 stable wrt bug #681436 (diff) | |
| download | gentoo-79ba924d94cb0cf8559565178414c2a1d687b90c.tar.gz gentoo-79ba924d94cb0cf8559565178414c2a1d687b90c.tar.bz2 gentoo-79ba924d94cb0cf8559565178414c2a1d687b90c.zip | |
dev-python/pyyaml: bump to 5.1
Bug: https://bugs.gentoo.org/659348
Signed-off-by: Virgil Dupras <vdupras@gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11
Diffstat (limited to 'dev-python/pyyaml')
| -rw-r--r-- | dev-python/pyyaml/Manifest | 1 | ||||
| -rw-r--r-- | dev-python/pyyaml/files/pyyaml-5.1-cve-2017-18342.patch | 40 | ||||
| -rw-r--r-- | dev-python/pyyaml/pyyaml-5.1.ebuild | 46 |
3 files changed, 87 insertions, 0 deletions
diff --git a/dev-python/pyyaml/Manifest b/dev-python/pyyaml/Manifest index b3a40935b37f..5a317e2d5388 100644 --- a/dev-python/pyyaml/Manifest +++ b/dev-python/pyyaml/Manifest @@ -1,2 +1,3 @@ DIST PyYAML-3.12.tar.gz 253011 BLAKE2B 530f2910acb757af9e2a738d93ace45daee3fc5764f19fbc758508e873f05ebfa2486c4f82800540e5e405e7f114f06f963e5011908fd15014ca8b8afb3a76aa SHA512 e16d8b7f4f026b6a95b11fb59c54ec5f114f6f516294eaa95e718abdf5d37c17a9c4b5e0a0a61fca04e801792d9b7fb801087cf849ff22b9581f6af204b1883a DIST PyYAML-3.13.tar.gz 270607 BLAKE2B f365f63587b911234497426c9796f98b85f5de052abd88ea434137a4eb8a4c1e08f9ee1982a30df1934dadb615145f4af8fcff577d3d4e52058e7a8843aa8604 SHA512 93642286d0317e2fe970632c36d38ce6030f7cabcf971f28e3a1054f07390fcee5baaf7f167e7c9690dbd7b2adc61f5b7d75a218ace0abca34ff8815486cfdd7 +DIST PyYAML-5.1.tar.gz 274244 BLAKE2B ea8cc4b56b9fc70bc7b01f8c654ceb8b73c82dcc936c939cba3c3654df04fe32fc46c7df322a38869d28ad5a58f6134b35cbe43924df3b4d5f3e54e33700dc73 SHA512 8f27f92bdfa310a99dd6d83947332cc033fa18f0011998bb585ad5c4340a2da20d8c20bfdb53beaae15651198d1240c986818379b0a05b230f74d1f30f53e7fd diff --git a/dev-python/pyyaml/files/pyyaml-5.1-cve-2017-18342.patch b/dev-python/pyyaml/files/pyyaml-5.1-cve-2017-18342.patch new file mode 100644 index 000000000000..28626ba9e974 --- /dev/null +++ b/dev-python/pyyaml/files/pyyaml-5.1-cve-2017-18342.patch @@ -0,0 +1,40 @@ +diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py +index e7a419d..5f80761 100644 +--- a/lib/yaml/__init__.py ++++ b/lib/yaml/__init__.py +@@ -106,6 +106,7 @@ def load(stream, Loader=None): + and produce the corresponding Python object. + """ + if Loader is None: ++ raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348") + load_warning('load') + Loader = FullLoader + +@@ -121,6 +122,7 @@ def load_all(stream, Loader=None): + and produce corresponding Python objects. + """ + if Loader is None: ++ raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348") + load_warning('load_all') + Loader = FullLoader + +diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py +index 5df0bb5..6952ba5 100644 +--- a/lib3/yaml/__init__.py ++++ b/lib3/yaml/__init__.py +@@ -106,6 +106,7 @@ def load(stream, Loader=None): + and produce the corresponding Python object. + """ + if Loader is None: ++ raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348") + load_warning('load') + Loader = FullLoader + +@@ -121,6 +122,7 @@ def load_all(stream, Loader=None): + and produce corresponding Python objects. + """ + if Loader is None: ++ raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348") + load_warning('load_all') + Loader = FullLoader + diff --git a/dev-python/pyyaml/pyyaml-5.1.ebuild b/dev-python/pyyaml/pyyaml-5.1.ebuild new file mode 100644 index 000000000000..02cd65f425a8 --- /dev/null +++ b/dev-python/pyyaml/pyyaml-5.1.ebuild @@ -0,0 +1,46 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python2_7 python3_{5,6,7} pypy pypy3 ) + +inherit distutils-r1 + +MY_P="PyYAML-${PV}" + +DESCRIPTION="YAML parser and emitter for Python" +HOMEPAGE="https://pyyaml.org/wiki/PyYAML https://pypi.org/project/PyYAML/" +SRC_URI="https://pyyaml.org/download/${PN}/${MY_P}.tar.gz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris" +IUSE="examples libyaml" + +RDEPEND="libyaml? ( dev-libs/libyaml )" +DEPEND="${RDEPEND} + libyaml? ( $(python_gen_cond_dep 'dev-python/cython[${PYTHON_USEDEP}]' python2_7 'python3*') )" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + # bug #659348 + "${FILESDIR}/${PN}-5.1-cve-2017-18342.patch" +) + +python_configure_all() { + mydistutilsargs=( $(use_with libyaml) ) +} + +python_test() { + esetup.py test +} + +python_install_all() { + distutils-r1_python_install_all + if use examples; then + dodoc -r examples + docompress -x /usr/share/doc/${PF} + fi +} |