From 567e13e82271096cf3fd4f90c6f17ca96fdfa6f9 Mon Sep 17 00:00:00 2001 From: Patrick McCarty Date: Tue, 27 Aug 2019 07:53:43 -0700 Subject: [PATCH] PyYAML: Autospec creation for update from version 3.13 to version 5.1.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Alex Gaynor (4): Make pyyaml safe by default. wtf, how did this typo happen Now, for py3k! Changes for 4.1 release Andrey Somov (1): Remove redundant code in Scanner.peek_token() Anthony Sottile (1): Install cython alongside tox Daniel Beer (1): Allow colon in a plain scalar in a flow context (#45) Donald Stufft (4): Add a tox.ini to run tests Ignore common build/runtime artifacts Add Travis Support Fallback to Pure Python if Compilation fails Florian Bruhin (1): Import Hashable from collections.abc Hugo (1): Test on Python 3.7-dev Ian Cordasco (1): Install tox in a virtualenv Ingy döt Net (6): Revert PR #150 per @asomov Changes for 4.01 release Reverting https://github.com/yaml/pyyaml/pull/74 Deprecate/warn usage of yaml.load(input) Update .travis.yml to use libyaml 0.2.2 Updates for 5.1 release Jakub Wilk (1): Fix typos Jon Dufresne (5): Document and test Python 3.6 support Use Travis CI built in pip cache support Remove tox workaround for Travis CI Remove commented out Psyco code Include license file in the generated wheel package Kirill Simonov (1): Added tag 3.12 for changeset 823acfc7b4ff Matt Davis (4): Squash/merge pull request #105 from nnadeau/patch-1 Windows Appveyor build changes for 5.1.1 release changes for 5.1.2 release Peter Murphy (5): A change to a message First attack at pyyaml does not support literals in unicode over codepoint 0xffff #25 Added emoticon test data files (which will probably break testing) Suspicious 'expected an exception' messages trimmed Reverting README to old copy Timofei Bondarev (1): Improve RepresenterError creation Tina Müller (7): Support escaped slash in double quotes "\/" Force cython when building sdist Build libyaml on travis Apply FullLoader/UnsafeLoader changes to lib3 Allow to turn off sorting keys in Dumper Make default_flow_style=False Skip certain unicode tests when maxunicode not > 0xffff hsmtkk (1): add 3.12 changelog hugovk (1): Drop unsupported Python 3.3 psanchez (1): Resolves #57, update readme issues link scauligi (1): Fix for bug https://github.com/yaml/pyyaml/issues/118 --- .gitignore | 5 + 0001-CVE-2017-18342-1.patch | 298 ------------------------------------ 0002-CVE-2017-18342-2.patch | 25 --- Makefile | 2 +- PyYAML.spec | 16 +- buildreq_cache | 2 +- options.conf | 2 +- release | 2 +- series | 2 - testresults | 4 +- upstream | 2 +- versions | 1 + whatrequires | 3 + 13 files changed, 22 insertions(+), 342 deletions(-) delete mode 100644 0001-CVE-2017-18342-1.patch delete mode 100644 0002-CVE-2017-18342-2.patch delete mode 100644 series create mode 100644 versions diff --git a/.gitignore b/.gitignore index edbcfda..0039371 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ .*~ *~ +*.info +*.mod *.swp .repo-index *.log @@ -8,6 +10,9 @@ build.log.round* *.tgz !*.tar.*.* *.zip +*.jar +*.pom +*.xml commitmsg results/ rpms/ diff --git a/0001-CVE-2017-18342-1.patch b/0001-CVE-2017-18342-1.patch deleted file mode 100644 index 565de1c..0000000 --- a/0001-CVE-2017-18342-1.patch +++ /dev/null @@ -1,298 +0,0 @@ -From 7b68405c81db889f83c32846462b238ccae5be80 Mon Sep 17 00:00:00 2001 -From: Alex Gaynor -Date: Sat, 26 Aug 2017 09:26:59 -0400 -Subject: [PATCH 1/2] Make pyyaml safe by default. - -Change yaml.load/yaml.dump to be yaml.safe_load/yaml.safe_dump, introduced yaml.danger_dump/yaml.danger_load, and the same for various other classes. - -(python2 only at this moment) - -Refs #5 ---- - lib/yaml/__init__.py | 41 +++++++++++++++++++++-------------- - lib/yaml/cyaml.py | 15 +++++++------ - lib/yaml/dumper.py | 8 +++---- - lib/yaml/loader.py | 8 +++---- - tests/lib/test_constructor.py | 5 ++--- - tests/lib/test_recursive.py | 7 +++--- - 6 files changed, 46 insertions(+), 38 deletions(-) - -diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py -index 87c15d3..153a74d 100644 ---- a/lib/yaml/__init__.py -+++ b/lib/yaml/__init__.py -@@ -65,17 +65,24 @@ def load(stream, Loader=Loader): - """ - Parse the first YAML document in a stream - and produce the corresponding Python object. -+ -+ By default resolve only basic YAML tags, if an alternate Loader is -+ provided, may be dangerous. - """ - loader = Loader(stream) - try: - return loader.get_single_data() - finally: - loader.dispose() -+safe_load = load - - def load_all(stream, Loader=Loader): - """ - Parse all YAML documents in a stream - and produce corresponding Python objects. -+ -+ By default resolve only basic YAML tags, if an alternate Loader is -+ provided, may be dangerous. - """ - loader = Loader(stream) - try: -@@ -83,22 +90,23 @@ def load_all(stream, Loader=Loader): - yield loader.get_data() - finally: - loader.dispose() -+safe_load_all = load_all - --def safe_load(stream): -+def danger_load(stream): - """ - Parse the first YAML document in a stream - and produce the corresponding Python object. -- Resolve only basic YAML tags. -+ When used on untrusted input, can result in arbitrary code execution. - """ -- return load(stream, SafeLoader) -+ return load(stream, DangerLoader) - --def safe_load_all(stream): -+def danger_load_all(stream): - """ - Parse all YAML documents in a stream - and produce corresponding Python objects. -- Resolve only basic YAML tags. -+ When used on untrusted input, can result in arbitrary code execution. - """ -- return load_all(stream, SafeLoader) -+ return load_all(stream, DangerLoader) - - def emit(events, stream=None, Dumper=Dumper, - canonical=None, indent=None, width=None, -@@ -193,29 +201,31 @@ def dump_all(documents, stream=None, Dumper=Dumper, - dumper.dispose() - if getvalue: - return getvalue() -+safe_dump_all = dump_all - --def dump(data, stream=None, Dumper=Dumper, **kwds): -+def danger_dump_all(documents, stream=None, **kwds): - """ -- Serialize a Python object into a YAML stream. -+ Serialize a sequence of Python objects into a YAML stream. -+ Produce only basic YAML tags. - If stream is None, return the produced string instead. - """ -- return dump_all([data], stream, Dumper=Dumper, **kwds) -+ return dump_all(documents, stream, Dumper=DangerDumper, **kwds) - --def safe_dump_all(documents, stream=None, **kwds): -+def dump(data, stream=None, Dumper=Dumper, **kwds): - """ -- Serialize a sequence of Python objects into a YAML stream. -- Produce only basic YAML tags. -+ Serialize a Python object into a YAML stream. - If stream is None, return the produced string instead. - """ -- return dump_all(documents, stream, Dumper=SafeDumper, **kwds) -+ return dump_all([data], stream, Dumper=Dumper, **kwds) -+safe_dump = dump - --def safe_dump(data, stream=None, **kwds): -+def danger_dump(data, stream=None, **kwds): - """ - Serialize a Python object into a YAML stream. - Produce only basic YAML tags. - If stream is None, return the produced string instead. - """ -- return dump_all([data], stream, Dumper=SafeDumper, **kwds) -+ return dump_all([data], stream, Dumper=DangerDumper, **kwds) - - def add_implicit_resolver(tag, regexp, first=None, - Loader=Loader, Dumper=Dumper): -@@ -312,4 +322,3 @@ class YAMLObject(object): - return dumper.represent_yaml_object(cls.yaml_tag, data, cls, - flow_style=cls.yaml_flow_style) - to_yaml = classmethod(to_yaml) -- -diff --git a/lib/yaml/cyaml.py b/lib/yaml/cyaml.py -index 68dcd75..5371f63 100644 ---- a/lib/yaml/cyaml.py -+++ b/lib/yaml/cyaml.py -@@ -1,6 +1,6 @@ - --__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader', -- 'CBaseDumper', 'CSafeDumper', 'CDumper'] -+__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader', 'CDangerLoader', -+ 'CBaseDumper', 'CSafeDumper', 'CDumper', 'CDangerDumper'] - - from _yaml import CParser, CEmitter - -@@ -18,14 +18,15 @@ class CBaseLoader(CParser, BaseConstructor, BaseResolver): - BaseConstructor.__init__(self) - BaseResolver.__init__(self) - --class CSafeLoader(CParser, SafeConstructor, Resolver): -+class CLoader(CParser, SafeConstructor, Resolver): - - def __init__(self, stream): - CParser.__init__(self, stream) - SafeConstructor.__init__(self) - Resolver.__init__(self) -+CSafeLoader = CLoader - --class CLoader(CParser, Constructor, Resolver): -+class CDangerLoader(CParser, Constructor, Resolver): - - def __init__(self, stream): - CParser.__init__(self, stream) -@@ -49,7 +50,7 @@ class CBaseDumper(CEmitter, BaseRepresenter, BaseResolver): - default_flow_style=default_flow_style) - Resolver.__init__(self) - --class CSafeDumper(CEmitter, SafeRepresenter, Resolver): -+class CDumper(CEmitter, SafeRepresenter, Resolver): - - def __init__(self, stream, - default_style=None, default_flow_style=None, -@@ -65,8 +66,9 @@ class CSafeDumper(CEmitter, SafeRepresenter, Resolver): - SafeRepresenter.__init__(self, default_style=default_style, - default_flow_style=default_flow_style) - Resolver.__init__(self) -+CSafeDumper = CDumper - --class CDumper(CEmitter, Serializer, Representer, Resolver): -+class CDangerDumper(CEmitter, Serializer, Representer, Resolver): - - def __init__(self, stream, - default_style=None, default_flow_style=None, -@@ -82,4 +84,3 @@ class CDumper(CEmitter, Serializer, Representer, Resolver): - Representer.__init__(self, default_style=default_style, - default_flow_style=default_flow_style) - Resolver.__init__(self) -- -diff --git a/lib/yaml/dumper.py b/lib/yaml/dumper.py -index f811d2c..fcf1f28 100644 ---- a/lib/yaml/dumper.py -+++ b/lib/yaml/dumper.py -@@ -1,5 +1,5 @@ - --__all__ = ['BaseDumper', 'SafeDumper', 'Dumper'] -+__all__ = ['BaseDumper', 'SafeDumper', 'Dumper', 'DangerDumper'] - - from emitter import * - from serializer import * -@@ -24,7 +24,7 @@ class BaseDumper(Emitter, Serializer, BaseRepresenter, BaseResolver): - default_flow_style=default_flow_style) - Resolver.__init__(self) - --class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver): -+class Dumper(Emitter, Serializer, SafeRepresenter, Resolver): - - def __init__(self, stream, - default_style=None, default_flow_style=None, -@@ -41,8 +41,9 @@ class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver): - SafeRepresenter.__init__(self, default_style=default_style, - default_flow_style=default_flow_style) - Resolver.__init__(self) -+SafeDumper = Dump - --class Dumper(Emitter, Serializer, Representer, Resolver): -+class DangerDumper(Emitter, Serializer, Representer, Resolver): - - def __init__(self, stream, - default_style=None, default_flow_style=None, -@@ -59,4 +60,3 @@ class Dumper(Emitter, Serializer, Representer, Resolver): - Representer.__init__(self, default_style=default_style, - default_flow_style=default_flow_style) - Resolver.__init__(self) -- -diff --git a/lib/yaml/loader.py b/lib/yaml/loader.py -index 293ff46..6b18527 100644 ---- a/lib/yaml/loader.py -+++ b/lib/yaml/loader.py -@@ -1,5 +1,5 @@ - --__all__ = ['BaseLoader', 'SafeLoader', 'Loader'] -+__all__ = ['BaseLoader', 'SafeLoader', 'Loader', 'DangerLoader'] - - from reader import * - from scanner import * -@@ -18,7 +18,7 @@ class BaseLoader(Reader, Scanner, Parser, Composer, BaseConstructor, BaseResolve - BaseConstructor.__init__(self) - BaseResolver.__init__(self) - --class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver): -+class Loader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver): - - def __init__(self, stream): - Reader.__init__(self, stream) -@@ -27,8 +27,9 @@ class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver): - Composer.__init__(self) - SafeConstructor.__init__(self) - Resolver.__init__(self) -+SafeLoader = Loader - --class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver): -+class DangerLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver): - - def __init__(self, stream): - Reader.__init__(self, stream) -@@ -37,4 +38,3 @@ class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver): - Composer.__init__(self) - Constructor.__init__(self) - Resolver.__init__(self) -- -diff --git a/tests/lib/test_constructor.py b/tests/lib/test_constructor.py -index beee7b0..12d5391 100644 ---- a/tests/lib/test_constructor.py -+++ b/tests/lib/test_constructor.py -@@ -19,9 +19,9 @@ def _make_objects(): - NewArgs, NewArgsWithState, Reduce, ReduceWithState, MyInt, MyList, MyDict, \ - FixedOffset, today, execute - -- class MyLoader(yaml.Loader): -+ class MyLoader(yaml.DangerLoader): - pass -- class MyDumper(yaml.Dumper): -+ class MyDumper(yaml.DangerDumper): - pass - - class MyTestClass1: -@@ -272,4 +272,3 @@ if __name__ == '__main__': - sys.modules['test_constructor'] = sys.modules['__main__'] - import test_appliance - test_appliance.run(globals()) -- -diff --git a/tests/lib/test_recursive.py b/tests/lib/test_recursive.py -index 6707fd4..c67c170 100644 ---- a/tests/lib/test_recursive.py -+++ b/tests/lib/test_recursive.py -@@ -29,9 +29,9 @@ def test_recursive(recursive_filename, verbose=False): - value2 = None - output2 = None - try: -- output1 = yaml.dump(value1) -- value2 = yaml.load(output1) -- output2 = yaml.dump(value2) -+ output1 = yaml.danger_dump(value1) -+ value2 = yaml.danger_load(output1) -+ output2 = yaml.danger_dump(value2) - assert output1 == output2, (output1, output2) - finally: - if verbose: -@@ -47,4 +47,3 @@ test_recursive.unittest = ['.recursive'] - if __name__ == '__main__': - import test_appliance - test_appliance.run(globals()) -- --- -2.20.1 - diff --git a/0002-CVE-2017-18342-2.patch b/0002-CVE-2017-18342-2.patch deleted file mode 100644 index 5053dc5..0000000 --- a/0002-CVE-2017-18342-2.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 517e83e8058e9d6850ab432ef22d84c2ac2bba5a Mon Sep 17 00:00:00 2001 -From: Alex Gaynor -Date: Sat, 26 Aug 2017 09:29:39 -0400 -Subject: [PATCH 2/2] wtf, how did this typo happen - ---- - lib/yaml/dumper.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/yaml/dumper.py b/lib/yaml/dumper.py -index fcf1f28..22fd927 100644 ---- a/lib/yaml/dumper.py -+++ b/lib/yaml/dumper.py -@@ -41,7 +41,7 @@ class Dumper(Emitter, Serializer, SafeRepresenter, Resolver): - SafeRepresenter.__init__(self, default_style=default_style, - default_flow_style=default_flow_style) - Resolver.__init__(self) --SafeDumper = Dump -+SafeDumper = Dumper - - class DangerDumper(Emitter, Serializer, Representer, Resolver): - --- -2.20.1 - diff --git a/Makefile b/Makefile index 94bc83d..88f1922 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ PKG_NAME := PyYAML -URL = https://github.com/yaml/pyyaml/archive/3.13/pyyaml-3.13.tar.gz +URL = https://github.com/yaml/pyyaml/archive/5.1.2/pyyaml-5.1.2.tar.gz ARCHIVES = include ../common/Makefile.common diff --git a/PyYAML.spec b/PyYAML.spec index bfcd1dd..c16dedc 100644 --- a/PyYAML.spec +++ b/PyYAML.spec @@ -3,10 +3,10 @@ # Generated by: autospec.py # Name : PyYAML -Version : 3.13 -Release : 59 -URL : https://github.com/yaml/pyyaml/archive/3.13/pyyaml-3.13.tar.gz -Source0 : https://github.com/yaml/pyyaml/archive/3.13/pyyaml-3.13.tar.gz +Version : 5.1.2 +Release : 60 +URL : https://github.com/yaml/pyyaml/archive/5.1.2/pyyaml-5.1.2.tar.gz +Source0 : https://github.com/yaml/pyyaml/archive/5.1.2/pyyaml-5.1.2.tar.gz Summary : No detailed summary available Group : Development/Tools License : MIT @@ -18,8 +18,6 @@ BuildRequires : buildreq-distutils3 BuildRequires : python-dev BuildRequires : python3-dev BuildRequires : yaml-dev -Patch1: 0001-CVE-2017-18342-1.patch -Patch2: 0002-CVE-2017-18342-2.patch %description PyYAML - The next generation YAML parser and emitter for Python. @@ -53,16 +51,14 @@ python3 components for the PyYAML package. %prep -%setup -q -n pyyaml-3.13 -%patch1 -p1 -%patch2 -p1 +%setup -q -n pyyaml-5.1.2 %build export http_proxy=http://127.0.0.1:9/ export https_proxy=http://127.0.0.1:9/ export no_proxy=localhost,127.0.0.1,0.0.0.0 export LANG=C.UTF-8 -export SOURCE_DATE_EPOCH=1563473686 +export SOURCE_DATE_EPOCH=1566917616 export GCC_IGNORE_WERROR=1 export AR=gcc-ar export RANLIB=gcc-ranlib diff --git a/buildreq_cache b/buildreq_cache index 7710762..3680df1 100644 --- a/buildreq_cache +++ b/buildreq_cache @@ -1,2 +1,2 @@ -3.13 +5.1.2 python3-dev \ No newline at end of file diff --git a/options.conf b/options.conf index f15c1e3..45191de 100644 --- a/options.conf +++ b/options.conf @@ -1,6 +1,6 @@ [package] name = PyYAML -url = https://github.com/yaml/pyyaml/archive/3.13/pyyaml-3.13.tar.gz +url = https://github.com/yaml/pyyaml/archive/5.1.2/pyyaml-5.1.2.tar.gz archives = giturl = https://github.com/yaml/pyyaml.git diff --git a/release b/release index 04f9fe4..abdfb05 100644 --- a/release +++ b/release @@ -1 +1 @@ -59 +60 diff --git a/series b/series deleted file mode 100644 index 524575f..0000000 --- a/series +++ /dev/null @@ -1,2 +0,0 @@ -0001-CVE-2017-18342-1.patch -0002-CVE-2017-18342-2.patch diff --git a/testresults b/testresults index 83c5912..15b4272 100644 --- a/testresults +++ b/testresults @@ -1,5 +1,5 @@ -Total : 2590 -Pass : 2585 +Total : 2607 +Pass : 2602 Fail : 5 Skip : 0 XFail : 0 diff --git a/upstream b/upstream index 7ca4680..42abb02 100644 --- a/upstream +++ b/upstream @@ -1 +1 @@ -0b1651cd9b47e79ead9be7e671732c5ea0d0a549/pyyaml-3.13.tar.gz +55fe0d0554cb5389131d15c43a2ca440567df434/pyyaml-5.1.2.tar.gz diff --git a/versions b/versions new file mode 100644 index 0000000..61fcc87 --- /dev/null +++ b/versions @@ -0,0 +1 @@ +5.1.2 diff --git a/whatrequires b/whatrequires index f01ea3a..2283979 100644 --- a/whatrequires +++ b/whatrequires @@ -27,6 +27,7 @@ openstacksdk os-api-ref oslo.config oslo.messaging +oslo.policy oslo.serialization oslo.vmware pyaml @@ -35,8 +36,10 @@ pykwalify python-coveralls python-dldt python-mistralclient +python-senlinclient pytorch pywbem +rospkg suricata tempest tpm2-tools