On Mon, Mar 30, 2020 at 10:42:20PM +0100, Stuart Henderson wrote:
> We are currently quite behind on 5.1.1 so there are a number of other things
> fixed in the meantime, but this includes a code execution fix. Nothing looks
> incompatible in changelog, I've tested runtime with beets, ansible, urlwatch
> and built a selection of the other ports depending on it. OK?
All tests pass for me on sparc64 (both FLAVORs).
ok kmos
--Kurt
> 5.3.1 (2020-03-18)
>
> * https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
>
> 5.3 (2020-01-06)
>
> * https://github.com/yaml/pyyaml/pull/290 -- Use `is` instead of equality for comparing with `None`
> * https://github.com/yaml/pyyaml/pull/270 -- fix typos and stylistic nit
> * https://github.com/yaml/pyyaml/pull/309 -- Fix up small typo
> * https://github.com/yaml/pyyaml/pull/161 -- Fix handling of __slots__
> * https://github.com/yaml/pyyaml/pull/358 -- Allow calling add_multi_constructor with None
> * https://github.com/yaml/pyyaml/pull/285 -- Add use of safe_load() function in README
> * https://github.com/yaml/pyyaml/pull/351 -- Fix reader for Unicode code points over 0xFFFF
> * https://github.com/yaml/pyyaml/pull/360 -- Enable certain unicode tests when maxunicode not > 0xffff
> * https://github.com/yaml/pyyaml/pull/359 -- Use full_load in yaml-highlight example
> * https://github.com/yaml/pyyaml/pull/244 -- Document that PyYAML is implemented with Cython
> * https://github.com/yaml/pyyaml/pull/329 -- Fix for Python 3.10
> * https://github.com/yaml/pyyaml/pull/310 -- increase size of index, line, and column fields
> * https://github.com/yaml/pyyaml/pull/260 -- remove some unused imports
> * https://github.com/yaml/pyyaml/pull/163 -- Create timezone-aware datetimes when parsed as such
> * https://github.com/yaml/pyyaml/pull/363 -- Add tests for timezone
>
> 5.2 (2019-12-02)
> ------------------
>
> * Repair incompatibilities introduced with 5.1. The default Loader was changed,
> but several methods like add_constructor still used the old default
> https://github.com/yaml/pyyaml/pull/279 -- A more flexible fix for custom tag constructors
> https://github.com/yaml/pyyaml/pull/287 -- Change default loader for yaml.add_constructor
> https://github.com/yaml/pyyaml/pull/305 -- Change default loader for add_implicit_resolver, add_path_resolver
> * Make FullLoader safer by removing python/object/apply from the default FullLoader
> https://github.com/yaml/pyyaml/pull/347 -- Move constructor for object/apply to UnsafeConstructor
> * Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff
> https://github.com/yaml/pyyaml/pull/276 -- Fix logic for quoting special characters
> * Other PRs:
> https://github.com/yaml/pyyaml/pull/280 -- Update CHANGES for 5.1
>
> 5.1.2 (2019-07-30)
> ------------------
>
> * Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+
>
>
>
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/textproc/py-yaml/Makefile,v
> retrieving revision 1.20
> diff -u -p -r1.20 Makefile
> --- Makefile 23 Jun 2019 16:28:30 -0000 1.20
> +++ Makefile 30 Mar 2020 21:26:23 -0000
> @@ -2,7 +2,7 @@
>
> COMMENT= YAML parser and emitter in Python
>
> -MODPY_EGG_VERSION=5.1.1
> +MODPY_EGG_VERSION=5.3.1
> DISTNAME= PyYAML-${MODPY_EGG_VERSION}
> PKGNAME= py-yaml-${MODPY_EGG_VERSION}
> CATEGORIES= textproc
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/textproc/py-yaml/distinfo,v
> retrieving revision 1.7
> diff -u -p -r1.7 distinfo
> --- distinfo 23 Jun 2019 16:28:30 -0000 1.7
> +++ distinfo 30 Mar 2020 21:26:23 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (PyYAML-5.1.1.tar.gz) = tLtNP14jJCXiXdohwHDOBRaKeGrJ7aQ3aKt/OsJ3CVU=
> -SIZE (PyYAML-5.1.1.tar.gz) = 274442
> +SHA256 (PyYAML-5.3.1.tar.gz) = uOrHUsXhTT7KDm3ZGZzWJ1GMtewGrdDenTK67ub+ZF0=
> +SIZE (PyYAML-5.3.1.tar.gz) = 269377
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/textproc/py-yaml/pkg/PLIST,v
> retrieving revision 1.2
> diff -u -p -r1.2 PLIST
> --- pkg/PLIST 9 Dec 2015 18:26:47 -0000 1.2
> +++ pkg/PLIST 30 Mar 2020 21:26:23 -0000
> @@ -1,6 +1,6 @@
> @comment $OpenBSD: PLIST,v 1.2 2015/12/09 18:26:47 jca Exp $
> lib/python${MODPY_VERSION}/site-packages/PyYAML-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info
> -lib/python${MODPY_VERSION}/site-packages/_yaml.so
> +@so lib/python${MODPY_VERSION}/site-packages/_yaml.so
> lib/python${MODPY_VERSION}/site-packages/yaml/
> lib/python${MODPY_VERSION}/site-packages/yaml/__init__.py
> ${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/yaml/${MODPY_PYCACHE}/
>
No comments:
Post a Comment