From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1081941-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id C8587138334
	for <garchives@archives.gentoo.org>; Sun,  7 Apr 2019 23:31:33 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C5F4CE0849;
	Sun,  7 Apr 2019 23:31:32 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 80EFAE0849
	for <gentoo-commits@lists.gentoo.org>; Sun,  7 Apr 2019 23:31:32 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 86810335D0A
	for <gentoo-commits@lists.gentoo.org>; Sun,  7 Apr 2019 23:31:29 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 76B7055C
	for <gentoo-commits@lists.gentoo.org>; Sun,  7 Apr 2019 23:31:27 +0000 (UTC)
From: "Virgil Dupras" <vdupras@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Virgil Dupras" <vdupras@gentoo.org>
Message-ID: <1554679874.79ba924d94cb0cf8559565178414c2a1d687b90c.vdupras@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-python/pyyaml/, dev-python/pyyaml/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: dev-python/pyyaml/Manifest dev-python/pyyaml/files/pyyaml-5.1-cve-2017-18342.patch dev-python/pyyaml/pyyaml-5.1.ebuild
X-VCS-Directories: dev-python/pyyaml/files/ dev-python/pyyaml/
X-VCS-Committer: vdupras
X-VCS-Committer-Name: Virgil Dupras
X-VCS-Revision: 79ba924d94cb0cf8559565178414c2a1d687b90c
X-VCS-Branch: master
Date: Sun,  7 Apr 2019 23:31:27 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: fad243dd-7b9b-491e-bfdb-4b7cf96d74b6
X-Archives-Hash: a06eecee8183b3231266771f8cadea30

commit:     79ba924d94cb0cf8559565178414c2a1d687b90c
Author:     Virgil Dupras <vdupras <AT> gentoo <DOT> org>
AuthorDate: Sun Apr  7 23:31:14 2019 +0000
Commit:     Virgil Dupras <vdupras <AT> gentoo <DOT> org>
CommitDate: Sun Apr  7 23:31:14 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79ba924d

dev-python/pyyaml: bump to 5.1

Bug: https://bugs.gentoo.org/659348
Signed-off-by: Virgil Dupras <vdupras <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11

 dev-python/pyyaml/Manifest                         |  1 +
 .../pyyaml/files/pyyaml-5.1-cve-2017-18342.patch   | 40 +++++++++++++++++++
 dev-python/pyyaml/pyyaml-5.1.ebuild                | 46 ++++++++++++++++++++++
 3 files changed, 87 insertions(+)

diff --git a/dev-python/pyyaml/Manifest b/dev-python/pyyaml/Manifest
index b3a40935b37..5a317e2d538 100644
--- a/dev-python/pyyaml/Manifest
+++ b/dev-python/pyyaml/Manifest
@@ -1,2 +1,3 @@
 DIST PyYAML-3.12.tar.gz 253011 BLAKE2B 530f2910acb757af9e2a738d93ace45daee3fc5764f19fbc758508e873f05ebfa2486c4f82800540e5e405e7f114f06f963e5011908fd15014ca8b8afb3a76aa SHA512 e16d8b7f4f026b6a95b11fb59c54ec5f114f6f516294eaa95e718abdf5d37c17a9c4b5e0a0a61fca04e801792d9b7fb801087cf849ff22b9581f6af204b1883a
 DIST PyYAML-3.13.tar.gz 270607 BLAKE2B f365f63587b911234497426c9796f98b85f5de052abd88ea434137a4eb8a4c1e08f9ee1982a30df1934dadb615145f4af8fcff577d3d4e52058e7a8843aa8604 SHA512 93642286d0317e2fe970632c36d38ce6030f7cabcf971f28e3a1054f07390fcee5baaf7f167e7c9690dbd7b2adc61f5b7d75a218ace0abca34ff8815486cfdd7
+DIST PyYAML-5.1.tar.gz 274244 BLAKE2B ea8cc4b56b9fc70bc7b01f8c654ceb8b73c82dcc936c939cba3c3654df04fe32fc46c7df322a38869d28ad5a58f6134b35cbe43924df3b4d5f3e54e33700dc73 SHA512 8f27f92bdfa310a99dd6d83947332cc033fa18f0011998bb585ad5c4340a2da20d8c20bfdb53beaae15651198d1240c986818379b0a05b230f74d1f30f53e7fd

diff --git a/dev-python/pyyaml/files/pyyaml-5.1-cve-2017-18342.patch b/dev-python/pyyaml/files/pyyaml-5.1-cve-2017-18342.patch
new file mode 100644
index 00000000000..28626ba9e97
--- /dev/null
+++ b/dev-python/pyyaml/files/pyyaml-5.1-cve-2017-18342.patch
@@ -0,0 +1,40 @@
+diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py
+index e7a419d..5f80761 100644
+--- a/lib/yaml/__init__.py
++++ b/lib/yaml/__init__.py
+@@ -106,6 +106,7 @@ def load(stream, Loader=None):
+     and produce the corresponding Python object.
+     """
+     if Loader is None:
++        raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348")
+         load_warning('load')
+         Loader = FullLoader
+ 
+@@ -121,6 +122,7 @@ def load_all(stream, Loader=None):
+     and produce corresponding Python objects.
+     """
+     if Loader is None:
++        raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348")
+         load_warning('load_all')
+         Loader = FullLoader
+ 
+diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py
+index 5df0bb5..6952ba5 100644
+--- a/lib3/yaml/__init__.py
++++ b/lib3/yaml/__init__.py
+@@ -106,6 +106,7 @@ def load(stream, Loader=None):
+     and produce the corresponding Python object.
+     """
+     if Loader is None:
++        raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348")
+         load_warning('load')
+         Loader = FullLoader
+ 
+@@ -121,6 +122,7 @@ def load_all(stream, Loader=None):
+     and produce corresponding Python objects.
+     """
+     if Loader is None:
++        raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348")
+         load_warning('load_all')
+         Loader = FullLoader
+ 

diff --git a/dev-python/pyyaml/pyyaml-5.1.ebuild b/dev-python/pyyaml/pyyaml-5.1.ebuild
new file mode 100644
index 00000000000..02cd65f425a
--- /dev/null
+++ b/dev-python/pyyaml/pyyaml-5.1.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python2_7 python3_{5,6,7} pypy pypy3 )
+
+inherit distutils-r1
+
+MY_P="PyYAML-${PV}"
+
+DESCRIPTION="YAML parser and emitter for Python"
+HOMEPAGE="https://pyyaml.org/wiki/PyYAML https://pypi.org/project/PyYAML/"
+SRC_URI="https://pyyaml.org/download/${PN}/${MY_P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
+IUSE="examples libyaml"
+
+RDEPEND="libyaml? ( dev-libs/libyaml )"
+DEPEND="${RDEPEND}
+	libyaml? ( $(python_gen_cond_dep 'dev-python/cython[${PYTHON_USEDEP}]' python2_7 'python3*') )"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=(
+	# bug #659348
+	"${FILESDIR}/${PN}-5.1-cve-2017-18342.patch"
+)
+
+python_configure_all() {
+	mydistutilsargs=( $(use_with libyaml) )
+}
+
+python_test() {
+	esetup.py test
+}
+
+python_install_all() {
+	distutils-r1_python_install_all
+	if use examples; then
+		dodoc -r examples
+		docompress -x /usr/share/doc/${PF}
+	fi
+}