From 5986257f9fc978d4a61b6e0001df554f80e565cb Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Wed, 5 Jun 2019 18:01:01 -0700 Subject: [PATCH 01/12] changes for 5.1.1 release --- CHANGES | 5 +++++ announcement.msg | 50 ++++++------------------------------------- lib/yaml/__init__.py | 2 +- lib3/yaml/__init__.py | 2 +- setup.py | 2 +- 5 files changed, 15 insertions(+), 46 deletions(-) diff --git a/CHANGES b/CHANGES index 91f0255bb..ce7ce4900 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ For a complete changelog, see: * https://github.com/yaml/pyyaml/commits/ * https://bitbucket.org/xi/pyyaml/commits/ +5.1.1 (2019-06-05) +------------------ + +* Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8 + 5.1 (2019-03-13) ---------------- diff --git a/announcement.msg b/announcement.msg index 99bf92422..d3fa69c67 100644 --- a/announcement.msg +++ b/announcement.msg @@ -1,58 +1,22 @@ From: Ingy döt Net To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net -Subject: [ANN] PyYAML-5.1: YAML parser and emitter for Python +Subject: [ANN] PyYAML-5.1.1: YAML parser and emitter for Python ======================= - Announcing PyYAML-5.1 +Announcing PyYAML-5.1.1 ======================= -A new MAJOR RELEASE of PyYAML is now available: +A new minor release of PyYAML is now available: https://pypi.org/project/PyYAML/ -This is the first major release of PyYAML under the new maintenance team. - -Among the many changes listed below, this release specifically addresses the -arbitrary code execution issue raised by: - - https://nvd.nist.gov/vuln/detail/CVE-2017-18342 - -(See https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation -for complete details). - -The PyYAML project is now maintained by the YAML and Python communities. -Planning happens on the #yaml-dev, #pyyaml and #libyaml IRC channels on -irc.freenode.net. - +This is a maintenance re-release of PyYAML 5.1 with re-generated Cython +bindings to allow the extension to build properly for Python 3.8. No code +changes were made in the PyYAML sources. Changes ======= -* https://github.com/yaml/pyyaml/pull/35 -- Some modernization of the test running -* https://github.com/yaml/pyyaml/pull/42 -- Install tox in a virtualenv -* https://github.com/yaml/pyyaml/pull/45 -- Allow colon in a plain scalar in a flow context -* https://github.com/yaml/pyyaml/pull/48 -- Fix typos -* https://github.com/yaml/pyyaml/pull/55 -- Improve RepresenterError creation -* https://github.com/yaml/pyyaml/pull/59 -- Resolves #57, update readme issues link -* https://github.com/yaml/pyyaml/pull/60 -- Document and test Python 3.6 support -* https://github.com/yaml/pyyaml/pull/61 -- Use Travis CI built in pip cache support -* https://github.com/yaml/pyyaml/pull/62 -- Remove tox workaround for Travis CI -* https://github.com/yaml/pyyaml/pull/63 -- Adding support to Unicode characters over codepoint 0xffff -* https://github.com/yaml/pyyaml/pull/65 -- Support unicode literals over codepoint 0xffff -* https://github.com/yaml/pyyaml/pull/75 -- add 3.12 changelog -* https://github.com/yaml/pyyaml/pull/76 -- Fallback to Pure Python if Compilation fails -* https://github.com/yaml/pyyaml/pull/84 -- Drop unsupported Python 3.3 -* https://github.com/yaml/pyyaml/pull/102 -- Include license file in the generated wheel package -* https://github.com/yaml/pyyaml/pull/105 -- Removed Python 2.6 & 3.3 support -* https://github.com/yaml/pyyaml/pull/111 -- Remove commented out Psyco code -* https://github.com/yaml/pyyaml/pull/129 -- Remove call to `ord` in lib3 emitter code -* https://github.com/yaml/pyyaml/pull/143 -- Allow to turn off sorting keys in Dumper -* https://github.com/yaml/pyyaml/pull/149 -- Test on Python 3.7-dev -* https://github.com/yaml/pyyaml/pull/158 -- Support escaped slash in double quotes "\/" -* https://github.com/yaml/pyyaml/pull/181 -- Import Hashable from collections.abc -* https://github.com/yaml/pyyaml/pull/256 -- Make default_flow_style=False -* https://github.com/yaml/pyyaml/pull/257 -- Deprecate yaml.load and add FullLoader and UnsafeLoader classes -* https://github.com/yaml/pyyaml/pull/263 -- Windows Appveyor build - +* None Resources ========= diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py index e7a419dd2..0688b7d9b 100644 --- a/lib/yaml/__init__.py +++ b/lib/yaml/__init__.py @@ -8,7 +8,7 @@ from loader import * from dumper import * -__version__ = '5.1' +__version__ = '5.1.1' try: from cyaml import * diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py index 5df0bb5fd..8686c63e6 100644 --- a/lib3/yaml/__init__.py +++ b/lib3/yaml/__init__.py @@ -8,7 +8,7 @@ from .loader import * from .dumper import * -__version__ = '5.1' +__version__ = '5.1.1' try: from .cyaml import * __with_libyaml__ = True diff --git a/setup.py b/setup.py index e21ce9f73..81f01e471 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ NAME = 'PyYAML' -VERSION = '5.1' +VERSION = '5.1.1' DESCRIPTION = "YAML parser and emitter for Python" LONG_DESCRIPTION = """\ YAML is a data serialization format designed for human readability From 0f64cbfa54b0b22dc7b776b7b98a7cd657e84d78 Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Tue, 30 Jul 2019 17:40:33 -0700 Subject: [PATCH 02/12] changes for 5.1.2 release --- .appveyor.yml | 6 +++--- .travis.yml | 9 +++++---- CHANGES | 7 ++++++- announcement.msg | 6 +++--- lib/yaml/__init__.py | 2 +- lib3/yaml/__init__.py | 2 +- packaging/build/appveyor.ps1 | 15 ++++++++------- setup.py | 3 ++- 8 files changed, 29 insertions(+), 21 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index bdad5f319..46bbd7f0a 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -4,9 +4,9 @@ version: '{build}' image: - Visual Studio 2015 -#cache: -#- 'C:\Python38\' -#- 'C:\Python38-x64' +cache: +- 'C:\Python38\' +- 'C:\Python38-x64' environment: libyaml_repo_url: https://github.com/yaml/libyaml.git diff --git a/.travis.yml b/.travis.yml index 3dfe3ad9c..ecce0331b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,11 +16,12 @@ matrix: env: TOXENV=py35 - python: 3.6 env: TOXENV=py36 - - python: 3.7-dev + - python: 3.7 env: TOXENV=py37 - # This is broken on travis as of 2019/03/12 - # - python: pypy - # env: TOXENV=pypy + - python: 3.8-dev + env: TOXENV=py38 + - python: pypy + env: TOXENV=pypy # build libyaml before_script: diff --git a/CHANGES b/CHANGES index ce7ce4900..e2eed15ee 100644 --- a/CHANGES +++ b/CHANGES @@ -4,10 +4,15 @@ For a complete changelog, see: * https://github.com/yaml/pyyaml/commits/ * https://bitbucket.org/xi/pyyaml/commits/ +5.1.2 (2019-07-30) +------------------ + +* Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+ + 5.1.1 (2019-06-05) ------------------ -* Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8 +* Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b1 5.1 (2019-03-13) ---------------- diff --git a/announcement.msg b/announcement.msg index d3fa69c67..4cf3944fe 100644 --- a/announcement.msg +++ b/announcement.msg @@ -1,16 +1,16 @@ From: Ingy döt Net To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net -Subject: [ANN] PyYAML-5.1.1: YAML parser and emitter for Python +Subject: [ANN] PyYAML-5.1.2: YAML parser and emitter for Python ======================= -Announcing PyYAML-5.1.1 +Announcing PyYAML-5.1.2 ======================= A new minor release of PyYAML is now available: https://pypi.org/project/PyYAML/ This is a maintenance re-release of PyYAML 5.1 with re-generated Cython -bindings to allow the extension to build properly for Python 3.8. No code +bindings to allow the extension to build properly for Python 3.8b2+. No code changes were made in the PyYAML sources. Changes diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py index 0688b7d9b..5d56d6556 100644 --- a/lib/yaml/__init__.py +++ b/lib/yaml/__init__.py @@ -8,7 +8,7 @@ from loader import * from dumper import * -__version__ = '5.1.1' +__version__ = '5.1.2' try: from cyaml import * diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py index 8686c63e6..3f499d366 100644 --- a/lib3/yaml/__init__.py +++ b/lib3/yaml/__init__.py @@ -8,7 +8,7 @@ from .loader import * from .dumper import * -__version__ = '5.1.1' +__version__ = '5.1.2' try: from .cyaml import * __with_libyaml__ = True diff --git a/packaging/build/appveyor.ps1 b/packaging/build/appveyor.ps1 index a9e6ad289..fc75b53de 100644 --- a/packaging/build/appveyor.ps1 +++ b/packaging/build/appveyor.ps1 @@ -6,15 +6,14 @@ # Update-AppveyorBuild -Version $dynamic_version Function Bootstrap() { - # uncomment when we want to start testing on Python 3.8 # ensure py38 is present (current Appveyor VS2015 image doesn't include it) - #If(-not $(Test-Path C:\Python38)) { - # choco.exe install python3 --version=3.8.0-a2 --forcex86 --force #--install-arguments="TargetDir=C:\Python38 PrependPath=0" --no-progress - #} + If(-not $(Test-Path C:\Python38)) { + choco.exe install python3 --version=3.8.0-b3 --forcex86 --force --params="/InstallDir:C:\Python38" --no-progress + } - #If(-not $(Test-Path C:\Python38-x64)) { - # choco.exe install python3 --version=3.8.0-a2 --force #--install-arguments="TargetDir=C:\Python38-x64 PrependPath=0" --no-progress - #} + If(-not $(Test-Path C:\Python38-x64)) { + choco.exe install python3 --version=3.8.0-b3 --force --params="/InstallDir:C:\Python38-x64" --no-progress + } Write-Output "patching Windows SDK bits for distutils" @@ -123,6 +122,8 @@ $pythons = @( "C:\Python36-x64" "C:\Python37" "C:\Python37-x64" +"C:\Python38" +"C:\Python38-x64" ) #$pythons = @("C:\$($env:PYTHON_VER)") diff --git a/setup.py b/setup.py index 81f01e471..5cb0b6d25 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ NAME = 'PyYAML' -VERSION = '5.1.1' +VERSION = '5.1.2' DESCRIPTION = "YAML parser and emitter for Python" LONG_DESCRIPTION = """\ YAML is a data serialization format designed for human readability @@ -33,6 +33,7 @@ "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Software Development :: Libraries :: Python Modules", From 31f2279252e9d1a3093b738570c26f44a829f0a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tina=20M=C3=BCller=20=28tinita=29?= Date: Sun, 31 Mar 2019 16:14:50 +0200 Subject: [PATCH 03/12] Fix logic for quoting special characters (#276) * Fix logic for quoting special characters * Remove has_ucs4 from condition on systems with `sys.maxunicode <= 0xffff` the comparison (u'\U00010000' <= ch < u'\U0010ffff') can't be true anyway I think --- lib/yaml/emitter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/yaml/emitter.py b/lib/yaml/emitter.py index 9561a8274..23c25ca80 100644 --- a/lib/yaml/emitter.py +++ b/lib/yaml/emitter.py @@ -706,7 +706,7 @@ def analyze_scalar(self, scalar): if not (ch == u'\n' or u'\x20' <= ch <= u'\x7E'): if (ch == u'\x85' or u'\xA0' <= ch <= u'\uD7FF' or u'\uE000' <= ch <= u'\uFFFD' - or ((not has_ucs4) or (u'\U00010000' <= ch < u'\U0010ffff'))) and ch != u'\uFEFF': + or (u'\U00010000' <= ch < u'\U0010ffff')) and ch != u'\uFEFF': unicode_characters = True if not self.allow_unicode: special_characters = True From 8a7d0ed1628dc3b21e391b6cabd002dcadd2eee7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tina=20M=C3=BCller=20=28tinita=29?= Date: Sun, 31 Mar 2019 16:16:27 +0200 Subject: [PATCH 04/12] Update CHANGES for 5.1 (#280) * Update CHANGES Some PRs were forgotten, and some were listed that weren't merged. --- CHANGES | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index e2eed15ee..29abdf976 100644 --- a/CHANGES +++ b/CHANGES @@ -27,7 +27,6 @@ For a complete changelog, see: * https://github.com/yaml/pyyaml/pull/61 -- Use Travis CI built in pip cache support * https://github.com/yaml/pyyaml/pull/62 -- Remove tox workaround for Travis CI * https://github.com/yaml/pyyaml/pull/63 -- Adding support to Unicode characters over codepoint 0xffff -* https://github.com/yaml/pyyaml/pull/65 -- Support unicode literals over codepoint 0xffff * https://github.com/yaml/pyyaml/pull/75 -- add 3.12 changelog * https://github.com/yaml/pyyaml/pull/76 -- Fallback to Pure Python if Compilation fails * https://github.com/yaml/pyyaml/pull/84 -- Drop unsupported Python 3.3 @@ -35,12 +34,17 @@ For a complete changelog, see: * https://github.com/yaml/pyyaml/pull/105 -- Removed Python 2.6 & 3.3 support * https://github.com/yaml/pyyaml/pull/111 -- Remove commented out Psyco code * https://github.com/yaml/pyyaml/pull/129 -- Remove call to `ord` in lib3 emitter code -* https://github.com/yaml/pyyaml/pull/143 -- Allow to turn off sorting keys in Dumper * https://github.com/yaml/pyyaml/pull/149 -- Test on Python 3.7-dev * https://github.com/yaml/pyyaml/pull/158 -- Support escaped slash in double quotes "\/" +* https://github.com/yaml/pyyaml/pull/175 -- Updated link to pypi in release announcement * https://github.com/yaml/pyyaml/pull/181 -- Import Hashable from collections.abc +* https://github.com/yaml/pyyaml/pull/194 -- Reverting https://github.com/yaml/pyyaml/pull/74 +* https://github.com/yaml/pyyaml/pull/195 -- Build libyaml on travis +* https://github.com/yaml/pyyaml/pull/196 -- Force cython when building sdist +* https://github.com/yaml/pyyaml/pull/254 -- Allow to turn off sorting keys in Dumper (2) * https://github.com/yaml/pyyaml/pull/256 -- Make default_flow_style=False * https://github.com/yaml/pyyaml/pull/257 -- Deprecate yaml.load and add FullLoader and UnsafeLoader classes +* https://github.com/yaml/pyyaml/pull/261 -- Skip certain unicode tests when maxunicode not > 0xffff * https://github.com/yaml/pyyaml/pull/263 -- Windows Appveyor build 3.13 (2018-07-05) From 8d7a78003ae59752cb33e65d54cbc7b37f1fa359 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tina=20M=C3=BCller=20=28tinita=29?= Date: Sun, 31 Mar 2019 16:17:49 +0200 Subject: [PATCH 05/12] Change default loader for yaml.add_constructor (#287) * Change default loader for yaml.add_constructor If the Loader parameter is not given, add constructor to all three loaders --- lib/yaml/__init__.py | 18 ++++++++++++++---- lib3/yaml/__init__.py | 18 ++++++++++++++---- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py index 5d56d6556..a9db6a327 100644 --- a/lib/yaml/__init__.py +++ b/lib/yaml/__init__.py @@ -329,22 +329,32 @@ def add_path_resolver(tag, path, kind=None, Loader=Loader, Dumper=Dumper): Loader.add_path_resolver(tag, path, kind) Dumper.add_path_resolver(tag, path, kind) -def add_constructor(tag, constructor, Loader=Loader): +def add_constructor(tag, constructor, Loader=None): """ Add a constructor for the given tag. Constructor is a function that accepts a Loader instance and a node object and produces the corresponding Python object. """ - Loader.add_constructor(tag, constructor) + if Loader == None: + loader.Loader.add_constructor(tag, constructor) + loader.FullLoader.add_constructor(tag, constructor) + loader.UnsafeLoader.add_constructor(tag, constructor) + else: + Loader.add_constructor(tag, constructor) -def add_multi_constructor(tag_prefix, multi_constructor, Loader=Loader): +def add_multi_constructor(tag_prefix, multi_constructor, Loader=None): """ Add a multi-constructor for the given tag prefix. Multi-constructor is called for a node if its tag starts with tag_prefix. Multi-constructor accepts a Loader instance, a tag suffix, and a node object and produces the corresponding Python object. """ - Loader.add_multi_constructor(tag_prefix, multi_constructor) + if Loader == None: + loader.Loader.add_multi_constructor(tag_prefix, multi_constructor) + loader.FullLoader.add_multi_constructor(tag_prefix, multi_constructor) + loader.UnsafeLoader.add_multi_constructor(tag_prefix, multi_constructor) + else: + Loader.add_multi_constructor(tag_prefix, multi_constructor) def add_representer(data_type, representer, Dumper=Dumper): """ diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py index 3f499d366..ac0b70284 100644 --- a/lib3/yaml/__init__.py +++ b/lib3/yaml/__init__.py @@ -326,22 +326,32 @@ def add_path_resolver(tag, path, kind=None, Loader=Loader, Dumper=Dumper): Loader.add_path_resolver(tag, path, kind) Dumper.add_path_resolver(tag, path, kind) -def add_constructor(tag, constructor, Loader=Loader): +def add_constructor(tag, constructor, Loader=None): """ Add a constructor for the given tag. Constructor is a function that accepts a Loader instance and a node object and produces the corresponding Python object. """ - Loader.add_constructor(tag, constructor) + if Loader == None: + loader.Loader.add_constructor(tag, constructor) + loader.FullLoader.add_constructor(tag, constructor) + loader.UnsafeLoader.add_constructor(tag, constructor) + else: + Loader.add_constructor(tag, constructor) -def add_multi_constructor(tag_prefix, multi_constructor, Loader=Loader): +def add_multi_constructor(tag_prefix, multi_constructor, Loader=None): """ Add a multi-constructor for the given tag prefix. Multi-constructor is called for a node if its tag starts with tag_prefix. Multi-constructor accepts a Loader instance, a tag suffix, and a node object and produces the corresponding Python object. """ - Loader.add_multi_constructor(tag_prefix, multi_constructor) + if Loader == None: + loader.Loader.add_multi_constructor(tag_prefix, multi_constructor) + loader.FullLoader.add_multi_constructor(tag_prefix, multi_constructor) + loader.UnsafeLoader.add_multi_constructor(tag_prefix, multi_constructor) + else: + Loader.add_multi_constructor(tag_prefix, multi_constructor) def add_representer(data_type, representer, Dumper=Dumper): """ From a5394c04a2ef67ee218b49d7d8319f9ed8bcbbe5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingy=20d=C3=B6t=20Net?= Date: Tue, 19 Mar 2019 10:34:39 -0700 Subject: [PATCH 06/12] Add custom constructors to multiple loaders When someone writes a subclass of the YAMLObject class, the constructors will now be added to all 3 (non-safe) loaders. Furthermore, we support the class variable `yaml_loader` being a list, offering more control of which loaders are affected. To support safe_load in your custom class you could add this: yaml_loader = yaml.SafeLoader yaml_loader = yaml.YAMLObject.yaml_loader yaml_loader.append(yaml.SafeLoader) --- lib/yaml/__init__.py | 9 +++++++-- lib3/yaml/__init__.py | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py index a9db6a327..b6d3e74f2 100644 --- a/lib/yaml/__init__.py +++ b/lib/yaml/__init__.py @@ -381,7 +381,12 @@ class YAMLObjectMetaclass(type): def __init__(cls, name, bases, kwds): super(YAMLObjectMetaclass, cls).__init__(name, bases, kwds) if 'yaml_tag' in kwds and kwds['yaml_tag'] is not None: - cls.yaml_loader.add_constructor(cls.yaml_tag, cls.from_yaml) + if isinstance(cls.yaml_loader, list): + for loader in cls.yaml_loader: + loader.add_constructor(cls.yaml_tag, cls.from_yaml) + else: + cls.yaml_loader.add_constructor(cls.yaml_tag, cls.from_yaml) + cls.yaml_dumper.add_representer(cls, cls.to_yaml) class YAMLObject(object): @@ -393,7 +398,7 @@ class YAMLObject(object): __metaclass__ = YAMLObjectMetaclass __slots__ = () # no direct instantiation, so allow immutable subclasses - yaml_loader = Loader + yaml_loader = [Loader, FullLoader, UnsafeLoader] yaml_dumper = Dumper yaml_tag = None diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py index ac0b70284..ef200b7b8 100644 --- a/lib3/yaml/__init__.py +++ b/lib3/yaml/__init__.py @@ -378,7 +378,12 @@ class YAMLObjectMetaclass(type): def __init__(cls, name, bases, kwds): super(YAMLObjectMetaclass, cls).__init__(name, bases, kwds) if 'yaml_tag' in kwds and kwds['yaml_tag'] is not None: - cls.yaml_loader.add_constructor(cls.yaml_tag, cls.from_yaml) + if isinstance(cls.yaml_loader, list): + for loader in cls.yaml_loader: + loader.add_constructor(cls.yaml_tag, cls.from_yaml) + else: + cls.yaml_loader.add_constructor(cls.yaml_tag, cls.from_yaml) + cls.yaml_dumper.add_representer(cls, cls.to_yaml) class YAMLObject(metaclass=YAMLObjectMetaclass): @@ -389,7 +394,7 @@ class YAMLObject(metaclass=YAMLObjectMetaclass): __slots__ = () # no direct instantiation, so allow immutable subclasses - yaml_loader = Loader + yaml_loader = [Loader, FullLoader, UnsafeLoader] yaml_dumper = Dumper yaml_tag = None From 4a31b16b04c08f926f01d3f297140634665f004a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tina=20M=C3=BCller?= Date: Tue, 11 Jun 2019 22:53:40 +0200 Subject: [PATCH 07/12] Change default loader for add_implicit_resolver, add_path_resolver If the Loader parameter is not given, add constructor to all three loaders --- lib/yaml/__init__.py | 18 ++++++++++++++---- lib3/yaml/__init__.py | 18 ++++++++++++++---- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py index b6d3e74f2..09f82cd1d 100644 --- a/lib/yaml/__init__.py +++ b/lib/yaml/__init__.py @@ -309,24 +309,34 @@ def safe_dump(data, stream=None, **kwds): return dump_all([data], stream, Dumper=SafeDumper, **kwds) def add_implicit_resolver(tag, regexp, first=None, - Loader=Loader, Dumper=Dumper): + Loader=None, Dumper=Dumper): """ Add an implicit scalar detector. If an implicit scalar value matches the given regexp, the corresponding tag is assigned to the scalar. first is a sequence of possible initial characters or None. """ - Loader.add_implicit_resolver(tag, regexp, first) + if Loader is None: + loader.Loader.add_implicit_resolver(tag, regexp, first) + loader.FullLoader.add_implicit_resolver(tag, regexp, first) + loader.UnsafeLoader.add_implicit_resolver(tag, regexp, first) + else: + Loader.add_implicit_resolver(tag, regexp, first) Dumper.add_implicit_resolver(tag, regexp, first) -def add_path_resolver(tag, path, kind=None, Loader=Loader, Dumper=Dumper): +def add_path_resolver(tag, path, kind=None, Loader=None, Dumper=Dumper): """ Add a path based resolver for the given tag. A path is a list of keys that forms a path to a node in the representation tree. Keys can be string values, integers, or None. """ - Loader.add_path_resolver(tag, path, kind) + if Loader is None: + loader.Loader.add_path_resolver(tag, path, kind) + loader.FullLoader.add_path_resolver(tag, path, kind) + loader.UnsafeLoader.add_path_resolver(tag, path, kind) + else: + Loader.add_path_resolver(tag, path, kind) Dumper.add_path_resolver(tag, path, kind) def add_constructor(tag, constructor, Loader=None): diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py index ef200b7b8..a31f279fb 100644 --- a/lib3/yaml/__init__.py +++ b/lib3/yaml/__init__.py @@ -306,24 +306,34 @@ def safe_dump(data, stream=None, **kwds): return dump_all([data], stream, Dumper=SafeDumper, **kwds) def add_implicit_resolver(tag, regexp, first=None, - Loader=Loader, Dumper=Dumper): + Loader=None, Dumper=Dumper): """ Add an implicit scalar detector. If an implicit scalar value matches the given regexp, the corresponding tag is assigned to the scalar. first is a sequence of possible initial characters or None. """ - Loader.add_implicit_resolver(tag, regexp, first) + if Loader is None: + loader.Loader.add_implicit_resolver(tag, regexp, first) + loader.FullLoader.add_implicit_resolver(tag, regexp, first) + loader.UnsafeLoader.add_implicit_resolver(tag, regexp, first) + else: + Loader.add_implicit_resolver(tag, regexp, first) Dumper.add_implicit_resolver(tag, regexp, first) -def add_path_resolver(tag, path, kind=None, Loader=Loader, Dumper=Dumper): +def add_path_resolver(tag, path, kind=None, Loader=None, Dumper=Dumper): """ Add a path based resolver for the given tag. A path is a list of keys that forms a path to a node in the representation tree. Keys can be string values, integers, or None. """ - Loader.add_path_resolver(tag, path, kind) + if Loader is None: + loader.Loader.add_path_resolver(tag, path, kind) + loader.FullLoader.add_path_resolver(tag, path, kind) + loader.UnsafeLoader.add_path_resolver(tag, path, kind) + else: + Loader.add_path_resolver(tag, path, kind) Dumper.add_path_resolver(tag, path, kind) def add_constructor(tag, constructor, Loader=None): From 8c5e47fe62d7b9e0282a176a4b79b8b2980dc704 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tina=20M=C3=BCller?= Date: Mon, 18 Nov 2019 15:55:27 +0100 Subject: [PATCH 08/12] Move constructor for object/apply to Unsafe --- lib/yaml/constructor.py | 8 ++++---- lib3/yaml/constructor.py | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/yaml/constructor.py b/lib/yaml/constructor.py index 516dad1ce..859c9494a 100644 --- a/lib/yaml/constructor.py +++ b/lib/yaml/constructor.py @@ -683,10 +683,6 @@ def construct_python_object_new(self, suffix, node): u'tag:yaml.org,2002:python/object:', FullConstructor.construct_python_object) -FullConstructor.add_multi_constructor( - u'tag:yaml.org,2002:python/object/apply:', - FullConstructor.construct_python_object_apply) - FullConstructor.add_multi_constructor( u'tag:yaml.org,2002:python/object/new:', FullConstructor.construct_python_object_new) @@ -703,6 +699,10 @@ def make_python_instance(self, suffix, node, args=None, kwds=None, newobj=False) return super(UnsafeConstructor, self).make_python_instance( suffix, node, args, kwds, newobj, unsafe=True) +UnsafeConstructor.add_multi_constructor( + u'tag:yaml.org,2002:python/object/apply:', + UnsafeConstructor.construct_python_object_apply) + # Constructor is same as UnsafeConstructor. Need to leave this in place in case # people have extended it directly. class Constructor(UnsafeConstructor): diff --git a/lib3/yaml/constructor.py b/lib3/yaml/constructor.py index 34fc1ae92..fb4f1e9fd 100644 --- a/lib3/yaml/constructor.py +++ b/lib3/yaml/constructor.py @@ -694,10 +694,6 @@ def construct_python_object_new(self, suffix, node): 'tag:yaml.org,2002:python/object:', FullConstructor.construct_python_object) -FullConstructor.add_multi_constructor( - 'tag:yaml.org,2002:python/object/apply:', - FullConstructor.construct_python_object_apply) - FullConstructor.add_multi_constructor( 'tag:yaml.org,2002:python/object/new:', FullConstructor.construct_python_object_new) @@ -714,6 +710,10 @@ def make_python_instance(self, suffix, node, args=None, kwds=None, newobj=False) return super(UnsafeConstructor, self).make_python_instance( suffix, node, args, kwds, newobj, unsafe=True) +UnsafeConstructor.add_multi_constructor( + 'tag:yaml.org,2002:python/object/apply:', + UnsafeConstructor.construct_python_object_apply) + # Constructor is same as UnsafeConstructor. Need to leave this in place in case # people have extended it directly. class Constructor(UnsafeConstructor): From 3f3c373f5027ae2a0d305fc63eb453daaf952413 Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Thu, 21 Nov 2019 14:43:45 -0800 Subject: [PATCH 09/12] bump version to 5.2b1 --- lib/yaml/__init__.py | 2 +- lib3/yaml/__init__.py | 2 +- setup.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py index 09f82cd1d..85db1db40 100644 --- a/lib/yaml/__init__.py +++ b/lib/yaml/__init__.py @@ -8,7 +8,7 @@ from loader import * from dumper import * -__version__ = '5.1.2' +__version__ = '5.2b1' try: from cyaml import * diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py index a31f279fb..6116109e0 100644 --- a/lib3/yaml/__init__.py +++ b/lib3/yaml/__init__.py @@ -8,7 +8,7 @@ from .loader import * from .dumper import * -__version__ = '5.1.2' +__version__ = '5.2b1' try: from .cyaml import * __with_libyaml__ = True diff --git a/setup.py b/setup.py index 5cb0b6d25..8a3e21570 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ NAME = 'PyYAML' -VERSION = '5.1.2' +VERSION = '5.2b1' DESCRIPTION = "YAML parser and emitter for Python" LONG_DESCRIPTION = """\ YAML is a data serialization format designed for human readability From f813bc00f5d0f6f42984edd89ca11f4b5245d5e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tina=20M=C3=BCller?= Date: Thu, 21 Nov 2019 14:41:06 +0100 Subject: [PATCH 10/12] Changes for 5.2b1 --- CHANGES | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index 29abdf976..14069a1d1 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,21 @@ For a complete changelog, see: * https://github.com/yaml/pyyaml/commits/ * https://bitbucket.org/xi/pyyaml/commits/ +5.2b1 (2019-11-26) +------------------ + +* Repair incompatibilities introduced with 5.1. The default Loader was changed, + but several methods like add_constructor still used the old default + https://github.com/yaml/pyyaml/pull/279 -- A more flexible fix for custom tag constructors + https://github.com/yaml/pyyaml/pull/287 -- Change default loader for yaml.add_constructor + https://github.com/yaml/pyyaml/pull/305 -- Change default loader for add_implicit_resolver, add_path_resolver +* Make FullLoader safer by removing python/object/apply from the default FullLoader + https://github.com/yaml/pyyaml/pull/347 -- Move constructor for object/apply to UnsafeConstructor +* Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff + https://github.com/yaml/pyyaml/pull/276 -- Fix logic for quoting special characters +* Other PRs: + https://github.com/yaml/pyyaml/pull/280 -- Update CHANGES for 5.1 + 5.1.2 (2019-07-30) ------------------ From f4fd3fbf874db649112f7f02add8eb42ef183741 Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Tue, 26 Nov 2019 14:01:02 -0800 Subject: [PATCH 11/12] Windows build tweaks * centralized error handling on native commands * ensure that errors from native commands will fail build * use image-included Python 3.8 * drop Python 3.4 wheel builds --- .appveyor.yml | 8 +++--- packaging/build/appveyor.ps1 | 49 +++++++++++++++++++----------------- 2 files changed, 29 insertions(+), 28 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 46bbd7f0a..a24842ee6 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -4,9 +4,9 @@ version: '{build}' image: - Visual Studio 2015 -cache: -- 'C:\Python38\' -- 'C:\Python38-x64' +#cache: +#- 'C:\Python38\' +#- 'C:\Python38-x64' environment: libyaml_repo_url: https://github.com/yaml/libyaml.git @@ -14,8 +14,6 @@ environment: # matrix: # - PYTHON_VER: Python27 # - PYTHON_VER: Python27-x64 -# - PYTHON_VER: Python34 -# - PYTHON_VER: Python34-x64 # - PYTHON_VER: Python35 # - PYTHON_VER: Python35-x64 # - PYTHON_VER: Python36 diff --git a/packaging/build/appveyor.ps1 b/packaging/build/appveyor.ps1 index fc75b53de..a60d0bbb2 100644 --- a/packaging/build/appveyor.ps1 +++ b/packaging/build/appveyor.ps1 @@ -5,16 +5,25 @@ # TODO: get version number from setup.py and/or lib(3)/__version__ # Update-AppveyorBuild -Version $dynamic_version -Function Bootstrap() { - # ensure py38 is present (current Appveyor VS2015 image doesn't include it) - If(-not $(Test-Path C:\Python38)) { - choco.exe install python3 --version=3.8.0-b3 --forcex86 --force --params="/InstallDir:C:\Python38" --no-progress +Function Invoke-Exe([scriptblock]$sb) { + & $sb + $exitcode = $LASTEXITCODE + If($exitcode -ne 0) { + throw "exe failed with nonzero exit code $exitcode" } +} - If(-not $(Test-Path C:\Python38-x64)) { - choco.exe install python3 --version=3.8.0-b3 --force --params="/InstallDir:C:\Python38-x64" --no-progress +Function Bootstrap() { +<# + # ensure python 3.9 prerelease is present (current Appveyor VS2015 image doesn't include it) + If(-not $(Test-Path C:\Python39)) { + Invoke-Exe { choco.exe install python3 --version=3.9.0-a1 --forcex86 --force --params="/InstallDir:C:\Python39" --no-progress } } + If(-not $(Test-Path C:\Python39-x64)) { + Invoke-Exe { choco.exe install python3 --version=3.9.0-a1 --force --params="/InstallDir:C:\Python39-x64" --no-progress } + } +#> Write-Output "patching Windows SDK bits for distutils" # patch 7.0/7.1 vcvars SDK bits up to work with distutils query @@ -22,11 +31,7 @@ Function Bootstrap() { Set-Content -Path 'C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\bin\amd64\vcvars64.bat' '@CALL "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd" /Release /x64' # patch VS9 x64 CMake config for VS Express, hide `reg.exe` stderr noise - $noise = reg.exe import packaging\build\FixVS9CMake.reg 2>&1 - - If($LASTEXITCODE -ne 0) { - throw "reg failed with error code $LASTEXITCODE" - } + Invoke-Exe { $noise = reg.exe import packaging\build\FixVS9CMake.reg 2>&1 } Copy-Item -Path "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcpackages\AMD64.VCPlatform.config" -Destination "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcpackages\AMD64.VCPlatform.Express.config" -Force Copy-Item -Path "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcpackages\Itanium.VCPlatform.config" -Destination "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcpackages\Itanium.VCPlatform.Express.config" -Force @@ -40,7 +45,7 @@ Function Bootstrap() { Write-Output "cloning libyaml from $libyaml_repo_url / $libyaml_refspec" If(-not $(Test-Path .\libyaml)) { - git clone -b $libyaml_refspec $libyaml_repo_url 2>&1 + Invoke-Exe { git clone -b $libyaml_refspec $libyaml_repo_url 2>&1 } } } @@ -52,7 +57,7 @@ Function Build-Wheel($python_path) { Write-Output "building pyyaml wheel for $python_path" # query distutils for the VC version used to build this Python; translate to a VS version to choose the right generator - $python_vs_buildver = & $python -c "from distutils.version import LooseVersion; from distutils.msvc9compiler import get_build_version; print(LooseVersion(str(get_build_version())).version[0])" + $python_vs_buildver = Invoke-Exe { & $python -c "from distutils.version import LooseVersion; from distutils.msvc9compiler import get_build_version; print(LooseVersion(str(get_build_version())).version[0])" } $python_cmake_generator = switch($python_vs_buildver) { "9" { "Visual Studio 9 2008" } @@ -62,7 +67,7 @@ Function Build-Wheel($python_path) { } # query arch this python was built for - $python_arch = & $python -c "from distutils.util import get_platform; print(str(get_platform()))" + $python_arch = Invoke-Exe { & $python -c "from distutils.util import get_platform; print(str(get_platform()))" } if($python_arch -eq 'win-amd64') { $python_cmake_generator += " Win64" @@ -70,7 +75,7 @@ Function Build-Wheel($python_path) { } # snarf VS vars (paths, etc) for the matching VS version and arch that built this Python - $raw_vars_out = & cmd.exe /c "`"C:\Program Files (x86)\Microsoft Visual Studio $($python_vs_buildver).0\VC\vcvarsall.bat`" $vcvars_arch & set" + $raw_vars_out = Invoke-Exe { cmd.exe /c "`"C:\Program Files (x86)\Microsoft Visual Studio $($python_vs_buildver).0\VC\vcvarsall.bat`" $vcvars_arch & set" } foreach($kv in $raw_vars_out) { If($kv -match "=") { $kv = $kv.Split("=", 2) @@ -82,23 +87,23 @@ Function Build-Wheel($python_path) { } # ensure pip is current (some appveyor pips are not) - & $python -W "ignore:DEPRECATION" -m pip install --upgrade pip + Invoke-Exe { & $python -W "ignore:DEPRECATION" -m pip install --upgrade pip } # ensure required-for-build packages are present and up-to-date - & $python -W "ignore:DEPRECATION" -m pip install --upgrade cython wheel setuptools --no-warn-script-location + Invoke-Exe { & $python -W "ignore:DEPRECATION" -m pip install --upgrade cython wheel setuptools --no-warn-script-location } pushd libyaml - git clean -fdx + Invoke-Exe { git clean -fdx } popd mkdir libyaml\build pushd libyaml\build - cmake.exe -G $python_cmake_generator -DYAML_STATIC_LIB_NAME=yaml .. - cmake.exe --build . --config Release + Invoke-Exe { cmake.exe -G $python_cmake_generator -DYAML_STATIC_LIB_NAME=yaml .. } + Invoke-Exe { cmake.exe --build . --config Release } popd - & $python setup.py --with-libyaml build_ext -I libyaml\include -L libyaml\build\Release -D YAML_DECLARE_STATIC build test bdist_wheel + Invoke-Exe { & $python setup.py --with-libyaml build_ext -I libyaml\include -L libyaml\build\Release -D YAML_DECLARE_STATIC build test bdist_wheel } } Function Upload-Artifacts() { @@ -114,8 +119,6 @@ Bootstrap $pythons = @( "C:\Python27" "C:\Python27-x64" -"C:\Python34" -"C:\Python34-x64" "C:\Python35" "C:\Python35-x64" "C:\Python36" From a5c2a043a26a6bf2787870eec9006b96ba6bca91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tina=20M=C3=BCller?= Date: Mon, 2 Dec 2019 20:58:55 +0100 Subject: [PATCH 12/12] Version 5.2 --- CHANGES | 2 +- announcement.msg | 25 +++++++++++++++++-------- lib/yaml/__init__.py | 2 +- lib3/yaml/__init__.py | 2 +- setup.py | 2 +- 5 files changed, 21 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index 14069a1d1..f4a9ae577 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,7 @@ For a complete changelog, see: * https://github.com/yaml/pyyaml/commits/ * https://bitbucket.org/xi/pyyaml/commits/ -5.2b1 (2019-11-26) +5.2 (2019-12-02) ------------------ * Repair incompatibilities introduced with 5.1. The default Loader was changed, diff --git a/announcement.msg b/announcement.msg index 4cf3944fe..292d0aca9 100644 --- a/announcement.msg +++ b/announcement.msg @@ -1,22 +1,31 @@ -From: Ingy döt Net +From: Tina Müller To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net -Subject: [ANN] PyYAML-5.1.2: YAML parser and emitter for Python +Subject: [ANN] PyYAML-5.2: YAML parser and emitter for Python ======================= -Announcing PyYAML-5.1.2 +Announcing PyYAML-5.2 ======================= -A new minor release of PyYAML is now available: +A new release of PyYAML is now available: https://pypi.org/project/PyYAML/ -This is a maintenance re-release of PyYAML 5.1 with re-generated Cython -bindings to allow the extension to build properly for Python 3.8b2+. No code -changes were made in the PyYAML sources. +This fixes some incompatibilities introduced in version 5.1 and also removes +another possibility of loading arbitrary code. Changes ======= -* None +* Repair incompatibilities introduced with 5.1. The default Loader was changed, + but several methods like add_constructor still used the old default + https://github.com/yaml/pyyaml/pull/279 -- A more flexible fix for custom tag constructors + https://github.com/yaml/pyyaml/pull/287 -- Change default loader for yaml.add_constructor + https://github.com/yaml/pyyaml/pull/305 -- Change default loader for add_implicit_resolver, add_path_resolver +* Make FullLoader safer by removing python/object/apply from the default FullLoader + https://github.com/yaml/pyyaml/pull/347 -- Move constructor for object/apply to UnsafeConstructor +* Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff + https://github.com/yaml/pyyaml/pull/276 -- Fix logic for quoting special characters +* Other PRs: + https://github.com/yaml/pyyaml/pull/280 -- Update CHANGES for 5.1 Resources ========= diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py index 85db1db40..32d848e47 100644 --- a/lib/yaml/__init__.py +++ b/lib/yaml/__init__.py @@ -8,7 +8,7 @@ from loader import * from dumper import * -__version__ = '5.2b1' +__version__ = '5.2' try: from cyaml import * diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py index 6116109e0..d9e3ac253 100644 --- a/lib3/yaml/__init__.py +++ b/lib3/yaml/__init__.py @@ -8,7 +8,7 @@ from .loader import * from .dumper import * -__version__ = '5.2b1' +__version__ = '5.2' try: from .cyaml import * __with_libyaml__ = True diff --git a/setup.py b/setup.py index 8a3e21570..8634ef0f7 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ NAME = 'PyYAML' -VERSION = '5.2b1' +VERSION = '5.2' DESCRIPTION = "YAML parser and emitter for Python" LONG_DESCRIPTION = """\ YAML is a data serialization format designed for human readability