Control: tags 989009 + pending
Dear maintainer, I've prepared an NMU for python-ddt (versioned as 1.4.1-2.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards. SR
diff -Nru python-ddt-1.4.1/debian/changelog python-ddt-1.4.1/debian/changelog --- python-ddt-1.4.1/debian/changelog 2020-10-14 04:11:28.000000000 -0400 +++ python-ddt-1.4.1/debian/changelog 2021-05-23 11:51:10.000000000 -0400 @@ -1,3 +1,11 @@ +python-ddt (1.4.1-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Patch: Support pyyaml's security patch in 5.3.1-4 (from 5.4 upstream). + (Closes: #989009) + + -- Stefano Rivera <stefa...@debian.org> Sun, 23 May 2021 11:51:10 -0400 + python-ddt (1.4.1-2) unstable; urgency=medium * Uploading to unstable. diff -Nru python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch --- python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch 1969-12-31 20:00:00.000000000 -0400 +++ python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch 2021-05-23 11:50:57.000000000 -0400 @@ -0,0 +1,56 @@ +From 97f0a2315736e50f1b34a015447cd751da66ecb6 Mon Sep 17 00:00:00 2001 +From: Dirk Mueller <d...@dmllr.de> +Date: Mon, 25 Jan 2021 22:49:04 +0100 +Subject: [PATCH] Use Yaml's UnsafeLoader for Python embedding tests + +In newer PyYAML versions the default FullLoader has +python/object/* integration removed. One has to use +UnsafeLoader instead. see this issue for details: + +https://github.com/yaml/pyyaml/issues/321 +Bug-Debian: https://bugs.debian.org/989009 +--- + test/test_example.py | 2 +- + test/test_functional.py | 10 +++++----- + 2 files changed, 6 insertions(+), 6 deletions(-) + +--- a/test/test_example.py ++++ b/test/test_example.py +@@ -151,7 +151,7 @@ + + @ddt + class YamlOnlyTestCase(unittest.TestCase): +- @file_data('data/test_custom_yaml_loader.yaml', yaml.FullLoader) ++ @file_data('data/test_custom_yaml_loader.yaml', yaml.UnsafeLoader) + def test_custom_yaml_loader(self, instance, expected): + """Test with yaml tags to create specific classes to compare""" + self.assertEqual(expected, instance) +--- a/test/test_functional.py ++++ b/test/test_functional.py +@@ -427,7 +427,7 @@ + loader allowing python tags is passed. + """ + +- from yaml import FullLoader ++ from yaml import UnsafeLoader + from yaml.constructor import ConstructorError + + def str_to_type(class_name): +@@ -444,13 +444,13 @@ + raise AssertionError() + + @ddt +- class YamlFullLoaderTest(object): +- @file_data('data/test_functional_custom_tags.yaml', FullLoader) ++ class YamlUnsafeLoaderTest(object): ++ @file_data('data/test_functional_custom_tags.yaml', UnsafeLoader) + def test_cls_is_instance(self, instance, expected): + assert isinstance(instance, str_to_type(expected)) + +- tests = list(filter(_is_test, YamlFullLoaderTest.__dict__)) +- obj = YamlFullLoaderTest() ++ tests = list(filter(_is_test, YamlUnsafeLoaderTest.__dict__)) ++ obj = YamlUnsafeLoaderTest() + + if not tests: + raise AssertionError('No tests have been found.') diff -Nru python-ddt-1.4.1/debian/patches/series python-ddt-1.4.1/debian/patches/series --- python-ddt-1.4.1/debian/patches/series 1969-12-31 20:00:00.000000000 -0400 +++ python-ddt-1.4.1/debian/patches/series 2021-05-23 11:50:33.000000000 -0400 @@ -0,0 +1 @@ +pyyaml-unsafeloader.patch