--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-CC: Thomas Goirand <zigo@debian.org>
Please unblock package python-ddt
Changes:
python-ddt (1.4.1-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Patch: Support pyyaml's security patch in 5.3.1-4 (from 5.4 upstream).
(Closes: #989009)
[ Reason ]
Updated python-ddt to build-against pyyaml's recent security update
(#988926)
[ Impact ]
Fixes FTBFS with the new pyyaml.
[ Tests ]
The affected code is the test suite.
[ Risks ]
Change is from upstream, affecting only unit tests, so negligible.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock python-ddt/1.4.1-2.1
diff -Nru python-ddt-1.4.1/debian/changelog python-ddt-1.4.1/debian/changelog
--- python-ddt-1.4.1/debian/changelog 2020-10-14 04:11:28.000000000 -0400
+++ python-ddt-1.4.1/debian/changelog 2021-05-23 11:51:10.000000000 -0400
@@ -1,3 +1,11 @@
+python-ddt (1.4.1-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Patch: Support pyyaml's security patch in 5.3.1-4 (from 5.4 upstream).
+ (Closes: #989009)
+
+ -- Stefano Rivera <stefanor@debian.org> Sun, 23 May 2021 11:51:10 -0400
+
python-ddt (1.4.1-2) unstable; urgency=medium
* Uploading to unstable.
diff -Nru python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch
--- python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch 1969-12-31 20:00:00.000000000 -0400
+++ python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch 2021-05-23 11:50:57.000000000 -0400
@@ -0,0 +1,56 @@
+From 97f0a2315736e50f1b34a015447cd751da66ecb6 Mon Sep 17 00:00:00 2001
+From: Dirk Mueller <dirk@dmllr.de>
+Date: Mon, 25 Jan 2021 22:49:04 +0100
+Subject: [PATCH] Use Yaml's UnsafeLoader for Python embedding tests
+
+In newer PyYAML versions the default FullLoader has
+python/object/* integration removed. One has to use
+UnsafeLoader instead. see this issue for details:
+
+https://github.com/yaml/pyyaml/issues/321
+Bug-Debian: https://bugs.debian.org/989009
+---
+ test/test_example.py | 2 +-
+ test/test_functional.py | 10 +++++-----
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+--- a/test/test_example.py
++++ b/test/test_example.py
+@@ -151,7 +151,7 @@
+
+ @ddt
+ class YamlOnlyTestCase(unittest.TestCase):
+- @file_data('data/test_custom_yaml_loader.yaml', yaml.FullLoader)
++ @file_data('data/test_custom_yaml_loader.yaml', yaml.UnsafeLoader)
+ def test_custom_yaml_loader(self, instance, expected):
+ """Test with yaml tags to create specific classes to compare"""
+ self.assertEqual(expected, instance)
+--- a/test/test_functional.py
++++ b/test/test_functional.py
+@@ -427,7 +427,7 @@
+ loader allowing python tags is passed.
+ """
+
+- from yaml import FullLoader
++ from yaml import UnsafeLoader
+ from yaml.constructor import ConstructorError
+
+ def str_to_type(class_name):
+@@ -444,13 +444,13 @@
+ raise AssertionError()
+
+ @ddt
+- class YamlFullLoaderTest(object):
+- @file_data('data/test_functional_custom_tags.yaml', FullLoader)
++ class YamlUnsafeLoaderTest(object):
++ @file_data('data/test_functional_custom_tags.yaml', UnsafeLoader)
+ def test_cls_is_instance(self, instance, expected):
+ assert isinstance(instance, str_to_type(expected))
+
+- tests = list(filter(_is_test, YamlFullLoaderTest.__dict__))
+- obj = YamlFullLoaderTest()
++ tests = list(filter(_is_test, YamlUnsafeLoaderTest.__dict__))
++ obj = YamlUnsafeLoaderTest()
+
+ if not tests:
+ raise AssertionError('No tests have been found.')
diff -Nru python-ddt-1.4.1/debian/patches/series python-ddt-1.4.1/debian/patches/series
--- python-ddt-1.4.1/debian/patches/series 1969-12-31 20:00:00.000000000 -0400
+++ python-ddt-1.4.1/debian/patches/series 2021-05-23 11:50:33.000000000 -0400
@@ -0,0 +1 @@
+pyyaml-unsafeloader.patch
--- End Message ---