Google Git
Sign in
fuchsia / third_party / pyyaml / refs/tags/5.4b2^! / .
commit539928ea80aa4b24b24ab4cb84805aa3c0d444c8[log] [tgz]
authorIngy döt Net <ingy@ingy.net>Thu Jan 14 16:30:55 2021 -0500
committerIngy döt Net <ingy@ingy.net>Thu Jan 14 16:30:55 2021 -0500
tree27fbdcb991dcf61e6eef83cbc3a56efdaa02597a
parenta60f7a19c0b418fe95fcf2ec0957005ae39e1090 [diff]
5.4.0b2 release

diff --git a/CHANGES b/CHANGES
index f3facb1..770aad9 100644
--- a/CHANGES
+++ b/CHANGES

@@ -4,6 +4,18 @@
 * https://github.com/yaml/pyyaml/commits/
 * https://bitbucket.org/xi/pyyaml/commits/
 
+5.4b2 (2021-01-14)
+
+* Update Copyright year to 2021
+
+5.4b1 (2021-01-13)
+
+* https://github.com/yaml/pyyaml/pull/407 -- build modernization, remove distutils, fix metadata, build wheels, CI to GHA
+* https://github.com/yaml/pyyaml/pull/472 -- fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
+* https://github.com/yaml/pyyaml/pull/441 -- fix memory leak in implicit resolver setup
+* https://github.com/yaml/pyyaml/pull/392 -- fix py2 copy support for timezone objects
+* https://github.com/yaml/pyyaml/pull/378 -- fix compatibility with Jython
+
 5.3.1 (2020-03-18)
 
 * https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor

diff --git a/LICENSE b/LICENSE
index 3d82c28..2f1b8e1 100644
--- a/LICENSE
+++ b/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2020 Ingy döt Net
+Copyright (c) 2017-2021 Ingy döt Net
 Copyright (c) 2006-2016 Kirill Simonov
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of

diff --git a/announcement.msg b/announcement.msg
index 1e32b3c..245f4a1 100644
--- a/announcement.msg
+++ b/announcement.msg

@@ -1,25 +1,37 @@
-From: Tina Müller <post@tinita.de>
+From: Ingy döt Net <ingy@ingy.net>
 To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net
-Subject: [ANN] PyYAML-5.3.1: YAML parser and emitter for Python
+Subject: [ANN] PyYAML-5.4b2: Linux and Mac users, please test!
 
 =======================
-Announcing PyYAML-5.3.1
+Announcing PyYAML-5.4b2
 =======================
 
-A new release of PyYAML is now available:
-https://pypi.org/project/PyYAML/
+A beta release of PyYAML is now available:
+https://github.com/yaml/pyyaml/releases/tag/5.4b2
 
-This release contains a security fix for CVE-2020-1747. FullLoader was still
-exploitable for arbitrary command execution.
-https://bugzilla.redhat.com/show_bug.cgi?id=1807367
+This release contains a security fix for CVE-2020-14343. It removes the
+python/module, python/object, and python/object/new tags from the FullLoader.
+YAML that uses these tags must be loaded by UnsafeLoader, or a custom loader
+that has explicitly enabled them.
 
-Thanks to Riccardo Schirone (https://github.com/ret2libc) for both reporting
-this and providing the fixes to resolve it.
+This beta release also adds Python wheels for manylinux1 (x86_64) and
+MacOS (x86_64) with the libyaml extension included (built on libyaml 0.2.5).
+We believe these wheels to be stable, but please take the opportunity to test
+against your local Linux and MacOS environments, and file any issues at
+https://github.com/yaml/pyyaml/issues.
+
+PyYAML 5.4 will be the last release to support Python 2.7.
+
 
 Changes
 =======
 
-* https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
+* Update Copyright year to 2021
+* https://github.com/yaml/pyyaml/pull/407 -- build modernization, remove distutils, fix metadata, build wheels, CI to GHA
+* https://github.com/yaml/pyyaml/pull/472 -- fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
+* https://github.com/yaml/pyyaml/pull/441 -- fix memory leak in implicit resolver setup
+* https://github.com/yaml/pyyaml/pull/392 -- fix py2 copy support for timezone objects
+* https://github.com/yaml/pyyaml/pull/378 -- fix compatibility with Jython
 
 
 Resources
@@ -55,6 +67,7 @@
 Example
 =======
 
+```
 >>> import yaml
 
 >>> yaml.full_load("""
@@ -72,7 +85,7 @@
 homepage: https://github.com/yaml/pyyaml
 description: YAML parser and emitter for Python
 keywords: [YAML, serialization, configuration, persistence, pickle]
-
+```
 
 Maintainers
 ===========
@@ -89,7 +102,7 @@
 Copyright
 =========
 
-Copyright (c) 2017-2020 Ingy döt Net <ingy@ingy.net>
+Copyright (c) 2017-2021 Ingy döt Net <ingy@ingy.net>
 Copyright (c) 2006-2016 Kirill Simonov <xi@resolvent.net>
 
 The PyYAML module was written by Kirill Simonov <xi@resolvent.net>.

diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py
index 6da15d8..4754c21 100644
--- a/lib/yaml/__init__.py
+++ b/lib/yaml/__init__.py

@@ -8,7 +8,7 @@
 from loader import *
 from dumper import *
 
-__version__ = '5.4.0a0'
+__version__ = '5.4b2'
 
 try:
     from cyaml import *

diff --git a/lib3/yaml/__init__.py b/lib3/yaml/__init__.py
index 98b662c..a399f1c 100644
--- a/lib3/yaml/__init__.py
+++ b/lib3/yaml/__init__.py

@@ -8,7 +8,7 @@
 from .loader import *
 from .dumper import *
 
-__version__ = '5.4.0a0'
+__version__ = '5.4b2'
 try:
     from .cyaml import *
     __with_libyaml__ = True

diff --git a/setup.py b/setup.py
index 296b599..fccc95f 100644
--- a/setup.py
+++ b/setup.py

@@ -1,6 +1,6 @@
 
 NAME = 'PyYAML'
-VERSION = '5.4.0a0'
+VERSION = '5.4b2'
 DESCRIPTION = "YAML parser and emitter for Python"
 LONG_DESCRIPTION = """\
 YAML is a data serialization format designed for human readability