- Fix build with PyYAML > 5:

* yaml5.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Markdown?expand=0&rev=54
2019-03-15 12:22:00 +00:00 · 2019-03-15 12:22:00 +00:00 · ee3c9f4d54
commit ee3c9f4d54
parent cd9c127ce4
3 changed files with 56 additions and 2 deletions
--- a/python-Markdown.changes
+++ b/python-Markdown.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Mar 15 12:20:56 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Fix build with PyYAML > 5:
+  * yaml5.patch
+
 -------------------------------------------------------------------
 Wed Jan  2 11:04:33 UTC 2019 - badshah400@gmail.com

--- a/python-Markdown.spec
+++ b/python-Markdown.spec
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


@ -27,6 +27,7 @@ Group:          Development/Languages/Python
 Url:            https://python-markdown.github.io/
 Source:         https://files.pythonhosted.org/packages/source/M/Markdown/Markdown-%{version}.tar.gz
 Patch0:         markdown-3.0-python37.patch
+Patch1:         yaml5.patch
 BuildRequires:  %{python_module PyYAML}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module xml}
@ -53,7 +54,7 @@ supported by the [Available Extensions][].

 %prep
 %setup -q -n Markdown-%{version}
-%patch0 -p1
+%autopatch -p1

 %build
 %python_build
--- a/yaml5.patch
+++ b/yaml5.patch
@ -0,0 +1,47 @@
+From 0861bb0df43a20737c38029bcf7d09b14d17352f Mon Sep 17 00:00:00 2001
+From: Waylan Limberg <waylan.limberg@icloud.com>
+Date: Thu, 14 Mar 2019 09:17:31 -0400
+Subject: [PATCH] Update CLI to support PyYAML 5.1
+
+This should avoid any warnings. We use `unsafe_load` because users may
+need to pass in actual Python objects. As this is only available from
+the CLI, the user has much worse problems if an attacker can use this
+as an attach vector.
+---
+ docs/change_log/release-3.1.md |  1 +
+ markdown/__main__.py           | 14 +++++++++++---
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/markdown/__main__.py b/markdown/__main__.py
+index 38d08fe0..43e486c9 100644
+--- a/markdown/__main__.py
+++ b/markdown/__main__.py
+@@ -26,9 +26,17 @@
+ import warnings
+ import markdown
+ try:
+-    import yaml
+    # We use `unsafe_load` because users may need to pass in actual Python
+    # objects. As this is only available from the CLI, the user has much
+    # worse problems if an attacker can use this as an attach vector.
+    from yaml import unsafe_load as yaml_load
+ except ImportError:  # pragma: no cover
+-    import json as yaml
+    try:
+        # Fall back to PyYAML <5.1
+        from yaml import load as yaml_load
+    except ImportError:
+        # Fall back to JSON
+        from json import load as yaml_load
+ 
+ import logging
+ from logging import DEBUG, WARNING, CRITICAL
+@@ -97,7 +105,7 @@ def parse_options(args=None, values=None):
+             options.configfile, mode="r", encoding=options.encoding
+         ) as fp:
+             try:
+-                extension_configs = yaml.load(fp)
+                extension_configs = yaml_load(fp)
+             except Exception as e:
+                 message = "Failed parsing extension config file: %s" % \
+                           options.configfile