Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-Net-CIDR-Lite for openSUSE:Factory checked in at 2021-04-10 15:26:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Net-CIDR-Lite (Old) and /work/SRC/openSUSE:Factory/.perl-Net-CIDR-Lite.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Net-CIDR-Lite" Sat Apr 10 15:26:27 2021 rev:14 rq:883371 version:0.22 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Net-CIDR-Lite/perl-Net-CIDR-Lite.changes 2013-04-02 12:36:37.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Net-CIDR-Lite.new.2401/perl-Net-CIDR-Lite.changes 2021-04-10 15:27:07.282360391 +0200 @@ -1,0 +2,10 @@ +Mon Apr 5 03:06:37 UTC 2021 - Tina M??ller <timueller+p...@suse.de> + +- updated to 0.22 + see /usr/share/doc/packages/perl-Net-CIDR-Lite/Changes + + 0.22 2021-04-04 + - Security: IPv4 octets with leading zeroes are no longer allowed. + https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ + +------------------------------------------------------------------- Old: ---- Net-CIDR-Lite-0.21.tar.gz New: ---- Net-CIDR-Lite-0.22.tar.gz cpanspec.yml ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Net-CIDR-Lite.spec ++++++ --- /var/tmp/diff_new_pack.XLI1LH/_old 2021-04-10 15:27:09.170362612 +0200 +++ /var/tmp/diff_new_pack.XLI1LH/_new 2021-04-10 15:27:09.174362617 +0200 @@ -1,7 +1,7 @@ # -# spec file for package perl-Net-CIDR-Lite (Version 0.21) +# spec file for package perl-Net-CIDR-Lite # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,64 +12,44 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -# norootforbuild - -Name: perl-Net-CIDR-Lite %define cpan_name Net-CIDR-Lite +Name: perl-Net-CIDR-Lite +Version: 0.22 +Release: 0 Summary: Perl extension for merging IPv4 or IPv6 CIDR addresses -Version: 0.21 -Release: 4 -License: Artistic-1.0 -Group: Development/Libraries/Perl -Url: http://search.cpan.org/dist/Net-CIDR-Lite -Source: http://search.cpan.org/CPAN/authors/id/D/DO/DOUGW/Net-CIDR-Lite-0.21.tar.gz +License: Artistic-1.0 OR GPL-1.0-or-later +URL: https://metacpan.org/release/%{cpan_name} +Source0: https://cpan.metacpan.org/authors/id/S/ST/STIGTSP/%{cpan_name}-%{version}.tar.gz +Source1: cpanspec.yml BuildArch: noarch -BuildRoot: %{_tmppath}/%{name}-%{version}-build -%{perl_requires} BuildRequires: perl -%if 0%{?suse_version} && 0%{?suse_version} <= 1210 BuildRequires: perl-macros -%endif -BuildRequires: perl(Test::Pod) >= 1.00 -BuildRequires: perl(Test::Pod::Coverage) +%{perl_requires} %description -Faster alternative to Net::CIDR when merging a large number of CIDR -address ranges. Works for IPv4 and IPv6 addresses. - - -Authors: --------- - Douglas Wilson <do...@cpan.org> +Faster alternative to Net::CIDR when merging a large number of CIDR address +ranges. Works for IPv4 and IPv6 addresses. %prep -%setup -n %{cpan_name}-%{version} +%autosetup -n %{cpan_name}-%{version} %build -%{__perl} Makefile.PL OPTIMIZE="$RPM_OPT_FLAGS -Wall" -%{__make} %{?_smp_mflags} +perl Makefile.PL INSTALLDIRS=vendor +%make_build %check -%{__make} test +make test %install %perl_make_install -# do not perl_process_packlist (noarch) -# remove .packlist file -%{__rm} -rf $RPM_BUILD_ROOT%perl_vendorarch -# remove perllocal.pod file -%{__rm} -rf $RPM_BUILD_ROOT%perl_archlib +%perl_process_packlist %perl_gen_filelist -%clean -%{__rm} -rf $RPM_BUILD_ROOT - %files -f %{name}.files -%defattr(-,root,root) %doc Changes README %changelog ++++++ Net-CIDR-Lite-0.21.tar.gz -> Net-CIDR-Lite-0.22.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-CIDR-Lite-0.21/.github/workflows/linux.yml new/Net-CIDR-Lite-0.22/.github/workflows/linux.yml --- old/Net-CIDR-Lite-0.21/.github/workflows/linux.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/Net-CIDR-Lite-0.22/.github/workflows/linux.yml 2021-04-04 22:20:32.000000000 +0200 @@ -0,0 +1,33 @@ +name: linux + +on: + push: + branches: + - '*' + tags-ignore: + - '*' + pull_request: + +jobs: + perl: + runs-on: ubuntu-latest + strategy: + matrix: + perl-version: + - '5.8' + - '5.12' + - '5.16' + - '5.26' + - 'latest' + + container: + image: perl:${{ matrix.perl-version }} + + steps: + - uses: actions/checkout@v2 + - name: perl -V + run: perl -V + # - name: Install Dependencies + # run: curl -sL https://git.io/cpm | perl - install -g --show-build-log-on-failure + - name: Run Tests + run: perl Makefile.PL; make disttest diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-CIDR-Lite-0.21/.github/workflows/macos.yml new/Net-CIDR-Lite-0.22/.github/workflows/macos.yml --- old/Net-CIDR-Lite-0.21/.github/workflows/macos.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/Net-CIDR-Lite-0.22/.github/workflows/macos.yml 2021-04-04 22:20:32.000000000 +0200 @@ -0,0 +1,25 @@ +name: macos + +on: + push: + branches: + - '*' + tags-ignore: + - '*' + pull_request: + +jobs: + perl: + + runs-on: macOS-latest + + steps: + - uses: actions/checkout@v2 + - name: Set up Perl + run: brew install perl + - name: perl -V + run: perl -V + # - name: Install Dependencies + # run: curl -sL https://git.io/cpm | perl - install -g --show-build-log-on-failure + - name: Run Tests + run: perl Makefile.PL; make disttest diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-CIDR-Lite-0.21/.github/workflows/windows.yml new/Net-CIDR-Lite-0.22/.github/workflows/windows.yml --- old/Net-CIDR-Lite-0.21/.github/workflows/windows.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/Net-CIDR-Lite-0.22/.github/workflows/windows.yml 2021-04-04 22:20:32.000000000 +0200 @@ -0,0 +1,26 @@ +name: windows + +on: + push: + branches: + - '*' + tags-ignore: + - '*' + pull_request: + +jobs: + perl: + + runs-on: windows-latest + + steps: + - uses: actions/checkout@v2 + - name: Set up Perl + run: | + choco install strawberryperl + - name: perl -V + run: perl -V + # - name: Install Dependencies + # run: curl -sL https://git.io/cpm | perl - install -g --show-build-log-on-failure + - name: Run Tests + run: perl Makefile.PL; make disttest diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-CIDR-Lite-0.21/.gitignore new/Net-CIDR-Lite-0.22/.gitignore --- old/Net-CIDR-Lite-0.21/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/Net-CIDR-Lite-0.22/.gitignore 2021-04-04 22:20:32.000000000 +0200 @@ -0,0 +1,13 @@ +.* +*~ +!.gitignore +!.perltidyrc +!/.github +/blib +/pm_to_blib +/Makefile +/Makefile.old +/MANIFEST* +!MANIFEST.SKIP +/META.* +/MYMETA.* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-CIDR-Lite-0.21/Changes new/Net-CIDR-Lite-0.22/Changes --- old/Net-CIDR-Lite-0.21/Changes 2010-03-26 01:35:42.000000000 +0100 +++ new/Net-CIDR-Lite-0.22/Changes 2021-04-04 22:20:32.000000000 +0200 @@ -1,5 +1,8 @@ Revision history for Perl extension Net::CIDR::Lite. +0.22 2021-04-04 + - Security: IPv4 octets with leading zeroes are no longer allowed. + https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ 0.21 Wed Mar 28 14:34:18 2007 - Fix RT Tickets: - 14535: Fix spanner clean() docs (reported by carbon at pobox.com). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-CIDR-Lite-0.21/Lite.pm new/Net-CIDR-Lite-0.22/Lite.pm --- old/Net-CIDR-Lite-0.21/Lite.pm 2010-03-26 01:30:10.000000000 +0100 +++ new/Net-CIDR-Lite-0.22/Lite.pm 2021-04-04 22:20:32.000000000 +0200 @@ -4,7 +4,7 @@ use vars qw($VERSION); use Carp qw(confess); -$VERSION = '0.21'; +$VERSION = '0.22'; my %masks; my @fields = qw(PACK UNPACK NBITS MASKS); @@ -181,7 +181,7 @@ my @nums = split /\./, shift(), -1; return unless @nums == 4; for (@nums) { - return unless /^\d{1,3}$/ and $_ <= 255; + return unless /^\d{1,3}$/ and !/^0\d{1,2}$/ and $_ <= 255; } pack("CC*", 0, @nums); } @@ -673,6 +673,10 @@ Douglas Wilson, E<lt>do...@cpan.orge<gt> w/numerous hints and ideas borrowed from Tye McQueen. +=head1 MAINTAINER + +Stig Palmquist E<lt>s...@stig.ioe<gt> + =head1 COPYRIGHT This module is free software; you can redistribute it and/or diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-CIDR-Lite-0.21/META.yml new/Net-CIDR-Lite-0.22/META.yml --- old/Net-CIDR-Lite-0.21/META.yml 2010-03-26 01:36:02.000000000 +0100 +++ new/Net-CIDR-Lite-0.22/META.yml 2021-04-04 22:20:32.000000000 +0200 @@ -1,6 +1,6 @@ --- #YAML:1.0 name: Net-CIDR-Lite -version: 0.21 +version: 0.22 abstract: Perl extension for merging IPv4 or IPv6 CIDR addresses author: - Douglas Wilson <do...@cpan.org> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-CIDR-Lite-0.21/README new/Net-CIDR-Lite-0.22/README --- old/Net-CIDR-Lite-0.21/README 2005-05-18 20:55:44.000000000 +0200 +++ new/Net-CIDR-Lite-0.22/README 2021-04-04 22:20:32.000000000 +0200 @@ -1,4 +1,4 @@ -Net/CIDR/Lite version 0.01 +Net/CIDR/Lite version 0.22 ========================== INSTALLATION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-CIDR-Lite-0.21/t/base.t new/Net-CIDR-Lite-0.22/t/base.t --- old/Net-CIDR-Lite-0.21/t/base.t 2010-03-26 00:33:51.000000000 +0100 +++ new/Net-CIDR-Lite-0.22/t/base.t 2021-04-04 22:20:32.000000000 +0200 @@ -8,7 +8,7 @@ use Test; use strict; $|++; -BEGIN { plan tests => 39 }; +BEGIN { plan tests => 42 }; use Net::CIDR::Lite; ok(1); # If we made it this far, we are ok. @@ -133,3 +133,14 @@ })->list_short_range; ok(join(', ', @list_short_range), '10.0.0.250-255, 10.0.1.0-20, 10.0.1.22, 10.0.2.250-255, 10.0.3.0-255, 10.0.4.0-255, 10.0.5.0-8'); + +# Tests for vulnerability: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ +eval { Net::CIDR::Lite->new("010.0.0.0/8") }; +ok($@=~/Can't determine ip format/); + +my $err_octal = Net::CIDR::Lite->new; +eval { $err_octal->add("010.0.0.0/8") }; +ok($@=~/Can't determine ip format/); + +eval { $err_octal->add("10.01.0.0/8") }; +ok($@=~/Can't determine ip format/); ++++++ cpanspec.yml ++++++ --- #description_paragraphs: 3 #description: |- # override description from CPAN #summary: override summary from CPAN #no_testing: broken upstream #sources: # - source1 # - source2 #patches: # foo.patch: -p1 # bar.patch: # baz.patch: PATCH-FIX-OPENSUSE #preamble: |- # BuildRequires: gcc-c++ #post_prep: |- # hunspell=`pkg-config --libs hunspell | sed -e 's,-l,,; s, *,,g'` # sed -i -e "s,hunspell-X,$hunspell," t/00-prereq.t Makefile.PL #post_build: |- # rm unused.files #post_install: |- # sed on %{name}.files #license: SUSE-NonFree #skip_noarch: 1 #custom_build: |- #./Build build flags=%{?_smp_mflags} --myflag #custom_test: |- #startserver && make test #ignore_requires: Bizarre::Module #skip_doc: regexp_to_skip_for_doc.* #add_doc: files to add to docs #misc: |- #anything else to be added to spec file #follows directly after %files section, so it can contain new blocks or also #changes to %files section
