Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-YAML-Syck for openSUSE:Factory checked in at 2026-05-11 16:57:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-YAML-Syck (Old) and /work/SRC/openSUSE:Factory/.perl-YAML-Syck.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-YAML-Syck" Mon May 11 16:57:04 2026 rev:39 rq:1352298 version:1.450.0 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-YAML-Syck/perl-YAML-Syck.changes 2026-04-15 16:06:50.032581935 +0200 +++ /work/SRC/openSUSE:Factory/.perl-YAML-Syck.new.1966/perl-YAML-Syck.changes 2026-05-11 17:07:19.085418668 +0200 @@ -1,0 +2,24 @@ +Fri Apr 24 07:18:13 UTC 2026 - Tina Müller <[email protected]> + +- updated to 1.450.0 (1.45) + see /usr/share/doc/packages/perl-YAML-Syck/Changes + + 1.45 Apr 23 2026 + + [Bug Fixes] + - Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash + in base64 encode/decode buffers; also plugs a memory leak (PR #189) + - Fix: clear type tag on blessed scalar alias early-return so the stale + tag no longer leaks onto the next emitted item (GH #193, PR #194) + - Fix: negative float#base60 values produce wrong results; strip sign + before accumulating and avoid negative zero for portable + stringification (PR #191) + - Fix: prevent memory leaks when Load/LoadJSON croak on parse errors + (PR #192) + + [Maintenance] + - Test: add coverage for SortKeys and JSON MaxDepth (PR #188) + - Test: add error handling coverage for LoadFile/DumpFile (PR #190) + - Update README + +------------------------------------------------------------------- @@ -89,0 +114 @@ + bsc#1259757 @@ -134,0 +160 @@ + CVE-2025-11683 bsc#1252111 Old: ---- YAML-Syck-1.44.tar.gz New: ---- YAML-Syck-1.45.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-YAML-Syck.spec ++++++ --- /var/tmp/diff_new_pack.BQ3SqQ/_old 2026-05-11 17:07:19.813448623 +0200 +++ /var/tmp/diff_new_pack.BQ3SqQ/_new 2026-05-11 17:07:19.817448787 +0200 @@ -18,10 +18,10 @@ %define cpan_name YAML-Syck Name: perl-YAML-Syck -Version: 1.440.0 +Version: 1.450.0 Release: 0 -# 1.44 -> normalize -> 1.440.0 -%define cpan_version 1.44 +# 1.45 -> normalize -> 1.450.0 +%define cpan_version 1.45 License: MIT Summary: Perl YAML loader and dumper URL: https://metacpan.org/release/%{cpan_name} ++++++ YAML-Syck-1.44.tar.gz -> YAML-Syck-1.45.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/Changes new/YAML-Syck-1.45/Changes --- old/YAML-Syck-1.44/Changes 2026-04-02 17:57:18.000000000 +0200 +++ new/YAML-Syck-1.45/Changes 2026-04-23 17:14:33.251486624 +0200 @@ -1,3 +1,21 @@ +1.45 Apr 23 2026 + + [Bug Fixes] + - Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash + in base64 encode/decode buffers; also plugs a memory leak (PR #189) + - Fix: clear type tag on blessed scalar alias early-return so the stale + tag no longer leaks onto the next emitted item (GH #193, PR #194) + - Fix: negative float#base60 values produce wrong results; strip sign + before accumulating and avoid negative zero for portable + stringification (PR #191) + - Fix: prevent memory leaks when Load/LoadJSON croak on parse errors + (PR #192) + + [Maintenance] + - Test: add coverage for SortKeys and JSON MaxDepth (PR #188) + - Test: add error handling coverage for LoadFile/DumpFile (PR #190) + - Update README + 1.44 Apr 02 2026 [Bug Fixes] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/MANIFEST new/YAML-Syck-1.45/MANIFEST --- old/YAML-Syck-1.44/MANIFEST 2026-04-02 17:58:07.000000000 +0200 +++ new/YAML-Syck-1.45/MANIFEST 2026-04-23 17:16:55.000000000 +0200 @@ -39,12 +39,15 @@ t/bug/rt-54167.t t/croak-leak.t t/gh-132-base60-safety.t +t/gh-193-blessed-alias-tag.t t/gh-25-inline-array-no-space.t t/gh-26-implicit-type-roundtrip.t t/gh-28-wide-char-dumpfile.t t/gh-dumpcode-prototype.t t/gh-load-list-context.t +t/gh-loadfile-dumpfile-errors.t t/gh-negative-base60.t +t/gh-negative-float-base60.t t/gh-negative-hex-oct.t t/gh-positive-hex-oct.t t/json-basic.t @@ -56,6 +59,7 @@ t/json-escape-sequences.t t/json-indent.t t/json-loadfile.t +t/json-max-depth.t t/json-minus.t t/json-newline.t t/json-null.t @@ -87,6 +91,7 @@ t/yaml-nested-flow.t t/yaml-perl-scalar-leak.t t/yaml-roundtrip.t +t/yaml-sortkeys.t t/yaml-str-colon-first.t t/yaml-tie.t t/yaml-timestamps.t diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/META.json new/YAML-Syck-1.45/META.json --- old/YAML-Syck-1.44/META.json 2026-04-02 17:58:06.000000000 +0200 +++ new/YAML-Syck-1.45/META.json 2026-04-23 17:16:55.000000000 +0200 @@ -39,7 +39,7 @@ "provides" : { "JSON::Syck" : { "file" : "lib/JSON/Syck.pm", - "version" : "1.44" + "version" : "1.45" }, "YAML::Dumper::Syck" : { "file" : "lib/YAML/Dumper/Syck.pm" @@ -49,7 +49,7 @@ }, "YAML::Syck" : { "file" : "lib/YAML/Syck.pm", - "version" : "1.44" + "version" : "1.45" } }, "release_status" : "stable", @@ -67,6 +67,6 @@ "web" : "https://github.com/toddr/YAML-Syck"; } }, - "version" : "1.44", + "version" : "1.45", "x_serialization_backend" : "JSON::PP version 4.16" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/META.yml new/YAML-Syck-1.45/META.yml --- old/YAML-Syck-1.44/META.yml 2026-04-02 17:58:06.000000000 +0200 +++ new/YAML-Syck-1.45/META.yml 2026-04-23 17:16:55.000000000 +0200 @@ -20,14 +20,14 @@ provides: JSON::Syck: file: lib/JSON/Syck.pm - version: '1.44' + version: '1.45' YAML::Dumper::Syck: file: lib/YAML/Dumper/Syck.pm YAML::Loader::Syck: file: lib/YAML/Loader/Syck.pm YAML::Syck: file: lib/YAML/Syck.pm - version: '1.44' + version: '1.45' requires: perl: '5.006' resources: @@ -35,5 +35,5 @@ homepage: https://github.com/toddr/YAML-Syck license: https://dev.perl.org/licenses/ repository: https://github.com/toddr/YAML-Syck.git -version: '1.44' +version: '1.45' x_serialization_backend: 'CPAN::Meta::YAML version 0.020' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/README.md new/YAML-Syck-1.45/README.md --- old/YAML-Syck-1.44/README.md 2026-03-22 22:01:52.000000000 +0100 +++ new/YAML-Syck-1.45/README.md 2026-04-23 17:14:59.485698225 +0200 @@ -1,5 +1,3 @@ -[](https://github.com/toddr/YAML-Syck/actions) [](https://github.com/toddr/YAML-Syck/actions) [](https://github.com/toddr/YAML-Syck/actions) - # NAME YAML::Syck - Fast, lightweight YAML loader and dumper @@ -47,6 +45,13 @@ # FLAGS +## $YAML::Syck::MaxDepth + +Maximum nesting depth for `Dump`. Defaults to 512. If a data structure +is nested deeper than this limit, `Dump` will `croak` instead of +overflowing the C stack. Increase this if you legitimately need to +serialize very deeply nested structures. + ## $YAML::Syck::Headless Defaults to false. Setting this to a true value will make `Dump` omit the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/emitter.c new/YAML-Syck-1.45/emitter.c --- old/YAML-Syck-1.44/emitter.c 2026-03-21 01:49:15.000000000 +0100 +++ new/YAML-Syck-1.45/emitter.c 2026-04-23 17:12:20.000000000 +0200 @@ -107,6 +107,20 @@ } /* + * Free a buffer returned by syck_base64enc() or syck_base64dec(). + * These buffers are allocated with C's malloc() in this translation unit. + * Callers in XS code must NOT use free()/Safefree() directly because + * Perl may redefine those to use a different allocator (causes + * "Free to wrong pool" on Windows). + */ +void +syck_base64_free( char *ptr ) +{ + if ( ptr != NULL ) + free( ptr ); +} + +/* * Allocate an emitter */ SyckEmitter * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/lib/JSON/Syck.pm new/YAML-Syck-1.45/lib/JSON/Syck.pm --- old/YAML-Syck-1.44/lib/JSON/Syck.pm 2026-04-02 17:57:27.000000000 +0200 +++ new/YAML-Syck-1.45/lib/JSON/Syck.pm 2026-04-23 17:14:49.693996266 +0200 @@ -4,7 +4,7 @@ use Exporter; use YAML::Syck (); -our $VERSION = '1.44'; +our $VERSION = '1.45'; our @EXPORT_OK = qw( Load Dump LoadFile DumpFile DumpInto ); our @ISA = qw/Exporter/; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/lib/YAML/Syck.pm new/YAML-Syck-1.45/lib/YAML/Syck.pm --- old/YAML-Syck-1.44/lib/YAML/Syck.pm 2026-04-02 17:57:26.000000000 +0200 +++ new/YAML-Syck-1.45/lib/YAML/Syck.pm 2026-04-23 17:14:39.910280897 +0200 @@ -10,7 +10,7 @@ use Exporter; use XSLoader (); -our $VERSION = '1.44'; +our $VERSION = '1.45'; our @EXPORT = qw( Dump Load DumpFile LoadFile ); our @EXPORT_OK = qw( DumpInto LoadBytes LoadUTF8 DumpBytes DumpUTF8 ); our @ISA = qw( Exporter ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/perl_syck.h new/YAML-Syck-1.45/perl_syck.h --- old/YAML-Syck-1.44/perl_syck.h 2026-04-02 17:55:01.000000000 +0200 +++ new/YAML-Syck-1.45/perl_syck.h 2026-04-23 17:12:20.000000000 +0200 @@ -55,7 +55,7 @@ # define SEQ_NONE seq_none # define MAP_NONE map_none #ifdef SvUTF8 -# define IS_UTF8(x) (SvUTF8(sv)) +# define IS_UTF8(x) (SvUTF8(x)) #else # define IS_UTF8(x) (FALSE) #endif @@ -189,8 +189,11 @@ char *ptr, *end; UV sixty = 1; NV total = 0.0; + int is_neg; syck_str_blow_away_commas( n ); ptr = n->data.str->ptr; + is_neg = (*ptr == '-'); + if (*ptr == '-' || *ptr == '+') ptr++; end = n->data.str->ptr + n->data.str->len; while ( end > ptr ) { @@ -211,7 +214,7 @@ total += bnum * sixty; sixty *= 60; } - sv = newSVnv(total); + sv = newSVnv((is_neg && total != 0.0) ? -total : total); #ifdef NV_NAN } else if (strEQ( id, "float#nan" )) { sv = newSVnv(NV_NAN); @@ -309,6 +312,7 @@ long len = 0; char *blob = syck_base64dec(n->data.str->ptr, n->data.str->len, &len); sv = newSVpv(blob, len); + syck_base64_free(blob); #ifndef YAML_IS_JSON #ifdef PERL_LOADMOD_NOIMPORT } else if (strEQ(id, "perl/code") || strnEQ(id, "perl/code:", 10)) { @@ -868,6 +872,22 @@ } #endif +/* Destructor for SAVEDESTRUCTOR_X: frees parser on croak. + * Registered after syck_new_parser() so Perl's scope unwinding handles + * cleanup even when croak() longjmps past the normal return path. + * Guarded because perl_syck.h is included twice (YAML and JSON modes). */ +#ifndef CLEANUP_PARSER_DEFINED +#define CLEANUP_PARSER_DEFINED +static void +cleanup_parser(pTHX_ void *p) { + SyckParser **pp = (SyckParser **)p; + if (*pp != NULL) { + syck_free_parser(*pp); + *pp = NULL; + } +} +#endif + #ifdef YAML_IS_JSON static SV * LoadJSON (char *s) { #else @@ -893,6 +913,7 @@ #ifdef YAML_IS_JSON s = perl_json_preprocess(s); + SAVEFREEPV(s); /* freed at LEAVE — also on croak */ #else /* Special preprocessing to maintain compat with YAML.pm <= 0.35 */ if (strnEQ( s, "--- #YAML:1.0", 13)) { @@ -901,6 +922,11 @@ #endif parser = syck_new_parser(); + + /* Register destructor so croak() in parser callbacks (error_handler, + * parser_handler code-loading) won't leak the SyckParser. */ + SAVEDESTRUCTOR_X(cleanup_parser, &parser); + syck_parser_str_auto(parser, s, NULL); syck_parser_handler(parser, PERL_SYCK_PARSER_HANDLER); syck_parser_error_handler(parser, perl_syck_error_handler); @@ -920,7 +946,9 @@ if (GIMME_V == G_ARRAY) { SYMID prev_v = 0; - obj = (SV*)newAV(); + /* Mortalize the AV so croak() during syck_parse() won't leak it. + * Use newRV_inc to compensate — the mortal entry decrements at LEAVE. */ + obj = (SV*)sv_2mortal((SV*)newAV()); while ((v = syck_parse(parser)) && (v != prev_v)) { SV *cur = &PL_sv_undef; if (!syck_lookup_sym(parser, v, (char **)&cur)) { @@ -932,7 +960,7 @@ prev_v = v; } - obj = newRV_noinc(obj); + obj = newRV_inc(obj); } else #endif @@ -943,11 +971,12 @@ } } + /* Normal path: free parser now and NULL the pointer so the + * SAVEDESTRUCTOR_X callback (at LEAVE) becomes a no-op. */ syck_free_parser(parser); + parser = NULL; -#ifdef YAML_IS_JSON - Safefree(s); -#endif + /* In JSON mode, SAVEFREEPV(s) frees the preprocessed string at LEAVE. */ FREETMPS; LEAVE; @@ -1156,6 +1185,7 @@ sprintf(an, "*%s", anchor_name); syck_emitter_write(e, an, strlen(anchor_name) + 1); S_FREE(an); + *tag = '\0'; Safefree(ref_orig); bonus->cur_ref = NULL; return; @@ -1251,6 +1281,7 @@ /* Binary here */ char *base64 = syck_base64enc( str, bin_len ); syck_emit_scalar(e, "tag:yaml.org,2002:binary", SCALAR_STRING, 0, 0, 0, base64, strlen(base64)); + syck_base64_free(base64); is_ascii = FALSE; break; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/syck.h new/YAML-Syck-1.45/syck.h --- old/YAML-Syck-1.44/syck.h 2026-04-02 17:55:01.000000000 +0200 +++ new/YAML-Syck-1.45/syck.h 2026-04-23 17:12:20.000000000 +0200 @@ -399,6 +399,7 @@ long syck_io_str_read( char *, SyckIoStr *, long, long ); char *syck_base64enc( char *, long ); char *syck_base64dec( char *, long, long * ); +void syck_base64_free( char * ); SyckEmitter *syck_new_emitter( void ); SYMID syck_emitter_mark_node( SyckEmitter *, st_data_t, int ); void syck_emitter_ignore_id( SyckEmitter *, SYMID ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/t/gh-193-blessed-alias-tag.t new/YAML-Syck-1.45/t/gh-193-blessed-alias-tag.t --- old/YAML-Syck-1.44/t/gh-193-blessed-alias-tag.t 1970-01-01 01:00:00.000000000 +0100 +++ new/YAML-Syck-1.45/t/gh-193-blessed-alias-tag.t 2026-04-23 17:12:20.000000000 +0200 @@ -0,0 +1,34 @@ +use strict; +use warnings; +use Test::More tests => 6; +use YAML::Syck; + +# GH #193 — Dumping blessed scalar refs that alias each other caused the +# type tag to leak onto the next map key. The emitter's alias early-return +# path skipped the tag-buffer cleanup, so the stale tag attached to whatever +# was emitted next. + +{ + my $inner = bless \do { my $o = 1 }, 'JSON::PP::Boolean'; + my $data = { a => $inner, b => $inner, c => 12143 }; + my $yaml = Dump($data); + + unlike $yaml, qr/!!perl\/scalar:JSON::PP::Boolean c/, + 'type tag does not leak onto unrelated key'; + + like $yaml, qr/^c: 12143$/m, + 'plain key c emits without tag'; + + like $yaml, qr/!!perl\/scalar:JSON::PP::Boolean/, + 'blessed value still carries its tag'; + + like $yaml, qr/&\d+/, + 'anchor is emitted for first occurrence'; + + like $yaml, qr/\*\d+/, + 'alias is emitted for second occurrence'; + + my $roundtrip = Load($yaml); + is $roundtrip->{c}, 12143, + 'roundtrip preserves plain value'; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/t/gh-loadfile-dumpfile-errors.t new/YAML-Syck-1.45/t/gh-loadfile-dumpfile-errors.t --- old/YAML-Syck-1.44/t/gh-loadfile-dumpfile-errors.t 1970-01-01 01:00:00.000000000 +0100 +++ new/YAML-Syck-1.45/t/gh-loadfile-dumpfile-errors.t 2026-04-23 17:12:20.000000000 +0200 @@ -0,0 +1,111 @@ +use FindBin; +BEGIN { push @INC, $FindBin::Bin } + +use TestYAML; +use Test::More; +use JSON::Syck; +use File::Temp qw(tempdir); + +plan tests => 12; + +my $tmpdir = tempdir( CLEANUP => 1 ); + +# ---------- YAML::Syck::LoadFile error paths ---------- + +# Non-existent file +{ + my $bogus = "$tmpdir/does-not-exist.yml"; + my $rv = eval { YAML::Syck::LoadFile($bogus) }; + like( + $@, + qr/is empty or non-existent/, + 'YAML LoadFile dies on non-existent file' + ); + is( $rv, undef, 'YAML LoadFile returns undef on non-existent file' ); +} + +# Unreadable file (skip on Windows and root) +SKIP: { + skip 'chmod not effective on Windows', 2 if $^O eq 'MSWin32'; + skip 'chmod not effective when running as root', 2 if $> == 0; + + my $noread = "$tmpdir/noread.yml"; + open my $fh, '>', $noread or die "setup: $!"; + print $fh "--- hello\n"; + close $fh; + chmod 0000, $noread; + + my $rv = eval { YAML::Syck::LoadFile($noread) }; + like( + $@, + qr/Cannot read from/, + 'YAML LoadFile dies on unreadable file' + ); + is( $rv, undef, 'YAML LoadFile returns undef on unreadable file' ); + + chmod 0644, $noread; # restore for cleanup +} + +# ---------- YAML::Syck::DumpFile error paths ---------- + +# Unwritable path (directory does not exist) +{ + my $badpath = "$tmpdir/no-such-dir/output.yml"; + my $rv = eval { YAML::Syck::DumpFile( $badpath, 'data' ) }; + like( + $@, + qr/Cannot write to/, + 'YAML DumpFile dies when parent directory does not exist' + ); + ok( !$rv, 'YAML DumpFile returns false on write failure' ); +} + +# ---------- JSON::Syck::LoadFile error paths ---------- + +# Non-existent file +{ + my $bogus = "$tmpdir/does-not-exist.json"; + my $rv = eval { JSON::Syck::LoadFile($bogus) }; + like( + $@, + qr/non-existent or empty/, + 'JSON LoadFile dies on non-existent file' + ); + is( $rv, undef, 'JSON LoadFile returns undef on non-existent file' ); +} + +# Unreadable file (skip on Windows and root) +SKIP: { + skip 'chmod not effective on Windows', 2 if $^O eq 'MSWin32'; + skip 'chmod not effective when running as root', 2 if $> == 0; + + my $noread = "$tmpdir/noread.json"; + open my $fh, '>', $noread or die "setup: $!"; + print $fh '{"hello":"world"}'; + close $fh; + chmod 0000, $noread; + + my $rv = eval { JSON::Syck::LoadFile($noread) }; + like( + $@, + qr/Cannot read from/, + 'JSON LoadFile dies on unreadable file' + ); + is( $rv, undef, 'JSON LoadFile returns undef on unreadable file' ); + + chmod 0644, $noread; # restore for cleanup +} + +# ---------- JSON::Syck::DumpFile error paths ---------- + +# Unwritable path (directory does not exist) +{ + my $badpath = "$tmpdir/no-such-dir/output.json"; + my $rv = eval { JSON::Syck::DumpFile( $badpath, { key => 'val' } ) }; + like( + $@, + qr/Cannot write to/, + 'JSON DumpFile dies when parent directory does not exist' + ); + ok( !$rv, 'JSON DumpFile returns false on write failure' ); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/t/gh-negative-float-base60.t new/YAML-Syck-1.45/t/gh-negative-float-base60.t --- old/YAML-Syck-1.44/t/gh-negative-float-base60.t 1970-01-01 01:00:00.000000000 +0100 +++ new/YAML-Syck-1.45/t/gh-negative-float-base60.t 2026-04-23 17:12:20.000000000 +0200 @@ -0,0 +1,28 @@ +use strict; +use warnings; +use Test::More; +use YAML::Syck; + +# Negative float#base60 values were incorrect because the sign was not +# stripped before the right-to-left accumulation loop. Atof("-1") applied +# the negation to only the highest segment, producing a wrong total. +# The fix mirrors the int#base60 pattern: strip sign, accumulate unsigned, +# then negate. + +local $YAML::Syck::ImplicitTyping = 1; + +# Positive float base60 (sanity check) +is( Load("--- 1:30:30.5\n"), 5430.5, "float base60 1:30:30.5 = 5430.5" ); +is( Load("--- 0:30.5\n"), 30.5, "float base60 0:30.5 = 30.5" ); +is( Load("--- 1:0:0.25\n"), 3600.25,"float base60 1:0:0.25 = 3600.25" ); + +# Negative float base60 +is( Load("--- -1:30:30.5\n"), -5430.5, "negative float base60 -1:30:30.5 = -5430.5" ); +is( Load("--- -0:30.5\n"), -30.5, "negative float base60 -0:30.5 = -30.5" ); +is( Load("--- -1:0:0.25\n"), -3600.25,"negative float base60 -1:0:0.25 = -3600.25" ); +is( Load("--- -0:0.0\n"), 0, "negative float base60 -0:0.0 = 0" ); + +# Positive sign (explicit +) +is( Load("--- +1:30:30.5\n"), 5430.5, "explicit + float base60 +1:30:30.5 = 5430.5" ); + +done_testing; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/t/json-max-depth.t new/YAML-Syck-1.45/t/json-max-depth.t --- old/YAML-Syck-1.44/t/json-max-depth.t 1970-01-01 01:00:00.000000000 +0100 +++ new/YAML-Syck-1.45/t/json-max-depth.t 2026-04-23 17:12:20.000000000 +0200 @@ -0,0 +1,50 @@ +use strict; +use warnings; +use Test::More tests => 6; +use JSON::Syck; + +# Build a nested structure of given depth +sub make_nested { + my $depth = shift; + my $data = "leaf"; + for (1..$depth) { $data = [$data]; } + return $data; +} + +# 1. Normal structures work fine +{ + my $data = { a => [1, { b => [2, 3] }, "c"] }; + my $json = eval { JSON::Syck::Dump($data) }; + ok( !$@, "shallow structure dumps without error" ); + like( $json, qr/\{/, "produces valid JSON" ); +} + +# 2. Moderate nesting within default limit works +{ + my $data = make_nested(200); + my $json = eval { JSON::Syck::Dump($data) }; + ok( !$@, "200-level nesting works with default MaxDepth" ); +} + +# 3. Deep nesting beyond default limit croaks cleanly +{ + my $data = make_nested(600); + eval { JSON::Syck::Dump($data) }; + like( $@, qr/MaxDepth/, "600-level nesting croaks with MaxDepth message" ); +} + +# 4. Increasing MaxDepth allows deeper structures +{ + local $JSON::Syck::MaxDepth = 4096; + my $data = make_nested(600); + my $json = eval { JSON::Syck::Dump($data) }; + ok( !$@, "600-level nesting works with MaxDepth=4096" ); +} + +# 5. After croak, normal dumps still work +{ + my $data = make_nested(600); + eval { JSON::Syck::Dump($data) }; + my $normal = eval { JSON::Syck::Dump({ hello => "world" }) }; + ok( !$@ && $normal, "emitter recovers after MaxDepth croak" ); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/t/leak.t new/YAML-Syck-1.45/t/leak.t --- old/YAML-Syck-1.44/t/leak.t 2026-04-01 13:50:49.000000000 +0200 +++ new/YAML-Syck-1.45/t/leak.t 2026-04-23 17:12:20.000000000 +0200 @@ -2,11 +2,11 @@ use strict; use YAML::Syck; -use Test::More tests => 12; +use Test::More tests => 14; SKIP: { eval { require Devel::Leak; require 5.8.9; 1; } - or skip( "Devel::Leak not installed or perl too old", 12 ); + or skip( "Devel::Leak not installed or perl too old", 14 ); # check if arrays leak @@ -159,4 +159,32 @@ } $diff = Devel::Leak::NoteSV($handle) - $before; is( $diff, 0, "No leaks - Dump filehandle (rt#41199)" ); + + # Check if loading binary data leaks (base64 decode buffer) + $yaml = "--- !binary //8=\n"; + + foreach ( 1 .. 100 ) { + Load($yaml); + } + + $before = Devel::Leak::NoteSV($handle); + foreach ( 1 .. 100 ) { + Load($yaml); + } + $diff = Devel::Leak::NoteSV($handle) - $before; + is( $diff, 0, "No leaks - Load binary" ); + + # Check if dumping binary data leaks (base64 encode buffer) + my $binary = "\xff\xff\x00\x80"; + + foreach ( 1 .. 100 ) { + Dump($binary); + } + + $before = Devel::Leak::NoteSV($handle); + foreach ( 1 .. 100 ) { + Dump($binary); + } + $diff = Devel::Leak::NoteSV($handle) - $before; + is( $diff, 0, "No leaks - Dump binary" ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-Syck-1.44/t/yaml-sortkeys.t new/YAML-Syck-1.45/t/yaml-sortkeys.t --- old/YAML-Syck-1.44/t/yaml-sortkeys.t 1970-01-01 01:00:00.000000000 +0100 +++ new/YAML-Syck-1.45/t/yaml-sortkeys.t 2026-04-23 17:12:20.000000000 +0200 @@ -0,0 +1,71 @@ +use strict; +use warnings; +use Test::More tests => 6; +use YAML::Syck; + +# $YAML::Syck::SortKeys defaults to 1 (true). +# When true, hash keys in Dump output are sorted lexicographically. +# When false, hash keys appear in Perl's internal iteration order. + +# Use enough keys that Perl's random hash ordering is extremely unlikely +# to coincidentally produce sorted output. +my %data = map { $_ => 1 } 'a' .. 'z'; + +# Helper to extract keys from YAML output. +# Handles both bare keys (a: 1) and quoted keys ("n": 1, "y": 1). +sub extract_keys { + my ($yaml) = @_; + my @keys; + while ($yaml =~ /^"?([a-z])"?: /mg) { + push @keys, $1; + } + return @keys; +} + +{ + # Default: SortKeys = 1 + local $YAML::Syck::SortKeys = 1; + my $yaml = YAML::Syck::Dump(\%data); + my @keys_in_yaml = extract_keys($yaml); + is_deeply(\@keys_in_yaml, [sort @keys_in_yaml], + 'SortKeys=1 emits hash keys in sorted order'); + is(scalar @keys_in_yaml, 26, 'all 26 keys present in sorted output'); +} + +{ + # SortKeys = 0 — keys are NOT guaranteed sorted. + # We can't assert a specific order (it's perl-internal), but we can + # verify that Dump still produces valid YAML with all keys present. + local $YAML::Syck::SortKeys = 0; + my $yaml = YAML::Syck::Dump(\%data); + my @keys_in_yaml = extract_keys($yaml); + is(scalar @keys_in_yaml, 26, 'SortKeys=0 still emits all 26 keys'); + + # Roundtrip: Load the unsorted output and verify data integrity + my $loaded = YAML::Syck::Load($yaml); + is_deeply($loaded, \%data, 'SortKeys=0 output roundtrips correctly'); +} + +{ + # Nested hashes: sorted keys at every level + local $YAML::Syck::SortKeys = 1; + my %nested = ( + zebra => { charlie => 1, alpha => 2, beta => 3 }, + apple => { zulu => 1, mike => 2 }, + ); + my $yaml = YAML::Syck::Dump(\%nested); + + # Top-level keys should be sorted + my @top_keys; + while ($yaml =~ /^([a-z]+):/mg) { + push @top_keys, $1 if $1 eq 'apple' || $1 eq 'zebra'; + } + is_deeply(\@top_keys, ['apple', 'zebra'], + 'SortKeys=1 sorts top-level keys'); + + # The inner keys of "zebra" should be alpha, beta, charlie + my ($zebra_block) = $yaml =~ /^zebra:\n((?: .+\n)+)/m; + my @inner_keys = ($zebra_block =~ /^\s+([a-z]+):/mg); + is_deeply(\@inner_keys, ['alpha', 'beta', 'charlie'], + 'SortKeys=1 sorts nested hash keys too'); +} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.BQ3SqQ/_old 2026-05-11 17:07:20.065458992 +0200 +++ /var/tmp/diff_new_pack.BQ3SqQ/_new 2026-05-11 17:07:20.073459321 +0200 @@ -1,6 +1,6 @@ -mtime: 1775679574 -commit: e95043311b0347358f32fdeb0d39fcfcffcc2d272d4de379c3b30bd2de1e2716 -url: https://src.opensuse.org/perl/perl-YAML-Syck.git -revision: e95043311b0347358f32fdeb0d39fcfcffcc2d272d4de379c3b30bd2de1e2716 +mtime: 1778287161 +commit: 65ba31a5f1f3b26c4d5149e3f0219058a4ad4f82ee980d141dc8fb3efaf91d2e +url: https://src.opensuse.org/perl/perl-YAML-Syck +revision: 65ba31a5f1f3b26c4d5149e3f0219058a4ad4f82ee980d141dc8fb3efaf91d2e projectscmsync: https://src.opensuse.org/perl/_ObsPrj ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-09 02:39:21.000000000 +0200 @@ -0,0 +1 @@ +.osc
