Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-Config-IniFiles for
openSUSE:Factory checked in at 2026-06-16 13:47:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Config-IniFiles (Old)
and /work/SRC/openSUSE:Factory/.perl-Config-IniFiles.new.1981 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Config-IniFiles"
Tue Jun 16 13:47:06 2026 rev:49 rq:1359605 version:3.002000
Changes:
--------
---
/work/SRC/openSUSE:Factory/perl-Config-IniFiles/perl-Config-IniFiles.changes
2026-06-12 19:25:29.881096376 +0200
+++
/work/SRC/openSUSE:Factory/.perl-Config-IniFiles.new.1981/perl-Config-IniFiles.changes
2026-06-16 13:48:47.873639088 +0200
@@ -1,0 +2,6 @@
+Mon Jun 15 11:23:23 UTC 2026 - Tina Müller <[email protected]>
+
+- updated to 3.002000
+ see /usr/share/doc/packages/perl-Config-IniFiles/Changes
+
+-------------------------------------------------------------------
@@ -5,0 +12,6 @@
+ * Fix for CVE 2026-11527 . bsc#1268236
+ - 2 args open() call
+ - See t/38security-open.t
+ * Add t/19utf8.t .
+ - https://github.com/shlomif/perl-Config-IniFiles/issues/14
+ - Thanks to @rdiez .
Old:
----
Config-IniFiles-3.001000.tar.gz
New:
----
Config-IniFiles-3.002000.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Config-IniFiles.spec ++++++
--- /var/tmp/diff_new_pack.dw69AY/_old 2026-06-16 13:48:50.601752904 +0200
+++ /var/tmp/diff_new_pack.dw69AY/_new 2026-06-16 13:48:50.605753071 +0200
@@ -18,7 +18,7 @@
%define cpan_name Config-IniFiles
Name: perl-Config-IniFiles
-Version: 3.001000
+Version: 3.002000
Release: 0
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Module for reading .ini-style configuration files
++++++ Config-IniFiles-3.001000.tar.gz -> Config-IniFiles-3.002000.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Config-IniFiles-3.001000/Build.PL
new/Config-IniFiles-3.002000/Build.PL
--- old/Config-IniFiles-3.001000/Build.PL 2026-06-11 08:34:02.000000000
+0200
+++ new/Config-IniFiles-3.002000/Build.PL 2026-06-14 17:21:10.000000000
+0200
@@ -19,7 +19,7 @@
"Shlomi Fish <shlomif\@cpan.org>"
],
"dist_name" => "Config-IniFiles",
- "dist_version" => "3.001000",
+ "dist_version" => "3.002000",
"license" => "perl",
"module_name" => "Config::IniFiles",
"recursive_test_files" => 1,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Config-IniFiles-3.001000/Changes
new/Config-IniFiles-3.002000/Changes
--- old/Config-IniFiles-3.001000/Changes 2026-06-11 08:34:02.000000000
+0200
+++ new/Config-IniFiles-3.002000/Changes 2026-06-14 17:21:10.000000000
+0200
@@ -1,6 +1,14 @@
+3.002000 2026-06-14
+ * Refactor t/38security-open.t .
+ * Clean up Changes (= this file)
+
3.001000 2026-06-08
* Fix for CVE 2026-11527 .
+ - 2 args open() call
+ - See t/38security-open.t
* Add t/19utf8.t .
+ - https://github.com/shlomif/perl-Config-IniFiles/issues/14
+ - Thanks to @rdiez .
3.000003 2020-03-24
* Fix stray non-ASCII characters in the versions in the Changes log.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Config-IniFiles-3.001000/META.json
new/Config-IniFiles-3.002000/META.json
--- old/Config-IniFiles-3.001000/META.json 2026-06-11 08:34:02.000000000
+0200
+++ new/Config-IniFiles-3.002000/META.json 2026-06-14 17:21:10.000000000
+0200
@@ -86,7 +86,7 @@
"provides" : {
"Config::IniFiles" : {
"file" : "lib/Config/IniFiles.pm",
- "version" : "3.001000"
+ "version" : "3.002000"
}
},
"release_status" : "stable",
@@ -101,7 +101,7 @@
"web" : "https://github.com/shlomif/perl-Config-IniFiles";
}
},
- "version" : "3.001000",
+ "version" : "3.002000",
"x_Dist_Zilla" : {
"perl" : {
"version" : "5.042002"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Config-IniFiles-3.001000/META.yml
new/Config-IniFiles-3.002000/META.yml
--- old/Config-IniFiles-3.001000/META.yml 2026-06-11 08:34:02.000000000
+0200
+++ new/Config-IniFiles-3.002000/META.yml 2026-06-14 17:21:10.000000000
+0200
@@ -42,7 +42,7 @@
provides:
Config::IniFiles:
file: lib/Config/IniFiles.pm
- version: '3.001000'
+ version: '3.002000'
requires:
Carp: '0'
Fcntl: '0'
@@ -59,7 +59,7 @@
bugtracker: https://github.com/shlomif/perl-Config-IniFiles/issues
homepage: http://metacpan.org/release/Config-IniFiles
repository: git://github.com/shlomif/perl-Config-IniFiles.git
-version: '3.001000'
+version: '3.002000'
x_Dist_Zilla:
perl:
version: '5.042002'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Config-IniFiles-3.001000/Makefile.PL
new/Config-IniFiles-3.002000/Makefile.PL
--- old/Config-IniFiles-3.001000/Makefile.PL 2026-06-11 08:34:02.000000000
+0200
+++ new/Config-IniFiles-3.002000/Makefile.PL 2026-06-14 17:21:10.000000000
+0200
@@ -48,7 +48,7 @@
"parent" => 0,
"utf8" => 0
},
- "VERSION" => "3.001000",
+ "VERSION" => "3.002000",
"test" => {
"TESTS" => "t/*.t"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Config-IniFiles-3.001000/dist.ini
new/Config-IniFiles-3.002000/dist.ini
--- old/Config-IniFiles-3.001000/dist.ini 2026-06-11 08:34:02.000000000
+0200
+++ new/Config-IniFiles-3.002000/dist.ini 2026-06-14 17:21:10.000000000
+0200
@@ -1,8 +1,8 @@
-name = Config-IniFiles
-author = Shlomi Fish <[email protected]>
-license = Perl_5
+author = Shlomi Fish <[email protected]>
copyright_holder = RBOW and others
-copyright_year = 2000
+copyright_year = 2000
+license = Perl_5
+name = Config-IniFiles
[@Filter]
-bundle = @SHLOMIF
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Config-IniFiles-3.001000/lib/Config/IniFiles.pm
new/Config-IniFiles-3.002000/lib/Config/IniFiles.pm
--- old/Config-IniFiles-3.001000/lib/Config/IniFiles.pm 2026-06-11
08:34:02.000000000 +0200
+++ new/Config-IniFiles-3.002000/lib/Config/IniFiles.pm 2026-06-14
17:21:10.000000000 +0200
@@ -4,7 +4,7 @@
use strict;
use warnings;
-our $VERSION = '3.001000';
+our $VERSION = '3.002000';
use Carp;
use Symbol 'gensym', 'qualify_to_ref'; # For the 'any data type' hack
use Fcntl qw( SEEK_SET SEEK_CUR );
@@ -2394,7 +2394,7 @@
=head1 VERSION
-version 3.001000
+version 3.002000
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Config-IniFiles-3.001000/scripts/tag-release.pl
new/Config-IniFiles-3.002000/scripts/tag-release.pl
--- old/Config-IniFiles-3.001000/scripts/tag-release.pl 2026-06-11
08:34:02.000000000 +0200
+++ new/Config-IniFiles-3.002000/scripts/tag-release.pl 2026-06-14
17:21:10.000000000 +0200
@@ -1,23 +1,24 @@
-#!/usr/bin/perl
+#! /usr/bin/env perl
use strict;
use warnings;
-use IO::All qw/ io /;
+use Path::Tiny qw/ path /;
my ($version) =
( map { m{\$VERSION *= *'([^']+)'} ? ($1) : () }
- io->file('lib/Config/IniFiles.pm')->getlines() );
+ path("./lib/Config/IniFiles/")->lines_utf8() );
if ( !defined($version) )
{
die "Version is undefined!";
}
-my @cmd = (
- "git", "tag", "-m", "Tagging the Config-IniFiles release as $version",
- "releases/$version",
-);
+my $DIST = "Config-IniFiles";
+my $TAG = "releases/$version";
+
+my @cmd =
+ ( "git", "tag", "-m", "Tagging the $DIST release as $version", "$TAG", );
print join( " ", map { /\s/ ? qq{"$_"} : $_ } @cmd ), "\n";
exec(@cmd);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Config-IniFiles-3.001000/t/38security-open.t
new/Config-IniFiles-3.002000/t/38security-open.t
--- old/Config-IniFiles-3.001000/t/38security-open.t 2026-06-11
08:34:02.000000000 +0200
+++ new/Config-IniFiles-3.002000/t/38security-open.t 2026-06-14
17:21:10.000000000 +0200
@@ -1,4 +1,5 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
+
# Regression test for the 2-arg open() in _make_filehandle.
#
# _make_filehandle is the open path behind the -file argument (new ->
ReadConfig
@@ -9,9 +10,9 @@
use strict;
use warnings;
-use Config::IniFiles;
-use File::Temp qw( tempdir );
-use File::Spec;
+use Config::IniFiles ();
+use File::Temp qw( tempdir );
+use File::Spec ();
use Test::More tests => 5;
my $dir = tempdir( CLEANUP => 1 );
@@ -21,6 +22,8 @@
my $marker = File::Spec->catfile( $dir, "pwned_read" );
my $fh = eval { Config::IniFiles->_make_filehandle("touch $marker |")
};
close $fh if $fh;
+
+ # TEST
ok !-e $marker, "trailing-pipe payload does not execute a command";
}
@@ -29,6 +32,8 @@
my $marker = File::Spec->catfile( $dir, "pwned_write" );
my $fh = eval { Config::IniFiles->_make_filehandle("| touch $marker")
};
close $fh if $fh;
+
+ # TEST
ok !-e $marker, "leading-pipe payload does not execute a command";
}
@@ -40,6 +45,8 @@
close $fh;
my $made = eval { Config::IniFiles->_make_filehandle("> $victim") };
close $made if $made;
+
+ # TEST
is -s $victim, 15, "redirect payload does not truncate a file";
}
@@ -50,6 +57,8 @@
print $fh "x\n";
close $fh;
my $opened = eval { Config::IniFiles->_make_filehandle($real) };
+
+ # TEST
ok $opened, "plain filename still opens as a file";
}
@@ -62,5 +71,7 @@
print $fh "x\n";
close $fh;
my $padded = eval { Config::IniFiles->_make_filehandle("$real\n") };
+
+ # TEST
ok !$padded, "trailing whitespace is significant (filename not trimmed)";
}
++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.dw69AY/_old 2026-06-16 13:48:51.409786615 +0200
+++ /var/tmp/diff_new_pack.dw69AY/_new 2026-06-16 13:48:51.449788284 +0200
@@ -1,6 +1,6 @@
-mtime: 1781169646
-commit: 2cb550d60599a990efa4a012f8200ed77bd40f275447c548a8c506e844c114c2
+mtime: 1781537421
+commit: 5dad2b06b31f2975ae22257d40db26fbf2f5d5a24bf17ef09bfba74636987830
url: https://src.opensuse.org/perl/perl-Config-IniFiles
-revision: 2cb550d60599a990efa4a012f8200ed77bd40f275447c548a8c506e844c114c2
+revision: 5dad2b06b31f2975ae22257d40db26fbf2f5d5a24bf17ef09bfba74636987830
projectscmsync: https://src.opensuse.org/perl/_ObsPrj
++++++ build.specials.obscpio ++++++
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2026-06-15 17:30:21.000000000 +0200
@@ -0,0 +1 @@
+.osc
