This is an automated email from the git hooks/post-receive script. lamby pushed a commit to branch master in repository lintian.
commit d200a280aa2f0527883a95d41c4545b36b9d8106 Author: Chris Lamb <la...@debian.org> Date: Wed Apr 4 14:31:24 2018 +0100 Update the re-enabling on YAML parsing to support all versions of libyaml-libyaml-perl. This avoids a backport. --- checks/upstream-metadata.pm | 2 ++ debian/changelog | 4 ++-- debian/control | 4 ++-- t/tests/upstream-metadata-invalid-yml/desc | 1 + 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/checks/upstream-metadata.pm b/checks/upstream-metadata.pm index 4e2da86..5e58ae6 100644 --- a/checks/upstream-metadata.pm +++ b/checks/upstream-metadata.pm @@ -39,6 +39,8 @@ sub run { } if ($yamlfile->is_open_ok) { + # Need 0.69 for $LoadBlessed (#861958) + return if $YAML::XS::VERSION < 0.69; my $yaml; eval { $yaml = YAML::XS::LoadFile($yamlfile->fs_path); }; if (!$yaml) { diff --git a/debian/changelog b/debian/changelog index 0135a08..320adaa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -34,8 +34,8 @@ lintian (2.5.81) UNRELEASED; urgency=medium * checks/upstream-metadata.pm: + Re-enable YAML parsing of upstream metadata which was disabled in 2.5.51 (via #861958) to close CVE-2017-8829 as we can now use the - $LoadBlessed option of YAML:XS. Thanks to Dylan Aïssi for the - report. (Closes: #894747) + $LoadBlessed option of YAML::XS if we have version 0.69 or above + Thanks to Dylan Aïssi for the report. (Closes: #894747) * lib/Lintian/Check.pm: + [CL] Avoid false positives in spelling detection by allowing "(s)" diff --git a/debian/control b/debian/control index 6337ab4..8bdf463 100644 --- a/debian/control +++ b/debian/control @@ -55,7 +55,7 @@ Build-Depends: aspell <!nocheck>, libtext-template-perl <!nocheck>, libtimedate-perl <!nocheck>, liburi-perl <!nocheck>, - libyaml-libyaml-perl (>= 0.69) <!nocheck>, + libyaml-libyaml-perl <!nocheck>, libxml-simple-perl <!nocheck>, man-db <!nocheck>, node-uglify <!nocheck>, @@ -102,7 +102,7 @@ Depends: binutils, libtext-levenshtein-perl, libtimedate-perl, liburi-perl, - libyaml-libyaml-perl (>= 0.69), + libyaml-libyaml-perl, libxml-simple-perl, man-db, patchutils, diff --git a/t/tests/upstream-metadata-invalid-yml/desc b/t/tests/upstream-metadata-invalid-yml/desc index fb4d259..fc7a1c7 100644 --- a/t/tests/upstream-metadata-invalid-yml/desc +++ b/t/tests/upstream-metadata-invalid-yml/desc @@ -1,4 +1,5 @@ Testname: upstream-metadata-invalid-yml Version: 1.0 Description: Tests for upstream-metadata being invalid yml +Test-Depends: libyaml-libyaml-perl (>= 0.69) Test-For: upstream-metadata-yaml-invalid -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git