Hello community,
here is the log from the commit of package perl-Image-Info for openSUSE:Factory
checked in at 2016-11-04 20:59:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Image-Info (Old)
and /work/SRC/openSUSE:Factory/.perl-Image-Info.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Image-Info"
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-Image-Info/perl-Image-Info.changes
2015-04-22 01:18:43.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.perl-Image-Info.new/perl-Image-Info.changes
2016-11-04 20:59:47.000000000 +0100
@@ -1,0 +2,24 @@
+Sat Oct 8 14:33:01 UTC 2016 - co...@suse.com
+
+- updated to 1.39
+ see /usr/share/doc/packages/perl-Image-Info/CHANGES
+
+ 2016-10-08 Slaven Rezic <sla...@rezic.de>
+
+ Release 1.39
+
+ Stable release with all changes in 1.38_50..1.38_51
+
+ 2016-10-01 Slaven Rezic <sla...@rezic.de>
+
+ Release 1.38_51
+
+ Just recreated distribution with a changed SIGNATURE.
+
+ Release 1.38_50
+
+ Don't allow XXE (XML External Entities) processing while parsing
+ SVG files. Addresses RT #118205. This is a potentially
+ incompatible change; however usually SVG files do not rely on XXE.
+
+-------------------------------------------------------------------
Old:
----
Image-Info-1.38.tar.gz
New:
----
Image-Info-1.39.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Image-Info.spec ++++++
--- /var/tmp/diff_new_pack.Cc5NSO/_old 2016-11-04 20:59:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Cc5NSO/_new 2016-11-04 20:59:48.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package perl-Image-Info
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: perl-Image-Info
-Version: 1.38
+Version: 1.39
Release: 0
%define cpan_name Image-Info
Summary: Extract meta information from image files
@@ -44,7 +44,7 @@
%prep
%setup -q -n %{cpan_name}-%{version}
-find . -type f -print0 | xargs -0 chmod 644
+find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
++++++ Image-Info-1.38.tar.gz -> Image-Info-1.39.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/CHANGES new/Image-Info-1.39/CHANGES
--- old/Image-Info-1.38/CHANGES 2015-04-20 06:46:24.000000000 +0200
+++ new/Image-Info-1.39/CHANGES 2016-10-08 10:58:57.000000000 +0200
@@ -1,5 +1,23 @@
Revision history for Image::Info
+2016-10-08 Slaven Rezic <sla...@rezic.de>
+
+ Release 1.39
+
+ Stable release with all changes in 1.38_50..1.38_51
+
+2016-10-01 Slaven Rezic <sla...@rezic.de>
+
+ Release 1.38_51
+
+ Just recreated distribution with a changed SIGNATURE.
+
+ Release 1.38_50
+
+ Don't allow XXE (XML External Entities) processing while parsing
+ SVG files. Addresses RT #118205. This is a potentially
+ incompatible change; however usually SVG files do not rely on XXE.
+
2015-04-19 Slaven Rezic <sla...@rezic.de>
Release 1.38
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/MANIFEST new/Image-Info-1.39/MANIFEST
--- old/Image-Info-1.38/MANIFEST 2015-04-20 06:57:39.000000000 +0200
+++ new/Image-Info-1.39/MANIFEST 2016-10-08 11:00:28.000000000 +0200
@@ -35,6 +35,7 @@
img/test1-fuji.jpg Testcase for RT #49546
img/tiny.pgm
img/upside-down.bmp
+img/xxe.svg Testcase for RT #118099
img/ztxt.png PNG example with ztxt chunk
imgdump Test driver script
lib/Bundle/Image/Info/Everything.pm
@@ -80,8 +81,11 @@
t/tiff_segfault.t
t/tiny-pgm.t
t/wbmp.t
+t/xbm.t
+t/xpm.t
TODO
xt/kwalitee.t
+xt/rt118099.t
xt/strict.t
xt/synopsis.t
META.yml Module YAML meta-data (added by
MakeMaker)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/MANIFEST.SKIP
new/Image-Info-1.39/MANIFEST.SKIP
--- old/Image-Info-1.38/MANIFEST.SKIP 2013-10-21 08:11:18.000000000 +0200
+++ new/Image-Info-1.39/MANIFEST.SKIP 2016-01-23 15:58:19.000000000 +0100
@@ -7,6 +7,7 @@
^\.git/
^\.prove\z
^\.travis\.yml\z
+^appveyor\.yml\z
^MYMETA.json$
^MYMETA.yml$
# Temporarily, until Module::Install is fixed (0.93 is broken)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/META.json
new/Image-Info-1.39/META.json
--- old/Image-Info-1.38/META.json 2015-04-20 06:57:38.000000000 +0200
+++ new/Image-Info-1.39/META.json 2016-10-08 11:00:28.000000000 +0200
@@ -54,5 +54,5 @@
"url" : "git://github.com/eserte/image-info.git"
}
},
- "version" : "1.38"
+ "version" : "1.39"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/META.yml new/Image-Info-1.39/META.yml
--- old/Image-Info-1.38/META.yml 2015-04-20 06:57:38.000000000 +0200
+++ new/Image-Info-1.39/META.yml 2016-10-08 11:00:28.000000000 +0200
@@ -32,4 +32,4 @@
perl: 5.006
resources:
repository: git://github.com/eserte/image-info.git
-version: 1.38
+version: 1.39
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/SIGNATURE
new/Image-Info-1.39/SIGNATURE
--- old/Image-Info-1.38/SIGNATURE 2015-04-20 06:57:41.000000000 +0200
+++ new/Image-Info-1.39/SIGNATURE 2016-10-08 11:00:31.000000000 +0200
@@ -1,5 +1,5 @@
This file contains message digests of all files listed in MANIFEST,
-signed via the Module::Signature module, version 0.73.
+signed via the Module::Signature module, version 0.79.
To verify the content in this distribution, first make sure you have
Module::Signature installed, then type:
@@ -15,16 +15,16 @@
Hash: SHA1
SHA1 c82d6187bf83f92dcd4a4ba9ab8341c3edcc094a .gitignore
-SHA1 93e03daefbe0bfec3c418f671d6ee7206e17e47d CHANGES
+SHA1 18df8534822879a76fb2fc3de73c6bbbcf5913c5 CHANGES
SHA1 517bff80bcf518746150086148acaf8cfa37a17d CREDITS
-SHA1 8b13b87882e8e171d87da8495e868415b49a15c9 MANIFEST
-SHA1 396a95962b71b01b3032a31ff5f12a33984c2644 MANIFEST.SKIP
-SHA1 3660da7a8d216cff8b7e11c91ea3ce2bc34b037e META.json
-SHA1 4ebc7bd648c8aa6dd8aedd49a4b233084dbeaf1f META.yml
+SHA1 cdfc42491a4cdaa42af14d791cb39e775f719de7 MANIFEST
+SHA1 7508fd127843a69e30ba4f58f4b4e769f20d49e2 MANIFEST.SKIP
+SHA1 a795c4a5e7b98bff04358eb76cf20aad1df594f8 META.json
+SHA1 cd7397c601ded669e612431c41d4f2f4551bb66b META.yml
SHA1 fd14642d591e132078fc91a8e54a4a4fed927f46 Makefile.PL
SHA1 0184503d850cb0d34d0cfe26bd5af84d4cf97dbc README
SHA1 36ea8eabe5ac80acc416411aae77b60e1480de1b TODO
-SHA1 0e763171d566addcfff34c7309979a27326b33dd dev/Info.pm.tmpl
+SHA1 dead80ea15a681cb679b5c9dd734ed5a6efd97d7 dev/Info.pm.tmpl
SHA1 c11e7408bd16d35b2116ee47eaac4f08266be902 dev/build.pl
SHA1 38b386e67725abff64ea00abb8e92c46f38e2f59 exifdump
SHA1 0e2ed058a8e6b748c639b08064f6782c4f51d643 img/bad-exif-1.jpg
@@ -58,6 +58,7 @@
SHA1 603d6eed47d8822cf4bae53bafa18b8044c035a6 img/test1-fuji.jpg
SHA1 d33e338aa7a45dc6fa4cefcdd376916e2267f3f9 img/tiny.pgm
SHA1 e403a1722e5d26002d8afbf29bd497c60f8ee05f img/upside-down.bmp
+SHA1 5023229b3010b9e9ec663ce10e29bd3cbe5486c8 img/xxe.svg
SHA1 684ef627299906409c258ed2a66990a26dd13794 img/ztxt.png
SHA1 376cc1bd8424b1123f0073df81ce5433be4df58e imgdump
SHA1 b28345eb7918c00c9e8190b9b5ebabb326a84d91
lib/Bundle/Image/Info/Everything.pm
@@ -65,16 +66,16 @@
SHA1 777028fc6271fc140b361904b7ff29053d404144 lib/Bundle/Image/Info/SVG.pm
SHA1 ebdf279c647010c1fa17b0003238debdc3e1f80b lib/Bundle/Image/Info/XBM.pm
SHA1 df3482b8e4a6c7b140ebbb1dc0ab56dc60a8e7e7 lib/Bundle/Image/Info/XPM.pm
-SHA1 68d6cc00378159751743e38f955927fe68d5a948 lib/Image/Info.pm
+SHA1 66bb175e528352f44a1f3cdf72c1689fa1ae9f0b lib/Image/Info.pm
SHA1 6991a957bacde9d3b873184d90d910d083f5f403 lib/Image/Info/BMP.pm
SHA1 0996bffe073126dceb72c04dc5b3002c78c24d56 lib/Image/Info/GIF.pm
SHA1 fb628cb66c566ab66a1b7953a1bb29cfde1c79c7 lib/Image/Info/ICO.pm
SHA1 cb662c31e3429214bdc9f1e7b65fac2c4198f689 lib/Image/Info/JPEG.pm
SHA1 df4bd657aae33fe5ef9cbad6546674ec2de9d53f lib/Image/Info/PNG.pm
SHA1 1b69276ab386d1795469773d6af70ff510c15feb lib/Image/Info/PPM.pm
-SHA1 0de5432c7e9100ee06b6da29ac25114e3a07a783 lib/Image/Info/SVG.pm
-SHA1 e2c4f7ff2bba5a50e2de64e5b43d78fd44b00d6c
lib/Image/Info/SVG/XMLLibXMLReader.pm
-SHA1 827501c639b7db47dac2a7e050df6bf887f08161 lib/Image/Info/SVG/XMLSimple.pm
+SHA1 67fcd8cd40c30bf4fb995e232fd51bc261607bd8 lib/Image/Info/SVG.pm
+SHA1 c8aa83ad22ff1684a40bae3f37fccc358842b1d1
lib/Image/Info/SVG/XMLLibXMLReader.pm
+SHA1 c1fe64b6ad5faeeab7d690cd44fd0feaf56952ee lib/Image/Info/SVG/XMLSimple.pm
SHA1 7ed4635fb08eaa8099f0b17ab25c62aabc52437f lib/Image/Info/TIFF.pm
SHA1 ed6fde11752d6450756c815b2dca25f9ad1740d9 lib/Image/Info/WBMP.pm
SHA1 5c896ca4cc89715527f4207bae3c1e3c7a26286a lib/Image/Info/XBM.pm
@@ -99,13 +100,20 @@
SHA1 c08bf003a891603d6f5f098425a70680a699e31a t/tiff_segfault.t
SHA1 0a5f7c518af4b72fd76fa8def1f51e8691727bdd t/tiny-pgm.t
SHA1 7d7708b0392491f75eb9b68289469c1a488453ca t/wbmp.t
+SHA1 cea87cb4a68f31dd245d911d0c43b581939c3f34 t/xbm.t
+SHA1 982933644977d3879d1b2a269bdfb1ef45723481 t/xpm.t
SHA1 4396e44dfbfe4c2ff26d115bc0eadbce507b7bf0 xt/kwalitee.t
+SHA1 14f51fc143d06dad6d47a810596799652928221e xt/rt118099.t
SHA1 6ef907e37bb4840f96f8d5b16b47991806f21f31 xt/strict.t
-SHA1 40f46c65b4865610c38eeb3cf05482c53e058180 xt/synopsis.t
+SHA1 776c2c96e3155a622221cb1c4989579a652452d7 xt/synopsis.t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-iQBVAwUBVTSHQ79kDNo3Bl+NAQKFagH9FCG+u23Ji0qRMEtZtkEtg9YQw54JrRoE
-mQMsiLIavzZLijrOBxobPzLjpztrcEi9fRAZI9iFyUYGIfqRQWnL9A==
-=6Aux
+iQEcBAEBAgAGBQJX+LWsAAoJEN1GkmBlfE8/pMcH/2mmY3ZFFh6qDY5H/KIMx3Jv
+yTxAUGQCyWrkD/Y24RxnYJXf4PiLoh6wrBfbBfHos+AY9vlGOUvXzC171SispnWg
+BRxfISxbt3fGGGKUCrFm2qBAtGZxE38JVG9gDduaF3IPyoBauxftfj5FrLp/8o3J
+6ejYLnBbpcjhyI6hqa3JCZ2rxVY5/VqVT2rrsHRyitlt9Kryj38PP8VqWsHk28VJ
+GHwPRb/Hf/hG5XDGQt5IKGHFlqdsioT+hv6RAqidw554nRJRDF3FsvGz8D6yt5nq
+trdOn9AWgE9brQJqeDN3oGFUonRCccgF23YXEgRS/9kK5MQF+vPBWq6KALbqk9c=
+=Ng5/
-----END PGP SIGNATURE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/dev/Info.pm.tmpl
new/Image-Info-1.39/dev/Info.pm.tmpl
--- old/Image-Info-1.38/dev/Info.pm.tmpl 2015-04-20 06:46:24.000000000
+0200
+++ new/Image-Info-1.39/dev/Info.pm.tmpl 2016-10-08 10:59:06.000000000
+0200
@@ -13,12 +13,12 @@
# modify it under the same terms as Perl v5.8.8 itself.
#
# Previously maintained by Tels - (c) 2006 - 2008.
-# Currently maintained by Slaven Rezic - (c) 2008 - 2015.
+# Currently maintained by Slaven Rezic - (c) 2008 - 2016.
use strict;
use vars qw($VERSION @EXPORT_OK);
-$VERSION = '1.38';
+$VERSION = '1.39';
require Exporter;
*import = \&Exporter::import;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/img/xxe.svg
new/Image-Info-1.39/img/xxe.svg
--- old/Image-Info-1.38/img/xxe.svg 1970-01-01 01:00:00.000000000 +0100
+++ new/Image-Info-1.39/img/xxe.svg 2016-10-01 17:27:34.000000000 +0200
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE foo [
+ <!ELEMENT foo ANY >
+ <!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg";
+ xmlns="http://www.w3.org/2000/svg";
+ version="1.0"
+ width="864"
+ height="648">
+ <path
+ d="M 432,0 L 594,0 L 594,36 L 432,36 L 432,0 z"/>
+ &xxe;
+</svg>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Image-Info-1.38/lib/Image/Info/SVG/XMLLibXMLReader.pm
new/Image-Info-1.39/lib/Image/Info/SVG/XMLLibXMLReader.pm
--- old/Image-Info-1.38/lib/Image/Info/SVG/XMLLibXMLReader.pm 2009-12-12
12:06:58.000000000 +0100
+++ new/Image-Info-1.39/lib/Image/Info/SVG/XMLLibXMLReader.pm 2016-10-01
17:27:34.000000000 +0200
@@ -4,7 +4,7 @@
# $Id: Image_Info_SVG_LibXML.pm,v 1.2 2008/11/22 14:34:16 eserte Exp eserte $
# Author: Slaven Rezic
#
-# Copyright (C) 2008,2009 Slaven Rezic. All rights reserved.
+# Copyright (C) 2008,2009,2016 Slaven Rezic. All rights reserved.
# This package is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
#
@@ -16,7 +16,7 @@
use strict;
use vars qw($VERSION);
-$VERSION = '1.04';
+$VERSION = '1.05';
use XML::LibXML::Reader;
@@ -30,7 +30,7 @@
push(@warnings, @_);
};
- my $reader = XML::LibXML::Reader->new(IO => $source, load_ext_dtd => 0)
+ my $reader = XML::LibXML::Reader->new(IO => $source, load_ext_dtd => 0,
expand_entities => 0)
or die "Cannot read SVG from handle '$source'";
while($reader->read) {
last if $reader->nodeType == XML_READER_TYPE_ELEMENT;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/lib/Image/Info/SVG/XMLSimple.pm
new/Image-Info-1.39/lib/Image/Info/SVG/XMLSimple.pm
--- old/Image-Info-1.38/lib/Image/Info/SVG/XMLSimple.pm 2009-09-15
19:59:46.000000000 +0200
+++ new/Image-Info-1.39/lib/Image/Info/SVG/XMLSimple.pm 2016-10-01
17:27:34.000000000 +0200
@@ -1,6 +1,6 @@
package Image::Info::SVG::XMLSimple;
-$VERSION = '1.04';
+$VERSION = '1.05';
use strict;
no strict 'refs';
@@ -36,6 +36,12 @@
push(@warnings, @_);
};
+ # XML::SAX::PurePerl is the only SAX parser which is not capable
+ # of expanding external entities, so it's the only one not
+ # vulnerable against XXE processing. On the other hand,
+ # XML::SAX::PurePerl is probably the slowest parser, but for
+ # speed one should use XML::LibXML instead.
+ local $XML::Simple::PREFERRED_PARSER = 'XML::SAX::PurePerl';
$xs = XML::Simple->new;
$img = $xs->XMLin($imgdata);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/lib/Image/Info/SVG.pm
new/Image-Info-1.39/lib/Image/Info/SVG.pm
--- old/Image-Info-1.38/lib/Image/Info/SVG.pm 2011-12-28 22:50:25.000000000
+0100
+++ new/Image-Info-1.39/lib/Image/Info/SVG.pm 2016-10-01 17:27:34.000000000
+0200
@@ -3,7 +3,7 @@
#
# Author: Slaven Rezic
#
-# Copyright (C) 2009,2011 Slaven Rezic. All rights reserved.
+# Copyright (C) 2009,2011,2016 Slaven Rezic. All rights reserved.
# This package is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
#
@@ -12,7 +12,7 @@
use strict;
use vars qw($VERSION @PREFER_MODULE $USING_MODULE);
-$VERSION = '2.02';
+$VERSION = '2.03';
@PREFER_MODULE = qw(Image::Info::SVG::XMLLibXMLReader
Image::Info::SVG::XMLSimple
@@ -100,7 +100,7 @@
Previous versions (until Image-Info-1.28) used L<XML::Simple> as the
underlying parser. Since Image-Info-1.29 the default parser is
-L<XML::LibXML::Reader> (which is much more faster, memory-efficient,
+L<XML::LibXML::Reader> which is much more faster, memory-efficient,
and does not rely on regular expressions for some aspects of XML
parsing. If for some reason you need the old parser, you can force it
by setting the variable C<@Image::Info::SVG::PREFER_MODULE> as early
@@ -112,9 +112,19 @@
The variable C<$Image::Info::SVG::USING_MODULE> can be queried to see
which parser is in use (after B<Image::Info::SVG> is required).
+Since 1.38_50 processing of XML external entities (XXE) is not done
+anymore for security reasons in both backends
+(B<Image::Info::SVG::XMLLibXMLReader> and
+B<Image::Info::SVG::XMLSimple>). Controlling XXE processing behavior
+in B<XML::Simple> is not really possible (see
+L<https://rt.cpan.org/Ticket/Display.html?id=83794>), so as a
+workaround the underlying SAX parser is fixed to L<XML::SAX::PurePerl>
+which is uncapable of processing external entities E<0x2014> but
+unfortunately it is also a slow parser.
+
=head1 SEE ALSO
-L<Image::Info>, L<XML::LibXML::Reader>, L<XML::Simple>
+L<Image::Info>, L<XML::LibXML::Reader>, L<XML::Simple>, L<XML::SAX::PurePerl>
=head1 NOTES
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/lib/Image/Info.pm
new/Image-Info-1.39/lib/Image/Info.pm
--- old/Image-Info-1.38/lib/Image/Info.pm 2015-04-20 06:57:05.000000000
+0200
+++ new/Image-Info-1.39/lib/Image/Info.pm 2016-10-08 11:00:08.000000000
+0200
@@ -13,12 +13,12 @@
# modify it under the same terms as Perl v5.8.8 itself.
#
# Previously maintained by Tels - (c) 2006 - 2008.
-# Currently maintained by Slaven Rezic - (c) 2008 - 2015.
+# Currently maintained by Slaven Rezic - (c) 2008 - 2016.
use strict;
use vars qw($VERSION @EXPORT_OK);
-$VERSION = '1.38';
+$VERSION = '1.39';
require Exporter;
*import = \&Exporter::import;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/t/xbm.t new/Image-Info-1.39/t/xbm.t
--- old/Image-Info-1.38/t/xbm.t 1970-01-01 01:00:00.000000000 +0100
+++ new/Image-Info-1.39/t/xbm.t 2016-06-09 18:47:38.000000000 +0200
@@ -0,0 +1,33 @@
+#!/usr/bin/perl
+use warnings;
+use strict;
+
+use Test::More;
+BEGIN
+ {
+ plan tests => 8;
+ chdir 't' if -d 't';
+ use lib '../lib';
+ use lib '../blib';
+ use_ok ("Image::Info") or die $@;
+ };
+
+use Image::Info qw(image_info dim);
+
+SKIP: {
+skip 'Image::Xbm needed for the test', 7 unless eval { require Image::Xbm };
+
+my $i = image_info("../img/test.xbm")
+ || die ("Couldn't read test.xbm: $!");
+
+# use Data::Dumper; diag Dumper($i), "\n";
+
+is ($i->{BitsPerSample}, 1, 'BitsPerSample');
+is ($i->{SamplesPerPixel}, 1, 'SamplesPerPixel');
+is ($i->{file_media_type}, 'image/x-xbitmap', 'media type');
+is ($i->{ColorTableSize}, 2, '2 colors');
+is ($i->{color_type}, 'Grey', 'color_type');
+is ($i->{file_ext}, 'xbm', 'file_ext');
+
+is (dim($i), '6x6', 'dim()');
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/t/xpm.t new/Image-Info-1.39/t/xpm.t
--- old/Image-Info-1.38/t/xpm.t 1970-01-01 01:00:00.000000000 +0100
+++ new/Image-Info-1.39/t/xpm.t 2016-06-09 18:47:38.000000000 +0200
@@ -0,0 +1,34 @@
+#!/usr/bin/perl
+use warnings;
+use strict;
+
+use Test::More;
+BEGIN
+ {
+ plan tests => 9;
+ chdir 't' if -d 't';
+ use lib '../lib';
+ use lib '../blib';
+ use_ok ("Image::Info") or die $@;
+ };
+
+use Image::Info qw(image_info dim);
+
+SKIP: {
+skip 'Image::Xpm needed for the test', 8 unless eval { require Image::Xpm };
+
+my $i = image_info("../img/test.xpm")
+ || die ("Couldn't read test.xpm: $!");
+
+# use Data::Dumper; print Dumper($i), "\n";
+
+is ($i->{ColorResolution}, 8, 'ColorResoltuion');
+is ($i->{BitsPerSample}, 8, 'BitsPerSample');
+is ($i->{SamplesPerPixel}, 1, 'SamplesPerPixel');
+is ($i->{file_media_type}, 'image/x-xpixmap', 'media type');
+is ($i->{ColorTableSize}, 2, '2 colors');
+is ($i->{color_type}, 'Indexed-RGB', 'color_type');
+is ($i->{file_ext}, 'xpm', 'file_ext');
+
+is (dim($i), '127x13', 'dim()');
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/xt/rt118099.t
new/Image-Info-1.39/xt/rt118099.t
--- old/Image-Info-1.38/xt/rt118099.t 1970-01-01 01:00:00.000000000 +0100
+++ new/Image-Info-1.39/xt/rt118099.t 2016-10-01 17:27:34.000000000 +0200
@@ -0,0 +1,69 @@
+#!/usr/bin/perl -w
+# -*- cperl -*-
+
+#
+# Author: Slaven Rezic
+#
+
+use strict;
+use FindBin;
+use IPC::Run 'run';
+use List::Util 'sum';
+use Test::More;
+
+plan skip_all => "Works only on linux (using strace)" if $^O ne 'linux';
+
+my %impl2opts =
+ (
+ 'Image::Info::SVG::XMLSimple' =>
+ [
+ {XML_SAX_Parser => 'XML::Parser'},
+ {XML_SAX_Parser => 'XML::SAX::Expat'},
+ {XML_SAX_Parser => 'XML::SAX::ExpatXS'},
+ {XML_SAX_Parser => 'XML::SAX::PurePerl'},
+ {XML_SAX_Parser => 'XML::LibXML::SAX::Parser'},
+ {XML_SAX_Parser => 'XML::LibXML::SAX'},
+ ],
+ 'Image::Info::SVG::XMLLibXMLReader' => [{}],
+ );
+
+plan tests => 2 * sum map { scalar @$_ } values(%impl2opts);
+
+for my $impl (keys %impl2opts) {
+ my $testname = $impl;
+ my @opts = @{ $impl2opts{$impl} };
+ for my $opt (@opts) {
+ my $testname = $testname . (%$opt ? ", " . join(", ", map { "$_ =>
$opt->{$_}" } keys %$opt) : '');
+ my @cmd =
+ (
+ $^X, "-I$FindBin::RealBin/../lib", '-MImage::Info=image_info',
'-e',
+ ($opt->{XML_SAX_Parser} ? 'require XML::Simple;
$XML::Simple::PREFERRED_PARSER = shift; ' : '') .
+ '@Image::Info::SVG::PREFER_MODULE=shift; my $info =
image_info(shift); die $info->{error} if $info->{error};',
+ ($opt->{XML_SAX_Parser} ? $opt->{XML_SAX_Parser} : ()),
+ $impl, "$FindBin::RealBin/../img/xxe.svg",
+ );
+ {
+ my $stderr;
+ ok run(\@cmd, '2>', \$stderr), "Run @cmd"
+ or diag $stderr;
+ }
+ {
+ my $success = run(["strace", "-eopen,stat", @cmd], '2>', \my
$strace);
+ if (!$success) {
+ if (($opt->{XML_SAX_Parser}||'') eq 'XML::SAX::ExpatXS') {
+ # ignore error
+ } else {
+ die "Error running @cmd with strace";
+ }
+ }
+ my @matching_lines = $strace =~ m{.*/etc/passwd.*}g;
+ is scalar(@matching_lines), 0, "No XXE with $testname"
+ or diag explain \@matching_lines;
+ }
+ }
+}
+
+done_testing;
+
+
+__END__
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Image-Info-1.38/xt/synopsis.t
new/Image-Info-1.39/xt/synopsis.t
--- old/Image-Info-1.38/xt/synopsis.t 2015-04-19 22:10:50.000000000 +0200
+++ new/Image-Info-1.39/xt/synopsis.t 2016-01-23 16:07:27.000000000 +0100
@@ -10,5 +10,3 @@
eval "use Test::Synopsis";
plan skip_all => "Test::Synopsis required for testing" if $@;
all_synopsis_ok();
-
-done_testing;
