Hello community, here is the log from the commit of package perl-Module-Signature for openSUSE:Factory checked in at 2013-08-04 20:41:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Module-Signature (Old) and /work/SRC/openSUSE:Factory/.perl-Module-Signature.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Module-Signature" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Module-Signature/perl-Module-Signature.changes 2011-12-25 17:39:01.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.perl-Module-Signature.new/perl-Module-Signature.changes 2013-08-04 23:52:31.000000000 +0200 @@ -1,0 +2,31 @@ +Sun Aug 4 15:26:25 UTC 2013 - co...@suse.com + +- fix souce url + +------------------------------------------------------------------- +Wed Jul 3 19:14:29 UTC 2013 - ch...@computersalat.de + +- update to 0.73 + * fix for bnc#828010 (CVE-2013-2145) + https://bugzilla.novell.com/process_bug.cgi + https://bugzilla.redhat.com/show_bug.cgi?id=971096 + * Properly redo the previous fix using File::Spec->file_name_is_absolute. +- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013] + * Only allow loading Digest::* from absolute paths in @INC, + by ensuring they begin with \ or / characters. + Contributed by: Florian Weimer (CVE-2013-2145) +- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013] + * Constrain the user-specified digest name to /^\w+\d+$/. + * Avoid loading Digest::* from relative paths in @INC. + Contributed by: Florian Weimer (CVE-2013-2145) +- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012] + * Don't check gpg version if gpg does not exist. + This avoids unnecessary warnings during installation + when gpg executable is not installed. + Contributed by: Kenichi Ishigaki +- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012] + * Support for gpg under these alternate names: + gpg gpg2 gnupg gnupg2 + Contributed by: Michael Schwern + +------------------------------------------------------------------- Old: ---- Module-Signature-0.68.tar.gz New: ---- Module-Signature-0.73.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Module-Signature.spec ++++++ --- /var/tmp/diff_new_pack.4RpgrN/_old 2013-08-04 23:52:32.000000000 +0200 +++ /var/tmp/diff_new_pack.4RpgrN/_new 2013-08-04 23:52:32.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package perl-Module-Signature # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,19 +17,21 @@ Name: perl-Module-Signature -Version: 0.68 +Version: 0.73 Release: 0 %define cpan_name Module-Signature Summary: Module signature file manipulation License: CC0-1.0 and (GPL-1.0+ or Artistic-1.0) Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/Module-Signature/ -Source: http://www.cpan.org/authors/id/F/FL/FLORA/%{cpan_name}-%{version}.tar.gz +Source: http://www.cpan.org/authors/id/A/AU/AUDREYT/%{cpan_name}-%{version}.tar.gz BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros +BuildRequires: perl(Digest::SHA) BuildRequires: perl(IPC::Run) +Requires: perl(Digest::SHA) # MANUAL BEGIN BuildRequires: gpg Requires: gpg @@ -58,7 +60,7 @@ %prep %setup -q -n %{cpan_name}-%{version} -find . -type f -print0 | xargs -0 chmod 644 +#find . -type f -print0 | xargs -0 chmod 644 %build %{__perl} Makefile.PL INSTALLDIRS=vendor ++++++ Module-Signature-0.68.tar.gz -> Module-Signature-0.73.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/Changes new/Module-Signature-0.73/Changes --- old/Module-Signature-0.68/Changes 2011-05-13 11:52:10.000000000 +0200 +++ new/Module-Signature-0.73/Changes 2013-06-05 22:55:00.000000000 +0200 @@ -1,3 +1,39 @@ +[Changes for 0.73 - Wed Jun 5 23:44:57 CST 2013] + +* Properly redo the previous fix using File::Spec->file_name_is_absolute. + +[Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013] + +* Only allow loading Digest::* from absolute paths in @INC, + by ensuring they begin with \ or / characters. + + Contributed by: Florian Weimer (CVE-2013-2145) + +[Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013] + +* Constrain the user-specified digest name to /^\w+\d+$/. + +* Avoid loading Digest::* from relative paths in @INC. + + Contributed by: Florian Weimer (CVE-2013-2145) + +[Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012] + +* Don't check gpg version if gpg does not exist. + + This avoids unnecessary warnings during installation + when gpg executable is not installed. + + Contributed by: Kenichi Ishigaki + +[Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012] + +* Support for gpg under these alternate names: + + gpg gpg2 gnupg gnupg2 + + Contributed by: Michael Schwern + [Changes for 0.68 - Fri, 13 May 2011 11:51:50 +0200] * Fix breakage introduced by 0.67 (Andreas König). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/META.yml new/Module-Signature-0.73/META.yml --- old/Module-Signature-0.68/META.yml 2011-05-13 11:52:26.000000000 +0200 +++ new/Module-Signature-0.73/META.yml 2013-06-05 22:55:35.000000000 +0200 @@ -3,13 +3,14 @@ author: - '唐鳳 <c...@audreyt.org>' build_requires: - ExtUtils::MakeMaker: 6.42 + ExtUtils::MakeMaker: 6.36 IPC::Run: 0 Test::More: 0 configure_requires: - ExtUtils::MakeMaker: 6.42 + ExtUtils::MakeMaker: 6.36 distribution_type: module -generated_by: 'Module::Install version 1.00' +dynamic_config: 1 +generated_by: 'Module::Install version 1.06' license: cc0 meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -24,4 +25,4 @@ perl: 5.005 resources: repository: http://github.com/audreyt/module-signature -version: 0.68 +version: 0.73 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/Makefile.PL new/Module-Signature-0.73/Makefile.PL --- old/Module-Signature-0.68/Makefile.PL 2011-05-13 11:46:24.000000000 +0200 +++ new/Module-Signature-0.73/Makefile.PL 2012-11-02 16:10:16.000000000 +0100 @@ -1,3 +1,4 @@ +use strict; use inc::Module::Install 0.92; $|++; @@ -66,10 +67,9 @@ # dependencies so they will upgrade as needed. requires( @OPEN_PGP ); -} elsif ( locate_gpg() ) { +} elsif ( my $gpg = locate_gpg() ) { # We SHOULD have gpg, double-check formally - requires_external_bin 'gpg'; - + requires_external_bin $gpg; } elsif ( can_cc() and $ENV{AUTOMATED_TESTING} ) { # Dive headlong into a full Crypt::OpenPGP install. requires( @OPEN_PGP ); @@ -98,28 +98,32 @@ sub locate_gpg { print "Looking for GNU Privacy Guard (gpg), a cryptographic signature tool...\n"; - my $gpg = can_run('gpg'); - my $has_gpg = ( - $gpg and - `gpg --version` =~ /GnuPG/ - ); - - unless ( $has_gpg ) { + my ($gpg, $gpg_path); + for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') { + $gpg_path = can_run($gpg_bin); + next unless $gpg_path; + next unless `$gpg_bin --version` =~ /GnuPG/; + next unless defined `$gpg_bin --list-public-keys`; + + $gpg = $gpg_bin; + last; + } + unless ( $gpg ) { print "gpg not found.\n"; return; } - print "GnuPG found ($gpg).\n"; + print "GnuPG found ($gpg_path).\n"; return 1 if grep { /^--installdeps/} @ARGV; if ( prompt("Import PAUSE and author keys to GnuPG?", 'y' ) =~ /^y/i) { print 'Importing... '; - system 'gpg', '--quiet', '--import', glob('*.pub'); + system $gpg, '--quiet', '--import', glob('*.pub'); print "done.\n"; } - return 1; + return $gpg; } sub ask_user { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/README new/Module-Signature-0.73/README --- old/Module-Signature-0.68/README 2011-05-13 11:52:25.000000000 +0200 +++ new/Module-Signature-0.73/README 2013-06-05 22:55:34.000000000 +0200 @@ -245,6 +245,8 @@ Module::Install, ExtUtils::MakeMaker, Module::Build + Dist::Zilla::Plugin::Signature + AUTHORS 唐鳳 <c...@audreyt.org> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/SIGNATURE new/Module-Signature-0.73/SIGNATURE --- old/Module-Signature-0.68/SIGNATURE 2011-05-13 11:53:28.000000000 +0200 +++ new/Module-Signature-0.73/SIGNATURE 2013-06-05 22:55:39.000000000 +0200 @@ -1,5 +1,5 @@ This file contains message digests of all files listed in MANIFEST, -signed via the Module::Signature module, version 0.68. +signed via the Module::Signature module, version 0.73. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: @@ -16,25 +16,25 @@ SHA1 0b722678d07c66ef6992f2cc2c9e9acf3bef0ecb AUDREY2006.pub SHA1 1e2b550757ebdf3ef2c0e8d1d06bcbb9c6b62a6f AUTHORS -SHA1 9dcc6558459cdbe474dcf325eb9e8eeb68815897 Changes +SHA1 fb3ceeacbd691a2dfa63f0b22be04eb67817971c Changes SHA1 366ad23151d9113e37f4a9edd4d3304ecc30b9d6 MANIFEST SHA1 af1667da11736451592aeba46d34e38c47a7201c MANIFEST.SKIP -SHA1 f38db924b0216aaff4ccf18247a62997acb447ce META.yml -SHA1 0024aa3f23ac84a928c4063e9435ca1607984e7e Makefile.PL +SHA1 1728bd49673df420cf1be5a93e8e95bfa6ad18ad META.yml +SHA1 3670c5391c41935eb113a75dcf190646a83eb553 Makefile.PL SHA1 37e858c51409a297ef5d3fb35dc57cd3b57f9a4d PAUSE2003.pub -SHA1 955ba924e9cd1bafccb4d6d7bd3be25c3ce8bf75 README -SHA1 7305dbe2904416e28decb05396988a5d51d578be inc/Module/Install.pm -SHA1 129960509127732258570c122042bc48615222e1 inc/Module/Install/Base.pm -SHA1 cf3356ed9a5bd2f732527ef9e7bc5ef4458c8a93 inc/Module/Install/Can.pm -SHA1 e083a5ec82c708f0a933785388b3ac2c94d802ec inc/Module/Install/External.pm -SHA1 bf0a3e1977effc2832d7a813a76dce3f31b437b6 inc/Module/Install/Fetch.pm -SHA1 b721c93ca5bc9a6aa863b49af15f1b1de6125935 inc/Module/Install/Makefile.pm -SHA1 026cc0551a0ad399d195e395b46bdf842e115192 inc/Module/Install/Metadata.pm -SHA1 d3a33569b41077d6a836f95bb63484c51e9d0a52 inc/Module/Install/ReadmeFromPod.pm -SHA1 d3a4c720c6ec7f8fce7df37002fbc9177fb77050 inc/Module/Install/Scripts.pm -SHA1 5457015ea5a50e93465bf2dafa29feebd547f85b inc/Module/Install/Win32.pm -SHA1 051e7fa8063908befa3440508d0584a2497b97db inc/Module/Install/WriteAll.pm -SHA1 e37281f2715f3a73c830d0408461fc0e3e43d419 lib/Module/Signature.pm +SHA1 6135b90837836cd8a72c78cbec211b2d84996c99 README +SHA1 8a924add836b60fb23b25c8506d45945e02f42f4 inc/Module/Install.pm +SHA1 2d0fad3bf255f8c1e7e1e34eafccc4f595603ddc inc/Module/Install/Base.pm +SHA1 f0e01fff7d73cd145fbf22331579918d4628ddb0 inc/Module/Install/Can.pm +SHA1 272e65bd98dd43c7acd8c272dde84fbe5794fc07 inc/Module/Install/External.pm +SHA1 7328966e4fda0c8451a6d3850704da0b84ac1540 inc/Module/Install/Fetch.pm +SHA1 b62ca5e2d58fa66766ccf4d64574f9e1a2250b34 inc/Module/Install/Makefile.pm +SHA1 1aa925be410bb3bfcd84a16985921f66073cc1d2 inc/Module/Install/Metadata.pm +SHA1 dc94326a076aca41452c1d65bf52a255feeb9ef7 inc/Module/Install/ReadmeFromPod.pm +SHA1 4d793c044726e06fe35d8d129b76da2803377f92 inc/Module/Install/Scripts.pm +SHA1 e4196994fa75e98bdfa2be0bdeeffef66de88171 inc/Module/Install/Win32.pm +SHA1 c3a6d0d5b84feb3280622e9599e86247d58b0d18 inc/Module/Install/WriteAll.pm +SHA1 6c5cda03253ec382b7f558f891d2f4868a235610 lib/Module/Signature.pm SHA1 0882c50213a28b7a30fc91fd58c19015f33348d0 script/cpansign SHA1 3ec6171779122b0bdc69937c283be11b2a15dd89 t/0-signature.t SHA1 307a744384e704d94031df73233f24174b843bc8 t/1-basic.t @@ -43,9 +43,9 @@ SHA1 69614dfba33a1ef498a2161f9e4718092652857c t/wrap.pl SHA1 61377898e9d7cb06d370f45167a925e16736de70 t/wrapped-tests.bin -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) +Version: GnuPG v1.4.12 (Darwin) -iEYEARECAAYFAk3M/5gACgkQdC8qQo5jWl6ejwCfYy2EE94jsoe1oY2w7Na3jSnX -1fwAnRgS45SDoKjbLSH1+6z37NL/MpGI -=NYb6 +iEYEARECAAYFAlGvpckACgkQtLPdNzw1AaCR9wCfZp9kU2M8/1xG/5Nac1G7g4dH +rFwAnA5VfZ1qA17gOZF/sn/sRUhI6LwL +=aUN8 -----END PGP SIGNATURE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Base.pm new/Module-Signature-0.73/inc/Module/Install/Base.pm --- old/Module-Signature-0.68/inc/Module/Install/Base.pm 2011-05-13 11:52:24.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/Base.pm 2013-06-05 22:55:33.000000000 +0200 @@ -4,7 +4,7 @@ use strict 'vars'; use vars qw{$VERSION}; BEGIN { - $VERSION = '1.00'; + $VERSION = '1.06'; } # Suspend handler for "redefined" warnings diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Can.pm new/Module-Signature-0.73/inc/Module/Install/Can.pm --- old/Module-Signature-0.68/inc/Module/Install/Can.pm 2011-05-13 11:52:25.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/Can.pm 2013-06-05 22:55:34.000000000 +0200 @@ -3,13 +3,12 @@ use strict; use Config (); -use File::Spec (); use ExtUtils::MakeMaker (); use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { - $VERSION = '1.00'; + $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } @@ -29,7 +28,7 @@ eval { require $mod; $pkg->VERSION($ver || 0); 1 }; } -# check if we can run some command +# Check if we can run some command sub can_run { my ($self, $cmd) = @_; @@ -38,14 +37,88 @@ for my $dir ((split /$Config::Config{path_sep}/, $ENV{PATH}), '.') { next if $dir eq ''; - my $abs = File::Spec->catfile($dir, $_[1]); + require File::Spec; + my $abs = File::Spec->catfile($dir, $cmd); return $abs if (-x $abs or $abs = MM->maybe_command($abs)); } return; } -# can we locate a (the) C compiler +# Can our C compiler environment build XS files +sub can_xs { + my $self = shift; + + # Ensure we have the CBuilder module + $self->configure_requires( 'ExtUtils::CBuilder' => 0.27 ); + + # Do we have the configure_requires checker? + local $@; + eval "require ExtUtils::CBuilder;"; + if ( $@ ) { + # They don't obey configure_requires, so it is + # someone old and delicate. Try to avoid hurting + # them by falling back to an older simpler test. + return $self->can_cc(); + } + + # Do we have a working C compiler + my $builder = ExtUtils::CBuilder->new( + quiet => 1, + ); + unless ( $builder->have_compiler ) { + # No working C compiler + return 0; + } + + # Write a C file representative of what XS becomes + require File::Temp; + my ( $FH, $tmpfile ) = File::Temp::tempfile( + "compilexs-XXXXX", + SUFFIX => '.c', + ); + binmode $FH; + print $FH <<'END_C'; +#include "EXTERN.h" +#include "perl.h" +#include "XSUB.h" + +int main(int argc, char **argv) { + return 0; +} + +int boot_sanexs() { + return 1; +} + +END_C + close $FH; + + # Can the C compiler access the same headers XS does + my @libs = (); + my $object = undef; + eval { + local $^W = 0; + $object = $builder->compile( + source => $tmpfile, + ); + @libs = $builder->link( + objects => $object, + module_name => 'sanexs', + ); + }; + my $result = $@ ? 0 : 1; + + # Clean up all the build files + foreach ( $tmpfile, $object, @libs ) { + next unless defined $_; + 1 while unlink; + } + + return $result; +} + +# Can we locate a (the) C compiler sub can_cc { my $self = shift; my @chunks = split(/ /, $Config::Config{cc}) or return; @@ -78,4 +151,4 @@ __END__ -#line 156 +#line 236 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/External.pm new/Module-Signature-0.73/inc/Module/Install/External.pm --- old/Module-Signature-0.68/inc/Module/Install/External.pm 2011-05-13 11:52:26.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/External.pm 2013-06-05 22:55:34.000000000 +0200 @@ -8,11 +8,28 @@ use vars qw{$VERSION $ISCORE @ISA}; BEGIN { - $VERSION = '1.00'; + $VERSION = '1.06'; $ISCORE = 1; @ISA = qw{Module::Install::Base}; } +sub requires_xs { + my $self = shift; + + # First check for the basic C compiler + $self->requires_external_cc; + + # We need a C compiler that can build XS files + unless ( $self->can_xs ) { + print "Unresolvable missing external dependency.\n"; + print "This package requires perl's header files.\n"; + print STDERR "NA: Unable to build distribution on this platform.\n"; + exit(0); + } + + 1; +} + sub requires_external_cc { my $self = shift; @@ -41,7 +58,7 @@ $self->load('can_run'); # Locate the bin - print "Locating required external dependency bin:$bin..."; + print "Locating bin:$bin..."; my $found_bin = $self->can_run( $bin ); if ( $found_bin ) { print " found at $found_bin.\n"; @@ -63,4 +80,4 @@ __END__ -#line 138 +#line 171 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Fetch.pm new/Module-Signature-0.73/inc/Module/Install/Fetch.pm --- old/Module-Signature-0.68/inc/Module/Install/Fetch.pm 2011-05-13 11:52:26.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/Fetch.pm 2013-06-05 22:55:34.000000000 +0200 @@ -6,7 +6,7 @@ use vars qw{$VERSION @ISA $ISCORE}; BEGIN { - $VERSION = '1.00'; + $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Makefile.pm new/Module-Signature-0.73/inc/Module/Install/Makefile.pm --- old/Module-Signature-0.68/inc/Module/Install/Makefile.pm 2011-05-13 11:52:24.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/Makefile.pm 2013-06-05 22:55:33.000000000 +0200 @@ -8,7 +8,7 @@ use vars qw{$VERSION @ISA $ISCORE}; BEGIN { - $VERSION = '1.00'; + $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } @@ -215,18 +215,22 @@ require ExtUtils::MakeMaker; if ( $perl_version and $self->_cmp($perl_version, '5.006') >= 0 ) { - # MakeMaker can complain about module versions that include - # an underscore, even though its own version may contain one! - # Hence the funny regexp to get rid of it. See RT #35800 - # for details. - my $v = $ExtUtils::MakeMaker::VERSION =~ /^(\d+\.\d+)/; - $self->build_requires( 'ExtUtils::MakeMaker' => $v ); - $self->configure_requires( 'ExtUtils::MakeMaker' => $v ); + # This previous attempted to inherit the version of + # ExtUtils::MakeMaker in use by the module author, but this + # was found to be untenable as some authors build releases + # using future dev versions of EU:MM that nobody else has. + # Instead, #toolchain suggests we use 6.59 which is the most + # stable version on CPAN at time of writing and is, to quote + # ribasushi, "not terminally fucked, > and tested enough". + # TODO: We will now need to maintain this over time to push + # the version up as new versions are released. + $self->build_requires( 'ExtUtils::MakeMaker' => 6.59 ); + $self->configure_requires( 'ExtUtils::MakeMaker' => 6.59 ); } else { # Allow legacy-compatibility with 5.005 by depending on the # most recent EU:MM that supported 5.005. - $self->build_requires( 'ExtUtils::MakeMaker' => 6.42 ); - $self->configure_requires( 'ExtUtils::MakeMaker' => 6.42 ); + $self->build_requires( 'ExtUtils::MakeMaker' => 6.36 ); + $self->configure_requires( 'ExtUtils::MakeMaker' => 6.36 ); } # Generate the MakeMaker params @@ -241,7 +245,6 @@ 'all_from' if you prefer) in Makefile.PL. EOT - $DB::single = 1; if ( $self->tests ) { my @tests = split ' ', $self->tests; my %seen; @@ -412,4 +415,4 @@ __END__ -#line 541 +#line 544 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Metadata.pm new/Module-Signature-0.73/inc/Module/Install/Metadata.pm --- old/Module-Signature-0.68/inc/Module/Install/Metadata.pm 2011-05-13 11:52:24.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/Metadata.pm 2013-06-05 22:55:33.000000000 +0200 @@ -6,7 +6,7 @@ use vars qw{$VERSION @ISA $ISCORE}; BEGIN { - $VERSION = '1.00'; + $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } @@ -151,15 +151,21 @@ sub install_as_vendor { $_[0]->installdirs('vendor') } sub dynamic_config { - my $self = shift; - unless ( @_ ) { - warn "You MUST provide an explicit true/false value to dynamic_config\n"; - return $self; + my $self = shift; + my $value = @_ ? shift : 1; + if ( $self->{values}->{dynamic_config} ) { + # Once dynamic we never change to static, for safety + return 0; } - $self->{values}->{dynamic_config} = $_[0] ? 1 : 0; + $self->{values}->{dynamic_config} = $value ? 1 : 0; return 1; } +# Convenience command +sub static_config { + shift->dynamic_config(0); +} + sub perl_version { my $self = shift; return $self->{values}->{perl_version} unless @_; @@ -170,7 +176,7 @@ # Normalize the version $version = $self->_perl_version($version); - # We don't support the reall old versions + # We don't support the really old versions unless ( $version >= 5.005 ) { die "Module::Install only supports 5.005 or newer (use ExtUtils::MakeMaker)\n"; } @@ -515,6 +521,7 @@ 'GNU Free Documentation license' => 'unrestricted', 1, 'GNU Affero General Public License' => 'open_source', 1, '(?:Free)?BSD license' => 'bsd', 1, + 'Artistic license 2\.0' => 'artistic_2', 1, 'Artistic license' => 'artistic', 1, 'Apache (?:Software )?license' => 'apache', 1, 'GPL' => 'gpl', 1, @@ -550,9 +557,9 @@ sub _extract_bugtracker { my @links = $_[0] =~ m#L<( - \Qhttp://rt.cpan.org/\E[^>]+| - \Qhttp://github.com/\E[\w_]+/[\w_]+/issues| - \Qhttp://code.google.com/p/\E[\w_\-]+/issues/list + https?\Q://rt.cpan.org/\E[^>]+| + https?\Q://github.com/\E[\w_]+/[\w_]+/issues| + https?\Q://code.google.com/p/\E[\w_\-]+/issues/list )>#gx; my %links; @links{@links}=(); @@ -581,7 +588,7 @@ sub requires_from { my $self = shift; my $content = Module::Install::_readperl($_[0]); - my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+([\d\.]+)/mg; + my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+(v?[\d\.]+)/mg; while ( @requires ) { my $module = shift @requires; my $version = shift @requires; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/ReadmeFromPod.pm new/Module-Signature-0.73/inc/Module/Install/ReadmeFromPod.pm --- old/Module-Signature-0.68/inc/Module/Install/ReadmeFromPod.pm 2011-05-13 11:52:24.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/ReadmeFromPod.pm 2013-06-05 22:55:34.000000000 +0200 @@ -7,29 +7,119 @@ use base qw(Module::Install::Base); use vars qw($VERSION); -$VERSION = '0.12'; +$VERSION = '0.20'; sub readme_from { my $self = shift; return unless $self->is_admin; - my $file = shift || $self->_all_from + # Input file + my $in_file = shift || $self->_all_from or die "Can't determine file to make readme_from"; - my $clean = shift; - print "Writing README from $file\n"; + # Get optional arguments + my ($clean, $format, $out_file, $options); + my $args = shift; + if ( ref $args ) { + # Arguments are in a hashref + if ( ref($args) ne 'HASH' ) { + die "Expected a hashref but got a ".ref($args)."\n"; + } else { + $clean = $args->{'clean'}; + $format = $args->{'format'}; + $out_file = $args->{'output_file'}; + $options = $args->{'options'}; + } + } else { + # Arguments are in a list + $clean = $args; + $format = shift; + $out_file = shift; + $options = \@_; + } + + # Default values; + $clean ||= 0; + $format ||= 'txt'; + + # Generate README + print "readme_from $in_file to $format\n"; + if ($format =~ m/te?xt/) { + $out_file = $self->_readme_txt($in_file, $out_file, $options); + } elsif ($format =~ m/html?/) { + $out_file = $self->_readme_htm($in_file, $out_file, $options); + } elsif ($format eq 'man') { + $out_file = $self->_readme_man($in_file, $out_file, $options); + } elsif ($format eq 'pdf') { + $out_file = $self->_readme_pdf($in_file, $out_file, $options); + } - require Pod::Text; - my $parser = Pod::Text->new(); - open README, '> README' or die "$!\n"; - $parser->output_fh( *README ); - $parser->parse_file( $file ); if ($clean) { - $self->clean_files('README'); + $self->clean_files($out_file); } + return 1; } + +sub _readme_txt { + my ($self, $in_file, $out_file, $options) = @_; + $out_file ||= 'README'; + require Pod::Text; + my $parser = Pod::Text->new( @$options ); + open my $out_fh, '>', $out_file or die "Could not write file $out_file:\n$!\n"; + $parser->output_fh( *$out_fh ); + $parser->parse_file( $in_file ); + close $out_fh; + return $out_file; +} + + +sub _readme_htm { + my ($self, $in_file, $out_file, $options) = @_; + $out_file ||= 'README.htm'; + require Pod::Html; + Pod::Html::pod2html( + "--infile=$in_file", + "--outfile=$out_file", + @$options, + ); + # Remove temporary files if needed + for my $file ('pod2htmd.tmp', 'pod2htmi.tmp') { + if (-e $file) { + unlink $file or warn "Warning: Could not remove file '$file'.\n$!\n"; + } + } + return $out_file; +} + + +sub _readme_man { + my ($self, $in_file, $out_file, $options) = @_; + $out_file ||= 'README.1'; + require Pod::Man; + my $parser = Pod::Man->new( @$options ); + $parser->parse_from_file($in_file, $out_file); + return $out_file; +} + + +sub _readme_pdf { + my ($self, $in_file, $out_file, $options) = @_; + $out_file ||= 'README.pdf'; + eval { require App::pod2pdf; } + or die "Could not generate $out_file because pod2pdf could not be found\n"; + my $parser = App::pod2pdf->new( @$options ); + $parser->parse_from_file($in_file); + open my $out_fh, '>', $out_file or die "Could not write file $out_file:\n$!\n"; + select $out_fh; + $parser->output; + select STDOUT; + close $out_fh; + return $out_file; +} + + sub _all_from { my $self = shift; return unless $self->admin->{extensions}; @@ -44,5 +134,5 @@ __END__ -#line 112 +#line 254 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Scripts.pm new/Module-Signature-0.73/inc/Module/Install/Scripts.pm --- old/Module-Signature-0.68/inc/Module/Install/Scripts.pm 2011-05-13 11:52:25.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/Scripts.pm 2013-06-05 22:55:34.000000000 +0200 @@ -6,7 +6,7 @@ use vars qw{$VERSION @ISA $ISCORE}; BEGIN { - $VERSION = '1.00'; + $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Win32.pm new/Module-Signature-0.73/inc/Module/Install/Win32.pm --- old/Module-Signature-0.68/inc/Module/Install/Win32.pm 2011-05-13 11:52:26.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/Win32.pm 2013-06-05 22:55:34.000000000 +0200 @@ -6,7 +6,7 @@ use vars qw{$VERSION @ISA $ISCORE}; BEGIN { - $VERSION = '1.00'; + $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/WriteAll.pm new/Module-Signature-0.73/inc/Module/Install/WriteAll.pm --- old/Module-Signature-0.68/inc/Module/Install/WriteAll.pm 2011-05-13 11:52:26.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install/WriteAll.pm 2013-06-05 22:55:34.000000000 +0200 @@ -6,7 +6,7 @@ use vars qw{$VERSION @ISA $ISCORE}; BEGIN { - $VERSION = '1.00'; + $VERSION = '1.06'; @ISA = qw{Module::Install::Base}; $ISCORE = 1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install.pm new/Module-Signature-0.73/inc/Module/Install.pm --- old/Module-Signature-0.68/inc/Module/Install.pm 2011-05-13 11:52:23.000000000 +0200 +++ new/Module-Signature-0.73/inc/Module/Install.pm 2013-06-05 22:55:33.000000000 +0200 @@ -31,7 +31,7 @@ # This is not enforced yet, but will be some time in the next few # releases once we can make sure it won't clash with custom # Module::Install extensions. - $VERSION = '1.00'; + $VERSION = '1.06'; # Storage for the pseudo-singleton $MAIN = undef; @@ -451,7 +451,7 @@ } sub _cmp ($$) { - _version($_[0]) <=> _version($_[1]); + _version($_[1]) <=> _version($_[2]); } # Cloned from Params::Util::_CLASS @@ -467,4 +467,4 @@ 1; -# Copyright 2008 - 2010 Adam Kennedy. +# Copyright 2008 - 2012 Adam Kennedy. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Module-Signature-0.68/lib/Module/Signature.pm new/Module-Signature-0.73/lib/Module/Signature.pm --- old/Module-Signature-0.68/lib/Module/Signature.pm 2011-05-13 11:47:41.000000000 +0200 +++ new/Module-Signature-0.73/lib/Module/Signature.pm 2013-06-05 22:54:26.000000000 +0200 @@ -1,5 +1,5 @@ package Module::Signature; -$Module::Signature::VERSION = '0.68'; +$Module::Signature::VERSION = '0.73'; use 5.005; use strict; @@ -18,6 +18,7 @@ use ExtUtils::Manifest (); use Exporter; +use File::Spec; @EXPORT_OK = ( qw(sign verify), @@ -143,7 +144,8 @@ } sub _has_gpg { - `gpg --version` =~ /GnuPG.*?(\S+)\s*$/m or return; + my $gpg = _which_gpg() or return; + `$gpg --version` =~ /GnuPG.*?(\S+)\s*$/m or return; return $1; } @@ -213,6 +215,20 @@ or /~$/ or /\.old$/ or /\#$/ or /^\.#/; } +my $which_gpg; +sub _which_gpg { + # Cache it so we don't need to keep checking. + return $which_gpg if $which_gpg; + + for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') { + my $version = `$gpg_bin --version 2>&1`; + if( $version && $version =~ /GnuPG/ ) { + $which_gpg = $gpg_bin; + return $which_gpg; + } + } +} + sub _verify_gpg { my ($sigtext, $plaintext, $version) = @_; @@ -221,9 +237,10 @@ my $keyserver = _keyserver($version); + my $gpg = _which_gpg(); my @quiet = $Verbose ? () : qw(-q --logger-fd=1); my @cmd = ( - qw(gpg --verify --batch --no-tty), @quiet, ($KeyServer ? ( + $gpg, qw(--verify --batch --no-tty), @quiet, ($KeyServer ? ( "--keyserver=$keyserver", ($AutoKeyRetrieve and $version ge '1.0.7') ? '--keyserver-options=auto-key-retrieve' @@ -380,8 +397,10 @@ die "Could not write to $sigfile" if -e $sigfile and (-d $sigfile or not -w $sigfile); + my $gpg = _which_gpg(); + local *D; - open D, "| gpg --clearsign >> $sigfile.tmp" or die "Could not call gpg: $!"; + open D, "| $gpg --clearsign >> $sigfile.tmp" or die "Could not call $gpg: $!"; print D $plaintext; close D; @@ -410,7 +429,7 @@ # This doesn't work because the output from verify goes to STDERR. # If I try to redirect it using "--logger-fd 1" it just hangs. # WTF? - my @verify = `gpg --batch --verify $SIGNATURE`; + my @verify = `$gpg --batch --verify $SIGNATURE`; while (@verify) { if (/key ID ([0-9A-F]+)$/) { $key_id = $1; @@ -423,7 +442,7 @@ my $found_key; if (defined $key_id && defined $key_name) { my $keyserver = _keyserver($version); - while (`gpg --batch --keyserver=$keyserver --search-keys '$key_name'`) { + while (`$gpg --batch --keyserver=$keyserver --search-keys '$key_name'`) { if (/^\(\d+\)/) { $found_name = 0; } elsif ($found_name) { @@ -514,18 +533,23 @@ sub _digest_object { my($algorithm) = @_; + + # Avoid loading Digest::* from relative paths in @INC. + local @INC = grep { File::Spec->file_name_is_absolute($_) } @INC; + + # Constrain algorithm name to be of form ABC123. + my ($base, $variant) = ($algorithm =~ /^([_a-zA-Z]+)([0-9]+)$/g) + or die "Malformed algorithm name: $algorithm (should match /\\w+\\d+/)"; + my $obj = eval { Digest->new($algorithm) } || eval { - my ($base, $variant) = ($algorithm =~ /^(\w+?)(\d+)$/g) or die; require "Digest/$base.pm"; "Digest::$base"->new($variant) } || eval { require "Digest/$algorithm.pm"; "Digest::$algorithm"->new } || eval { - my ($base, $variant) = ($algorithm =~ /^(\w+?)(\d+)$/g) or die; require "Digest/$base/PurePerl.pm"; "Digest::$base\::PurePerl"->new($variant) } || eval { require "Digest/$algorithm/PurePerl.pm"; "Digest::$algorithm\::PurePerl"->new } or do { eval { - my ($base, $variant) = ($algorithm =~ /^(\w+?)(\d+)$/g) or die; warn "Unknown cipher: $algorithm, please install Digest::$base, Digest::$base$variant, or Digest::$base\::PurePerl\n"; } and return } or do { warn "Unknown cipher: $algorithm, please install Digest::$algorithm\n"; return; @@ -918,6 +942,8 @@ L<Module::Install>, L<ExtUtils::MakeMaker>, L<Module::Build> +L<Dist::Zilla::Plugin::Signature> + =head1 AUTHORS 唐鳳 E<lt>c...@audreyt.orge<gt> -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org