Hello community,
here is the log from the commit of package perl-Module-Signature for
openSUSE:Factory checked in at 2013-08-04 20:41:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Module-Signature (Old)
and /work/SRC/openSUSE:Factory/.perl-Module-Signature.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Module-Signature"
Changes:
--------
---
/work/SRC/openSUSE:Factory/perl-Module-Signature/perl-Module-Signature.changes
2011-12-25 17:39:01.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.perl-Module-Signature.new/perl-Module-Signature.changes
2013-08-04 23:52:31.000000000 +0200
@@ -1,0 +2,31 @@
+Sun Aug 4 15:26:25 UTC 2013 - co...@suse.com
+
+- fix souce url
+
+-------------------------------------------------------------------
+Wed Jul 3 19:14:29 UTC 2013 - ch...@computersalat.de
+
+- update to 0.73
+ * fix for bnc#828010 (CVE-2013-2145)
+ https://bugzilla.novell.com/process_bug.cgi
+ https://bugzilla.redhat.com/show_bug.cgi?id=971096
+ * Properly redo the previous fix using File::Spec->file_name_is_absolute.
+- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]
+ * Only allow loading Digest::* from absolute paths in @INC,
+ by ensuring they begin with \ or / characters.
+ Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]
+ * Constrain the user-specified digest name to /^\w+\d+$/.
+ * Avoid loading Digest::* from relative paths in @INC.
+ Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
+ * Don't check gpg version if gpg does not exist.
+ This avoids unnecessary warnings during installation
+ when gpg executable is not installed.
+ Contributed by: Kenichi Ishigaki
+- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]
+ * Support for gpg under these alternate names:
+ gpg gpg2 gnupg gnupg2
+ Contributed by: Michael Schwern
+
+-------------------------------------------------------------------
Old:
----
Module-Signature-0.68.tar.gz
New:
----
Module-Signature-0.73.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Module-Signature.spec ++++++
--- /var/tmp/diff_new_pack.4RpgrN/_old 2013-08-04 23:52:32.000000000 +0200
+++ /var/tmp/diff_new_pack.4RpgrN/_new 2013-08-04 23:52:32.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package perl-Module-Signature
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,19 +17,21 @@
Name: perl-Module-Signature
-Version: 0.68
+Version: 0.73
Release: 0
%define cpan_name Module-Signature
Summary: Module signature file manipulation
License: CC0-1.0 and (GPL-1.0+ or Artistic-1.0)
Group: Development/Libraries/Perl
Url: http://search.cpan.org/dist/Module-Signature/
-Source:
http://www.cpan.org/authors/id/F/FL/FLORA/%{cpan_name}-%{version}.tar.gz
+Source:
http://www.cpan.org/authors/id/A/AU/AUDREYT/%{cpan_name}-%{version}.tar.gz
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: perl
BuildRequires: perl-macros
+BuildRequires: perl(Digest::SHA)
BuildRequires: perl(IPC::Run)
+Requires: perl(Digest::SHA)
# MANUAL BEGIN
BuildRequires: gpg
Requires: gpg
@@ -58,7 +60,7 @@
%prep
%setup -q -n %{cpan_name}-%{version}
-find . -type f -print0 | xargs -0 chmod 644
+#find . -type f -print0 | xargs -0 chmod 644
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
++++++ Module-Signature-0.68.tar.gz -> Module-Signature-0.73.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/Changes
new/Module-Signature-0.73/Changes
--- old/Module-Signature-0.68/Changes 2011-05-13 11:52:10.000000000 +0200
+++ new/Module-Signature-0.73/Changes 2013-06-05 22:55:00.000000000 +0200
@@ -1,3 +1,39 @@
+[Changes for 0.73 - Wed Jun 5 23:44:57 CST 2013]
+
+* Properly redo the previous fix using File::Spec->file_name_is_absolute.
+
+[Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]
+
+* Only allow loading Digest::* from absolute paths in @INC,
+ by ensuring they begin with \ or / characters.
+
+ Contributed by: Florian Weimer (CVE-2013-2145)
+
+[Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]
+
+* Constrain the user-specified digest name to /^\w+\d+$/.
+
+* Avoid loading Digest::* from relative paths in @INC.
+
+ Contributed by: Florian Weimer (CVE-2013-2145)
+
+[Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
+
+* Don't check gpg version if gpg does not exist.
+
+ This avoids unnecessary warnings during installation
+ when gpg executable is not installed.
+
+ Contributed by: Kenichi Ishigaki
+
+[Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]
+
+* Support for gpg under these alternate names:
+
+ gpg gpg2 gnupg gnupg2
+
+ Contributed by: Michael Schwern
+
[Changes for 0.68 - Fri, 13 May 2011 11:51:50 +0200]
* Fix breakage introduced by 0.67 (Andreas König).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/META.yml
new/Module-Signature-0.73/META.yml
--- old/Module-Signature-0.68/META.yml 2011-05-13 11:52:26.000000000 +0200
+++ new/Module-Signature-0.73/META.yml 2013-06-05 22:55:35.000000000 +0200
@@ -3,13 +3,14 @@
author:
- '唐鳳 <c...@audreyt.org>'
build_requires:
- ExtUtils::MakeMaker: 6.42
+ ExtUtils::MakeMaker: 6.36
IPC::Run: 0
Test::More: 0
configure_requires:
- ExtUtils::MakeMaker: 6.42
+ ExtUtils::MakeMaker: 6.36
distribution_type: module
-generated_by: 'Module::Install version 1.00'
+dynamic_config: 1
+generated_by: 'Module::Install version 1.06'
license: cc0
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -24,4 +25,4 @@
perl: 5.005
resources:
repository: http://github.com/audreyt/module-signature
-version: 0.68
+version: 0.73
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/Makefile.PL
new/Module-Signature-0.73/Makefile.PL
--- old/Module-Signature-0.68/Makefile.PL 2011-05-13 11:46:24.000000000
+0200
+++ new/Module-Signature-0.73/Makefile.PL 2012-11-02 16:10:16.000000000
+0100
@@ -1,3 +1,4 @@
+use strict;
use inc::Module::Install 0.92;
$|++;
@@ -66,10 +67,9 @@
# dependencies so they will upgrade as needed.
requires( @OPEN_PGP );
-} elsif ( locate_gpg() ) {
+} elsif ( my $gpg = locate_gpg() ) {
# We SHOULD have gpg, double-check formally
- requires_external_bin 'gpg';
-
+ requires_external_bin $gpg;
} elsif ( can_cc() and $ENV{AUTOMATED_TESTING} ) {
# Dive headlong into a full Crypt::OpenPGP install.
requires( @OPEN_PGP );
@@ -98,28 +98,32 @@
sub locate_gpg {
print "Looking for GNU Privacy Guard (gpg), a cryptographic signature
tool...\n";
- my $gpg = can_run('gpg');
- my $has_gpg = (
- $gpg and
- `gpg --version` =~ /GnuPG/
- );
-
- unless ( $has_gpg ) {
+ my ($gpg, $gpg_path);
+ for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') {
+ $gpg_path = can_run($gpg_bin);
+ next unless $gpg_path;
+ next unless `$gpg_bin --version` =~ /GnuPG/;
+ next unless defined `$gpg_bin --list-public-keys`;
+
+ $gpg = $gpg_bin;
+ last;
+ }
+ unless ( $gpg ) {
print "gpg not found.\n";
return;
}
- print "GnuPG found ($gpg).\n";
+ print "GnuPG found ($gpg_path).\n";
return 1 if grep { /^--installdeps/} @ARGV;
if ( prompt("Import PAUSE and author keys to GnuPG?", 'y' ) =~ /^y/i) {
print 'Importing... ';
- system 'gpg', '--quiet', '--import', glob('*.pub');
+ system $gpg, '--quiet', '--import', glob('*.pub');
print "done.\n";
}
- return 1;
+ return $gpg;
}
sub ask_user {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/README
new/Module-Signature-0.73/README
--- old/Module-Signature-0.68/README 2011-05-13 11:52:25.000000000 +0200
+++ new/Module-Signature-0.73/README 2013-06-05 22:55:34.000000000 +0200
@@ -245,6 +245,8 @@
Module::Install, ExtUtils::MakeMaker, Module::Build
+ Dist::Zilla::Plugin::Signature
+
AUTHORS
唐鳳 <c...@audreyt.org>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/SIGNATURE
new/Module-Signature-0.73/SIGNATURE
--- old/Module-Signature-0.68/SIGNATURE 2011-05-13 11:53:28.000000000 +0200
+++ new/Module-Signature-0.73/SIGNATURE 2013-06-05 22:55:39.000000000 +0200
@@ -1,5 +1,5 @@
This file contains message digests of all files listed in MANIFEST,
-signed via the Module::Signature module, version 0.68.
+signed via the Module::Signature module, version 0.73.
To verify the content in this distribution, first make sure you have
Module::Signature installed, then type:
@@ -16,25 +16,25 @@
SHA1 0b722678d07c66ef6992f2cc2c9e9acf3bef0ecb AUDREY2006.pub
SHA1 1e2b550757ebdf3ef2c0e8d1d06bcbb9c6b62a6f AUTHORS
-SHA1 9dcc6558459cdbe474dcf325eb9e8eeb68815897 Changes
+SHA1 fb3ceeacbd691a2dfa63f0b22be04eb67817971c Changes
SHA1 366ad23151d9113e37f4a9edd4d3304ecc30b9d6 MANIFEST
SHA1 af1667da11736451592aeba46d34e38c47a7201c MANIFEST.SKIP
-SHA1 f38db924b0216aaff4ccf18247a62997acb447ce META.yml
-SHA1 0024aa3f23ac84a928c4063e9435ca1607984e7e Makefile.PL
+SHA1 1728bd49673df420cf1be5a93e8e95bfa6ad18ad META.yml
+SHA1 3670c5391c41935eb113a75dcf190646a83eb553 Makefile.PL
SHA1 37e858c51409a297ef5d3fb35dc57cd3b57f9a4d PAUSE2003.pub
-SHA1 955ba924e9cd1bafccb4d6d7bd3be25c3ce8bf75 README
-SHA1 7305dbe2904416e28decb05396988a5d51d578be inc/Module/Install.pm
-SHA1 129960509127732258570c122042bc48615222e1 inc/Module/Install/Base.pm
-SHA1 cf3356ed9a5bd2f732527ef9e7bc5ef4458c8a93 inc/Module/Install/Can.pm
-SHA1 e083a5ec82c708f0a933785388b3ac2c94d802ec inc/Module/Install/External.pm
-SHA1 bf0a3e1977effc2832d7a813a76dce3f31b437b6 inc/Module/Install/Fetch.pm
-SHA1 b721c93ca5bc9a6aa863b49af15f1b1de6125935 inc/Module/Install/Makefile.pm
-SHA1 026cc0551a0ad399d195e395b46bdf842e115192 inc/Module/Install/Metadata.pm
-SHA1 d3a33569b41077d6a836f95bb63484c51e9d0a52
inc/Module/Install/ReadmeFromPod.pm
-SHA1 d3a4c720c6ec7f8fce7df37002fbc9177fb77050 inc/Module/Install/Scripts.pm
-SHA1 5457015ea5a50e93465bf2dafa29feebd547f85b inc/Module/Install/Win32.pm
-SHA1 051e7fa8063908befa3440508d0584a2497b97db inc/Module/Install/WriteAll.pm
-SHA1 e37281f2715f3a73c830d0408461fc0e3e43d419 lib/Module/Signature.pm
+SHA1 6135b90837836cd8a72c78cbec211b2d84996c99 README
+SHA1 8a924add836b60fb23b25c8506d45945e02f42f4 inc/Module/Install.pm
+SHA1 2d0fad3bf255f8c1e7e1e34eafccc4f595603ddc inc/Module/Install/Base.pm
+SHA1 f0e01fff7d73cd145fbf22331579918d4628ddb0 inc/Module/Install/Can.pm
+SHA1 272e65bd98dd43c7acd8c272dde84fbe5794fc07 inc/Module/Install/External.pm
+SHA1 7328966e4fda0c8451a6d3850704da0b84ac1540 inc/Module/Install/Fetch.pm
+SHA1 b62ca5e2d58fa66766ccf4d64574f9e1a2250b34 inc/Module/Install/Makefile.pm
+SHA1 1aa925be410bb3bfcd84a16985921f66073cc1d2 inc/Module/Install/Metadata.pm
+SHA1 dc94326a076aca41452c1d65bf52a255feeb9ef7
inc/Module/Install/ReadmeFromPod.pm
+SHA1 4d793c044726e06fe35d8d129b76da2803377f92 inc/Module/Install/Scripts.pm
+SHA1 e4196994fa75e98bdfa2be0bdeeffef66de88171 inc/Module/Install/Win32.pm
+SHA1 c3a6d0d5b84feb3280622e9599e86247d58b0d18 inc/Module/Install/WriteAll.pm
+SHA1 6c5cda03253ec382b7f558f891d2f4868a235610 lib/Module/Signature.pm
SHA1 0882c50213a28b7a30fc91fd58c19015f33348d0 script/cpansign
SHA1 3ec6171779122b0bdc69937c283be11b2a15dd89 t/0-signature.t
SHA1 307a744384e704d94031df73233f24174b843bc8 t/1-basic.t
@@ -43,9 +43,9 @@
SHA1 69614dfba33a1ef498a2161f9e4718092652857c t/wrap.pl
SHA1 61377898e9d7cb06d370f45167a925e16736de70 t/wrapped-tests.bin
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
+Version: GnuPG v1.4.12 (Darwin)
-iEYEARECAAYFAk3M/5gACgkQdC8qQo5jWl6ejwCfYy2EE94jsoe1oY2w7Na3jSnX
-1fwAnRgS45SDoKjbLSH1+6z37NL/MpGI
-=NYb6
+iEYEARECAAYFAlGvpckACgkQtLPdNzw1AaCR9wCfZp9kU2M8/1xG/5Nac1G7g4dH
+rFwAnA5VfZ1qA17gOZF/sn/sRUhI6LwL
+=aUN8
-----END PGP SIGNATURE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Base.pm
new/Module-Signature-0.73/inc/Module/Install/Base.pm
--- old/Module-Signature-0.68/inc/Module/Install/Base.pm 2011-05-13
11:52:24.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/Base.pm 2013-06-05
22:55:33.000000000 +0200
@@ -4,7 +4,7 @@
use strict 'vars';
use vars qw{$VERSION};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.06';
}
# Suspend handler for "redefined" warnings
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Can.pm
new/Module-Signature-0.73/inc/Module/Install/Can.pm
--- old/Module-Signature-0.68/inc/Module/Install/Can.pm 2011-05-13
11:52:25.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/Can.pm 2013-06-05
22:55:34.000000000 +0200
@@ -3,13 +3,12 @@
use strict;
use Config ();
-use File::Spec ();
use ExtUtils::MakeMaker ();
use Module::Install::Base ();
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.06';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
@@ -29,7 +28,7 @@
eval { require $mod; $pkg->VERSION($ver || 0); 1 };
}
-# check if we can run some command
+# Check if we can run some command
sub can_run {
my ($self, $cmd) = @_;
@@ -38,14 +37,88 @@
for my $dir ((split /$Config::Config{path_sep}/, $ENV{PATH}), '.') {
next if $dir eq '';
- my $abs = File::Spec->catfile($dir, $_[1]);
+ require File::Spec;
+ my $abs = File::Spec->catfile($dir, $cmd);
return $abs if (-x $abs or $abs = MM->maybe_command($abs));
}
return;
}
-# can we locate a (the) C compiler
+# Can our C compiler environment build XS files
+sub can_xs {
+ my $self = shift;
+
+ # Ensure we have the CBuilder module
+ $self->configure_requires( 'ExtUtils::CBuilder' => 0.27 );
+
+ # Do we have the configure_requires checker?
+ local $@;
+ eval "require ExtUtils::CBuilder;";
+ if ( $@ ) {
+ # They don't obey configure_requires, so it is
+ # someone old and delicate. Try to avoid hurting
+ # them by falling back to an older simpler test.
+ return $self->can_cc();
+ }
+
+ # Do we have a working C compiler
+ my $builder = ExtUtils::CBuilder->new(
+ quiet => 1,
+ );
+ unless ( $builder->have_compiler ) {
+ # No working C compiler
+ return 0;
+ }
+
+ # Write a C file representative of what XS becomes
+ require File::Temp;
+ my ( $FH, $tmpfile ) = File::Temp::tempfile(
+ "compilexs-XXXXX",
+ SUFFIX => '.c',
+ );
+ binmode $FH;
+ print $FH <<'END_C';
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+
+int main(int argc, char **argv) {
+ return 0;
+}
+
+int boot_sanexs() {
+ return 1;
+}
+
+END_C
+ close $FH;
+
+ # Can the C compiler access the same headers XS does
+ my @libs = ();
+ my $object = undef;
+ eval {
+ local $^W = 0;
+ $object = $builder->compile(
+ source => $tmpfile,
+ );
+ @libs = $builder->link(
+ objects => $object,
+ module_name => 'sanexs',
+ );
+ };
+ my $result = $@ ? 0 : 1;
+
+ # Clean up all the build files
+ foreach ( $tmpfile, $object, @libs ) {
+ next unless defined $_;
+ 1 while unlink;
+ }
+
+ return $result;
+}
+
+# Can we locate a (the) C compiler
sub can_cc {
my $self = shift;
my @chunks = split(/ /, $Config::Config{cc}) or return;
@@ -78,4 +151,4 @@
__END__
-#line 156
+#line 236
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/External.pm
new/Module-Signature-0.73/inc/Module/Install/External.pm
--- old/Module-Signature-0.68/inc/Module/Install/External.pm 2011-05-13
11:52:26.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/External.pm 2013-06-05
22:55:34.000000000 +0200
@@ -8,11 +8,28 @@
use vars qw{$VERSION $ISCORE @ISA};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.06';
$ISCORE = 1;
@ISA = qw{Module::Install::Base};
}
+sub requires_xs {
+ my $self = shift;
+
+ # First check for the basic C compiler
+ $self->requires_external_cc;
+
+ # We need a C compiler that can build XS files
+ unless ( $self->can_xs ) {
+ print "Unresolvable missing external dependency.\n";
+ print "This package requires perl's header files.\n";
+ print STDERR "NA: Unable to build distribution on this
platform.\n";
+ exit(0);
+ }
+
+ 1;
+}
+
sub requires_external_cc {
my $self = shift;
@@ -41,7 +58,7 @@
$self->load('can_run');
# Locate the bin
- print "Locating required external dependency bin:$bin...";
+ print "Locating bin:$bin...";
my $found_bin = $self->can_run( $bin );
if ( $found_bin ) {
print " found at $found_bin.\n";
@@ -63,4 +80,4 @@
__END__
-#line 138
+#line 171
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Fetch.pm
new/Module-Signature-0.73/inc/Module/Install/Fetch.pm
--- old/Module-Signature-0.68/inc/Module/Install/Fetch.pm 2011-05-13
11:52:26.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/Fetch.pm 2013-06-05
22:55:34.000000000 +0200
@@ -6,7 +6,7 @@
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.06';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Makefile.pm
new/Module-Signature-0.73/inc/Module/Install/Makefile.pm
--- old/Module-Signature-0.68/inc/Module/Install/Makefile.pm 2011-05-13
11:52:24.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/Makefile.pm 2013-06-05
22:55:33.000000000 +0200
@@ -8,7 +8,7 @@
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.06';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
@@ -215,18 +215,22 @@
require ExtUtils::MakeMaker;
if ( $perl_version and $self->_cmp($perl_version, '5.006') >= 0 ) {
- # MakeMaker can complain about module versions that include
- # an underscore, even though its own version may contain one!
- # Hence the funny regexp to get rid of it. See RT #35800
- # for details.
- my $v = $ExtUtils::MakeMaker::VERSION =~ /^(\d+\.\d+)/;
- $self->build_requires( 'ExtUtils::MakeMaker' => $v );
- $self->configure_requires( 'ExtUtils::MakeMaker' => $v );
+ # This previous attempted to inherit the version of
+ # ExtUtils::MakeMaker in use by the module author, but this
+ # was found to be untenable as some authors build releases
+ # using future dev versions of EU:MM that nobody else has.
+ # Instead, #toolchain suggests we use 6.59 which is the most
+ # stable version on CPAN at time of writing and is, to quote
+ # ribasushi, "not terminally fucked, > and tested enough".
+ # TODO: We will now need to maintain this over time to push
+ # the version up as new versions are released.
+ $self->build_requires( 'ExtUtils::MakeMaker' => 6.59 );
+ $self->configure_requires( 'ExtUtils::MakeMaker' => 6.59 );
} else {
# Allow legacy-compatibility with 5.005 by depending on the
# most recent EU:MM that supported 5.005.
- $self->build_requires( 'ExtUtils::MakeMaker' => 6.42 );
- $self->configure_requires( 'ExtUtils::MakeMaker' => 6.42 );
+ $self->build_requires( 'ExtUtils::MakeMaker' => 6.36 );
+ $self->configure_requires( 'ExtUtils::MakeMaker' => 6.36 );
}
# Generate the MakeMaker params
@@ -241,7 +245,6 @@
'all_from' if you prefer) in Makefile.PL.
EOT
- $DB::single = 1;
if ( $self->tests ) {
my @tests = split ' ', $self->tests;
my %seen;
@@ -412,4 +415,4 @@
__END__
-#line 541
+#line 544
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Metadata.pm
new/Module-Signature-0.73/inc/Module/Install/Metadata.pm
--- old/Module-Signature-0.68/inc/Module/Install/Metadata.pm 2011-05-13
11:52:24.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/Metadata.pm 2013-06-05
22:55:33.000000000 +0200
@@ -6,7 +6,7 @@
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.06';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
@@ -151,15 +151,21 @@
sub install_as_vendor { $_[0]->installdirs('vendor') }
sub dynamic_config {
- my $self = shift;
- unless ( @_ ) {
- warn "You MUST provide an explicit true/false value to
dynamic_config\n";
- return $self;
+ my $self = shift;
+ my $value = @_ ? shift : 1;
+ if ( $self->{values}->{dynamic_config} ) {
+ # Once dynamic we never change to static, for safety
+ return 0;
}
- $self->{values}->{dynamic_config} = $_[0] ? 1 : 0;
+ $self->{values}->{dynamic_config} = $value ? 1 : 0;
return 1;
}
+# Convenience command
+sub static_config {
+ shift->dynamic_config(0);
+}
+
sub perl_version {
my $self = shift;
return $self->{values}->{perl_version} unless @_;
@@ -170,7 +176,7 @@
# Normalize the version
$version = $self->_perl_version($version);
- # We don't support the reall old versions
+ # We don't support the really old versions
unless ( $version >= 5.005 ) {
die "Module::Install only supports 5.005 or newer (use
ExtUtils::MakeMaker)\n";
}
@@ -515,6 +521,7 @@
'GNU Free Documentation license' => 'unrestricted', 1,
'GNU Affero General Public License' => 'open_source', 1,
'(?:Free)?BSD license' => 'bsd', 1,
+ 'Artistic license 2\.0' => 'artistic_2', 1,
'Artistic license' => 'artistic', 1,
'Apache (?:Software )?license' => 'apache', 1,
'GPL' => 'gpl', 1,
@@ -550,9 +557,9 @@
sub _extract_bugtracker {
my @links = $_[0] =~ m#L<(
- \Qhttp://rt.cpan.org/\E[^>]+|
- \Qhttp://github.com/\E[\w_]+/[\w_]+/issues|
- \Qhttp://code.google.com/p/\E[\w_\-]+/issues/list
+ https?\Q://rt.cpan.org/\E[^>]+|
+ https?\Q://github.com/\E[\w_]+/[\w_]+/issues|
+ https?\Q://code.google.com/p/\E[\w_\-]+/issues/list
)>#gx;
my %links;
@links{@links}=();
@@ -581,7 +588,7 @@
sub requires_from {
my $self = shift;
my $content = Module::Install::_readperl($_[0]);
- my @requires = $content =~
m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+([\d\.]+)/mg;
+ my @requires = $content =~
m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+(v?[\d\.]+)/mg;
while ( @requires ) {
my $module = shift @requires;
my $version = shift @requires;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Module-Signature-0.68/inc/Module/Install/ReadmeFromPod.pm
new/Module-Signature-0.73/inc/Module/Install/ReadmeFromPod.pm
--- old/Module-Signature-0.68/inc/Module/Install/ReadmeFromPod.pm
2011-05-13 11:52:24.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/ReadmeFromPod.pm
2013-06-05 22:55:34.000000000 +0200
@@ -7,29 +7,119 @@
use base qw(Module::Install::Base);
use vars qw($VERSION);
-$VERSION = '0.12';
+$VERSION = '0.20';
sub readme_from {
my $self = shift;
return unless $self->is_admin;
- my $file = shift || $self->_all_from
+ # Input file
+ my $in_file = shift || $self->_all_from
or die "Can't determine file to make readme_from";
- my $clean = shift;
- print "Writing README from $file\n";
+ # Get optional arguments
+ my ($clean, $format, $out_file, $options);
+ my $args = shift;
+ if ( ref $args ) {
+ # Arguments are in a hashref
+ if ( ref($args) ne 'HASH' ) {
+ die "Expected a hashref but got a ".ref($args)."\n";
+ } else {
+ $clean = $args->{'clean'};
+ $format = $args->{'format'};
+ $out_file = $args->{'output_file'};
+ $options = $args->{'options'};
+ }
+ } else {
+ # Arguments are in a list
+ $clean = $args;
+ $format = shift;
+ $out_file = shift;
+ $options = \@_;
+ }
+
+ # Default values;
+ $clean ||= 0;
+ $format ||= 'txt';
+
+ # Generate README
+ print "readme_from $in_file to $format\n";
+ if ($format =~ m/te?xt/) {
+ $out_file = $self->_readme_txt($in_file, $out_file, $options);
+ } elsif ($format =~ m/html?/) {
+ $out_file = $self->_readme_htm($in_file, $out_file, $options);
+ } elsif ($format eq 'man') {
+ $out_file = $self->_readme_man($in_file, $out_file, $options);
+ } elsif ($format eq 'pdf') {
+ $out_file = $self->_readme_pdf($in_file, $out_file, $options);
+ }
- require Pod::Text;
- my $parser = Pod::Text->new();
- open README, '> README' or die "$!\n";
- $parser->output_fh( *README );
- $parser->parse_file( $file );
if ($clean) {
- $self->clean_files('README');
+ $self->clean_files($out_file);
}
+
return 1;
}
+
+sub _readme_txt {
+ my ($self, $in_file, $out_file, $options) = @_;
+ $out_file ||= 'README';
+ require Pod::Text;
+ my $parser = Pod::Text->new( @$options );
+ open my $out_fh, '>', $out_file or die "Could not write file
$out_file:\n$!\n";
+ $parser->output_fh( *$out_fh );
+ $parser->parse_file( $in_file );
+ close $out_fh;
+ return $out_file;
+}
+
+
+sub _readme_htm {
+ my ($self, $in_file, $out_file, $options) = @_;
+ $out_file ||= 'README.htm';
+ require Pod::Html;
+ Pod::Html::pod2html(
+ "--infile=$in_file",
+ "--outfile=$out_file",
+ @$options,
+ );
+ # Remove temporary files if needed
+ for my $file ('pod2htmd.tmp', 'pod2htmi.tmp') {
+ if (-e $file) {
+ unlink $file or warn "Warning: Could not remove file '$file'.\n$!\n";
+ }
+ }
+ return $out_file;
+}
+
+
+sub _readme_man {
+ my ($self, $in_file, $out_file, $options) = @_;
+ $out_file ||= 'README.1';
+ require Pod::Man;
+ my $parser = Pod::Man->new( @$options );
+ $parser->parse_from_file($in_file, $out_file);
+ return $out_file;
+}
+
+
+sub _readme_pdf {
+ my ($self, $in_file, $out_file, $options) = @_;
+ $out_file ||= 'README.pdf';
+ eval { require App::pod2pdf; }
+ or die "Could not generate $out_file because pod2pdf could not be found\n";
+ my $parser = App::pod2pdf->new( @$options );
+ $parser->parse_from_file($in_file);
+ open my $out_fh, '>', $out_file or die "Could not write file
$out_file:\n$!\n";
+ select $out_fh;
+ $parser->output;
+ select STDOUT;
+ close $out_fh;
+ return $out_file;
+}
+
+
sub _all_from {
my $self = shift;
return unless $self->admin->{extensions};
@@ -44,5 +134,5 @@
__END__
-#line 112
+#line 254
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Scripts.pm
new/Module-Signature-0.73/inc/Module/Install/Scripts.pm
--- old/Module-Signature-0.68/inc/Module/Install/Scripts.pm 2011-05-13
11:52:25.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/Scripts.pm 2013-06-05
22:55:34.000000000 +0200
@@ -6,7 +6,7 @@
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.06';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/Win32.pm
new/Module-Signature-0.73/inc/Module/Install/Win32.pm
--- old/Module-Signature-0.68/inc/Module/Install/Win32.pm 2011-05-13
11:52:26.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/Win32.pm 2013-06-05
22:55:34.000000000 +0200
@@ -6,7 +6,7 @@
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.06';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install/WriteAll.pm
new/Module-Signature-0.73/inc/Module/Install/WriteAll.pm
--- old/Module-Signature-0.68/inc/Module/Install/WriteAll.pm 2011-05-13
11:52:26.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install/WriteAll.pm 2013-06-05
22:55:34.000000000 +0200
@@ -6,7 +6,7 @@
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.06';
@ISA = qw{Module::Install::Base};
$ISCORE = 1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/inc/Module/Install.pm
new/Module-Signature-0.73/inc/Module/Install.pm
--- old/Module-Signature-0.68/inc/Module/Install.pm 2011-05-13
11:52:23.000000000 +0200
+++ new/Module-Signature-0.73/inc/Module/Install.pm 2013-06-05
22:55:33.000000000 +0200
@@ -31,7 +31,7 @@
# This is not enforced yet, but will be some time in the next few
# releases once we can make sure it won't clash with custom
# Module::Install extensions.
- $VERSION = '1.00';
+ $VERSION = '1.06';
# Storage for the pseudo-singleton
$MAIN = undef;
@@ -451,7 +451,7 @@
}
sub _cmp ($$) {
- _version($_[0]) <=> _version($_[1]);
+ _version($_[1]) <=> _version($_[2]);
}
# Cloned from Params::Util::_CLASS
@@ -467,4 +467,4 @@
1;
-# Copyright 2008 - 2010 Adam Kennedy.
+# Copyright 2008 - 2012 Adam Kennedy.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Module-Signature-0.68/lib/Module/Signature.pm
new/Module-Signature-0.73/lib/Module/Signature.pm
--- old/Module-Signature-0.68/lib/Module/Signature.pm 2011-05-13
11:47:41.000000000 +0200
+++ new/Module-Signature-0.73/lib/Module/Signature.pm 2013-06-05
22:54:26.000000000 +0200
@@ -1,5 +1,5 @@
package Module::Signature;
-$Module::Signature::VERSION = '0.68';
+$Module::Signature::VERSION = '0.73';
use 5.005;
use strict;
@@ -18,6 +18,7 @@
use ExtUtils::Manifest ();
use Exporter;
+use File::Spec;
@EXPORT_OK = (
qw(sign verify),
@@ -143,7 +144,8 @@
}
sub _has_gpg {
- `gpg --version` =~ /GnuPG.*?(\S+)\s*$/m or return;
+ my $gpg = _which_gpg() or return;
+ `$gpg --version` =~ /GnuPG.*?(\S+)\s*$/m or return;
return $1;
}
@@ -213,6 +215,20 @@
or /~$/ or /\.old$/ or /\#$/ or /^\.#/;
}
+my $which_gpg;
+sub _which_gpg {
+ # Cache it so we don't need to keep checking.
+ return $which_gpg if $which_gpg;
+
+ for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') {
+ my $version = `$gpg_bin --version 2>&1`;
+ if( $version && $version =~ /GnuPG/ ) {
+ $which_gpg = $gpg_bin;
+ return $which_gpg;
+ }
+ }
+}
+
sub _verify_gpg {
my ($sigtext, $plaintext, $version) = @_;
@@ -221,9 +237,10 @@
my $keyserver = _keyserver($version);
+ my $gpg = _which_gpg();
my @quiet = $Verbose ? () : qw(-q --logger-fd=1);
my @cmd = (
- qw(gpg --verify --batch --no-tty), @quiet, ($KeyServer ? (
+ $gpg, qw(--verify --batch --no-tty), @quiet, ($KeyServer ? (
"--keyserver=$keyserver",
($AutoKeyRetrieve and $version ge '1.0.7')
? '--keyserver-options=auto-key-retrieve'
@@ -380,8 +397,10 @@
die "Could not write to $sigfile"
if -e $sigfile and (-d $sigfile or not -w $sigfile);
+ my $gpg = _which_gpg();
+
local *D;
- open D, "| gpg --clearsign >> $sigfile.tmp" or die "Could not call gpg:
$!";
+ open D, "| $gpg --clearsign >> $sigfile.tmp" or die "Could not call $gpg:
$!";
print D $plaintext;
close D;
@@ -410,7 +429,7 @@
# This doesn't work because the output from verify goes to STDERR.
# If I try to redirect it using "--logger-fd 1" it just hangs.
# WTF?
- my @verify = `gpg --batch --verify $SIGNATURE`;
+ my @verify = `$gpg --batch --verify $SIGNATURE`;
while (@verify) {
if (/key ID ([0-9A-F]+)$/) {
$key_id = $1;
@@ -423,7 +442,7 @@
my $found_key;
if (defined $key_id && defined $key_name) {
my $keyserver = _keyserver($version);
- while (`gpg --batch --keyserver=$keyserver --search-keys '$key_name'`)
{
+ while (`$gpg --batch --keyserver=$keyserver --search-keys
'$key_name'`) {
if (/^\(\d+\)/) {
$found_name = 0;
} elsif ($found_name) {
@@ -514,18 +533,23 @@
sub _digest_object {
my($algorithm) = @_;
+
+ # Avoid loading Digest::* from relative paths in @INC.
+ local @INC = grep { File::Spec->file_name_is_absolute($_) } @INC;
+
+ # Constrain algorithm name to be of form ABC123.
+ my ($base, $variant) = ($algorithm =~ /^([_a-zA-Z]+)([0-9]+)$/g)
+ or die "Malformed algorithm name: $algorithm (should match
/\\w+\\d+/)";
+
my $obj = eval { Digest->new($algorithm) } || eval {
- my ($base, $variant) = ($algorithm =~ /^(\w+?)(\d+)$/g) or die;
require "Digest/$base.pm"; "Digest::$base"->new($variant)
} || eval {
require "Digest/$algorithm.pm"; "Digest::$algorithm"->new
} || eval {
- my ($base, $variant) = ($algorithm =~ /^(\w+?)(\d+)$/g) or die;
require "Digest/$base/PurePerl.pm";
"Digest::$base\::PurePerl"->new($variant)
} || eval {
require "Digest/$algorithm/PurePerl.pm";
"Digest::$algorithm\::PurePerl"->new
} or do { eval {
- my ($base, $variant) = ($algorithm =~ /^(\w+?)(\d+)$/g) or die;
warn "Unknown cipher: $algorithm, please install Digest::$base,
Digest::$base$variant, or Digest::$base\::PurePerl\n";
} and return } or do {
warn "Unknown cipher: $algorithm, please install
Digest::$algorithm\n"; return;
@@ -918,6 +942,8 @@
L<Module::Install>, L<ExtUtils::MakeMaker>, L<Module::Build>
+L<Dist::Zilla::Plugin::Signature>
+
=head1 AUTHORS
唐鳳 E<lt>c...@audreyt.orge<gt>
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
