Hello community, here is the log from the commit of package perl-Perl-Version for openSUSE:Factory checked in at 2014-03-19 08:02:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Perl-Version (Old) and /work/SRC/openSUSE:Factory/.perl-Perl-Version.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Perl-Version" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Perl-Version/perl-Perl-Version.changes 2011-09-23 12:38:33.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Perl-Version.new/perl-Perl-Version.changes 2014-03-19 08:02:30.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Mar 17 08:29:25 UTC 2014 - co...@suse.com + +- updated to 1.013 + Remove File::Slurp, which has a critical security issue (RT 92974) + +------------------------------------------------------------------- Old: ---- Perl-Version-1.011.tar.gz New: ---- Perl-Version-1.013.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Perl-Version.spec ++++++ --- /var/tmp/diff_new_pack.uGpR7o/_old 2014-03-19 08:02:30.000000000 +0100 +++ /var/tmp/diff_new_pack.uGpR7o/_new 2014-03-19 08:02:30.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package perl-Perl-Version # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,22 +16,21 @@ # - Name: perl-Perl-Version -Version: 1.011 -Release: 1 -License: GPL-1.0+ or Artistic-1.0 +Version: 1.013 +Release: 0 %define cpan_name Perl-Version Summary: Parse and manipulate Perl version strings -Url: http://search.cpan.org/dist/Perl-Version/ +License: Artistic-1.0 or GPL-1.0+ Group: Development/Libraries/Perl -Source: http://www.cpan.org/authors/id/A/AN/ANDYA/%{cpan_name}-%{version}.tar.gz +Url: http://search.cpan.org/dist/Perl-Version/ +Source: http://www.cpan.org/authors/id/B/BD/BDFOY/%{cpan_name}-%{version}.tar.gz BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros -BuildRequires: perl(File::Slurp) >= 9999.12 -Requires: perl(File::Slurp) >= 9999.12 +BuildRequires: perl(File::Slurp::Tiny) +Requires: perl(File::Slurp::Tiny) %{perl_requires} %description @@ -107,9 +106,6 @@ %perl_process_packlist %perl_gen_filelist -%clean -%{__rm} -rf %{buildroot} - %files -f %{name}.files %defattr(-,root,root,755) %doc Changes examples Notes.txt README ++++++ Perl-Version-1.011.tar.gz -> Perl-Version-1.013.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/Changes new/Perl-Version-1.013/Changes --- old/Perl-Version-1.011/Changes 2011-02-21 22:31:04.000000000 +0100 +++ new/Perl-Version-1.013/Changes 2014-02-12 21:53:33.000000000 +0100 @@ -85,3 +85,6 @@ 1.011 2011-02-21 Remove Build.PL which didn't install perl-reversion. +1.013 2014-02-12 + Remove File::Slurp, which has a critical security issue (RT 92974) + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/MANIFEST new/Perl-Version-1.013/MANIFEST --- old/Perl-Version-1.011/MANIFEST 2011-02-21 22:31:19.000000000 +0100 +++ new/Perl-Version-1.013/MANIFEST 2014-02-12 21:56:36.000000000 +0100 @@ -14,5 +14,5 @@ t/manifest.t t/pod-coverage.t t/pod.t -META.yml Module meta-data (added by MakeMaker) -SIGNATURE Public-key signature (added by MakeMaker) +META.yml Module YAML meta-data (added by MakeMaker) +META.json Module JSON meta-data (added by MakeMaker) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/META.json new/Perl-Version-1.013/META.json --- old/Perl-Version-1.011/META.json 1970-01-01 01:00:00.000000000 +0100 +++ new/Perl-Version-1.013/META.json 2014-02-12 21:56:36.000000000 +0100 @@ -0,0 +1,47 @@ +{ + "abstract" : "Parse and manipulate Perl version strings", + "author" : [ + "Andy Armstrong <a...@hexten.net>" + ], + "dynamic_config" : 1, + "generated_by" : "ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version 2.132830", + "license" : [ + "perl_5" + ], + "meta-spec" : { + "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", + "version" : "2" + }, + "name" : "Perl-Version", + "no_index" : { + "directory" : [ + "t", + "inc" + ] + }, + "prereqs" : { + "build" : { + "requires" : { + "ExtUtils::MakeMaker" : "0" + } + }, + "configure" : { + "requires" : { + "ExtUtils::MakeMaker" : "0" + } + }, + "runtime" : { + "requires" : { + "Carp" : "0", + "Data::Dumper" : "0", + "File::Slurp::Tiny" : "0", + "Getopt::Long" : "2.34", + "Pod::Usage" : "1.3", + "Scalar::Util" : "0", + "Test::More" : "0" + } + } + }, + "release_status" : "stable", + "version" : "1.013" +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/META.yml new/Perl-Version-1.013/META.yml --- old/Perl-Version-1.011/META.yml 2011-02-21 22:31:19.000000000 +0100 +++ new/Perl-Version-1.013/META.yml 2014-02-12 21:56:35.000000000 +0100 @@ -1,26 +1,28 @@ ---- #YAML:1.0 -name: Perl-Version -version: 1.011 -abstract: Parse and manipulate Perl version strings +--- +abstract: 'Parse and manipulate Perl version strings' author: - - Andy Armstrong <a...@hexten.net> -license: perl -distribution_type: module -configure_requires: - ExtUtils::MakeMaker: 0 + - 'Andy Armstrong <a...@hexten.net>' build_requires: - ExtUtils::MakeMaker: 0 -requires: - File::Slurp: 9999.12 - Getopt::Long: 2.34 - Pod::Usage: 1.3 - Scalar::Util: 0 - Test::More: 0 -no_index: - directory: - - t - - inc -generated_by: ExtUtils::MakeMaker version 6.56 + ExtUtils::MakeMaker: 0 +configure_requires: + ExtUtils::MakeMaker: 0 +dynamic_config: 1 +generated_by: 'ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version 2.132830' +license: perl meta-spec: - url: http://module-build.sourceforge.net/META-spec-v1.4.html - version: 1.4 + url: http://module-build.sourceforge.net/META-spec-v1.4.html + version: 1.4 +name: Perl-Version +no_index: + directory: + - t + - inc +requires: + Carp: 0 + Data::Dumper: 0 + File::Slurp::Tiny: 0 + Getopt::Long: 2.34 + Pod::Usage: 1.3 + Scalar::Util: 0 + Test::More: 0 +version: 1.013 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/Makefile.PL new/Perl-Version-1.013/Makefile.PL --- old/Perl-Version-1.011/Makefile.PL 2010-09-19 17:29:33.000000000 +0200 +++ new/Perl-Version-1.013/Makefile.PL 2014-02-12 21:55:04.000000000 +0100 @@ -12,19 +12,19 @@ ABSTRACT_FROM => 'lib/Perl/Version.pm', PL_FILES => {}, PREREQ_PM => { - 'Test::More' => 0, - 'Scalar::Util' => 0, - 'Getopt::Long' => '2.34', - 'Pod::Usage' => '1.3', - 'File::Slurp' => '9999.12', + 'Carp' => 0, + 'Test::More' => 0, + 'Scalar::Util' => 0, + 'Getopt::Long' => '2.34', + 'Pod::Usage' => '1.3', + 'File::Slurp::Tiny' => 0, + 'Data::Dumper' => 0, }, EXE_FILES => ['examples/perl-reversion'], dist => { COMPRESS => 'gzip -9f', SUFFIX => 'gz', }, clean => { FILES => 'Perl-Version-*' }, ); -$ARGS{SIGN} = 1 if MM->can( 'signature_target' ); - WriteMakefile( %ARGS ); sub license { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/README new/Perl-Version-1.013/README --- old/Perl-Version-1.011/README 2010-09-19 17:39:22.000000000 +0200 +++ new/Perl-Version-1.013/README 2014-01-17 21:25:44.000000000 +0100 @@ -1,4 +1,4 @@ -Perl-Version version 1.011 +Perl-Version version 1.012 INSTALLATION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/SIGNATURE new/Perl-Version-1.013/SIGNATURE --- old/Perl-Version-1.011/SIGNATURE 2011-02-21 22:31:23.000000000 +0100 +++ new/Perl-Version-1.013/SIGNATURE 1970-01-01 01:00:00.000000000 +0100 @@ -1,40 +0,0 @@ -This file contains message digests of all files listed in MANIFEST, -signed via the Module::Signature module, version 0.66. - -To verify the content in this distribution, first make sure you have -Module::Signature installed, then type: - - % cpansign -v - -It will check each file's integrity, as well as the signature's -validity. If "==> Signature verified OK! <==" is not displayed, -the distribution may already have been compromised, and you should -not run its Makefile.PL or Build.PL. - ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -SHA1 f608b641f1d2c03d464ed57dd902577b462bc317 Changes -SHA1 3ee18e11b53afc35131b767e7248fef6c3960d1d MANIFEST -SHA1 d2d25536c5fcbba6b0dd2416a4b16bc1c20e52fb META.yml -SHA1 1b710a676c5e8b43f645d7fe9d4422a7a3c99d98 Makefile.PL -SHA1 df4661cecee13af66d38c6db4f7a7c2f5543b011 Notes.txt -SHA1 750ad8c2772cda279c5311d58d775812c5daac1e README -SHA1 12a61c08de4f12417ea341e9d27d840ccd9f493b examples/perl-reversion -SHA1 8c66bd4c8ea5ed18091e8ec58a8af97292a63a08 lib/Perl/Version.pm -SHA1 971de73a2bff6e5c7540297c67abe34b44edcff6 t/00.load.t -SHA1 bf558d22ecaeb972056f5f7688222de665557e1f t/05.misc.t -SHA1 4921e1494d235523cfe2381cdba207cb8a3a78c5 t/10.regression.t -SHA1 74d1747a052aeed0c9d5f56741366dac04ce4ff2 t/20.compare.t -SHA1 b7f0172a33387d1c19d76ff118a75315c5db05be t/30.vstring.t -SHA1 9a481567413161104cab15df09811c5a3b85775e t/40.perl-reversion.t -SHA1 8c049d1fe65af78a4c01ebcc7d81f37b65b15738 t/manifest.t -SHA1 cdb839a1f20c8c7f83565960e0da0b34ddbc87db t/pod-coverage.t -SHA1 0190346d7072d458c8a10a45c19f86db641dcc48 t/pod.t ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (Darwin) - -iEYEARECAAYFAk1i2agACgkQwoknRJZQnCFbggCeO5g3Xe9QfPwRyUgG1+fDX6Fl -5MIAniNOgbKiagLAuDBP2+eE1lFemYJ0 -=RWMo ------END PGP SIGNATURE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/examples/perl-reversion new/Perl-Version-1.013/examples/perl-reversion --- old/Perl-Version-1.011/examples/perl-reversion 2010-09-26 19:53:10.000000000 +0200 +++ new/Perl-Version-1.013/examples/perl-reversion 2014-02-12 21:46:27.000000000 +0100 @@ -8,10 +8,11 @@ use strict; use warnings; use Perl::Version; +use Carp qw(croak); use Getopt::Long; use Pod::Usage; use File::Spec; -use File::Slurp; +use File::Slurp::Tiny qw(read_lines); use File::Basename; # Files that suggest that we have a project directory. The scores next @@ -21,10 +22,12 @@ my %PROJECT_SIGNATURE = ( 'Makefile.PL' => 0.4, 'Build.PL' => 0.4, + 'dist.ini' => 0.4, 'MANIFEST' => 0.4, 't/' => 0.4, 'lib/' => 0.4, 'Changes' => 0.4, + 'xt/' => 0.4, ); my $MODULE_RE = qr{ [.] pm $ }x; @@ -212,25 +215,25 @@ my $ver_re = shift; return - qr{ ^ ( .*? [\$\*] (?: \w+ (?: :: | ' ) )* VERSION \s* = \D* ) + qr{ ^ ( .*? [\$\*] (?: \w+ (?: :: | ' ) )* VERSION \s* = \D*? ) $ver_re - ( .* ) $ }x; + ( .* \s*) \z }x; } sub version_re_pod { my $ver_re = shift; - return qr{ ^ ( .*? (?i: version ) .*? ) $ver_re ( .* ) $ }x; + return qr{ ^ ( .*? (?i: version ) .*? ) $ver_re ( .* \s*) \z }x; } sub version_re_plain { my $ver_re = shift; - return qr{ ^ ( .*? ) $ver_re ( .* ) $ }x; + return qr{ ^ ( .*? ) $ver_re ( .* \s* ) \z }x; } sub version_re_meta { my ( $indent, $ver_re ) = @_; - return qr{ ^ ( $indent version: \s* ) $ver_re ( \s* ) $ }x; + return qr{ ^ ( $indent version: \s* ) $ver_re ( \s* ) }x; } sub set_versions { @@ -259,7 +262,7 @@ } $info->{lines}[ $edit->{line} ] - = $edit->{pre} . $edit->{ver} . $edit->{post} . "\n"; + = $edit->{pre} . $edit->{ver} . $edit->{post}; $info->{dirty}++; } } @@ -441,9 +444,9 @@ for my $doc ( keys %$docs ) { - #note( "Loading $doc\n" ); + #note( "Loading $doc\n" ); $docs->{$doc} = { - lines => read_file( $doc, array_ref => 1 ), + lines => read_lines( $doc, binmode => ':raw', array_ref => 1 ), dirty => 0, }; $docs->{$doc}{type} = guess_type( $doc, $docs->{$doc} ); @@ -461,7 +464,10 @@ } else { note( "Saving $doc\n" ); - write_file( $doc, { atomic => 1 }, $docs->{$doc}{lines} ); + open my $fh, '>:raw', $doc or croak "Could not open file $doc: $!\n"; + $fh->autoflush(1); + print $fh @{ $docs->{$doc}{lines} }; + close $fh; } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/lib/Perl/Version.pm new/Perl-Version-1.013/lib/Perl/Version.pm --- old/Perl-Version-1.011/lib/Perl/Version.pm 2010-09-19 17:39:22.000000000 +0200 +++ new/Perl-Version-1.013/lib/Perl/Version.pm 2014-02-12 21:51:57.000000000 +0100 @@ -5,7 +5,7 @@ use Carp; use Scalar::Util qw( blessed ); -our $VERSION = '1.011'; +our $VERSION = '1.013'; use overload ( '""' => \&stringify, @@ -371,7 +371,7 @@ =head1 VERSION -This document describes Perl::Version version 1.011 +This document describes Perl::Version version 1.013 =head1 SYNOPSIS @@ -520,7 +520,7 @@ Fielded numeric versions. You'll likely have seen this in relation to versions of Perl itself. If a version string has a single decimal point -and the part after the point is three more more digits long components +and the part after the point is three more more digits long, components are extracted from each group of three digits in the fractional part. For example @@ -919,7 +919,7 @@ =item C<< <=> >> and C<< cmp >> The C<< <=> >> and C<< cmp >> operators are overloaded (by the L<vcmp> -method) so that comparisions between versions work as expected. This +method) so that comparisons between versions work as expected. This means that the other numeric and string comparison operators also work as expected. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Perl-Version-1.011/t/40.perl-reversion.t new/Perl-Version-1.013/t/40.perl-reversion.t --- old/Perl-Version-1.011/t/40.perl-reversion.t 2009-05-29 17:52:10.000000000 +0200 +++ new/Perl-Version-1.013/t/40.perl-reversion.t 2014-02-12 21:39:33.000000000 +0100 @@ -7,6 +7,8 @@ use File::Path qw(mkpath); use File::Spec; use FileHandle; +use File::Slurp::Tiny qw(read_file); +use Data::Dumper; if ( $^O =~ /MSWin32/ ) { plan skip_all => 'cannot run on Windows'; @@ -20,7 +22,7 @@ if ( system( "$RUN -quiet" ) ) { plan skip_all => 'cannot run perl-reversion, skipping its tests'; } -plan tests => 20; +plan tests => 44; my $dir = File::Temp::tempdir( CLEANUP => 1 ); @@ -56,25 +58,61 @@ my ( $name, $content, $code ) = @_; my $fh = FileHandle->new( "> $dir/$name" ) or die "Can't open $dir/$name: $!"; + binmode $fh; print $fh $content; close $fh; $code->(); unlink "$dir/$name" or die "Can't unlink $dir/$name: $!"; } +sub count_newlines { + my @newlines= ("\x{0d}\x{0a}","\x{0d}","\x{0a}"); + my %result; + for my $name (@_) { + my $content= read_file($name, binmode => ':raw' ); + + $result{ $name }= +{ + map { + my $key= unpack 'H*', $_; + my $count =()= $content=~ /$_/g; + $key=>$count + } @newlines + }; + }; + %result +}; + +sub ok_newlines { + my( $name, %expected ) = @_; + my %got= count_newlines( keys %expected ); + + is_deeply \%got, \%expected, + "$name - All newlines remain intact" + or diag Dumper [ \%expected, \%got ]; +}; + + sub runtests { my ( $name, $version ) = @_; + + # Check that we keep line endings consistent: + my @files= (grep { -f } glob( "$dir/*" ), glob( "$dir/*/*" ) ); + my %newlines= count_newlines( @files ); + is_deeply( find( $dir ), { found => '1.2.3' }, "found in $name" ); is_deeply( find( $dir, "-current=1.2" ), {}, "partial does not match" ); _run( $dir, '-set', '1.2' ); + ok_newlines( "$name -set", %newlines ); _run( $dir, '-bump' ); + ok_newlines( "$name -bump", %newlines ); is_deeply( find( $dir ), { found => '1.3', }, "-bump did not extend version" ); my $rv = _run( $dir, '-bump-subversion', '2>&1' ); + ok_newlines( "$name -bump-subversion", %newlines ); like( $rv->{output}, qr/version 1\.3 does not have 'subversion' component/, @@ -131,8 +169,27 @@ ); with_file( + "Foo.pm", <<'END', +package Foo; +our $VERSION = version->declare('v1.2.3'); +1; +END + sub { + is_deeply( find( $dir ), { found => 'v1.2.3' }, "found in pm" ); + _run( $dir, '-set', '1.2' ); + _run( $dir, '-bump' ); + is_deeply( find( $dir ), { found => 'v1.3' }, "bump subversion with v prefix" ); + }, +); + +with_file( README => <<'END', This README describes version 1.2.3 of Flurble. END sub { runtests( plain => "1.2.3" ) }, ); + +with_file( + README => "This README describes\x{0d}\x{0a}version 1.2.3 of\x{0d}\x{0a}Flurble.\x{0a}", + sub { runtests( newlines => "1.2.3" ) }, +); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org