commit perl-Module-Signature.4510 for openSUSE:13.2:Update
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package perl-Module-Signature.4510 for openSUSE:13.2:Update checked in at 2016-01-19 09:04:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/perl-Module-Signature.4510 (Old) and /work/SRC/openSUSE:13.2:Update/.perl-Module-Signature.4510.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "perl-Module-Signature.4510" Changes: -------- New Changes file: --- /dev/null 2015-12-29 16:09:11.912035506 +0100 +++ /work/SRC/openSUSE:13.2:Update/.perl-Module-Signature.4510.new/perl-Module-Signature.changes 2016-01-19 09:04:53.000000000 +0100 @@ -0,0 +1,187 @@ +------------------------------------------------------------------- +Fri Jan 8 21:30:32 UTC 2016 - chris@computersalat.de + +- fix for boo#928382 + (CVE-2015-3406, CVE-2015-3407, CVE-2015-3408, CVE-2015-3409) + +------------------------------------------------------------------- +Tue May 19 08:27:48 UTC 2015 - coolo@suse.com + +- updated to 0.79 + see /usr/share/doc/packages/perl-Module-Signature/Changes + + [Changes for 0.79 - Mon May 18 23:02:11 CST 2015] + + * Restore "cpansign --skip" functionality. + + Contributed by: CLOOS + +------------------------------------------------------------------- +Fri Apr 17 09:13:22 UTC 2015 - coolo@suse.com + +- updated to 0.78 + see /usr/share/doc/packages/perl-Module-Signature/Changes + + [Changes for 0.78 - Thu Apr 9 16:58:27 CST 2015] + + * Fix verify() use from cpanm and CPAN.pm. + + Contributed by: ANDK + + [Changes for 0.77 - Wed Apr 8 19:36:50 CST 2015] + + * Include the latest public keys of PAUSE, ANDK and AUDREYT. + + * Clarify scripts/cpansign copyright to CC0. + + Reported by: @pghmcfc + + [Changes for 0.76 - Wed Apr 8 18:05:48 CST 2015] + + * Fix signature tests by defaulting to verify(skip=>1) + when $ENV{TEST_SIGNATURE} is true. + + Reported by: @pghmcfc + + [Changes for 0.75 - Tue Apr 7 04:56:09 CST 2015] + + Two more issues reported by John Lightsey: + + * Update ChangeLog. + + * More protection of @INC from relative paths. (CVE-2015-3409) + + Fix various issues reported by John Lightsey: + + [Changes for 0.74 - Tue Apr 7 02:39:14 CST 2015] + + Fix various issues reported by John Lightsey: + + * Fix GPG signature parsing logic. (CVE-2015-3406) + + * MANIFEST.SKIP is no longer consulted unless --skip is given. (CVE-2015-3407) + + * Properly use open() modes to avoid injection attacks. (CVE-2015-3408) + +------------------------------------------------------------------- +Sun Aug 4 15:26:25 UTC 2013 - coolo@suse.com + +- fix souce url + +------------------------------------------------------------------- +Wed Jul 3 19:14:29 UTC 2013 - chris@computersalat.de + +- update to 0.73 + * fix for bnc#828010 (CVE-2013-2145) + https://bugzilla.novell.com/process_bug.cgi + https://bugzilla.redhat.com/show_bug.cgi?id=971096 + * Properly redo the previous fix using File::Spec->file_name_is_absolute. +- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013] + * Only allow loading Digest::* from absolute paths in @INC, + by ensuring they begin with \ or / characters. + Contributed by: Florian Weimer (CVE-2013-2145) +- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013] + * Constrain the user-specified digest name to /^\w+\d+$/. + * Avoid loading Digest::* from relative paths in @INC. + Contributed by: Florian Weimer (CVE-2013-2145) +- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012] + * Don't check gpg version if gpg does not exist. + This avoids unnecessary warnings during installation + when gpg executable is not installed. + Contributed by: Kenichi Ishigaki +- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012] + * Support for gpg under these alternate names: + gpg gpg2 gnupg gnupg2 + Contributed by: Michael Schwern + +------------------------------------------------------------------- +Mon Dec 19 08:35:22 UTC 2011 - cfarrell@suse.com + +- license update: CC0-1.0 and (GPL-1.0+ or Artistic-1.0) + License purports to be CC zero, not CC-BY. Also, see the script/cpansign + and Module/Signature (line 88+) files for Perl licenses + +------------------------------------------------------------------- +Thu Dec 15 09:56:56 UTC 2011 - coolo@suse.com + +- regenerate with cpanspec to fix requires/buildrequires + +------------------------------------------------------------------- +Wed Dec 14 12:14:47 UTC 2011 - coolo@suse.com + +- update to 0.68 + * Fix breakage introduced by 0.67 (Andreas König). + * Better handling of \r (Andreas König, Zefram) + +------------------------------------------------------------------- +Wed Dec 14 12:12:55 UTC 2011 - coolo@suse.com + +- fix license to be in spdx.org format + +------------------------------------------------------------------- +Tue Nov 30 19:20:34 UTC 2010 - coolo@novell.com + +- switch to perl_requires macro + +------------------------------------------------------------------- +Wed Sep 8 21:51:34 UTC 2010 - chris@computersalat.de + +- update to 0.66 + * Fix incompatibility with EU::Manifest 1.54 to 1.57 + (Paul Howarth) (Closes RT#61124). + +------------------------------------------------------------------- +Sat Sep 4 17:36:16 UTC 2010 - chris@computersalat.de + +- update to 0.65 + * Skip MYMETA (Alexandr Ciornii) + +------------------------------------------------------------------- +Sat Jul 24 12:56:18 UTC 2010 - chris@computersalat.de + +- removed UTF-8 chars from changes + +------------------------------------------------------------------- +Wed Jul 21 14:51:26 UTC 2010 - chris@computersalat.de + +- update to 0.64 + * Avoid creating gnupg configuration files for the user invoking Makefile.PL + (Closes RT#41978). + * Correctly detect the version of gnupg on cygwin and add tests for it + (Paul Fenwick) (Closes RT#39258). +- [Changes for 0.63 - Sun, 28 Mar 2010 04:46:27 +0100] + * Fix diagnostic message from Makefile.PL when the user dosn't have gnupg or + Crypt::OpenPGP (miyagawa). +- [Changes for 0.62 - Tue, 23 Mar 2010 22:17:39 +0100] + * Change the default keyserver from the outdated pgp.mit.edu to + pool.sks-keyservers.net. +- [Changes for 0.61 - Thu, 19 Mov 2009 00:56:41 CST] + * Added "=encoding utf8" to POD to fix author name display. + No functional changes. +- [Changes for 0.60 - Mon, 16 Nov 2009 22:48:54 CST] + * LICENSING CHANGE: This compilation and all individual files in it + are now under the nullary CC0 1.0 Universal terms: + To the extent possible under law, <cpan@audreyt.org> has waived all + copyright and related or neighboring rights to Module-Signature. + * Updated Module::Install to 0.91, prompted by Florian Ragwitz. +- recreated by cpanspec 1.78 +- noarch pkg + +------------------------------------------------------------------- +Sat Jul 25 19:41:01 CEST 2009 - chris@computersalat.de + +- spec mods + * removed ^---------- + * removed ^#--------- + +------------------------------------------------------------------- +Sat Jun 27 13:23:40 CEST 2009 - chris@computersalat.de + +- fixed deps + o changed Digest::SHA1 to Digest::SHA + +------------------------------------------------------------------- +Fri Jun 26 14:43:23 CEST 2009 - chris@computersalat.de + +- initial package 0.55 + New: ---- Module-Signature-0.79.tar.gz cpanspec.yml perl-Module-Signature.changes perl-Module-Signature.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Module-Signature.spec ++++++ # # spec file for package perl-Module-Signature # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: perl-Module-Signature Version: 0.79 Release: 0 #Upstream: CHECK(GPL-1.0+ or Artistic-1.0) %define cpan_name Module-Signature Summary: Module signature file manipulation License: CC0-1.0 and (GPL-1.0+ or Artistic-1.0) Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/Module-Signature/ Source0: http://www.cpan.org/authors/id/A/AU/AUDREYT/%{cpan_name}-%{version}.tar.gz Source1: cpanspec.yml BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros BuildRequires: perl(IPC::Run) %{perl_requires} # MANUAL BEGIN BuildRequires: gpg Requires: gpg # MANUAL END %description *Module::Signature* adds cryptographic authentications to CPAN distributions, via the special _SIGNATURE_ file. If you are a module user, all you have to do is to remember to run 'cpansign -v' (or just 'cpansign') before issuing 'perl Makefile.PL' or 'perl Build.PL'; that will ensure the distribution has not been tampered with. Module authors can easily add the _SIGNATURE_ file to the distribution tarball; see the /NOTES manpage below for how to do it as part of 'make dist'. If you _really_ want to sign a distribution manually, simply add 'SIGNATURE' to _MANIFEST_, then type 'cpansign -s' immediately before 'make dist'. Be sure to delete the _SIGNATURE_ file afterwards. Please also see the /NOTES manpage about _MANIFEST.SKIP_ issues, especially if you are using *Module::Build* or writing your own _MANIFEST.SKIP_. %prep %setup -q -n %{cpan_name}-%{version} %build %{__perl} Makefile.PL INSTALLDIRS=vendor %{__make} %{?_smp_mflags} %check %{__make} test %install %perl_make_install %perl_process_packlist %perl_gen_filelist %files -f %{name}.files %defattr(-,root,root,755) %doc ANDK2015.pub AUDREYT2015.pub AUTHORS Changes PAUSE2017.pub README %changelog ++++++ cpanspec.yml ++++++ --- #description_paragraphs: 3 #no_testing: broken upstream #sources: # - source1 # - source2 #patches: # foo.patch: -p1 # bar.patch: preamble: |- BuildRequires: gpg Requires: gpg #post_prep: |- # hunspell=`pkg-config --libs hunspell | sed -e 's,-l,,; s, *,,g'` # sed -i -e "s,hunspell-X,$hunspell," t/00-prereq.t Makefile.PL #post_install: |- # sed on %{name}.files license: CC0-1.0 and (GPL-1.0+ or Artistic-1.0) #skip_noarch: 1 #custom_build: - #./Build build flags=%{?_smp_mflags} --myflag
participants (1)
-
root@hilbert.suse.de