Hello community, here is the log from the commit of package perl-YAML-LibYAML.3521 for openSUSE:13.1:Update checked in at 2015-02-18 16:05:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/perl-YAML-LibYAML.3521 (Old) and /work/SRC/openSUSE:13.1:Update/.perl-YAML-LibYAML.3521.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "perl-YAML-LibYAML.3521" Changes: -------- New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.perl-YAML-LibYAML.3521.new/perl-YAML-LibYAML.changes 2015-02-18 16:05:35.000000000 +0100 @@ -0,0 +1,87 @@ +------------------------------------------------------------------- +Tue Feb 10 10:24:37 UTC 2015 - vcizek@suse.com + +- update to 0.59 +- this update fixes 3 vulnerabilities in the embedded LibYAML: + * CVE-2014-9130: libyaml: assert failure when processing + wrapped strings (bnc#907809) + * CVE-2014-2525: libyaml: heap overflow during parsing (bnc#868944) + * CVE-2013-6393: libyaml: heap based buffer, overflow due to + integer misuse (bnc#860617) +- dropped CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch (upstream) +- upstream changelog: + * PR/23 Better scalar dump heuristics + * More closely match YAML.pm + * Add a VERSION statement to YAML::LibYAML (issue#8) + * Applied fix for PR/21. nawglan++ + * Use Swim cpan-tail block functions in doc + * Get YAML::XS using latest libyaml + * Fix for + https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failu... + * Fix e1 test failure on 5.21.4 + * Remove =travis section + * Meta 0.0.2 + * Eliminate spurious trailing whitespace + * Add t/000-compile-modules.t + * Fix swim errors + * Add badges to doc + * Fix ReadMe + * Fix Meta and add Contributing. + - Doc fix. GitHub-Issue-#6. Thanks to Debian Perl Group for finding this. + - Test::Base tests needed 'inc' in @INC + - Switch to Zilla::Dist + - No longer dep on Test::Base, Spiffy, and Filter::Util::Call + - Remove test/changes.t + - Removed another C++ // style comment. jdb++ + - Removed C++ // style comments, for better portability. jdb++ + - Using the latest libyaml codebase + - https://github.com/yaml/libyaml/tree/perl-yaml-xs + - Changes have been made to start moving libyaml to 1.2 + +------------------------------------------------------------------- +Wed May 30 07:57:03 UTC 2012 - coolo@suse.com + +- updated to 0.38 + - Apply SPROUT++ deparse test patch. Thanks! + +------------------------------------------------------------------- +Wed Apr 25 23:01:47 UTC 2012 - pascal.bleser@opensuse.org + +- CVE-2012-1152: added patch to fix multiple format string flaws: + A remote attacker could provide a specially-crafted YAML document, which once + processed by the perl-YAML-LibYAML interface would lead to perl-YAML-LibYAML + based process crash. bnc#751503 + +------------------------------------------------------------------- +Sun Oct 02 23:37:11 UTC 2011 - pascal.bleser@opensuse.org + +- update to 0.37: + * fix the bug that accidentally released YAML-XS instead of YAML-LibYAML + +- changes from 0.36: + * switch to Module::Package + * fix LoadFile on empty file failure + +------------------------------------------------------------------- +Mon Apr 4 08:33:41 UTC 2011 - coolo@novell.com + +- updated to 0.35 + - Apply bdfoy patch from rt-46172 + - Update ppport.h to fix rt-64749 & rt-62054 + - Add ANDK's regexp.t patch from rt-62266 + - These changes from chansen++ + - Handle misbehaved tied hashes + - Handle 'get' magic + - Added support for tied arrays and hashes + - Don't turn on the UTF-8 flag for strings containing US-ASCII (0x00-0x7F) + +------------------------------------------------------------------- +Mon Nov 29 18:32:31 UTC 2010 - coolo@novell.com + +- remove /var/adm/perl-modules + +------------------------------------------------------------------- +Mon Jun 14 05:26:35 UTC 2010 - pascal.bleser@opensuse.org + +- initial package (0.33) + New: ---- YAML-LibYAML-0.59.tar.gz perl-YAML-LibYAML.changes perl-YAML-LibYAML.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-YAML-LibYAML.spec ++++++ # # spec file for package perl-YAML-LibYAML # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: perl-YAML-LibYAML Version: 0.59 Release: 0 %define cpan_name YAML-LibYAML Summary: YAML::LibYAML Perl module License: GPL-1.0+ or Artistic-1.0 Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/YAML-LibYAML/ Source: http://www.cpan.org/authors/id/I/IN/INGY/%{cpan_name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros %{perl_requires} %description Kirill Siminov's libyaml is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. This module is a Perl XS binding to libyaml which offers Perl the best YAML support to date. This module exports the functions Dump and Load. These functions are intended to work exactly like YAML.pm's corresponding functions. %prep %setup -q -n %{cpan_name}-%{version} %build %{__perl} Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" %{__make} %{?_smp_mflags} %check %{__make} test %install %perl_make_install %perl_process_packlist %perl_gen_filelist %files -f %{name}.files %defattr(644,root,root,755) %doc Changes README %changelog -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org