Accepting request 181933 from home:computersalat:devel:perl

update to 0.73, fix for bnc#828010 (CVE-2013-2145) OBS-URL: https://build.opensuse.org/request/show/181933 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Module-Signature?expand=0&rev=23
2013-07-03 20:02:35 +00:00
parent 9d392b2fdd
commit c19f19b4bb
4 changed files with 34 additions and 6 deletions
--- a/Module-Signature-0.68.tar.gz
+++ b/Module-Signature-0.68.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:623d7d8d26dceac49b043f5bc2d83eea95d6dd75bf09200a6631180774c8eb5f
-size 76485
--- a/Module-Signature-0.73.tar.gz
+++ b/Module-Signature-0.73.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:718520721888ac4a7d930e26c4cd628ca24d60b2b18bddb081b331731a94bbc5
+size 77407
--- a/perl-Module-Signature.changes
+++ b/perl-Module-Signature.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jul  3 19:14:29 UTC 2013 - chris@computersalat.de
+
+- update to 0.73
+  * fix for bnc#828010 (CVE-2013-2145)
+    https://bugzilla.novell.com/process_bug.cgi
+    https://bugzilla.redhat.com/show_bug.cgi?id=971096
+  * Properly redo the previous fix using File::Spec->file_name_is_absolute.
+- [Changes for 0.72 - Wed Jun  5 23:19:02 CST 2013]
+  * Only allow loading Digest::* from absolute paths in @INC,
+    by ensuring they begin with \ or / characters.
+    Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.71 - Tue Jun  4 18:24:10 CST 2013]
+  * Constrain the user-specified digest name to /^\w+\d+$/.
+  * Avoid loading Digest::* from relative paths in @INC.
+    Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
+  * Don't check gpg version if gpg does not exist.
+    This avoids unnecessary warnings during installation
+    when gpg executable is not installed.
+    Contributed by: Kenichi Ishigaki
+- [Changes for 0.69 - Fri Nov  2 23:04:19 CST 2012]
+  * Support for gpg under these alternate names:
+    gpg gpg2 gnupg gnupg2
+    Contributed by: Michael Schwern
+
 -------------------------------------------------------------------
 Mon Dec 19 08:35:22 UTC 2011 - cfarrell@suse.com

--- a/perl-Module-Signature.spec
+++ b/perl-Module-Signature.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package perl-Module-Signature
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@


 Name:           perl-Module-Signature
-Version:        0.68
+Version:        0.73
 Release:        0
 %define cpan_name Module-Signature
 Summary:        Module signature file manipulation
@@ -29,7 +29,9 @@ BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
 BuildRequires:  perl-macros
+BuildRequires:  perl(Digest::SHA)
 BuildRequires:  perl(IPC::Run)
+Requires:       perl(Digest::SHA)
 # MANUAL BEGIN
 BuildRequires:  gpg
 Requires:       gpg
@@ -58,7 +60,7 @@ if you are using *Module::Build* or writing your own _MANIFEST.SKIP_.

 %prep
 %setup -q -n %{cpan_name}-%{version}
-find . -type f -print0 | xargs -0 chmod 644
+#find . -type f -print0 | xargs -0 chmod 644

 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor