From 7dffe1e1c66839424ae21a86ab54584be64124b88547226fa97ab76eb51fa7f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tina=20M=C3=BCller?= Date: Tue, 27 Aug 2024 15:34:07 +0000 Subject: [PATCH 1/2] - Add a patch to use https instead of http https://bugzilla.suse.com/show_bug.cgi?id=1229819 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-App-cpanminus?expand=0&rev=57 --- .gitattributes | 23 ++ .gitignore | 1 + App-cpanminus-1.7047.tar.gz | 3 + cpanspec.yml | 96 ++++++ fatunpack | 114 +++++++ perl-App-cpanminus.changes | 575 ++++++++++++++++++++++++++++++++++++ perl-App-cpanminus.spec | 150 ++++++++++ 7 files changed, 962 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 App-cpanminus-1.7047.tar.gz create mode 100644 cpanspec.yml create mode 100644 fatunpack create mode 100644 perl-App-cpanminus.changes create mode 100644 perl-App-cpanminus.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/App-cpanminus-1.7047.tar.gz b/App-cpanminus-1.7047.tar.gz new file mode 100644 index 0000000..d36d796 --- /dev/null +++ b/App-cpanminus-1.7047.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:963e63c6e1a8725ff2f624e9086396ae150db51dd0a337c3781d09a994af05a5 +size 316779 diff --git a/cpanspec.yml b/cpanspec.yml new file mode 100644 index 0000000..7781681 --- /dev/null +++ b/cpanspec.yml @@ -0,0 +1,96 @@ +--- +#description_paragraphs: 3 +#no_testing: broken upstream +#patches: +# foo.patch: -p1 +# bar.patch: +sources: + - fatunpack +preamble: |- + # Run-time: + # Nothing special. The tests are very poor. But we run perl -c at built-time + # to check for correct unpacking. So we need non-optional run-time + # dependencies at build-time too: + BuildRequires: perl(Config) + BuildRequires: perl(aliased) + BuildRequires: perl(constant) + # CPAN::DistnameInfo not needed for compilation + # CPAN::Meta not needed for copmilation + # CPAN::Meta::Check not needed for compilation + # CPAN::Meta::Prereqs not needed for compilation + BuildRequires: perl(CPAN::Meta::Requirements) + # CPAN::Meta::YAML not needed for compilation + BuildRequires: perl(Cwd) + # Digest::SHA not needed for compilation + # Dumpvalue not needed for compilation + # ExtUtils::Manifest not needed for compilation + BuildRequires: perl(File::Basename) + BuildRequires: perl(File::Copy) + BuildRequires: perl(File::Find) + # File::pushd not needed for compilation + BuildRequires: perl(File::Temp) + # HTTP::Tiny not needed for compilation + # JSON::PP not needed for compilation + # local::lib not needed for compilation + # Module::CoreList not needed for compilation + # Module::CPANfile not needed for compilation + # Module::Metadata not needed for compilation + BuildRequires: perl(Parse::CPAN::Meta) + # POSIX not needed for compilation + # Safe not needed for compilation + BuildRequires: perl(String::ShellQuote) + BuildRequires: perl(Symbol) + BuildRequires: perl(version) + # version::vpp not needed for compilation + BuildRequires: perl(warnings::register) + # YAML not needed for compilation + # Tests: + BuildRequires: perl(Test::More) + BuildRequires: perl(Pod::Select) + # Current dependency generator cannot parse compressed code. Use PPI to find + # them, and list them manually: + # Archive::Tar is optional + # Archive::Zip is optional + # Compress::Zlib is optional + Requires: perl(CPAN::DistnameInfo) + Requires: perl(CPAN::Meta) + Requires: perl(CPAN::Meta::Check) + Requires: perl(CPAN::Meta::Prereqs) + Requires: perl(CPAN::Meta::YAML) + Requires: perl(Digest::SHA) + Requires: perl(ExtUtils::Install) >= 1.46 + Requires: perl(ExtUtils::MakeMaker) >= 6.31 + Requires: perl(ExtUtils::Manifest) + # File::HomeDir is optional + Requires: perl(File::pushd) + # HTTP getter by LWP::UserAgent or wget or curl or HTTP::Tiny + Requires: perl(HTTP::Tiny) + Requires: perl(Parse::PMFile) + Requires: perl(local::lib) + # LWP::Protocol::https is optional + # LWP::UserAgent is optional + Requires: perl(Module::Build) + Requires: perl(Module::CPANfile) + Requires: perl(Module::CoreList) + Requires: perl(Module::Metadata) + # Module::Signature is optional + Requires: perl(String::ShellQuote) + # Win32 not used + Requires: perl(YAML) + + Provides: cpanm = %{version}-%{release} + Obsoletes: cpanm <= 1.5010 + +post_prep: |- + # Unbundle fat-packed modules + podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod + + # https://bugzilla.suse.com/show_bug.cgi?id=1229819 + perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$2}g' bin/cpanm + + for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do + perl %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped" + perl -c -Ilib "${F}.stripped" + mv "${F}.stripped" "$F" + done +#license: SUSE-NonFree diff --git a/fatunpack b/fatunpack new file mode 100644 index 0000000..968f43f --- /dev/null +++ b/fatunpack @@ -0,0 +1,114 @@ +#!/usr/bin/perl +use strict; +use warnings; +use File::Path; +use File::Spec; +use Getopt::Long; + +my $libdir = 'lib'; +my $filter = ''; + +GetOptions('libdir=s' => \$libdir, 'filter=s' => \$filter) or + die "Could not parse arguments\n"; +if ($filter eq '') { + # Empty pattern passes previous result by definition. Do not use it. + # Interpolared compilation is fixed in perl 5.18.0. RT#119095. + $filter = qr/(?:)/; +} +eval { $filter = qr{$filter}; 1} or + die "Could not compile filter as a regular expression: $@\n"; + +my ($file, $filename, $delimiter); +while (<>) { + if (/^\$fatpacked\{\s*"([^"]*)"\s*\}\s*=.*<<\s*'([^']*)'\s*;/) { + # Packed module beginning found + $filename = $1; + $delimiter = $2; + if ($filename =~ $filter) { + print STDERR "Extracting `$filename'\n"; + my $directory = (File::Spec->splitpath($filename))[1]; + File::Path::make_path(File::Spec->catfile($libdir, $directory)); + if ($file) { + die "Unballanced fat-packed module at line $.\n"; + } + open($file, '>', File::Spec->catfile($libdir, $filename)) or + die "Could not create `", + File::Spec->catfile($libdir, $filename), "': $!\n"; + } else { + print STDERR "Removing `$filename'\n"; + } + } elsif (defined $delimiter and /^\Q$delimiter\E$/) { + # Packed module end found + if (defined $file) { + close($file) or + die "Could not close `", + File::Spec->catfile($libdir, $filename), "': $!\n"; + $file = undef; + } + $filename = undef; + $delimiter = undef; + } elsif (defined $file) { + # Packed module to extract + s/^ //; # de-escape recursive here-documents + print $file $_; + } elsif (! defined $delimiter) { + # Rest of code to output + print STDOUT $_; + } +} + +__END__ + +=encoding utf8 + +=head1 NAME + +fatunpack - Unpacker for App::FatPacker packets + +=head1 SYNOPSYS + +fatunpack [OPTION…] [PACKED_SCRIPT…] + +=head1 DESCRIPTION + +This tool unpacks scripts packed with App::FatPacker. + +Packed script's file names are specified as positional arguments. If no +argument is given, a script from standard intput will be processed. + +The content of packed script stripped of all bundled modules is written to +standard output. + +=head1 OPTIONS + +=over 8 + +=item B<--libdir DIRECTORY> + +Directory to output unpacked modules to that where bundled into the input +script. Default value is C. + +=item B<--filter REGULAR_EXPRESSION> + +Save only modules whose file name matches the B. The file +names are compared without B<--libdir> prefix. The expession is not anchored +by default. Empty expression matches any file name. Default value is empty +regular expression, i.e. to save all modules. + +=back + +=head1 VERSION + +This is version 2. + +=head1 COPYRIGHT + +Copyright © 2013, 2014 Petr Písař . + +=head1 LICENSE + +This is free software. You may redistribute copies of it under the terms of +the GNU General Public License L. +There is NO WARRANTY, to the extent permitted by law. + +=cut diff --git a/perl-App-cpanminus.changes b/perl-App-cpanminus.changes new file mode 100644 index 0000000..64652df --- /dev/null +++ b/perl-App-cpanminus.changes @@ -0,0 +1,575 @@ +------------------------------------------------------------------- +Tue Aug 27 12:14:26 UTC 2024 - Tina Müller + +- Add a patch to use https instead of http + https://bugzilla.suse.com/show_bug.cgi?id=1229819 + +------------------------------------------------------------------- +Mon Jul 31 03:06:01 UTC 2023 - Tina Müller + +- updated to 1.7047 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7047 2023-07-29 22:59:16 PDT + [Bug Fix] + - Upgrade fatpacked CPAN::Meta::Check to 0.018 (#662) + +------------------------------------------------------------------- +Thu Apr 28 03:06:11 UTC 2022 - Tina Müller + +- updated to 1.7046 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7046 2022-04-26 23:00:56 PDT + [Documentation] + - Remove git.io URL that's going to be deprecated. + +------------------------------------------------------------------- +Fri Jan 28 03:06:10 UTC 2022 - Tina Müller + +- updated to 1.7045 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7045 2022-01-26 19:03:44 PST + [Security] + - [CVE-2020-16154] remove the functionality to verify CHECKSUMS signature + +------------------------------------------------------------------- +Wed Oct 28 15:32:37 UTC 2020 - Dirk Stoecker + +- updated to 1.7044 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + +------------------------------------------------------------------- +Tue Jun 6 13:59:45 UTC 2017 - sriedel@suse.com + +- fix missing dependency on perl-Parse-PMFile + +------------------------------------------------------------------- +Tue Apr 4 05:03:45 UTC 2017 - coolo@suse.com + +- updated to 1.7043 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7043 2017-04-02 20:56:06 PDT + [Improvements] + - Set PERL_USE_UNSAFE_INC for 5.26+ (haarg) #521 + - Strictly match module NAME in Bundle + +------------------------------------------------------------------- +Sat May 28 09:24:10 UTC 2016 - coolo@suse.com + +- updated to 1.7042 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7042 2016-05-24 00:48:13 PDT + [Improvements] + - Merge configure dependencies with cpanfile requirements too + + 1.7041 2016-05-08 11:28:31 PDT + [Improvements] + - Add environment variables to man pages (Doug Bell) #481 + - Support --with-configure and --without-condfigure (zebardy) #482 + - Make file mirror faster (Matthew Horsfall) #499 + +------------------------------------------------------------------- +Wed Jan 13 09:36:47 UTC 2016 - coolo@suse.com + +- updated to 1.7040 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7040 2016-01-07 11:28:07 PST + [Improvements] + - Removed a workaround to skip tests for config dependencies such as Module::Build #462 + - Various doc improvements + +------------------------------------------------------------------- +Tue Jun 30 14:18:49 UTC 2015 - coolo@suse.com + +- updated to 1.7039 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7039 2015-06-28 18:05:10 PDT + [Improvements] + - Only enable softening of MakeMaker dependency when Module::Install is present (reported by haarg) + - Support .git URL with http protocol (shoichikaji) #468 + +------------------------------------------------------------------- +Tue Jun 23 08:05:11 UTC 2015 - coolo@suse.com + +- updated to 1.7038 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7038 2015-06-22 18:04:44 PDT + [Releng] + - bump minimum perl requirement to 5.8.1 in META files + +------------------------------------------------------------------- +Sun Jun 21 08:15:10 UTC 2015 - coolo@suse.com + +- updated to 1.7037 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7037 2015-06-18 14:37:32 PDT + [Improvements] + - Bump CPAN-Meta-Check to 0.012 #465 + - Bump HTTP-Tiny to 0.056 + - Bump CPAN-Meta to 2.150005 + - Bump CPAN-Meta-YAML to 0.016 + +------------------------------------------------------------------- +Sun Jun 7 08:12:05 UTC 2015 - coolo@suse.com + +- updated to 1.7036 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7036 2015-06-05 22:07:50 PDT + [Improvements] + - Also soften MakeMaker depenency in runtime prereq, which is just a weird bug in an old + Module::Install pre 1.0 + + 1.7035 2015-06-05 10:51:17 PDT + [Improvements] + - Add a workaround for distributions with an old (buggy) Module::Install, now that the problems + occur more frequently with 5.22.0 shipping with a dev version of ExtUtils::MakeMaker #463 + +------------------------------------------------------------------- +Fri May 8 08:09:51 UTC 2015 - coolo@suse.com + +- updated to 1.7034 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7034 2015-05-07 14:20:57 PDT + [Improvements] + - Improved an error message when dependency requirement in cpanfile get conflict with prereqs + in sub dependencies. + +------------------------------------------------------------------- +Sat May 2 05:37:02 UTC 2015 - coolo@suse.com + +- updated to 1.7033 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7033 2015-05-01 17:17:42 PDT + [Improvements] + - Remove MakeMaker and Module::Build from cpanm's runtime dependencies. Rather it will upgrade + the minimum version requirement as it finds distributions that uses them in configure + requirements. Also, they will be installed with 'notest' option for now, since Module::Build + test suite takes a bit too long time. + +------------------------------------------------------------------- +Thu Apr 30 05:41:41 UTC 2015 - coolo@suse.com + +- updated to 1.7032 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7032 2015-04-29 18:51:36 PDT + [Improvements] + - Prefer to use cpanmetadb's package history API for pinning versions. Note that it only + works against versions since April 2012. You can set `--metacpan` to still prefer MetaCPAN + API search, and can use `--cascade-search` to fallback to MetaCPAN after CPAN MetaDB as well. + +------------------------------------------------------------------- +Thu Apr 23 05:09:26 UTC 2015 - coolo@suse.com + +- updated to 1.7031 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7031 2015-04-22 14:13:37 PDT + [Bug Fixes] + - Fixed a rare case where circular dependencies in cpanfile prevents satisfying modules from + being installed. (#452) + + [Improvements] + - Stop reporting perl versions by default if running under certain CI related env vars. + +------------------------------------------------------------------- +Mon Apr 20 06:21:47 UTC 2015 - coolo@suse.com + +- updated to 1.7030 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7030 2015-04-19 14:15:34 CEST + - Same as 1.7029 + + 1.7029 2015-04-19 00:15:32 CEST + [New Features] + - Consider root cpanfile's requirement when following dependencies with --installdeps (#363) + - Added back --metacpan option + + [Improvements] + - Bump Module::Metadata to 1.000027 + - Bump CPAN::Meta::Check to 0.011 + - Bump CPAN::Meta::YAML to 0.014 + - Bump Parse::PMFile to 0.36 + +------------------------------------------------------------------- +Sun Apr 19 06:49:24 UTC 2015 - coolo@suse.com + +- updated to 1.7028 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7028 2015-04-17 19:22:59 CEST + [Improvements] + - Keep the mirror index file as absolute (skaji) #438 + - Updated the documentation about HTTPS cert warnings #441 + +------------------------------------------------------------------- +Wed Apr 15 14:12:16 UTC 2015 - coolo@suse.com + +- updated to 1.7027 + see /usr/share/doc/packages/perl-App-cpanminus/Changes + + 1.7027 2015-02-14 12:14:13 PST + [Improvements] + - Use provides as provided in META.json and do not scan packages as PAUSE does. #435 + + 1.7026 2015-02-13 17:11:38 PST + [Improvements] + - Respect provides in META file before loading from Parse::PMFile + + 1.7025 2015-02-07 07:58:21 CET + [Improvements] + - Bump Parse::PMFile to 0.35 + - Bump CPAN::Meta::Check to 0.020 + - Bump CPAN::Meta::Requirements to 2.132 + - Bump HTTP::Tiny to 0.054 + - Bump Module::Metadata to 1.000026 + - Bump version.pm to 0.9912 + + 1.7024 2015-01-12 13:31:19 PST + [New Features] + - Includes vendor lib and arch path to search for core modules, when installing self-contained + lib by default. This behavior can be turned off with --exclude-vendor (tartansandal) #426 + + 1.7023 2015-01-05 07:59:52 JST + [Improvements] + - Bump Parse::PMFile to 0.34 + - Bump CPAN::Meta::Requirements to 2.131 + - Bump HTTP::Tiny to 0.53 + - Bump Module::Metadata to 1.000025 + - Bump local::lib to 2.000015 + + 1.7022 2014-12-12 16:41:47 PST + [Improvements] + - Enabled unsafe option to parse version with PMFile to avoid segfaults and weird errors + + 1.7021 2014-12-11 21:42:36 PST + [Improvements] + - Bump Parse::PMFile to 0.32 + - Bump HTTP::Tiny to 0.052 + + 1.7020 2014-12-08 17:53:18 PST + [Improvements] + - Bump Parse::PMFile to 0.31 + + 1.7019 2014-12-04 12:51:41 PST + [Improvements] + - Bump Parse::PMFile to 0.30 + + 1.7018 2014-11-25 14:08:41 PST + [Maintenance] + - bump $VERSION correctly in cpanm executable + + 1.7017 2014-11-25 14:00:40 PST + [Improvements] + - Bump fatpacked CPAN::Meta and HTTP::Tiny + - Added documentation for -M and --from in man page + + 1.7016 2014-11-16 11:46:32 PST + [New Features] + - Added -M and --from to set --mirror and --mirror-only at the same time while + overriding previously set mirrors (sri) #175, #417 + + [Improvements] + - cpanmin.us is now available under HTTPS (marcus) + + 1.7015 2014-11-14 13:14:07 PST + [Improvements] + - Bump Parse::PMFile to 0.29 + - Bump CPAN::Meta::Requirements to 2.129 + + 1.7014 2014-10-07 20:52:58 PDT + [Improvements] + - Bump Parse::PMFile to 0.28 + + 1.7013 2014-10-06 23:52:14 PDT + [Improvements] + - Update bundled JSON::PP to fix issues with JSON parsing on older perl 5.8 + + 1.7012 2014-09-26 19:28:25 PDT + [Improvements] + - Upgrade CPAN::Meta and HTTP::Tiny in fatpack + - Skip @INC on dev directory when running from git checkout when to search + for an installed module + + 1.7011 2014-09-22 15:08:22 JST + - Same as 1.7010. Make it a non-trial release. + + 1.7010 2014-09-17 18:27:53 JST + [Improvements] + - Use Parse::PMFile rather than our own fork (charsbar) #409 + + 1.7009 2014-09-10 01:43:45 PDT + [Bug Fixes] + - Fix fatpacked executable to include Parse::CPAN::Meta + + 1.7008 2014-09-10 01:19:04 PDT + [Improvements] + - Show **** instead of *password* when masking passwords + - Internal code refactoring + + 1.7007 2014-09-09 09:25:46 PDT + [Improvements] + - Make sure MetaCPAN search looks up the dist by right author #405 + - Ignore Module::Build artifacts in _build when indexing modules metadata + + 1.7006 2014-09-05 15:44:15 PDT + [Bug Fixes] + - Work around MetaCPAN bugs in numifying dev release versions (#367, #377) + - Bump bootstrapping MakeMaker version recent enough to support MYMETA + + [Incompatible Changes] + - Removed undocumented --metacpan option that was only for testing purposes + + 1.7005 2014-09-05 05:04:06 PDT + [Bug Fixes] + - Do not index common directories such as t, xt or inc in install.json + - Support tarball extraction on HP-UX 11 (Brian Wightman) + + [Improvements] + - Update Parse::PMFile to 0.19 equivalent (charsbar) + - Fixed various documentation (syohex, Graham Ollis) + - Mask passwords when failing to download a module (andyjones) + - Don't find directories when searching for executables (haarg) + - Only assume Module::Build configure prereq when there's no config prereq (haarg) + - Upgrade fatpacked modules to the latest + +------------------------------------------------------------------- +Wed Jun 25 11:25:40 UTC 2014 - coolo@suse.com + +- fix one more require + +------------------------------------------------------------------- +Mon Jun 23 14:30:19 UTC 2014 - coolo@suse.com + +- fix provides/obsoletes of cpanm + +------------------------------------------------------------------- +Tue Jun 17 06:35:21 UTC 2014 - coolo@suse.com + +- borrow fedora's solution to unpack the fat script into its dependencies + +------------------------------------------------------------------- +Sun Jun 8 10:08:03 UTC 2014 - coolo@suse.com + +- updated to 1.7004 + * Set HOME to a writable directory for tests. + Thanks to David Suárez for the bug report. (Closes: #750341) + * Fixes "--uninstall mentioned twice on man page" + (Closes: #741302) + * Many other changes in 2 years + +------------------------------------------------------------------- +Sun Apr 01 15:16:57 UTC 2012 - pascal.bleser@opensuse.org + +- update to 1.5010: + * implemented --test-only option #40 +- changes from 1.5009: + * fixed a bug where URL containing ~ (childe) fails to install #134 + * fixed a bug where install.json contains bogus data when you specify dist paths +- changes from 1.5008: + * fixed a bug where `cpanm Foo` doesn't properly activate local::lib during + * installs when you don't have write permissions #143 + * improved the warning message when you don't have write permisisons #145 + +------------------------------------------------------------------- +Thu Dec 22 01:11:02 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.5007: + * fixed to change directory when installing from multiple local directories + * stop setting AUTOMATED_TESTING (again!) and set PERL_MM_USE_DEFAULT in + testing (#138) + * offer opening the build.log with PAGER when --prompt is enabled + * documentation added for --skip-installed option + +- changes from 1.5006: + * updated cpanmetadb URL to point to cpanmetadb.plackperl.org + +------------------------------------------------------------------- +Wed Nov 09 07:45:05 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.5004: + * include version of the main module instead of distribution version in + install.json +- changes from 1.5003: + * use ExtUtils::Install to install meta files and let --sudo run it with sudo + #124 + +------------------------------------------------------------------- +Tue Oct 18 13:17:07 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.5002 (cumulated): + * make sure to include non-core perl modules in -L that are installed in + 'perl' by mistake + * ensure all module names use :: instead of dashes because of EUMM NAME + errors + * added EXPERIMENTAL --metacpan support + * support MYMETA.json with spec 2.0 + * added EXPERIMENTAL --mirror-index, --skip-satisfied and --cascade-search + options + * installs MYMETA.json and install.json into $ARCH/.meta library path + * use Cwd::chdir to update CWD environment variable + * fix ExtUtils::ParseXS issue with -L + * fix CoreList bootstrap issue with perl < 5.8.9 when using -L + * dump more descriptive error message when configure failed with + --installdeps #111 + * upgraded many fatlib embedded modules + * support --no-quiet + * removed ugly @INC dumping hack for -L. This causes modules that has + conditional deps such as Any::Moose not to pull down necessary + requirements; this is a known issue and will be addressed later + * support special _ for -l and -L argument to respect local::lib defaults + #115 + * use Cwd::chdir to change PWD + * unbreak -L with newer ExtUtils::ParseXS installed + * changed the path to save metadata information + * removed Dist::Metadata use, but instead use Module::Metadata to get + provides + * removed the ugly DumpedINC hack for -L + * added experimental --skip-configure + * delay load Module::Build bootstrap so that -L won't auto-intall the latest + M::B + +------------------------------------------------------------------- +Sun May 22 22:24:40 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.4007: + * incompatible changes: + + remove LWP from Makefile.PL dependencies, since due to the split it + brings in many dependencies such as HTTP::Daemon and HTTP::Parser (which + requires a C compiler) + + HTTP::Tiny is embedded as a last resort anyway, and if Makefile.PL is + executed via some CPAN client (CPAN.pm, CPANPLUS or cpanminus) it means your + client is already configured to be able to fetch files over HTTP + +------------------------------------------------------------------- +Tue May 17 08:06:50 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.4006: + * proper fix for the -l option installing the same modules + +------------------------------------------------------------------- +Wed May 11 21:43:30 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.4005: + * -l should now correctly locate installed modules to skip reinstalling + (regression in 1.4004) + * ignore Module::CoreList loading errors with -L on perl < 5.8.9 + * fixed --prompt in combination with --quest RT:66602 + * fixed a broken Bundle:: module installation + +------------------------------------------------------------------- +Fri Mar 11 00:23:09 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.4004: + * Incompatible Changes: + + fixed the issue where `ssh host cpanm Module` waits on input forever. As + a side effect of fixing this bug, cpanm reads modules from STDIN only if + there's no module arguments given. Options such as -L or --scandeps + continue to work. #86 + * fixed a long standing bug where newer versions of bundled modules such as + LWP could be loaded when combined with -L or -l, which causes API + incompatiblities + * fixed the use of gunzip (cho45) + +- changes from 1.4003: + * fixed a weird bug that -L fails to bootstrap Module::Build when an old + version such as 0.28 is installed + * do not show help if it reads args from STDIN and nothing is supplied + * stripped down the `cpanm` executable size for 20% by stripping POD for + fatpacked dependencies :) + +- changes from 1.4002: + * display configure errors in --scandeps so that configure_requires can be + manually satisfied + +------------------------------------------------------------------- +Wed Mar 09 00:00:11 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.4001: + * fixed a workaround code for META.yml being JSON + +------------------------------------------------------------------- +Tue Mar 08 11:26:03 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.4000: + * changed the verbosity level of -q to be actually *so* useful and + recommended now + * added a new option --no-man-pages to skip man page generation and + installation + * added new --scandeps and --format option that scans module dependency tree + before actually installing a module + * support Bundle:: modules + * added new --save-dists option + +- changes from 1.30_02 to 1.30_13: + * fix for the use of Module::CoreList for perl with versions ending in 0, + such as 5.13.10 + * do not attempt to upgrade Module::Build if you have the version that comes + with perl + * support Bundle:: modules #81 + * fixed a bug where META.yml is being fetched for no reason; this reduces the + HTTP GET calls a lot and should speed up the build process + * falls back to search.cpan.org/meta service when (and only when) META.yml is + not included or unparsable; now it can handle distributions like + AnyEvent::HTTP or ancient packages better + * makes the wget/curl execution safer + * support archives where tar list begins with ./ like Image::Magick #80 + * fix SIGNATURE testing for Module::Build 0.38 or later + * implemented EXPERIMENTAL --scandeps command and --format option + * implemented EXPERIMENTAL --save-tarballs option + * show (undef) in the version output instead of () + * changed how it special cases Module::Build load path in -L mode; it's much + more reliable and support 0.38 with the new CPAN::Meta dependencies + * changed the verbosity level of -q|--quiet so that it prints only necessary + information (instead of nothing, which is not really useful) + * shows the number of distribution in the end of the session + * renamed the option to --man-pages and --no-man-pages + * disable the man page generation by default only if -L is in use + * skip the man page generation by default; you can enable it with --pod2man + * fixed the way it reduces @INC in the tests when -L is in use, so the tests + that call $^X with -I can keep those library paths. i.e. Test::More + * support minor case where blib/* is manually added via -I (e.g. FCGI.pm) + * fixed a bug the modules are not loaded from blib in test_harness with -L + * fixed a bug where tests are loading modules from your site_perl even when + -L is used + * fixed a bug -L will install non-core modules again and again for each run + +------------------------------------------------------------------- +Thu Mar 03 20:01:13 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.3000: + * improved the dependencies detection when -L is in use so the core modules + that have been upgraded inside can be correctly be detected, using + Module::CoreList + +------------------------------------------------------------------- +Thu Feb 17 01:33:58 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.2001 (no user-visible changes) + +------------------------------------------------------------------- +Mon Jan 31 12:52:29 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.008: + * fixed glitches due to the deletion of Module::Metadata::Version + +- changes from 1.007: + * fixed installation documents + +------------------------------------------------------------------- +Mon Dec 27 22:39:15 CET 2010 - pascal.bleser@opensuse.org + +- initial version (1.1006) + diff --git a/perl-App-cpanminus.spec b/perl-App-cpanminus.spec new file mode 100644 index 0000000..95ae0b5 --- /dev/null +++ b/perl-App-cpanminus.spec @@ -0,0 +1,150 @@ +# +# spec file for package perl-App-cpanminus +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define cpan_name App-cpanminus +Name: perl-App-cpanminus +Version: 1.7047 +Release: 0 +License: Artistic-1.0 OR GPL-1.0-or-later +Summary: Get, unpack, build and install modules from CPAN +URL: https://metacpan.org/release/%{cpan_name} +Source0: https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/%{cpan_name}-%{version}.tar.gz +Source1: fatunpack +Source2: cpanspec.yml +BuildArch: noarch +BuildRequires: perl +BuildRequires: perl-macros +%{perl_requires} +# MANUAL BEGIN +# Run-time: +# Nothing special. The tests are very poor. But we run perl -c at built-time +# to check for correct unpacking. So we need non-optional run-time +# dependencies at build-time too: +BuildRequires: perl(Config) +BuildRequires: perl(aliased) +BuildRequires: perl(constant) +# CPAN::DistnameInfo not needed for compilation +# CPAN::Meta not needed for copmilation +# CPAN::Meta::Check not needed for compilation +# CPAN::Meta::Prereqs not needed for compilation +BuildRequires: perl(CPAN::Meta::Requirements) +# CPAN::Meta::YAML not needed for compilation +BuildRequires: perl(Cwd) +# Digest::SHA not needed for compilation +# Dumpvalue not needed for compilation +# ExtUtils::Manifest not needed for compilation +BuildRequires: perl(File::Basename) +BuildRequires: perl(File::Copy) +BuildRequires: perl(File::Find) +# File::pushd not needed for compilation +BuildRequires: perl(File::Temp) +# HTTP::Tiny not needed for compilation +# JSON::PP not needed for compilation +# local::lib not needed for compilation +# Module::CoreList not needed for compilation +# Module::CPANfile not needed for compilation +# Module::Metadata not needed for compilation +BuildRequires: perl(Parse::CPAN::Meta) +# POSIX not needed for compilation +# Safe not needed for compilation +BuildRequires: perl(String::ShellQuote) +BuildRequires: perl(Symbol) +BuildRequires: perl(version) +# version::vpp not needed for compilation +BuildRequires: perl(warnings::register) +# YAML not needed for compilation +# Tests: +BuildRequires: perl(Test::More) +BuildRequires: perl(Pod::Select) +# Current dependency generator cannot parse compressed code. Use PPI to find +# them, and list them manually: +# Archive::Tar is optional +# Archive::Zip is optional +# Compress::Zlib is optional +Requires: perl(CPAN::DistnameInfo) +Requires: perl(CPAN::Meta) +Requires: perl(CPAN::Meta::Check) +Requires: perl(CPAN::Meta::Prereqs) +Requires: perl(CPAN::Meta::YAML) +Requires: perl(Digest::SHA) +Requires: perl(ExtUtils::Install) >= 1.46 +Requires: perl(ExtUtils::MakeMaker) >= 6.31 +Requires: perl(ExtUtils::Manifest) +# File::HomeDir is optional +Requires: perl(File::pushd) +# HTTP getter by LWP::UserAgent or wget or curl or HTTP::Tiny +Requires: perl(HTTP::Tiny) +Requires: perl(Parse::PMFile) +Requires: perl(local::lib) +# LWP::Protocol::https is optional +# LWP::UserAgent is optional +Requires: perl(Module::Build) +Requires: perl(Module::CPANfile) +Requires: perl(Module::CoreList) +Requires: perl(Module::Metadata) +# Module::Signature is optional +Requires: perl(String::ShellQuote) +# Win32 not used +Requires: perl(YAML) + +Provides: cpanm = %{version}-%{release} +Obsoletes: cpanm <= 1.5010 +# MANUAL END + +%description +cpanminus is a script to get, unpack, build and install modules from CPAN +and does nothing else. + +It's dependency free (can bootstrap itself), requires zero configuration, +and stands alone. When running, it requires only 10MB of RAM. + +%prep +%autosetup -n %{cpan_name}-%{version} + +find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -path "*/scripts/*" ! -name "configure" -print0 | xargs -0 chmod 644 +# MANUAL BEGIN +# Unbundle fat-packed modules +podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod + +# https://bugzilla.suse.com/show_bug.cgi?id=1229819 +perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$2}g' bin/cpanm + +for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do + perl %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped" + perl -c -Ilib "${F}.stripped" + mv "${F}.stripped" "$F" +done +# MANUAL END + +%build +perl Makefile.PL INSTALLDIRS=vendor +%make_build + +%check +make test + +%install +%perl_make_install +%perl_process_packlist +%perl_gen_filelist + +%files -f %{name}.files +%doc Changes README +%license LICENSE + +%changelog From a835364f8dd5ab16ff23560cb038cc46299bd8593f4b8092a914a81f9d45f82c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tina=20M=C3=BCller?= Date: Tue, 27 Aug 2024 15:41:08 +0000 Subject: [PATCH 2/2] - Add a patch to use https instead of http https://bugzilla.suse.com/show_bug.cgi?id=1229819 CVE-2024-45321 bsc#1229819 - updated to 1.7047 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7047 2023-07-29 22:59:16 PDT [Bug Fix] - Upgrade fatpacked CPAN::Meta::Check to 0.018 (#662) - updated to 1.7046 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7046 2022-04-26 23:00:56 PDT [Documentation] - Remove git.io URL that's going to be deprecated. - updated to 1.7045 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7045 2022-01-26 19:03:44 PST [Security] - [CVE-2020-16154] remove the functionality to verify CHECKSUMS signature - updated to 1.7044 see /usr/share/doc/packages/perl-App-cpanminus/Changes - fix missing dependency on perl-Parse-PMFile - updated to 1.7043 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7043 2017-04-02 20:56:06 PDT [Improvements] - Set PERL_USE_UNSAFE_INC for 5.26+ (haarg) #521 - Strictly match module NAME in Bundle - updated to 1.7042 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7042 2016-05-24 00:48:13 PDT [Improvements] - Merge configure dependencies with cpanfile requirements too MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1.7041 2016-05-08 11:28:31 PDT [Improvements] - Add environment variables to man pages (Doug Bell) #481 - Support --with-configure and --without-condfigure (zebardy) #482 - Make file mirror faster (Matthew Horsfall) #499 - updated to 1.7040 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7040 2016-01-07 11:28:07 PST [Improvements] - Removed a workaround to skip tests for config dependencies such as Module::Build #462 - Various doc improvements - updated to 1.7039 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7039 2015-06-28 18:05:10 PDT [Improvements] - Only enable softening of MakeMaker dependency when Module::Install is present (reported by haarg) - Support .git URL with http protocol (shoichikaji) #468 - updated to 1.7038 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7038 2015-06-22 18:04:44 PDT [Releng] - bump minimum perl requirement to 5.8.1 in META files - updated to 1.7037 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7037 2015-06-18 14:37:32 PDT [Improvements] - Bump CPAN-Meta-Check to 0.012 #465 - Bump HTTP-Tiny to 0.056 - Bump CPAN-Meta to 2.150005 - Bump CPAN-Meta-YAML to 0.016 - updated to 1.7036 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7036 2015-06-05 22:07:50 PDT [Improvements] - Also soften MakeMaker depenency in runtime prereq, which is just a weird bug in an old Module::Install pre 1.0 1.7035 2015-06-05 10:51:17 PDT [Improvements] - Add a workaround for distributions with an old (buggy) Module::Install, now that the problems occur more frequently with 5.22.0 shipping with a dev version of ExtUtils::MakeMaker #463 - updated to 1.7034 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7034 2015-05-07 14:20:57 PDT [Improvements] - Improved an error message when dependency requirement in cpanfile get conflict with prereqs in sub dependencies. - updated to 1.7033 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7033 2015-05-01 17:17:42 PDT [Improvements] - Remove MakeMaker and Module::Build from cpanm's runtime dependencies. Rather it will upgrade the minimum version requirement as it finds distributions that uses them in configure requirements. Also, they will be installed with 'notest' option for now, since Module::Build test suite takes a bit too long time. - updated to 1.7032 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7032 2015-04-29 18:51:36 PDT [Improvements] - Prefer to use cpanmetadb's package history API for pinning versions. Note that it only works against versions since April 2012. You can set `--metacpan` to still prefer MetaCPAN API search, and can use `--cascade-search` to fallback to MetaCPAN after CPAN MetaDB as well. - updated to 1.7031 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7031 2015-04-22 14:13:37 PDT [Bug Fixes] - Fixed a rare case where circular dependencies in cpanfile prevents satisfying modules from being installed. (#452) [Improvements] - Stop reporting perl versions by default if running under certain CI related env vars. - updated to 1.7030 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7030 2015-04-19 14:15:34 CEST - Same as 1.7029 1.7029 2015-04-19 00:15:32 CEST [New Features] - Consider root cpanfile's requirement when following dependencies with --installdeps (#363) - Added back --metacpan option [Improvements] - Bump Module::Metadata to 1.000027 - Bump CPAN::Meta::Check to 0.011 - Bump CPAN::Meta::YAML to 0.014 - Bump Parse::PMFile to 0.36 - updated to 1.7028 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7028 2015-04-17 19:22:59 CEST [Improvements] - Keep the mirror index file as absolute (skaji) #438 - Updated the documentation about HTTPS cert warnings #441 - updated to 1.7027 see /usr/share/doc/packages/perl-App-cpanminus/Changes 1.7027 2015-02-14 12:14:13 PST [Improvements] - Use provides as provided in META.json and do not scan packages as PAUSE does. #435 1.7026 2015-02-13 17:11:38 PST [Improvements] - Respect provides in META file before loading from Parse::PMFile 1.7025 2015-02-07 07:58:21 CET [Improvements] - Bump Parse::PMFile to 0.35 - Bump CPAN::Meta::Check to 0.020 - Bump CPAN::Meta::Requirements to 2.132 - Bump HTTP::Tiny to 0.054 - Bump Module::Metadata to 1.000026 - Bump version.pm to 0.9912 1.7024 2015-01-12 13:31:19 PST [New Features] - Includes vendor lib and arch path to search for core modules, when installing self-contained lib by default. This behavior can be turned off with --exclude-vendor (tartansandal) #426 1.7023 2015-01-05 07:59:52 JST [Improvements] - Bump Parse::PMFile to 0.34 - Bump CPAN::Meta::Requirements to 2.131 - Bump HTTP::Tiny to 0.53 - Bump Module::Metadata to 1.000025 - Bump local::lib to 2.000015 1.7022 2014-12-12 16:41:47 PST [Improvements] - Enabled unsafe option to parse version with PMFile to avoid segfaults and weird errors 1.7021 2014-12-11 21:42:36 PST [Improvements] - Bump Parse::PMFile to 0.32 - Bump HTTP::Tiny to 0.052 1.7020 2014-12-08 17:53:18 PST [Improvements] - Bump Parse::PMFile to 0.31 1.7019 2014-12-04 12:51:41 PST [Improvements] - Bump Parse::PMFile to 0.30 1.7018 2014-11-25 14:08:41 PST [Maintenance] - bump $VERSION correctly in cpanm executable 1.7017 2014-11-25 14:00:40 PST [Improvements] - Bump fatpacked CPAN::Meta and HTTP::Tiny - Added documentation for -M and --from in man page 1.7016 2014-11-16 11:46:32 PST [New Features] - Added -M and --from to set --mirror and --mirror-only at the same time while overriding previously set mirrors (sri) #175, #417 [Improvements] - cpanmin.us is now available under HTTPS (marcus) 1.7015 2014-11-14 13:14:07 PST [Improvements] - Bump Parse::PMFile to 0.29 - Bump CPAN::Meta::Requirements to 2.129 1.7014 2014-10-07 20:52:58 PDT [Improvements] - Bump Parse::PMFile to 0.28 1.7013 2014-10-06 23:52:14 PDT [Improvements] - Update bundled JSON::PP to fix issues with JSON parsing on older perl 5.8 1.7012 2014-09-26 19:28:25 PDT [Improvements] - Upgrade CPAN::Meta and HTTP::Tiny in fatpack - Skip @INC on dev directory when running from git checkout when to search for an installed module 1.7011 2014-09-22 15:08:22 JST - Same as 1.7010. Make it a non-trial release. 1.7010 2014-09-17 18:27:53 JST [Improvements] - Use Parse::PMFile rather than our own fork (charsbar) #409 1.7009 2014-09-10 01:43:45 PDT [Bug Fixes] - Fix fatpacked executable to include Parse::CPAN::Meta 1.7008 2014-09-10 01:19:04 PDT [Improvements] - Show **** instead of *password* when masking passwords - Internal code refactoring 1.7007 2014-09-09 09:25:46 PDT [Improvements] - Make sure MetaCPAN search looks up the dist by right author #405 - Ignore Module::Build artifacts in _build when indexing modules metadata 1.7006 2014-09-05 15:44:15 PDT [Bug Fixes] - Work around MetaCPAN bugs in numifying dev release versions (#367, #377) - Bump bootstrapping MakeMaker version recent enough to support MYMETA [Incompatible Changes] - Removed undocumented --metacpan option that was only for testing purposes 1.7005 2014-09-05 05:04:06 PDT [Bug Fixes] - Do not index common directories such as t, xt or inc in install.json - Support tarball extraction on HP-UX 11 (Brian Wightman) [Improvements] - Update Parse::PMFile to 0.19 equivalent (charsbar) - Fixed various documentation (syohex, Graham Ollis) - Mask passwords when failing to download a module (andyjones) - Don't find directories when searching for executables (haarg) - Only assume Module::Build configure prereq when there's no config prereq (haarg) - Upgrade fatpacked modules to the latest - fix one more require - fix provides/obsoletes of cpanm - borrow fedora's solution to unpack the fat script into its dependencies - updated to 1.7004 * Set HOME to a writable directory for tests. Thanks to David Suárez for the bug report. (Closes: #750341) * Fixes "--uninstall mentioned twice on man page" (Closes: #741302) * Many other changes in 2 years - update to 1.5010: * implemented --test-only option #40 - changes from 1.5009: * fixed a bug where URL containing ~ (childe) fails to install #134 * fixed a bug where install.json contains bogus data when you specify dist paths - changes from 1.5008: * fixed a bug where `cpanm Foo` doesn't properly activate local::lib during * installs when you don't have write permissions #143 * improved the warning message when you don't have write permisisons #145 - update to 1.5007: * fixed to change directory when installing from multiple local directories * stop setting AUTOMATED_TESTING (again!) and set PERL_MM_USE_DEFAULT in testing (#138) * offer opening the build.log with PAGER when --prompt is enabled * documentation added for --skip-installed option - changes from 1.5006: * updated cpanmetadb URL to point to cpanmetadb.plackperl.org - update to 1.5004: * include version of the main module instead of distribution version in install.json - changes from 1.5003: * use ExtUtils::Install to install meta files and let --sudo run it with sudo #124 - update to 1.5002 (cumulated): * make sure to include non-core perl modules in -L that are installed in 'perl' by mistake * ensure all module names use :: instead of dashes because of EUMM NAME errors * added EXPERIMENTAL --metacpan support * support MYMETA.json with spec 2.0 * added EXPERIMENTAL --mirror-index, --skip-satisfied and --cascade-search options * installs MYMETA.json and install.json into $ARCH/.meta library path * use Cwd::chdir to update CWD environment variable * fix ExtUtils::ParseXS issue with -L * fix CoreList bootstrap issue with perl < 5.8.9 when using -L * dump more descriptive error message when configure failed with --installdeps #111 * upgraded many fatlib embedded modules * support --no-quiet * removed ugly @INC dumping hack for -L. This causes modules that has conditional deps such as Any::Moose not to pull down necessary requirements; this is a known issue and will be addressed later * support special _ for -l and -L argument to respect local::lib defaults #115 * use Cwd::chdir to change PWD * unbreak -L with newer ExtUtils::ParseXS installed * changed the path to save metadata information * removed Dist::Metadata use, but instead use Module::Metadata to get provides * removed the ugly DumpedINC hack for -L * added experimental --skip-configure * delay load Module::Build bootstrap so that -L won't auto-intall the latest M::B - update to 1.4007: * incompatible changes: + remove LWP from Makefile.PL dependencies, since due to the split it brings in many dependencies such as HTTP::Daemon and HTTP::Parser (which requires a C compiler) + HTTP::Tiny is embedded as a last resort anyway, and if Makefile.PL is executed via some CPAN client (CPAN.pm, CPANPLUS or cpanminus) it means your client is already configured to be able to fetch files over HTTP - update to 1.4006: * proper fix for the -l option installing the same modules - update to 1.4005: * -l should now correctly locate installed modules to skip reinstalling (regression in 1.4004) * ignore Module::CoreList loading errors with -L on perl < 5.8.9 * fixed --prompt in combination with --quest RT:66602 * fixed a broken Bundle:: module installation - update to 1.4004: * Incompatible Changes: + fixed the issue where `ssh host cpanm Module` waits on input forever. As a side effect of fixing this bug, cpanm reads modules from STDIN only if there's no module arguments given. Options such as -L or --scandeps continue to work. #86 * fixed a long standing bug where newer versions of bundled modules such as LWP could be loaded when combined with -L or -l, which causes API incompatiblities * fixed the use of gunzip (cho45) - changes from 1.4003: * fixed a weird bug that -L fails to bootstrap Module::Build when an old version such as 0.28 is installed * do not show help if it reads args from STDIN and nothing is supplied * stripped down the `cpanm` executable size for 20% by stripping POD for fatpacked dependencies :) - changes from 1.4002: * display configure errors in --scandeps so that configure_requires can be manually satisfied - update to 1.4001: * fixed a workaround code for META.yml being JSON - update to 1.4000: * changed the verbosity level of -q to be actually *so* useful and recommended now * added a new option --no-man-pages to skip man page generation and installation * added new --scandeps and --format option that scans module dependency tree before actually installing a module * support Bundle:: modules * added new --save-dists option - changes from 1.30_02 to 1.30_13: * fix for the use of Module::CoreList for perl with versions ending in 0, such as 5.13.10 * do not attempt to upgrade Module::Build if you have the version that comes with perl * support Bundle:: modules #81 * fixed a bug where META.yml is being fetched for no reason; this reduces the HTTP GET calls a lot and should speed up the build process * falls back to search.cpan.org/meta service when (and only when) META.yml is not included or unparsable; now it can handle distributions like AnyEvent::HTTP or ancient packages better * makes the wget/curl execution safer * support archives where tar list begins with ./ like Image::Magick #80 * fix SIGNATURE testing for Module::Build 0.38 or later * implemented EXPERIMENTAL --scandeps command and --format option * implemented EXPERIMENTAL --save-tarballs option * show (undef) in the version output instead of () * changed how it special cases Module::Build load path in -L mode; it's much more reliable and support 0.38 with the new CPAN::Meta dependencies * changed the verbosity level of -q|--quiet so that it prints only necessary information (instead of nothing, which is not really useful) * shows the number of distribution in the end of the session * renamed the option to --man-pages and --no-man-pages * disable the man page generation by default only if -L is in use * skip the man page generation by default; you can enable it with --pod2man * fixed the way it reduces @INC in the tests when -L is in use, so the tests that call $^X with -I can keep those library paths. i.e. Test::More * support minor case where blib/* is manually added via -I (e.g. FCGI.pm) * fixed a bug the modules are not loaded from blib in test_harness with -L * fixed a bug where tests are loading modules from your site_perl even when -L is used * fixed a bug -L will install non-core modules again and again for each run - update to 1.3000: * improved the dependencies detection when -L is in use so the core modules that have been upgraded inside can be correctly be detected, using Module::CoreList - update to 1.2001 (no user-visible changes) - update to 1.008: * fixed glitches due to the deletion of Module::Metadata::Version - changes from 1.007: * fixed installation documents - initial version (1.1006) OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-App-cpanminus?expand=0&rev=58 --- cpanspec.yml | 2 +- perl-App-cpanminus.changes | 1 + perl-App-cpanminus.spec | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cpanspec.yml b/cpanspec.yml index 7781681..bbab5c9 100644 --- a/cpanspec.yml +++ b/cpanspec.yml @@ -85,7 +85,7 @@ post_prep: |- # Unbundle fat-packed modules podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod - # https://bugzilla.suse.com/show_bug.cgi?id=1229819 + # https://bugzilla.suse.com/show_bug.cgi?id=1229819 CVE-2024-45321 bsc#1229819 perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$2}g' bin/cpanm for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do diff --git a/perl-App-cpanminus.changes b/perl-App-cpanminus.changes index 64652df..f4b1620 100644 --- a/perl-App-cpanminus.changes +++ b/perl-App-cpanminus.changes @@ -3,6 +3,7 @@ Tue Aug 27 12:14:26 UTC 2024 - Tina Müller - Add a patch to use https instead of http https://bugzilla.suse.com/show_bug.cgi?id=1229819 + CVE-2024-45321 bsc#1229819 ------------------------------------------------------------------- Mon Jul 31 03:06:01 UTC 2023 - Tina Müller diff --git a/perl-App-cpanminus.spec b/perl-App-cpanminus.spec index 95ae0b5..9a8ebfe 100644 --- a/perl-App-cpanminus.spec +++ b/perl-App-cpanminus.spec @@ -121,7 +121,7 @@ find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/scrip # Unbundle fat-packed modules podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod -# https://bugzilla.suse.com/show_bug.cgi?id=1229819 +# https://bugzilla.suse.com/show_bug.cgi?id=1229819 CVE-2024-45321 bsc#1229819 perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$2}g' bin/cpanm for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do