Accepting request 285072 from home:vitezslav_cizek:branches:devel:languages:perl

- update to 0.59
- this update fixes 3 vulnerabilities in the embedded LibYAML:
  * CVE-2014-9130: libyaml: assert failure when processing
    wrapped strings (bnc#907809)
  * CVE-2014-2525: libyaml: heap overflow during parsing (bnc#868944)
  * CVE-2013-6393: libyaml: heap based buffer, overflow due to
    integer misuse (bnc#860617)
- dropped CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch (upstream)
- upstream changelog:
  * PR/23 Better scalar dump heuristics
  * More closely match YAML.pm
  * Add a VERSION statement to YAML::LibYAML (issue#8)
  * Applied fix for PR/21. nawglan++
  * Use Swim cpan-tail block functions in doc
  * Get YAML::XS using latest libyaml
  * Fix for
    https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
  * Fix e1 test failure on 5.21.4
  * Remove =travis section
  * Meta 0.0.2
  * Eliminate spurious trailing whitespace
  * Add t/000-compile-modules.t
  * Fix swim errors
  * Add badges to doc
  * Fix ReadMe
  * Fix Meta and add Contributing.

OBS-URL: https://build.opensuse.org/request/show/285072
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-YAML-LibYAML?expand=0&rev=13

CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch

@@ -1,39 +0,0 @@
-diff -urbaN YAML-LibYAML-0.35-orig//LibYAML/perl_libyaml.c YAML-LibYAML-0.35/LibYAML/perl_libyaml.c
---- YAML-LibYAML-0.35-orig//LibYAML/perl_libyaml.c	2011-04-03 18:28:08.000000000 +0200
-+++ YAML-LibYAML-0.35/LibYAML/perl_libyaml.c	2011-04-08 09:25:49.633009787 +0200
-@@ -188,7 +188,7 @@
-     return;
- 
- load_error:
--    croak(loader_error_msg(&loader, NULL));
-+    croak("%s", loader_error_msg(&loader, NULL));
- }
- 
- /*
-@@ -271,7 +271,7 @@
-     return return_sv;
- 
-     load_error:
--        croak(loader_error_msg(loader, NULL));
-+        croak("%s", loader_error_msg(loader, NULL));
- }
- 
- /*
-@@ -314,7 +314,7 @@
-         else if (strlen(tag) <= strlen(prefix) ||
-             ! strnEQ(tag, prefix, strlen(prefix))
-         ) croak(
--            loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
-+            "%s", loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
-         );
-         class = tag + strlen(prefix);
-         sv_bless(hash_ref, gv_stashpv(class, TRUE)); 
-@@ -347,7 +347,7 @@
-         else if (strlen(tag) <= strlen(prefix) ||
-             ! strnEQ(tag, prefix, strlen(prefix))
-         ) croak(
--            loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
-+            "%s", loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
-         );
-         class = tag + strlen(prefix);
-         sv_bless(array_ref, gv_stashpv(class, TRUE)); 

YAML-LibYAML-0.44.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:027726648e78363c1a958c142b2a792c2235014bc3036499522d798ce9cd89a2
-size 153853

YAML-LibYAML-0.59.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9df424ef5e968054042cacafa2f44354a662329df974d178dffce7529fc99f54
+size 140949

perl-YAML-LibYAML.changes

@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Feb 10 10:24:37 UTC 2015 - vcizek@suse.com
+
+- update to 0.59
+- this update fixes 3 vulnerabilities in the embedded LibYAML:
+  * CVE-2014-9130: libyaml: assert failure when processing
+    wrapped strings (bnc#907809)
+  * CVE-2014-2525: libyaml: heap overflow during parsing (bnc#868944)
+  * CVE-2013-6393: libyaml: heap based buffer, overflow due to
+    integer misuse (bnc#860617)
+- dropped CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch (upstream)
+- upstream changelog:
+  * PR/23 Better scalar dump heuristics
+  * More closely match YAML.pm
+  * Add a VERSION statement to YAML::LibYAML (issue#8)
+  * Applied fix for PR/21. nawglan++
+  * Use Swim cpan-tail block functions in doc
+  * Get YAML::XS using latest libyaml
+  * Fix for
+    https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
+  * Fix e1 test failure on 5.21.4
+  * Remove =travis section
+  * Meta 0.0.2
+  * Eliminate spurious trailing whitespace
+  * Add t/000-compile-modules.t
+  * Fix swim errors
+  * Add badges to doc
+  * Fix ReadMe
+  * Fix Meta and add Contributing.
+
 -------------------------------------------------------------------
 Mon Jul 28 05:30:44 UTC 2014 - coolo@suse.com
 

perl-YAML-LibYAML.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package perl-YAML-LibYAML
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           perl-YAML-LibYAML
-Version:        0.44
+Version:        0.59
 Release:        0
 %define cpan_name YAML-LibYAML
 Summary:        Perl YAML Serialization using XS and libyaml
@@ -25,7 +25,6 @@ License:        Artistic-1.0 or GPL-1.0+
 Group:          Development/Libraries/Perl
 Url:            http://search.cpan.org/dist/YAML-LibYAML/
 Source:         http://www.cpan.org/authors/id/I/IN/INGY/%{cpan_name}-%{version}.tar.gz
-Patch0:         CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
 BuildRequires:  perl-macros
@@ -36,7 +35,6 @@ Perl YAML Serialization using XS and libyaml
 
 %prep
 %setup -q -n %{cpan_name}-%{version}
-%patch0 -p1
 find . -type f -print0 | xargs -0 chmod 644
 
 %build