perl-YAML-LibYAML/perl-YAML-LibYAML.changes

-------------------------------------------------------------------
Tue Feb 10 10:24:37 UTC 2015 - vcizek@suse.com

- update to 0.59
- this update fixes 3 vulnerabilities in the embedded LibYAML:
  * CVE-2014-9130: libyaml: assert failure when processing
    wrapped strings (bnc#907809)
  * CVE-2014-2525: libyaml: heap overflow during parsing (bnc#868944)
  * CVE-2013-6393: libyaml: heap based buffer, overflow due to
    integer misuse (bnc#860617)
- dropped CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch (upstream)
- upstream changelog:
  * PR/23 Better scalar dump heuristics
  * More closely match YAML.pm
  * Add a VERSION statement to YAML::LibYAML (issue#8)
  * Applied fix for PR/21. nawglan++
  * Use Swim cpan-tail block functions in doc
  * Get YAML::XS using latest libyaml
  * Fix for
    https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
  * Fix e1 test failure on 5.21.4
  * Remove =travis section
  * Meta 0.0.2
  * Eliminate spurious trailing whitespace
  * Add t/000-compile-modules.t
  * Fix swim errors
  * Add badges to doc
  * Fix ReadMe
  * Fix Meta and add Contributing.

-------------------------------------------------------------------
Mon Jul 28 05:30:44 UTC 2014 - coolo@suse.com

- updated to 0.44
  - Doc fix. GitHub-Issue-#6. Thanks to Debian Perl Group for finding this.
 
 0.43 Sat Jul 12 10:04:07 PDT 2014
  - Test::Base tests needed 'inc' in @INC
 
 0.42 Fri Jul 11 14:45:58 PDT 2014
  - Switch to Zilla::Dist
  - No longer dep on Test::Base, Spiffy, and Filter::Util::Call
  - Remove test/changes.t
 
 0.41 Wed Mar 13 10:34:55 PDT 2013
  - Removed another C++ // style comment. jdb++
 
 0.40 Tue Mar 12 11:05:34 PDT 2013
  - Removed C++ // style comments, for better portability. jdb++
 
 0.39 Mon Feb 11 18:08:04 PST 2013
  - Using the latest libyaml codebase
  - https://github.com/yaml/libyaml/tree/perl-yaml-xs
  - Changes have been made to start moving libyaml to 1.2

-------------------------------------------------------------------
Wed May 30 07:57:03 UTC 2012 - coolo@suse.com

- updated to 0.38
  - Apply SPROUT++ deparse test patch. Thanks!

-------------------------------------------------------------------
Wed Apr 25 23:01:47 UTC 2012 - pascal.bleser@opensuse.org

- CVE-2012-1152: added patch to fix multiple format string flaws:
  A remote attacker could provide a specially-crafted YAML document, which once
  processed by the perl-YAML-LibYAML interface would lead to perl-YAML-LibYAML
  based process crash. bnc#751503

-------------------------------------------------------------------
Sun Oct 02 23:37:11 UTC 2011 - pascal.bleser@opensuse.org

- update to 0.37:
  * fix the bug that accidentally released YAML-XS instead of YAML-LibYAML

- changes from 0.36:
  * switch to Module::Package
  * fix LoadFile on empty file failure

-------------------------------------------------------------------
Mon Apr  4 08:33:41 UTC 2011 - coolo@novell.com

- updated to 0.35
  - Apply bdfoy patch from rt-46172
  - Update ppport.h to fix rt-64749 & rt-62054
  - Add ANDK's regexp.t patch from rt-62266
  - These changes from chansen++
  - Handle misbehaved tied hashes
  - Handle 'get' magic
  - Added support for tied arrays and hashes
  - Don't turn on the UTF-8 flag for strings containing US-ASCII (0x00-0x7F)

-------------------------------------------------------------------
Mon Nov 29 18:32:31 UTC 2010 - coolo@novell.com

- remove /var/adm/perl-modules

-------------------------------------------------------------------
Mon Jun 14 05:26:35 UTC 2010 - pascal.bleser@opensuse.org

- initial package (0.33)