Hello community,
here is the log from the commit of package perl-Module-Signature.1842 for
openSUSE:12.2:Update checked in at 2013-07-11 07:04:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/perl-Module-Signature.1842 (Old)
and /work/SRC/openSUSE:12.2:Update/.perl-Module-Signature.1842.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Module-Signature.1842"
Changes:
--------
New Changes file:
--- /dev/null 2013-07-10 19:42:08.835707958 +0200
+++
/work/SRC/openSUSE:12.2:Update/.perl-Module-Signature.1842.new/perl-Module-Signature.changes
2013-07-11 07:04:45.000000000 +0200
@@ -0,0 +1,117 @@
+-------------------------------------------------------------------
+Wed Jul 3 19:14:29 UTC 2013 - [email protected]
+
+- update to 0.73
+ * fix for bnc#828010 (CVE-2013-2145)
+ https://bugzilla.novell.com/process_bug.cgi
+ https://bugzilla.redhat.com/show_bug.cgi?id=971096
+ * Properly redo the previous fix using File::Spec->file_name_is_absolute.
+- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]
+ * Only allow loading Digest::* from absolute paths in @INC,
+ by ensuring they begin with \ or / characters.
+ Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]
+ * Constrain the user-specified digest name to /^\w+\d+$/.
+ * Avoid loading Digest::* from relative paths in @INC.
+ Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
+ * Don't check gpg version if gpg does not exist.
+ This avoids unnecessary warnings during installation
+ when gpg executable is not installed.
+ Contributed by: Kenichi Ishigaki
+- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]
+ * Support for gpg under these alternate names:
+ gpg gpg2 gnupg gnupg2
+ Contributed by: Michael Schwern
+
+-------------------------------------------------------------------
+Mon Dec 19 08:35:22 UTC 2011 - [email protected]
+
+- license update: CC0-1.0 and (GPL-1.0+ or Artistic-1.0)
+ License purports to be CC zero, not CC-BY. Also, see the script/cpansign
+ and Module/Signature (line 88+) files for Perl licenses
+
+-------------------------------------------------------------------
+Thu Dec 15 09:56:56 UTC 2011 - [email protected]
+
+- regenerate with cpanspec to fix requires/buildrequires
+
+-------------------------------------------------------------------
+Wed Dec 14 12:14:47 UTC 2011 - [email protected]
+
+- update to 0.68
+ * Fix breakage introduced by 0.67 (Andreas König).
+ * Better handling of \r (Andreas König, Zefram)
+
+-------------------------------------------------------------------
+Wed Dec 14 12:12:55 UTC 2011 - [email protected]
+
+- fix license to be in spdx.org format
+
+-------------------------------------------------------------------
+Tue Nov 30 19:20:34 UTC 2010 - [email protected]
+
+- switch to perl_requires macro
+
+-------------------------------------------------------------------
+Wed Sep 8 21:51:34 UTC 2010 - [email protected]
+
+- update to 0.66
+ * Fix incompatibility with EU::Manifest 1.54 to 1.57
+ (Paul Howarth) (Closes RT#61124).
+
+-------------------------------------------------------------------
+Sat Sep 4 17:36:16 UTC 2010 - [email protected]
+
+- update to 0.65
+ * Skip MYMETA (Alexandr Ciornii)
+
+-------------------------------------------------------------------
+Sat Jul 24 12:56:18 UTC 2010 - [email protected]
+
+- removed UTF-8 chars from changes
+
+-------------------------------------------------------------------
+Wed Jul 21 14:51:26 UTC 2010 - [email protected]
+
+- update to 0.64
+ * Avoid creating gnupg configuration files for the user invoking Makefile.PL
+ (Closes RT#41978).
+ * Correctly detect the version of gnupg on cygwin and add tests for it
+ (Paul Fenwick) (Closes RT#39258).
+- [Changes for 0.63 - Sun, 28 Mar 2010 04:46:27 +0100]
+ * Fix diagnostic message from Makefile.PL when the user dosn't have gnupg or
+ Crypt::OpenPGP (miyagawa).
+- [Changes for 0.62 - Tue, 23 Mar 2010 22:17:39 +0100]
+ * Change the default keyserver from the outdated pgp.mit.edu to
+ pool.sks-keyservers.net.
+- [Changes for 0.61 - Thu, 19 Mov 2009 00:56:41 CST]
+ * Added "=encoding utf8" to POD to fix author name display.
+ No functional changes.
+- [Changes for 0.60 - Mon, 16 Nov 2009 22:48:54 CST]
+ * LICENSING CHANGE: This compilation and all individual files in it
+ are now under the nullary CC0 1.0 Universal terms:
+ To the extent possible under law, <[email protected]> has waived all
+ copyright and related or neighboring rights to Module-Signature.
+ * Updated Module::Install to 0.91, prompted by Florian Ragwitz.
+- recreated by cpanspec 1.78
+- noarch pkg
+
+-------------------------------------------------------------------
+Sat Jul 25 19:41:01 CEST 2009 - [email protected]
+
+- spec mods
+ * removed ^----------
+ * removed ^#---------
+
+-------------------------------------------------------------------
+Sat Jun 27 13:23:40 CEST 2009 - [email protected]
+
+- fixed deps
+ o changed Digest::SHA1 to Digest::SHA
+
+-------------------------------------------------------------------
+Fri Jun 26 14:43:23 CEST 2009 - [email protected]
+
+- initial package 0.55
+
New:
----
Module-Signature-0.73.tar.gz
perl-Module-Signature.changes
perl-Module-Signature.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Module-Signature.spec ++++++
#
# spec file for package perl-Module-Signature
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: perl-Module-Signature
Version: 0.73
Release: 0
%define cpan_name Module-Signature
Summary: Module signature file manipulation
License: CC0-1.0 and (GPL-1.0+ or Artistic-1.0)
Group: Development/Libraries/Perl
Url: http://search.cpan.org/dist/Module-Signature/
Source:
http://www.cpan.org/authors/id/F/FL/FLORA/%{cpan_name}-%{version}.tar.gz
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: perl
BuildRequires: perl-macros
BuildRequires: perl(Digest::SHA)
BuildRequires: perl(IPC::Run)
Requires: perl(Digest::SHA)
# MANUAL BEGIN
BuildRequires: gpg
Requires: gpg
# MANUAL END
%{perl_requires}
%description
*Module::Signature* adds cryptographic authentications to CPAN
distributions, via the special _SIGNATURE_ file.
If you are a module user, all you have to do is to remember to run
'cpansign -v' (or just 'cpansign') before issuing 'perl Makefile.PL' or
'perl Build.PL'; that will ensure the distribution has not been tampered
with.
Module authors can easily add the _SIGNATURE_ file to the distribution
tarball; see the /NOTES manpage below for how to do it as part of 'make
dist'.
If you _really_ want to sign a distribution manually, simply add
'SIGNATURE' to _MANIFEST_, then type 'cpansign -s' immediately before 'make
dist'. Be sure to delete the _SIGNATURE_ file afterwards.
Please also see the /NOTES manpage about _MANIFEST.SKIP_ issues, especially
if you are using *Module::Build* or writing your own _MANIFEST.SKIP_.
%prep
%setup -q -n %{cpan_name}-%{version}
#find . -type f -print0 | xargs -0 chmod 644
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
%{__make} %{?_smp_mflags}
%check
%{__make} test
%install
%perl_make_install
%perl_process_packlist
%perl_gen_filelist
%files -f %{name}.files
%defattr(-,root,root,755)
%doc AUDREY2006.pub AUTHORS Changes PAUSE2003.pub README
%changelog
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
