Hello community, here is the log from the commit of package perl-YAML-LibYAML for openSUSE:Factory checked in at 2015-02-16 21:21:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-YAML-LibYAML (Old) and /work/SRC/openSUSE:Factory/.perl-YAML-LibYAML.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-YAML-LibYAML" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-YAML-LibYAML/perl-YAML-LibYAML.changes 2014-07-31 10:03:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.perl-YAML-LibYAML.new/perl-YAML-LibYAML.changes 2015-02-16 21:21:48.000000000 +0100 @@ -1,0 +2,30 @@ +Tue Feb 10 10:24:37 UTC 2015 - [email protected] + +- update to 0.59 +- this update fixes 3 vulnerabilities in the embedded LibYAML: + * CVE-2014-9130: libyaml: assert failure when processing + wrapped strings (bnc#907809) + * CVE-2014-2525: libyaml: heap overflow during parsing (bnc#868944) + * CVE-2013-6393: libyaml: heap based buffer, overflow due to + integer misuse (bnc#860617) +- dropped CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch (upstream) +- upstream changelog: + * PR/23 Better scalar dump heuristics + * More closely match YAML.pm + * Add a VERSION statement to YAML::LibYAML (issue#8) + * Applied fix for PR/21. nawglan++ + * Use Swim cpan-tail block functions in doc + * Get YAML::XS using latest libyaml + * Fix for + https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure + * Fix e1 test failure on 5.21.4 + * Remove =travis section + * Meta 0.0.2 + * Eliminate spurious trailing whitespace + * Add t/000-compile-modules.t + * Fix swim errors + * Add badges to doc + * Fix ReadMe + * Fix Meta and add Contributing. + +------------------------------------------------------------------- Old: ---- CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch YAML-LibYAML-0.44.tar.gz New: ---- YAML-LibYAML-0.59.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-YAML-LibYAML.spec ++++++ --- /var/tmp/diff_new_pack.hh9q3i/_old 2015-02-16 21:21:49.000000000 +0100 +++ /var/tmp/diff_new_pack.hh9q3i/_new 2015-02-16 21:21:49.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package perl-YAML-LibYAML # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: perl-YAML-LibYAML -Version: 0.44 +Version: 0.59 Release: 0 %define cpan_name YAML-LibYAML Summary: Perl YAML Serialization using XS and libyaml @@ -25,7 +25,6 @@ Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/YAML-LibYAML/ Source: http://www.cpan.org/authors/id/I/IN/INGY/%{cpan_name}-%{version}.tar.gz -Patch0: CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros @@ -36,7 +35,6 @@ %prep %setup -q -n %{cpan_name}-%{version} -%patch0 -p1 find . -type f -print0 | xargs -0 chmod 644 %build ++++++ YAML-LibYAML-0.44.tar.gz -> YAML-LibYAML-0.59.tar.gz ++++++ ++++ 2855 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
