Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-HTTP-Tiny for openSUSE:Factory checked in at 2026-05-18 17:48:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-HTTP-Tiny (Old) and /work/SRC/openSUSE:Factory/.perl-HTTP-Tiny.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-HTTP-Tiny" Mon May 18 17:48:08 2026 rev:22 rq:1353775 version:0.094 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-HTTP-Tiny/perl-HTTP-Tiny.changes 2026-01-08 15:29:20.937854741 +0100 +++ /work/SRC/openSUSE:Factory/.perl-HTTP-Tiny.new.1966/perl-HTTP-Tiny.changes 2026-05-18 17:48:59.934737706 +0200 @@ -1,0 +2,12 @@ +Mon May 18 08:54:28 UTC 2026 - Tina Müller <[email protected]> + +- updated to 0.094 + see /usr/share/doc/packages/perl-HTTP-Tiny/Changes + + 0.094 2026-05-17 10:31:00+02:00 Europe/Brussels + - No changes from 0.093-TRIAL + 0.093 2026-05-11 17:18:12+02:00 Europe/Brussels (TRIAL RELEASE) + - fix to prevent invalid characters in all headers, and prevent header + smuggling (CVE-2026-7010) bsc#1264992 + +------------------------------------------------------------------- Old: ---- HTTP-Tiny-0.092.tar.gz New: ---- HTTP-Tiny-0.094.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-HTTP-Tiny.spec ++++++ --- /var/tmp/diff_new_pack.nDcIhA/_old 2026-05-18 17:49:00.610765641 +0200 +++ /var/tmp/diff_new_pack.nDcIhA/_new 2026-05-18 17:49:00.610765641 +0200 @@ -18,7 +18,7 @@ %define cpan_name HTTP-Tiny Name: perl-HTTP-Tiny -Version: 0.092 +Version: 0.094 Release: 0 License: Artistic-1.0 OR GPL-1.0-or-later Summary: Small, simple, correct HTTP/1.1 client ++++++ HTTP-Tiny-0.092.tar.gz -> HTTP-Tiny-0.094.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/Changes new/HTTP-Tiny-0.094/Changes --- old/HTTP-Tiny-0.092/Changes 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/Changes 2026-05-17 10:31:03.000000000 +0200 @@ -1,5 +1,14 @@ Release notes for HTTP-Tiny +0.094 2026-05-17 10:31:00+02:00 Europe/Brussels + + - No changes from 0.093-TRIAL + +0.093 2026-05-11 17:18:12+02:00 Europe/Brussels (TRIAL RELEASE) + + - fix to prevent invalid characters in all headers, and prevent header + smuggling (CVE-2026-7010) + 0.092 2025-12-27 20:49:41+01:00 Europe/Berlin - No changes from 0.091-TRIAL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/LICENSE new/HTTP-Tiny-0.094/LICENSE --- old/HTTP-Tiny-0.092/LICENSE 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/LICENSE 2026-05-17 10:31:03.000000000 +0200 @@ -1,4 +1,4 @@ -This software is copyright (c) 2025 by Christian Hansen. +This software is copyright (c) 2026 by Christian Hansen. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. @@ -12,7 +12,7 @@ --- The GNU General Public License, Version 1, February 1989 --- -This software is Copyright (c) 2025 by Christian Hansen. +This software is Copyright (c) 2026 by Christian Hansen. This is free software, licensed under: @@ -271,7 +271,7 @@ --- The Perl Artistic License 1.0 --- -This software is Copyright (c) 2025 by Christian Hansen. +This software is Copyright (c) 2026 by Christian Hansen. This is free software, licensed under: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/MANIFEST new/HTTP-Tiny-0.094/MANIFEST --- old/HTTP-Tiny-0.092/MANIFEST 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/MANIFEST 2026-05-17 10:31:03.000000000 +0200 @@ -1,4 +1,4 @@ -# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.036. +# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.037 CONTRIBUTING.mkdn Changes LICENSE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/META.json new/HTTP-Tiny-0.094/META.json --- old/HTTP-Tiny-0.092/META.json 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/META.json 2026-05-17 10:31:03.000000000 +0200 @@ -5,7 +5,7 @@ "David Golden <[email protected]>" ], "dynamic_config" : 0, - "generated_by" : "Dist::Zilla version 6.036, CPAN::Meta::Converter version 2.150010", + "generated_by" : "Dist::Zilla version 6.037, CPAN::Meta::Converter version 2.150013", "license" : [ "perl_5" ], @@ -107,7 +107,7 @@ "provides" : { "HTTP::Tiny" : { "file" : "lib/HTTP/Tiny.pm", - "version" : "0.092" + "version" : "0.094" } }, "release_status" : "stable", @@ -122,7 +122,7 @@ "web" : "https://github.com/Perl-Toolchain-Gang/HTTP-Tiny"; } }, - "version" : "0.092", + "version" : "0.094", "x_authority" : "cpan:DAGOLDEN", "x_contributors" : [ "Alan Gardner <[email protected]>", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/META.yml new/HTTP-Tiny-0.094/META.yml --- old/HTTP-Tiny-0.092/META.yml 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/META.yml 2026-05-17 10:31:03.000000000 +0200 @@ -22,7 +22,7 @@ ExtUtils::MakeMaker: '6.17' perl: '5.006' dynamic_config: 0 -generated_by: 'Dist::Zilla version 6.036, CPAN::Meta::Converter version 2.150010' +generated_by: 'Dist::Zilla version 6.037, CPAN::Meta::Converter version 2.150013' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -39,7 +39,7 @@ provides: HTTP::Tiny: file: lib/HTTP/Tiny.pm - version: '0.092' + version: '0.094' recommends: HTTP::CookieJar: '0.001' IO::Socket::IP: '0.32' @@ -61,7 +61,7 @@ bugtracker: https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/issues homepage: https://github.com/Perl-Toolchain-Gang/HTTP-Tiny repository: https://github.com/Perl-Toolchain-Gang/HTTP-Tiny.git -version: '0.092' +version: '0.094' x_authority: cpan:DAGOLDEN x_contributors: - 'Alan Gardner <[email protected]>' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/Makefile.PL new/HTTP-Tiny-0.094/Makefile.PL --- old/HTTP-Tiny-0.092/Makefile.PL 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/Makefile.PL 2026-05-17 10:31:03.000000000 +0200 @@ -1,4 +1,4 @@ -# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.036. +# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.037 use strict; use warnings; @@ -43,7 +43,7 @@ "lib" => 0, "open" => 0 }, - "VERSION" => "0.092", + "VERSION" => "0.094", "test" => { "TESTS" => "t/*.t" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/README new/HTTP-Tiny-0.094/README --- old/HTTP-Tiny-0.092/README 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/README 2026-05-17 10:31:03.000000000 +0200 @@ -2,7 +2,7 @@ HTTP::Tiny - A small, simple, correct HTTP/1.1 client VERSION - version 0.092 + version 0.094 SYNOPSIS use HTTP::Tiny; @@ -619,7 +619,7 @@ * Xavier Guimard <[email protected]> COPYRIGHT AND LICENSE - This software is copyright (c) 2025 by Christian Hansen. + This software is copyright (c) 2026 by Christian Hansen. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/cpanfile new/HTTP-Tiny-0.094/cpanfile --- old/HTTP-Tiny-0.092/cpanfile 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/cpanfile 2026-05-17 10:31:03.000000000 +0200 @@ -1,4 +1,4 @@ -# This file is generated by Dist::Zilla::Plugin::CPANFile v6.036 +# This file is generated by Dist::Zilla::Plugin::CPANFile v6.037 # Do not edit this file directly. To change prereqs, edit the `dist.ini` file. requires "Carp" => "0"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/lib/HTTP/Tiny.pm new/HTTP-Tiny-0.094/lib/HTTP/Tiny.pm --- old/HTTP-Tiny-0.092/lib/HTTP/Tiny.pm 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/lib/HTTP/Tiny.pm 2026-05-17 10:31:03.000000000 +0200 @@ -4,7 +4,7 @@ use warnings; # ABSTRACT: A small, simple, correct HTTP/1.1 client -our $VERSION = '0.092'; +our $VERSION = '0.094'; sub _croak { require Carp; Carp::croak(@_) } @@ -1396,6 +1396,8 @@ my $field_name = $HeaderCase{$k}; my $v = $headers->{$k}; for (ref $v eq 'ARRAY' ? @$v : $v) { + die(qq/Invalid HTTP header field value ($field_name): / . $Printable->($_). "\n") + unless $_ eq '' || /\A $Field_Content \z/xo; $_ = '' unless defined $_; $buf .= "$field_name: $_\x0D\x0A"; } @@ -1587,6 +1589,12 @@ @_ == 5 || die(q/Usage: $handle->write_request_header(method, request_uri, headers, header_case)/ . "\n"); my ($self, $method, $request_uri, $headers, $header_case) = @_; + die (q/Invalid characters in Request-URI /. $Printable->($request_uri). "\n") + if $request_uri =~ /[\x00-\x20\x7F]/; + + die (q/Invalid characters in Method /. $Printable->($method). "\n") + if $method =~ /[\x00-\x20\x7F]/; + return $self->write_header_lines($headers, $header_case, "$method $request_uri HTTP/1.1\x0D\x0A"); } @@ -1768,7 +1776,7 @@ =head1 VERSION -version 0.092 +version 0.094 =head1 SYNOPSIS @@ -2628,7 +2636,7 @@ =head1 COPYRIGHT AND LICENSE -This software is copyright (c) 2025 by Christian Hansen. +This software is copyright (c) 2026 by Christian Hansen. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/t/020_headers.t new/HTTP-Tiny-0.094/t/020_headers.t --- old/HTTP-Tiny-0.092/t/020_headers.t 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/t/020_headers.t 2026-05-17 10:31:03.000000000 +0200 @@ -59,3 +59,58 @@ is_deeply($handle->read_header_lines, $headers, "roundtrip header lines"); } +{ + my $fh = tmpfile(); + my $handle = HTTP::Tiny::Handle->new(fh => $fh); + eval { $handle->write_header_lines({ range => "bytes=13-37${CRLF}X-Injected: foo" }) }; + like($@, qr/Invalid HTTP header field value \(Range\)/, + "reject CRLF in control field value"); +} + +{ + my $fh = tmpfile(); + my $handle = HTTP::Tiny::Handle->new(fh => $fh); + eval { $handle->write_header_lines({ "X-Foo-Bar" => "foo${CRLF}X-Injected: foo" }) }; + like($@, qr/Invalid HTTP header field value \(X-Foo-Bar\)/, + "reject CRLF in other header value"); +} + +{ + my $fh = tmpfile(); + my $handle = HTTP::Tiny::Handle->new(fh => $fh); + eval { $handle->write_request_header("GET${CRLF}", "/foo", {}, {}) }; + like($@, qr/Invalid characters in Method/, + "->write_request_header() reject CRLF in method"); +} + +{ + my $fh = tmpfile(); + my $handle = HTTP::Tiny::Handle->new(fh => $fh); + eval { $handle->write_request_header("GET\x00", "/foo", {}, {}) }; + like($@, qr/Invalid characters in Method/, + "->write_request_header() reject nullbyte in method"); +} + +{ + my $fh = tmpfile(); + my $handle = HTTP::Tiny::Handle->new(fh => $fh); + eval { $handle->write_request_header("GET ", "/foo", {}, {}) }; + like($@, qr/Invalid characters in Method/, + "->write_request_header() reject trailing space in method"); +} + +{ + my $fh = tmpfile(); + my $handle = HTTP::Tiny::Handle->new(fh => $fh); + eval { $handle->write_request_header("GET", "/foo${CRLF}Foo: 1", {}, {}) }; + like($@, qr/Invalid characters in Request-URI/, + "->write_request_header() reject CRLF in request-uri"); +} + +{ + my $fh = tmpfile(); + my $handle = HTTP::Tiny::Handle->new(fh => $fh); + eval { $handle->write_request_header("GET", "/foo bar", {}, {}) }; + like($@, qr/Invalid characters in Request-URI/, + "->write_request_header() reject space in request-uri"); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/xt/author/distmeta.t new/HTTP-Tiny-0.094/xt/author/distmeta.t --- old/HTTP-Tiny-0.092/xt/author/distmeta.t 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/xt/author/distmeta.t 2026-05-17 10:31:03.000000000 +0200 @@ -1,5 +1,5 @@ #!perl -# This file was automatically generated by Dist::Zilla::Plugin::MetaTests. +# This file was automatically generated by Dist::Zilla::Plugin::MetaTests use strict; use warnings; use Test::CPAN::Meta; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/xt/author/pod-coverage.t new/HTTP-Tiny-0.094/xt/author/pod-coverage.t --- old/HTTP-Tiny-0.092/xt/author/pod-coverage.t 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/xt/author/pod-coverage.t 2026-05-17 10:31:03.000000000 +0200 @@ -1,5 +1,5 @@ #!perl -# This file was automatically generated by Dist::Zilla::Plugin::PodCoverageTests. +# This file was automatically generated by Dist::Zilla::Plugin::PodCoverageTests use strict; use warnings; use Test::Pod::Coverage 1.08; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HTTP-Tiny-0.092/xt/author/pod-syntax.t new/HTTP-Tiny-0.094/xt/author/pod-syntax.t --- old/HTTP-Tiny-0.092/xt/author/pod-syntax.t 2025-12-27 20:49:46.000000000 +0100 +++ new/HTTP-Tiny-0.094/xt/author/pod-syntax.t 2026-05-17 10:31:03.000000000 +0200 @@ -1,5 +1,5 @@ #!perl -# This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests. +# This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests use strict; use warnings; use Test::More; use Test::Pod 1.41; ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.nDcIhA/_old 2026-05-18 17:49:00.938779195 +0200 +++ /var/tmp/diff_new_pack.nDcIhA/_new 2026-05-18 17:49:00.958780021 +0200 @@ -1,6 +1,6 @@ -mtime: 1767367723 -commit: 239974c36aa4057bd9e3658003814a049d9a4a23e427994d4ea2baac2871425a -url: https://src.opensuse.org/perl/perl-HTTP-Tiny.git -revision: 239974c36aa4057bd9e3658003814a049d9a4a23e427994d4ea2baac2871425a +mtime: 1779097238 +commit: 649629c19d0f92d28444356031b724e8e8328508a3863e13ef025463c2391765 +url: https://src.opensuse.org/perl/perl-HTTP-Tiny +revision: 649629c19d0f92d28444356031b724e8e8328508a3863e13ef025463c2391765 projectscmsync: https://src.opensuse.org/perl/_ObsPrj ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-18 11:40:38.000000000 +0200 @@ -0,0 +1 @@ +.osc
