Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-YAML-LibYAML for
openSUSE:Factory checked in at 2026-05-20 15:23:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-YAML-LibYAML (Old)
and /work/SRC/openSUSE:Factory/.perl-YAML-LibYAML.new.1966 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-YAML-LibYAML"
Wed May 20 15:23:23 2026 rev:33 rq:1353751 version:0.907.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-YAML-LibYAML/perl-YAML-LibYAML.changes
2026-05-05 15:14:42.309532881 +0200
+++
/work/SRC/openSUSE:Factory/.perl-YAML-LibYAML.new.1966/perl-YAML-LibYAML.changes
2026-05-20 15:23:44.280205476 +0200
@@ -1,0 +2,9 @@
+Mon May 11 08:40:01 UTC 2026 - Tina Müller <[email protected]>
+
+- updated to 0.907.0 (v0.907.0)
+ see /usr/share/doc/packages/perl-YAML-LibYAML/Changes
+
+ v0.907.0 2026-05-10 19:47:04+02:00
+ - Turn off cyclic references by default
+
+-------------------------------------------------------------------
Old:
----
YAML-LibYAML-v0.906.0.tar.gz
New:
----
YAML-LibYAML-v0.907.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-YAML-LibYAML.spec ++++++
--- /var/tmp/diff_new_pack.PXHLoH/_old 2026-05-20 15:23:44.976234102 +0200
+++ /var/tmp/diff_new_pack.PXHLoH/_new 2026-05-20 15:23:44.976234102 +0200
@@ -18,10 +18,10 @@
%define cpan_name YAML-LibYAML
Name: perl-YAML-LibYAML
-Version: 0.906.0
+Version: 0.907.0
Release: 0
-# v0.906.0 -> normalize -> 0.906.0
-%define cpan_version v0.906.0
+# v0.907.0 -> normalize -> 0.907.0
+%define cpan_version v0.907.0
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Perl YAML Serialization using XS and libyaml
URL: https://metacpan.org/release/%{cpan_name}
@@ -32,6 +32,7 @@
BuildRequires: perl-macros
BuildRequires: perl(JSON::PP)
BuildRequires: perl(Test::More) >= 0.9
+BuildRequires: perl(Test::Warnings)
%{perl_requires}
%description
++++++ YAML-LibYAML-v0.906.0.tar.gz -> YAML-LibYAML-v0.907.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/Changes
new/YAML-LibYAML-v0.907.0/Changes
--- old/YAML-LibYAML-v0.906.0/Changes 2026-04-26 11:17:13.636268070 +0200
+++ new/YAML-LibYAML-v0.907.0/Changes 2026-05-10 19:50:08.079301873 +0200
@@ -1,3 +1,6 @@
+v0.907.0 2026-05-10 19:47:04+02:00
+ - Turn off cyclic references by default
+
v0.906.0 2026-04-26 11:12:32+02:00
- Fix detecting floats in YAML 1.2 Core Schema (issue#125)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/LibYAML/LibYAML.xs
new/YAML-LibYAML-v0.907.0/LibYAML/LibYAML.xs
--- old/YAML-LibYAML-v0.906.0/LibYAML/LibYAML.xs 2026-04-26
11:17:13.644115607 +0200
+++ new/YAML-LibYAML-v0.907.0/LibYAML/LibYAML.xs 2026-05-10
19:50:08.087096598 +0200
@@ -63,6 +63,7 @@
yaml->width = 80;
yaml->require_footer = 0;
yaml->anchor_prefix = "";
+ yaml->cyclic_refs = 0;
yaml->utf8 = 0;
hash = newHV();
@@ -114,6 +115,12 @@
hv_store(hash, "anchor_prefix", 13, sv, 0);
yaml->anchor_prefix = stringvalue;
}
+ else if (strEQ(key, "cyclic_refs")) {
+ intvalue = SvIV(ST(i+1));
+ SV *sv = newSViv(intvalue);
+ hv_store(hash, "cyclic_refs", 11, sv, 0);
+ yaml->cyclic_refs = intvalue;
+ }
}
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/LibYAML/perl_libyaml.c
new/YAML-LibYAML-v0.907.0/LibYAML/perl_libyaml.c
--- old/YAML-LibYAML-v0.906.0/LibYAML/perl_libyaml.c 2026-04-26
11:17:13.646268612 +0200
+++ new/YAML-LibYAML-v0.907.0/LibYAML/perl_libyaml.c 2026-05-10
19:50:08.088422398 +0200
@@ -1622,12 +1622,23 @@
XCPT_TRY_START {
- if (anchor)
- hv_store(self->anchors, anchor, strlen(anchor),
SvREFCNT_inc(array_ref), 0);
-
+ /* If cyclic refs are allowed we add the anchor here before
+ we descend deeper into the data structure */
+ if (self->cyclic_refs) {
+ if (anchor)
+ hv_store(self->anchors, anchor, strlen(anchor),
SvREFCNT_inc(array_ref), 0);
+ }
while ((node = oo_load_node(self))) {
av_push(array, node);
}
+ /* If cyclic refs are forbidden, we only add the anchor after
+ processing the node, so it is only visible to data after
+ this node */
+ if (!self->cyclic_refs) {
+ if (anchor)
+ hv_store(self->anchors, anchor, strlen(anchor),
SvREFCNT_inc(array_ref), 0);
+ }
+
} XCPT_TRY_END
@@ -1651,11 +1662,18 @@
XCPT_TRY_START {
- if (anchor)
- hv_store(self->anchors, anchor, strlen(anchor),
SvREFCNT_inc(hash_ref), 0);
+ /* If cyclic refs are allowed we add the anchor here before
+ we descend deeper into the data structure */
+ if (self->cyclic_refs) {
+ if (anchor)
+ hv_store(self->anchors, anchor, strlen(anchor),
SvREFCNT_inc(hash_ref), 0);
+ }
/* Get each key string and value node and put them in the hash */
while ((key_node = oo_load_node(self))) {
+ if (!SvOK(key_node)) {
+ sv_setpvn(key_node, "", 0);
+ }
assert(SvPOK(key_node));
value_node = oo_load_node(self);
if ( /* self->forbid_duplicate_keys && */
@@ -1674,6 +1692,14 @@
);
}
+ /* If cyclic refs are forbidden, we only add the anchor after
+ processing the node, so it is only visible to data after
+ this node */
+ if (!self->cyclic_refs) {
+ if (anchor)
+ hv_store(self->anchors, anchor, strlen(anchor),
SvREFCNT_inc(hash_ref), 0);
+ }
+
} XCPT_TRY_END
XCPT_CATCH
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/LibYAML/perl_libyaml.h
new/YAML-LibYAML-v0.907.0/LibYAML/perl_libyaml.h
--- old/YAML-LibYAML-v0.906.0/LibYAML/perl_libyaml.h 2026-04-26
11:17:13.646496156 +0200
+++ new/YAML-LibYAML-v0.907.0/LibYAML/perl_libyaml.h 2026-05-10
19:50:08.088640024 +0200
@@ -73,6 +73,7 @@
int width;
int require_footer;
char *anchor_prefix;
+ int cyclic_refs;
int document;
} perl_yaml_xs_t;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/MANIFEST
new/YAML-LibYAML-v0.907.0/MANIFEST
--- old/YAML-LibYAML-v0.906.0/MANIFEST 2026-04-26 11:17:13.637604767 +0200
+++ new/YAML-LibYAML-v0.907.0/MANIFEST 2026-05-10 19:50:08.080594499 +0200
@@ -81,6 +81,7 @@
t/oop/12-alias.t
t/oop/13-utf8.t
t/oop/14-options.pl
+t/oop/15-various.t
t/oop/schema-core.yaml
t/path-class.t
t/pl_sv_undef.t
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/META.json
new/YAML-LibYAML-v0.907.0/META.json
--- old/YAML-LibYAML-v0.906.0/META.json 2026-04-26 11:17:13.638373793 +0200
+++ new/YAML-LibYAML-v0.907.0/META.json 2026-05-10 19:50:08.081355212 +0200
@@ -55,6 +55,7 @@
"IO::Pipe" : "0",
"JSON::PP" : "0",
"Test::More" : "0.9",
+ "Test::Warnings" : "0",
"Tie::Array" : "0",
"Tie::Hash" : "0",
"blib" : "0",
@@ -67,11 +68,11 @@
"provides" : {
"YAML::LibYAML" : {
"file" : "lib/YAML/LibYAML.pm",
- "version" : "v0.906.0"
+ "version" : "v0.907.0"
},
"YAML::XS" : {
"file" : "lib/YAML/XS.pm",
- "version" : "v0.906.0"
+ "version" : "v0.907.0"
}
},
"release_status" : "stable",
@@ -86,7 +87,7 @@
"web" : "https://github.com/ingydotnet/yaml-libyaml-pm";
}
},
- "version" : "v0.906.0",
+ "version" : "v0.907.0",
"x_generated_by_perl" : "v5.42.0",
"x_serialization_backend" : "Cpanel::JSON::XS version 4.38",
"x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/META.yml
new/YAML-LibYAML-v0.907.0/META.yml
--- old/YAML-LibYAML-v0.906.0/META.yml 2026-04-26 11:17:13.637681523 +0200
+++ new/YAML-LibYAML-v0.907.0/META.yml 2026-05-10 19:50:08.080686061 +0200
@@ -12,6 +12,7 @@
IO::Pipe: '0'
JSON::PP: '0'
Test::More: '0.9'
+ Test::Warnings: '0'
Tie::Array: '0'
Tie::Hash: '0'
blib: '0'
@@ -36,10 +37,10 @@
provides:
YAML::LibYAML:
file: lib/YAML/LibYAML.pm
- version: v0.906.0
+ version: v0.907.0
YAML::XS:
file: lib/YAML/XS.pm
- version: v0.906.0
+ version: v0.907.0
requires:
B::Deparse: '0'
Exporter: '0'
@@ -53,7 +54,7 @@
bugtracker: https://github.com/ingydotnet/yaml-libyaml-pm/issues
homepage: https://github.com/ingydotnet/yaml-libyaml-pm
repository: https://github.com/ingydotnet/yaml-libyaml-pm.git
-version: v0.906.0
+version: v0.907.0
x_generated_by_perl: v5.42.0
x_serialization_backend: 'YAML::Tiny version 1.76'
x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/Makefile.PL
new/YAML-LibYAML-v0.907.0/Makefile.PL
--- old/YAML-LibYAML-v0.906.0/Makefile.PL 2026-04-26 11:17:13.639414921
+0200
+++ new/YAML-LibYAML-v0.907.0/Makefile.PL 2026-05-10 19:50:08.082388376
+0200
@@ -35,6 +35,7 @@
"IO::Pipe" => 0,
"JSON::PP" => 0,
"Test::More" => "0.9",
+ "Test::Warnings" => 0,
"Tie::Array" => 0,
"Tie::Hash" => 0,
"blib" => 0,
@@ -42,7 +43,7 @@
"lib" => 0,
"utf8" => 0
},
- "VERSION" => "v0.906.0",
+ "VERSION" => "v0.907.0",
"test" => {
"TESTS" => "t/*.t t/oop/*.t"
}
@@ -62,6 +63,7 @@
"JSON::PP" => 0,
"Scalar::Util" => 0,
"Test::More" => "0.9",
+ "Test::Warnings" => 0,
"Tie::Array" => 0,
"Tie::Hash" => 0,
"base" => 0,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/README
new/YAML-LibYAML-v0.907.0/README
--- old/YAML-LibYAML-v0.906.0/README 2026-04-26 11:17:13.636138793 +0200
+++ new/YAML-LibYAML-v0.907.0/README 2026-05-10 19:50:08.079186705 +0200
@@ -255,6 +255,7 @@
# footer => 0,
# width => 80,
# anchor_prefix => '',
+ # cyclic_refs => 0,
# load and dump options
# utf8 => 0,
@@ -317,6 +318,19 @@
some: mapping
- *ANCHOR1
+ cyclic_refs
+
+ Since version v0.907
+
+ Default: 0
+
+ YAML can contain data structures where an alias points to a node
+ containing the current node, creating a cyclic (circular) data
+ structure. If you load untrusted YAML documents, that can lead to
+ memory leaks. Since it's not a very common use case, YAML::XS
+ defaults to not allowing it. It will just behave as if the anchor was
+ never created in this case. You an set it to 1 to allow it.
+
load
my $yaml = <<'EOM';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/lib/YAML/LibYAML.pm
new/YAML-LibYAML-v0.907.0/lib/YAML/LibYAML.pm
--- old/YAML-LibYAML-v0.906.0/lib/YAML/LibYAML.pm 2026-04-26
11:17:13.644872549 +0200
+++ new/YAML-LibYAML-v0.907.0/lib/YAML/LibYAML.pm 2026-05-10
19:50:08.087745635 +0200
@@ -1,6 +1,6 @@
use strict; use warnings;
package YAML::LibYAML;
-our $VERSION = 'v0.906.0'; # VERSION
+our $VERSION = 'v0.907.0'; # VERSION
sub import {
die "YAML::LibYAML has been renamed to YAML::XS. Please use YAML::XS
instead.";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/lib/YAML/XS.pm
new/YAML-LibYAML-v0.907.0/lib/YAML/XS.pm
--- old/YAML-LibYAML-v0.906.0/lib/YAML/XS.pm 2026-04-26 11:17:13.640686736
+0200
+++ new/YAML-LibYAML-v0.907.0/lib/YAML/XS.pm 2026-05-10 19:50:08.083648875
+0200
@@ -1,7 +1,7 @@
use strict; use warnings;
package YAML::XS;
-our $VERSION = 'v0.906.0'; # VERSION
+our $VERSION = 'v0.907.0'; # VERSION
use base 'Exporter';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/lib/YAML/XS.pod
new/YAML-LibYAML-v0.907.0/lib/YAML/XS.pod
--- old/YAML-LibYAML-v0.906.0/lib/YAML/XS.pod 2026-04-26 11:17:13.641253430
+0200
+++ new/YAML-LibYAML-v0.907.0/lib/YAML/XS.pod 2026-05-10 19:50:08.084233867
+0200
@@ -237,6 +237,7 @@
# footer => 0,
# width => 80,
# anchor_prefix => '',
+ # cyclic_refs => 0,
# load and dump options
# utf8 => 0,
@@ -301,6 +302,22 @@
some: mapping
- *ANCHOR1
+=item cyclic_refs
+
+Since version v0.907
+
+Default: 0
+
+YAML can contain data structures where an alias points to a node
+containing the current node, creating a cyclic (circular) data
+structure.
+If you load untrusted YAML documents, that can lead to memory
+leaks.
+Since it's not a very common use case, YAML::XS defaults to
+not allowing it. It will just behave as if the anchor was never
+created in this case.
+You an set it to 1 to allow it.
+
=back
=head3 load
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/t/oop/12-alias.t
new/YAML-LibYAML-v0.907.0/t/oop/12-alias.t
--- old/YAML-LibYAML-v0.906.0/t/oop/12-alias.t 2026-04-26 11:17:13.641849109
+0200
+++ new/YAML-LibYAML-v0.907.0/t/oop/12-alias.t 2026-05-10 19:50:08.084804681
+0200
@@ -5,6 +5,63 @@
my $xs = YAML::XS->new;
+subtest cyclic => sub {
+ my $xs_with_cyclic = YAML::XS->new(cyclic_refs => 1);
+ subtest sequence => sub {
+ my $yaml = <<'EOM';
+&CIRCLE [ something else, *CIRCLE ]
+EOM
+
+ my $circle = eval {
+ $xs->load($yaml);
+ };
+ my $err = $@;
+ like $err, qr{No anchor for alias 'CIRCLE'}, 'expected error message';
+
+ $circle = eval {
+ $xs_with_cyclic->load($yaml);
+ };
+ $err = $@;
+ is $err, '', 'no error with cyclic_refs on';
+ is $circle->[0], 'something else', 'first element like expected';
+ is "$circle->[1]", "$circle", 'second element points to root element';
+
+ $yaml = $xs->dump($circle);
+ my $exp = <<'EOM';
+--- &1
+- something else
+- *1
+EOM
+ is $yaml, $exp, 'circular refs are dumped correctly';
+ };
+
+ subtest mapping => sub {
+ my $yaml = <<'EOM';
+&CIRCLE { something_else: *CIRCLE }
+EOM
+
+ my $circle = eval {
+ $xs->load($yaml);
+ };
+ my $err = $@;
+ like $err, qr{No anchor for alias 'CIRCLE'}, 'expected error message';
+
+ $circle = eval {
+ $xs_with_cyclic->load($yaml);
+ };
+ $err = $@;
+ is $err, '', 'no error with cyclic_refs on';
+ is "$circle->{something_else}", "$circle", 'hash value points to root
element';
+
+ $yaml = $xs->dump($circle);
+ my $exp = <<'EOM';
+--- &1
+something_else: *1
+EOM
+ is $yaml, $exp, 'circular refs are dumped correctly';
+ };
+ };
+
my $yaml = <<'EOM';
- &SCALAR foo
- &SEQ [bar]
@@ -40,17 +97,6 @@
EOM
is $yaml, $exp, 'aliases are dumped correctly';
-my $circle = [ 'x' ];
-$circle->[1] = $circle;
-
-$yaml = $xs->dump($circle);
-$exp = <<'EOM';
---- &1
-- x
-- *1
-EOM
-is $yaml, $exp, 'circular refs are dumped correctly';
-
$yaml = <<'EOM';
- &NULL null
- &TRUE true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/YAML-LibYAML-v0.906.0/t/oop/15-various.t
new/YAML-LibYAML-v0.907.0/t/oop/15-various.t
--- old/YAML-LibYAML-v0.906.0/t/oop/15-various.t 1970-01-01
01:00:00.000000000 +0100
+++ new/YAML-LibYAML-v0.907.0/t/oop/15-various.t 2026-05-10
19:50:08.087003569 +0200
@@ -0,0 +1,18 @@
+use strict;
+use warnings;
+use Test::More;
+use YAML::XS;
+use Test::Warnings qw/ warning /;
+
+subtest 'null key' => sub {
+ my $xs = YAML::XS->new;
+ my $yaml = <<'EOM';
+null: value
+EOM
+ my $data;
+ my $warning = warning { $data = $xs->load($yaml) };
+ is_deeply $data, { '' => 'value' }, 'null key loaded as empty string';
+ is_deeply $warning, [], 'automatic conversion without warning';
+};
+
+done_testing;
++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.PXHLoH/_old 2026-05-20 15:23:45.236244796 +0200
+++ /var/tmp/diff_new_pack.PXHLoH/_new 2026-05-20 15:23:45.244245125 +0200
@@ -1,6 +1,6 @@
-mtime: 1777276000
-commit: 6ed48048da464e78a13213564ae3a9520c872192f4e3d4bf3f97f72372ac6c55
+mtime: 1778488802
+commit: 264e55d1ea75ec4e581b4a07cd5b4d0988869f74ab599e1f4d6b6215e20b023d
url: https://src.opensuse.org/perl/perl-YAML-LibYAML
-revision: 6ed48048da464e78a13213564ae3a9520c872192f4e3d4bf3f97f72372ac6c55
+revision: 264e55d1ea75ec4e581b4a07cd5b4d0988869f74ab599e1f4d6b6215e20b023d
projectscmsync: https://src.opensuse.org/perl/_ObsPrj
++++++ build.specials.obscpio ++++++
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2026-05-11 10:40:02.000000000 +0200
@@ -0,0 +1 @@
+.osc
