Hello community, here is the log from the commit of package perl-Email-Address for openSUSE:Factory checked in at 2019-01-05 14:41:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Email-Address (Old) and /work/SRC/openSUSE:Factory/.perl-Email-Address.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Email-Address" Sat Jan 5 14:41:17 2019 rev:17 rq:662640 version:1.912 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Email-Address/perl-Email-Address.changes 2018-03-16 10:40:28.806671554 +0100 +++ /work/SRC/openSUSE:Factory/.perl-Email-Address.new.28833/perl-Email-Address.changes 2019-01-05 14:41:18.376533822 +0100 @@ -1,0 +2,21 @@ +Thu Jan 3 06:08:58 UTC 2019 - Stephan Kulow <co...@suse.com> + +- updated to 1.912 + see /usr/share/doc/packages/perl-Email-Address/Changes + + 1.912 2018-12-31 13:46:22-05:00 America/New_York + - include the doc updates from 1.911 changelog, oops! + +------------------------------------------------------------------- +Sun Dec 23 06:08:33 UTC 2018 - Stephan Kulow <co...@suse.com> + +- updated to 1.911 + see /usr/share/doc/packages/perl-Email-Address/Changes + + 1.911 2018-12-22 11:30:28-05:00 America/New_York + - just like 1.910, but with doc updates and undeprecation by Jim Brandt + + 1.910 2018-12-17 21:27:28-05:00 America/New_York (TRIAL RELEASE) + - update parsing to mitigate pathological cases (thanks, sunnavy!) + +------------------------------------------------------------------- Old: ---- Email-Address-1.909.tar.gz New: ---- Email-Address-1.912.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Email-Address.spec ++++++ --- /var/tmp/diff_new_pack.wstOmU/_old 2019-01-05 14:41:19.788532624 +0100 +++ /var/tmp/diff_new_pack.wstOmU/_new 2019-01-05 14:41:19.812532603 +0100 @@ -1,7 +1,7 @@ # # spec file for package perl-Email-Address # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,18 +12,18 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: perl-Email-Address -Version: 1.909 +Version: 1.912 Release: 0 %define cpan_name Email-Address -Summary: (DEPRECATED) RFC 2822 Address Parsing and Creation +Summary: RFC 2822 Address Parsing and Creation License: Artistic-1.0 OR GPL-1.0-or-later Group: Development/Libraries/Perl -Url: http://search.cpan.org/dist/Email-Address/ +Url: https://metacpan.org/release/%{cpan_name} Source0: https://cpan.metacpan.org/authors/id/R/RJ/RJBS/%{cpan_name}-%{version}.tar.gz Source1: cpanspec.yml BuildArch: noarch @@ -34,27 +34,32 @@ %{perl_requires} %description -*ACHTUNG!* This module has a vulnerability (at -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686) which allows -remote attackers to cause denial of service. In other words, sometimes it -takes way too long to process certain kinds of input. Maybe someday this -will be fixed. Until then, use *Email::Address::XS* instead which has -backward compatible API. - This class implements a regex-based RFC 2822 parser that locates email addresses in strings and returns a list of 'Email::Address' objects found. Alternatively you may construct objects manually. The goal of this software is to be correct, and very very fast. +Version 1.909 and earlier of this module had vulnerabilies (at +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686) and (at +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12558) which +allowed specially constructed email to cause a denial of service. The +reported vulnerabilities and some other pathalogical cases (meaning they +really shouldn't occur in normal email) have been addressed in version +1.910 and newer. If you're running version 1.909 or older, you should +update! + +Alternatively, you could switch to *Email::Address::XS* which has a +backward compatible API. + %prep %setup -q -n %{cpan_name}-%{version} %build -%{__perl} Makefile.PL INSTALLDIRS=vendor -%{__make} %{?_smp_mflags} +perl Makefile.PL INSTALLDIRS=vendor +make %{?_smp_mflags} %check -%{__make} test +make test %install %perl_make_install ++++++ Email-Address-1.909.tar.gz -> Email-Address-1.912.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/Changes new/Email-Address-1.912/Changes --- old/Email-Address-1.909/Changes 2018-03-05 04:07:16.000000000 +0100 +++ new/Email-Address-1.912/Changes 2018-12-31 19:46:26.000000000 +0100 @@ -1,5 +1,14 @@ Release history for Email-Address +1.912 2018-12-31 13:46:22-05:00 America/New_York + - include the doc updates from 1.911 changelog, oops! + +1.911 2018-12-22 11:30:28-05:00 America/New_York + - just like 1.910, but with doc updates and undeprecation by Jim Brandt + +1.910 2018-12-17 21:27:28-05:00 America/New_York (TRIAL RELEASE) + - update parsing to mitigate pathological cases (thanks, sunnavy!) + 1.909 2018-03-04 22:07:12-05:00 America/New_York - add some docs saying "don't use this, it can be busted" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/MANIFEST new/Email-Address-1.912/MANIFEST --- old/Email-Address-1.909/MANIFEST 2018-03-05 04:07:16.000000000 +0100 +++ new/Email-Address-1.912/MANIFEST 2018-12-31 19:46:26.000000000 +0100 @@ -1,4 +1,4 @@ -# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.011. +# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.012. Changes LICENSE MANIFEST @@ -17,6 +17,8 @@ t/cache-cow.t t/comma-free.t t/format.t +t/order.t +t/pathological.t t/patterns.t t/quote-encoded.t t/quoting.t diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/META.json new/Email-Address-1.912/META.json --- old/Email-Address-1.909/META.json 2018-03-05 04:07:16.000000000 +0100 +++ new/Email-Address-1.912/META.json 2018-12-31 19:46:26.000000000 +0100 @@ -1,11 +1,11 @@ { - "abstract" : "(DEPRECATED) RFC 2822 Address Parsing and Creation", + "abstract" : "RFC 2822 Address Parsing and Creation", "author" : [ "Casey West", "Ricardo SIGNES <r...@cpan.org>" ], "dynamic_config" : 0, - "generated_by" : "Dist::Zilla version 6.011, CPAN::Meta::Converter version 2.150010", + "generated_by" : "Dist::Zilla version 6.012, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], @@ -43,7 +43,8 @@ "Encode::MIME::Header" : "0", "ExtUtils::MakeMaker" : "0", "File::Spec" : "0", - "Test::More" : "0.96" + "Test::More" : "0.96", + "Time::HiRes" : "0" } } }, @@ -59,7 +60,7 @@ "web" : "https://github.com/rjbs/Email-Address"; } }, - "version" : "1.909", + "version" : "1.912", "x_Dist_Zilla" : { "perl" : { "version" : "5.026001" @@ -82,7 +83,7 @@ } }, "name" : "@RJBS/Git::GatherDir", - "version" : "2.043" + "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::CheckPrereqsIndexed", @@ -109,7 +110,7 @@ } }, "name" : "@RJBS/RJBS-Outdated", - "version" : "0.054" + "version" : "0.055" }, { "class" : "Dist::Zilla::Plugin::PromptIfStale", @@ -124,62 +125,62 @@ } }, "name" : "@RJBS/CPAN-Outdated", - "version" : "0.054" + "version" : "0.055" }, { "class" : "Dist::Zilla::Plugin::PruneCruft", "name" : "@RJBS/@Filter/PruneCruft", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::ManifestSkip", "name" : "@RJBS/@Filter/ManifestSkip", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::MetaYAML", "name" : "@RJBS/@Filter/MetaYAML", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::License", "name" : "@RJBS/@Filter/License", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Readme", "name" : "@RJBS/@Filter/Readme", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::ExecDir", "name" : "@RJBS/@Filter/ExecDir", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::ShareDir", "name" : "@RJBS/@Filter/ShareDir", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Manifest", "name" : "@RJBS/@Filter/Manifest", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::TestRelease", "name" : "@RJBS/@Filter/TestRelease", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::ConfirmRelease", "name" : "@RJBS/@Filter/ConfirmRelease", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::UploadToCPAN", "name" : "@RJBS/@Filter/UploadToCPAN", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::MakeMaker", @@ -189,12 +190,12 @@ } }, "name" : "@RJBS/MakeMaker", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::AutoPrereqs", "name" : "@RJBS/AutoPrereqs", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Git::NextVersion", @@ -205,32 +206,32 @@ "version_regexp" : "(?^:^([0-9]+\\.[0-9]+)$)" }, "Dist::Zilla::Role::Git::Repo" : { - "git_version" : "2.15.1", + "git_version" : "2.18.0", "repo_root" : "." } }, "name" : "@RJBS/Git::NextVersion", - "version" : "2.043" + "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::PkgVersion", "name" : "@RJBS/PkgVersion", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::MetaConfig", "name" : "@RJBS/MetaConfig", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::MetaJSON", "name" : "@RJBS/MetaJSON", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::NextRelease", "name" : "@RJBS/NextRelease", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Test::ChangesHasContent", @@ -240,7 +241,7 @@ { "class" : "Dist::Zilla::Plugin::PodSyntaxTests", "name" : "@RJBS/PodSyntaxTests", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::Test::ReportPrereqs", @@ -256,7 +257,7 @@ } }, "name" : "@RJBS/TestMoreWithSubtests", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::PodWeaver", @@ -369,12 +370,12 @@ } }, "name" : "@RJBS/PodWeaver", - "version" : "4.008" + "version" : "4.009" }, { "class" : "Dist::Zilla::Plugin::GithubMeta", "name" : "@RJBS/GithubMeta", - "version" : "0.54" + "version" : "0.58" }, { "class" : "Dist::Zilla::Plugin::Git::Check", @@ -391,12 +392,12 @@ "changelog" : "Changes" }, "Dist::Zilla::Role::Git::Repo" : { - "git_version" : "2.15.1", + "git_version" : "2.18.0", "repo_root" : "." } }, "name" : "@RJBS/@Git/Check", - "version" : "2.043" + "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::Git::Commit", @@ -414,7 +415,7 @@ "changelog" : "Changes" }, "Dist::Zilla::Role::Git::Repo" : { - "git_version" : "2.15.1", + "git_version" : "2.18.0", "repo_root" : "." }, "Dist::Zilla::Role::Git::StringFormatter" : { @@ -422,7 +423,7 @@ } }, "name" : "@RJBS/@Git/Commit", - "version" : "2.043" + "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::Git::Tag", @@ -431,12 +432,12 @@ "branch" : null, "changelog" : "Changes", "signed" : 0, - "tag" : "1.909", + "tag" : "1.912", "tag_format" : "%v", "tag_message" : "v%v" }, "Dist::Zilla::Role::Git::Repo" : { - "git_version" : "2.15.1", + "git_version" : "2.18.0", "repo_root" : "." }, "Dist::Zilla::Role::Git::StringFormatter" : { @@ -444,7 +445,7 @@ } }, "name" : "@RJBS/@Git/Tag", - "version" : "2.043" + "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::Git::Push", @@ -457,18 +458,18 @@ "remotes_must_exist" : 0 }, "Dist::Zilla::Role::Git::Repo" : { - "git_version" : "2.15.1", + "git_version" : "2.18.0", "repo_root" : "." } }, "name" : "@RJBS/@Git/Push", - "version" : "2.043" + "version" : "2.045" }, { "class" : "Dist::Zilla::Plugin::Git::Contributors", "config" : { "Dist::Zilla::Plugin::Git::Contributors" : { - "git_version" : "2.15.1", + "git_version" : "2.18.0", "include_authors" : 0, "include_releaser" : 1, "order_by" : "name", @@ -476,57 +477,57 @@ } }, "name" : "@RJBS/Git::Contributors", - "version" : "0.032" + "version" : "0.034" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":InstallModules", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":IncModules", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":TestFiles", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":ExtraTestFiles", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":ExecFiles", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":PerlExecFiles", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":ShareFiles", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":MainModule", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":AllFiles", - "version" : "6.011" + "version" : "6.012" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":NoFiles", - "version" : "6.011" + "version" : "6.012" } ], "zilla" : { @@ -534,7 +535,7 @@ "config" : { "is_trial" : 0 }, - "version" : "6.011" + "version" : "6.012" } }, "x_contributors" : [ @@ -542,11 +543,14 @@ "David Golden <dagol...@cpan.org>", "David Steinbrunner <dsteinbrun...@pobox.com>", "Glenn Fowler <cebj...@cpan.org>", + "Jim Brandt <jbra...@bestpractical.com>", "Kevin Falcone <ke...@jibsheet.com>", "Pali <p...@cpan.org>", "Ruslan Zakirov <r...@bestpractical.com>", + "sunnavy <sunn...@bestpractical.com>", "William Yardley <p...@veggiechinese.net>" ], - "x_serialization_backend" : "Cpanel::JSON::XS version 3.0239" + "x_generated_by_perl" : "v5.26.1", + "x_serialization_backend" : "Cpanel::JSON::XS version 4.04" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/META.yml new/Email-Address-1.912/META.yml --- old/Email-Address-1.909/META.yml 2018-03-05 04:07:16.000000000 +0100 +++ new/Email-Address-1.912/META.yml 2018-12-31 19:46:26.000000000 +0100 @@ -1,5 +1,5 @@ --- -abstract: '(DEPRECATED) RFC 2822 Address Parsing and Creation' +abstract: 'RFC 2822 Address Parsing and Creation' author: - 'Casey West' - 'Ricardo SIGNES <r...@cpan.org>' @@ -9,10 +9,11 @@ ExtUtils::MakeMaker: '0' File::Spec: '0' Test::More: '0.96' + Time::HiRes: '0' configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 0 -generated_by: 'Dist::Zilla version 6.011, CPAN::Meta::Converter version 2.150010' +generated_by: 'Dist::Zilla version 6.012, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -26,7 +27,7 @@ bugtracker: https://github.com/rjbs/Email-Address/issues homepage: https://github.com/rjbs/Email-Address repository: https://github.com/rjbs/Email-Address.git -version: '1.909' +version: '1.912' x_Dist_Zilla: perl: version: '5.026001' @@ -45,7 +46,7 @@ Dist::Zilla::Plugin::Git::GatherDir: include_untracked: 0 name: '@RJBS/Git::GatherDir' - version: '2.043' + version: '2.045' - class: Dist::Zilla::Plugin::CheckPrereqsIndexed name: '@RJBS/CheckPrereqsIndexed' @@ -66,7 +67,7 @@ run_under_travis: 0 skip: [] name: '@RJBS/RJBS-Outdated' - version: '0.054' + version: '0.055' - class: Dist::Zilla::Plugin::PromptIfStale config: @@ -78,62 +79,62 @@ run_under_travis: 0 skip: [] name: '@RJBS/CPAN-Outdated' - version: '0.054' + version: '0.055' - class: Dist::Zilla::Plugin::PruneCruft name: '@RJBS/@Filter/PruneCruft' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::ManifestSkip name: '@RJBS/@Filter/ManifestSkip' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::MetaYAML name: '@RJBS/@Filter/MetaYAML' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::License name: '@RJBS/@Filter/License' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::Readme name: '@RJBS/@Filter/Readme' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::ExecDir name: '@RJBS/@Filter/ExecDir' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::ShareDir name: '@RJBS/@Filter/ShareDir' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::Manifest name: '@RJBS/@Filter/Manifest' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::TestRelease name: '@RJBS/@Filter/TestRelease' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::ConfirmRelease name: '@RJBS/@Filter/ConfirmRelease' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::UploadToCPAN name: '@RJBS/@Filter/UploadToCPAN' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::MakeMaker config: Dist::Zilla::Role::TestRunner: default_jobs: 9 name: '@RJBS/MakeMaker' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::AutoPrereqs name: '@RJBS/AutoPrereqs' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::Git::NextVersion config: @@ -142,26 +143,26 @@ version_by_branch: 1 version_regexp: (?^:^([0-9]+\.[0-9]+)$) Dist::Zilla::Role::Git::Repo: - git_version: 2.15.1 + git_version: 2.18.0 repo_root: . name: '@RJBS/Git::NextVersion' - version: '2.043' + version: '2.045' - class: Dist::Zilla::Plugin::PkgVersion name: '@RJBS/PkgVersion' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::MetaConfig name: '@RJBS/MetaConfig' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::MetaJSON name: '@RJBS/MetaJSON' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::NextRelease name: '@RJBS/NextRelease' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::Test::ChangesHasContent name: '@RJBS/Test::ChangesHasContent' @@ -169,7 +170,7 @@ - class: Dist::Zilla::Plugin::PodSyntaxTests name: '@RJBS/PodSyntaxTests' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::Test::ReportPrereqs name: '@RJBS/Test::ReportPrereqs' @@ -181,7 +182,7 @@ phase: test type: requires name: '@RJBS/TestMoreWithSubtests' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::PodWeaver config: @@ -269,11 +270,11 @@ name: '@RJBS/List' version: '4.015' name: '@RJBS/PodWeaver' - version: '4.008' + version: '4.009' - class: Dist::Zilla::Plugin::GithubMeta name: '@RJBS/GithubMeta' - version: '0.54' + version: '0.58' - class: Dist::Zilla::Plugin::Git::Check config: @@ -286,10 +287,10 @@ allow_dirty_match: [] changelog: Changes Dist::Zilla::Role::Git::Repo: - git_version: 2.15.1 + git_version: 2.18.0 repo_root: . name: '@RJBS/@Git/Check' - version: '2.043' + version: '2.045' - class: Dist::Zilla::Plugin::Git::Commit config: @@ -303,12 +304,12 @@ allow_dirty_match: [] changelog: Changes Dist::Zilla::Role::Git::Repo: - git_version: 2.15.1 + git_version: 2.18.0 repo_root: . Dist::Zilla::Role::Git::StringFormatter: time_zone: local name: '@RJBS/@Git/Commit' - version: '2.043' + version: '2.045' - class: Dist::Zilla::Plugin::Git::Tag config: @@ -316,16 +317,16 @@ branch: ~ changelog: Changes signed: 0 - tag: '1.909' + tag: '1.912' tag_format: '%v' tag_message: v%v Dist::Zilla::Role::Git::Repo: - git_version: 2.15.1 + git_version: 2.18.0 repo_root: . Dist::Zilla::Role::Git::StringFormatter: time_zone: local name: '@RJBS/@Git/Tag' - version: '2.043' + version: '2.045' - class: Dist::Zilla::Plugin::Git::Push config: @@ -335,73 +336,76 @@ - 'github :' remotes_must_exist: 0 Dist::Zilla::Role::Git::Repo: - git_version: 2.15.1 + git_version: 2.18.0 repo_root: . name: '@RJBS/@Git/Push' - version: '2.043' + version: '2.045' - class: Dist::Zilla::Plugin::Git::Contributors config: Dist::Zilla::Plugin::Git::Contributors: - git_version: 2.15.1 + git_version: 2.18.0 include_authors: 0 include_releaser: 1 order_by: name paths: [] name: '@RJBS/Git::Contributors' - version: '0.032' + version: '0.034' - class: Dist::Zilla::Plugin::FinderCode name: ':InstallModules' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':IncModules' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':TestFiles' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':ExtraTestFiles' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':ExecFiles' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':PerlExecFiles' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':ShareFiles' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':MainModule' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':AllFiles' - version: '6.011' + version: '6.012' - class: Dist::Zilla::Plugin::FinderCode name: ':NoFiles' - version: '6.011' + version: '6.012' zilla: class: Dist::Zilla::Dist::Builder config: is_trial: '0' - version: '6.011' + version: '6.012' x_contributors: - 'Alex Vandiver <a...@chmrr.net>' - 'David Golden <dagol...@cpan.org>' - 'David Steinbrunner <dsteinbrun...@pobox.com>' - 'Glenn Fowler <cebj...@cpan.org>' + - 'Jim Brandt <jbra...@bestpractical.com>' - 'Kevin Falcone <ke...@jibsheet.com>' - 'Pali <p...@cpan.org>' - 'Ruslan Zakirov <r...@bestpractical.com>' + - 'sunnavy <sunn...@bestpractical.com>' - 'William Yardley <p...@veggiechinese.net>' -x_serialization_backend: 'YAML::Tiny version 1.70' +x_generated_by_perl: v5.26.1 +x_serialization_backend: 'YAML::Tiny version 1.73' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/Makefile.PL new/Email-Address-1.912/Makefile.PL --- old/Email-Address-1.909/Makefile.PL 2018-03-05 04:07:16.000000000 +0100 +++ new/Email-Address-1.912/Makefile.PL 2018-12-31 19:46:26.000000000 +0100 @@ -1,4 +1,4 @@ -# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.011. +# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.012. use strict; use warnings; @@ -7,7 +7,7 @@ use ExtUtils::MakeMaker; my %WriteMakefileArgs = ( - "ABSTRACT" => "(DEPRECATED) RFC 2822 Address Parsing and Creation", + "ABSTRACT" => "RFC 2822 Address Parsing and Creation", "AUTHOR" => "Casey West, Ricardo SIGNES <rjbs\@cpan.org>", "CONFIGURE_REQUIRES" => { "ExtUtils::MakeMaker" => 0 @@ -25,9 +25,10 @@ "Encode::MIME::Header" => 0, "ExtUtils::MakeMaker" => 0, "File::Spec" => 0, - "Test::More" => "0.96" + "Test::More" => "0.96", + "Time::HiRes" => 0 }, - "VERSION" => "1.909", + "VERSION" => "1.912", "test" => { "TESTS" => "t/*.t" } @@ -40,6 +41,7 @@ "ExtUtils::MakeMaker" => 0, "File::Spec" => 0, "Test::More" => "0.96", + "Time::HiRes" => 0, "overload" => 0, "strict" => 0, "warnings" => 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/README new/Email-Address-1.912/README --- old/Email-Address-1.909/README 2018-03-05 04:07:16.000000000 +0100 +++ new/Email-Address-1.912/README 2018-12-31 19:46:26.000000000 +0100 @@ -1,7 +1,7 @@ This archive contains the distribution Email-Address, -version 1.909: +version 1.912: - (DEPRECATED) RFC 2822 Address Parsing and Creation + RFC 2822 Address Parsing and Creation This software is copyright (c) 2004 by Casey West. @@ -9,4 +9,4 @@ the same terms as the Perl 5 programming language system itself. -This README file was generated by Dist::Zilla::Plugin::Readme v6.011. +This README file was generated by Dist::Zilla::Plugin::Readme v6.012. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/lib/Email/Address.pm new/Email-Address-1.912/lib/Email/Address.pm --- old/Email-Address-1.909/lib/Email/Address.pm 2018-03-05 04:07:16.000000000 +0100 +++ new/Email-Address-1.912/lib/Email/Address.pm 2018-12-31 19:46:26.000000000 +0100 @@ -1,8 +1,8 @@ use strict; use warnings; package Email::Address; -# ABSTRACT: (DEPRECATED) RFC 2822 Address Parsing and Creation -$Email::Address::VERSION = '1.909'; +# ABSTRACT: RFC 2822 Address Parsing and Creation +$Email::Address::VERSION = '1.912'; our $COMMENT_NEST_LEVEL ||= 1; our $STRINGIFY ||= 'format'; our $COLLAPSE_SPACES = 1 unless defined $COLLAPSE_SPACES; # I miss //= @@ -18,19 +18,22 @@ #pod #pod =head1 DESCRIPTION #pod -#pod B<ACHTUNG!> This module has a vulnerability -#pod (L<CVE-2015-7686|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686>) -#pod which allows remote attackers to cause denial of service. In other words, -#pod sometimes it takes way too long to process certain kinds of input. Maybe -#pod someday this will be fixed. Until then, use -#pod L<B<Email::Address::XS>|Email::Address::XS> instead which has backward -#pod compatible API. -#pod #pod This class implements a regex-based RFC 2822 parser that locates email #pod addresses in strings and returns a list of C<Email::Address> objects found. #pod Alternatively you may construct objects manually. The goal of this software is #pod to be correct, and very very fast. #pod +#pod Version 1.909 and earlier of this module had vulnerabilies +#pod (L<CVE-2015-7686|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686>) +#pod and (L<CVE-2015-12558|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12558>) +#pod which allowed specially constructed email to cause a denial of service. The +#pod reported vulnerabilities and some other pathalogical cases (meaning they really +#pod shouldn't occur in normal email) have been addressed in version 1.910 and newer. +#pod If you're running version 1.909 or older, you should update! +#pod +#pod Alternatively, you could switch to L<B<Email::Address::XS>|Email::Address::XS> +#pod which has a backward compatible API. +#pod #pod =cut my $CTL = q{\x00-\x1F\x7F}; @@ -44,18 +47,18 @@ my ($ccontent, $comment) = (q{})x2; for (1 .. $COMMENT_NEST_LEVEL) { $ccontent = qr/$ctext|$quoted_pair|$comment/; - $comment = qr/\s*\((?:\s*$ccontent)*\s*\)\s*/; + $comment = qr/(?>\s*\((?:\s*$ccontent)*\s*\)\s*)/; } -my $cfws = qr/$comment|\s+/; +my $cfws = qr/$comment|(?>\s+)/; my $atext = qq/[^$CTL$special\\s]/; -my $atom = qr/$cfws*$atext+$cfws*/; -my $dot_atom_text = qr/$atext+(?:\.$atext+)*/; -my $dot_atom = qr/$cfws*$dot_atom_text$cfws*/; +my $atom = qr/(?>$cfws*$atext+$cfws*)/; +my $dot_atom_text = qr/(?>$atext+(?:\.$atext+)*)/; +my $dot_atom = qr/(?>$cfws*$dot_atom_text$cfws*)/; my $qtext = qr/[^\\"]/; my $qcontent = qr/$qtext|$quoted_pair/; -my $quoted_string = qr/$cfws*"$qcontent*"$cfws*/; +my $quoted_string = qr/(?>$cfws*"$qcontent*"$cfws*)/; my $word = qr/$atom|$quoted_string/; @@ -71,15 +74,15 @@ # So we disallow the hateful CFWS in this context for now. Of modern mail # agents, only Apple Web Mail 2.0 is known to produce obs-phrase. # -- rjbs, 2006-11-19 -my $simple_word = qr/$atom|\.|\s*"$qcontent+"\s*/; -my $obs_phrase = qr/$simple_word+/; +my $simple_word = qr/(?>$atom|\.|\s*"$qcontent+"\s*)/; +my $obs_phrase = qr/(?>$simple_word+)/; -my $phrase = qr/$obs_phrase|(?:$word+)/; +my $phrase = qr/$obs_phrase|(?>$word+)/; my $local_part = qr/$dot_atom|$quoted_string/; my $dtext = qr/[^\[\]\\]/; my $dcontent = qr/$dtext|$quoted_pair/; -my $domain_literal = qr/$cfws*\[(?:\s*$dcontent)*\s*\]$cfws*/; +my $domain_literal = qr/(?>$cfws*\[(?:\s*$dcontent)*\s*\]$cfws*)/; my $domain = qr/$dot_atom|$domain_literal/; my $display_name = $phrase; @@ -132,9 +135,9 @@ #pod =cut our $addr_spec = qr/$local_part\@$domain/; -our $angle_addr = qr/$cfws*<$addr_spec>$cfws*/; +our $angle_addr = qr/(?>$cfws*<$addr_spec>$cfws*)/; our $name_addr = qr/(?>$display_name?)$angle_addr/; -our $mailbox = qr/(?:$name_addr|$addr_spec)$comment*/; +our $mailbox = qr/(?:$name_addr|$addr_spec)(?>$comment*)/; sub _PHRASE () { 0 } sub _ADDRESS () { 1 } @@ -161,12 +164,6 @@ #pod q[me@local, Casey <me@local>, "Casey" <me@local> (West)] #pod ); #pod -#pod B<ACHTUNG!> This is where that vulnerability mentioned above lies. Do not use -#pod this method with untrusted user input. -#pod -#pod Use method L<parse from the Email::Address::XS module|Email::Address::XS/parse> -#pod instead. -#pod #pod This method returns a list of C<Email::Address> objects it finds in the input #pod string. B<Please note> that it returns a list, and expects that it may find #pod multiple addresses. The behavior in scalar context is undefined. @@ -222,7 +219,13 @@ return @cached; } - my (@mailboxes) = ($line =~ /$mailbox/go); + my %mailboxes; + my $str = $line; + $str =~ s!($name_addr(?>$comment*))!$mailboxes{pos($str)} = $1; ',' x length $1!ego + if $str =~ /$angle_addr/; + $str =~ s!($addr_spec(?>$comment*))!$mailboxes{pos($str)} = $1; ',' x length $1!ego; + my @mailboxes = map { $mailboxes{$_} } sort { $a <=> $b } keys %mailboxes; + my @addrs; foreach (@mailboxes) { my $original = $_; @@ -546,11 +549,11 @@ =head1 NAME -Email::Address - (DEPRECATED) RFC 2822 Address Parsing and Creation +Email::Address - RFC 2822 Address Parsing and Creation =head1 VERSION -version 1.909 +version 1.912 =head1 SYNOPSIS @@ -563,19 +566,22 @@ =head1 DESCRIPTION -B<ACHTUNG!> This module has a vulnerability -(L<CVE-2015-7686|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686>) -which allows remote attackers to cause denial of service. In other words, -sometimes it takes way too long to process certain kinds of input. Maybe -someday this will be fixed. Until then, use -L<B<Email::Address::XS>|Email::Address::XS> instead which has backward -compatible API. - This class implements a regex-based RFC 2822 parser that locates email addresses in strings and returns a list of C<Email::Address> objects found. Alternatively you may construct objects manually. The goal of this software is to be correct, and very very fast. +Version 1.909 and earlier of this module had vulnerabilies +(L<CVE-2015-7686|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686>) +and (L<CVE-2015-12558|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12558>) +which allowed specially constructed email to cause a denial of service. The +reported vulnerabilities and some other pathalogical cases (meaning they really +shouldn't occur in normal email) have been addressed in version 1.910 and newer. +If you're running version 1.909 or older, you should update! + +Alternatively, you could switch to L<B<Email::Address::XS>|Email::Address::XS> +which has a backward compatible API. + =head2 Package Variables B<ACHTUNG!> Email isn't easy (if even possible) to parse with a regex, I<at @@ -631,12 +637,6 @@ q[me@local, Casey <me@local>, "Casey" <me@local> (West)] ); -B<ACHTUNG!> This is where that vulnerability mentioned above lies. Do not use -this method with untrusted user input. - -Use method L<parse from the Email::Address::XS module|Email::Address::XS/parse> -instead. - This method returns a list of C<Email::Address> objects it finds in the input string. B<Please note> that it returns a list, and expects that it may find multiple addresses. The behavior in scalar context is undefined. @@ -831,7 +831,7 @@ =head1 CONTRIBUTORS -=for stopwords Alex Vandiver David Golden Steinbrunner Glenn Fowler Kevin Falcone Pali Ruslan Zakirov William Yardley +=for stopwords Alex Vandiver David Golden Steinbrunner Glenn Fowler Jim Brandt Kevin Falcone Pali Ruslan Zakirov sunnavy William Yardley =over 4 @@ -853,6 +853,10 @@ =item * +Jim Brandt <jbra...@bestpractical.com> + +=item * + Kevin Falcone <ke...@jibsheet.com> =item * @@ -865,6 +869,10 @@ =item * +sunnavy <sunn...@bestpractical.com> + +=item * + William Yardley <p...@veggiechinese.net> =back diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/t/00-report-prereqs.dd new/Email-Address-1.912/t/00-report-prereqs.dd --- old/Email-Address-1.909/t/00-report-prereqs.dd 2018-03-05 04:07:16.000000000 +0100 +++ new/Email-Address-1.912/t/00-report-prereqs.dd 2018-12-31 19:46:26.000000000 +0100 @@ -27,7 +27,8 @@ 'Encode::MIME::Header' => '0', 'ExtUtils::MakeMaker' => '0', 'File::Spec' => '0', - 'Test::More' => '0.96' + 'Test::More' => '0.96', + 'Time::HiRes' => '0' } } }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/t/order.t new/Email-Address-1.912/t/order.t --- old/Email-Address-1.909/t/order.t 1970-01-01 01:00:00.000000000 +0100 +++ new/Email-Address-1.912/t/order.t 2018-12-31 19:46:26.000000000 +0100 @@ -0,0 +1,13 @@ +use strict; +use warnings; + +use Test::More; +use Email::Address; + +my @emails = ( q{"foo" <f...@example.com>}, q{b...@example.com}, q{"baz" <b...@example.com>}, q{b...@example.com} ); +my @addr = Email::Address->parse( join ', ', @emails ); + +is( scalar @addr, scalar @emails, "correct number of emails" ); +is_deeply( \@addr, \@emails, 'correct order of emails' ); + +done_testing; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/t/pathological.t new/Email-Address-1.912/t/pathological.t --- old/Email-Address-1.909/t/pathological.t 1970-01-01 01:00:00.000000000 +0100 +++ new/Email-Address-1.912/t/pathological.t 2018-12-31 19:46:26.000000000 +0100 @@ -0,0 +1,20 @@ +use strict; +use warnings; +use Test::More; +use Email::Address; +use Time::HiRes 'time'; + +my %cases = ( + 'CVE-2015-7686' => + q{\(¯¯`·.¥«P®ÎÑç€ØfTh€ÐÅ®K»¥.·`¯¯\) <em...@example.com>, "(> \" \" <) ( ='o'= ) (\")___(\") sWeEtAnGeLtHePrInCeSsOfThEsKy" <ema...@example.com>, "(i)cRiStIaN(i)" <ema...@example.com>, "(S)MaNu_vuOLeAmMazZaReNimOe(*)MiAo(@)" <ema...@example.com>}, + 'CVE-2018-12558' => "\f" x 30, +); + +for my $name ( sort keys %cases ) { + my $start = Time::HiRes::time(); + Email::Address->parse( $cases{$name} ); + my $time = Time::HiRes::time() - $start; + ok( $time < 0.5, "Parsing '$name' takes less than 0.5 second($time)" ); +} + +done_testing(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Email-Address-1.909/xt/release/changes_has_content.t new/Email-Address-1.912/xt/release/changes_has_content.t --- old/Email-Address-1.909/xt/release/changes_has_content.t 2018-03-05 04:07:16.000000000 +0100 +++ new/Email-Address-1.912/xt/release/changes_has_content.t 2018-12-31 19:46:26.000000000 +0100 @@ -2,7 +2,7 @@ note 'Checking Changes'; my $changes_file = 'Changes'; -my $newver = '1.909'; +my $newver = '1.912'; my $trial_token = '-TRIAL'; my $encoding = 'UTF-8';
