Hello community, here is the log from the commit of package perl-YAML for openSUSE:Factory checked in at 2020-01-29 13:11:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-YAML (Old) and /work/SRC/openSUSE:Factory/.perl-YAML.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-YAML" Wed Jan 29 13:11:32 2020 rev:45 rq:768197 version:1.30 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-YAML/perl-YAML.changes 2019-05-17 23:35:32.426160673 +0200 +++ /work/SRC/openSUSE:Factory/.perl-YAML.new.26092/perl-YAML.changes 2020-01-29 13:12:33.317991149 +0100 @@ -1,0 +2,10 @@ +Tue Jan 28 03:14:29 UTC 2020 - <[email protected]> + +- updated to 1.30 + see /usr/share/doc/packages/perl-YAML/Changes + + 1.30 Mon 27 Jan 2020 11:09:46 PM CET + - Breaking Change: Set $YAML::LoadBlessed default to false to make it more + secure + +------------------------------------------------------------------- Old: ---- YAML-1.29.tar.gz New: ---- YAML-1.30.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-YAML.spec ++++++ --- /var/tmp/diff_new_pack.mB6toj/_old 2020-01-29 13:12:34.673991842 +0100 +++ /var/tmp/diff_new_pack.mB6toj/_new 2020-01-29 13:12:34.677991845 +0100 @@ -1,7 +1,7 @@ # # spec file for package perl-YAML # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: perl-YAML -Version: 1.29 +Version: 1.30 Release: 0 %define cpan_name YAML Summary: YAML Ain't Markup Language™ ++++++ YAML-1.29.tar.gz -> YAML-1.30.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/Changes new/YAML-1.30/Changes --- old/YAML-1.29/Changes 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/Changes 2020-01-27 23:10:03.000000000 +0100 @@ -1,3 +1,7 @@ +1.30 Mon 27 Jan 2020 11:09:46 PM CET + - Breaking Change: Set $YAML::LoadBlessed default to false to make it more + secure + 1.29 Sat 11 May 2019 10:26:54 AM CEST - Fix regex for alias to match the one for anchors (PR#214 TINITA) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/LICENSE new/YAML-1.30/LICENSE --- old/YAML-1.29/LICENSE 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/LICENSE 2020-01-27 23:10:03.000000000 +0100 @@ -1,4 +1,4 @@ -This software is copyright (c) 2019 by Ingy döt Net. +This software is copyright (c) 2020 by Ingy döt Net. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. @@ -12,7 +12,7 @@ --- The GNU General Public License, Version 1, February 1989 --- -This software is Copyright (c) 2019 by Ingy döt Net. +This software is Copyright (c) 2020 by Ingy döt Net. This is free software, licensed under: @@ -272,7 +272,7 @@ --- The Artistic License 1.0 --- -This software is Copyright (c) 2019 by Ingy döt Net. +This software is Copyright (c) 2020 by Ingy döt Net. This is free software, licensed under: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/META.json new/YAML-1.30/META.json --- old/YAML-1.29/META.json 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/META.json 2020-01-27 23:10:03.000000000 +0100 @@ -58,7 +58,7 @@ "web" : "https://github.com/ingydotnet/yaml-pm"; } }, - "version" : "1.29", + "version" : "1.30", "x_generated_by_perl" : "v5.24.1", "x_serialization_backend" : "Cpanel::JSON::XS version 4.02" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/META.yml new/YAML-1.30/META.yml --- old/YAML-1.29/META.yml 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/META.yml 2020-01-27 23:10:03.000000000 +0100 @@ -28,6 +28,6 @@ bugtracker: https://github.com/ingydotnet/yaml-pm/issues homepage: https://github.com/ingydotnet/yaml-pm repository: https://github.com/ingydotnet/yaml-pm.git -version: '1.29' +version: '1.30' x_generated_by_perl: v5.24.1 x_serialization_backend: 'YAML::Tiny version 1.73' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/Makefile.PL new/YAML-1.30/Makefile.PL --- old/YAML-1.29/Makefile.PL 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/Makefile.PL 2020-01-27 23:10:03.000000000 +0100 @@ -23,7 +23,7 @@ "Test::More" => "0.88", "Test::YAML" => "1.05" }, - "VERSION" => "1.29", + "VERSION" => "1.30", "test" => { "TESTS" => "t/*.t" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/README new/YAML-1.30/README --- old/YAML-1.29/README 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/README 2020-01-27 23:10:03.000000000 +0100 @@ -4,7 +4,7 @@ VERSION - This document describes YAML version 1.29. + This document describes YAML version 1.30. NOTE @@ -295,7 +295,9 @@ LoadBlessed (since 1.25) - Default is 1 (true). + Default is undef (false) + + The default was changed in version 1.30. When set to true, YAML nodes with special tags will be automatocally blessed into objects: @@ -307,6 +309,12 @@ setting it to 0. This will also disable setting typeglobs when loading them. + You can create any kind of object with YAML. The creation itself is + not the critical part. If the class has a DESTROY method, it will be + called once the object is deleted. An example with File::Temp + removing files can be found at + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862373 + LoaderClass You can override which module/class YAML uses for Loading data. @@ -710,7 +718,7 @@ COPYRIGHT AND LICENSE - Copyright 2001-2019. Ingy döt Net. + Copyright 2001-2020. Ingy döt Net. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/lib/YAML/Any.pm new/YAML-1.30/lib/YAML/Any.pm --- old/YAML-1.29/lib/YAML/Any.pm 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/lib/YAML/Any.pm 2020-01-27 23:10:03.000000000 +0100 @@ -1,6 +1,6 @@ use strict; use warnings; package YAML::Any; -our $VERSION = '1.29'; +our $VERSION = '1.30'; use Exporter (); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/lib/YAML.pm new/YAML-1.30/lib/YAML.pm --- old/YAML-1.29/lib/YAML.pm 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/lib/YAML.pm 2020-01-27 23:10:03.000000000 +0100 @@ -1,5 +1,5 @@ package YAML; -our $VERSION = '1.29'; +our $VERSION = '1.30'; use YAML::Mo; @@ -13,12 +13,10 @@ $UseHeader, $UseVersion, $UseBlock, $UseFold, $UseAliases, $Indent, $SortKeys, $Preserve, $AnchorPrefix, $CompressSeries, $InlineSeries, $Purity, - $Stringify, $Numify, $LoadBlessed, + $Stringify, $Numify, $LoadBlessed, $QuoteNumericStrings, + $DumperClass, $LoaderClass ); -$LoadBlessed = 1; - - use YAML::Node; # XXX This is a temp fix for Module::Build use Scalar::Util qw/ openhandle /; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/lib/YAML.pod new/YAML-1.30/lib/YAML.pod --- old/YAML-1.29/lib/YAML.pod 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/lib/YAML.pod 2020-01-27 23:10:03.000000000 +0100 @@ -12,7 +12,7 @@ =head1 VERSION -This document describes L<YAML> version B<1.29>. +This document describes L<YAML> version B<1.30>. =head1 NOTE @@ -312,7 +312,9 @@ =item LoadBlessed (since 1.25) -Default is 1 (true). +Default is undef (false) + +The default was changed in version 1.30. When set to true, YAML nodes with special tags will be automatocally blessed into objects: @@ -323,6 +325,11 @@ When loading untrusted YAML, you should disable this option by setting it to C<0>. This will also disable setting typeglobs when loading them. +You can create any kind of object with YAML. The creation itself is not the +critical part. If the class has a C<DESTROY> method, it will be called once +the object is deleted. An example with File::Temp removing files can be found +at L<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862373> + =item LoaderClass You can override which module/class YAML uses for Loading data. @@ -720,7 +727,7 @@ =head1 COPYRIGHT AND LICENSE -Copyright 2001-2019. Ingy döt Net. +Copyright 2001-2020. Ingy döt Net. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/t/dump-tests.t new/YAML-1.30/t/dump-tests.t --- old/YAML-1.29/t/dump-tests.t 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/t/dump-tests.t 2020-01-27 23:10:03.000000000 +0100 @@ -1,6 +1,8 @@ use strict; use lib -e 't' ? 't' : 'test'; use TestYAML tests => 57; +local $YAML::LoadBlessed; +$YAML::LoadBlessed = 1; no_diff(); run_roundtrip_nyn('dumper'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/t/load-tests.t new/YAML-1.30/t/load-tests.t --- old/YAML-1.29/t/load-tests.t 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/t/load-tests.t 2020-01-27 23:10:03.000000000 +0100 @@ -2,6 +2,8 @@ use lib -e 't' ? 't' : 'test'; use TestYAML tests => 38; use Test::Deep; +local $YAML::LoadBlessed; +$YAML::LoadBlessed = 1; run { my $block = shift; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/t/no-load-blessed.t new/YAML-1.30/t/no-load-blessed.t --- old/YAML-1.29/t/no-load-blessed.t 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/t/no-load-blessed.t 2020-01-27 23:10:03.000000000 +0100 @@ -1,8 +1,14 @@ use strict; use lib -e 't' ? 't' : 'test'; -use TestYAML tests => 10; +use TestYAML tests => 11; use Test::Deep; use YAML (); + +my $unblessed = YAML::Load(<<"EOM"); +--- !!perl/array:Foo [] +EOM +is(ref $unblessed, 'ARRAY', "No objects by default"); + $YAML::LoadBlessed = 0; run { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/t/pugs-objects.t new/YAML-1.30/t/pugs-objects.t --- old/YAML-1.29/t/pugs-objects.t 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/t/pugs-objects.t 2020-01-27 23:10:03.000000000 +0100 @@ -1,6 +1,8 @@ use strict; use lib -e 't' ? 't' : 'test'; use TestYAML tests => 2; +local $YAML::LoadBlessed; +$YAML::LoadBlessed = 1; { no warnings 'once'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/YAML-1.29/t/regexp.t new/YAML-1.30/t/regexp.t --- old/YAML-1.29/t/regexp.t 2019-05-11 10:27:11.000000000 +0200 +++ new/YAML-1.30/t/regexp.t 2020-01-27 23:10:03.000000000 +0100 @@ -4,6 +4,7 @@ use YAML(); use Encode; no warnings 'once'; +local $YAML::LoadBlessed = 1; my $m_xis = "m-xis"; my $_xism = "-xism";
