[perl-Module-Signature] Update to 0.73

Paul Howarth pghmcfc at fedoraproject.org
Fri Jun 7 18:09:36 UTC 2013 

commit 6e82801dba0654c3af0e6f4e0c923f0241cc59a8
Author: Paul Howarth <paul at city-fan.org>
Date:   Fri Jun 7 19:08:44 2013 +0100

    Update to 0.73
    
    - New upstream release 0.73
      - Constrain the user-specified digest name to /^\w+\d+$/
      - Only allow loading Digest::* from absolute paths in @INC (CVE-2013-2145)

 perl-Module-Signature.spec |   11 ++++++++---
 sources                    |    2 +-
 2 files changed, 9 insertions(+), 4 deletions(-)
---
diff --git a/perl-Module-Signature.spec b/perl-Module-Signature.spec
index 1a6df26..5d589af 100644
--- a/perl-Module-Signature.spec
+++ b/perl-Module-Signature.spec
@@ -1,6 +1,6 @@
 Name:           perl-Module-Signature
-Version:        0.70
-Release:        2%{?dist}
+Version:        0.73
+Release:        1%{?dist}
 Summary:        CPAN signature management utilities and modules
 Group:          Development/Libraries
 License:        CC0
@@ -20,12 +20,12 @@ BuildRequires:  perl(Digest::SHA)
 BuildRequires:  perl(Digest::SHA1)
 BuildRequires:  perl(Exporter)
 BuildRequires:  perl(ExtUtils::Manifest)
+BuildRequires:  perl(File::Spec)
 BuildRequires:  perl(IO::Socket::INET)
 BuildRequires:  perl(Text::Diff)
 # Test suite
 BuildRequires:  perl(Data::Dumper)
 BuildRequires:  perl(File::Path)
-BuildRequires:  perl(File::Spec)
 BuildRequires:  perl(Getopt::Long)
 BuildRequires:  perl(IPC::Run)
 BuildRequires:  perl(lib)
@@ -85,6 +85,11 @@ rm -rf %{buildroot}
 %{_mandir}/man3/Module::Signature.3pm*
 
 %changelog
+* Fri Jun  7 2013 Paul Howarth <paul at city-fan.org> - 0.73-1
+- Update to 0.73
+  - Constrain the user-specified digest name to /^\w+\d+$/
+  - Only allow loading Digest::* from absolute paths in @INC (CVE-2013-2145)
+
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.70-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
diff --git a/sources b/sources
index 1eaa3d4..4ff8323 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-c13eabb8c2e6b12fd098710a81185ac6  Module-Signature-0.70.tar.gz
+de27bbca948ba8a13a7f614414cb623d  Module-Signature-0.73.tar.gz

More information about the perl-devel mailing list