[perl-YAML-LibYAML] Update to 0.54

Paul Howarth pghmcfc at fedoraproject.org
Sun Nov 30 18:11:50 UTC 2014 

commit b6c7bcd3567bd2009685b91ae20ab6f081353a5c
Author: Paul Howarth <paul at city-fan.org>
Date:   Sun Nov 30 18:09:28 2014 +0000

    Update to 0.54
    
    - New upstream release 0.54
      - Fix for an edge case in scanner that results in an assert() failing
        (https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure)
    - Drop upstreamed patches for CVE-2013-6393 and CVE-2014-2525

 YAML-LibYAML-0.41-CVE-2013-6393.patch |  177 ---------------------------------
 YAML-LibYAML-0.41-CVE-2014-2525.patch |   38 -------
 perl-YAML-LibYAML.spec                |   24 ++---
 sources                               |    2 +-
 4 files changed, 12 insertions(+), 229 deletions(-)
---
diff --git a/perl-YAML-LibYAML.spec b/perl-YAML-LibYAML.spec
index 651dbc8..8ea3994 100644
--- a/perl-YAML-LibYAML.spec
+++ b/perl-YAML-LibYAML.spec
@@ -1,14 +1,12 @@
 Name:           perl-YAML-LibYAML
-Version:        0.52
-Release:        3%{?dist}
+Version:        0.54
+Release:        1%{?dist}
 Summary:        Perl YAML Serialization using XS and libyaml
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/YAML-LibYAML/
 Source0:        http://search.cpan.org/CPAN/authors/id/I/IN/INGY/YAML-LibYAML-%{version}.tar.gz
 Patch0:         YAML-LibYAML-0.51-format-error.patch
-Patch1:         YAML-LibYAML-0.41-CVE-2014-2525.patch
-Patch2:         YAML-LibYAML-0.41-CVE-2013-6393.patch
 
 # Install
 BuildRequires:  perl
@@ -57,12 +55,6 @@ bound to Python and was later bound to Ruby.
 # Fix format string vulnerabilities (CVE-2012-1152, CPAN RT#46507)
 %patch0
 
-# Fix LibYAML input sanitization errors (CVE-2014-2525)
-%patch1
-
-# Fix heap-based buffer overflow when parsing YAML tags (CVE-2013-6393)
-%patch2
-
 %build
 perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}"
 make %{?_smp_mflags}
@@ -81,11 +73,17 @@ make test
 %doc Changes CONTRIBUTING README
 %{perl_vendorarch}/auto/YAML/
 %{perl_vendorarch}/YAML/
-%{_mandir}/man3/YAML::LibYAML.3pm*
-%{_mandir}/man3/YAML::XS.3pm*
-%{_mandir}/man3/YAML::XS::LibYAML.3pm*
+%{_mandir}/man3/YAML::LibYAML.3*
+%{_mandir}/man3/YAML::XS.3*
+%{_mandir}/man3/YAML::XS::LibYAML.3*
 
 %changelog
+* Sun Nov 30 2014 Paul Howarth <paul at city-fan.org> - 0.54-1
+- Update to 0.54
+  - Fix for an edge case in scanner that results in an assert() failing
+    (https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure)
+- Drop upstreamed patches for CVE-2013-6393 and CVE-2014-2525
+
 * Tue Nov 18 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.52-3
 - Update BRs (bz#1165198)
 
diff --git a/sources b/sources
index 2343d2b..08a917a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3f7fe918153c84e6947e0be5d838e9b1  YAML-LibYAML-0.52.tar.gz
+528f43de6174fecb471b69293c5eb8c3  YAML-LibYAML-0.54.tar.gz

More information about the scm-commits mailing list