Request 185844: Submit perl-Module-Signature - openSUSE Build Service

This request supersedes: request 181934 (Show diff)

Overview

Request 185844 accepted

- fix souce url

- update to 0.73
* fix for bnc#828010 (CVE-2013-2145)
https://bugzilla.novell.com/process_bug.cgi
https://bugzilla.redhat.com/show_bug.cgi?id=971096
* Properly redo the previous fix using File::Spec->file_name_is_absolute.
- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]
* Only allow loading Digest::* from absolute paths in @INC,
by ensuring they begin with \ or / characters.
Contributed by: Florian Weimer (CVE-2013-2145)
- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]
* Constrain the user-specified digest name to /^\w+\d+$/.
* Avoid loading Digest::* from relative paths in @INC.
Contributed by: Florian Weimer (CVE-2013-2145)
- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
* Don't check gpg version if gpg does not exist.
This avoids unnecessary warnings during installation
when gpg executable is not installed.
Contributed by: Kenichi Ishigaki
- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]
* Support for gpg under these alternate names:
gpg gpg2 gnupg gnupg2
Contributed by: Michael Schwern

Created by coolo almost 11 years ago
In state accepted
Supersedes 181934

Submit perl-Module-Signature

Comments for request 185844 0

Login required, please login in order to comment

Request History

coolo created request almost 11 years ago

- fix souce url

- update to 0.73
* fix for bnc#828010 (CVE-2013-2145)
https://bugzilla.novell.com/process_bug.cgi
https://bugzilla.redhat.com/show_bug.cgi?id=971096
* Properly redo the previous fix using File::Spec->file_name_is_absolute.
- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]
* Only allow loading Digest::* from absolute paths in @INC,
by ensuring they begin with \ or / characters.
Contributed by: Florian Weimer (CVE-2013-2145)
- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]
* Constrain the user-specified digest name to /^\w+\d+$/.
* Avoid loading Digest::* from relative paths in @INC.
Contributed by: Florian Weimer (CVE-2013-2145)
- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
* Don't check gpg version if gpg does not exist.
This avoids unnecessary warnings during installation
when gpg executable is not installed.
Contributed by: Kenichi Ishigaki
- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]
* Support for gpg under these alternate names:
gpg gpg2 gnupg gnupg2
Contributed by: Michael Schwern

factory-auto added a reviewer almost 11 years ago

Please review sources

factory-auto added a reviewer almost 11 years ago

Please review build success

factory-auto accepted review almost 11 years ago

Check script succeeded

licensedigger accepted review almost 11 years ago

{"approve": "preliminary, version number changed"}

factory-repo-checker accepted review almost 11 years ago

Builds for repo openSUSE_Factory

a_jaeger approved review almost 11 years ago

ok

a_jaeger accepted review almost 11 years ago

ok

coolo accepted request almost 11 years ago

checkin

openSUSE Build Service is sponsored by