[perl-EV] Build-require exact or higher version of libev-source
by Petr Pisar
commit e6469009e0a9755cd571d21a9cc7db5efb0d6748
Author: Petr Písař <ppisar(a)redhat.com>
Date: Thu Dec 1 10:26:33 2011 +0100
Build-require exact or higher version of libev-source
perl-EV.spec | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/perl-EV.spec b/perl-EV.spec
index d76367a..80de2eb 100644
--- a/perl-EV.spec
+++ b/perl-EV.spec
@@ -1,6 +1,6 @@
Name: perl-EV
Version: 4.03
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: Wrapper for the libev high-performance event loop library
Group: Development/Libraries
@@ -15,7 +15,7 @@ Patch0: perl-EV-4.03-Don-t-ask-questions-at-build-time.patch
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(common::sense)
BuildRequires: gdbm-devel
-BuildRequires: libev-source == %{version}
+BuildRequires: libev-source >= %{version}
BuildRequires: perl(AnyEvent) => 2.6
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@@ -84,6 +84,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Thu Dec 01 2011 Petr Pisar <ppisar(a)redhat.com> - 4.03-7
+- Build-require exact or higher version of libev-source (bug #759021)
+
* Mon Jun 20 2011 Marcela Mašláňová <mmaslano(a)redhat.com> - 4.03-6
- Perl mass rebuild
12 years, 5 months
[Bug 753955] CVE-2011-4114 perl-PAR-Packer: insecure temporary directory handling
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=753955
Petr Pisar <ppisar(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ppisar(a)redhat.com
--- Comment #2 from Petr Pisar <ppisar(a)redhat.com> 2011-12-01 09:18:18 EST ---
`PAR' (<http://search.cpan.org/~rschupp/PAR/>, packaged as perl-PAR in Fedora)
author recognized this vulnerability in PAR too (this is related but different
piece of code from PAR::Packer) and fixed it in version 1.003:
[Changes for 1.003 - Nov 28, 2011]
- RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe
and predictable temporary directories
(Note: this bug was originally reported against PAR::Packer, but
it applies to PAR as well)
- create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
- if it already exists, make sure that (and bail out if not)
- it's not a symlink
- it's mode 0700
- it's owned by USER
Fixed perl-PAR version is available in F17 only at this moment.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 5 months
[perl-PAR] 1.004 bump
by Petr Pisar
commit 5bd7df65ed4cabf71b7648379c06df560688ee8a
Author: Petr Písař <ppisar(a)redhat.com>
Date: Thu Dec 1 15:05:11 2011 +0100
1.004 bump
.gitignore | 1 +
perl-PAR.spec | 5 ++++-
sources | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index fff5586..ffebb06 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
PAR-1.000.tar.gz
/PAR-1.002.tar.gz
/PAR-1.003.tar.gz
+/PAR-1.004.tar.gz
diff --git a/perl-PAR.spec b/perl-PAR.spec
index 3a379ea..349e65b 100644
--- a/perl-PAR.spec
+++ b/perl-PAR.spec
@@ -1,5 +1,5 @@
Name: perl-PAR
-Version: 1.003
+Version: 1.004
Release: 1%{?dist}
Summary: Perl Archive Toolkit
License: GPL+ or Artistic
@@ -42,6 +42,9 @@ make test
%{_mandir}/man3/*
%changelog
+* Thu Dec 01 2011 Petr Pisar <ppisar(a)redhat.com> - 1.004-1
+- 1.004 bump
+
* Tue Nov 29 2011 Petr Šabata <contyk(a)redhat.com> - 1.003-1
- 1.003 bump
- Update Source URL
diff --git a/sources b/sources
index 151cf43..34a6eba 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-bfdb92cd2c1b507e5704859469ce9a4e PAR-1.003.tar.gz
+6174ba38b5cc80bc47c8961bffe22347 PAR-1.004.tar.gz
12 years, 5 months
[perl-POE/f16] Fix alarm handling
by Petr Pisar
commit 1f7581a36e17ae7c867512474c638e8b81e8096e
Author: Petr Písař <ppisar(a)redhat.com>
Date: Thu Dec 1 14:12:52 2011 +0100
Fix alarm handling
...89-Fix-double-event-arguments-dereference.patch | 29 ++++++++++++++++++
...ose-chars-work-when-cursor-is-at-end-of-l.patch | 32 ++++++++++++++++++++
perl-POE.spec | 11 ++++++-
3 files changed, 71 insertions(+), 1 deletions(-)
---
diff --git a/perl-POE-1.289-Fix-double-event-arguments-dereference.patch b/perl-POE-1.289-Fix-double-event-arguments-dereference.patch
new file mode 100644
index 0000000..25487c7
--- /dev/null
+++ b/perl-POE-1.289-Fix-double-event-arguments-dereference.patch
@@ -0,0 +1,29 @@
+From 0a286398b5ef3f14454cc605f71d5be28e07481e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar(a)redhat.com>
+Date: Thu, 1 Dec 2011 13:35:37 +0100
+Subject: [PATCH] Fix double event arguments dereference
+
+From upstream commit 41f3b9eca45a2314a6f43723e5e9f71731ef7b3e to fix
+alarm handling.
+---
+ lib/POE/Kernel.pm | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/POE/Kernel.pm b/lib/POE/Kernel.pm
+index 150e3d3..6efc794 100644
+--- a/lib/POE/Kernel.pm
++++ b/lib/POE/Kernel.pm
+@@ -1993,8 +1993,8 @@ sub alarm_remove {
+ # value when someone needs something useful from it.
+
+ return unless defined wantarray;
+- return ( $event->[EV_NAME], $time, @{$event->[EV_ARGS]} ) if wantarray;
+- return [ $event->[EV_NAME], $time, @{$event->[EV_ARGS]} ];
++ return ( $event->[EV_NAME], $time, $event->[EV_ARGS] ) if wantarray;
++ return [ $event->[EV_NAME], $time, $event->[EV_ARGS] ];
+ }
+
+ # Move an alarm to a new time. This virtually removes the alarm and
+--
+1.7.7.4
+
diff --git a/perl-POE-1.289-Make-transpose-chars-work-when-cursor-is-at-end-of-l.patch b/perl-POE-1.289-Make-transpose-chars-work-when-cursor-is-at-end-of-l.patch
new file mode 100644
index 0000000..59b3aea
--- /dev/null
+++ b/perl-POE-1.289-Make-transpose-chars-work-when-cursor-is-at-end-of-l.patch
@@ -0,0 +1,32 @@
+From 9c028bba7e526d4e0e152c33ba3c7b14d034c301 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Hinrik=20=C3=96rn=20Sigur=C3=B0sson?= <hinrik.sig(a)gmail.com>
+Date: Mon, 18 Apr 2011 17:01:12 +0000
+Subject: [PATCH] Make transpose-chars work when cursor is at end of line
+
+Petr Pisar: Upstream commit de7200ea6ccf466f1a6d74cd86e3b53b590c2c43
+ported to 1.289.
+---
+ lib/POE/Wheel/ReadLine.pm | 7 ++++++-
+ 1 files changed, 6 insertions(+), 1 deletions(-)
+
+diff --git a/lib/POE/Wheel/ReadLine.pm b/lib/POE/Wheel/ReadLine.pm
+index 4a3a89f..86e1770 100644
+--- a/lib/POE/Wheel/ReadLine.pm
++++ b/lib/POE/Wheel/ReadLine.pm
+@@ -1848,7 +1848,12 @@ sub rl_clear_screen {
+
+ sub rl_transpose_chars {
+ my ($self, $key) = @_;
+- if ($self->[SELF_CURSOR_INPUT] > 0 and $self->[SELF_CURSOR_INPUT] < length($self->[SELF_INPUT])) {
++ if (length($self->[SELF_INPUT]) > 1 && length($self->[SELF_INPUT]) == $self->[SELF_CURSOR_INPUT]) {
++ my $transposition = reverse substr($self->[SELF_INPUT], -2, 2);
++ substr($self->[SELF_INPUT], -2, 2) = $transposition;
++ _curs_left(_display_width($transposition));
++ print $stdout _normalize($transposition);
++ } elsif (length($self->[SELF_INPUT]) > 1 && $self->[SELF_CURSOR_INPUT] > 0) {
+ my $width_left = _display_width(substr($self->[SELF_INPUT], $self->[SELF_CURSOR_INPUT] - 1, 1));
+
+ my $transposition = reverse substr($self->[SELF_INPUT], $self->[SELF_CURSOR_INPUT] - 1, 2);
+--
+1.7.7.4
+
diff --git a/perl-POE.spec b/perl-POE.spec
index ddbe770..de2891a 100644
--- a/perl-POE.spec
+++ b/perl-POE.spec
@@ -1,12 +1,16 @@
Name: perl-POE
Version: 1.289
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: POE - portable multitasking and networking framework for Perl
Group: Development/Libraries
License: GPL+ or Artistic
URL: http://search.cpan.org/dist/POE/
Source0: http://search.cpan.org/CPAN/authors/id/R/RC/RCAPUTO/POE-%{version}.tar.gz
+# Fixed in 1.299, bug #759129.
+Patch0: perl-POE-1.289-Fix-double-event-arguments-dereference.patch
+# Fixed in 1.310, bug #759129.
+Patch1: perl-POE-1.289-Make-transpose-chars-work-when-cursor-is-at-end-of-l.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@@ -75,6 +79,8 @@ possible to use POE at varying levels of abstraction.
%prep
%setup -q -n POE-%{version}
+%patch0 -p1
+%patch1 -p1
# make rpmlint happy...
chmod -c -x examples/*
@@ -123,6 +129,9 @@ rm -rf %{buildroot}
%changelog
+* Thu Dec 01 2011 Petr Pisar <ppisar(a)redhat.com> - 1.289-6
+- Fix alarm handling (bug #759129)
+
* Wed Jul 20 2011 Petr Sabata <contyk(a)redhat.com> - 1.289-5
- Perl mass rebuild
12 years, 5 months