commit 2596fe2fe500ae1f90de21c52c6374417f38d8b8
Author: Paul Howarth <paul@xxxxxxxxxxxx>
Date: Fri Jun 7 20:29:04 2013 +0100
Update to 0.73
- New upstream release 0.73
- Support for gpg under these alternate names: gpg gpg2 gnupg gnupg2
- Don't check gpg version if gpg does not exist
- Constrain the user-specified digest name to /^\w+\d+$/
- Only allow loading Digest::* from absolute paths in @INC (CVE-2013-2145)
- This release by AUDREYT -> update source URL
- Include Andreas Koenig's GPG key in the SRPM and import it in %prep so
that we don't need to get it from a keyserver in %check
- Make building non-interactive
- Specify all dependencies
- Don't need to remove empty directories from the buildroot
- Drop %defattr, redundant since rpm 4.4
- Use %{_fixperms} macro rather than our own chmod incantation
AKOENIG.pub | 109 ++++++++++++++++++++++++++++++++++++++++++++
perl-Module-Signature.spec | 58 +++++++++++++++++++----
sources | 2 +-
3 files changed, 157 insertions(+), 12 deletions(-)
---
diff --git a/AKOENIG.pub b/AKOENIG.pub
new file mode 100644
index 0000000..8d8e113
--- /dev/null
+++ b/AKOENIG.pub
@@ -0,0 +1,109 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+mQGiBDx+A1YRBADEsflgt39/oYoLumUOxOI2KKEte7SKfNc0SaI8Awpx8uxw4UR7
+dxJN56mwvMk3GeJw0vn7gEbVzcm5W0AsBdUrHrYFEfngxrkEN0fBzaByQ9U4nOj7
+EsoII9q8LllWphLfFYmewzrat/e0YDQA2WneiICUeIjBohX3+4yJjho5xwCg/zRU
+c/J+hJwuYyrNheC9+4gYGrkEALVWaB1CYqpaK5eUb911k+DjeOZQvqd+Mh7IiHDP
+RYPd23ct8NFQeav8HdEA+zJRVqWISh4tl64aNbHHR3RpnFJwwjgnfa5HRXZRVjQL
+UlQ/N5XV96TGywb58ZqYGouln7NZh+couss+5oWfI/vZDtx8Fo0vP1BqVn3amGoS
+26J4A/wPXkV8DoiowGXv2bJztrzRjNDKNJ5E/9aOw0x9jad7s/VelwDUs11m5tRN
+o4ExojPqn7OVBdvys6X23+tn2W23C2wDDkWwHivX0mtiFe4vUiwNpCc+v7/Y4tVi
+Gi+DSuFMuVo0kcQCR5pd9MeeVi+fE5IED+U9geYLHWEHAq21QrQrQW5kcmVhcyBK
+LiBLb2VuaWcgPGFuZHJlYXMua29lbmlnQGFuaW1hLmRlPohGBBARAgAGBQJGS7XU
+AAoJEIvYLm8wuUtc404An1uYvhilZvncVzrvanbgxkfdMF58AJ4mf5Vc9Z1/Ul8h
+0jbD+0D7SFD9qohGBBARAgAGBQJG8t6NAAoJEEKjT0TL7AZ4aQwAnjrla2nE5YX7
+QT+woUIdi/EkDrG1AKCG9T1ZgpVV21ubjz4nsv1tFPK82ohGBBARAgAGBQJKz16V
+AAoJEA5ia60SmMK0zTUAn0W+ycs/ebalk8wtxWZHOyexBapjAJ9s6nglYuy+0Nol
+NKm1aekXWzW2z4hMBBIRAgAMBQI/JIMjBYMDCkZSAAoJELSz3Tc8NQGgC/gAnj7m
+xNKL6F4dm0DhF3P3uY0rfwQuAJ913OYJSLq+pd5sHZCSF9s5ZXRjEYhdBBMRAgAd
+BQI8fgNWBQkB4TOABQsHCgMEAxUDAgMWAgECF4AACgkQ7IA58KMXwV3dsACg1z+x
+zD8uFTmEBTAcn2V8S3U2AHAAoLMTgicNLRzcq1ilDBjXSCr7nJ65iGIEExECACIC
+GwMECwcDAgMVAgMDFgIBAh4BAheABQJB4UpeBQkJZ5kIAAoJEOyAOfCjF8FdaFEA
+oPI96EJOGjoEH7hjF0NZR2+TPIVmAJ98ft7zkAgMPshyQrifh758MU+0MIhiBBMR
+AgAiAhsDBAsHAwIDFQIDAxYCAQIeAQIXgAUCRZkb8QUJDcwfDAAKCRDsgDnwoxfB
+XXxuAJ97ETTkVTuBLj7mOI7hZPABKqSP0ACdG6XVz+rJwaHHXjrDFFvcaqZCfDiI
+YgQTEQIAIgIbAwQLBwMCAxUCAwMWAgECHgECF4AFAkpMMbEFCRNxyLEACgkQ7IA5
+8KMXwV00RACfdgu0ySWTevNeP6c8NSBh+u5HNroAoNKvsnuwswMwzcIRwcAaElAh
+NJjliGIEExECACICGwMECwcDAgMVAgMDFgIBAh4BAheABQJQNTolBQkZWtEKAAoJ
+EOyAOfCjF8FdwRwAn2aP2FwPgNMySTVxiZPL98cwsdB9AJ4tx8boGXj15gRfUNri
+/O2I/C0jVIhiBBMRAgAiBQI+bGJ1AhsDBQkFsMYfBAsHAwIDFQIDAxYCAQIeAQIX
+gAAKCRDsgDnwoxfBXY+ZAJ9K6w/cr13vgyy0vMg1swsx3iENFQCeO6QGLsATl8Ej
+Vtcvol5gJqGAB1e0PEFuZHJlYXMgSi4gS29lbmlnIDxhbmRyZWFzLmtvZW5pZy43
+b3M2VlZxUkBmcmFuei5hay5taW5kLmRlPohGBBARAgAGBQJGS7XUAAoJEIvYLm8w
+uUtc0KkAoK81/EaTFjwadQyqT34unIqIOmEMAJ9lwuykaFBxJHAfSrQwUrGTKSay
+dYhGBBARAgAGBQJG8t6KAAoJEEKjT0TL7AZ4HgQAnib+nfcw6wrATSdbGS+BIpcU
+C5mrAJ0dTxVl8XsQk0P0WFAtnITHZ8W0SohGBBARAgAGBQJKz16VAAoJEA5ia60S
+mMK0lgAAn0hvKzYCEi+VZ1GzMSSnfK6BcrBKAJ0UDxS1s6aUW+FxbbsmsM9PeOH0
+TYhmBBMRAgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAkpMMasFCRNxyLEA
+CgkQ7IA58KMXwV14CgCgnO1WUQhZ3HERx3dsvJWskWDc46oAn09s3M7xf7J3DYKd
+27u2J+p5DxcXiGYEExECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCUDU6
+JQUJGVrRCgAKCRDsgDnwoxfBXRyaAKDfuoxa5PsSzSCru7kcIvvH48gXgQCfUqnx
+R/gHYk8QwiraYlIZF24c49WIZgQTEQIAJgUCRZkcYwIbAwUJDcwfDAYLCQgHAwIE
+FQIIAwQWAgMBAh4BAheAAAoJEOyAOfCjF8FdR9QAoKEJg3mrTWYNe6oWqKFPOaOb
+Ar/lAKD2hwJor49Mm2TY8zRjvtIfdfQOBbQ8QW5kcmVhcyBKLiBLb2VuaWcgPGFu
+ZHJlYXMua29lbmlnLmdtd29qcHJ3QGZyYW56LmFrLm1pbmQuZGU+iEYEEBECAAYF
+AkZLtdQACgkQi9gubzC5S1yMlQCeMh6TnqDx6MFrhI6SzNVIwZVB6dcAoJJIe54A
+GHWH3ntSCfAr+3Z3n85oiEYEEBECAAYFAkby3o0ACgkQQqNPRMvsBnggJwCg7o5W
+urNnV3sdWIr1Gh/lux70WqkAoKuRhKhq1PFcDQdYzE8+MxoZXF/0iEYEEBECAAYF
+AkrPXpUACgkQDmJrrRKYwrQYbQCdFCgB/kszckBqgYL5LiYhG0LFXRcAn3WB0Q/u
+79Ruguynr2pIdBULfPltiGQEExECACQCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AF
+AkWZG+IFCQ3MHwwACgkQ7IA58KMXwV3TewCggnu5SLrOcp5goarr44bfLi7EH+cA
+oMWy1kKltU+dEsflACYkWRLnKmD9iGQEExECACQCGwMGCwkIBwMCAxUCAwMWAgEC
+HgECF4AFAkpMMbEFCRNxyLEACgkQ7IA58KMXwV0B8QCfXVbemsLdObkTNxxGXhMm
+P4nyYH0An0frd45qdrTf2W4L3JweTeS8JCKuiGQEExECACQCGwMGCwkIBwMCAxUC
+AwMWAgECHgECF4AFAlA1OgoFCRla0QoACgkQ7IA58KMXwV2g9gCbB7ZOIwChKnoz
+awpHLRpNcufkbgcAniYsMn7IV3VDzQBh+xHrGE1OE+OGiGQEExECACQFAkHhSoMC
+GwMFCQlnmQgGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQ7IA58KMXwV3mFwCg6TM3
+9gmLwBoaypkAHzMDrXYPwj4AoOE1jx6p0xICUSYmfvoIwxV2x7j+iJwEEAECAAYF
+AkbwHHEACgkQLujFtvljWgVoLwQAztFvaN9eu0GmNTQy2hjZne2aH4GdzrkwUM7s
+RIPiobJ4pv9xCXxthbK9eVGBj7xqkM08VcYXDV0hih9dkpeOS23Dlhs4/WjEiYGV
+XCee62PWtYRYz3prtwG7CZVm7VzZ1Q9UQWEF/CbCb03dCGnZUCMWYwh73HOXSqNk
+D9A3tsO5AQ0EPH4DWBAEANcfQKLZEwZhgPrA+FGM+O++Ayv6WU6dJ09kGxK3Np2Z
+eAPvFNG4Y+psmJ1V0F8e9+8THxUK5WKgW04V2O4pHP9MaDGgj2Vw/8Vdlw/6c6B1
+kNyn4j0mwKg72h8MDyYkv8uzRLpgkRgpWjUqZGiwnBE0kYgPbufBclRz0kSUqCiz
+AAMGA/9iDraUrvTIGzQ+HuDTIuqa0QkRBhqGBEePcID8ZV3w+nlKz02mULjTzem+
+fI9HoihsMXjaya0HAG38cYhtS435+oPOwzepfr+NGeCg1cGzaKsKCcX9x0RTtL6p
+/rAwuGBeWcTvyyji4kGPug/Ax7W0OZURZheBHsIgmkj9WYWepohMBBgRAgAMBQI8
+fgNYBQkB4TOAAAoJEOyAOfCjF8Fde/YAoOqKYAHhtvR9YEgW/F4STL9Vjoj+AKCc
+FC7oo31SRRPDPHhoI3cnmjduRLkCDQQ+bF5JEAgAt940GuRZwa47meqpr5h4Tiwg
+I2l9BqxMaCPf8BmJdS8mr6VN9Vv3C5LeJ7rWWTMfVWac2j1JVfm3q7iG9+GIBj40
+M9bWpl6inAuh+SivUI/bMyP7vvlFDSZU3sDe4xAnbKok1tgspEug6oQopFnS/aSD
+72dEahfqiKc/2SLwxoeZwfRUCBgyOybSo6pTnJ3IVXj1fdxToTETmS/sFE91aQJq
+kzqsxA5Esm+lGfbMliZ/iXKNgmW0WWQOPqNJHZcgJDrgl+aGCUZYYmyLSi+KxDqL
+2IL2vpQzlhHV9LgmwnF3FA5CtcPxFZoZtsxT5PiHBlZaXaFsX3P7pMEvTgJTDwAD
+Bwf+IhU5XuraaxRBVxxYHG3+053EGcMML4XMNvCaTEMB5BsxvHTTJr7gAH6FJexO
+EuGEcys0pcOJiSgeWeUDMtlHevbx2E6u0IPHBg+Gvqg4qMmKz8BZ5g/SrHQsOwxN
+fYYN7xzWqLt8IULLUCjblVJfuJ/PW85JXXdCmf5LwhWMKQR7bTxtaH5iFkzhgv+2
+GkG+3mF/KWjKUOEbmBFDUsbP2PZtkN/ziYuF/Db8nsht2xU9N3lvg1Q1tXJgQYak
+WwNAYWJsz1Y65MDMJSWE55mop3XxyXXNLDz9HnX2OwElrkTdVH2Fxo5qCfMRac3Y
+OXX4hCbeSL4JD4AB0VA/ci6FjIhMBBgRAgAMBQI+bF5JBQkDwmcAAAoJEOyAOfCj
+F8Fdg0kAoJqi9qIQNVyj6XRPISUmYMa3L6vlAKDqKZO31WJQnZmlDFxy3YBw/awK
+PbkCDQRB4Ur/EAgAmVOOGgiP33A4jL/lt9dHDbLQ5mkyI1XM3yP15nNqeQUbrMDi
+o6dtd1AgEoohW2f2PkdqlYQaSCbsCOv4u2KPlJLsWz7HdaTUY8afzREuejDJW93Q
+A9Suzx2ByCjHS6LmeKW4w7ofe2o15+cc5DFvEkhBgEPLpNuKG0CBysK8NxntPl2t
+Qqe21N2TjrkFyWHzGpjogV1FCXAdaFHntCTF0D3lwfB++IkXjWfQcUZw5mV58iNi
+XP6E7IBtNqTKMOdary1ASyLgdIu9OPpyAcHG+IbUcxxlUDrJY8OlHSt4ibJxU4Cd
+xCyrO3sb4ocVrvR8AMkkLe0RHi5v9/+Nf73OFwADBQf9EUEvHbL7UdTOwVs08ImT
+T1kqjR1H3f2ZFrmEpdj+FdB9o58yqd8r21qN6i5r9AE7AxVo45jrhGVfkKoyYGxq
+5xNBKnRjtOqGa1weKWvQtJ8EwHEiILw+YZx3QBa4yGwvkDA/yNwgBePKlBzGMPvw
+ep+d36LDNKB8pIwm/uruT30uE62+89coB8WXNvwNyibFlxnDPOv71k/7FSkFPimB
+9TsoBa9UejFG2BdgUxlhAwSysuY364zhxuWfEE1ilPuIah37ob+QEKPA7MAgh0D+
+8OFuSa/hx0xZPG1x3V57ViC6W5m8vIkC0+Pr1fIb0QLFGpp1YdBrDPGr0jHovZck
+a4hPBBgRAgAPBQJB4Ur/AhsMBQkEBFIAAAoJEOyAOfCjF8FdlJ0AnRVocpQnz1Is
+Y0sAOj8QJPBoTO7wAKCMvR3p7wpZpjWf+blgAnCLMahei7kCDQRFmR0hEAgA75SD
+L4C2WxPXIVgPU64Xc0ZClSqSf2HQY9YRDuUpWbghaYbGlnxzGkxP8bySJXkqwMgt
+4eF1zhEau/OXV2NfKXai3k6kZpANcSeycjmPa3+ci4wSuS/9qz/oSy1mm9IiP9iq
+uxuQ2kv11OCnVbc8zsl8Y7DV0nf7qfLu1T8okQUjQVxeIIobxTfpoNoh5DBMLUbg
+ikJ3Z5PKmfcx3XMoM5e3c9Tv4brXx9DLn6tcdAXA5aN1ahM/2HvxYnuHjCOSpJ9C
+zMCTmRkwDvYxlp8WlyLpubwfrk+EaT40iCSsjcDHlaGIMrOC1jmVopIE581sLMqH
+tgClVW93dwLNsJMvRwADBQf6A3/pY/4OoHKjZm8cSpfdNRTDWK+YD5tb2qD36G3d
+qdTkMvHjIsvJdacIgg37qBJuKMnw3xhwjwf0cpnAuUPG1wKoIk7/OuLnVmghksHE
+fzIpsg49P7Gb5MsXxmUlMr8vePnDnqt/xyxuQ/OwcH87dl1OuZqaf/KWM6NtUobF
+4oC/Y7oivEecij9M+GGJK2Iznvxs6ASeFPcDg3LVblWnO2xfT3rcux+Nqul4pLbL
+IjONYp0/IK4v2V7nAzU0sUP5NuH1QkZ/uhro3W7CznLDWEIb7BGTsjM8OEe3uMwD
+93O1V7bEQdSHfhHPZvaTOLkZKQ/MaWW9PiVcSfwSMX3DKYhPBBgRAgAPAhsMBQJQ
+NTpvBQkQP7fDAAoJEOyAOfCjF8FdxkoAn2lCeonCU6EHSy0KqhRysJFuvLm5AKCK
+M+pbqhGxYWdkwFo4e9FH7an45w==
+=ZcJk
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/perl-Module-Signature.spec b/perl-Module-Signature.spec
index 3436a3f..a2e5f23 100644
--- a/perl-Module-Signature.spec
+++ b/perl-Module-Signature.spec
@@ -1,29 +1,48 @@
Name: perl-Module-Signature
-Version: 0.68
+Version: 0.73
Release: 1%{?dist}
Summary: CPAN signature management utilities and modules
Group: Development/Libraries
License: CC0
URL: http://search.cpan.org/dist/Module-Signature/
-Source0: http://search.cpan.org/CPAN/authors/id/F/FL/FLORA/Module-Signature-%{version}.tar.gz
+Source0: http://search.cpan.org/CPAN/authors/id/A/AU/AUDREYT/Module-Signature-%{version}.tar.gz
+Source1: AKOENIG.pub
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildArch: noarch
+# Module build
+BuildRequires: perl(base)
+BuildRequires: perl(Cwd)
+BuildRequires: perl(ExtUtils::MakeMaker)
+# Module runtime
BuildRequires: gnupg
+BuildRequires: perl(constant)
BuildRequires: perl(Digest::SHA)
BuildRequires: perl(Digest::SHA1)
-BuildRequires: perl(ExtUtils::MakeMaker)
+BuildRequires: perl(Exporter)
+BuildRequires: perl(ExtUtils::Manifest)
+BuildRequires: perl(File::Spec)
+BuildRequires: perl(IO::Socket::INET)
+BuildRequires: perl(Text::Diff)
+# Test suite
+BuildRequires: perl(Data::Dumper)
+BuildRequires: perl(File::Path)
+BuildRequires: perl(Getopt::Long)
BuildRequires: perl(IPC::Run)
+BuildRequires: perl(lib)
+BuildRequires: perl(Pod::Usage)
BuildRequires: perl(Test::More)
+# Module runtime
+Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
Requires: gnupg
Requires: perl(Digest::SHA)
Requires: perl(Digest::SHA1)
-Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
-# Would prefer this to be Suggests: really...
+Requires: perl(IO::Socket::INET)
Requires: perl(PAR::Dist)
+Requires: perl(Text::Diff)
%description
-This package contains command line tools and utilities a module for
-checking and creating SIGNATURE files for Perl CPAN distributions.
+This package contains a command line tool and module for checking and creating
+SIGNATURE files for Perl CPAN distributions.
%prep
%setup -q -c -n Module-Signature
@@ -34,10 +53,14 @@ cp -a Module-Signature-%{version}/{AUTHORS,Changes,README,*.pub} .
# Create a GPG directory for testing, to avoid using ~/.gnupg
mkdir --mode=0700 gnupghome
+# Import AKOENIG key so we don't try to download it later
+export GNUPGHOME=$(pwd)/gnupghome
+gpg --import %{SOURCE1}
+
%build
export GNUPGHOME=$(pwd)/gnupghome
cd Module-Signature-%{version}
-perl Makefile.PL INSTALLDIRS=vendor --skipdeps
+perl Makefile.PL INSTALLDIRS=vendor --skipdeps </dev/null
make %{?_smp_mflags}
cd -
@@ -45,8 +68,7 @@ cd -
rm -rf %{buildroot}
make -C Module-Signature-%{version} pure_install DESTDIR=%{buildroot}
find %{buildroot} -type f -name .packlist -exec rm -f {} ';'
-find %{buildroot} -depth -type d -exec rmdir {} ';' 2>/dev/null
-chmod -R u+w %{buildroot}
+%{_fixperms} %{buildroot}
%check
export GNUPGHOME=$(pwd)/gnupghome
@@ -56,7 +78,6 @@ make -C Module-Signature-%{version} test TEST_SIGNATURE=1
rm -rf %{buildroot}
%files
-%defattr(-,root,root,-)
%doc AUTHORS Changes README *.pub
%{_bindir}/cpansign
%{perl_vendorlib}/Module/
@@ -64,6 +85,21 @@ rm -rf %{buildroot}
%{_mandir}/man3/Module::Signature.3pm*
%changelog
+* Fri Jun 7 2013 Paul Howarth <paul@xxxxxxxxxxxx> - 0.73-1
+- Update to 0.73
+ - Support for gpg under these alternate names: gpg gpg2 gnupg gnupg2
+ - Don't check gpg version if gpg does not exist
+ - Constrain the user-specified digest name to /^\w+\d+$/
+ - Only allow loading Digest::* from absolute paths in @INC (CVE-2013-2145)
+- This release by AUDREYT -> update source URL
+- Include Andreas Koenig's GPG key in the SRPM and import it in %%prep so
+ that we don't need to get it from a keyserver in %%check
+- Make building non-interactive
+- Specify all dependencies
+- Don't need to remove empty directories from the buildroot
+- Drop %%defattr, redundant since rpm 4.4
+- Use %%{_fixperms} macro rather than our own chmod incantation
+
* Fri May 13 2011 Paul Howarth <paul@xxxxxxxxxxxx> - 0.68-1
- Update to 0.68
- Fix breakage introduced by 0.67 (CPAN RT#68150)
diff --git a/sources b/sources
index b5284bd..4ff8323 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-c63c0b5c4e7162fc0c44512e1f832e5e Module-Signature-0.68.tar.gz
+de27bbca948ba8a13a7f614414cb623d Module-Signature-0.73.tar.gz
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
