[lintian] 01/01: Update the re-enabling on YAML parsing to support all versions of libyaml-libyaml-perl. This avoids a backport.
This is an automated email from the git hooks/post-receive script.
lamby pushed a commit to branch master
in repository lintian.
commit d200a280aa2f0527883a95d41c4545b36b9d8106
Author: Chris Lamb <lamby@debian.org>
Date: Wed Apr 4 14:31:24 2018 +0100
Update the re-enabling on YAML parsing to support all versions of libyaml-libyaml-perl. This avoids a backport.
---
checks/upstream-metadata.pm | 2 ++
debian/changelog | 4 ++--
debian/control | 4 ++--
t/tests/upstream-metadata-invalid-yml/desc | 1 +
4 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/checks/upstream-metadata.pm b/checks/upstream-metadata.pm
index 4e2da86..5e58ae6 100644
--- a/checks/upstream-metadata.pm
+++ b/checks/upstream-metadata.pm
@@ -39,6 +39,8 @@ sub run {
}
if ($yamlfile->is_open_ok) {
+ # Need 0.69 for $LoadBlessed (#861958)
+ return if $YAML::XS::VERSION < 0.69;
my $yaml;
eval { $yaml = YAML::XS::LoadFile($yamlfile->fs_path); };
if (!$yaml) {
diff --git a/debian/changelog b/debian/changelog
index 0135a08..320adaa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -34,8 +34,8 @@ lintian (2.5.81) UNRELEASED; urgency=medium
* checks/upstream-metadata.pm:
+ Re-enable YAML parsing of upstream metadata which was disabled in
2.5.51 (via #861958) to close CVE-2017-8829 as we can now use the
- $LoadBlessed option of YAML:XS. Thanks to Dylan Aïssi for the
- report. (Closes: #894747)
+ $LoadBlessed option of YAML::XS if we have version 0.69 or above
+ Thanks to Dylan Aïssi for the report. (Closes: #894747)
* lib/Lintian/Check.pm:
+ [CL] Avoid false positives in spelling detection by allowing "(s)"
diff --git a/debian/control b/debian/control
index 6337ab4..8bdf463 100644
--- a/debian/control
+++ b/debian/control
@@ -55,7 +55,7 @@ Build-Depends: aspell <!nocheck>,
libtext-template-perl <!nocheck>,
libtimedate-perl <!nocheck>,
liburi-perl <!nocheck>,
- libyaml-libyaml-perl (>= 0.69) <!nocheck>,
+ libyaml-libyaml-perl <!nocheck>,
libxml-simple-perl <!nocheck>,
man-db <!nocheck>,
node-uglify <!nocheck>,
@@ -102,7 +102,7 @@ Depends: binutils,
libtext-levenshtein-perl,
libtimedate-perl,
liburi-perl,
- libyaml-libyaml-perl (>= 0.69),
+ libyaml-libyaml-perl,
libxml-simple-perl,
man-db,
patchutils,
diff --git a/t/tests/upstream-metadata-invalid-yml/desc b/t/tests/upstream-metadata-invalid-yml/desc
index fb4d259..fc7a1c7 100644
--- a/t/tests/upstream-metadata-invalid-yml/desc
+++ b/t/tests/upstream-metadata-invalid-yml/desc
@@ -1,4 +1,5 @@
Testname: upstream-metadata-invalid-yml
Version: 1.0
Description: Tests for upstream-metadata being invalid yml
+Test-Depends: libyaml-libyaml-perl (>= 0.69)
Test-For: upstream-metadata-yaml-invalid
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: