---
- branch: MAIN
  date: Sun Dec  4 20:52:25 UTC 2011
  files:
  - new: '1.17'
    old: '1.16'
    path: pkgsrc/devel/p5-PAR/Makefile
    pathrev: pkgsrc/devel/p5-PAR/Makefile@1.17
    type: modified
  - new: '1.7'
    old: '1.6'
    path: pkgsrc/devel/p5-PAR/distinfo
    pathrev: pkgsrc/devel/p5-PAR/distinfo@1.7
    type: modified
  id: 20111204T205225Z.000fa35bec2062f1723eaaf0ad5c0d03a324300f
  log: |
    Update devel/p5-PAR to 1.005.
    Includes a fix for CVE 2011-4114.

    Upstream changes:

    [Changes for 1.005 - Dec 2, 2011]
      - run all tests using a nonce PAR_TMPDIR (otherwise CPAN Testers
      goes crazy as top level /tmp/par-USER directories (or similar)
      from previous tests may now be considered "unsafe")

    [Changes for 1.004 - Nov 30, 2011]
      - back out r1241: it causes errors in PAR::Packer's test suite
      - change "unsafe directory" error message to match the wording
      used by PAR::Packer
      - remove "debian" sub directory: it isn't released to CPAN and
      Debian will supply its own anyway
      - remove some cruft from MANIFEST.SKIP

    [Changes for 1.003 - Nov 28, 2011]
      -  RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe
      and predictable temporary directories
      (Note: this bug was originally reported against PAR::Packer, but
      it applies to PAR as well)
      - create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
      - if it already exists, make sure that (and bail out if not)
       - it's not a symlink
       - it's mode 0700
       - it's owned by USER
      - Fix a problem packing XML::LibXSLT on Windows (see the thread starting
      with http://www.nntp.perl.org/group/perl.par/2011/02/msg4919.html)
      - Die (with a hopefully useful message) if any error is encountered
      during an Archive::Zip extract operation
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel/p5-PAR'
  unixtime: '1323031945'
  user: gls