---
- branch: pkgsrc-2011Q3
  date: Wed Dec  7 08:33:11 UTC 2011
  files:
  - new: 1.16.2.1
    old: '1.16'
    path: pkgsrc/devel/p5-PAR/Makefile
    pathrev: pkgsrc/devel/p5-PAR/Makefile@1.16.2.1
    type: modified
  - new: 1.6.10.1
    old: '1.6'
    path: pkgsrc/devel/p5-PAR/distinfo
    pathrev: pkgsrc/devel/p5-PAR/distinfo@1.6.10.1
    type: modified
  id: 20111207T083311Z.f78439f2713bd6184f3141ce9c87024dc634c948
  log: |
    Pullup ticket #3625 - requested by gls
    devel/p5-PAR: security update

    Revisions pulled up:
    - devel/p5-PAR/Makefile                                         1.17
    - devel/p5-PAR/distinfo                                         1.7

    ---
       Module Name:    pkgsrc
       Committed By:    gls
       Date:        Sun Dec  4 20:52:25 UTC 2011

       Modified Files:
           pkgsrc/devel/p5-PAR: Makefile distinfo

       Log Message:
       Update devel/p5-PAR to 1.005.
       Includes a fix for CVE 2011-4114.

       Upstream changes:

       [Changes for 1.005 - Dec 2, 2011]
         - run all tests using a nonce PAR_TMPDIR (otherwise CPAN Testers
         goes crazy as top level /tmp/par-USER directories (or similar)
         from previous tests may now be considered "unsafe")

       [Changes for 1.004 - Nov 30, 2011]
         - back out r1241: it causes errors in PAR::Packer's test suite
         - change "unsafe directory" error message to match the wording
         used by PAR::Packer
         - remove "debian" sub directory: it isn't released to CPAN and
         Debian will supply its own anyway
         - remove some cruft from MANIFEST.SKIP

       [Changes for 1.003 - Nov 28, 2011]
         -  RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe
         and predictable temporary directories
         (Note: this bug was originally reported against PAR::Packer, but
         it applies to PAR as well)
         - create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
         - if it already exists, make sure that (and bail out if not)
          - it's not a symlink
          - it's mode 0700
          - it's owned by USER
         - Fix a problem packing XML::LibXSLT on Windows (see the thread starting
         with http://www.nntp.perl.org/group/perl.par/2011/02/msg4919.html)
         - Die (with a hopefully useful message) if any error is encountered
         during an Archive::Zip extract operation
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2011Q3] pkgsrc/devel/p5-PAR'
  unixtime: '1323246791'
  user: tron