---
- branch: MAIN
  date: Wed Jun 11 20:17:59 UTC 2014
  files:
  - new: '1.27'
    old: '1.26'
    path: pkgsrc/security/p5-Module-Signature/Makefile
    pathrev: pkgsrc/security/p5-Module-Signature/Makefile@1.27
    type: modified
  - new: '1.10'
    old: '1.9'
    path: pkgsrc/security/p5-Module-Signature/distinfo
    pathrev: pkgsrc/security/p5-Module-Signature/distinfo@1.10
    type: modified
  id: 20140611T201759Z.0b1b52273438a4805d670d516808c20deb2a631a
  log: |
    Update to 0.73:

    [Changes for 0.73 - Wed Jun  5 23:44:57 CST 2013]

    * Properly redo the previous fix using File::Spec->file_name_is_absolute.

    [Changes for 0.72 - Wed Jun  5 23:19:02 CST 2013]

    * Only allow loading Digest::* from absolute paths in @INC,
      by ensuring they begin with \ or / characters.

      Contributed by: Florian Weimer (CVE-2013-2145)

    [Changes for 0.71 - Tue Jun  4 18:24:10 CST 2013]

    * Constrain the user-specified digest name to /^\w+\d+$/.

    * Avoid loading Digest::* from relative paths in @INC.

      Contributed by: Florian Weimer (CVE-2013-2145)

    [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]

    * Don't check gpg version if gpg does not exist.

      This avoids unnecessary warnings during installation
      when gpg executable is not installed.

      Contributed by: Kenichi Ishigaki

    [Changes for 0.69 - Fri Nov  2 23:04:19 CST 2012]

    * Support for gpg under these alternate names:

        gpg gpg2 gnupg gnupg2

      Contributed by: Michael Schwern
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/p5-Module-Signature'
  unixtime: '1402517879'
  user: wiz