From 2ee7a7fcd996b283a4d4eb364b53860066bb9e0f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 07 2019 09:22:10 +0000 Subject: import perl-Archive-Zip-1.60-3.el8 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9c075d8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/Archive-Zip-1.60.tar.gz diff --git a/.perl-Archive-Zip.metadata b/.perl-Archive-Zip.metadata new file mode 100644 index 0000000..2c97140 --- /dev/null +++ b/.perl-Archive-Zip.metadata @@ -0,0 +1 @@ +8900c3f288bddec63b429b8f038c71e4f745fbe1 SOURCES/Archive-Zip-1.60.tar.gz diff --git a/SOURCES/Archive-Zip-1.60-Prevent-from-traversing-symlinks-and-parent-director.patch b/SOURCES/Archive-Zip-1.60-Prevent-from-traversing-symlinks-and-parent-director.patch new file mode 100644 index 0000000..eaed59e --- /dev/null +++ b/SOURCES/Archive-Zip-1.60-Prevent-from-traversing-symlinks-and-parent-director.patch @@ -0,0 +1,406 @@ +From 5c79b9faae0f1dd67cc8288964c72c12e03884f8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 15 Jun 2018 14:49:47 +0200 +Subject: [PATCH] Prevent from traversing symlinks and parent directories when + extracting +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If an attacker-supplied archive contains symbolic links and files that +referes to the symbolic links in their path components, the user can +be tricked into overwriting any arbitrary file. + +The same issue is with archives whose members refer to a parent +directory (..) in their path components. + +This patch fixes it by aborting an extraction (extractTree(), +extractMember(), extractMemberWithoutPaths()) in those cases by not +traversing the dangerous paths and returning AZ_ERORR instead. + +However, if a user supplies a local file name, the security checks are +not performed. This is based on the assumption that a user knows +what's on his local file system. + +CVE-2018-10860 +https://bugzilla.redhat.com/show_bug.cgi?id=1591449 + +Signed-off-by: Petr Písař +--- + MANIFEST | 3 + + lib/Archive/Zip.pm | 8 ++ + lib/Archive/Zip/Archive.pm | 37 +++++++ + t/25_traversal.t | 189 +++++++++++++++++++++++++++++++++ + t/data/dotdot-from-unexistant-path.zip | Bin 0 -> 245 bytes + t/data/link-dir.zip | Bin 0 -> 260 bytes + t/data/link-samename.zip | Bin 0 -> 257 bytes + 7 files changed, 237 insertions(+) + create mode 100644 t/25_traversal.t + create mode 100644 t/data/dotdot-from-unexistant-path.zip + create mode 100644 t/data/link-dir.zip + create mode 100644 t/data/link-samename.zip + +diff --git a/MANIFEST b/MANIFEST +index 2e9655d..a1bd7d6 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -59,6 +59,7 @@ t/21_zip64.t + t/22_deflated_dir.t + t/23_closed_handle.t + t/24_unicode_win32.t ++t/25_traversal.t + t/badjpeg/expected.jpg + t/badjpeg/source.zip + t/common.pm +@@ -68,6 +69,7 @@ t/data/crypcomp.zip + t/data/crypt.zip + t/data/def.zip + t/data/defstr.zip ++t/data/dotdot-from-unexistant-path.zip + t/data/empty.zip + t/data/emptydef.zip + t/data/emptydefstr.zip +@@ -75,6 +77,7 @@ t/data/emptystore.zip + t/data/emptystorestr.zip + t/data/good_github11.zip + t/data/jar.zip ++t/data/link-dir.zip + t/data/linux.zip + t/data/mkzip.pl + t/data/perl.zip +diff --git a/lib/Archive/Zip.pm b/lib/Archive/Zip.pm +index ca82e31..907808b 100644 +--- a/lib/Archive/Zip.pm ++++ b/lib/Archive/Zip.pm +@@ -1145,6 +1145,9 @@ member is used as the name of the extracted file or + directory. + If you pass C<$extractedName>, it should be in the local file + system's format. ++If you do not pass C<$extractedName> and the internal filename traverses ++a parent directory or a symbolic link, the extraction will be aborted with ++C for security reason. + All necessary directories will be created. Returns C + on success. + +@@ -1162,6 +1165,9 @@ extracted member (its paths will be deleted too). Otherwise, + the internal filename of the member (minus paths) is used as + the name of the extracted file or directory. Returns C + on success. ++If you do not pass C<$extractedName> and the internal filename is equalled ++to a local symbolic link, the extraction will be aborted with C for ++security reason. + + =item addMember( $member ) + +@@ -1609,6 +1615,8 @@ a/x to f:\d\e\x + + a/b/c to f:\d\e\b\c and ignore ax/d/e and d/e + ++If the path to the extracted file traverses a parent directory or a symbolic ++link, the extraction will be aborted with C for security reason. + Returns an error code or AZ_OK if everything worked OK. + + =back +diff --git a/lib/Archive/Zip/Archive.pm b/lib/Archive/Zip/Archive.pm +index 48f0d1a..b0d3e46 100644 +--- a/lib/Archive/Zip/Archive.pm ++++ b/lib/Archive/Zip/Archive.pm +@@ -185,6 +185,8 @@ sub extractMember { + $dirName = File::Spec->catpath($volumeName, $dirName, ''); + } else { + $name = $member->fileName(); ++ if ((my $ret = _extractionNameIsSafe($name)) ++ != AZ_OK) { return $ret; } + ($dirName = $name) =~ s{[^/]*$}{}; + $dirName = Archive::Zip::_asLocalName($dirName); + $name = Archive::Zip::_asLocalName($name); +@@ -218,6 +220,8 @@ sub extractMemberWithoutPaths { + unless ($name) { + $name = $member->fileName(); + $name =~ s{.*/}{}; # strip off directories, if any ++ if ((my $ret = _extractionNameIsSafe($name)) ++ != AZ_OK) { return $ret; } + $name = Archive::Zip::_asLocalName($name); + } + my $rc = $member->extractToFileNamed($name, @_); +@@ -827,6 +831,37 @@ sub addTreeMatching { + return $self->addTree($root, $dest, $matcher, $compressionLevel); + } + ++# Check if one of the components of a path to the file or the file name ++# itself is an already existing symbolic link. If yes then return an ++# error. Continuing and writing to a file traversing a link posseses ++# a security threat, especially if the link was extracted from an ++# attacker-supplied archive. This would allow writing to an arbitrary ++# file. The same applies when using ".." to escape from a working ++# directory. ++sub _extractionNameIsSafe { ++ my $name = shift; ++ my ($volume, $directories) = File::Spec->splitpath($name, 1); ++ my @directories = File::Spec->splitdir($directories); ++ if (grep '..' eq $_, @directories) { ++ return _error( ++ "Could not extract $name safely: a parent directory is used"); ++ } ++ my @path; ++ my $path; ++ for my $directory (@directories) { ++ push @path, $directory; ++ $path = File::Spec->catpath($volume, File::Spec->catdir(@path), ''); ++ if (-l $path) { ++ return _error( ++ "Could not extract $name safely: $path is an existing symbolic link"); ++ } ++ if (!-e $path) { ++ last; ++ } ++ } ++ return AZ_OK; ++} ++ + # $zip->extractTree( $root, $dest [, $volume] ); + # + # $root and $dest are Unix-style. +@@ -861,6 +896,8 @@ sub extractTree { + $fileName =~ s{$pattern}{$dest}; # in Unix format + # convert to platform format: + $fileName = Archive::Zip::_asLocalName($fileName, $volume); ++ if ((my $ret = _extractionNameIsSafe($fileName)) ++ != AZ_OK) { return $ret; } + my $status = $member->extractToFileNamed($fileName); + return $status if $status != AZ_OK; + } +diff --git a/t/25_traversal.t b/t/25_traversal.t +new file mode 100644 +index 0000000..d03dede +--- /dev/null ++++ b/t/25_traversal.t +@@ -0,0 +1,189 @@ ++use strict; ++use warnings; ++ ++use Archive::Zip qw( :ERROR_CODES ); ++use File::Spec; ++use File::Path; ++use lib 't'; ++use common; ++ ++use Test::More tests => 41; ++ ++# These tests check for CVE-2018-10860 vulnerabilities. ++# If an archive contains a symlink and then a file that traverses that symlink, ++# extracting the archive tree could write into an abitrary file selected by ++# the symlink value. ++# Another issue is if an archive contains a file whose path component refers ++# to a parent direcotory. Then extracting that file could write into a file ++# out of current working directory subtree. ++# These tests check extracting of these files is refuses and that they are ++# indeed not created. ++ ++# Suppress croaking errors, the tests produce some. ++Archive::Zip::setErrorHandler(sub {}); ++my ($existed, $ret, $zip, $allowed_file, $forbidden_file); ++ ++# Change working directory to a temporary directory because some tested ++# functions operarates there and we need prepared symlinks there. ++my @data_path = (File::Spec->splitdir(File::Spec->rel2abs('.')), 't', 'data'); ++ok(chdir TESTDIR, "Working directory changed"); ++ ++# Case 1: ++# link-dir -> /tmp ++# link-dir/gotcha-linkdir ++# writes into /tmp/gotcha-linkdir file. ++SKIP: { ++ # Symlink tests make sense only if a file system supports them. ++ my $link = 'trylink'; ++ $ret = eval { symlink('.', $link)}; ++ skip 'Symbolic links are not supported', 12 if $@; ++ unlink $link; ++ ++ # Extracting an archive tree must fail ++ $zip = Archive::Zip->new(); ++ isa_ok($zip, 'Archive::Zip'); ++ is($zip->read(File::Spec->catfile(@data_path, 'link-dir.zip')), AZ_OK, ++ 'Archive read'); ++ $existed = -e File::Spec->catfile('', 'tmp', 'gotcha-linkdir'); ++ $ret = eval { $zip->extractTree() }; ++ is($ret, AZ_ERROR, 'Tree extraction aborted'); ++ SKIP: { ++ skip 'A canary file existed before the test', 1 if $existed; ++ ok(! -e File::Spec->catfile('link-dir', 'gotcha-linkdir'), ++ 'A file was not created in a symlinked directory'); ++ } ++ ok(unlink(File::Spec->catfile('link-dir')), 'link-dir removed'); ++ ++ # The same applies to extracting an archive member without an explicit ++ # local file name. It must abort. ++ $link = 'link-dir'; ++ ok(symlink('.', $link), 'A symlink to a directory created'); ++ $forbidden_file = File::Spec->catfile($link, 'gotcha-linkdir'); ++ $existed = -e $forbidden_file; ++ $ret = eval { $zip->extractMember('link-dir/gotcha-linkdir') }; ++ is($ret, AZ_ERROR, 'Member extraction without a local name aborted'); ++ SKIP: { ++ skip 'A canary file existed before the test', 1 if $existed; ++ ok(! -e $forbidden_file, ++ 'A file was not created in a symlinked directory'); ++ } ++ ++ # But allow extracting an archive member into a supplied file name ++ $allowed_file = File::Spec->catfile($link, 'file'); ++ $ret = eval { $zip->extractMember('link-dir/gotcha-linkdir', $allowed_file) }; ++ is($ret, AZ_OK, 'Member extraction passed'); ++ ok(-e $allowed_file, 'File created'); ++ ok(unlink($allowed_file), 'File removed'); ++ ok(unlink($link), 'A symlink to a directory removed'); ++} ++ ++# Case 2: ++# unexisting/../../../../../tmp/gotcha-dotdot-unexistingpath ++# writes into ../../../../tmp/gotcha-dotdot-unexistingpath, that is ++# /tmp/gotcha-dotdot-unexistingpath file if CWD is not deeper than ++# 4 directories. ++$zip = Archive::Zip->new(); ++isa_ok($zip, 'Archive::Zip'); ++is($zip->read(File::Spec->catfile(@data_path, ++ 'dotdot-from-unexistant-path.zip')), AZ_OK, 'Archive read'); ++$forbidden_file = File::Spec->catfile('..', '..', '..', '..', 'tmp', ++ 'gotcha-dotdot-unexistingpath'); ++$existed = -e $forbidden_file; ++$ret = eval { $zip->extractTree() }; ++is($ret, AZ_ERROR, 'Tree extraction aborted'); ++SKIP: { ++ skip 'A canary file existed before the test', 1 if $existed; ++ ok(! -e $forbidden_file, 'A file was not created in a parent directory'); ++} ++ ++# The same applies to extracting an archive member without an explicit local ++# file name. It must abort. ++$existed = -e $forbidden_file; ++$ret = eval { $zip->extractMember( ++ 'unexisting/../../../../../tmp/gotcha-dotdot-unexistingpath', ++ ) }; ++is($ret, AZ_ERROR, 'Member extraction without a local name aborted'); ++SKIP: { ++ skip 'A canary file existed before the test', 1 if $existed; ++ ok(! -e $forbidden_file, 'A file was not created in a parent directory'); ++} ++ ++# But allow extracting an archive member into a supplied file name ++ok(mkdir('directory'), 'Directory created'); ++$allowed_file = File::Spec->catfile('directory', '..', 'file'); ++$ret = eval { $zip->extractMember( ++ 'unexisting/../../../../../tmp/gotcha-dotdot-unexistingpath', ++ $allowed_file ++ ) }; ++is($ret, AZ_OK, 'Member extraction passed'); ++ok(-e $allowed_file, 'File created'); ++ok(unlink($allowed_file), 'File removed'); ++ ++# Case 3: ++# link-file -> /tmp/gotcha-samename ++# link-file ++# writes into /tmp/gotcha-samename. It must abort. (Or replace the symlink in ++# more relaxed mode in the future.) ++$zip = Archive::Zip->new(); ++isa_ok($zip, 'Archive::Zip'); ++is($zip->read(File::Spec->catfile(@data_path, 'link-samename.zip')), AZ_OK, ++ 'Archive read'); ++$existed = -e File::Spec->catfile('', 'tmp', 'gotcha-samename'); ++$ret = eval { $zip->extractTree() }; ++is($ret, AZ_ERROR, 'Tree extraction aborted'); ++SKIP: { ++ skip 'A canary file existed before the test', 1 if $existed; ++ ok(! -e File::Spec->catfile('', 'tmp', 'gotcha-samename'), ++ 'A file was not created through a symlinked file'); ++} ++ok(unlink(File::Spec->catfile('link-file')), 'link-file removed'); ++ ++# The same applies to extracting an archive member using extractMember() ++# without an explicit local file name. It must abort. ++my $link = 'link-file'; ++my $target = 'target'; ++ok(symlink($target, $link), 'A symlink to a file created'); ++$forbidden_file = File::Spec->catfile($target); ++$existed = -e $forbidden_file; ++# Select a member by order due to same file names. ++my $member = ${[$zip->members]}[1]; ++ok($member, 'A member to extract selected'); ++$ret = eval { $zip->extractMember($member) }; ++is($ret, AZ_ERROR, ++ 'Member extraction using extractMember() without a local name aborted'); ++SKIP: { ++ skip 'A canary file existed before the test', 1 if $existed; ++ ok(! -e $forbidden_file, ++ 'A symlinked target file was not created'); ++} ++ ++# But allow extracting an archive member using extractMember() into a supplied ++# file name. ++$allowed_file = $target; ++$ret = eval { $zip->extractMember($member, $allowed_file) }; ++is($ret, AZ_OK, 'Member extraction using extractMember() passed'); ++ok(-e $allowed_file, 'File created'); ++ok(unlink($allowed_file), 'File removed'); ++ ++# The same applies to extracting an archive member using ++# extractMemberWithoutPaths() without an explicit local file name. ++# It must abort. ++$existed = -e $forbidden_file; ++# Select a member by order due to same file names. ++$ret = eval { $zip->extractMemberWithoutPaths($member) }; ++is($ret, AZ_ERROR, ++ 'Member extraction using extractMemberWithoutPaths() without a local name aborted'); ++SKIP: { ++ skip 'A canary file existed before the test', 1 if $existed; ++ ok(! -e $forbidden_file, ++ 'A symlinked target file was not created'); ++} ++ ++# But allow extracting an archive member using extractMemberWithoutPaths() ++# into a supplied file name. ++$allowed_file = $target; ++$ret = eval { $zip->extractMemberWithoutPaths($member, $allowed_file) }; ++is($ret, AZ_OK, 'Member extraction using extractMemberWithoutPaths() passed'); ++ok(-e $allowed_file, 'File created'); ++ok(unlink($allowed_file), 'File removed'); ++ok(unlink($link), 'A symlink to a file removed'); +diff --git a/t/data/dotdot-from-unexistant-path.zip b/t/data/dotdot-from-unexistant-path.zip +new file mode 100644 +index 0000000000000000000000000000000000000000..faaa5bb95c4310ad3dfa8ea7bbad6850da3f2095 +GIT binary patch +literal 245 +zcmWIWW@Zs#0D%jBS9~Vyb&-_^vO(Aih)eTQD>92qGV{{)_4H6sNp69DdVWcAMxt&? +zehCoiBGeWnmSjNWtQ7S06v{J8G87Q93LxnKZ$>5&X51D7?FNHwjUWo48O04iClPW+ +TfHx}}$OJ|p%mC8mAPxfn{*XXp + +literal 0 +HcmV?d00001 + +diff --git a/t/data/link-dir.zip b/t/data/link-dir.zip +new file mode 100644 +index 0000000000000000000000000000000000000000..99fbb437ec0bd694b8122cdb1ce8221a3da2e453 +GIT binary patch +literal 260 +zcmWIWW@Zs#0D= 5.4 +BuildRequires: perl(Config) +BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76 +BuildRequires: perl(strict) +# Run-time +BuildRequires: perl(:VERSION) >= 5.6 +BuildRequires: perl(bytes) +BuildRequires: perl(Carp) +BuildRequires: perl(Compress::Raw::Zlib) +BuildRequires: perl(constant) +BuildRequires: perl(Cwd) +BuildRequires: perl(Data::Dumper) +BuildRequires: perl(Encode) +BuildRequires: perl(Exporter) +BuildRequires: perl(File::Basename) +BuildRequires: perl(File::Copy) +BuildRequires: perl(File::Find) +BuildRequires: perl(File::Path) +BuildRequires: perl(File::Spec) >= 0.80 +BuildRequires: perl(File::Temp) +BuildRequires: perl(FileHandle) +BuildRequires: perl(integer) +BuildRequires: perl(IO::File) +BuildRequires: perl(IO::Seekable) +BuildRequires: perl(Time::Local) +BuildRequires: perl(vars) +# Tests +BuildRequires: perl(File::Spec::Unix) +# IO::Scalar not used +BuildRequires: perl(lib) +BuildRequires: perl(Test::MockModule) +BuildRequires: perl(Test::More) >= 0.88 +BuildRequires: perl(utf8) +BuildRequires: perl(warnings) +BuildRequires: unzip +BuildRequires: zip +Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) +Requires: perl(Exporter) +Requires: perl(File::Spec) >= 0.80 + +# Remove under-specified dependencies +%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(File::Spec\\)$ + +%description +The Archive::Zip module allows a Perl program to create, manipulate, +read, and write Zip archive files. +Zip archives can be created, or you can read from existing zip files. +Once created, they can be written to files, streams, or strings. +Members can be added, removed, extracted, replaced, rearranged, and +enumerated. They can also be renamed or have their dates, comments, +or other attributes queried or modified. Their data can be compressed +or uncompressed as needed. Members can be created from members in +existing Zip files, or from existing directories, files, or strings. + + +%prep +%autosetup -S git -n Archive-Zip-%{version} +for F in examples/*.pl; do + perl -MExtUtils::MakeMaker -e "ExtUtils::MM_Unix->fixin(q{$F})" +done + + +%build +perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 +make %{?_smp_mflags} + + +%install +make pure_install DESTDIR=$RPM_BUILD_ROOT +%{_fixperms} $RPM_BUILD_ROOT/* + + +%check +make test + + +%files +%doc Changes examples/ +%{_bindir}/crc32 +%{perl_vendorlib}/Archive/ +%{_mandir}/man3/Archive*.3* + + +%changelog +* Tue Jul 10 2018 Petr Pisar - 1.60-3 +- Fix CVE-2018-10860 (a directory and symbolic link traversal) (bug #1596131) + +* Thu Feb 08 2018 Fedora Release Engineering - 1.60-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Dec 20 2017 Jitka Plesnikova - 1.60-1 +- 1.60 bump + +* Tue Dec 19 2017 Petr Pisar - 1.59-6 +- Fix shellbang in examples/selfex.pl documentation (CPAN RT#123913) +- Modernize spec file + +* Thu Jul 27 2017 Fedora Release Engineering - 1.59-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jun 05 2017 Jitka Plesnikova - 1.59-4 +- Perl 5.26 rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 1.59-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Sep 20 2016 Petr Pisar - 1.59-2 +- License tag corrected to ((GPL+ or Artistic) and BSD) + +* Fri Aug 12 2016 Jitka Plesnikova - 1.59-1 +- 1.59 bump + +* Mon Aug 08 2016 Jitka Plesnikova - 1.58-1 +- 1.58 bump + +* Sun May 15 2016 Jitka Plesnikova - 1.57-2 +- Perl 5.24 rebuild + +* Mon Apr 04 2016 Jitka Plesnikova - 1.57-1 +- 1.57 bump + +* Thu Feb 04 2016 Fedora Release Engineering - 1.56-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Dec 21 2015 Jitka Plesnikova - 1.56-1 +- 1.56 bump + +* Mon Dec 07 2015 Jitka Plesnikova - 1.55-1 +- 1.55 bump + +* Fri Sep 25 2015 Jitka Plesnikova - 1.53-1 +- 1.53 bump + +* Tue Sep 22 2015 Jitka Plesnikova - 1.51-1 +- 1.51 bump + +* Wed Aug 26 2015 Jitka Plesnikova - 1.50-1 +- 1.50 bump + +* Mon Aug 03 2015 Petr Pisar - 1.49-1 +- 1.49 bump + +* Fri Jun 19 2015 Jitka Plesnikova - 1.48-1 +- 1.48 bump + +* Thu Jun 18 2015 Jitka Plesnikova - 1.47-1 +- 1.47 bump + +* Thu Jun 18 2015 Fedora Release Engineering - 1.46-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Jun 03 2015 Jitka Plesnikova - 1.46-2 +- Perl 5.22 rebuild + +* Wed Mar 25 2015 Jitka Plesnikova - 1.46-1 +- 1.46 bump + +* Tue Feb 10 2015 Jitka Plesnikova - 1.45-1 +- 1.45 bump + +* Thu Jan 15 2015 Petr Pisar - 1.39-2 +- Correct dependencies +- Improve sharpbang fix + +* Wed Oct 22 2014 Jitka Plesnikova - 1.39-1 +- 1.39 bump + +* Wed Sep 10 2014 Jitka Plesnikova - 1.38-1 +- 1.38 bump + +* Wed Aug 27 2014 Jitka Plesnikova - 1.37-3 +- Perl 5.20 rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.37-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Jan 15 2014 Jitka Plesnikova - 1.37-1 +- 1.37 bump + +* Thu Jan 02 2014 Jitka Plesnikova - 1.36-1 +- 1.36 bump + +* Tue Dec 10 2013 Jitka Plesnikova - 1.34-1 +- 1.34 bump + +* Fri Nov 22 2013 Jitka Plesnikova - 1.33-1 +- 1.33 bump + +* Sat Aug 03 2013 Fedora Release Engineering - 1.30-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Jul 18 2013 Petr Pisar - 1.30-12 +- Perl 5.18 rebuild + +* Thu Feb 14 2013 Fedora Release Engineering - 1.30-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Jul 20 2012 Fedora Release Engineering - 1.30-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 11 2012 Petr Pisar - 1.30-9 +- Perl 5.16 rebuild +- Specify all dependencies + +* Mon Mar 19 2012 Marcela Mašláňová - 1.30-8 +- 543660 apply patch from rt cpan 54827 + +* Fri Jan 13 2012 Fedora Release Engineering - 1.30-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Jul 19 2011 Petr Sabata - 1.30-6 +- Perl mass rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 1.30-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Dec 15 2010 Marcela Maslanova - 1.30-4 +- 661697 rebuild for fixing problems with vendorach/lib + +* Thu Apr 29 2010 Marcela Maslanova - 1.30-3 +- Mass rebuild with perl-5.12.0 + +* Mon Dec 7 2009 Stepan Kasal - 1.30-2 +- rebuild against perl 5.10.1 + +* Mon Jul 27 2009 Marcela Mašláňová - 1.30-1 +- update to 1.30 + +* Sat Jul 25 2009 Fedora Release Engineering - 1.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 1.23-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri May 16 2008 Steven Pritchard 1.23-1 +- Update to 1.23. + +* Wed Feb 27 2008 Tom "spot" Callaway - 1.20-5 +- Rebuild for perl 5.10 (again) + +* Fri Jan 11 2008 Tom "spot" Callaway - 1.20-4 +- rebuild for new perl + +* Thu Aug 23 2007 Robin Norwood - 1.20-3 +- Fix license tag + +* Wed Jun 27 2007 Robin Norwood - 1.20-2 +- Resolves: rhbz#226240 +- Incorporate changes from Steven Pritchard's package review +- Fix find option order. +- Use fixperms macro instead of our own chmod incantation. +- Remove check macro cruft. +- Update build dependencies. +- Package LICENSE. +- BR unzip, zip for better test coverage. + +* Tue Jun 05 2007 Robin Norwood - 1.20-1 +- Update to latest CPAN version: 1.20 +- Fix broken changelog + +* Wed Jul 12 2006 Jesse Keating - 1.16-1.2.1 +- rebuild + +* Fri Feb 03 2006 Jason Vas Dias - 1.16-1.2 +- rebuilt for new perl-5.8.8 + +* Fri Dec 16 2005 Jesse Keating +- rebuilt for new gcc + +* Mon Jul 11 2005 Jose Pedro Oliveira - 1.16-1 +- Update to 1.16. + +* Thu Apr 14 2005 Jose Pedro Oliveira - 1.14-1 +- Update to 1.14. + +* Fri Apr 8 2005 Michael Schwendt +- rebuilt + +* Sun Aug 15 2004 Ville Skyttä - 0:1.12-0.fdr.1 +- Update to 1.12. + +* Tue Jul 6 2004 Ville Skyttä - 0:1.11-0.fdr.1 +- Update to 1.11. +- Bring up to date with current fedora.us Perl spec template. + +* Sun Apr 18 2004 Ville Skyttä - 0:1.10-0.fdr.1 +- Update to 1.10. +- Reduce directory ownership bloat. +- Require perl(:MODULE_COMPAT_*). + +* Fri Nov 28 2003 Ville Skyttä - 0:1.09-0.fdr.1 +- Update to 1.09. + +* Wed Oct 22 2003 Ville Skyttä - 0:1.08-0.fdr.1 +- Update to 1.08. + +* Tue Oct 21 2003 Ville Skyttä - 0:1.07-0.fdr.1 +- Update to 1.07. + +* Sun Sep 14 2003 Ville Skyttä - 0:1.06-0.fdr.1 +- Update to 1.06. +- Specfile cleanups. + +* Sun Jun 8 2003 Ville Skyttä - 0:1.05-0.fdr.1 +- First build.