Commit graph

51 commits

Author SHA1 Message Date
wiz
8292204475 *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
wen
0383e768be Update to 0.88
Upstream changes:
[Changes for 0.88 - Sat Dec 18 11:34:44 CST 2021]

* Update PAUSE keys to 2022. (@skaji)
2022-05-28 04:52:55 +00:00
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
wiz
6eae1297d5 *: recursive bump for perl 5.34 2021-05-24 19:49:01 +00:00
wiz
670297af5c p5-Module-Signature: update to 0.87.
[Changes for 0.87 - Sat Jul  4 15:04:41 CST 2020]

* Skip 3-verify.t on Crypt::OpenPGP installations. (@pyramation)

[Changes for 0.86 - Thu Jun 25 21:06:24 CST 2020]

* Update PAUSE and ANDK keys to 2020. (@dweekly)

* Update documentation pertaining to SHA1. (@dweekly)

* Fix compatibility with Crypt::OpenPGP. (@niklasholm)
2020-09-07 14:28:55 +00:00
wiz
00da7815c0 *: bump PKGREVISION for perl-5.32. 2020-08-31 18:06:29 +00:00
wiz
84e123ddd2 Bump PKGREVISIONs for perl 5.30.0 2019-08-11 13:17:48 +00:00
nia
d5c846b3af Update packages using a search.cpan.org HOMEPAGE to metacpan.org.
The former now redirects to the latter.

This covers the most simple cases where http://search.cpan.org/dist/name
can be changed to https://metacpan.org/release/name.

Reviewed by hand to hopefully make sure no unwanted changes sneak in.
2019-06-30 20:14:13 +00:00
wiz
1dd377b36d p5-Module-Signature: update to 0.83.
[Changes for 0.83 - Wed Aug 29 17:33:12 JST 2018]

* Update META.yml.
2018-09-02 07:33:35 +00:00
wiz
e910ad949e p5-Module-Signature: update to 0.82.
[Changes for 0.82 - Sun Aug 26 23:00:04 CST 2018]

* Fix CRLF handling on Win32. (@niklasholm)

* Default to SHA256 on new hashes as SHA1 is deprecated. (@niklasholm)
2018-08-29 06:27:47 +00:00
wiz
93b46879c7 Recursive bump for perl5-5.28.0 2018-08-22 09:43:40 +00:00
ryoon
c67e719d43 Fix build with Perl 5.26.0 2017-06-07 14:53:52 +00:00
ryoon
543e538acd Recursive revbump from lang/perl5 5.26.0 2017-06-05 14:24:20 +00:00
wiz
fb91a07281 Updated p5-Module-Signature to 0.81.
No changelog found.
2016-10-05 06:38:41 +00:00
mef
79aa52925e Updated security/p5-Module-Signature to 0.80
--------------------------------------------
ChangeLog unknown for this version
2016-08-06 14:45:16 +00:00
wiz
86a78fce2e Bump PKGREVISION for perl-5.24. 2016-06-08 19:22:13 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
wen
7633763081 Update to 0.79
Upstream changes:
[Changes for 0.79 - Mon May 18 23:02:11 CST 2015]

* Restore "cpansign --skip" functionality.

  Contributed by: CLOOS

[Changes for 0.78 - Thu Apr  9 16:58:27 CST 2015]

* Fix verify() use from cpanm and CPAN.pm.

  Contributed by: ANDK

[Changes for 0.77 - Wed Apr  8 19:36:50 CST 2015]

* Include the latest public keys of PAUSE, ANDK and AUDREYT.

* Clarify scripts/cpansign copyright to CC0.

  Reported by: @pghmcfc

[Changes for 0.76 - Wed Apr  8 18:05:48 CST 2015]

* Fix signature tests by defaulting to verify(skip=>1)
  when $ENV{TEST_SIGNATURE} is true.

  Reported by: @pghmcfc

[Changes for 0.75 - Tue Apr  7 04:56:09 CST 2015]

Two more issues reported by John Lightsey:

* Update ChangeLog.

* More protection of @INC from relative paths.

Fix various issues reported by John Lightsey:

[Changes for 0.74 - Tue Apr  7 02:39:14 CST 2015]

Fix various issues reported by John Lightsey:

* Fix GPG signature parsing logic.

* MANIFEST.SKIP is no longer consulted unless --skip is given.

* Properly use open() modes to avoid injection attacks.
2015-10-04 11:35:42 +00:00
wiz
40bbad7ac6 Comment out dependencies of the style
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.

No effective change for the above reason.

Ok joerg
2015-07-12 18:56:06 +00:00
wiz
2e65d464e8 Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
2015-06-12 10:50:58 +00:00
wiz
e8647fedbb Remove SVR4_PKGNAME, per discussion on tech-pkg. 2014-10-09 13:44:32 +00:00
wiz
905b7d61f0 Update to 0.73:
[Changes for 0.73 - Wed Jun  5 23:44:57 CST 2013]

* Properly redo the previous fix using File::Spec->file_name_is_absolute.

[Changes for 0.72 - Wed Jun  5 23:19:02 CST 2013]

* Only allow loading Digest::* from absolute paths in @INC,
  by ensuring they begin with \ or / characters.

  Contributed by: Florian Weimer (CVE-2013-2145)

[Changes for 0.71 - Tue Jun  4 18:24:10 CST 2013]

* Constrain the user-specified digest name to /^\w+\d+$/.

* Avoid loading Digest::* from relative paths in @INC.

  Contributed by: Florian Weimer (CVE-2013-2145)

[Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]

* Don't check gpg version if gpg does not exist.

  This avoids unnecessary warnings during installation
  when gpg executable is not installed.

  Contributed by: Kenichi Ishigaki

[Changes for 0.69 - Fri Nov  2 23:04:19 CST 2012]

* Support for gpg under these alternate names:

    gpg gpg2 gnupg gnupg2

  Contributed by: Michael Schwern
2014-06-11 20:17:58 +00:00
wiz
7eeb51b534 Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
2014-05-29 23:35:13 +00:00
obache
9b57b4605a Fix/Update DEPENDS paterns for perl CORE modules, with some trivial fixes.
Bump PKGREVISION for runtime dependency pattern changed packages.
2013-12-09 14:17:41 +00:00
wiz
d2ca14a3f1 Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.
2013-05-31 12:39:57 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
wiz
8b5d49eb78 Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.
2012-10-03 21:53:53 +00:00
hiramatsu
5598b89725 Update p5-Module-Signature to 0.68.
Changes from previous:
[Changes for 0.68 - Fri, 13 May 2011 11:51:50 +0200]

* Fix breakage introduced by 0.67 (Andreas König).

[Changes for 0.67 - Sun, 17 Apr 2011 16:29:23 +0200]

* Better handling of \r (Andreas König, Zefram) (Closes RT#46339).
2011-11-13 12:29:01 +00:00
obache
9b0c7b655d Revision bump after updating perl5 to 5.14.1. 2011-08-14 14:42:45 +00:00
sno
bac50ef623 Updating security/p5-Module-Signature from 0.64nb1 to 0.66
pkgsrc changes:
- switch from gnupg-1 (more or less depreciated) to Crypt::OpenPGP and a
  bunch of used encoders and digest modules
- use Module::Install::Bundled module type
- remove patch - works fine with current infrastructure for now

Upstream changes:
[Changes for 0.66 - Fri,  6 Sep 2010 22:51:37 +0200]
  * Fix incompatibility with EU::Manifest 1.54 to 1.57
    (Paul Howarth) (Closes RT#61124).

[Changes for 0.65 - Fri,  3 Sep 2010 21:38:02 +0200]
  * Skip MYMETA (Alexandr Ciornii)
2010-09-08 21:15:28 +00:00
seb
c3f1e700ad Bump the PKGREVISION for all packages which depend directly on perl,
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.

The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.

sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
2010-08-21 16:32:42 +00:00
seb
840ad63bbc Update p5-Module-Signature from version 0.63 to version 0.64.
Pkgsrc changes:
- placate pkglint

Upstream changes:
[Changes for 0.64 - Sun,  9 May 2010 00:50:11 +0200]

* Avoid creating gnupg configuration files for the user invoking Makefile.PL
  (Closes RT#41978).
* Correctly detect the version of gnupg on cygwin and add tests for it
  (Paul Fenwick) (Closes RT#39258).
2010-05-24 16:02:28 +00:00
seb
3e8d4a95a8 Update p5-Module-Signature from version 0.61 to version 0.63.
Upstream changes:
[Changes for 0.63 - Sun, 28 Mar 2010 04:46:27 +0100]

* Fix diagnostic message from Makefile.PL when the user dosn't have gnupg or
  Crypt::OpenPGP (miyagawa).

[Changes for 0.62 - Tue, 23 Mar 2010 22:17:39 +0100]

* Change the default keyserver from the outdated pgp.mit.edu to
  pool.sks-keyservers.net.
2010-04-11 23:55:02 +00:00
wiz
0cd3e9c94f Update to 0.61, set LICENSE to public-domain (see below).
[Changes for 0.61]

* Added "=encoding utf8" to POD to fix author name display.
  No functional changes.

[Changes for 0.60]

* LICENSING CHANGE: This compilation and all individual files in it
  are now under the nullary CC0 1.0 Universal terms:

  To the extent possible under law, 唐鳳 has waived all copyright and
  related or neighboring rights to Module-Signature.

* Updated Module::Install to 0.91, prompted by Florian Ragwitz.
2009-12-15 13:28:13 +00:00
sno
45ae8bcf8f Removing incorrect dependency to PAR::Dist and add license information
according to META.yml (to remove cyclic depend).
2009-08-10 06:40:38 +00:00
joerg
f0bbd1517d Remove @dirrm entries from PLISTs 2009-06-14 18:13:25 +00:00
he
b021813da0 Bump the PKGREVISION for all packages which depend directly on perl,
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.

The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
2008-10-19 19:17:40 +00:00
heinz
7dfe3cb983 Added support for installation to DESTDIR. 2007-06-13 09:50:46 +00:00
wiz
4c28e966f5 Update to 0.55:
[Changes for 0.55 - 2006-07-29]

* ANDK submitted a patch to fix versioning problem when
  the user elects to install Crypt::OpenPGP.

* Major refactoring of the Makefile.PL to ease the installation process.

[Changes for 0.54 - 2006-05-12]

* Fixed a long-standing bug where differing end-of-line conventions
  could cause bogus comparisons in signature checks.

* Fixed another long-standing bug where CRLF text files were hashed
  into different digests under Unix and Dosish platforms.  Now it's
  consistently hashed as if it's been normalized to LF.

* Optional dependencies are no longer installed-by-default.

[Changes for 0.53 - 2006-01-31]

* The explicit call to "readline(D)" didn't compile on earlier perls which
  demanded either "readline(*D)" or "<D>" -- I elected the latter form.
  Reported by: Matthew Persic

* Update my author key to reflect revoked past uids.

[Changes for 0.52 - 2006-01-19]

* POD and source code cleanup; no functional changes.

* Updated my author key to reflect my new name and identity.

* Upgrade to the latest Module::Install to fix Cygwin
  installation problems.
  Reported by: Lyle Ziegelmiller

[Changes for 0.51 - 2006-01-02]

* Even more flexible CRLF handling for SIGNATURE files,
  Contributed by: Andreas Koenig.

[Changes for 0.50 - 2005-08-21]

* Add support for to SHA-256, requested by Mark Shelor in light
  of the recent SHA1 attacks.  SHA1 is still the default, but
  you can now override this by settings MODULE_SIGNATURE_CIPHER
  environment variable to SHA256.

[Changes for 0.45 - 2005-08-09]

* Andreas Koenig ported out that "Import GPG keys?" was asked
  far too many times during autoinstall.
2007-02-27 09:28:33 +00:00
jlam
9c8b5ede43 Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no
developer is officially maintaining the package.

The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list).  Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
2006-03-04 21:28:51 +00:00
joerg
5911def816 Recursive revision bump / recommended bump for gettext ABI change. 2006-02-05 23:08:03 +00:00
seb
37d945e229 Lower expectations, both others' and mine: relinquish stewardship 2005-12-27 13:54:57 +00:00
jlam
7fbb8d9527 Bump the PKGREVISIONs of all (638) packages that hardcode the locations
of Perl files to deal with the perl-5.8.7 update that moved all
pkgsrc-installed Perl files into the "vendor" directories.
2005-08-06 06:19:03 +00:00
wiz
1d9a7ef730 Sync COMMENT with other perl comments. 2005-08-02 14:24:23 +00:00
jlam
7a6521287b Turn PERL5_PACKLIST into a relative path instead of an absolute path.
These paths are now relative to PERL5_PACKLIST_DIR, which currently
defaults to ${PERL5_SITEARCH}.  There is no change to the binary
packages.
2005-07-13 18:01:18 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
agc
d81d19f8e0 Add RMD160 digests. 2005-02-24 12:51:41 +00:00
wiz
60e3561abd [Changes for 0.44 - 2004-12-16]
* Add "pmfiles.dat" to legacy manifest_skip routine to accomodate
  early Win32 hacks.  Reported by Steve Hay via Michael Schwern.

[Changes for 0.43 - 2004-12-16]

* Updated t/0-signature.t to be more friendly with Test::More;
  contributed by Michael Schwern.

* Add $Timeout (default 3 seconds) to control the timeout for
  probing connections to the key server.

* Take account of the .ts files produced by newer MakeMakers
  in the suggested MANIFEST.SKIP list.

[Changes for 0.42 - 2004-11-20]

* Move under SVK version control management; ditch keyword tags.

* Michael Schwern pointed out that during development, the
  "signature.t" file would keep failing.

* Documented how to generate SIGNATURE files as part of "make dist",
  for Module::Install, ExtUtils::MakeMaker and Module::Build users .
2005-02-19 10:35:00 +00:00
grant
908e765695 since perl is now built with threads on most platforms, the perl archlib
module directory has changed (eg. "darwin-2level" vs.
"darwin-thread-multi-2level").

binary packages of perl modules need to be distinguishable between
being built against threaded perl and unthreaded perl, so bump the
PKGREVISION of all perl module packages and introduce
BUILDLINK_RECOMMENDED for perl as perl>=5.8.5nb5 so the correct
dependencies are registered and the binary packages are distinct.

addresses PR pkg/28619 from H. Todd Fujinaka.
2004-12-20 11:30:55 +00:00