.gitignore

@@ -1 +1 @@
-SOURCES/YAML-LibYAML-0.70.tar.gz
+SOURCES/YAML-LibYAML-0.82.tar.gz

.perl-YAML-LibYAML.metadata

@@ -1 +1 @@
-6b3211de4382b43a06a6941ec8321c2fbefa03bf SOURCES/YAML-LibYAML-0.70.tar.gz
+92ba858a2594e7e18472cc03e91b12dc921810a9 SOURCES/YAML-LibYAML-0.82.tar.gz

SOURCES/YAML-LibYAML-0.79-Unbundled-libyaml.patch

@@ -0,0 +1,12 @@
+diff -up YAML-LibYAML-0.79/LibYAML/Makefile.PL.orig YAML-LibYAML-0.79/LibYAML/Makefile.PL
+--- YAML-LibYAML-0.79/LibYAML/Makefile.PL.orig	2019-06-11 21:35:34.000000000 +0200
++++ YAML-LibYAML-0.79/LibYAML/Makefile.PL	2019-06-12 08:53:09.437296055 +0200
+@@ -25,7 +25,7 @@ WriteMakefile(
+     # CCFLAGS => '-pedantic -Wall',
+     # CCFLAGS => '-Wall',
+     DEFINE => $DEFINE,
+-    LIBS => [''], # e.g., '-lm'
++    LIBS => ['-lyaml'], # e.g., '-lm'
+     INC => '-I.',
+     OBJECT => $obj_files,
+     ABSTRACT_FROM => 'lib/YAML/XS/LibYAML.pm',

SOURCES/YAML-LibYAML-0.903-Use-3-arg-form-of-open-in-LoadFile.patch

@@ -1,27 +0,0 @@
-From 5fe9daed726c06900c3cd41a739460057bec6dc3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tina=20M=C3=BCller?= <cpan2@tinita.de>
-Date: Wed, 29 Jan 2025 21:17:28 +0100
-Subject: [PATCH] Use 3-arg form of open in LoadFile
-
-Fixes https://github.com/ingydotnet/yaml-libyaml-pm/issues/120
-
-Otherwise `$filename = ">file.yaml"; LoadFile($filename)` will truncate a file.
-
-One should check untrusted filenames in any case, though.
----
- lib/YAML/XS.pm | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/YAML/XS.pm b/lib/YAML/XS.pm
-index 66ff5ba..e8df694 100644
---- a/lib/YAML/XS.pm
-+++ b/lib/YAML/XS.pm
-@@ -54,7 +54,7 @@ sub LoadFile {
-         $IN = $filename;
-     }
-     else {
--        open $IN, $filename
-+        open $IN, '<', $filename
-           or die "Can't open '$filename' for input:\n$!";
-     }
-     return YAML::XS::LibYAML::Load(do { local $/; local $_ = <$IN> });

SOURCES/YAML-LibYAML-0.903-regress-test-for-3args-open.patch

@@ -1,76 +0,0 @@
-From d287c87f41d5b0438d94d8fad1f285d17530fc69 Mon Sep 17 00:00:00 2001
-From: Shlomi Fish <shlomif@shlomifish.org>
-Date: Fri, 7 Feb 2025 15:08:56 +0200
-Subject: [PATCH] regress test for GH#120. 3args open.
-
----
- Makefile.PL        |  4 ++++
- t/security-gh120.t | 28 ++++++++++++++++++++++++++++
- 2 files changed, 32 insertions(+)
- create mode 100644 t/security-gh120.t
-
-#diff --git a/Makefile.PL b/Makefile.PL
-#index 49a917d..371533a 100644
-#--- a/Makefile.PL
-#+++ b/Makefile.PL
-#@@ -26,10 +26,12 @@ my %WriteMakefileArgs = (
-#     "warnings" => 0
-#   },
-#   "TEST_REQUIRES" => {
-#+    "Cwd" => 0,
-#     "Devel::Peek" => 0,
-#     "Encode" => 0,
-#     "File::Find" => 0,
-#     "File::Path" => 0,
-#+    "File::Temp" => 0,
-#     "FindBin" => 0,
-#     "IO::File" => 0,
-#     "IO::Pipe" => 0,
-#@@ -50,11 +52,13 @@ my %WriteMakefileArgs = (
-# 
-# my %FallbackPrereqs = (
-#   "B::Deparse" => 0,
-#+  "Cwd" => 0,
-#   "Devel::Peek" => 0,
-#   "Encode" => 0,
-#   "Exporter" => 0,
-#   "File::Find" => 0,
-#   "File::Path" => 0,
-#+  "File::Temp" => 0,
-#   "FindBin" => 0,
-#   "IO::File" => 0,
-#   "IO::Pipe" => 0,
-diff --git a/t/security-gh120.t b/t/security-gh120.t
-new file mode 100644
-index 0000000..1102550
---- /dev/null
-+++ b/t/security-gh120.t
-@@ -0,0 +1,28 @@
-+use FindBin '$Bin';
-+use lib $Bin;
-+use TestYAMLTests tests => 1;
-+
-+# https://github.com/ingydotnet/yaml-libyaml-pm/issues/120
-+#
-+
-+use YAML::XS   qw/DumpFile LoadFile/;
-+use File::Temp qw/ tempdir /;
-+
-+use Cwd qw/ getcwd /;
-+
-+my $PWD = getcwd();
-+my $dir = tempdir( CLEANUP => 1 );
-+
-+chdir($dir);
-+
-+my $fn = "dont-clobber-me";
-+open my $fh, ">", ">$fn";
-+$fh->print( "$fn\n" x 500 );
-+close($fh);
-+
-+my $ret = LoadFile(">$fn");
-+
-+my $size = ( -s ">$fn" );
-+ok( scalar( $size > 2000 ), "file was not clobbered; size = '$size'" );
-+
-+chdir($PWD);

SPECS/perl-YAML-LibYAML.spec

@@ -7,26 +7,27 @@
 
 Name:           perl-YAML-LibYAML
 Epoch:          1
-Version:        0.70
-Release:        2%{?dist}
+Version:        0.82
+Release:        6%{?dist}
 Summary:        Perl YAML Serialization using XS and libyaml
 License:        GPL+ or Artistic
 URL:            https://metacpan.org/release/YAML-LibYAML
-Source0:        https://cpan.metacpan.org/authors/id/T/TI/TINITA/YAML-LibYAML-%{version}.tar.gz
-# Use 3-arg form of open in LoadFile (CVE-2025-40908)
-Patch1:         YAML-LibYAML-0.903-Use-3-arg-form-of-open-in-LoadFile.patch
-Patch2:         YAML-LibYAML-0.903-regress-test-for-3args-open.patch
+Source0:        https://cpan.metacpan.org/modules/by-module/YAML/YAML-LibYAML-%{version}.tar.gz
+Patch0:         YAML-LibYAML-0.79-Unbundled-libyaml.patch
 
 # Build
 BuildRequires:  coreutils
 BuildRequires:  findutils
 BuildRequires:  gcc
 BuildRequires:  make
+BuildRequires:  libyaml >= 0.2.4
+BuildRequires:  libyaml-devel >= 0.2.4
 BuildRequires:  perl-devel
 BuildRequires:  perl-generators
 BuildRequires:  perl-interpreter
 BuildRequires:  perl(Config)
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
+BuildRequires:  sed
 
 # Module
 BuildRequires:  perl(B::Deparse)
@@ -42,13 +43,11 @@ BuildRequires:  perl(XSLoader)
 BuildRequires:  perl(B)
 BuildRequires:  perl(blib)
 BuildRequires:  perl(Carp)
-BuildRequires:  perl(Cwd)
 BuildRequires:  perl(Data::Dumper)
 BuildRequires:  perl(Devel::Peek)
 BuildRequires:  perl(Encode)
 BuildRequires:  perl(File::Find)
 BuildRequires:  perl(File::Path)
-BuildRequires:  perl(File::Temp)
 BuildRequires:  perl(Filter::Util::Call)
 BuildRequires:  perl(FindBin)
 BuildRequires:  perl(IO::File)
@@ -68,82 +67,38 @@ BuildRequires:  perl(Path::Class)
 # Dependencies
 Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 Requires:       perl(B::Deparse)
-
-# libyaml is tweaked and bundled
-# https://github.com/ingydotnet/yaml-libyaml-pm/issues/49
-# version number determined by comparing commits in upstream repo:
-# https://bitbucket.org/xi/libyaml/commits/branch/default
-Provides:       bundled(libyaml) = 0.1.7
+Requires:       libyaml >= 0.2.4
 
 # Avoid provides for perl shared objects
 %{?perl_default_filter}
-# Filter modules bundled for tests
-%global __provides_exclude_from %{?__provides_exclude_from:%__provides_exclude_from|}^%{_libexecdir}
-%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Spiffy\\)
-%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(TestYAML.*\\)
-%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Test::Base.*\\)
 
 %description
 Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C
 library is written precisely to the YAML 1.1 specification. It was originally
 bound to Python and was later bound to Ruby.
 
-%package tests
-Summary:        Tests for %{name}
-Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
-Requires:       perl-Test-Harness
-Requires:       perl(Filter::Util::Call)
-
-%description tests
-Tests from %{name}. Execute them
-with "%{_libexecdir}/%{name}/test".
-
 %prep
 %setup -q -n YAML-LibYAML-%{version}
-%patch -P1 -p1
-%patch -P2 -p1
-
-# Help generators to recognize Perl scripts
-for F in t/*.t; do
-    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!.*perl\b}{$Config{startperl}}' "$F"
-    chmod +x "$F"
+# Unbundled libyaml, the source files are the same as in libyaml-0.2.4
+# It was determined by comparing commits in upstream repo:
+# https://github.com/yaml/libyaml/
+%patch0 -p1 -b .orig
+for file in api.c dumper.c emitter.c loader.c parser.c reader.c scanner.c \
+    writer.c yaml.h yaml_private.h; do
+    rm LibYAML/$file
+    sed -i -e "/^LibYAML\/$file/d" MANIFEST
 done
 
 %build
-perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" NO_PACKLIST=1
-make %{?_smp_mflags}
+perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" NO_PACKLIST=1 NO_PERLLOCAL=1
+%{make_build}
 
 %install
-make pure_install DESTDIR=%{buildroot}
+%{make_install}
 find %{buildroot} -type f -name '*.bs' -empty -delete
 %{_fixperms} -c %{buildroot}
 
-# Install tests
-mkdir -p %{buildroot}%{_libexecdir}/%{name}
-cp -a t inc %{buildroot}%{_libexecdir}/%{name}
-# It needs libraries in lib/ not in system directories
-rm %{buildroot}%{_libexecdir}/%{name}/t/000-require-modules.t
-# Remove author test
-rm %{buildroot}%{_libexecdir}/%{name}/t/author-pod-syntax.t
-# Don't use blib
-perl -i -pe 's{^use blib;}{#use blib;}' %{buildroot}%{_libexecdir}/%{name}/t/TestYAML.pm
-perl -i -pe 's{^use_blib: 1}{use_blib: 0}' %{buildroot}%{_libexecdir}/%{name}/t/yaml_tests.yaml
-cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
-#!/bin/bash
-set -e
-# Some tests write into temporary files/directories. The solution is to
-# copy the tests into a writable directory and execute them from there.
-DIR=$(mktemp -d)
-pushd "$DIR"
-cp -a %{_libexecdir}/%{name}/* ./
-prove -I . -I inc -j "$(getconf _NPROCESSORS_ONLN)"
-popd
-rm -rf "$DIR"
-EOF
-chmod +x %{buildroot}%{_libexecdir}/%{name}/test
-
 %check
-export HARNESS_OPTIONS=j$(perl -e 'if ($ARGV[0] =~ /.*-j([0-9][0-9]*).*/) {print $1} else {print 1}' -- '%{?_smp_mflags}')
 make test
 
 %files
@@ -155,12 +110,93 @@ make test
 %{_mandir}/man3/YAML::XS.3*
 %{_mandir}/man3/YAML::XS::LibYAML.3*
 
-%files tests
-%{_libexecdir}/%{name}
-
 %changelog
-* Thu Jun 05 2025 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.70-2
-- Use 3-arg form of open in LoadFile (CVE-2025-40908)
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:0.82-6
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:0.82-5
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.82-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.82-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jun 23 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.82-2
+- Perl 5.32 rebuild
+
+* Sun May  3 2020 Paul Howarth <paul@city-fan.org> - 1:0.82-1
+- Update to 0.82
+  - Updated libyaml sources to 0.2.4; changes affecting YAML::XS are:
+    - Output '...' at the stream end after a block scalar with trailing empty
+      lines
+    - Accept '%%YAML 1.2' directives (they are ignored and do not change
+      behaviour though)
+
+* Tue Jan 28 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.81-1
+- Update to 0.81
+  - Breaking Change: Set $YAML::XS::LoadBlessed default to false to make it
+    more secure
+
+* Thu Aug 22 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.80-1
+- Update to 0.80
+  - Fix memory leak when loading invalid YAML
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.79-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed Jun 12 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.79-1
+- Update to 0.79
+  - Support aliasing scalars resolved as null or booleans
+  - Add YAML::XS::LibYAML::libyaml_version()
+  - Support standard !!int/!!float tags instead of dying
+- Unbundled libyaml, it is identical with upstream 0.2.2
+
+* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.78-2
+- Perl 5.30 rebuild
+
+* Sun May 19 2019 Paul Howarth <paul@city-fan.org> - 1:0.78-1
+- Update to 0.78
+  - Fix double free/core dump when Dump()ing binary data (GH#91)
+  - Update config.h from libyaml
+- Modernize spec using %%{make_build} and %%{make_install}
+
+* Tue Apr 16 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.77-1
+- Update to 0.77
+ - Update libyaml to version 0.2.2 - Most important change for users is that
+   plain urls in flow style can be parsed now
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.76-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Jan 02 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.76-1
+- Update to 0.76
+  - Add $Indent - number of spaces when dumping
+  - Fix typo and links in docs
+
+* Sat Nov  3 2018 Paul Howarth <paul@city-fan.org> - 1:0.75-1
+- Update to 0.75
+  - Implement $LoadCode
+
+* Mon Sep  3 2018 Paul Howarth <paul@city-fan.org> - 1:0.74-1
+- Update to 0.74
+  - Fix tests on older perls
+  - Support back to perl 5.8.1
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.72-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jul 09 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.72-1
+- Update to 0.72
+  - Update to libyaml 0.2.1 - It's forbidden now to escape single
+    quotes inside double quotes
+  - When disabling $LoadBlessed, return scalars not refs
+  - Save anchors also for blessed scalars
+
+* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:0.70-2
+- Perl 5.28 rebuild
 
 * Sun Jun 10 2018 Paul Howarth <paul@city-fan.org> - 1:0.70-1
 - Update to 0.70