CVS commit: pkgsrc/textproc/p5-YAML-Syck

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/p5-YAML-Syck
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Tue, 12 May 2026 18:35:43 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Tue May 12 18:35:43 UTC 2026

Modified Files:
        pkgsrc/textproc/p5-YAML-Syck: Makefile distinfo

Log Message:
p5-YAML-Syck: update to 1.45.

1.45 Apr 23 2026

  [Bug Fixes]
  - Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash
    in base64 encode/decode buffers; also plugs a memory leak (PR #189)
  - Fix: clear type tag on blessed scalar alias early-return so the stale
    tag no longer leaks onto the next emitted item (GH #193, PR #194)
  - Fix: negative float#base60 values produce wrong results; strip sign
    before accumulating and avoid negative zero for portable
    stringification (PR #191)
  - Fix: prevent memory leaks when Load/LoadJSON croak on parse errors
    (PR #192)

  [Maintenance]
  - Test: add coverage for SortKeys and JSON MaxDepth (PR #188)
  - Test: add error handling coverage for LoadFile/DumpFile (PR #190)
  - Update README

1.44 Apr 02 2026

  [Bug Fixes]
  - Fix: positive hex and octal values parsed as 0 with ImplicitTyping
    (PR #187)
  - Fix: resolve uintptr_t redefinition error on Win64 MinGW
    (PR #186)

1.43 Apr 01 2026

  [Bug Fixes]
  - Fix: prevent resource leaks on croak/early-return paths in Dump
    (PR #161)
  - Fix: prevent output SV leaks on croak in Dump/DumpFile callers
    (PR #163)
  - Fix: Load() in list context returns empty list for empty/undef input;
    also applies to LoadBytes and LoadUTF8 (GH #164, PR #165)
  - Fix: DumpCode serializes prototype string instead of code body
    (PR #168)
  - Fix: memory leak in !perl/scalar Load — newRV_inc should be
    newRV_noinc (PR #170)
  - Fix: add pTHX_ to SAVEDESTRUCTOR_X callback for threaded Perl
    (GH #175, PR #176)
  - Fix: add TODO guard for eval_pv leak on Perl < 5.14
    (GH #179, PR #180)
  - Fix: negative hex and octal values parsed as 0 with ImplicitTyping
    (PR #183)
  - Fix: negative int#base60 values produce unsigned wraparound (PR #185)

  [Improvements]
  - Modernize META_MERGE for CPANTS compliance (PR #162)
  - Fix hash table size handling and remove compile warnings in syck_st
    (PR #174)

  [Maintenance]
  - Restore TODO guard for Dump code leak test on Perl < 5.26 (PR #167)
  - Resolve 2010 TODO in perl_json_postprocess with test coverage
    (PR #166)
  - CI: upgrade actions to resolve Node.js 20 deprecation warnings
    (PR #177)

1.42 Mar 27 2026

  [Bug Fixes]
  - Fix: replace strtok() with strpbrk() and fix sign-compare warnings in
    perl_syck.h (PR #145)
  - Fix: terminate plain scalars at document boundaries --- and ... (PR #150)
  - Fix: skip %TAG and %YAML directives in document header (PR #151)
  - Fix: plug SV leak when eval_pv croaks on bad perl/code blocks (PR #153)
  - Fix: allow non-specific tag '!' before block scalars (GH #27, PR #102)
  - Fix: remove spurious %type <nodeId> for indent_open in gram.y
    (GH #157, PR #158)
  - Fix: use modern bison %define api.prefix directive (GH #159, PR #160)

  [Improvements]
  - Implement YAML merge key (<<) support (PR #149)

  [Maintenance]
  - Remove dead Perl 5.6/5.8 version guards from test files (PR #146)
  - Add YAML 1.0 spec compliance audit and coverage tests (PR #148)
  - Add comprehensive round-trip tests for YAML 1.0 spec features (PR #152)
  - Remove unneeded TODO in t/json-basic.t (PR #154)
  - Add regex Dump/Load/round-trip tests to perl tag scheme (PR #155)
  - Do not require a .y file to build YAML::Syck; add brew support for bison
  - Don't ship docs/ directory in tarball

1.41 Mar 22 2026

  [Bug Fixes]
  - Fix float parsing on -Dusequadmath perls: use Perl's Atof() instead of
    strtod() so that floats like -3.14 are not corrupted by double-precision
    rounding artifacts (GH #140, PR #141)

1.39 Mar 21 2026

  [Bug Fixes]
  - Fix t/yaml-implicit-typing.t failure with -Duselongdouble perls (GH #138, PR #139)

1.38 Mar 20 2026

  [Bug Fixes]
  - Fix: escape solidus (/) as \/ in JSON::Syck::Dump for XSS safety (GH #125, PR #130)
  - Fix: anchor tracking for blessed scalar refs in Dump (GH #126, PR #131)
  - Fix: prevent buffer underflow in base60 (sexagesimal) parsing (PR #133)
  - Fix: guard against NULL type from strtok in tag parsing (PR #135)
  - Fix: correct copy-paste bug in syck_seq_assign() ASSERT macros (PR #137)

  [Improvements]
  - Resolve TODO tests for empty/invalid YAML to match actual behavior (GH #127, PR #129)

  [Maintenance]
  - Remove dead Perl 5.6 TODOs and convert 5.8 TODO to SKIP (PR #129)
  - Add comprehensive implicit type resolution test suite (PR #137)
  - Update MANIFEST to include all unit tests
  - Clean up test names to remove unnecessary numbering

1.37 Mar 18 2026

  [Features]
  - Add LoadBytes, LoadUTF8, DumpBytes, DumpUTF8 functions (GH #51)

  [Fixes]
  - Fix heap buffer overflow in the YAML emitter - CVE-2026-4177 (GH #67)
  - Fix DumpFile with tied filehandles (IO::String, IO::Scalar) (GH #22)
  - Fix _is_glob to recognize IO::Handle subclasses (GH #23)
  - Fix memory leak when dumping filehandles (RT#41199, GH #42)
  - Fix dumping of tied hashes (GH #31)
  - Fix dumping strings starting with '...' as unquoted plain scalars (GH #34)
  - Fix dumping strings with tabs and carriage returns as plain scalars (GH #59)
  - Fix double-dash YAML parsing (RT#34073, GH #35)
  - Fix extra newline after empty arrays/hashes in YAML output (GH #36)
  - Remove trailing whitespace from YAML output lines (GH #37, #38, #39)
  - Fix quoting of \r and \t in YAML output instead of emitting raw bytes (GH #40)
  - Fix growing !!perl/regexp objects in roundtrips (GH #43)
  - Fix quoted '=' being transformed into 'str' (GH #45)
  - Fix backslash-space escape in double-quoted YAML strings (GH #61)
  - Fix flow sequence comma separator not recognized without trailing space (GH #60)
  - Fix wide character warning in DumpFile (GH #28)
  - Fix inline arrays without space after comma (GH #25)
  - Fix: quote strings matching YAML implicit types to prevent roundtrip failures (GH #26)
  - Fix JSON::Syck::Dump to use JSON-valid \uXXXX escapes in output (GH #21)
  - Fix JSON::Syck::Load decoding of \/ and \uXXXX escape sequences (GH #30)
  - Fix: apply JSON postprocessing to JSON::Syck::DumpFile output (GH #104)
  - Fix: add tied-filehandle fallback to JSON::Syck::DumpFile (GH #98)
  - Fix: handle JSON escape sequences in SingleQuote mode Load (GH #99)
  - Fix: restore Perl 5.8 compatibility in test suite (GH #121)
  - Fix: correct copy-paste error in Makefile.PL clean target (GH #101)
  - Fix: correct $SortKeys POD default from false to true (GH #100)
  - Fix: correct POD documentation errors (GH #103)

  [Maintenance]
  - Add C23-compatible function prototypes for GCC 15 compatibility (GH #112)
  - Silence macOS compiler warnings (GH #92)
  - Guard stdint.h include for portability (HP-UX 11.11) (GH #33)
  - Guard stdint.h include in syck_st.h for portability (GH #24)
  - Update ppport.h to 3.68
  - Add regression tests for magical variable dumping (GH #32)
  - CI: modernize GitHub Actions workflow (GH #123, #124)
  - CI: add disttest job to validate MANIFEST completeness

1.36 Oct 10 2025

- Address memory corruption leading to 'str' value being set on empty keys
  Thanks @timlegge

1.35 Oct 9 2025

- Address parsing error related to string detection on read for empty strings.


To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 pkgsrc/textproc/p5-YAML-Syck/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/textproc/p5-YAML-Syck/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/p5-YAML-Syck/Makefile
diff -u pkgsrc/textproc/p5-YAML-Syck/Makefile:1.40 pkgsrc/textproc/p5-YAML-Syck/Makefile:1.41
--- pkgsrc/textproc/p5-YAML-Syck/Makefile:1.40  Fri Jul  4 08:48:44 2025
+++ pkgsrc/textproc/p5-YAML-Syck/Makefile       Tue May 12 18:35:42 2026
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.40 2025/07/04 08:48:44 wiz Exp $
+# $NetBSD: Makefile,v 1.41 2026/05/12 18:35:42 wiz Exp $
 
-DISTNAME=      YAML-Syck-1.34
+DISTNAME=      YAML-Syck-1.45
 PKGNAME=       p5-${DISTNAME}
-PKGREVISION=   5
 CATEGORIES=    textproc perl5
-MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:=YAML/}
+MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:=../../authors/id/T/TO/TODDR/}
 
 MAINTAINER=    bad%NetBSD.org@localhost
-HOMEPAGE=      https://metacpan.org/release/AUDREYT/YAML-Syck-1.07
+HOMEPAGE=      https://metacpan.org/pod/YAML::Syck
 COMMENT=       Fast, lightweight YAML loader and dumper
 LICENSE=       mit AND 2-clause-bsd
 

Index: pkgsrc/textproc/p5-YAML-Syck/distinfo
diff -u pkgsrc/textproc/p5-YAML-Syck/distinfo:1.22 pkgsrc/textproc/p5-YAML-Syck/distinfo:1.23
--- pkgsrc/textproc/p5-YAML-Syck/distinfo:1.22  Tue Oct 26 11:22:55 2021
+++ pkgsrc/textproc/p5-YAML-Syck/distinfo       Tue May 12 18:35:42 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.22 2021/10/26 11:22:55 nia Exp $
+$NetBSD: distinfo,v 1.23 2026/05/12 18:35:42 wiz Exp $
 
-BLAKE2s (YAML-Syck-1.34.tar.gz) = 7aa5335d535baff1f786ab7c0df191076d091ee24f06afd6991d7713f0e537ea
-SHA512 (YAML-Syck-1.34.tar.gz) = 18288f54026823e84b2d642d880d7758c5d95ba4b56d3fcf758efe59303ea71a49822d7c000b4c7b0629eccd4dcf3c940bc1c26f2b2ef89e4fdba78a35c04760
-Size (YAML-Syck-1.34.tar.gz) = 166886 bytes
+BLAKE2s (YAML-Syck-1.45.tar.gz) = 168d225b3aab55af244c876c8c2c306c07ab44031ba7c5525ffa260bcead35f4
+SHA512 (YAML-Syck-1.45.tar.gz) = ed719ef609c1a3f938cee8e03b41a989805d7681ba7e44bc6326162c285ff542fce77f3f3ea3ba6e576ad1a9bfa762b7af8cf009041ed312f5bd01b5635d125a
+Size (YAML-Syck-1.45.tar.gz) = 264328 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index