New upstream version 2.24

author: gregor herrmann <gregoa@debian.org> 2016-12-27 21:33:11 +0100
committer: gregor herrmann <gregoa@debian.org> 2016-12-27 21:33:11 +0100
commit: d5a66e0a353f840c776ea3a082e9a50b85da5d10 (patch)
tree: da6779bbc85cbc249049c8dbba602bfd01a0b05f
parent: 6c674750e04681af7f75b72299a54a206e9f0198 (diff)
15 files changed, 57 insertions, 25 deletions
diff --git a/Changelog.ini b/Changelog.ini
index 32c94ad..6941222 100644
--- a/Changelog.ini
+++ b/Changelog.ini
@@ -1,8 +1,23 @@
 [Module]
 Name=GraphViz
-Changelog.Creator=Module::Metadata::Changes V 2.10
+Changelog.Creator=Module::Metadata::Changes V 2.11
 Changelog.Parser=Config::IniFiles V 2.88
 
+[V 2.24]
+Date=2016-12-27T10:58:00
+Comments= <<EOT
+- Test with Test::More V 1.001002 rather than V 1.302019, and all tests still pass.
+See RT#115236. Thanx to Kent Fredric for again (sorry!) prompting me over this.
+Lowering the version of Test::More in Makefile.PL is the only change in this version.
+EOT
+
+[V 2.23]
+Date=2016-12-21T08:00:00
+Comments= <<EOT
+- Add no_xxe to XML::Twig instantiation. See RT#118972. Many thanx to Lisa Hare for a
+very well-crafted set of patches provided via github.
+EOT
+
 [V 2.22]
 Date=2016-07-19T09:24:00
 Comments= <<EOT
diff --git a/Changes b/Changes
index 68adfc2..4aeb2b2 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,14 @@
 Revision history for Perl module GraphViz.
 
+2.24  2016-12-27T10:58:00
+	- Test with Test::More V 1.001002 rather than V 1.302019, and all tests still pass.
+		See RT#115236. Thanx to Kent Fredric for again (sorry!) prompting me over this.
+		Lowering the version of Test::More in Makefile.PL is the only change in this version.
+
+2.23  2016-12-21T08:00:00
+	- Add no_xxe to XML::Twig instantiation. See RT#118972. Many thanx to Lisa Hare for a
+		very well-crafted set of patches provided via github.
+
 2.22  2016-07-19T09:24:00
 	- Revert change so we use Test::More instead of Test2::Bundle::Extended.
 		See RT#115236. Thanx to ribasushi for this report, and my apologies for not acting sooner.
@@ -301,4 +310,3 @@ Revision history for Perl module GraphViz.
 
 0.04 Wed Aug  9 16:14:35 2000
 	- first released version
-
diff --git a/META.json b/META.json
index e04db07..96ea81c 100644
--- a/META.json
+++ b/META.json
@@ -4,7 +4,7 @@
       "Leon Brocard <acme@astray.com>"
    ],
    "dynamic_config" : 1,
-   "generated_by" : "ExtUtils::MakeMaker version 7.14, CPAN::Meta::Converter version 2.150005",
+   "generated_by" : "ExtUtils::MakeMaker version 7.22, CPAN::Meta::Converter version 2.150005",
    "license" : [
       "perl_5"
    ],
@@ -43,7 +43,7 @@
             "Parse::RecDescent" : "1.965001",
             "Pod::Usage" : "1.16",
             "Time::HiRes" : "1.51",
-            "XML::Twig" : "3.38",
+            "XML::Twig" : "3.52",
             "XML::XPath" : "1.13",
             "lib" : "0",
             "perl" : "5.006",
@@ -54,7 +54,7 @@
       },
       "test" : {
          "requires" : {
-            "Test::More" : "1.302019",
+            "Test::More" : "1.001002",
             "Test::Pod" : "1.48"
          }
       }
@@ -73,6 +73,6 @@
          "web" : "https://github.com/ronsavage/GraphViz"
       }
    },
-   "version" : "2.22",
-   "x_serialization_backend" : "JSON::PP version 2.27203"
+   "version" : "2.24",
+   "x_serialization_backend" : "JSON::PP version 2.27400"
 }
diff --git a/META.yml b/META.yml
index acc26e5..90b81d6 100644
--- a/META.yml
+++ b/META.yml
@@ -4,12 +4,12 @@ author:
   - 'Leon Brocard <acme@astray.com>'
 build_requires:
   ExtUtils::MakeMaker: '0'
-  Test::More: '1.302019'
+  Test::More: '1.001002'
   Test::Pod: '1.48'
 configure_requires:
   ExtUtils::MakeMaker: '0'
 dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 7.14, CPAN::Meta::Converter version 2.150005'
+generated_by: 'ExtUtils::MakeMaker version 7.22, CPAN::Meta::Converter version 2.150005'
 license: perl
 meta-spec:
   url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -31,7 +31,7 @@ requires:
   Parse::RecDescent: '1.965001'
   Pod::Usage: '1.16'
   Time::HiRes: '1.51'
-  XML::Twig: '3.38'
+  XML::Twig: '3.52'
   XML::XPath: '1.13'
   lib: '0'
   perl: '5.006'
@@ -42,5 +42,5 @@ resources:
   bugtracker: https://rt.cpan.org/Public/Dist/Display.html?Name=GraphViz
   license: http://dev.perl.org/licenses/
   repository: https://github.com/ronsavage/GraphViz.git
-version: '2.22'
+version: '2.24'
 x_serialization_backend: 'CPAN::Meta::YAML version 0.012'
diff --git a/Makefile.PL b/Makefile.PL
index a1a7695..438548c 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -66,12 +66,12 @@ my(%params) =
 		'Time::HiRes'		=> 1.51,
 		'vars'				=> 0,
 		'warnings'			=> 0,
-		'XML::Twig'			=> 3.38,
+		'XML::Twig'			=> 3.52,
 		'XML::XPath'		=> 1.13,
 	},
 	TEST_REQUIRES =>
 	{
-		'Test::More'	=> 1.302019,
+		'Test::More'	=> 1.001002,
 		'Test::Pod'		=> 1.48,
 	},
 	VERSION_FROM => 'lib/GraphViz.pm',
diff --git a/lib/Devel/GraphVizProf.pm b/lib/Devel/GraphVizProf.pm
index 3be43e3..4110352 100644
--- a/lib/Devel/GraphVizProf.pm
+++ b/lib/Devel/GraphVizProf.pm
@@ -1,6 +1,6 @@
 package Devel::GraphVizProf; # To help the CPAN indexer to identify us
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 package DB;
 
diff --git a/lib/GraphViz.pm b/lib/GraphViz.pm
index 411fd7e..3ec0c2a 100644
--- a/lib/GraphViz.pm
+++ b/lib/GraphViz.pm
@@ -9,7 +9,7 @@ use Carp;
 use Config;
 use IPC::Run qw(run binary);
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 =pod
 
@@ -1367,6 +1367,15 @@ The keywords are: node, edge, graph, digraph, subgraph and strict. Compass point
 See L<keywords|http://www.graphviz.org/content/dot-language> in the discussion of the syntax of DOT
 for details.
 
+=head2 How do you handle XXE within XML?
+
+Due to security risks with XXE in XML, Graphviz does not support XML that contains XXE. Thus it
+automatically prevents external entities being parsed by using the no_xxe option in L<XML::Twig>
+when calling XML::Twig -> new(). And for this reason also the pre-reqs in Makefile.PL specify
+XML::Twig V 3.52.
+
+See L<https://metacpan.org/pod/release/MIROD/XML-Twig-3.52/Twig.pm#no_xxe>
+
 =head1 NOTES
 
 Older versions of GraphViz used a slightly different syntax for node
diff --git a/lib/GraphViz/Data/Grapher.pm b/lib/GraphViz/Data/Grapher.pm
index 35cede2..6289305 100644
--- a/lib/GraphViz/Data/Grapher.pm
+++ b/lib/GraphViz/Data/Grapher.pm
@@ -8,7 +8,7 @@ use lib '../..';
 use lib '..';
 use GraphViz;
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 =head1 NAME
 
@@ -28,7 +28,7 @@ structures can grow quite large and it can be hard to understand the
 quite how the structure fits together.
 
 Data::Dumper can help by representing the structure as a text
-heirarchy, but GraphViz::Data::Grapher goes a step further and
+hierarchy, but GraphViz::Data::Grapher goes a step further and
 visualises the structure by drawing a graph which represents the data
 structure.
 
diff --git a/lib/GraphViz/No.pm b/lib/GraphViz/No.pm
index a18c597..8d7a1b7 100644
--- a/lib/GraphViz/No.pm
+++ b/lib/GraphViz/No.pm
@@ -6,7 +6,7 @@ use GraphViz;
 
 our @ISA = qw(GraphViz);
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 =head1 NAME
 
diff --git a/lib/GraphViz/Parse/RecDescent.pm b/lib/GraphViz/Parse/RecDescent.pm
index cc168b8..4954fa2 100644
--- a/lib/GraphViz/Parse/RecDescent.pm
+++ b/lib/GraphViz/Parse/RecDescent.pm
@@ -9,7 +9,7 @@ use lib '..';
 use GraphViz;
 use Parse::RecDescent;
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 =head1 NAME
 
diff --git a/lib/GraphViz/Parse/Yacc.pm b/lib/GraphViz/Parse/Yacc.pm
index 7db9f4e..7085da3 100644
--- a/lib/GraphViz/Parse/Yacc.pm
+++ b/lib/GraphViz/Parse/Yacc.pm
@@ -8,7 +8,7 @@ use lib '../..';
 use lib '..';
 use GraphViz;
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 =head1 NAME
 
diff --git a/lib/GraphViz/Parse/Yapp.pm b/lib/GraphViz/Parse/Yapp.pm
index 68301a8..5467a10 100644
--- a/lib/GraphViz/Parse/Yapp.pm
+++ b/lib/GraphViz/Parse/Yapp.pm
@@ -8,7 +8,7 @@ use lib '../..';
 use lib '..';
 use GraphViz;
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 =head1 NAME
 
diff --git a/lib/GraphViz/Regex.pm b/lib/GraphViz/Regex.pm
index 5f935da..526f3ed 100644
--- a/lib/GraphViz/Regex.pm
+++ b/lib/GraphViz/Regex.pm
@@ -11,7 +11,7 @@ use IPC::Run qw(run);
 
 # See perldebguts
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 my $DEBUG = 0;    # whether debugging statements are shown
 
diff --git a/lib/GraphViz/Small.pm b/lib/GraphViz/Small.pm
index e95401a..20d20fd 100644
--- a/lib/GraphViz/Small.pm
+++ b/lib/GraphViz/Small.pm
@@ -6,7 +6,7 @@ use GraphViz;
 
 our @ISA = qw(GraphViz);
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 =head1 NAME
 
diff --git a/lib/GraphViz/XML.pm b/lib/GraphViz/XML.pm
index 1739ce9..235d764 100644
--- a/lib/GraphViz/XML.pm
+++ b/lib/GraphViz/XML.pm
@@ -7,7 +7,7 @@ use lib '..';
 use GraphViz;
 use XML::Twig;
 
-our $VERSION = '2.22';
+our $VERSION = '2.24';
 
 =head1 NAME
 
@@ -48,7 +48,7 @@ sub new {
     my $class = ref($proto) || $proto;
     my $xml   = shift;
 
-    my $t = XML::Twig->new();
+    my $t = XML::Twig->new(no_xxe => 1);
     $t->parse($xml);
     my $graph = GraphViz->new();
     _init( $graph, $t->root );
author	gregor herrmann <gregoa@debian.org>	2016-12-27 21:33:11 +0100
committer	gregor herrmann <gregoa@debian.org>	2016-12-27 21:33:11 +0100
commit	d5a66e0a353f840c776ea3a082e9a50b85da5d10 (patch)
tree	da6779bbc85cbc249049c8dbba602bfd01a0b05f
parent	6c674750e04681af7f75b72299a54a206e9f0198 (diff)