diff options
| author | H.Merijn Brand - Tux <linux@tux.freedom.nl> | 2023-06-26 11:39:02 +0200 |
|---|---|---|
| committer | H.Merijn Brand - Tux <linux@tux.freedom.nl> | 2023-06-26 11:39:02 +0200 |
| commit | 7986e58cf9c7a456de600ee736c98f33bbb19409 (patch) | |
| tree | 4c3ebad2704aa10da932aecd6a90c8ef66b92b75 | |
| parent | 315875f0909f650a223d3da7c358cc02c5ca360b (diff) | |
Use recommended and suggested versions based on known CVEs
| -rw-r--r-- | Changes | 3 | ||||
| -rwxr-xr-x | Read.pm | 2 | ||||
| -rw-r--r-- | cpanfile | 12 | ||||
| -rw-r--r-- | sandbox/SR.pm | 2 | ||||
| -rwxr-xr-x | sandbox/genMETA.pl | 16 | ||||
| -rw-r--r-- | sandbox/genMETA.pm | 52 |
6 files changed, 68 insertions, 19 deletions
@@ -1,5 +1,6 @@ -0.88 - 08 Mar 2023, H.Merijn Brand +0.88 - 26 Jun 2023, H.Merijn Brand * Guard $_ globbering from external bitrotted code + * Use recommended and suggested versions based on known CVEs 0.87 - 22 Feb 2023, H.Merijn Brand * Change default #! to /usr/bin/perl (Tinita) @@ -1113,7 +1113,7 @@ sub ReadData { $opt{cells} and # Formatted value $sheet{$cell} = defined $val ? $oWkC->value : undef; if ($opt{attr}) { - my $FnT = $FmT ? $FmT->{font_face} : undef; +# my $FnT = $FmT ? $FmT->{font_face} : undef; my $fmi; #my $fmi = $FmT ? $FmT->{FmtIdx} # ? $oBook->{FormatStr}{$FmT->{FmtIdx}} @@ -3,15 +3,21 @@ requires "Data::Dumper"; requires "Data::Peek"; requires "Encode"; requires "Exporter"; -requires "File::Temp" => "0.22"; +requires "File::Temp" => "0.22"; # ignore : CVE-2011-4116 requires "List::Util"; +recommends "Data::Dumper" => "2.184"; recommends "Data::Peek" => "0.52"; +recommends "Encode" => "3.19"; recommends "File::Temp" => "0.2311"; recommends "IO::Scalar"; on "configure" => sub { requires "ExtUtils::MakeMaker"; + + recommends "ExtUtils::MakeMaker" => "7.22"; + + suggests "ExtUtils::MakeMaker" => "7.70"; }; on "test" => sub { @@ -19,7 +25,7 @@ on "test" => sub { requires "Test::More" => "0.88"; requires "Test::NoWarnings"; - recommends "Test::More" => "1.302193"; + recommends "Test::More" => "1.302195"; }; feature "opt_csv", "Provides parsing of CSV streams" => sub { @@ -33,7 +39,7 @@ feature "opt_csv", "Provides parsing of CSV streams" => sub { feature "opt_gnumeric", "Provides parsing of Gnumeric spreadsheets" => sub { requires "Spreadsheet::ReadGnumeric" => "0.2"; - recommends "Spreadsheet::ReadGnumeric" => "0.2"; + recommends "Spreadsheet::ReadGnumeric" => "0.3"; }; feature "opt_ods", "Provides parsing of OpenOffice spreadsheets" => sub { diff --git a/sandbox/SR.pm b/sandbox/SR.pm index c070722..178cf2a 100644 --- a/sandbox/SR.pm +++ b/sandbox/SR.pm @@ -47,7 +47,7 @@ Uses L<JSON>'s decode_json to convert the result of C<sr> to JSON. =head1 AUTHOR -H.Merijn Brand <h.m.brand@xs4all.nl> +H.Merijn Brand <hmbrand@cpan.org> =head1 COPYRIGHT AND LICENSE diff --git a/sandbox/genMETA.pl b/sandbox/genMETA.pl index 6c03042..5ef3244 100755 --- a/sandbox/genMETA.pl +++ b/sandbox/genMETA.pl @@ -45,7 +45,7 @@ name: Spreadsheet-Read version: VERSION abstract: Meta-Wrapper for reading spreadsheet data license: perl -author: +author: - H.Merijn Brand <perl5@tux.freedom.nl> generated_by: Author distribution_type: module @@ -53,27 +53,33 @@ provides: Spreadsheet::Read: file: Read.pm version: VERSION -requires: +requires: perl: 5.008001 Exporter: 0 Carp: 0 Data::Dumper: 0 Data::Peek: 0 Encode: 0 - File::Temp: 0.22 + File::Temp: 0.22 # ignore : CVE-2011-4116 List::Util: 0 configure_requires: ExtUtils::MakeMaker: 0 +configure_recommends: + ExtUtils::MakeMaker: 7.22 +configure_suggests: + ExtUtils::MakeMaker: 7.70 test_requires: Test::Harness: 0 Test::More: 0.88 Test::NoWarnings: 0 recommends: IO::Scalar: 0 + Encode: 3.19 File::Temp: 0.2311 Data::Peek: 0.52 + Data::Dumper: 2.184 test_recommends: - Test::More: 1.302193 + Test::More: 1.302195 resources: license: http://dev.perl.org/licenses/ repository: https://github.com/Tux/Spreadsheet-Read @@ -121,7 +127,7 @@ optional_features: requires: Spreadsheet::ReadGnumeric: 0.2 recommends: - Spreadsheet::ReadGnumeric: 0.2 + Spreadsheet::ReadGnumeric: 0.3 opt_tools: description: Spreadsheet tools recommends: diff --git a/sandbox/genMETA.pm b/sandbox/genMETA.pm index 9c811ca..1e85457 100644 --- a/sandbox/genMETA.pm +++ b/sandbox/genMETA.pm @@ -2,7 +2,7 @@ package genMETA; -our $VERSION = "1.12-20220913"; +our $VERSION = "1.14-20230522"; use 5.014001; use warnings; @@ -34,9 +34,10 @@ sub extract_version { m{^(?:our\s+)? # declaration \$VERSION \s*=\s* # variable ["']? ([0-9._]+) # version - (?:\s* - \s* [0-9]{4}-?[0-9]{2}-?[0-9]{2} \s*)? # date + (?:\s* - \s* [0-9]{4}-?[0-9]{2}-?[0-9]{2} \s*)? # date "0.01 - 20230412" ['"]? \s*;\s* + (?:\x23 \s* [0-9]{4}-?[0-9]{2}-?[0-9]{2} \s*)? # date "0.01"; # 20230502 $}x or next; return $1; } @@ -90,9 +91,18 @@ sub from_data { my ($self, @data) = @_; $self->{version} or $self->version_from (); s/VERSION/$self->{version}/g for @data; + my ($dsct, $dmod); + for (@data) { + s/[ \t]+$//; + m/^\s*(\w+):$/ and $dsct = $1; + m/^\s*(\w(?:[\w:]+\w)?):\s+\d/ and $dmod = $1; + s/\s+#\s*ignore\b\s*[:=]?\s*(\S+)$//i or next; + $self->{cve_ignore}{$dsct}{$dmod} = $1; + } $self->{yml} = \@data; $self->check_yaml (); $self->check_provides (); + #DDumper $self->{cve_ignore}; return @data; } # from_data @@ -139,23 +149,28 @@ sub check_required { BEGIN { $V::NO_EXIT = $V::NO_EXIT = 1 } require V; my %req = map { %{$yml->{$_}} } grep m/requires/ => keys %{$yml}; my %rec = map { %{$yml->{$_}} } grep m/recommends/ => keys %{$yml}; + my %sug = map { %{$yml->{$_}} } grep m/suggests/ => keys %{$yml}; if (my $of = $yml->{optional_features}) { foreach my $f (values %{$of}) { my %q = map { %{$f->{$_}} } grep m/requires/ => keys %{$f}; my %c = map { %{$f->{$_}} } grep m/recommends/ => keys %{$f}; + my %s = map { %{$f->{$_}} } grep m/suggests/ => keys %{$f}; @req{keys %q} = values %q; @rec{keys %c} = values %c; + @sug{keys %s} = values %s; } } if (my $of = $yml->{prereqs}) { foreach my $f (values %{$of}) { my %q = map { %{$f->{$_}} } grep m/requires/ => keys %{$f}; my %c = map { %{$f->{$_}} } grep m/recommends/ => keys %{$f}; + my %s = map { %{$f->{$_}} } grep m/suggests/ => keys %{$f}; @req{keys %q} = values %q; @rec{keys %c} = values %c; + @sug{keys %s} = values %s; } } - my %vsn = ( %req, %rec ); + my %vsn = ( %req, %rec, %sug ); delete @vsn{qw( perl version )}; for (sort keys %vsn) { if (my $mfv = delete $self->{mfpr}{$_}) { @@ -415,6 +430,10 @@ sub add_json { #$jsn->{prereqs}{runtime}{recommends}{$_} //= $r->{$_} for keys %$r; $of->{$f}{prereqs}{runtime}{recommends} = $r; } + if (my $r = delete $of->{$f}{suggests}) { + #$jsn->{prereqs}{runtime}{suggests}{$_} //= $r->{$_} for keys %$r; + $of->{$f}{prereqs}{runtime}{suggests} = $r; + } } } @@ -460,6 +479,9 @@ sub fix_meta { if (my $r = delete $of->{$f}{prereqs}{runtime}{recommends}) { $of->{$f}{requires} = $r; } + if (my $r = delete $of->{$f}{prereqs}{runtime}{suggests}) { + $of->{$f}{suggests} = $r; + } } } # runtime and test_requires are unknown as top-level in 1.4 @@ -491,12 +513,13 @@ sub fix_meta { } # fix_meta sub _cpfd { - my ($jsn, $sct, $f) = @_; + my ($self, $jsn, $sct, $f) = @_; open my $sh, ">", \my $b; my $sep = ""; for (qw( requires recommends suggests )) { - my $s = $jsn->{"$sct$_"} or next; + my $x = "$sct$_"; + my $s = $jsn->{$x} or next; print $sh $sep; foreach my $m (sort keys %$s) { $m eq "perl" and next; @@ -504,7 +527,11 @@ sub _cpfd { printf $sh qq{%-10s "%s"}, $_, $m; my $aw = (24 - length $m); $aw < 0 and $aw = 0; printf $sh qq{%s => "%s"}, " " x $aw, $v if $v; - say $sh ";"; + print $sh ";"; + if (my $i = $self->{cve_ignore}{$x}{$m}) { + print $sh " # ignore : $i"; + } + say $sh ""; } $sep = "\n"; } @@ -523,7 +550,7 @@ sub gen_cpanfile { my $sct = $sct_ =~ s/_$//r; - my $b = _cpfd ($jsn, $sct_, 0) or next; + my $b = _cpfd ($self, $jsn, $sct_, 0) or next; if ($sct) { say $fh qq/\non "$sct" => sub {/; @@ -538,11 +565,20 @@ sub gen_cpanfile { foreach my $f (sort keys %$of) { my $fs = $of->{$f}; say $fh qq/\nfeature "$f", "$fs->{description}" => sub {/; - say $fh _cpfd ($fs, "", 1) =~ s/^(?=\S)/ /gmr; + say $fh _cpfd ($self, $fs, "", 1) =~ s/^(?=\S)/ /gmr; } } close $fh; + + warn "Check CVE's ...\n"; + if (system "cpan-cve.pl", "-d", ".") { + warn "### CVE WARNING\n"; + warn "#\n"; + warn "# The current release would have recommended versions\n"; + warn "# with known CVE's that are not (yet) ignored\n"; + sleep (5); + } } # gen_cpanfile 1; |