Sync Compress-Raw-Zlib-2.103 + 2 others into blead

[jkeenan]

This commit synchs into blead versions 2.103 for 3 CPAN distributions:

Compress-Raw-Zlib
IO-Compress
Compress-Raw-Bzip2

Applying the commits one at a time would have resulted in one test
failure in one of those commits, but applying all three has all tests
passing as expected

From Changes for Compress-Raw-Zlib

2.103 3 April 2022

• Sync upstream fix for CVE-2018-25032
  GHSA-jc36-42cf-vqwj

  Update to Zlib 1.2.12
  d507f527768f6cbab5831ed3ec17fe741163785c

  Fix for inflateSync return code change
  f47ea5f36c40fe19efe404dd75fd790b115de596

  Fix for incorrect CRC from zlib 1.2.12.1
  madler/zlib@ec3df00
  60104e3a162a116548303861ae0811fb850e65fd

• AUTHOR doesn't contain the stated information
  bf5a03c1b440c8d9e41cffb344bf889794cc532b

From Changes for IO-Compress

2.103 3 April 2022

• Update version to 2.103
  97f1893892eccac69b3a8033378b0b44d7c4f3ab

• Fix for inflateSyncs retrurn code change
  4843e22285bf8e52c9b5b913d167a1545995c793

• Add constant for ZIP_CM_AES
  91be04dd8dc2848e3c25b87ec498cf8ccc34187a

• Point links to rfcs to ietf.org
  Point links to RFCs to ietf.org pmqs/IO-Compress#37
  a8f28b36cf4d77df1cfa0516867012425920a62f

• Rename test file to fix manifest warning
  Rename test file to fix manifest warning pmqs/IO-Compress#36
  955244f9ac0654d7e8d54115162da53c85d7178c

• Add perl 5.34
  06f41883f62ed1b88b03c246b16e0b5ef72503bc

• Fix for Calling nextStream on an IO::Uncompress::Zip object in Transparent mode dies when input is uncompressed
  Calling nextStream on an IO::Uncompress::Zip object in Transparent mode dies when input is uncompressed pmqs/IO-Compress#34
  b0f93fe62f84b7d4d4bb8d2ea8e6d5432887103f

• IO::Compress: Generalize for EBCDIC
  Generalize for EBCDIC pmqs/IO-Compress#32
  90b51dbbd785e2c824cb0a93feef3b3dd5d075f2

• IO::Compress: Fix misspelling in 112utf8-zip.t
  c22216b5d3202dce01ef17a271252f82520a6ab9

• Revert "Always have full zip64 entry in central directory"
  7df4c9bc98667bc1afd1b4bc5a27d20f94e3cd9c

• Always have full zip64 entry in central directory
  333648ee1dece6eb220060c7ec09806f6ebb9866

• update cpanm path on MacOS
  33079902934885c515768a08d72e89243a5d01a9

From Changes for Compress-Raw-Bzip2

2.103 3 April 2022

• Silence uninitialized warnings
  Fix Issue #4 - Silence uninitialized warnings pmqs/Compress-Raw-Bzip2#5
  ff3d907325091287ac1525db384b99a968d763d7
  641a440ec6229c1d368b9ead48f4968b955c0115

[jkeenan]

@pmqs, because of the "knock-on test failure with IO-Compress" you mentioned on list, I ran Porting/sync-with-cpan for each of your 3 distributions, then squashed 3 commits into one. I normally don't run "sync-with-cpan" through pull requests, but am doing so here because of the higher probability of error. Can you take a look?

Thank you very much.
Jim Keenan

[pmqs]

@pmqs, because of the "knock-on test failure with IO-Compress" you mentioned on list, I ran Porting/sync-with-cpan for each of your 3 distributions, then squashed 3 commits into one. I normally don't run "sync-with-cpan" through pull requests, but am doing so here because of the higher probability of error. Can you take a look?

Thank you very much. Jim Keenan

Looks ok

[jkeenan]

@pmqs, because of the "knock-on test failure with IO-Compress" you mentioned on list, I ran Porting/sync-with-cpan for each of your 3 distributions, then squashed 3 commits into one. I normally don't run "sync-with-cpan" through pull requests, but am doing so here because of the higher probability of error. Can you take a look?
Thank you very much. Jim Keenan

Looks ok

Okay, I'll merge to blead today or tomorrow after CI and smoke test results are in. Thanks.

[haarg]

Should there be releases of 5.34 and 5.32 to address this CVE?

[pmqs]

Should there be releases of 5.34 and 5.32 to address this CVE?

Yes

[jkeenan]

Should there be releases of 5.34 and 5.32 to address this CVE?

Yes -- but I don't know how to create an initial entry for this in the corresponding maint-votes*.xml files.

[pmqs]

@jkeenan I accidentally shipped IO-Compress with an in-progress file (see pmqs/IO-Compress#39). Suggest you merge IO-Compress 2.105 as well to deal with it.

[jkeenan]

@jkeenan I accidentally shipped IO-Compress with an in-progress file (see pmqs/IO-Compress#39). Suggest you merge IO-Compress 2.105 as well to deal with it.

Will I need to update the other two Compress-Raw* distros as well? Or just IO-Compress?

[pmqs]

@jkeenan I accidentally shipped IO-Compress with an in-progress file (see pmqs/IO-Compress#39). Suggest you merge IO-Compress 2.105 as well to deal with it.

Will I need to update the other two Compress-Raw* distros as well? Or just IO-Compress?

No, just IO-Compress

[pmqs]

@jkeenan I thought that blead automatically synced new versions of CPAN modules?

[demerphq]

On Sun, 10 Apr 2022 at 09:45, Paul Marquess ***@***.***> wrote: @jkeenan <https://github.com/jkeenan> I thought that blead automatically synced new versions of CPAN modules?

I think more often than not Jim is the "automatic" involved here. :-) Although I believe that updating to latest CPAN modules is part of the release process. But its not entirely automatic, running sync-with-cpan is a manual process. cheers, Yves

…

-- perl -Mre=debug -e "/just|another|perl|hacker/"

[jkeenan]

@jkeenan I thought that blead automatically synced new versions of CPAN modules?

No, we have a program called Porting/sync-with-cpan, which you can find in the core distribution. In addition to releasors of dev releases, @bingos and I periodically run it. I doubt we would want this program to be fully automatic because we often like to see how the CPAN releases are doing when run against older versions of perl on CPANtesters.