Avoid loading optional modules from default . (CVE-2016-1238)
This commit is contained in:
parent
d44985dc57
commit
8678886f5d
|
@ -0,0 +1,23 @@
|
||||||
|
diff -ru IO-Compress-2.068-orig/bin/zipdetails IO-Compress-2.068/bin/zipdetails
|
||||||
|
--- IO-Compress-2.068-orig/bin/zipdetails 2014-01-31 07:52:56.000000000 +1100
|
||||||
|
+++ IO-Compress-2.068/bin/zipdetails 2016-07-28 10:10:17.812926303 +1000
|
||||||
|
@@ -5,6 +5,7 @@
|
||||||
|
# Display info on the contents of a Zip file
|
||||||
|
#
|
||||||
|
|
||||||
|
+BEGIN { pop @INC if $INC[-1] eq '.' }
|
||||||
|
use strict;
|
||||||
|
use warnings ;
|
||||||
|
|
||||||
|
diff -ru IO-Compress-2.068-orig/lib/IO/Uncompress/AnyUncompress.pm IO-Compress-2.068/lib/IO/Uncompress/AnyUncompress.pm
|
||||||
|
--- IO-Compress-2.068-orig/lib/IO/Uncompress/AnyUncompress.pm 2015-09-27 04:34:31.000000000 +1000
|
||||||
|
+++ IO-Compress-2.068/lib/IO/Uncompress/AnyUncompress.pm 2016-07-28 10:08:45.064332089 +1000
|
||||||
|
@@ -27,6 +27,8 @@
|
||||||
|
|
||||||
|
BEGIN
|
||||||
|
{
|
||||||
|
+ local @INC = @INC;
|
||||||
|
+ pop @INC if $INC[-1] eq '.';
|
||||||
|
eval ' use IO::Uncompress::Adapter::Inflate 2.068 ;';
|
||||||
|
eval ' use IO::Uncompress::Adapter::Bunzip2 2.068 ;';
|
||||||
|
eval ' use IO::Uncompress::Adapter::LZO 2.068 ;';
|
|
@ -3,12 +3,14 @@
|
||||||
|
|
||||||
Name: perl-IO-Compress
|
Name: perl-IO-Compress
|
||||||
Version: 2.068
|
Version: 2.068
|
||||||
Release: 347%{?dist}
|
Release: 348%{?dist}
|
||||||
Summary: Read and write compressed data
|
Summary: Read and write compressed data
|
||||||
License: GPL+ or Artistic
|
License: GPL+ or Artistic
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
URL: http://search.cpan.org/dist/IO-Compress/
|
URL: http://search.cpan.org/dist/IO-Compress/
|
||||||
Source0: http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/IO-Compress-%{version}.tar.gz
|
Source0: http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/IO-Compress-%{version}.tar.gz
|
||||||
|
# Avoid loading optional modules from default . (CVE-2016-1238)
|
||||||
|
Patch0: IO-Compress-2.068-CVE-2016-1238-avoid-loading-optional-modules-from.patch
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
# Module Build
|
# Module Build
|
||||||
BuildRequires: perl
|
BuildRequires: perl
|
||||||
|
@ -77,6 +79,7 @@ included with the IO-Compress distribution:
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n IO-Compress-%{version}
|
%setup -q -n IO-Compress-%{version}
|
||||||
|
%patch0 -p1
|
||||||
|
|
||||||
# Remove spurious exec permissions
|
# Remove spurious exec permissions
|
||||||
chmod -c -x lib/IO/Uncompress/{Adapter/Identity,RawInflate}.pm
|
chmod -c -x lib/IO/Uncompress/{Adapter/Identity,RawInflate}.pm
|
||||||
|
@ -127,6 +130,9 @@ make test COMPRESS_ZLIB_RUN_%{?with_long_tests:ALL}%{!?with_long_tests:MOST}=1
|
||||||
%{_mandir}/man3/IO::Uncompress::*.3*
|
%{_mandir}/man3/IO::Uncompress::*.3*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Aug 03 2016 Jitka Plesnikova <jplesnik@redhat.com> - 2.068-348
|
||||||
|
- Avoid loading optional modules from default . (CVE-2016-1238)
|
||||||
|
|
||||||
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.068-347
|
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.068-347
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue