rpms/perl-IO-Compress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid loading optional modules from default . (CVE-2016-1238)

Browse Source
This commit is contained in:
Jitka Plesnikova 2016-08-03 08:26:40 +02:00
parent 39657844b5
commit b4dcef779c
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
IO-Compress-2.069-CVE-2016-1238-avoid-loading-optional-modules-from.patch Normal file
View File

@ -0,0 +1,23 @@
diff -ru IO-Compress-2.069-orig/bin/zipdetails IO-Compress-2.069/bin/zipdetails
--- IO-Compress-2.069-orig/bin/zipdetails 2014-01-31 07:52:56.000000000 +1100
+++ IO-Compress-2.069/bin/zipdetails 2016-07-28 10:10:17.812926303 +1000
@@ -5,6 +5,7 @@
# Display info on the contents of a Zip file
#
+BEGIN { pop @INC if $INC[-1] eq '.' }
use strict;
use warnings ;
diff -ru IO-Compress-2.069-orig/lib/IO/Uncompress/AnyUncompress.pm IO-Compress-2.069/lib/IO/Uncompress/AnyUncompress.pm
--- IO-Compress-2.069-orig/lib/IO/Uncompress/AnyUncompress.pm 2015-09-27 04:34:31.000000000 +1000
+++ IO-Compress-2.069/lib/IO/Uncompress/AnyUncompress.pm 2016-07-28 10:08:45.064332089 +1000
@@ -27,6 +27,8 @@
BEGIN
{
+ local @INC = @INC;
+ pop @INC if $INC[-1] eq '.';
eval ' use IO::Uncompress::Adapter::Inflate 2.069 ;';
eval ' use IO::Uncompress::Adapter::Bunzip2 2.069 ;';
eval ' use IO::Uncompress::Adapter::LZO 2.069 ;';

8
perl-IO-Compress.spec
View File

@ -3,12 +3,14 @@
Name: perl-IO-Compress Name: perl-IO-Compress
Version: 2.069 Version: 2.069
Release: 2%{?dist} Release: 3%{?dist}
Summary: Read and write compressed data Summary: Read and write compressed data
License: GPL+ or Artistic License: GPL+ or Artistic
Group: Development/Libraries Group: Development/Libraries
URL: http://search.cpan.org/dist/IO-Compress/ URL: http://search.cpan.org/dist/IO-Compress/
Source0: http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/IO-Compress-%{version}.tar.gz Source0: http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/IO-Compress-%{version}.tar.gz
# Avoid loading optional modules from default . (CVE-2016-1238)
Patch0: IO-Compress-2.069-CVE-2016-1238-avoid-loading-optional-modules-from.patch
BuildArch: noarch BuildArch: noarch
# Module Build # Module Build
BuildRequires: coreutils BuildRequires: coreutils
@ -80,6 +82,7 @@ included with the IO-Compress distribution:
%prep %prep
%setup -q -n IO-Compress-%{version} %setup -q -n IO-Compress-%{version}
%patch0 -p1
# Remove spurious exec permissions # Remove spurious exec permissions
chmod -c -x lib/IO/Uncompress/{Adapter/Identity,RawInflate}.pm chmod -c -x lib/IO/Uncompress/{Adapter/Identity,RawInflate}.pm
@ -130,6 +133,9 @@ make test COMPRESS_ZLIB_RUN_%{?with_long_tests:ALL}%{!?with_long_tests:MOST}=1
%{_mandir}/man3/IO::Uncompress::*.3* %{_mandir}/man3/IO::Uncompress::*.3*
%changelog %changelog
* Tue Aug 02 2016 Jitka Plesnikova <jplesnik@redhat.com> - 2.069-3
- Avoid loading optional modules from default . (CVE-2016-1238)
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.069-2 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.069-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild