From 40ba99b8269b0fa829fea16a4df58ad4acb77f6e Mon Sep 17 00:00:00 2001
From: Jitka Plesnikova <jplesnik@redhat.com>
Date: Wed, 3 Aug 2016 13:12:07 +0200
Subject: [PATCH] Avoid loading optional modules from default . (CVE-2016-1238)

---
 ...8-avoid-loading-optional-modules-from.patch | 18 ++++++++++++++++++
 perl-Storable.spec                             |  8 +++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 Storable-2.53-CVE-2016-1238-avoid-loading-optional-modules-from.patch

diff --git a/Storable-2.53-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/Storable-2.53-CVE-2016-1238-avoid-loading-optional-modules-from.patch
new file mode 100644
index 0000000..a59cc89
--- /dev/null
+++ b/Storable-2.53-CVE-2016-1238-avoid-loading-optional-modules-from.patch
@@ -0,0 +1,18 @@
+diff -up Storable/Storable.pm.cve Storable/Storable.pm
+--- Storable/Storable.pm.cve	2016-03-19 19:50:47.000000000 +0100
++++ Storable/Storable.pm	2016-08-03 12:48:36.415082280 +0200
+@@ -25,7 +25,13 @@ use vars qw($canonical $forgive_me $VERS
+ $VERSION = '2.53';
+ 
+ BEGIN {
+-    if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) {
++    if (eval {
++        local $SIG{__DIE__};
++        local @INC = @INC;
++        pop @INC if $INC[-1] eq '.';
++        require Log::Agent;
++        1;
++    }) {
+         Log::Agent->import;
+     }
+     #
diff --git a/perl-Storable.spec b/perl-Storable.spec
index 4dc1a7e..c53995e 100644
--- a/perl-Storable.spec
+++ b/perl-Storable.spec
@@ -3,7 +3,7 @@
 Name:           perl-Storable
 Epoch:          1
 Version:        2.53
-Release:        346%{?dist}
+Release:        347%{?dist}
 Summary:        Persistence for Perl data structures
 License:        GPL+ or Artistic
 Group:          Development/Libraries
@@ -11,6 +11,8 @@ URL:            http://search.cpan.org/dist/Storable/
 Source0:        http://www.cpan.org/authors/id/A/AM/AMS/Storable-%{base_version}.tar.gz
 # Unbundled form perl 5.21.11
 Patch0:         Storable-2.51-Upgrade-to-2.53.patch
+# Avoid loading optional modules from default . (CVE-2016-1238)
+Patch1:         Storable-2.53-CVE-2016-1238-avoid-loading-optional-modules-from.patch
 BuildRequires:  perl
 BuildRequires:  perl(Config)
 BuildRequires:  perl(ExtUtils::MakeMaker)
@@ -61,6 +63,7 @@ can be conveniently stored to disk and retrieved at a later time.
 %prep
 %setup -q -n Storable-%{base_version}
 %patch0 -p1
+%patch1 -p1
 # Remove bundled modules
 rm -rf t/compat
 sed -i -e '/^t\/compat\//d' MANIFEST
@@ -87,6 +90,9 @@ make test
 %{_mandir}/man3/*
 
 %changelog
+* Wed Aug 03 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:2.53-347
+- Avoid loading optional modules from default . (CVE-2016-1238)
+
 * Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:2.53-346
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild