Avoid loading optional modules from default . (CVE-2016-1238)
This commit is contained in:
parent
3e3df3e6f2
commit
40ba99b826
|
@ -0,0 +1,18 @@
|
||||||
|
diff -up Storable/Storable.pm.cve Storable/Storable.pm
|
||||||
|
--- Storable/Storable.pm.cve 2016-03-19 19:50:47.000000000 +0100
|
||||||
|
+++ Storable/Storable.pm 2016-08-03 12:48:36.415082280 +0200
|
||||||
|
@@ -25,7 +25,13 @@ use vars qw($canonical $forgive_me $VERS
|
||||||
|
$VERSION = '2.53';
|
||||||
|
|
||||||
|
BEGIN {
|
||||||
|
- if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) {
|
||||||
|
+ if (eval {
|
||||||
|
+ local $SIG{__DIE__};
|
||||||
|
+ local @INC = @INC;
|
||||||
|
+ pop @INC if $INC[-1] eq '.';
|
||||||
|
+ require Log::Agent;
|
||||||
|
+ 1;
|
||||||
|
+ }) {
|
||||||
|
Log::Agent->import;
|
||||||
|
}
|
||||||
|
#
|
|
@ -3,7 +3,7 @@
|
||||||
Name: perl-Storable
|
Name: perl-Storable
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.53
|
Version: 2.53
|
||||||
Release: 346%{?dist}
|
Release: 347%{?dist}
|
||||||
Summary: Persistence for Perl data structures
|
Summary: Persistence for Perl data structures
|
||||||
License: GPL+ or Artistic
|
License: GPL+ or Artistic
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
|
@ -11,6 +11,8 @@ URL: http://search.cpan.org/dist/Storable/
|
||||||
Source0: http://www.cpan.org/authors/id/A/AM/AMS/Storable-%{base_version}.tar.gz
|
Source0: http://www.cpan.org/authors/id/A/AM/AMS/Storable-%{base_version}.tar.gz
|
||||||
# Unbundled form perl 5.21.11
|
# Unbundled form perl 5.21.11
|
||||||
Patch0: Storable-2.51-Upgrade-to-2.53.patch
|
Patch0: Storable-2.51-Upgrade-to-2.53.patch
|
||||||
|
# Avoid loading optional modules from default . (CVE-2016-1238)
|
||||||
|
Patch1: Storable-2.53-CVE-2016-1238-avoid-loading-optional-modules-from.patch
|
||||||
BuildRequires: perl
|
BuildRequires: perl
|
||||||
BuildRequires: perl(Config)
|
BuildRequires: perl(Config)
|
||||||
BuildRequires: perl(ExtUtils::MakeMaker)
|
BuildRequires: perl(ExtUtils::MakeMaker)
|
||||||
|
@ -61,6 +63,7 @@ can be conveniently stored to disk and retrieved at a later time.
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n Storable-%{base_version}
|
%setup -q -n Storable-%{base_version}
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
# Remove bundled modules
|
# Remove bundled modules
|
||||||
rm -rf t/compat
|
rm -rf t/compat
|
||||||
sed -i -e '/^t\/compat\//d' MANIFEST
|
sed -i -e '/^t\/compat\//d' MANIFEST
|
||||||
|
@ -87,6 +90,9 @@ make test
|
||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Aug 03 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:2.53-347
|
||||||
|
- Avoid loading optional modules from default . (CVE-2016-1238)
|
||||||
|
|
||||||
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:2.53-346
|
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:2.53-346
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue