Avoid loading optional modules from default . (CVE-2016-1238)
This commit is contained in:
parent
81e56add19
commit
82773d404f
|
@ -0,0 +1,18 @@
|
|||
diff -up Storable/Storable.pm.cve Storable/Storable.pm
|
||||
--- Storable/Storable.pm.cve 2016-03-19 19:50:47.000000000 +0100
|
||||
+++ Storable/Storable.pm 2016-08-03 12:48:36.415082280 +0200
|
||||
@@ -25,7 +25,13 @@ use vars qw($canonical $forgive_me $VERS
|
||||
$VERSION = '2.56';
|
||||
|
||||
BEGIN {
|
||||
- if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) {
|
||||
+ if (eval {
|
||||
+ local $SIG{__DIE__};
|
||||
+ local @INC = @INC;
|
||||
+ pop @INC if $INC[-1] eq '.';
|
||||
+ require Log::Agent;
|
||||
+ 1;
|
||||
+ }) {
|
||||
Log::Agent->import;
|
||||
}
|
||||
#
|
|
@ -3,7 +3,7 @@
|
|||
Name: perl-Storable
|
||||
Epoch: 1
|
||||
Version: 2.56
|
||||
Release: 365%{?dist}
|
||||
Release: 366%{?dist}
|
||||
Summary: Persistence for Perl data structures
|
||||
License: GPL+ or Artistic
|
||||
Group: Development/Libraries
|
||||
|
@ -13,6 +13,8 @@ Source0: http://www.cpan.org/authors/id/A/AM/AMS/Storable-%{base_version}
|
|||
Patch0: Storable-2.51-Upgrade-to-2.53.patch
|
||||
# Unbundled from perl 5.24.0
|
||||
Patch1: Storable-2.53-Upgrade-to-2.56.patch
|
||||
# Avoid loading optional modules from default . (CVE-2016-1238)
|
||||
Patch2: Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch
|
||||
BuildRequires: perl
|
||||
BuildRequires: perl-devel
|
||||
BuildRequires: perl-generators
|
||||
|
@ -66,6 +68,7 @@ can be conveniently stored to disk and retrieved at a later time.
|
|||
%setup -q -n Storable-%{base_version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
# Remove bundled modules
|
||||
rm -rf t/compat
|
||||
sed -i -e '/^t\/compat\//d' MANIFEST
|
||||
|
@ -92,6 +95,9 @@ make test
|
|||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Wed Aug 03 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:2.56-366
|
||||
- Avoid loading optional modules from default . (CVE-2016-1238)
|
||||
|
||||
* Sat May 14 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:2.56-365
|
||||
- Increase release to favour standalone package
|
||||
|
||||
|
|
Loading…
Reference in New Issue