Avoid loading optional modules from default . (CVE-2016-1238)

Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch

@@ -0,0 +1,18 @@
+diff -up Storable/Storable.pm.cve Storable/Storable.pm
+--- Storable/Storable.pm.cve	2016-03-19 19:50:47.000000000 +0100
++++ Storable/Storable.pm	2016-08-03 12:48:36.415082280 +0200
+@@ -25,7 +25,13 @@ use vars qw($canonical $forgive_me $VERS
+ $VERSION = '2.56';
+ 
+ BEGIN {
+-    if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) {
++    if (eval {
++        local $SIG{__DIE__};
++        local @INC = @INC;
++        pop @INC if $INC[-1] eq '.';
++        require Log::Agent;
++        1;
++    }) {
+         Log::Agent->import;
+     }
+     #

perl-Storable.spec

@@ -3,7 +3,7 @@
 Name:           perl-Storable
 Epoch:          1
 Version:        2.56
-Release:        365%{?dist}
+Release:        366%{?dist}
 Summary:        Persistence for Perl data structures
 License:        GPL+ or Artistic
 Group:          Development/Libraries
@@ -13,6 +13,8 @@ Source0:        http://www.cpan.org/authors/id/A/AM/AMS/Storable-%{base_version}
 Patch0:         Storable-2.51-Upgrade-to-2.53.patch
 # Unbundled from perl 5.24.0
 Patch1:         Storable-2.53-Upgrade-to-2.56.patch
+# Avoid loading optional modules from default . (CVE-2016-1238)
+Patch2:         Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch
 BuildRequires:  perl
 BuildRequires:  perl-devel
 BuildRequires:  perl-generators
@@ -66,6 +68,7 @@ can be conveniently stored to disk and retrieved at a later time.
 %setup -q -n Storable-%{base_version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 # Remove bundled modules
 rm -rf t/compat
 sed -i -e '/^t\/compat\//d' MANIFEST
@@ -92,6 +95,9 @@ make test
 %{_mandir}/man3/*
 
 %changelog
+* Wed Aug 03 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:2.56-366
+- Avoid loading optional modules from default . (CVE-2016-1238)
+
 * Sat May 14 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:2.56-365
 - Increase release to favour standalone package