jplesnik pushed to perl-Module-CoreList (f25). "Avoid loading optional modules from default . (CVE-2016-1238)"

notifications Fri, 05 Aug 2016 01:18:05 -0700

From f292b2188ee5115b0dc427c99a3203c2e35fe13b Mon Sep 17 00:00:00 2001
From: Jitka Plesnikova <jples...@redhat.com>
Date: Fri, 5 Aug 2016 10:15:39 +0200
Subject: Avoid loading optional modules from default . (CVE-2016-1238)


---
 ...20-CVE-2016-1238-avoid-loading-optional-modules-from.patch | 11 +++++++++++
 perl-Module-CoreList.spec                                     |  8 +++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 
Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch

diff --git 
a/Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch
 
b/Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch
new file mode 100644
index 0000000..f02f43d
--- /dev/null
+++ 
b/Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch
@@ -0,0 +1,11 @@
+diff -up Module-CoreList/corelist.cve Module-CoreList/corelist
+--- Module-CoreList/corelist.cve       2016-02-05 16:26:05.000000000 +0100
++++ Module-CoreList/corelist   2016-08-05 09:16:43.129306210 +0200
+@@ -130,6 +130,7 @@ requested perl versions.
+ 
+ =cut
+ 
++BEGIN { pop @INC if $INC[-1] eq '.' }
+ use Module::CoreList;
+ use Getopt::Long qw(:config no_ignore_case);
+ use Pod::Usage;
diff --git a/perl-Module-CoreList.spec b/perl-Module-CoreList.spec
index d2b1c7c..cfad5e4 100644
--- a/perl-Module-CoreList.spec
+++ b/perl-Module-CoreList.spec
@@ -2,12 +2,14 @@ Name:           perl-Module-CoreList
 # Epoch to compete with perl.spec
 Epoch:          1
 Version:        5.20160720
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        What modules are shipped with versions of perl
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/Module-CoreList/
 Source0:        
http://www.cpan.org/authors/id/B/BI/BINGOS/Module-CoreList-%{version}.tar.gz
+# Avoid loading optional modules from default . (CVE-2016-1238)
+Patch0:         
Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch
 BuildArch:      noarch
 BuildRequires:  findutils
 BuildRequires:  make
@@ -59,6 +61,7 @@ modules were shipped with given perl version.
 
 %prep
 %setup -q -n Module-CoreList-%{version}
+%patch0 -p1
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor
@@ -83,6 +86,9 @@ make test
 %{_mandir}/man1/corelist.*
 
 %changelog
+* Fri Aug 05 2016 Jitka Plesnikova <jples...@redhat.com> - 1:5.20160720-2
+- Avoid loading optional modules from default . (CVE-2016-1238)
+
 * Thu Jul 21 2016 Petr Pisar <ppi...@redhat.com> - 1:5.20160720-1
 - 5.20160720 bump
 
-- 
cgit v0.12


        
http://pkgs.fedoraproject.org/cgit/perl-Module-CoreList.git/commit/?h=f25&id=f292b2188ee5115b0dc427c99a3203c2e35fe13b
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org

jplesnik pushed to perl-Module-CoreList (f25). "Avoid loading optional modules from default . (CVE-2016-1238)"

Reply via email to