From fafd08c02eb8be62ce65ff0934755bf400511d19 Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova <jples...@redhat.com> Date: Tue, 9 Aug 2016 13:34:16 +0200 Subject: Avoid loading optional modules from default . (CVE-2016-1238)
--- ....22-CVE-2016-1238-avoid-loading-optional-modules-from.patch | 10 ++++++++++ perl-ExtUtils-MakeMaker.spec | 8 +++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 ExtUtils-MakeMaker-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch diff --git a/ExtUtils-MakeMaker-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/ExtUtils-MakeMaker-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch new file mode 100644 index 0000000..1979f09 --- /dev/null +++ b/ExtUtils-MakeMaker-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch @@ -0,0 +1,10 @@ +diff -up ExtUtils-MakeMaker-7.10/bin/instmodsh.orig ExtUtils-MakeMaker-7.10/bin/instmodsh +--- ExtUtils-MakeMaker-7.10/bin/instmodsh.orig 2016-08-09 13:23:15.679839890 +0200 ++++ ExtUtils-MakeMaker-7.10/bin/instmodsh 2016-08-09 13:23:45.201703094 +0200 +@@ -1,5 +1,6 @@ + #!/usr/bin/perl -w + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use IO::File; + use ExtUtils::Packlist; diff --git a/perl-ExtUtils-MakeMaker.spec b/perl-ExtUtils-MakeMaker.spec index 1efde92..eada55d 100644 --- a/perl-ExtUtils-MakeMaker.spec +++ b/perl-ExtUtils-MakeMaker.spec @@ -3,7 +3,7 @@ Name: perl-%{cpan_name} Version: %(echo '%{cpan_version}' | tr _ .) -Release: 4%{?dist} +Release: 5%{?dist} Summary: Create a module Makefile License: GPL+ or Artistic Group: Development/Libraries @@ -20,6 +20,8 @@ Patch2: %{cpan_name}-7.04-Unbundle-version.patch Patch3: %{cpan_name}-7.00-Unbundle-Encode-Locale.patch # Provide maybe_command independently, bug #1129443 Patch4: %{cpan_name}-7.11-Provide-ExtUtils-MM-methods-as-standalone-ExtUtils-M.patch +# Avoid loading optional modules from default ., CVE-2016-1238 +Patch5: %{cpan_name}-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch BuildArch: noarch BuildRequires: coreutils BuildRequires: findutils @@ -153,6 +155,7 @@ is an overkill for small subroutines. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # Remove bundled modules rm -rf bundled sed -i -e '/^bundled\// d' MANIFEST @@ -199,6 +202,9 @@ make test %{_mandir}/man3/ExtUtils::MM::Utils.* %changelog +* Tue Aug 09 2016 Jitka Plesnikova <jples...@redhat.com> - 7.10-5 +- Avoid loading optional modules from default . (CVE-2016-1238) + * Fri May 06 2016 Petr Pisar <ppi...@redhat.com> - 7.10-4 - Provide maybe_command independently (bug #1129443) -- cgit v0.12 http://pkgs.fedoraproject.org/cgit/perl-ExtUtils-MakeMaker.git/commit/?h=f24&id=fafd08c02eb8be62ce65ff0934755bf400511d19 -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org