From 793e94a60d04059f339cac006c465a2d0ee5d2d7 Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova <jples...@redhat.com> Date: Tue, 9 Aug 2016 13:44:08 +0200 Subject: Avoid loading optional modules from default . (CVE-2016-1238)
--- ....22-CVE-2016-1238-avoid-loading-optional-modules-from.patch | 10 ++++++++++ perl-ExtUtils-MakeMaker.spec | 8 +++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 ExtUtils-MakeMaker-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch diff --git a/ExtUtils-MakeMaker-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/ExtUtils-MakeMaker-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch new file mode 100644 index 0000000..40562cb --- /dev/null +++ b/ExtUtils-MakeMaker-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch @@ -0,0 +1,10 @@ +diff -up ExtUtils-MakeMaker-7.04/bin/instmodsh.orig ExtUtils-MakeMaker-7.04/bin/instmodsh +--- ExtUtils-MakeMaker-7.04/bin/instmodsh.orig 2016-08-09 13:35:42.181380825 +0200 ++++ ExtUtils-MakeMaker-7.04/bin/instmodsh 2016-08-09 13:36:20.148204898 +0200 +@@ -1,5 +1,6 @@ + #!/usr/bin/perl -w + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use IO::File; + use ExtUtils::Packlist; diff --git a/perl-ExtUtils-MakeMaker.spec b/perl-ExtUtils-MakeMaker.spec index 7afd4f7..54a894a 100644 --- a/perl-ExtUtils-MakeMaker.spec +++ b/perl-ExtUtils-MakeMaker.spec @@ -3,7 +3,7 @@ Name: perl-%{cpan_name} Version: %(echo '%{cpan_version}' | tr _ .) -Release: 348%{?dist} +Release: 349%{?dist} Summary: Create a module Makefile License: GPL+ or Artistic Group: Development/Libraries @@ -22,6 +22,8 @@ Patch3: ExtUtils-MakeMaker-7.00-Unbundle-Encode-Locale.patch Patch4: ExtUtils-MakeMaker-7.02-Write-UTF-8-encoded-chunk-if-Locale-Encode-is-not-av.patch # Provide maybe_command independently, bug #1129443 Patch5: %{cpan_name}-7.11-Provide-ExtUtils-MM-methods-as-standalone-ExtUtils-M.patch +# Avoid loading optional modules from default ., CVE-2016-1238 +Patch6: %{cpan_name}-7.22-CVE-2016-1238-avoid-loading-optional-modules-from.patch BuildArch: noarch BuildRequires: perl # Makefile.Pl uses ExtUtils::MakeMaker from ./lib @@ -129,6 +131,7 @@ is an overkill for small subroutines. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # Remove bundled modules rm -rf bundled sed -i -e '/^bundled\// d' MANIFEST @@ -169,6 +172,9 @@ make test %{_mandir}/man3/ExtUtils::MM::Utils.* %changelog +* Tue Aug 09 2016 Jitka Plesnikova <jples...@redhat.com> - 7.04-349 +- Avoid loading optional modules from default . (CVE-2016-1238) + * Fri May 06 2016 Petr Pisar <ppi...@redhat.com> - 7.04-348 - Provide maybe_command independently (bug #1129443) -- cgit v0.12 http://pkgs.fedoraproject.org/cgit/perl-ExtUtils-MakeMaker.git/commit/?h=f23&id=793e94a60d04059f339cac006c465a2d0ee5d2d7 -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org