From 9d597749333a89d07cff91ea07159eba9b8ed3e2 Mon Sep 17 00:00:00 2001
From: Jitka Plesnikova <jples...@redhat.com>
Date: Tue, 9 Aug 2016 15:16:29 +0200
Subject: 0.50 bump
---
.gitignore | 1 +
...-1238-avoid-loading-optional-modules-from.patch | 48 ----------------------
perl-File-Fetch.spec | 20 +++++----
sources | 2 +-
4 files changed, 13 insertions(+), 58 deletions(-)
delete mode 100644
File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch
diff --git a/.gitignore b/.gitignore
index bdab2d7..c655120 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ File-Fetch-0.14.tar.gz
/File-Fetch-0.44.tar.gz
/File-Fetch-0.46.tar.gz
/File-Fetch-0.48.tar.gz
+/File-Fetch-0.50.tar.gz
diff --git
a/File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch
b/File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch
deleted file mode 100644
index 6403751..0000000
--- a/File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-diff -up File-Fetch/lib/File/Fetch.pm.cve
perl-5.24.0/cpan/File-Fetch/lib/File/Fetch.pm
---- File-Fetch/lib/File/Fetch.pm.cve 2016-02-05 16:26:05.000000000 +0100
-+++ File-Fetch/lib/File/Fetch.pm 2016-08-02 13:39:39.819316039 +0200
-@@ -567,6 +567,8 @@ sub _lwp_fetch {
-
- };
-
-+ local @INC = @INC;
-+ pop @INC if $INC[-1] eq '.';
- unless( can_load( modules => $use_list ) ) {
- $METHOD_FAIL->{'lwp'} = 1;
- return;
-@@ -619,6 +621,8 @@ sub _httptiny_fetch {
-
- };
-
-+ local @INC = @INC;
-+ pop @INC if $INC[-1] eq '.';
- unless( can_load(modules => $use_list) ) {
- $METHOD_FAIL->{'httptiny'} = 1;
- return;
-@@ -658,6 +662,8 @@ sub _httplite_fetch {
-
- };
-
-+ local @INC = @INC;
-+ pop @INC if $INC[-1] eq '.';
- unless( can_load(modules => $use_list) ) {
- $METHOD_FAIL->{'httplite'} = 1;
- return;
-@@ -733,6 +739,8 @@ sub _iosock_fetch {
- 'IO::Select' => '0.0',
- };
-
-+ local @INC = @INC;
-+ pop @INC if $INC[-1] eq '.';
- unless( can_load(modules => $use_list) ) {
- $METHOD_FAIL->{'iosock'} = 1;
- return;
-@@ -814,6 +822,8 @@ sub _netftp_fetch {
- check( $tmpl, \%hash ) or return;
-
- ### required modules ###
-+ local @INC = @INC;
-+ pop @INC if $INC[-1] eq '.';
- my $use_list = { 'Net::FTP' => 0 };
-
- unless( can_load( modules => $use_list ) ) {
diff --git a/perl-File-Fetch.spec b/perl-File-Fetch.spec
index f986b57..55f265a 100644
--- a/perl-File-Fetch.spec
+++ b/perl-File-Fetch.spec
@@ -1,14 +1,14 @@
Name: perl-File-Fetch
-Version: 0.48
-Release: 366%{?dist}
+Version: 0.50
+Release: 1%{?dist}
Summary: Generic file fetching mechanism
License: GPL+ or Artistic
Group: Development/Libraries
URL: http://search.cpan.org/dist/File-Fetch/
Source0:
http://www.cpan.org/authors/id/B/BI/BINGOS/File-Fetch-%{version}.tar.gz
-# Avoid loading optional modules from default . (CVE-2016-1238)
-Patch0:
File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch
BuildArch: noarch
+BuildRequires: findutils
+BuildRequires: make
BuildRequires: perl
BuildRequires: perl-generators
BuildRequires: perl(ExtUtils::MakeMaker)
@@ -26,21 +26,21 @@ BuildRequires: perl(File::Temp)
BuildRequires: perl(FileHandle)
BuildRequires: perl(IPC::Cmd) >= 0.42
BuildRequires: perl(Locale::Maketext::Simple)
-BuildRequires: perl(Module::Load::Conditional) >= 0.04
+BuildRequires: perl(Module::Load::Conditional) >= 0.66
BuildRequires: perl(Params::Check) >= 0.07
BuildRequires: perl(vars)
# Keep all downaloaders optional (LWP, curl, rsync etc.).
# Tests:
BuildRequires: perl(Data::Dumper)
-BuildRequires: perl(lib)
BuildRequires: perl(IO::Socket::INET)
+BuildRequires: perl(lib)
BuildRequires: perl(Test::More)
BuildRequires: perl(warnings)
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
Requires: perl(File::Spec) >= 0.82
Requires: perl(IPC::Cmd) >= 0.42
Requires: perl(Locale::Maketext::Simple)
-Requires: perl(Module::Load::Conditional) >= 0.04
+Requires: perl(Module::Load::Conditional) >= 0.66
Requires: perl(Params::Check) >= 0.07
# Remove under-specified dependencies
@@ -52,7 +52,6 @@ File::Fetch allows you to fetch any file pointed to by a
"ftp", "http",
%prep
%setup -q -n File-Fetch-%{version}
-%patch0 -p1
%build
perl Makefile.PL INSTALLDIRS=vendor
@@ -60,7 +59,7 @@ make %{?_smp_mflags}
%install
make pure_install DESTDIR=$RPM_BUILD_ROOT
-find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \;
+find $RPM_BUILD_ROOT -type f -name .packlist -delete
%{_fixperms} $RPM_BUILD_ROOT/*
%check
@@ -72,6 +71,9 @@ make test
%{_mandir}/man3/*
%changelog
+* Tue Aug 09 2016 Jitka Plesnikova <jples...@redhat.com> - 0.50-1
+- 0.50 bump
+
* Tue Aug 02 2016 Jitka Plesnikova <jples...@redhat.com> - 0.48-366
- Avoid loading optional modules from default . (CVE-2016-1238)
diff --git a/sources b/sources
index 0251513..3b360d9 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-319dcd7886b3a51f54836915eecd7d53 File-Fetch-0.48.tar.gz
+e9aa9aa0c11fe42d0890b267b422411d File-Fetch-0.50.tar.gz
--
cgit v0.12
http://pkgs.fedoraproject.org/cgit/perl-File-Fetch.git/commit/?h=master&id=9d597749333a89d07cff91ea07159eba9b8ed3e2
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
