From 9d597749333a89d07cff91ea07159eba9b8ed3e2 Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova <jples...@redhat.com> Date: Tue, 9 Aug 2016 15:16:29 +0200 Subject: 0.50 bump
--- .gitignore | 1 + ...-1238-avoid-loading-optional-modules-from.patch | 48 ---------------------- perl-File-Fetch.spec | 20 +++++---- sources | 2 +- 4 files changed, 13 insertions(+), 58 deletions(-) delete mode 100644 File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch diff --git a/.gitignore b/.gitignore index bdab2d7..c655120 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ File-Fetch-0.14.tar.gz /File-Fetch-0.44.tar.gz /File-Fetch-0.46.tar.gz /File-Fetch-0.48.tar.gz +/File-Fetch-0.50.tar.gz diff --git a/File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch deleted file mode 100644 index 6403751..0000000 --- a/File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up File-Fetch/lib/File/Fetch.pm.cve perl-5.24.0/cpan/File-Fetch/lib/File/Fetch.pm ---- File-Fetch/lib/File/Fetch.pm.cve 2016-02-05 16:26:05.000000000 +0100 -+++ File-Fetch/lib/File/Fetch.pm 2016-08-02 13:39:39.819316039 +0200 -@@ -567,6 +567,8 @@ sub _lwp_fetch { - - }; - -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; - unless( can_load( modules => $use_list ) ) { - $METHOD_FAIL->{'lwp'} = 1; - return; -@@ -619,6 +621,8 @@ sub _httptiny_fetch { - - }; - -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; - unless( can_load(modules => $use_list) ) { - $METHOD_FAIL->{'httptiny'} = 1; - return; -@@ -658,6 +662,8 @@ sub _httplite_fetch { - - }; - -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; - unless( can_load(modules => $use_list) ) { - $METHOD_FAIL->{'httplite'} = 1; - return; -@@ -733,6 +739,8 @@ sub _iosock_fetch { - 'IO::Select' => '0.0', - }; - -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; - unless( can_load(modules => $use_list) ) { - $METHOD_FAIL->{'iosock'} = 1; - return; -@@ -814,6 +822,8 @@ sub _netftp_fetch { - check( $tmpl, \%hash ) or return; - - ### required modules ### -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; - my $use_list = { 'Net::FTP' => 0 }; - - unless( can_load( modules => $use_list ) ) { diff --git a/perl-File-Fetch.spec b/perl-File-Fetch.spec index f986b57..55f265a 100644 --- a/perl-File-Fetch.spec +++ b/perl-File-Fetch.spec @@ -1,14 +1,14 @@ Name: perl-File-Fetch -Version: 0.48 -Release: 366%{?dist} +Version: 0.50 +Release: 1%{?dist} Summary: Generic file fetching mechanism License: GPL+ or Artistic Group: Development/Libraries URL: http://search.cpan.org/dist/File-Fetch/ Source0: http://www.cpan.org/authors/id/B/BI/BINGOS/File-Fetch-%{version}.tar.gz -# Avoid loading optional modules from default . (CVE-2016-1238) -Patch0: File-Fetch-0.48-CVE-2016-1238-avoid-loading-optional-modules-from.patch BuildArch: noarch +BuildRequires: findutils +BuildRequires: make BuildRequires: perl BuildRequires: perl-generators BuildRequires: perl(ExtUtils::MakeMaker) @@ -26,21 +26,21 @@ BuildRequires: perl(File::Temp) BuildRequires: perl(FileHandle) BuildRequires: perl(IPC::Cmd) >= 0.42 BuildRequires: perl(Locale::Maketext::Simple) -BuildRequires: perl(Module::Load::Conditional) >= 0.04 +BuildRequires: perl(Module::Load::Conditional) >= 0.66 BuildRequires: perl(Params::Check) >= 0.07 BuildRequires: perl(vars) # Keep all downaloaders optional (LWP, curl, rsync etc.). # Tests: BuildRequires: perl(Data::Dumper) -BuildRequires: perl(lib) BuildRequires: perl(IO::Socket::INET) +BuildRequires: perl(lib) BuildRequires: perl(Test::More) BuildRequires: perl(warnings) Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) Requires: perl(File::Spec) >= 0.82 Requires: perl(IPC::Cmd) >= 0.42 Requires: perl(Locale::Maketext::Simple) -Requires: perl(Module::Load::Conditional) >= 0.04 +Requires: perl(Module::Load::Conditional) >= 0.66 Requires: perl(Params::Check) >= 0.07 # Remove under-specified dependencies @@ -52,7 +52,6 @@ File::Fetch allows you to fetch any file pointed to by a "ftp", "http", %prep %setup -q -n File-Fetch-%{version} -%patch0 -p1 %build perl Makefile.PL INSTALLDIRS=vendor @@ -60,7 +59,7 @@ make %{?_smp_mflags} %install make pure_install DESTDIR=$RPM_BUILD_ROOT -find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \; +find $RPM_BUILD_ROOT -type f -name .packlist -delete %{_fixperms} $RPM_BUILD_ROOT/* %check @@ -72,6 +71,9 @@ make test %{_mandir}/man3/* %changelog +* Tue Aug 09 2016 Jitka Plesnikova <jples...@redhat.com> - 0.50-1 +- 0.50 bump + * Tue Aug 02 2016 Jitka Plesnikova <jples...@redhat.com> - 0.48-366 - Avoid loading optional modules from default . (CVE-2016-1238) diff --git a/sources b/sources index 0251513..3b360d9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -319dcd7886b3a51f54836915eecd7d53 File-Fetch-0.48.tar.gz +e9aa9aa0c11fe42d0890b267b422411d File-Fetch-0.50.tar.gz -- cgit v0.12 http://pkgs.fedoraproject.org/cgit/perl-File-Fetch.git/commit/?h=master&id=9d597749333a89d07cff91ea07159eba9b8ed3e2 -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org