From c161d7d7375798dbd0cc3e174cd7bfe3e5ad1b2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Tue, 12 Jan 2016 09:52:19 +0100
Subject: 3.62 bump
---
.gitignore | 1 +
...nsure-File-Spec-canonpath-preserves-taint.patch | 71 ----------------------
perl-PathTools.spec | 10 +--
sources | 2 +-
4 files changed, 7 insertions(+), 77 deletions(-)
delete mode 100644 perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch
diff --git a/.gitignore b/.gitignore
index c6000cd..b536e2e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
/PathTools-3.47.tar.gz
/PathTools-3.59.tar.gz
/PathTools-3.60.tar.gz
+/PathTools-3.62.tar.gz
diff --git a/perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch
b/perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch
deleted file mode 100644
index da935ce..0000000
--- a/perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 0b6f93036de171c12ba95d415e264d9cf7f4e1fd Mon Sep 17 00:00:00 2001
-From: Tony Cook <t...@develop-help.com>
-Date: Tue, 15 Dec 2015 10:56:54 +1100
-Subject: [PATCH] ensure File::Spec::canonpath() preserves taint
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Previously the unix specific XS implementation of canonpath() would
-return an untainted path when supplied a tainted path.
-
-For the empty string case, newSVpvs() already sets taint as needed on
-its result.
-
-This issue was assigned CVE-2015-8607. [perl #126862]
-
-Signed-off-by: Petr Písař <ppi...@redhat.com>
----
- dist/PathTools/Cwd.xs | 1 +
- dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
- 2 files changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
-index 9d4dcf0..3d018dc 100644
---- a/dist/PathTools/Cwd.xs
-+++ b/dist/PathTools/Cwd.xs
-@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
- *o = 0;
- SvPOK_on(retval);
- SvCUR_set(retval, o - SvPVX(retval));
-+ SvTAINT(retval);
- return retval;
- }
-
-diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
-index 309b3e5..48f8c5b 100644
---- a/dist/PathTools/t/taint.t
-+++ b/dist/PathTools/t/taint.t
-@@ -12,7 +12,7 @@ use Test::More;
- BEGIN {
- plan(
- ${^TAINT}
-- ? (tests => 17)
-+ ? (tests => 21)
- : (skip_all => "A perl without taint support")
- );
- }
-@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
-
- # Previous versions of Cwd tainted $^O
- is !tainted($^O), 1, "\$^O should not be tainted";
-+
-+{
-+ # [perl #126862] canonpath() loses taint
-+ my $tainted = substr($ENV{PATH}, 0, 0);
-+ # yes, getcwd()'s result should be tainted, and is tested above
-+ # but be sure
-+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
-+ "canonpath() keeps taint on non-empty string";
-+ ok tainted(File::Spec->canonpath($tainted)),
-+ "canonpath() keeps taint on empty string";
-+
-+ (Cwd::getcwd() =~ /^(.*)/);
-+ my $untainted = $1;
-+ ok !tainted($untainted), "make sure our untainted value is untainted";
-+ ok !tainted(File::Spec->canonpath($untainted)),
-+ "canonpath() doesn't add taint to untainted string";
-+}
---
-2.5.0
-
diff --git a/perl-PathTools.spec b/perl-PathTools.spec
index 50ceec4..34a777f 100644
--- a/perl-PathTools.spec
+++ b/perl-PathTools.spec
@@ -1,6 +1,6 @@
Name: perl-PathTools
-Version: 3.60
-Release: 2%{?dist}
+Version: 3.62
+Release: 1%{?dist}
Summary: PathTools Perl module (Cwd, File::Spec)
License: (GPL+ or Artistic) and BSD
Group: Development/Libraries
@@ -8,8 +8,6 @@ URL: http://search.cpan.org/dist/PathTools/
Source0:
http://www.cpan.org/authors/id/R/RJ/RJBS/PathTools-%{version}.tar.gz
# Disable VMS test (bug #973713)
Patch0: PathTools-3.47-Disable-VMS-tests.patch
-# Fix CVE-2015-8607 (File::Spec::canonpath() loses tain), bug #1297455
-Patch1: perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch
BuildRequires: coreutils
BuildRequires: findutils
BuildRequires: gcc
@@ -45,7 +43,6 @@ This is the combined distribution for the File::Spec and Cwd
modules.
%prep
%setup -q -n PathTools-%{version}
%patch0 -p1
-%patch1 -p3
# Do not distribute File::Spec::VMS as it works on VMS only (bug #973713)
rm lib/File/Spec/VMS.pm
@@ -76,6 +73,9 @@ make test
%{_mandir}/man3/*
%changelog
+* Tue Jan 12 2016 Petr Pisar <ppi...@redhat.com> - 3.62-1
+- 3.62 bump
+
* Mon Jan 11 2016 Petr Pisar <ppi...@redhat.com> - 3.60-2
- Fix CVE-2015-8607 (File::Spec::canonpath() loses tain) (bug #1297455)
diff --git a/sources b/sources
index cee9eef..e37fd65 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-0251a2b9529da8395be7c7a6a1cb400d PathTools-3.60.tar.gz
+bfe148a89064078cf162504c30a4c41a PathTools-3.62.tar.gz
--
cgit v0.11.2
http://pkgs.fedoraproject.org/cgit/perl-PathTools.git/commit/?h=f23&id=c161d7d7375798dbd0cc3e174cd7bfe3e5ad1b2f
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
