Avoid loading optional modules from default . (CVE-2016-1238)

2016-08-02 14:55:29 +02:00 · 2016-08-02 14:55:29 +02:00 · 52e999e0b3
commit 52e999e0b3
parent 6ab757d628
1 changed files with 7 additions and 1 deletions
--- a/perl-Encode.spec
+++ b/perl-Encode.spec
@ -8,7 +8,7 @@ Version:        %{cpan_version}
 # perl-encoding sub-package has independent version which does not change
 # often and consecutive builds would clash on perl-encoding NEVRA. This is the
 # same case as in perl.spec.
-Release:        10%{?dist}
+Release:        11%{?dist}
 Summary:        Character encodings in Perl
 # ucm:          UCD
 # other files:  GPL+ or Artistic
@ -16,6 +16,8 @@ License:        (GPL+ or Artistic) and UCD
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/Encode/
 Source0:        http://www.cpan.org/authors/id/D/DA/DANKOGAI/Encode-%{cpan_version}.tar.gz
+#Avoid loading optional modules from default . (CVE-2016-1238)
+Patch0:         Encode-2.84-CVE-2016-1238-avoid-loading-optional-modules-from.patch
 BuildRequires:  coreutils
 BuildRequires:  findutils
 BuildRequires:  make
@ -126,6 +128,7 @@ your own encoding to perl. No knowledge of XS is necessary.

 %prep
 %setup -q -n Encode-%{cpan_version}
+%patch0 -p1

 %build
 # Additional scripts can be installed by appending MORE_SCRIPTS, UCM files by
@ -167,6 +170,9 @@ make test
 %{perl_vendorarch}/Encode/encode.h

 %changelog
+* Tue Aug 02 2016 Jitka Plesnikova <jplesnik@redhat.com> - 4:2.84-11
+- Avoid loading optional modules from default . (CVE-2016-1238)
+
 * Sat May 14 2016 Jitka Plesnikova <jplesnik@redhat.com> - 4:2.84-10
 - Increase epoch to favour standalone package