Avoid loading optional modules from default . (CVE-2016-1238)

ExtUtils-ParseXS-3.31-CVE-2016-1238-avoid-loading-optional-modules-from.patch

@@ -0,0 +1,10 @@
+diff -up ExtUtils-ParseXS/lib/ExtUtils/xsubpp.cve ExtUtils-ParseXS/lib/ExtUtils/xsubpp
+--- ExtUtils-ParseXS/lib/ExtUtils/xsubpp.cve	2016-02-05 16:26:05.000000000 +0100
++++ ExtUtils-ParseXS/lib/ExtUtils/xsubpp	2016-08-02 13:39:39.791316159 +0200
+@@ -1,5 +1,6 @@
+ #!perl
+ use 5.006;
++BEGIN { pop @INC if $INC[-1] eq '.' }
+ use strict;
+ eval {
+   require ExtUtils::ParseXS;

perl-ExtUtils-ParseXS.spec

@@ -3,7 +3,7 @@ Name:           perl-ExtUtils-ParseXS
 # Epoch to compete with perl.spec
 Epoch:          1
 Version:        3.31
-Release:        365%{?dist}
+Release:        366%{?dist}
 Summary:        Module and a script for converting Perl XS code into C code
 License:        GPL+ or Artistic
 Group:          Development/Libraries
@@ -11,6 +11,8 @@ URL:            http://search.cpan.org/dist/ExtUtils-ParseXS/
 Source0:        http://www.cpan.org/authors/id/S/SM/SMUELLER/ExtUtils-ParseXS-%{base_version}.tar.gz
 # Unbundled from perl 5.24.0
 Patch0:         ExtUtils-ParseXS-3.30-Upgrade-to-3.31.patch
+# Avoid loading optional modules from default . (CVE-2016-1238)
+Patch1:         ExtUtils-ParseXS-3.31-CVE-2016-1238-avoid-loading-optional-modules-from.patch
 BuildArch:      noarch
 BuildRequires:  coreutils
 BuildRequires:  findutils
@@ -56,6 +58,7 @@ the glue necessary to let Perl access those functions.
 %prep
 %setup -q -n ExtUtils-ParseXS-%{base_version}
 %patch0 -p1
+%patch1 -p1
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor
@@ -80,6 +83,9 @@ make test
 %{_mandir}/man3/*
 
 %changelog
+* Wed Aug 03 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.31-366
+- Avoid loading optional modules from default . (CVE-2016-1238)
+
 * Sat May 14 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.31-365
 - Increase release to favour standalone package