Resolves: RHEL-95465

Use 3 arg open in grep() (CVE-2011-10007)
2025-06-09 13:55:54 +02:00 · 2025-06-09 13:55:54 +02:00 · c8f26448ea
commit c8f26448ea
parent dc79dc8cca
6 changed files with 111 additions and 17 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
+1
--- a/File-Find-Rule-0.34-Fix-for-CVE-2011-10007-Use-3-arg-open-in-grep.patch
+++ b/File-Find-Rule-0.34-Fix-for-CVE-2011-10007-Use-3-arg-open-in-grep.patch
@ -0,0 +1,25 @@
+From df58128bcee4c1da78c34d7f3fe1357e575ad56f Mon Sep 17 00:00:00 2001
+From: Stig Palmquist <git@stig.io>
+Date: Thu, 5 Jun 2025 12:58:45 +0200
+Subject: [PATCH] Fix for CVE-2011-10007: Use 3 arg open in grep()`
+
+---
+ lib/File/Find/Rule.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/File/Find/Rule.pm b/lib/File/Find/Rule.pm
+index feccc76..d4dc475 100644
+--- a/lib/File/Find/Rule.pm
+++ b/lib/File/Find/Rule.pm
+@@ -420,7 +420,7 @@ sub grep {
+ 
+     $self->exec( sub {
+         local *FILE;
+-        open FILE, $_ or return;
+        open FILE, '<', $_ or return;
+         local ($_, $.);
+         while (<FILE>) {
+             for my $p (@pattern) {
+-- 
+2.49.0
+
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,7 @@
+# RHEL
+--- !Policy
+product_versions:
+  - rhel-*
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/perl-File-Find-Rule.spec
+++ b/perl-File-Find-Rule.spec
@ -1,30 +1,57 @@
-Name: 		perl-File-Find-Rule
-Version: 	0.34
-Release: 	8%{?dist}
-Summary: 	Perl module implementing an alternative interface to File::Find
-License: 	GPL+ or Artistic
-Group: 		Development/Libraries
-URL: 		http://search.cpan.org/dist/File-Find-Rule/
-Source0: 	http://www.cpan.org/authors/id/R/RC/RCLAMP/File-Find-Rule-%{version}.tar.gz
+Name:           perl-File-Find-Rule
+Version:        0.34
+Release:        9%{?dist}
+Summary:        Perl module implementing an alternative interface to File::Find
+License:        GPL+ or Artistic
+Group:          Development/Libraries
+URL:            http://search.cpan.org/dist/File-Find-Rule/
+Source0:        http://www.cpan.org/authors/id/R/RC/RCLAMP/File-Find-Rule-%{version}.tar.gz
+Patch0:         File-Find-Rule-0.34-Fix-for-CVE-2011-10007-Use-3-arg-open-in-grep.patch

-BuildArch: 	noarch
-BuildRequires:	perl-interpreter
-BuildRequires:	perl-generators
+BuildArch:      noarch
+BuildRequires:  make
+BuildRequires:  perl-generators
+BuildRequires:  perl-interpreter
+BuildRequires:  perl(Carp)
 BuildRequires:  perl(ExtUtils::MakeMaker)
 BuildRequires:  perl(File::Find)
 BuildRequires:  perl(File::Spec)
-BuildRequires: 	perl(Number::Compare)
-BuildRequires: 	perl(Text::Glob)
+BuildRequires:  perl(lib)
+BuildRequires:  perl(Number::Compare)
+BuildRequires:  perl(strict)
 BuildRequires:  perl(Test::More) >= 0.07
+BuildRequires:  perl(Text::Glob)
+BuildRequires:  perl(vars)
+BuildRequires:  perl(warnings)
+# Optional tests
+BuildRequires:  perl(Test::Differences)

-Requires:  	perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+
+%global __provides_exclude_from %{?__provides_exclude_from:%__provides_exclude_from|}^%{_libexecdir}

 %description
 File::Find::Rule is a friendlier interface to File::Find.  It allows
 you to build rules which specify the desired files and directories.

+%package tests
+Summary:        Tests for %{name}
+Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires:       perl(Test::Differences)
+Requires:       perl-Test-Harness
+
+%description tests
+Tests from %{name}. Execute them
+with "%{_libexecdir}/%{name}/test".
+
 %prep
 %setup -q -n File-Find-Rule-%{version}
+%patch -P0 -p1
+# Help generators to recognize Perl scripts
+for F in t/*.t; do
+    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!.*perl\b}{$Config{startperl}}' "$F"
+    chmod +x "$F"
+done

 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1
@ -32,7 +59,17 @@ make %{?_smp_mflags}

 %install
 make pure_install PERL_INSTALL_ROOT=$RPM_BUILD_ROOT
-chmod -R u+w $RPM_BUILD_ROOT/*
+%{_fixperms} $RPM_BUILD_ROOT/*
+
+# Install tests
+mkdir -p $RPM_BUILD_ROOT/%{_libexecdir}/%{name}
+cp -a t testdir $RPM_BUILD_ROOT/%{_libexecdir}/%{name}
+ln -s %{_bindir}/findrule %{buildroot}%{_libexecdir}/%{name}/
+cat > $RPM_BUILD_ROOT/%{_libexecdir}/%{name}/test << 'EOF'
+#!/bin/sh
+cd %{_libexecdir}/%{name} && exec prove -I . -j "$(getconf _NPROCESSORS_ONLN)"
+EOF
+chmod +x $RPM_BUILD_ROOT/%{_libexecdir}/%{name}/test

 %check
 make test
@ -40,11 +77,18 @@ make test
 %files
 %doc Changes
 %{_bindir}/findrule
-%{_mandir}/man1/*
+%{_mandir}/man1/findrule*
 %{perl_vendorlib}/File
-%{_mandir}/man3/*
+%{_mandir}/man3/File::Find::Rule*
+
+%files tests
+%{_libexecdir}/%{name}

 %changelog
+* Fri Jun 06 2025 Jitka Plesnikova <jplesnik@redhat.com> - 0.34-9
+- Use 3 arg open in grep() (CVE-2011-10007)
+- Package tests
+
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.34-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

--- a/plans/sanity.fmf
+++ b/plans/sanity.fmf
@ -0,0 +1,5 @@
+summary: Sanity tests
+discover:
+    how: fmf
+execute:
+    how: tmt
--- a/tests/upstream-tests.fmf
+++ b/tests/upstream-tests.fmf
@ -0,0 +1,12 @@
+summary: Upstream tests
+contact: Jitka Plesnikova <jplesnik@redhat.com>
+component: perl-File-Find-Rule
+require: perl-File-Find-Rule-tests
+test: /usr/libexec/perl-File-Find-Rule/test
+enabled: true
+tag:
+  - rhel-buildroot
+adjust:
+  - enabled: false
+    when: distro < rhel-8 or distro < centos-stream-8
+    continue: false