.gitignore

@@ -1,2 +1 @@
-SOURCES/File-Path-2.12.tar.gz
-/File-Path-2.12.tar.gz
+SOURCES/File-Path-2.16.tar.gz

.perl-File-Path.metadata

@@ -0,0 +1 @@
+7fc30660422cb0452297df85345f00d74da3f844 SOURCES/File-Path-2.16.tar.gz

File-Path-2.12-Prevent-directory-chmod-race-attack.patch

@@ -1,165 +0,0 @@
-From e9cc25a6109e9191bcbf59a967ed6c60b0156f72 Mon Sep 17 00:00:00 2001
-From: John Lightsey <john@nixnuts.net>
-Date: Tue, 2 May 2017 12:03:52 -0500
-Subject: [PATCH] Prevent directory chmod race attack.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-2017-6512 is a race condition attack where the chmod() of directories
-that cannot be entered is misused to change the permissions on other
-files or directories on the system. This has been corrected by limiting
-the directory-permission loosening logic to systems where fchmod() is
-supported.
-
-Petr Písař: Ported to 2.12.
-
-Signed-off-by: Petr Písař <ppisar@redhat.com>
----
- lib/File/Path.pm | 39 +++++++++++++++++++++++++--------------
- t/Path.t         | 40 ++++++++++++++++++++++++++--------------
- 2 files changed, 51 insertions(+), 28 deletions(-)
-
-diff --git a/lib/File/Path.pm b/lib/File/Path.pm
-index 36f12cc..871f43a 100644
---- a/lib/File/Path.pm
-+++ b/lib/File/Path.pm
-@@ -354,21 +354,32 @@ sub _rmtree {
- 
-                 # see if we can escalate privileges to get in
-                 # (e.g. funny protection mask such as -w- instead of rwx)
--                $perm &= oct '7777';
--                my $nperm = $perm | oct '700';
--                if (
--                    !(
--                           $arg->{safe}
--                        or $nperm == $perm
--                        or chmod( $nperm, $root )
--                    )
--                  )
--                {
--                    _error( $arg,
--                        "cannot make child directory read-write-exec", $canon );
--                    next ROOT_DIR;
-+                # This uses fchmod to avoid traversing outside of the proper
-+                # location (CVE-2017-6512)
-+                my $root_fh;
-+                if (open($root_fh, '<', $root)) {
-+                    my ($fh_dev, $fh_inode) = (stat $root_fh )[0,1];
-+                    $perm &= oct '7777';
-+                    my $nperm = $perm | oct '700';
-+                    local $@;
-+                    if (
-+                        !(
-+                            $arg->{safe}
-+                           or $nperm == $perm
-+                           or !-d _
-+                           or $fh_dev ne $ldev
-+                           or $fh_inode ne $lino
-+                           or eval { chmod( $nperm, $root_fh ) }
-+                        )
-+                      )
-+                    {
-+                        _error( $arg,
-+                            "cannot make child directory read-write-exec", $canon );
-+                        next ROOT_DIR;
-+                    }
-+                    close $root_fh;
-                 }
--                elsif ( !chdir($root) ) {
-+                if ( !chdir($root) ) {
-                     _error( $arg, "cannot chdir to child", $canon );
-                     next ROOT_DIR;
-                 }
-diff --git a/t/Path.t b/t/Path.t
-index 5644f57..fffc49c 100755
---- a/t/Path.t
-+++ b/t/Path.t
-@@ -3,7 +3,7 @@
- 
- use strict;
- 
--use Test::More tests => 127;
-+use Test::More tests => 126;
- use Config;
- use Fcntl ':mode';
- use lib 't/';
-@@ -17,6 +17,13 @@ BEGIN {
- 
- my $Is_VMS = $^O eq 'VMS';
- 
-+my $fchmod_supported = 0;
-+if (open my $fh, curdir()) {
-+    my ($perm) = (stat($fh))[2];
-+    $perm &= 07777;
-+    eval { $fchmod_supported = chmod( $perm, $fh); };
-+}
-+
- # first check for stupid permissions second for full, so we clean up
- # behind ourselves
- for my $perm (0111,0777) {
-@@ -298,16 +305,19 @@ is($created[0], $dir, "created directory (old style 3 mode undef) cross-check");
- 
- is(rmtree($dir, 0, undef), 1, "removed directory 3 verbose undef");
- 
--$dir = catdir($tmp_base,'G');
--$dir = VMS::Filespec::unixify($dir) if $Is_VMS;
-+SKIP: {
-+    skip "fchmod of directories not supported on this platform", 3 unless $fchmod_supported;
-+    $dir = catdir($tmp_base,'G');
-+    $dir = VMS::Filespec::unixify($dir) if $Is_VMS;
- 
--@created = mkpath($dir, undef, 0200);
-+    @created = mkpath($dir, undef, 0400);
- 
--is(scalar(@created), 1, "created write-only dir");
-+    is(scalar(@created), 1, "created read-only dir");
- 
--is($created[0], $dir, "created write-only directory cross-check");
-+    is($created[0], $dir, "created read-only directory cross-check");
- 
--is(rmtree($dir), 1, "removed write-only dir");
-+    is(rmtree($dir), 1, "removed read-only dir");
-+}
- 
- # borderline new-style heuristics
- if (chdir $tmp_base) {
-@@ -449,26 +459,28 @@ SKIP: {
- }
- 
- SKIP : {
--    my $skip_count = 19;
-+    my $skip_count = 18;
-     # this test will fail on Windows, as per:
-     #   http://perldoc.perl.org/perlport.html#chmod
- 
-     skip "Windows chmod test skipped", $skip_count
-         if $^O eq 'MSWin32';
-+    skip "fchmod() on directories is not supported on this platform", $skip_count
-+        unless $fchmod_supported;
-     my $mode;
-     my $octal_mode;
-     my @inputs = (
--      0777, 0700, 0070, 0007,
--      0333, 0300, 0030, 0003,
--      0111, 0100, 0010, 0001,
--      0731, 0713, 0317, 0371, 0173, 0137,
--      00 );
-+      0777, 0700, 0470, 0407,
-+      0433, 0400, 0430, 0403,
-+      0111, 0100, 0110, 0101,
-+      0731, 0713, 0317, 0371,
-+      0173, 0137);
-     my $input;
-     my $octal_input;
--    $dir = catdir($tmp_base, 'chmod_test');
- 
-     foreach (@inputs) {
-         $input = $_;
-+        $dir = catdir($tmp_base, sprintf("chmod_test%04o", $input));
-         # We can skip from here because 0 is last in the list.
-         skip "Mode of 0 means assume user defaults on VMS", 1
-           if ($input == 0 && $Is_VMS);
--- 
-2.9.4
-

SPECS/perl-File-Path.spec

@@ -1,23 +1,18 @@
 Name:           perl-File-Path
-Version:        2.12
-Release:        368%{?dist}
+Version:        2.16
+Release:        439%{?dist}
 Summary:        Create or remove directory trees
 License:        GPL+ or Artistic
-Group:          Development/Libraries
-URL:            http://search.cpan.org/dist/File-Path/
-Source0:        http://www.cpan.org/authors/id/R/RI/RICHE/File-Path-%{version}.tar.gz
-# Fix CVE-2017-6512 (setting arbitrary mode on an arbitrary file in rmtree()
-# and remove_tree()), bug #1457834, CPAN RT#121951, in upstream 2.13
-Patch0:         File-Path-2.12-Prevent-directory-chmod-race-attack.patch
+URL:            https://metacpan.org/release/File-Path
+Source0:        https://cpan.metacpan.org/authors/id/J/JK/JKEENAN/File-Path-%{version}.tar.gz
 BuildArch:      noarch
 BuildRequires:  coreutils
 BuildRequires:  findutils
 BuildRequires:  make
-BuildRequires:  perl
 BuildRequires:  perl-generators
-BuildRequires:  perl(ExtUtils::MakeMaker)
+BuildRequires:  perl-interpreter
+BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:  perl(strict)
-# ExtUtils::MakeMaker::Coverage not used
 # Run-time:
 BuildRequires:  perl(Carp)
 BuildRequires:  perl(Cwd)
@@ -29,11 +24,13 @@ BuildRequires:  perl(vars)
 # Tests:
 BuildRequires:  perl(base)
 BuildRequires:  perl(Config)
+BuildRequires:  perl(Errno)
 BuildRequires:  perl(Fcntl)
 BuildRequires:  perl(File::Spec::Functions)
 BuildRequires:  perl(lib)
 BuildRequires:  perl(SelectSaver)
-BuildRequires:  perl(Test::More)
+# Test::More version from Test::Simple in META
+BuildRequires:  perl(Test::More) >= 0.44
 BuildRequires:  perl(warnings)
 Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 Requires:       perl(Carp)
@@ -44,15 +41,13 @@ depth and to delete an entire directory subtree from the file system.
 
 %prep
 %setup -q -n File-Path-%{version}
-%patch0 -p1
 
 %build
-perl Makefile.PL INSTALLDIRS=vendor
+perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1
 make %{?_smp_mflags}
 
 %install
 make pure_install DESTDIR=$RPM_BUILD_ROOT
-find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \;
 %{_fixperms} $RPM_BUILD_ROOT/*
 
 %check
@@ -64,8 +59,44 @@ make test
 %{_mandir}/man3/*
 
 %changelog
-* Fri Mar 29 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.12-368
-- Rebuild with enable hardening (bug #1636329)
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.16-439
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.16-438
+- Increase release to favour standalone package
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.16-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Sep 04 2018 Petr Pisar <ppisar@redhat.com> - 2.16-1
+- 2.16 bump
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.15-417
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.15-416
+- Increase release to favour standalone package
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.15-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Jul 31 2017 Petr Pisar <ppisar@redhat.com> - 2.15-1
+- 2.15 bump
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.14-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Thu Jun 08 2017 Petr Pisar <ppisar@redhat.com> - 2.14-1
+- 2.14 bump
+
+* Wed Jun 07 2017 Jitka Plesnikova <jplesnik@redhat.com> - 2.13-2
+- Perl 5.26 re-rebuild of bootstrapped packages
+
+* Mon Jun 05 2017 Petr Pisar <ppisar@redhat.com> - 2.13-1
+- 2.13 bump
+
+* Sat Jun 03 2017 Jitka Plesnikova <jplesnik@redhat.com> - 2.12-393
+- Perl 5.26 rebuild
 
 * Thu Jun 01 2017 Petr Pisar <ppisar@redhat.com> - 2.12-367
 - Fix CVE-2017-6512 (setting arbitrary mode on an arbitrary file in rmtree()

perl-File-Path.rpmlintrc

@@ -1,2 +0,0 @@
-from Config import *
-addFilter("spelling-error .* subtree");

sources

@@ -1 +0,0 @@
-SHA512 (File-Path-2.12.tar.gz) = be13d2c9bcf3ee1e08f40c3a11bfcc58dd2f966bebd54b84e841c6c2feaae64d972378bd803b61b63b527021d97d4503bd326118b4a0c46d34098d00e0782ec5