diff --git a/IO-Compress-2.069-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/IO-Compress-2.069-CVE-2016-1238-avoid-loading-optional-modules-from.patch deleted file mode 100644 index ec3c056..0000000 --- a/IO-Compress-2.069-CVE-2016-1238-avoid-loading-optional-modules-from.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -ru IO-Compress-2.069-orig/bin/zipdetails IO-Compress-2.069/bin/zipdetails ---- IO-Compress-2.069-orig/bin/zipdetails 2014-01-31 07:52:56.000000000 +1100 -+++ IO-Compress-2.069/bin/zipdetails 2016-07-28 10:10:17.812926303 +1000 -@@ -5,6 +5,7 @@ - # Display info on the contents of a Zip file - # - -+BEGIN { pop @INC if $INC[-1] eq '.' } - use strict; - use warnings ; - -diff -ru IO-Compress-2.069-orig/lib/IO/Uncompress/AnyUncompress.pm IO-Compress-2.069/lib/IO/Uncompress/AnyUncompress.pm ---- IO-Compress-2.069-orig/lib/IO/Uncompress/AnyUncompress.pm 2015-09-27 04:34:31.000000000 +1000 -+++ IO-Compress-2.069/lib/IO/Uncompress/AnyUncompress.pm 2016-07-28 10:08:45.064332089 +1000 -@@ -27,6 +27,8 @@ - - BEGIN - { -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; - eval ' use IO::Uncompress::Adapter::Inflate 2.069 ;'; - eval ' use IO::Uncompress::Adapter::Bunzip2 2.069 ;'; - eval ' use IO::Uncompress::Adapter::LZO 2.069 ;'; diff --git a/perl-IO-Compress.spec b/perl-IO-Compress.spec index 6a3afd4..d4a9398 100644 --- a/perl-IO-Compress.spec +++ b/perl-IO-Compress.spec @@ -2,15 +2,13 @@ %{?perl_default_filter} Name: perl-IO-Compress -Version: 2.069 -Release: 367%{?dist} +Version: 2.070 +Release: 1%{?dist} Summary: Read and write compressed data License: GPL+ or Artistic Group: Development/Libraries URL: http://search.cpan.org/dist/IO-Compress/ Source0: http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/IO-Compress-%{version}.tar.gz -# Avoid loading optional modules from default . (CVE-2016-1238) -Patch0: IO-Compress-2.069-CVE-2016-1238-avoid-loading-optional-modules-from.patch BuildArch: noarch # Module Build BuildRequires: coreutils @@ -83,7 +81,6 @@ included with the IO-Compress distribution: %prep %setup -q -n IO-Compress-%{version} -%patch0 -p1 # Remove spurious exec permissions chmod -c -x lib/IO/Uncompress/{Adapter/Identity,RawInflate}.pm @@ -99,8 +96,8 @@ make %{?_smp_mflags} %install make pure_install DESTDIR=%{buildroot} INSTALLDIRS=perl -find %{buildroot} -type f -name .packlist -exec rm -f {} ';' -%{_fixperms} %{buildroot} +find %{buildroot} -type f -name .packlist -delete +%{_fixperms} -c %{buildroot} %check # Build using "--without long_tests" to avoid very long tests @@ -134,6 +131,13 @@ make test COMPRESS_ZLIB_RUN_%{?with_long_tests:ALL}%{!?with_long_tests:MOST}=1 %{_mandir}/man3/IO::Uncompress::*.3* %changelog +* Thu Dec 29 2016 Paul Howarth - 2.070-1 +- Update to 2.070 + - Fix prototype errors while lazy loading File::GlobMapper (CPAN RT#117675) + - zipdetails: Avoid loading optional modules from default . (CPAN RT#116538, + CVE-2016-1238) +- Simplify find command using -delete + * Tue Aug 02 2016 Jitka Plesnikova - 2.069-367 - Avoid loading optional modules from default . (CVE-2016-1238) diff --git a/sources b/sources index f429917..be19d7f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b26925161e3f01919f60344d1bbb49c4 IO-Compress-2.069.tar.gz +SHA512 (IO-Compress-2.070.tar.gz) = f0c269174ac4708d2a2434ad9ad29d3f35e967b3084caba102b66352ce978ba27c4579a7e69bddbe3ed41853f6db2c1ca53880ce313995ad813ac6b96dd67748