diff --git a/Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch new file mode 100644 index 0000000..f02f43d --- /dev/null +++ b/Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch @@ -0,0 +1,11 @@ +diff -up Module-CoreList/corelist.cve Module-CoreList/corelist +--- Module-CoreList/corelist.cve 2016-02-05 16:26:05.000000000 +0100 ++++ Module-CoreList/corelist 2016-08-05 09:16:43.129306210 +0200 +@@ -130,6 +130,7 @@ requested perl versions. + + =cut + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use Module::CoreList; + use Getopt::Long qw(:config no_ignore_case); + use Pod::Usage; diff --git a/perl-Module-CoreList.spec b/perl-Module-CoreList.spec index d2b1c7c..cfad5e4 100644 --- a/perl-Module-CoreList.spec +++ b/perl-Module-CoreList.spec @@ -2,12 +2,14 @@ Name: perl-Module-CoreList # Epoch to compete with perl.spec Epoch: 1 Version: 5.20160720 -Release: 1%{?dist} +Release: 2%{?dist} Summary: What modules are shipped with versions of perl License: GPL+ or Artistic Group: Development/Libraries URL: http://search.cpan.org/dist/Module-CoreList/ Source0: http://www.cpan.org/authors/id/B/BI/BINGOS/Module-CoreList-%{version}.tar.gz +# Avoid loading optional modules from default . (CVE-2016-1238) +Patch0: Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch BuildArch: noarch BuildRequires: findutils BuildRequires: make @@ -59,6 +61,7 @@ modules were shipped with given perl version. %prep %setup -q -n Module-CoreList-%{version} +%patch0 -p1 %build perl Makefile.PL INSTALLDIRS=vendor @@ -83,6 +86,9 @@ make test %{_mandir}/man1/corelist.* %changelog +* Fri Aug 05 2016 Jitka Plesnikova - 1:5.20160720-2 +- Avoid loading optional modules from default . (CVE-2016-1238) + * Thu Jul 21 2016 Petr Pisar - 1:5.20160720-1 - 5.20160720 bump