rpms/perl
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix code injection in Digest

Browse Source
This commit is contained in:
Petr Písař 2011-10-04 13:39:56 +02:00
parent a9571e50ea
commit e6745c245a
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
perl-5.14.2-digest_eval.patch Normal file
View File

@ -0,0 +1,28 @@
From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 4 Oct 2011 13:46:39 +0200
Subject: [PATCH] Fix code injection in Digest
See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
---
cpan/Digest/Digest.pm | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
index 384dfc8..4b923ae 100644
--- a/cpan/Digest/Digest.pm
+++ b/cpan/Digest/Digest.pm
@@ -35,7 +35,9 @@ sub new
($class, @args) = @$class if ref($class);
no strict 'refs';
unless (exists ${"$class\::"}{"VERSION"}) {
- eval "require $class";
+ my $pm_file = $class . ".pm";
+ $pm_file =~ s{::}{/}g;
+ eval { require $pm_file };
if ($@) {
$err ||= $@;
next;
--
1.7.6.4

10
perl.spec
View File

@ -22,7 +22,7 @@
Name: perl Name: perl
Version: %{perl_version} Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise # release number must be even higher, because dual-lived modules will be broken otherwise
Release: 194%{?dist} Release: 195%{?dist}
Epoch: %{perl_epoch} Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language Summary: Practical Extraction and Report Language
Group: Development/Languages Group: Development/Languages
@ -68,6 +68,9 @@ Patch7: perl-5.10.0-x86_64-io-test-failure.patch
# switch off test, which is failing only on koji (fork) # switch off test, which is failing only on koji (fork)
Patch8: perl-5.14.1-offtest.patch Patch8: perl-5.14.1-offtest.patch
# Fix code injection in Digest, rhbz #743010, RT#71390, fixed in Digest-1.17.
Patch9: perl-5.14.2-digest_eval.patch
# Update some of the bundled modules # Update some of the bundled modules
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions # see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@ -1116,6 +1119,7 @@ tarball from perl.org.
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1
#copy the example script #copy the example script
cp -a %{SOURCE5} . cp -a %{SOURCE5} .
@ -1310,6 +1314,7 @@ pushd %{build_archlib}/CORE/
'Fedora Patch5: USE_MM_LD_RUN_PATH' \ 'Fedora Patch5: USE_MM_LD_RUN_PATH' \
'Fedora Patch6: Skip hostname tests, due to builders not being network capable' \ 'Fedora Patch6: Skip hostname tests, due to builders not being network capable' \
'Fedora Patch7: Dont run one io test due to random builder failures' \ 'Fedora Patch7: Dont run one io test due to random builder failures' \
'Fedora Patch9: Fix code injection in Digest->new()' \
%{nil} %{nil}
rm patchlevel.bak rm patchlevel.bak
@ -2209,6 +2214,9 @@ sed \
# Old changelog entries are preserved in CVS. # Old changelog entries are preserved in CVS.
%changelog %changelog
* Tue Oct 04 2011 Petr Pisar <ppisar@redhat.com> - 4:5.14.2-195
- Fix code injection in Digest (bug #743010)
* Tue Oct 04 2011 Iain Arnell <iarnell@gmail.com> 4:5.14.2-194 * Tue Oct 04 2011 Iain Arnell <iarnell@gmail.com> 4:5.14.2-194
- add provide for perl(:MODULE_COMPAT_5.14.2) - add provide for perl(:MODULE_COMPAT_5.14.2)