import perl-Digest-1.17-395.module_el8.1.0+225+978beb03

9 months ago · f0ae2e6224
commit f0ae2e6224
4 changed files with 172 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+SOURCES/Digest-1.17.tar.gz
--- a/.perl-Digest.metadata
+++ b/.perl-Digest.metadata
@ -0,0 +1 @@
+7f06ec78496a8a865313be75d1905d73ced602e9 SOURCES/Digest-1.17.tar.gz
--- a/SOURCES/Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
+++ b/SOURCES/Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
@ -0,0 +1,41 @@
+From 8cfc4916736280dd76655fdef5b78331bfac414d Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Wed, 27 Jul 2016 14:04:59 +1000
+Subject: [PATCH] CVE-2016-1238: prevent loading optional modules from default
+ .
+
+Digest attempts to load Digest::SHA, only failing if Digest::SHA2
+is also unavailable.
+
+If a system has Digest installed, but not Digest::SHA, and a user
+attempts to run a program using Digest with SHA-256 from a world
+writable directory such as /tmp and since perl adds "." to the end
+of @INC an attacker can run code as the original user by creating
+/tmp/Digest/SHA.pm.
+
+The change temporarily removes the default "." entry from the end of
+@INC preventing that attack.
+---
+ Digest.pm | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/Digest.pm b/Digest.pm
+index 2ae6eec..c75649f 100644
+--- a/Digest.pm
+++ b/Digest.pm
+@@ -42,7 +42,11 @@ sub new
+         unless (exists ${"$class\::"}{"VERSION"}) {
+             my $pm_file = $class . ".pm";
+             $pm_file =~ s{::}{/}g;
+-            eval { require $pm_file };
+            eval {
+                local @INC = @INC;
+                pop @INC if $INC[-1] eq '.';
+                require $pm_file;
+            };
+             if ($@) {
+                 $err ||= $@;
+                 next;
+-- 
+2.1.4
+
--- a/SPECS/perl-Digest.spec
+++ b/SPECS/perl-Digest.spec
@ -0,0 +1,129 @@
+Name:           perl-Digest
+Version:        1.17
+Release:        395%{?dist}
+Summary:        Modules that calculate message digests
+License:        GPL+ or Artistic
+Group:          Development/Libraries
+URL:            http://search.cpan.org/dist/Digest/
+Source0:        http://www.cpan.org/authors/id/G/GA/GAAS/Digest-%{version}.tar.gz
+# Avoid loading optional modules from default . (CVE-2016-1238)
+Patch0:         Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
+BuildArch:      noarch
+BuildRequires:  coreutils
+BuildRequires:  findutils
+BuildRequires:  make
+BuildRequires:  perl-interpreter
+BuildRequires:  perl-generators
+BuildRequires:  perl(Carp)
+BuildRequires:  perl(Exporter)
+BuildRequires:  perl(ExtUtils::MakeMaker)
+BuildRequires:  perl(MIME::Base64)
+# Tests only:
+BuildRequires:  perl(lib)
+BuildRequires:  perl(Test::More) >= 0.47
+Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Requires:       perl(MIME::Base64)
+
+%description
+The Digest:: modules calculate digests, also called "fingerprints" or
+"hashes", of some data, called a message. The digest is (usually)
+some small/fixed size string. The actual size of the digest depend of
+the algorithm used. The message is simply a sequence of arbitrary
+bytes or bits.
+
+%prep
+%setup -q -n Digest-%{version}
+%patch0 -p1
+chmod -x digest-bench
+
+%build
+%{__perl} Makefile.PL INSTALLDIRS=vendor
+make %{?_smp_mflags}
+
+%install
+make pure_install PERL_INSTALL_ROOT=$RPM_BUILD_ROOT
+find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \;
+find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null \;
+%{_fixperms} $RPM_BUILD_ROOT/*
+
+%check
+make test
+
+%files
+%doc Changes digest-bench README
+%{perl_vendorlib}/*
+%{_mandir}/man3/*
+
+%changelog
+* Thu Apr 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.17-395
+- Rebuilt for MSVSphere 8.9
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-395
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-394
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Jun 03 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-393
+- Perl 5.26 rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-367
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Aug 02 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-366
+- Avoid loading optional modules from default . (CVE-2016-1238)
+
+* Sat May 14 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-365
+- Increase release to favour standalone package
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-347
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-346
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Thu Jun 04 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-345
+- Increase release to favour standalone package
+
+* Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-311
+- Perl 5.22 rebuild
+
+* Wed Sep 03 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-310
+- Increase release to favour standalone package
+
+* Tue Aug 26 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-293
+- Perl 5.20 rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-292
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-291
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Mon Jul 15 2013 Petr Pisar <ppisar@redhat.com> - 1.17-290
+- Increase release to favour standalone package
+
+* Fri Jul 12 2013 Petr Pisar <ppisar@redhat.com> - 1.17-245
+- Perl 5.18 rebuild
+
+* Fri May 03 2013 Petr Pisar <ppisar@redhat.com> - 1.17-244
+- Increase release number to supersede perl sub-package (bug #957931)
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-241
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Mon Aug 13 2012 Marcela Mašláňová <mmaslano@redhat.com> - 1.17-240
+- bump release to override sub-package from perl.spec
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Wed Jun 06 2012 Petr Pisar <ppisar@redhat.com> - 1.17-3
+- Perl 5.16 rebuild
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Oct 04 2011 Petr Pisar <ppisar@redhat.com> 1.17-1
+- Specfile autogenerated by cpanspec 1.78.
+- Remove BuildRoot and defattr from spec code.
				`@ -0,0 +1 @@`
				`7f06ec78496a8a865313be75d1905d73ced602e9 SOURCES/Digest-1.17.tar.gz`