rpms
/
perl-Digest
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-stream-5.26
rpms:c8-stream-5.26
rpms:i8c-stream-5.24
rpms:c8-stream-5.24
rpms:i8c-beta-stream-5.32
rpms:c8-beta-stream-5.32
rpms:i8c-stream-5.32
rpms:c8-stream-5.32
rpms:i8c-stream-5.30
rpms:c8-stream-5.30
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
..
compare: rpms:i8c-stream-5.26
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-stream-5.26
rpms:c8-stream-5.26
rpms:i8c-stream-5.24
rpms:c8-stream-5.24
rpms:i8c-beta-stream-5.32
rpms:c8-beta-stream-5.32
rpms:i8c-stream-5.32
rpms:c8-stream-5.32
rpms:i8c-stream-5.30
rpms:c8-stream-5.30
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i8c-stream-5.26' have entirely different histories.
c9 ... i8c-stream

4 changed files with 64 additions and 54 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/Digest-1.19.tar.gz
SOURCES/Digest-1.17.tar.gz

2
.perl-Digest.metadata
Unescape View File

@ -1 +1 @@
cc7cc59b4984cb12611951709be2656128133628 SOURCES/Digest-1.19.tar.gz
7f06ec78496a8a865313be75d1905d73ced602e9 SOURCES/Digest-1.17.tar.gz

41
SOURCES/Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
Unescape View File

@ -0,0 +1,41 @@
From 8cfc4916736280dd76655fdef5b78331bfac414d Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Wed, 27 Jul 2016 14:04:59 +1000
Subject: [PATCH] CVE-2016-1238: prevent loading optional modules from default
.
Digest attempts to load Digest::SHA, only failing if Digest::SHA2
is also unavailable.
If a system has Digest installed, but not Digest::SHA, and a user
attempts to run a program using Digest with SHA-256 from a world
writable directory such as /tmp and since perl adds "." to the end
of @INC an attacker can run code as the original user by creating
/tmp/Digest/SHA.pm.
The change temporarily removes the default "." entry from the end of
@INC preventing that attack.
---
Digest.pm | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/Digest.pm b/Digest.pm
index 2ae6eec..c75649f 100644
--- a/Digest.pm
+++ b/Digest.pm
@@ -42,7 +42,11 @@ sub new
unless (exists ${"$class\::"}{"VERSION"}) {
my $pm_file = $class . ".pm";
$pm_file =~ s{::}{/}g;
- eval { require $pm_file };
+ eval {
+ local @INC = @INC;
+ pop @INC if $INC[-1] eq '.';
+ require $pm_file;
+ };
if ($@) {
$err ||= $@;
next;
--
2.1.4

73
SPECS/perl-Digest.spec
Unescape View File

@ -1,25 +1,24 @@
Name: perl-Digest
Version: 1.19
Release: 4%{?dist}
Version: 1.17
Release: 395%{?dist}
Summary: Modules that calculate message digests
License: GPL+ or Artistic
URL: https://metacpan.org/release/Digest
Source0: https://cpan.metacpan.org/authors/id/T/TO/TODDR/Digest-%{version}.tar.gz
Group: Development/Libraries
URL: http://search.cpan.org/dist/Digest/
Source0: http://www.cpan.org/authors/id/G/GA/GAAS/Digest-%{version}.tar.gz
# Avoid loading optional modules from default . (CVE-2016-1238)
Patch0: Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
BuildArch: noarch
BuildRequires: coreutils
BuildRequires: findutils
BuildRequires: make
BuildRequires: perl-interpreter
BuildRequires: perl-generators
BuildRequires: perl(:VERSION) >= 5.6
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76
BuildRequires: perl(strict)
BuildRequires: perl(warnings)
# Run-time:
BuildRequires: perl(Carp)
BuildRequires: perl(Exporter)
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(MIME::Base64)
# Tests only:
BuildRequires: perl(File::Temp)
BuildRequires: perl(lib)
BuildRequires: perl(Test::More) >= 0.47
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@ -27,20 +26,24 @@ Requires: perl(MIME::Base64)
%description
The Digest:: modules calculate digests, also called "fingerprints" or
"hashes", of some data, called a message. The digest is (usually) some
small/fixed size string. The actual size of the digest depends of the
algorithm used. The message is simply a sequence of arbitrary bytes or bits.
"hashes", of some data, called a message. The digest is (usually)
some small/fixed size string. The actual size of the digest depend of
the algorithm used. The message is simply a sequence of arbitrary
bytes or bits.
%prep
%setup -q -n Digest-%{version}
%patch0 -p1
chmod -x digest-bench
%build
perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
%{make_build}
%{__perl} Makefile.PL INSTALLDIRS=vendor
make %{?_smp_mflags}
%install
%{make_install}
make pure_install PERL_INSTALL_ROOT=$RPM_BUILD_ROOT
find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \;
find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null \;
%{_fixperms} $RPM_BUILD_ROOT/*
%check
@ -52,42 +55,8 @@ make test
%{_mandir}/man3/*
%changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.19-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.19-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Oct 14 2020 Petr Pisar <ppisar@redhat.com> - 1.19-1
- 1.19 bump
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-457
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-456
- Increase release to favour standalone package
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-440
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-439
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-438
- Increase release to favour standalone package
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-418
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-417
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-416
- Increase release to favour standalone package
* Thu Apr 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.17-395
- Rebuilt for MSVSphere 8.9
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-395
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

Write Preview
Loading…
Cancel
Save