Compare commits
No commits in common. "fe3f83ccd172a7692b5ee02da8e2f20dc5006a72" and "d3569e57d719e66874ff31fbef7f161b58faed53" have entirely different histories.
fe3f83ccd1
...
d3569e57d7
@ -0,0 +1,41 @@
|
|||||||
|
From 8cfc4916736280dd76655fdef5b78331bfac414d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tony Cook <tony@develop-help.com>
|
||||||
|
Date: Wed, 27 Jul 2016 14:04:59 +1000
|
||||||
|
Subject: [PATCH] CVE-2016-1238: prevent loading optional modules from default
|
||||||
|
.
|
||||||
|
|
||||||
|
Digest attempts to load Digest::SHA, only failing if Digest::SHA2
|
||||||
|
is also unavailable.
|
||||||
|
|
||||||
|
If a system has Digest installed, but not Digest::SHA, and a user
|
||||||
|
attempts to run a program using Digest with SHA-256 from a world
|
||||||
|
writable directory such as /tmp and since perl adds "." to the end
|
||||||
|
of @INC an attacker can run code as the original user by creating
|
||||||
|
/tmp/Digest/SHA.pm.
|
||||||
|
|
||||||
|
The change temporarily removes the default "." entry from the end of
|
||||||
|
@INC preventing that attack.
|
||||||
|
---
|
||||||
|
Digest.pm | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/Digest.pm b/Digest.pm
|
||||||
|
index 2ae6eec..c75649f 100644
|
||||||
|
--- a/Digest.pm
|
||||||
|
+++ b/Digest.pm
|
||||||
|
@@ -42,7 +42,11 @@ sub new
|
||||||
|
unless (exists ${"$class\::"}{"VERSION"}) {
|
||||||
|
my $pm_file = $class . ".pm";
|
||||||
|
$pm_file =~ s{::}{/}g;
|
||||||
|
- eval { require $pm_file };
|
||||||
|
+ eval {
|
||||||
|
+ local @INC = @INC;
|
||||||
|
+ pop @INC if $INC[-1] eq '.';
|
||||||
|
+ require $pm_file;
|
||||||
|
+ };
|
||||||
|
if ($@) {
|
||||||
|
$err ||= $@;
|
||||||
|
next;
|
||||||
|
--
|
||||||
|
2.1.4
|
||||||
|
|
||||||
BIN
Digest-1.17.tar.gz
Normal file
BIN
Digest-1.17.tar.gz
Normal file
Binary file not shown.
Binary file not shown.
@ -1,15 +1,15 @@
|
|||||||
Name: perl-Digest
|
Name: perl-Digest
|
||||||
Version: 1.20
|
Version: 1.17
|
||||||
Release: 4
|
Release: 419
|
||||||
Summary: Modules that calculate message digests
|
Summary: Modules that calculate message digests
|
||||||
License: GPL-1.0-or-later OR Artistic-1.0-Perl
|
License: GPL+ or Artistic
|
||||||
URL: https://metacpan.org/release/Digest
|
URL: https://metacpan.org/release/Digest
|
||||||
Source0: https://cpan.metacpan.org/authors/id/T/TO/TODDR/Digest-%{version}.tar.gz
|
Source0: https://cpan.metacpan.org/authors/id/G/GA/GAAS/Digest-%{version}.tar.gz
|
||||||
|
Patch0001: Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: coreutils findutils make perl-interpreter perl-generators perl(Carp) perl(Exporter) perl(ExtUtils::MakeMaker) perl(MIME::Base64)
|
BuildRequires: coreutils findutils make perl-interpreter perl-generators perl(Carp) perl(Exporter) perl(ExtUtils::MakeMaker) perl(MIME::Base64)
|
||||||
BuildRequires: perl(lib) perl(Test::More)
|
BuildRequires: perl(lib) perl(Test::More)
|
||||||
Requires: perl(MIME::Base64)
|
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) perl(MIME::Base64)
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The Digest:: modules calculate digests, also called "fingerprints" or
|
The Digest:: modules calculate digests, also called "fingerprints" or
|
||||||
@ -43,18 +43,6 @@ make test
|
|||||||
%{_mandir}/*/*
|
%{_mandir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jan 07 2025 Funda Wang <fundawang@yeah.net> - 1.20-4
|
|
||||||
- cleanup spec
|
|
||||||
|
|
||||||
* Sat Nov 26 2022 huyubiao <huyubiao@huawei.com> - 1.20-3
|
|
||||||
- Update the Source0 URL.
|
|
||||||
|
|
||||||
* Fri Jun 24 2022 Chenyx <chenyixiong3@huawei.com> - 1.20-2
|
|
||||||
- License compliance rectification
|
|
||||||
|
|
||||||
* Sat Dec 25 2021 tianwei <tianwei12@huawei.com> - 1.20-1
|
|
||||||
- Upgrade to 1.20
|
|
||||||
|
|
||||||
* Sun Sep 29 2019 yefei <yefei25@huawei.com> - 1.17-419
|
* Sun Sep 29 2019 yefei <yefei25@huawei.com> - 1.17-419
|
||||||
- Type:enhancement
|
- Type:enhancement
|
||||||
- ID:NA
|
- ID:NA
|
||||||
|
|||||||
148
perl-Digest.yaml
148
perl-Digest.yaml
@ -1,5 +1,145 @@
|
|||||||
git_url: https://github.com/guillemj/perl-Digest.git
|
---
|
||||||
version_control: github
|
version_control: metacpan
|
||||||
src_repo: guillemj/perl-Digest
|
src_repo: Digest
|
||||||
tag_prefix:
|
tag_prefix: "^v"
|
||||||
seperator: "."
|
seperator: "."
|
||||||
|
last_query:
|
||||||
|
time_stamp: 2020-04-26 07:39:41.029696510 +00:00
|
||||||
|
raw_data: |
|
||||||
|
{
|
||||||
|
"download_url" : "https://cpan.metacpan.org/authors/id/G/GA/GAAS/Digest-1.17.tar.gz",
|
||||||
|
"name" : "Digest-1.17",
|
||||||
|
"date" : "2011-10-02T10:14:32",
|
||||||
|
"maturity" : "released",
|
||||||
|
"dependency" : [
|
||||||
|
{
|
||||||
|
"module" : "MIME::Base64",
|
||||||
|
"phase" : "runtime",
|
||||||
|
"version" : "0",
|
||||||
|
"relationship" : "requires"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"relationship" : "requires",
|
||||||
|
"version" : "5.004",
|
||||||
|
"phase" : "runtime",
|
||||||
|
"module" : "perl"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"relationship" : "requires",
|
||||||
|
"version" : "0.47",
|
||||||
|
"phase" : "runtime",
|
||||||
|
"module" : "Test::More"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"version" : "0",
|
||||||
|
"relationship" : "requires",
|
||||||
|
"phase" : "build",
|
||||||
|
"module" : "ExtUtils::MakeMaker"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"relationship" : "requires",
|
||||||
|
"version" : "0",
|
||||||
|
"phase" : "configure",
|
||||||
|
"module" : "ExtUtils::MakeMaker"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"abstract" : "Modules that calculate message digests",
|
||||||
|
"first" : false,
|
||||||
|
"status" : "latest",
|
||||||
|
"distribution" : "Digest",
|
||||||
|
"changes_file" : "Changes",
|
||||||
|
"checksum_sha256" : "2f6a54459fc7f37c0669d548bb224b695eb8d2ddc089aa5547645ce1f5fd86f7",
|
||||||
|
"version_numified" : 1.17,
|
||||||
|
"author" : "GAAS",
|
||||||
|
"archive" : "Digest-1.17.tar.gz",
|
||||||
|
"license" : [
|
||||||
|
"perl_5"
|
||||||
|
],
|
||||||
|
"main_module" : "Digest",
|
||||||
|
"resources" : {
|
||||||
|
"repository" : {
|
||||||
|
"url" : "http://github.com/gisle/digest"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"checksum_md5" : "2f8a38f7f6c1bd2df36feb16d8208d6d",
|
||||||
|
"authorized" : true,
|
||||||
|
"provides" : [
|
||||||
|
"Digest",
|
||||||
|
"Digest::base",
|
||||||
|
"Digest::file"
|
||||||
|
],
|
||||||
|
"stat" : {
|
||||||
|
"mode" : 33188,
|
||||||
|
"mtime" : 1317550472,
|
||||||
|
"uid" : 1009,
|
||||||
|
"size" : 9034,
|
||||||
|
"gid" : 1009
|
||||||
|
},
|
||||||
|
"version" : "1.17",
|
||||||
|
"id" : "s28cotdaj30r4LZua7D1DSJ7Biw",
|
||||||
|
"deprecated" : "false",
|
||||||
|
"metadata" : {
|
||||||
|
"license" : [
|
||||||
|
"perl_5"
|
||||||
|
],
|
||||||
|
"author" : [
|
||||||
|
"Gisle Aas <gisle@activestate.com>"
|
||||||
|
],
|
||||||
|
"name" : "Digest",
|
||||||
|
"release_status" : "stable",
|
||||||
|
"resources" : {
|
||||||
|
"repository" : {
|
||||||
|
"url" : "http://github.com/gisle/digest"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"dynamic_config" : 1,
|
||||||
|
"no_index" : {
|
||||||
|
"directory" : [
|
||||||
|
"t",
|
||||||
|
"inc",
|
||||||
|
"t",
|
||||||
|
"xt",
|
||||||
|
"inc",
|
||||||
|
"local",
|
||||||
|
"perl5",
|
||||||
|
"fatlib",
|
||||||
|
"example",
|
||||||
|
"blib",
|
||||||
|
"examples",
|
||||||
|
"eg"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"version" : "1.17",
|
||||||
|
"meta-spec" : {
|
||||||
|
"version" : "2",
|
||||||
|
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec"
|
||||||
|
},
|
||||||
|
"abstract" : "Modules that calculate message digests",
|
||||||
|
"generated_by" : "ExtUtils::MakeMaker version 6.57_05, CPAN::Meta::Converter version 2.150005",
|
||||||
|
"prereqs" : {
|
||||||
|
"build" : {
|
||||||
|
"requires" : {
|
||||||
|
"ExtUtils::MakeMaker" : "0"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"runtime" : {
|
||||||
|
"requires" : {
|
||||||
|
"perl" : "5.004",
|
||||||
|
"MIME::Base64" : "0",
|
||||||
|
"Test::More" : "0.47"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"configure" : {
|
||||||
|
"requires" : {
|
||||||
|
"ExtUtils::MakeMaker" : "0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"tests" : {
|
||||||
|
"fail" : 2,
|
||||||
|
"unknown" : 5,
|
||||||
|
"pass" : 2682,
|
||||||
|
"na" : 0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user