Hello community,

here is the log from the commit of package perl-Archive-Extract for 
openSUSE:Factory checked in at 2016-10-14 09:25:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Archive-Extract (Old)
 and      /work/SRC/openSUSE:Factory/.perl-Archive-Extract.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "perl-Archive-Extract"

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/perl-Archive-Extract/perl-Archive-Extract.changes    
    2015-07-21 13:24:14.000000000 +0200
+++ 
/work/SRC/openSUSE:Factory/.perl-Archive-Extract.new/perl-Archive-Extract.changes
   2016-10-14 09:25:43.000000000 +0200
@@ -1,0 +2,9 @@
+Sat Oct  8 15:33:23 UTC 2016 - co...@suse.com
+
+- updated to 0.78
+   see /usr/share/doc/packages/perl-Archive-Extract/CHANGES
+
+  0.78    Wed Jul 27 20:40:15 2016
+  * CVE-2016-1238: avoid loading optional modules from default .
+
+-------------------------------------------------------------------

Old:
----
  Archive-Extract-0.76.tar.gz

New:
----
  Archive-Extract-0.78.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ perl-Archive-Extract.spec ++++++
--- /var/tmp/diff_new_pack.j3qVM3/_old  2016-10-14 09:25:44.000000000 +0200
+++ /var/tmp/diff_new_pack.j3qVM3/_new  2016-10-14 09:25:44.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package perl-Archive-Extract
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           perl-Archive-Extract
-Version:        0.76
+Version:        0.78
 Release:        0
 %define cpan_name Archive-Extract
 Summary:        Generic Archive Extracting Mechanism
@@ -32,11 +32,11 @@
 BuildRequires:  perl-macros
 BuildRequires:  perl(IPC::Cmd) >= 0.64
 BuildRequires:  perl(Locale::Maketext::Simple)
-BuildRequires:  perl(Module::Load::Conditional) >= 0.04
+BuildRequires:  perl(Module::Load::Conditional) >= 0.66
 BuildRequires:  perl(Params::Check) >= 0.07
 Requires:       perl(IPC::Cmd) >= 0.64
 Requires:       perl(Locale::Maketext::Simple)
-Requires:       perl(Module::Load::Conditional) >= 0.04
+Requires:       perl(Module::Load::Conditional) >= 0.66
 Requires:       perl(Params::Check) >= 0.07
 %{perl_requires}
 

++++++ Archive-Extract-0.76.tar.gz -> Archive-Extract-0.78.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/Archive-Extract-0.76/CHANGES 
new/Archive-Extract-0.78/CHANGES
--- old/Archive-Extract-0.76/CHANGES    2015-07-04 19:46:15.000000000 +0200
+++ new/Archive-Extract-0.78/CHANGES    2016-07-27 21:42:49.000000000 +0200
@@ -1,3 +1,6 @@
+0.78    Wed Jul 27 20:40:15 2016
+* CVE-2016-1238: avoid loading optional modules from default .
+
 0.76    Sat Jul  4 18:44:42 2015
 * Resolve RT#105425, putting refs in $/ has been
   fatal since v5.20.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/Archive-Extract-0.76/META.json 
new/Archive-Extract-0.78/META.json
--- old/Archive-Extract-0.76/META.json  2015-07-04 19:46:56.000000000 +0200
+++ new/Archive-Extract-0.78/META.json  2016-07-27 21:45:24.000000000 +0200
@@ -4,7 +4,7 @@
       "Jos Boumans <kane[at]cpan.org>"
    ],
    "dynamic_config" : 1,
-   "generated_by" : "ExtUtils::MakeMaker version 7.04, CPAN::Meta::Converter 
version 2.150005",
+   "generated_by" : "ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter 
version 2.150005",
    "license" : [
       "perl_5"
    ],
@@ -37,7 +37,7 @@
             "File::Spec" : "0.82",
             "IPC::Cmd" : "0.64",
             "Locale::Maketext::Simple" : "0",
-            "Module::Load::Conditional" : "0.04",
+            "Module::Load::Conditional" : "0.66",
             "Params::Check" : "0.07",
             "Test::More" : "0",
             "if" : "0"
@@ -50,6 +50,6 @@
          "url" : "https://github.com/jib/archive-extract";
       }
    },
-   "version" : "0.76",
-   "x_serialization_backend" : "JSON::PP version 2.27300"
+   "version" : "0.78",
+   "x_serialization_backend" : "JSON::PP version 2.27400"
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/Archive-Extract-0.76/META.yml 
new/Archive-Extract-0.78/META.yml
--- old/Archive-Extract-0.76/META.yml   2015-07-04 19:46:56.000000000 +0200
+++ new/Archive-Extract-0.78/META.yml   2016-07-27 21:45:24.000000000 +0200
@@ -7,7 +7,7 @@
 configure_requires:
   ExtUtils::MakeMaker: '0'
 dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 7.04, CPAN::Meta::Converter version 
2.150005'
+generated_by: 'ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter version 
2.150005'
 license: perl
 meta-spec:
   url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -23,11 +23,11 @@
   File::Spec: '0.82'
   IPC::Cmd: '0.64'
   Locale::Maketext::Simple: '0'
-  Module::Load::Conditional: '0.04'
+  Module::Load::Conditional: '0.66'
   Params::Check: '0.07'
   Test::More: '0'
   if: '0'
 resources:
   repository: https://github.com/jib/archive-extract
-version: '0.76'
-x_serialization_backend: 'CPAN::Meta::YAML version 0.016'
+version: '0.78'
+x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/Archive-Extract-0.76/Makefile.PL 
new/Archive-Extract-0.78/Makefile.PL
--- old/Archive-Extract-0.76/Makefile.PL        2013-05-12 17:18:41.000000000 
+0200
+++ new/Archive-Extract-0.78/Makefile.PL        2016-07-27 21:39:24.000000000 
+0200
@@ -19,7 +19,7 @@
                         'File::Path'                => 0,
                         'File::Basename'            => 0,
                         'Params::Check'             => 0.07,
-                        'Module::Load::Conditional' => 0.04,
+                        'Module::Load::Conditional' => 0.66,
                         'Locale::Maketext::Simple'  => 0,
                     },
     INSTALLDIRS     => ( $] >= 5.009005 && $] < 5.012 ? 'perl' : 'site' ),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/Archive-Extract-0.76/lib/Archive/Extract.pm 
new/Archive-Extract-0.78/lib/Archive/Extract.pm
--- old/Archive-Extract-0.76/lib/Archive/Extract.pm     2015-07-04 
19:44:36.000000000 +0200
+++ new/Archive-Extract-0.78/lib/Archive/Extract.pm     2016-07-27 
21:39:54.000000000 +0200
@@ -48,7 +48,7 @@
             $_ALLOW_BIN $_ALLOW_PURE_PERL $_ALLOW_TAR_ITER
          ];
 
-$VERSION            = '0.76';
+$VERSION            = '0.78';
 $PREFER_BIN         = 0;
 $WARN               = 1;
 $DEBUG              = 0;
@@ -60,6 +60,7 @@
 my @Types           = ( TGZ, TAR, GZ, ZIP, BZ2, TBZ, Z, LZMA, XZ, TXZ );
 
 local $Params::Check::VERBOSE = $Params::Check::VERBOSE = 1;
+local $Module::Load::Conditional::FORCE_SAFE_INC = 1;
 
 =pod
 
@@ -134,9 +135,14 @@
       $PROGRAMS->{$pgm} = $unzip;
       next CMD;
     }
-    if ( $pgm eq 'unzip' and ( ON_NETBSD or ON_FREEBSD ) ) {
+    if ( $pgm eq 'unzip' and ON_FREEBSD ) {
       local $IPC::Cmd::INSTANCES = 1;
-      ($PROGRAMS->{$pgm}) = grep { ON_NETBSD ? m!/usr/pkg/! : m!/usr/local! } 
can_run($pgm);
+      ($PROGRAMS->{$pgm}) = grep { _is_infozip_esque($_) } can_run($pgm);
+      next CMD;
+    }
+    if ( $pgm eq 'unzip' and ON_NETBSD ) {
+      local $IPC::Cmd::INSTANCES = 1;
+      ($PROGRAMS->{$pgm}) = grep { m!/usr/pkg/! } can_run($pgm);
       next CMD;
     }
     if ( $pgm eq 'unzip' and ON_LINUX ) {
@@ -1503,6 +1509,44 @@
     return 1;
 }
 
+#####################################
+#
+# unzip heuristics for FreeBSD-alikes
+#
+#####################################
+
+sub _is_infozip_esque {
+  my $unzip = shift;
+
+  my @strings;
+  my $buf = '';
+
+  {
+    open my $file, '<', $unzip or die "$!\n";
+    binmode $file;
+    local $/ = \1;
+    local $_;
+    while(<$file>) {
+      if ( m![[:print:]]! ) {
+        $buf .= $_;
+        next;
+      }
+      if ( $buf and m![^[:print:]]! ) {
+        push @strings, $buf if length $buf >= 4;
+        $buf = '';
+        next;
+      }
+    }
+  }
+  push @strings, $buf if $buf;
+  foreach my $part ( @strings ) {
+    if ( $part =~ m!ZIPINFO! or $part =~ m!usage:.+?Z1! ) {
+      return $unzip;
+    }
+  }
+  return;
+}
+
 #################################
 #
 # Error code


Reply via email to