commit ea2d2760005db058c095b77cbc8d25552dcb7672
Author: Tom Callaway <spot@xxxxxxxxxxxxxxxxx>
Date: Fri May 11 16:51:50 2012 -0400
2.72, fix CVE-2012-2451
perl-Config-IniFiles.spec | 13 +++++++++++--
sources | 2 +-
2 files changed, 12 insertions(+), 3 deletions(-)
---
diff --git a/perl-Config-IniFiles.spec b/perl-Config-IniFiles.spec
index 3356b29..2301d9a 100644
--- a/perl-Config-IniFiles.spec
+++ b/perl-Config-IniFiles.spec
@@ -1,6 +1,6 @@
Name: perl-Config-IniFiles
-Version: 2.68
-Release: 3%{?dist}
+Version: 2.72
+Release: 1%{?dist}
Summary: A module for reading .ini-style configuration files
Group: Development/Libraries
@@ -12,6 +12,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: perl(Module::Build::Compat)
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(Test::More)
+BuildRequires: perl(List::MoreUtils)
BuildArch: noarch
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
# Not autodetected. Found in lib/Config/IniFiles.pm:2265
@@ -56,6 +57,14 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri May 11 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.72-1
+- update to 2.72
+- notable fix: SECURITY BUG FIX: Config::IniFiles used to write
+ to a temporary filename with a predictable name
+ ("${filename}-new") which opens the door for potential
+ exploits.
+ Fixes CVE-2012-2451
+
* Tue Feb 21 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.68-3
- add missing Requires: perl(IO::Scalar) >= 2.109 (bz 791078)
diff --git a/sources b/sources
index 7d20be9..5a15349 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-c860f04b2d7d3cb0cc462ed896112c62 Config-IniFiles-2.68.tar.gz
+513d01cf4945e9b1faccc80e153bd27e Config-IniFiles-2.72.tar.gz
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
