From 4c032c4685c1990604f7a27376b28db5d7d204dd Mon Sep 17 00:00:00 2001
From: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date: Sat, 14 Nov 2020 10:00:51 +0000
Subject: Update File-Fetch to CPAN version 1.00

  [DELTA]

1.00        Wed Nov 11 12:49:58 2020

* Fixed the mitigations for CVE-2016-1238
* Mentioned https support in CHANGES file
---
 cpan/File-Fetch/lib/File/Fetch.pm | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'cpan')

diff --git a/cpan/File-Fetch/lib/File/Fetch.pm b/cpan/File-Fetch/lib/File/Fetch.pm
index 90c62e96be..76c641d2e7 100644
--- a/cpan/File-Fetch/lib/File/Fetch.pm
+++ b/cpan/File-Fetch/lib/File/Fetch.pm
@@ -22,7 +22,7 @@ use vars    qw[ $VERBOSE $PREFER_BIN $FROM_EMAIL $USER_AGENT
                 $FTP_PASSIVE $TIMEOUT $DEBUG $WARN $FORCEIPV4
             ];
 
-$VERSION        = '0.56';
+$VERSION        = '1.00';
 $VERSION        = eval $VERSION;    # avoid warnings with development releases
 $PREFER_BIN     = 0;                # XXX TODO implement
 $FROM_EMAIL     = 'File-Fetch@example.com';
@@ -52,9 +52,6 @@ local $Params::Check::VERBOSE               = 1;
 local $Module::Load::Conditional::VERBOSE   = 0;
 local $Module::Load::Conditional::VERBOSE   = 0;
 
-### Fix CVE-2016-1238 ###
-local $Module::Load::Conditional::FORCE_SAFE_INC = 1;
-
 ### see what OS we are on, important for file:// uris ###
 use constant ON_WIN     => ($^O eq 'MSWin32');
 use constant ON_VMS     => ($^O eq 'VMS');
@@ -576,6 +573,8 @@ sub _lwp_fetch {
         $use_list->{'LWP::Protocol::https'} = '0';
     }
 
+    ### Fix CVE-2016-1238 ###
+    local $Module::Load::Conditional::FORCE_SAFE_INC = 1;
     unless( can_load( modules => $use_list ) ) {
         $METHOD_FAIL->{'lwp'} = 1;
         return;
@@ -633,6 +632,8 @@ sub _httptiny_fetch {
 
     };
 
+    ### Fix CVE-2016-1238 ###
+    local $Module::Load::Conditional::FORCE_SAFE_INC = 1;
     unless( can_load(modules => $use_list) ) {
         $METHOD_FAIL->{'httptiny'} = 1;
         return;
@@ -672,6 +673,8 @@ sub _httplite_fetch {
         'MIME::Base64'  => '0',
     };
 
+    ### Fix CVE-2016-1238 ###
+    local $Module::Load::Conditional::FORCE_SAFE_INC = 1;
     unless( can_load(modules => $use_list) ) {
         $METHOD_FAIL->{'httplite'} = 1;
         return;
@@ -752,6 +755,8 @@ sub _iosock_fetch {
         'IO::Select'       => '0.0',
     };
 
+    ### Fix CVE-2016-1238 ###
+    local $Module::Load::Conditional::FORCE_SAFE_INC = 1;
     unless( can_load(modules => $use_list) ) {
         $METHOD_FAIL->{'iosock'} = 1;
         return;
@@ -835,6 +840,8 @@ sub _netftp_fetch {
     ### required modules ###
     my $use_list = { 'Net::FTP' => 0 };
 
+    ### Fix CVE-2016-1238 ###
+    local $Module::Load::Conditional::FORCE_SAFE_INC = 1;
     unless( can_load( modules => $use_list ) ) {
         $METHOD_FAIL->{'netftp'} = 1;
         return;
-- 
cgit v1.2.1