Apply a fix for CVE-2009-0129, taken from Debian's problem report.

Also reported upstream, ref.
  https://rt.cpan.org/Public/Bug/Display.html?id=79958
Bump PKGREVISION.

4 files changed, 43 insertions, 3 deletions

diff --git a/security/p5-Crypt-OpenSSL-DSA/Makefile b/security/p5-Crypt-OpenSSL-DSA/Makefile
index 203ee907e0a..6fd9b037f20 100644
--- a/security/p5-Crypt-OpenSSL-DSA/Makefile
+++ b/security/p5-Crypt-OpenSSL-DSA/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.15 2011/08/14 14:42:48 obache Exp $
+# $NetBSD: Makefile,v 1.16 2012/10/02 07:58:00 he Exp $
 #
 
 DISTNAME=		Crypt-OpenSSL-DSA-0.13
 PKGNAME=		p5-${DISTNAME}
-PKGREVISION=		5
+PKGREVISION=		6
 SVR4_PKGNAME=		p5ods
 CATEGORIES=		security perl5
 MASTER_SITES=		${MASTER_SITE_PERL_CPAN:=Crypt/}
@@ -11,6 +11,7 @@ MASTER_SITES=		${MASTER_SITE_PERL_CPAN:=Crypt/}
 MAINTAINER=		heinz@NetBSD.org
 HOMEPAGE=		http://perl-openssl.sourceforge.net/
 COMMENT=		Perl5 wrapper module for the OpenSSL DSA functions
+LICENSE=		${PERL5_LICENSE}
 
 PKG_DESTDIR_SUPPORT=	user-destdir
 
diff --git a/security/p5-Crypt-OpenSSL-DSA/distinfo b/security/p5-Crypt-OpenSSL-DSA/distinfo
index 30bc9cf9969..32bb5939d2d 100644
--- a/security/p5-Crypt-OpenSSL-DSA/distinfo
+++ b/security/p5-Crypt-OpenSSL-DSA/distinfo
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.3 2006/02/15 22:08:19 heinz Exp $
+$NetBSD: distinfo,v 1.4 2012/10/02 07:58:00 he Exp $
 
 SHA1 (Crypt-OpenSSL-DSA-0.13.tar.gz) = e0e15b244b9a1beb17ede4165f629b6beadb745c
 RMD160 (Crypt-OpenSSL-DSA-0.13.tar.gz) = dc5be607395dd747bc213491244d6c3d5c81f796
 Size (Crypt-OpenSSL-DSA-0.13.tar.gz) = 6796 bytes
+SHA1 (patch-DSA.xs) = bd14859fe2ea82c6d2f7d1eb0e018c19caf0388b
+SHA1 (patch-lib_Crypt_OpenSSL_DSA.pm) = 2429aced940250d03349ec093b66f14ae26a17f1
diff --git a/security/p5-Crypt-OpenSSL-DSA/patches/patch-DSA.xs b/security/p5-Crypt-OpenSSL-DSA/patches/patch-DSA.xs
new file mode 100644
index 00000000000..0b8d38b1827
--- /dev/null
+++ b/security/p5-Crypt-OpenSSL-DSA/patches/patch-DSA.xs
@@ -0,0 +1,16 @@
+$NetBSD: patch-DSA.xs,v 1.1 2012/10/02 07:58:00 he Exp $
+
+Croak in do_verify() if the openssl library returns an error,
+similar to what is already done in verify().
+
+--- DSA.xs.orig	2005-05-22 20:14:52.000000000 +0000
++++ DSA.xs
+@@ -139,6 +139,8 @@ do_verify(dsa, dgst, sig)
+     CODE:
+         dgst_pv = SvPV(dgst, dgst_len);
+         RETVAL = DSA_do_verify(dgst_pv, dgst_len, sig, dsa);
++	if (RETVAL == -1)
++	  croak("Error in DSA_do_verify: %s",ERR_error_string(ERR_get_error(), NULL));
+     OUTPUT:
+         RETVAL
+ 
diff --git a/security/p5-Crypt-OpenSSL-DSA/patches/patch-lib_Crypt_OpenSSL_DSA.pm b/security/p5-Crypt-OpenSSL-DSA/patches/patch-lib_Crypt_OpenSSL_DSA.pm
new file mode 100644
index 00000000000..b5dc322311d
--- /dev/null
+++ b/security/p5-Crypt-OpenSSL-DSA/patches/patch-lib_Crypt_OpenSSL_DSA.pm
@@ -0,0 +1,21 @@
+$NetBSD: patch-lib_Crypt_OpenSSL_DSA.pm,v 1.1 2012/10/02 07:58:00 he Exp $
+
+Document that the verify and do_verify methods will croak on library errors.
+
+--- lib/Crypt/OpenSSL/DSA.pm.orig	2005-10-15 21:38:04.000000000 +0000
++++ lib/Crypt/OpenSSL/DSA.pm
+@@ -124,10 +124,14 @@ Verifies that the $sig signature for $me
+ 
+ $dsa is the signer's public key.
+ 
++Note: it croaks if the underlying library call returns error (-1).
++
+ =item $valid = $dsa->do_verify( $message, $sig_obj );
+ 
+ Similar to C<verify>, but uses a L<Crypt::OpenSSL::DSA::Signature> object.
+ 
++Note: it croaks if the underlying library call returns error (-1).
++
+ =item $dsa->write_params( $filename );
+ 
+ Writes the parameters into a PEM file.