From 4a91c8c36fd40121f527f229fdb9cdc02028615a Mon Sep 17 00:00:00 2001 From: spz Date: Sun, 16 Oct 2011 20:09:42 +0000 Subject: apply the changes to just Digest.pm from: http://perl5.git.perl.org/perl.git/commitdiff/a2fa999d41c94d622051667d897fedca90be1828 2011-10-02 Gisle Aas Release 1.17. Gisle Aas (6): Less noisy 'git status' output Merge pull request #1 from schwern/bug/require_eval Don't clobber $@ in Digest->new [RT#50663] More meta info added to Makefile.PL Fix typo in RIPEMD160 [RT#50629] Add schwern's test files Michael G. Schwern (5): Turn on strict. Convert tests to use Test::More Untabify Turn Digest::Dummy into a real file which exercises the Digest->new() require logic. Close the eval "require $module" security hole in Digest->new($algorithm) --- lang/perl5/Makefile.common | 3 +- lang/perl5/distinfo | 3 +- lang/perl5/patches/patch-cpan_Digest_Digest.pm | 49 ++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 lang/perl5/patches/patch-cpan_Digest_Digest.pm (limited to 'lang/perl5') diff --git a/lang/perl5/Makefile.common b/lang/perl5/Makefile.common index 20309ea605a..454a32227f8 100644 --- a/lang/perl5/Makefile.common +++ b/lang/perl5/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.11 2011/09/29 07:17:26 adam Exp $ +# $NetBSD: Makefile.common,v 1.12 2011/10/16 20:09:42 spz Exp $ # # used by lang/perl5/Makefile # used by databases/p5-gdbm/Makefile @@ -7,6 +7,7 @@ DISTNAME= perl-5.14.2 CATEGORIES= lang devel perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/5.0/,} DISTFILES+= ${DISTNAME}${EXTRACT_SUFX} +PKGREVISION= 1 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.perl.org/ diff --git a/lang/perl5/distinfo b/lang/perl5/distinfo index 22eef267d36..15e93c4ac47 100644 --- a/lang/perl5/distinfo +++ b/lang/perl5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.78 2011/09/29 07:17:26 adam Exp $ +$NetBSD: distinfo,v 1.79 2011/10/16 20:09:42 spz Exp $ SHA1 (perl-5.14.2.tar.gz) = df1549d65cdef2b20023af83ecaa2a024109a5ad RMD160 (perl-5.14.2.tar.gz) = bed043edbebd69e1279e9a70424e2552389bea79 @@ -13,6 +13,7 @@ SHA1 (patch-ch) = 5b6a89c82e158bab0a5f06add48c28e600678099 SHA1 (patch-ck) = 5c381db130cdf4c315678e2d65380eaaa3065fee SHA1 (patch-cn) = a88fcb04b32c6e446d77b62cb6883a04f04e2e75 SHA1 (patch-cp) = 0b22d334df24d128142855464bf6dd61d4d82975 +SHA1 (patch-cpan_Digest_Digest.pm) = bcd507631268608385a1a80d879c44cb2a057560 SHA1 (patch-ta) = 51a3e02148e78eaab882125f859e59add39a4fbe SHA1 (patch-zd) = 15532739b4a582da322d3e51fc364905bacbcd7e SHA1 (patch-ze) = 82f03439ab59aac4adfcb895ca22a0bbaaa0a6d1 diff --git a/lang/perl5/patches/patch-cpan_Digest_Digest.pm b/lang/perl5/patches/patch-cpan_Digest_Digest.pm new file mode 100644 index 00000000000..702df8796fb --- /dev/null +++ b/lang/perl5/patches/patch-cpan_Digest_Digest.pm @@ -0,0 +1,49 @@ +$NetBSD: patch-cpan_Digest_Digest.pm,v 1.1 2011/10/16 20:09:42 spz Exp $ + +taken from: +http://http://perl5.git.perl.org/perl.git/commitdiff/a2fa999d41c94d622051667d897fedca90be1828 + +--- cpan/Digest/Digest.pm.orig 2010-12-30 02:07:15.000000000 +0000 ++++ cpan/Digest/Digest.pm +@@ -3,7 +3,7 @@ package Digest; + use strict; + use vars qw($VERSION %MMAP $AUTOLOAD); + +-$VERSION = "1.16"; ++$VERSION = "1.17"; + + %MMAP = ( + "SHA-1" => [["Digest::SHA", 1], "Digest::SHA1", ["Digest::SHA2", 1]], +@@ -16,7 +16,7 @@ $VERSION = "1.16"; + "CRC-16" => [["Digest::CRC", type => "crc16"]], + "CRC-32" => [["Digest::CRC", type => "crc32"]], + "CRC-CCITT" => [["Digest::CRC", type => "crcccitt"]], +- "RIPEMD-160" => "Crypt::PIPEMD160", ++ "RIPEMD-160" => "Crypt::RIPEMD160", + ); + + sub new +@@ -24,10 +24,11 @@ sub new + shift; # class ignored + my $algorithm = shift; + my $impl = $MMAP{$algorithm} || do { +- $algorithm =~ s/\W+//; ++ $algorithm =~ s/\W+//g; + "Digest::$algorithm"; + }; + $impl = [$impl] unless ref($impl); ++ local $@; # don't clobber it for our caller + my $err; + for (@$impl) { + my $class = $_; +@@ -35,7 +36,9 @@ sub new + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { +- eval "require $class"; ++ my $pm_file = $class . ".pm"; ++ $pm_file =~ s{::}{/}g; ++ eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; -- cgit v1.2.3