diff options
author | Remi Pointel <rpointel@cvs.openbsd.org> | 2011-10-11 18:13:36 +0000 |
---|---|---|
committer | Remi Pointel <rpointel@cvs.openbsd.org> | 2011-10-11 18:13:36 +0000 |
commit | 7afc7faa453dfc1562ec98827328a15ea5c5e88b (patch) | |
tree | fdce0e1eb9f0c2f05aecfd1b476d2e43948c85b1 /gnu/usr.bin | |
parent | 223fe1f8d17386894889e0bd7081064cc5f6c1e9 (diff) |
Update Digest module to 1.17 (security fix).
Thanks Emeric Boit for reporting me this.
ok millert@ espie@
Diffstat (limited to 'gnu/usr.bin')
-rw-r--r-- | gnu/usr.bin/perl/cpan/Digest/Changes | 21 | ||||
-rw-r--r-- | gnu/usr.bin/perl/cpan/Digest/Digest.pm | 35 | ||||
-rw-r--r-- | gnu/usr.bin/perl/cpan/Digest/Dummy.pm | 20 | ||||
-rwxr-xr-x | gnu/usr.bin/perl/cpan/Digest/t/base.t | 31 | ||||
-rwxr-xr-x | gnu/usr.bin/perl/cpan/Digest/t/digest.t | 36 | ||||
-rwxr-xr-x | gnu/usr.bin/perl/cpan/Digest/t/file.t | 17 | ||||
-rw-r--r-- | gnu/usr.bin/perl/cpan/Digest/t/security.t | 14 | ||||
-rw-r--r-- | gnu/usr.bin/perl/patchlevel.h | 1 |
8 files changed, 109 insertions, 66 deletions
diff --git a/gnu/usr.bin/perl/cpan/Digest/Changes b/gnu/usr.bin/perl/cpan/Digest/Changes index be5a3de54d7..d91cb3565e6 100644 --- a/gnu/usr.bin/perl/cpan/Digest/Changes +++ b/gnu/usr.bin/perl/cpan/Digest/Changes @@ -1,3 +1,24 @@ +2011-10-02 Gisle Aas <gisle@ActiveState.com> + + Release 1.17. + + Gisle Aas (6): + Less noisy 'git status' output + Merge pull request #1 from schwern/bug/require_eval + Don't clobber $@ in Digest->new [RT#50663] + More meta info added to Makefile.PL + Fix typo in RIPEMD160 [RT#50629] + Add schwern's test files + + Michael G. Schwern (5): + Turn on strict. + Convert tests to use Test::More + Untabify + Turn Digest::Dummy into a real file which exercises the Digest->new() require logic. + Close the eval "require $module" security hole in Digest->new($algorithm) + + + 2009-06-09 Gisle Aas <gisle@ActiveState.com> Release 1.16. diff --git a/gnu/usr.bin/perl/cpan/Digest/Digest.pm b/gnu/usr.bin/perl/cpan/Digest/Digest.pm index 384dfc82668..c3355a8bd44 100644 --- a/gnu/usr.bin/perl/cpan/Digest/Digest.pm +++ b/gnu/usr.bin/perl/cpan/Digest/Digest.pm @@ -3,7 +3,7 @@ package Digest; use strict; use vars qw($VERSION %MMAP $AUTOLOAD); -$VERSION = "1.16"; +$VERSION = "1.17"; %MMAP = ( "SHA-1" => [["Digest::SHA", 1], "Digest::SHA1", ["Digest::SHA2", 1]], @@ -16,7 +16,7 @@ $VERSION = "1.16"; "CRC-16" => [["Digest::CRC", type => "crc16"]], "CRC-32" => [["Digest::CRC", type => "crc32"]], "CRC-CCITT" => [["Digest::CRC", type => "crcccitt"]], - "RIPEMD-160" => "Crypt::PIPEMD160", + "RIPEMD-160" => "Crypt::RIPEMD160", ); sub new @@ -24,24 +24,27 @@ sub new shift; # class ignored my $algorithm = shift; my $impl = $MMAP{$algorithm} || do { - $algorithm =~ s/\W+//; - "Digest::$algorithm"; + $algorithm =~ s/\W+//g; + "Digest::$algorithm"; }; $impl = [$impl] unless ref($impl); + local $@; # don't clobber it for our caller my $err; for (@$impl) { - my $class = $_; - my @args; - ($class, @args) = @$class if ref($class); - no strict 'refs'; - unless (exists ${"$class\::"}{"VERSION"}) { - eval "require $class"; - if ($@) { - $err ||= $@; - next; - } - } - return $class->new(@args, @_); + my $class = $_; + my @args; + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { + my $pm_file = $class . ".pm"; + $pm_file =~ s{::}{/}g; + eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; + } + } + return $class->new(@args, @_); } die $err; } diff --git a/gnu/usr.bin/perl/cpan/Digest/Dummy.pm b/gnu/usr.bin/perl/cpan/Digest/Dummy.pm new file mode 100644 index 00000000000..b3db0db2a91 --- /dev/null +++ b/gnu/usr.bin/perl/cpan/Digest/Dummy.pm @@ -0,0 +1,20 @@ +package Digest::Dummy; + +use strict; +use vars qw($VERSION @ISA); +$VERSION = 1; + +require Digest::base; +@ISA = qw(Digest::base); + +sub new { + my $class = shift; + my $d = shift || "ooo"; + bless { d => $d }, $class; +} + +sub add {} +sub digest { shift->{d} } + +1; + diff --git a/gnu/usr.bin/perl/cpan/Digest/t/base.t b/gnu/usr.bin/perl/cpan/Digest/t/base.t index b2614f79e0c..bd87a5dda7e 100755 --- a/gnu/usr.bin/perl/cpan/Digest/t/base.t +++ b/gnu/usr.bin/perl/cpan/Digest/t/base.t @@ -1,7 +1,6 @@ #!perl -w -use Test qw(plan ok); -plan tests => 12; +use Test::More tests => 12; { package LenDigest; @@ -31,26 +30,26 @@ plan tests => 12; } my $ctx = LenDigest->new; -ok($ctx->digest, "X0000"); +is($ctx->digest, "X0000"); my $EBCDIC = ord('A') == 193; if ($EBCDIC) { - ok($ctx->hexdigest, "e7f0f0f0f0"); - ok($ctx->b64digest, "5/Dw8PA"); + is($ctx->hexdigest, "e7f0f0f0f0"); + is($ctx->b64digest, "5/Dw8PA"); } else { - ok($ctx->hexdigest, "5830303030"); - ok($ctx->b64digest, "WDAwMDA"); + is($ctx->hexdigest, "5830303030"); + is($ctx->b64digest, "WDAwMDA"); } $ctx->add("foo"); -ok($ctx->digest, "f0003"); +is($ctx->digest, "f0003"); $ctx->add("foo"); -ok($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033"); +is($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033"); $ctx->add("foo"); -ok($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM"); +is($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM"); open(F, ">xxtest$$") || die; binmode(F); @@ -62,23 +61,23 @@ $ctx->addfile(*F); close(F); unlink("xxtest$$") || warn; -ok($ctx->digest, "a0301"); +is($ctx->digest, "a0301"); eval { $ctx->add_bits("1010"); }; -ok($@ =~ /^Number of bits must be multiple of 8/); +like($@, '/^Number of bits must be multiple of 8/'); $ctx->add_bits($EBCDIC ? "11100100" : "01010101"); -ok($ctx->digest, "U0001"); +is($ctx->digest, "U0001"); eval { $ctx->add_bits("abc", 12); }; -ok($@ =~ /^Number of bits must be multiple of 8/); +like($@, '/^Number of bits must be multiple of 8/'); $ctx->add_bits("abc", 16); -ok($ctx->digest, "a0002"); +is($ctx->digest, "a0002"); $ctx->add_bits("abc", 32); -ok($ctx->digest, "a0003"); +is($ctx->digest, "a0003"); diff --git a/gnu/usr.bin/perl/cpan/Digest/t/digest.t b/gnu/usr.bin/perl/cpan/Digest/t/digest.t index c5da8f02c83..81260277f45 100755 --- a/gnu/usr.bin/perl/cpan/Digest/t/digest.t +++ b/gnu/usr.bin/perl/cpan/Digest/t/digest.t @@ -1,36 +1,22 @@ -print "1..3\n"; +#!/usr/bin/env perl -use Digest; - -{ - package Digest::Dummy; - use vars qw($VERSION @ISA); - $VERSION = 1; +use strict; +use Test::More tests => 4; - require Digest::base; - @ISA = qw(Digest::base); +# To find Digest::Dummy +use lib 't/lib'; - sub new { - my $class = shift; - my $d = shift || "ooo"; - bless { d => $d }, $class; - } - sub add {} - sub digest { shift->{d} } -} +use Digest; +$@ = "rt#50663"; my $d; $d = Digest->new("Dummy"); -print "not " unless $d->digest eq "ooo"; -print "ok 1\n"; +is $@, "rt#50663"; +is $d->digest, "ooo"; $d = Digest->Dummy; -print "not " unless $d->digest eq "ooo"; -print "ok 2\n"; +is $d->digest, "ooo"; $Digest::MMAP{"Dummy-24"} = [["NotThere"], "NotThereEither", ["Digest::Dummy", 24]]; $d = Digest->new("Dummy-24"); -print "not " unless $d->digest eq "24"; -print "ok 3\n"; - - +is $d->digest, "24"; diff --git a/gnu/usr.bin/perl/cpan/Digest/t/file.t b/gnu/usr.bin/perl/cpan/Digest/t/file.t index f431a385a55..79f32deffed 100755 --- a/gnu/usr.bin/perl/cpan/Digest/t/file.t +++ b/gnu/usr.bin/perl/cpan/Digest/t/file.t @@ -1,7 +1,6 @@ #!perl -w -use Test qw(plan ok); -plan tests => 5; +use Test::More tests => 5; { package Digest::Foo; @@ -36,17 +35,17 @@ binmode(F); print F "foo\0\n"; close(F) || die "Can't write '$file': $!"; -ok(digest_file($file, "Foo"), "0005"); +is(digest_file($file, "Foo"), "0005"); if (ord('A') == 193) { # EBCDIC. - ok(digest_file_hex($file, "Foo"), "f0f0f0f5"); - ok(digest_file_base64($file, "Foo"), "8PDw9Q"); + is(digest_file_hex($file, "Foo"), "f0f0f0f5"); + is(digest_file_base64($file, "Foo"), "8PDw9Q"); } else { - ok(digest_file_hex($file, "Foo"), "30303035"); - ok(digest_file_base64($file, "Foo"), "MDAwNQ"); + is(digest_file_hex($file, "Foo"), "30303035"); + is(digest_file_base64($file, "Foo"), "MDAwNQ"); } unlink($file) || warn "Can't unlink '$file': $!"; -ok(eval { digest_file("not-there.txt", "Foo") }, undef); -ok($@); +ok !eval { digest_file("not-there.txt", "Foo") }; +ok $@; diff --git a/gnu/usr.bin/perl/cpan/Digest/t/security.t b/gnu/usr.bin/perl/cpan/Digest/t/security.t new file mode 100644 index 00000000000..5cba122b22c --- /dev/null +++ b/gnu/usr.bin/perl/cpan/Digest/t/security.t @@ -0,0 +1,14 @@ +#!/usr/bin/env perl + +# Digest->new() had an exploitable eval + +use strict; +use warnings; + +use Test::More tests => 1; + +use Digest; + +$LOL::PWNED = 0; +eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) }; +is $LOL::PWNED, 0; diff --git a/gnu/usr.bin/perl/patchlevel.h b/gnu/usr.bin/perl/patchlevel.h index 418a6d6f9bb..ce714e7fef0 100644 --- a/gnu/usr.bin/perl/patchlevel.h +++ b/gnu/usr.bin/perl/patchlevel.h @@ -132,6 +132,7 @@ static const char * const local_patches[] = { ,"Updated Test::Simple to 0.98" ,"Updated List::Util to 1.23" ,"CVE-2011-1487" + ,"Updated Digest to 1.17" #ifdef PERL_GIT_UNCOMMITTED_CHANGES ,"uncommitted-changes" #endif |