diff -Naur perl-5.12.4/cpan/Digest/Changes new/cpan/Digest/Changes
--- perl-5.12.4/cpan/Digest/Changes 2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/Changes 2012-04-09 14:20:51.773966321 -0700
@@ -1,3 +1,24 @@
+2011-10-02 Gisle Aas <[email protected]>
+
+ Release 1.17.
+
+ Gisle Aas (6):
+ Less noisy 'git status' output
+ Merge pull request #1 from schwern/bug/require_eval
+ Don't clobber $@ in Digest->new [RT#50663]
+ More meta info added to Makefile.PL
+ Fix typo in RIPEMD160 [RT#50629]
+ Add schwern's test files
+
+ Michael G. Schwern (5):
+ Turn on strict.
+ Convert tests to use Test::More
+ Untabify
+ Turn Digest::Dummy into a real file which exercises the Digest->new() require logic.
+ Close the eval "require $module" security hole in Digest->new($algorithm)
+
+
+
2009-06-09 Gisle Aas <[email protected]>
Release 1.16.
diff -Naur perl-5.12.4/cpan/Digest/Digest.pm new/cpan/Digest/Digest.pm
--- perl-5.12.4/cpan/Digest/Digest.pm 2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/Digest.pm 2012-04-09 14:20:51.876396277 -0700
@@ -3,7 +3,7 @@
use strict;
use vars qw($VERSION %MMAP $AUTOLOAD);
-$VERSION = "1.16";
+$VERSION = "1.17";
%MMAP = (
"SHA-1" => [["Digest::SHA", 1], "Digest::SHA1", ["Digest::SHA2", 1]],
@@ -16,7 +16,7 @@
"CRC-16" => [["Digest::CRC", type => "crc16"]],
"CRC-32" => [["Digest::CRC", type => "crc32"]],
"CRC-CCITT" => [["Digest::CRC", type => "crcccitt"]],
- "RIPEMD-160" => "Crypt::PIPEMD160",
+ "RIPEMD-160" => "Crypt::RIPEMD160",
);
sub new
@@ -24,24 +24,27 @@
shift; # class ignored
my $algorithm = shift;
my $impl = $MMAP{$algorithm} || do {
- $algorithm =~ s/\W+//;
- "Digest::$algorithm";
+ $algorithm =~ s/\W+//g;
+ "Digest::$algorithm";
};
$impl = [$impl] unless ref($impl);
+ local $@; # don't clobber it for our caller
my $err;
for (@$impl) {
- my $class = $_;
- my @args;
- ($class, @args) = @$class if ref($class);
- no strict 'refs';
- unless (exists ${"$class\::"}{"VERSION"}) {
- eval "require $class";
- if ($@) {
- $err ||= $@;
- next;
- }
- }
- return $class->new(@args, @_);
+ my $class = $_;
+ my @args;
+ ($class, @args) = @$class if ref($class);
+ no strict 'refs';
+ unless (exists ${"$class\::"}{"VERSION"}) {
+ my $pm_file = $class . ".pm";
+ $pm_file =~ s{::}{/}g;
+ eval { require $pm_file };
+ if ($@) {
+ $err ||= $@;
+ next;
+ }
+ }
+ return $class->new(@args, @_);
}
die $err;
}
diff -Naur perl-5.12.4/cpan/Digest/t/base.t new/cpan/Digest/t/base.t
--- perl-5.12.4/cpan/Digest/t/base.t 2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/t/base.t 2012-04-09 14:20:51.993284381 -0700
@@ -1,7 +1,6 @@
#!perl -w
-use Test qw(plan ok);
-plan tests => 12;
+use Test::More tests => 12;
{
package LenDigest;
@@ -31,26 +30,26 @@
}
my $ctx = LenDigest->new;
-ok($ctx->digest, "X0000");
+is($ctx->digest, "X0000");
my $EBCDIC = ord('A') == 193;
if ($EBCDIC) {
- ok($ctx->hexdigest, "e7f0f0f0f0");
- ok($ctx->b64digest, "5/Dw8PA");
+ is($ctx->hexdigest, "e7f0f0f0f0");
+ is($ctx->b64digest, "5/Dw8PA");
} else {
- ok($ctx->hexdigest, "5830303030");
- ok($ctx->b64digest, "WDAwMDA");
+ is($ctx->hexdigest, "5830303030");
+ is($ctx->b64digest, "WDAwMDA");
}
$ctx->add("foo");
-ok($ctx->digest, "f0003");
+is($ctx->digest, "f0003");
$ctx->add("foo");
-ok($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033");
+is($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033");
$ctx->add("foo");
-ok($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM");
+is($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM");
open(F, ">xxtest$$") || die;
binmode(F);
@@ -62,23 +61,23 @@
close(F);
unlink("xxtest$$") || warn;
-ok($ctx->digest, "a0301");
+is($ctx->digest, "a0301");
eval {
$ctx->add_bits("1010");
};
-ok($@ =~ /^Number of bits must be multiple of 8/);
+like($@, '/^Number of bits must be multiple of 8/');
$ctx->add_bits($EBCDIC ? "11100100" : "01010101");
-ok($ctx->digest, "U0001");
+is($ctx->digest, "U0001");
eval {
$ctx->add_bits("abc", 12);
};
-ok($@ =~ /^Number of bits must be multiple of 8/);
+like($@, '/^Number of bits must be multiple of 8/');
$ctx->add_bits("abc", 16);
-ok($ctx->digest, "a0002");
+is($ctx->digest, "a0002");
$ctx->add_bits("abc", 32);
-ok($ctx->digest, "a0003");
+is($ctx->digest, "a0003");
diff -Naur perl-5.12.4/cpan/Digest/t/digest.t new/cpan/Digest/t/digest.t
--- perl-5.12.4/cpan/Digest/t/digest.t 2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/t/digest.t 2012-04-16 14:02:55.704568190 -0700
@@ -1,36 +1,23 @@
-print "1..3\n";
+#!/usr/bin/env perl
-use Digest;
+use strict;
+use Test::More tests => 4;
+
+# To find Digest::Dummy
+use lib 't/lib';
+use lib 'lib';
-{
- package Digest::Dummy;
- use vars qw($VERSION @ISA);
- $VERSION = 1;
-
- require Digest::base;
- @ISA = qw(Digest::base);
-
- sub new {
- my $class = shift;
- my $d = shift || "ooo";
- bless { d => $d }, $class;
- }
- sub add {}
- sub digest { shift->{d} }
-}
+use Digest;
+$@ = "rt#50663";
my $d;
$d = Digest->new("Dummy");
-print "not " unless $d->digest eq "ooo";
-print "ok 1\n";
+is $@, "rt#50663";
+is $d->digest, "ooo";
$d = Digest->Dummy;
-print "not " unless $d->digest eq "ooo";
-print "ok 2\n";
+is $d->digest, "ooo";
$Digest::MMAP{"Dummy-24"} = [["NotThere"], "NotThereEither", ["Digest::Dummy", 24]];
$d = Digest->new("Dummy-24");
-print "not " unless $d->digest eq "24";
-print "ok 3\n";
-
-
+is $d->digest, "24";
diff -Naur perl-5.12.4/cpan/Digest/t/file.t new/cpan/Digest/t/file.t
--- perl-5.12.4/cpan/Digest/t/file.t 2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/t/file.t 2012-04-09 14:20:52.032053178 -0700
@@ -1,7 +1,6 @@
#!perl -w
-use Test qw(plan ok);
-plan tests => 5;
+use Test::More tests => 5;
{
package Digest::Foo;
@@ -36,17 +35,17 @@
print F "foo\0\n";
close(F) || die "Can't write '$file': $!";
-ok(digest_file($file, "Foo"), "0005");
+is(digest_file($file, "Foo"), "0005");
if (ord('A') == 193) { # EBCDIC.
- ok(digest_file_hex($file, "Foo"), "f0f0f0f5");
- ok(digest_file_base64($file, "Foo"), "8PDw9Q");
+ is(digest_file_hex($file, "Foo"), "f0f0f0f5");
+ is(digest_file_base64($file, "Foo"), "8PDw9Q");
} else {
- ok(digest_file_hex($file, "Foo"), "30303035");
- ok(digest_file_base64($file, "Foo"), "MDAwNQ");
+ is(digest_file_hex($file, "Foo"), "30303035");
+ is(digest_file_base64($file, "Foo"), "MDAwNQ");
}
unlink($file) || warn "Can't unlink '$file': $!";
-ok(eval { digest_file("not-there.txt", "Foo") }, undef);
-ok($@);
+ok !eval { digest_file("not-there.txt", "Foo") };
+ok $@;
diff -Naur perl-5.12.4/cpan/Digest/t/lib/Digest/Dummy.pm new/cpan/Digest/t/lib/Digest/Dummy.pm
--- perl-5.12.4/cpan/Digest/t/lib/Digest/Dummy.pm 1969-12-31 16:00:00.000000000 -0800
+++ new/cpan/Digest/t/lib/Digest/Dummy.pm 2012-04-09 14:20:52.091220603 -0700
@@ -0,0 +1,20 @@
+package Digest::Dummy;
+
+use strict;
+use vars qw($VERSION @ISA);
+$VERSION = 1;
+
+require Digest::base;
+@ISA = qw(Digest::base);
+
+sub new {
+ my $class = shift;
+ my $d = shift || "ooo";
+ bless { d => $d }, $class;
+}
+
+sub add {}
+sub digest { shift->{d} }
+
+1;
+
diff -Naur perl-5.12.4/cpan/Digest/t/security.t new/cpan/Digest/t/security.t
--- perl-5.12.4/cpan/Digest/t/security.t 1969-12-31 16:00:00.000000000 -0800
+++ new/cpan/Digest/t/security.t 2012-04-09 14:20:52.126914007 -0700
@@ -0,0 +1,14 @@
+#!/usr/bin/env perl
+
+# Digest->new() had an exploitable eval
+
+use strict;
+use warnings;
+
+use Test::More tests => 1;
+
+use Digest;
+
+$LOL::PWNED = 0;
+eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
+is $LOL::PWNED, 0;
--- perl-5.12.4/patchlevel.h Mo jun 4 16:58:05 2012
+++ perl-5.12.4/patchlevel.h Mo jun 4 16:58:23 2012
@@ -132,6 +132,7 @@
#endif
PERL_GIT_UNPUSHED_COMMITS /* do not remove this line */
,"7111771 Problem with utility/perl"
+ ,"7125218 Problem with utility/perl"
,NULL
};