Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/perl512/patches/CVE-2011-3597.patch
author Mohana Rao Gorai <mohana.gorai@oracle.com>
Mon, 24 Mar 2014 09:57:22 -0700
branchs11u1-sru
changeset 3001 b96508535208
parent 884 cd5a2da081ff
permissions -rw-r--r--
16242256 linkUpDownNotifications does not work as described in snmpd.conf man page 15819411 SUNBT7201970 There is no "PORTNUMBER" info for "traphandle" in solaris11 snmptra 15754602 SUNBT7111031 snmpd dumping during walk as strs test suite winds down its connect

diff -Naur perl-5.12.4/cpan/Digest/Changes new/cpan/Digest/Changes
--- perl-5.12.4/cpan/Digest/Changes	2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/Changes	2012-04-09 14:20:51.773966321 -0700
@@ -1,3 +1,24 @@
+2011-10-02   Gisle Aas <[email protected]>
+
+   Release 1.17.
+
+   Gisle Aas (6):
+      Less noisy 'git status' output
+      Merge pull request #1 from schwern/bug/require_eval
+      Don't clobber $@ in Digest->new [RT#50663]
+      More meta info added to Makefile.PL
+      Fix typo in RIPEMD160 [RT#50629]
+      Add schwern's test files
+
+   Michael G. Schwern (5):
+      Turn on strict.
+      Convert tests to use Test::More
+      Untabify
+      Turn Digest::Dummy into a real file which exercises the Digest->new() require logic.
+      Close the eval "require $module" security hole in Digest->new($algorithm)
+
+
+
 2009-06-09   Gisle Aas <[email protected]>
 
    Release 1.16.
diff -Naur perl-5.12.4/cpan/Digest/Digest.pm new/cpan/Digest/Digest.pm
--- perl-5.12.4/cpan/Digest/Digest.pm	2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/Digest.pm	2012-04-09 14:20:51.876396277 -0700
@@ -3,7 +3,7 @@
 use strict;
 use vars qw($VERSION %MMAP $AUTOLOAD);
 
-$VERSION = "1.16";
+$VERSION = "1.17";
 
 %MMAP = (
   "SHA-1"      => [["Digest::SHA", 1], "Digest::SHA1", ["Digest::SHA2", 1]],
@@ -16,7 +16,7 @@
   "CRC-16"     => [["Digest::CRC", type => "crc16"]],
   "CRC-32"     => [["Digest::CRC", type => "crc32"]],
   "CRC-CCITT"  => [["Digest::CRC", type => "crcccitt"]],
-  "RIPEMD-160" => "Crypt::PIPEMD160",
+  "RIPEMD-160" => "Crypt::RIPEMD160",
 );
 
 sub new
@@ -24,24 +24,27 @@
     shift;  # class ignored
     my $algorithm = shift;
     my $impl = $MMAP{$algorithm} || do {
-	$algorithm =~ s/\W+//;
-	"Digest::$algorithm";
+        $algorithm =~ s/\W+//g;
+        "Digest::$algorithm";
     };
     $impl = [$impl] unless ref($impl);
+    local $@;  # don't clobber it for our caller
     my $err;
     for  (@$impl) {
-	my $class = $_;
-	my @args;
-	($class, @args) = @$class if ref($class);
-	no strict 'refs';
-	unless (exists ${"$class\::"}{"VERSION"}) {
-	    eval "require $class";
-	    if ($@) {
-		$err ||= $@;
-		next;
-	    }
-	}
-	return $class->new(@args, @_);
+        my $class = $_;
+        my @args;
+        ($class, @args) = @$class if ref($class);
+        no strict 'refs';
+        unless (exists ${"$class\::"}{"VERSION"}) {
+            my $pm_file = $class . ".pm";
+            $pm_file =~ s{::}{/}g;
+            eval { require $pm_file };
+            if ($@) {
+                $err ||= $@;
+                next;
+            }
+        }
+        return $class->new(@args, @_);
     }
     die $err;
 }
diff -Naur perl-5.12.4/cpan/Digest/t/base.t new/cpan/Digest/t/base.t
--- perl-5.12.4/cpan/Digest/t/base.t	2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/t/base.t	2012-04-09 14:20:51.993284381 -0700
@@ -1,7 +1,6 @@
 #!perl -w
 
-use Test qw(plan ok);
-plan tests => 12;
+use Test::More tests => 12;
 
 {
    package LenDigest;
@@ -31,26 +30,26 @@
 }
 
 my $ctx = LenDigest->new;
-ok($ctx->digest, "X0000");
+is($ctx->digest, "X0000");
 
 my $EBCDIC = ord('A') == 193;
 
 if ($EBCDIC) {
-    ok($ctx->hexdigest, "e7f0f0f0f0");
-    ok($ctx->b64digest, "5/Dw8PA");
+    is($ctx->hexdigest, "e7f0f0f0f0");
+    is($ctx->b64digest, "5/Dw8PA");
 } else {
-    ok($ctx->hexdigest, "5830303030");
-    ok($ctx->b64digest, "WDAwMDA");
+    is($ctx->hexdigest, "5830303030");
+    is($ctx->b64digest, "WDAwMDA");
 }
 
 $ctx->add("foo");
-ok($ctx->digest, "f0003");
+is($ctx->digest, "f0003");
 
 $ctx->add("foo");
-ok($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033");
+is($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033");
 
 $ctx->add("foo");
-ok($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM");
+is($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM");
 
 open(F, ">xxtest$$") || die;
 binmode(F);
@@ -62,23 +61,23 @@
 close(F);
 unlink("xxtest$$") || warn;
 
-ok($ctx->digest, "a0301");
+is($ctx->digest, "a0301");
 
 eval {
     $ctx->add_bits("1010");
 };
-ok($@ =~ /^Number of bits must be multiple of 8/);
+like($@, '/^Number of bits must be multiple of 8/');
 
 $ctx->add_bits($EBCDIC ? "11100100" : "01010101");
-ok($ctx->digest, "U0001");
+is($ctx->digest, "U0001");
 
 eval {
     $ctx->add_bits("abc", 12);
 };
-ok($@ =~ /^Number of bits must be multiple of 8/);
+like($@, '/^Number of bits must be multiple of 8/');
 
 $ctx->add_bits("abc", 16);
-ok($ctx->digest, "a0002");
+is($ctx->digest, "a0002");
 
 $ctx->add_bits("abc", 32);
-ok($ctx->digest, "a0003");
+is($ctx->digest, "a0003");
diff -Naur perl-5.12.4/cpan/Digest/t/digest.t new/cpan/Digest/t/digest.t
--- perl-5.12.4/cpan/Digest/t/digest.t	2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/t/digest.t	2012-04-16 14:02:55.704568190 -0700
@@ -1,36 +1,23 @@
-print "1..3\n";
+#!/usr/bin/env perl
 
-use Digest;
+use strict;
+use Test::More tests => 4;
+
+# To find Digest::Dummy
+use lib 't/lib';
+use lib 'lib';
 
-{
-    package Digest::Dummy;
-    use vars qw($VERSION @ISA);
-    $VERSION = 1;
-
-    require Digest::base;
-    @ISA = qw(Digest::base);
-
-    sub new {
-	my $class = shift;
-	my $d = shift || "ooo";
-	bless { d => $d }, $class;
-    }
-    sub add {}
-    sub digest { shift->{d} }
-}
+use Digest;
 
+$@ = "rt#50663";
 my $d;
 $d = Digest->new("Dummy");
-print "not " unless $d->digest eq "ooo";
-print "ok 1\n";
+is $@, "rt#50663";
+is $d->digest, "ooo";
 
 $d = Digest->Dummy;
-print "not " unless $d->digest eq "ooo";
-print "ok 2\n";
+is $d->digest, "ooo";
 
 $Digest::MMAP{"Dummy-24"} = [["NotThere"], "NotThereEither", ["Digest::Dummy", 24]];
 $d = Digest->new("Dummy-24");
-print "not " unless $d->digest eq "24";
-print "ok 3\n";
-
-
+is $d->digest, "24";
diff -Naur perl-5.12.4/cpan/Digest/t/file.t new/cpan/Digest/t/file.t
--- perl-5.12.4/cpan/Digest/t/file.t	2011-06-01 00:47:46.000000000 -0700
+++ new/cpan/Digest/t/file.t	2012-04-09 14:20:52.032053178 -0700
@@ -1,7 +1,6 @@
 #!perl -w
 
-use Test qw(plan ok);
-plan tests => 5;
+use Test::More tests => 5;
 
 {
    package Digest::Foo;
@@ -36,17 +35,17 @@
 print F "foo\0\n";
 close(F) || die "Can't write '$file': $!";
 
-ok(digest_file($file, "Foo"), "0005");
+is(digest_file($file, "Foo"), "0005");
 
 if (ord('A') == 193) { # EBCDIC.
-    ok(digest_file_hex($file, "Foo"), "f0f0f0f5");
-    ok(digest_file_base64($file, "Foo"), "8PDw9Q");
+    is(digest_file_hex($file, "Foo"), "f0f0f0f5");
+    is(digest_file_base64($file, "Foo"), "8PDw9Q");
 } else {
-    ok(digest_file_hex($file, "Foo"), "30303035");
-    ok(digest_file_base64($file, "Foo"), "MDAwNQ");
+    is(digest_file_hex($file, "Foo"), "30303035");
+    is(digest_file_base64($file, "Foo"), "MDAwNQ");
 }
 
 unlink($file) || warn "Can't unlink '$file': $!";
 
-ok(eval { digest_file("not-there.txt", "Foo") }, undef);
-ok($@);
+ok !eval { digest_file("not-there.txt", "Foo") };
+ok $@;
diff -Naur perl-5.12.4/cpan/Digest/t/lib/Digest/Dummy.pm new/cpan/Digest/t/lib/Digest/Dummy.pm
--- perl-5.12.4/cpan/Digest/t/lib/Digest/Dummy.pm	1969-12-31 16:00:00.000000000 -0800
+++ new/cpan/Digest/t/lib/Digest/Dummy.pm	2012-04-09 14:20:52.091220603 -0700
@@ -0,0 +1,20 @@
+package Digest::Dummy;
+
+use strict;
+use vars qw($VERSION @ISA);
+$VERSION = 1;
+
+require Digest::base;
+@ISA = qw(Digest::base);
+
+sub new {
+    my $class = shift;
+    my $d = shift || "ooo";
+    bless { d => $d }, $class;
+}
+
+sub add {}
+sub digest { shift->{d} }
+
+1;
+
diff -Naur perl-5.12.4/cpan/Digest/t/security.t new/cpan/Digest/t/security.t
--- perl-5.12.4/cpan/Digest/t/security.t	1969-12-31 16:00:00.000000000 -0800
+++ new/cpan/Digest/t/security.t	2012-04-09 14:20:52.126914007 -0700
@@ -0,0 +1,14 @@
+#!/usr/bin/env perl
+
+# Digest->new() had an exploitable eval
+
+use strict;
+use warnings;
+
+use Test::More tests => 1;
+
+use Digest;
+
+$LOL::PWNED = 0;
+eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
+is $LOL::PWNED, 0;
diff -Naur perl-5.12.4/MANIFEST new/MANIFEST
--- perl-5.12.4/MANIFEST	2012-06-13 14:23:21.347805553 -0700
+++ new/MANIFEST	2012-06-13 15:08:46.655737770 -0700
@@ -704,6 +704,8 @@
 cpan/Digest/t/base.t		See if Digest extensions work
 cpan/Digest/t/digest.t		See if Digest extensions work
 cpan/Digest/t/file.t		See if Digest extensions work
+cpan/Digest/t/lib/Digest/Dummy.pm
+cpan/Digest/t/security.t
 cpan/Encode/AUTHORS		List of authors
 cpan/Encode/bin/enc2xs		Encode module generator
 cpan/Encode/bin/piconv		iconv by perl
upstream/oracle/userland-gate