--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/perl512/patches/CVE-2011-3597.patch Mon Jun 04 23:18:18 2012 -0700
@@ -0,0 +1,300 @@
+diff -Naur perl-5.12.4/cpan/Digest/Changes new/cpan/Digest/Changes
+--- perl-5.12.4/cpan/Digest/Changes 2011-06-01 00:47:46.000000000 -0700
++++ new/cpan/Digest/Changes 2012-04-09 14:20:51.773966321 -0700
+@@ -1,3 +1,24 @@
++2011-10-02 Gisle Aas <[email protected]>
++
++ Release 1.17.
++
++ Gisle Aas (6):
++ Less noisy 'git status' output
++ Merge pull request #1 from schwern/bug/require_eval
++ Don't clobber $@ in Digest->new [RT#50663]
++ More meta info added to Makefile.PL
++ Fix typo in RIPEMD160 [RT#50629]
++ Add schwern's test files
++
++ Michael G. Schwern (5):
++ Turn on strict.
++ Convert tests to use Test::More
++ Untabify
++ Turn Digest::Dummy into a real file which exercises the Digest->new() require logic.
++ Close the eval "require $module" security hole in Digest->new($algorithm)
++
++
++
+ 2009-06-09 Gisle Aas <[email protected]>
+
+ Release 1.16.
+diff -Naur perl-5.12.4/cpan/Digest/Digest.pm new/cpan/Digest/Digest.pm
+--- perl-5.12.4/cpan/Digest/Digest.pm 2011-06-01 00:47:46.000000000 -0700
++++ new/cpan/Digest/Digest.pm 2012-04-09 14:20:51.876396277 -0700
+@@ -3,7 +3,7 @@
+ use strict;
+ use vars qw($VERSION %MMAP $AUTOLOAD);
+
+-$VERSION = "1.16";
++$VERSION = "1.17";
+
+ %MMAP = (
+ "SHA-1" => [["Digest::SHA", 1], "Digest::SHA1", ["Digest::SHA2", 1]],
+@@ -16,7 +16,7 @@
+ "CRC-16" => [["Digest::CRC", type => "crc16"]],
+ "CRC-32" => [["Digest::CRC", type => "crc32"]],
+ "CRC-CCITT" => [["Digest::CRC", type => "crcccitt"]],
+- "RIPEMD-160" => "Crypt::PIPEMD160",
++ "RIPEMD-160" => "Crypt::RIPEMD160",
+ );
+
+ sub new
+@@ -24,24 +24,27 @@
+ shift; # class ignored
+ my $algorithm = shift;
+ my $impl = $MMAP{$algorithm} || do {
+- $algorithm =~ s/\W+//;
+- "Digest::$algorithm";
++ $algorithm =~ s/\W+//g;
++ "Digest::$algorithm";
+ };
+ $impl = [$impl] unless ref($impl);
++ local $@; # don't clobber it for our caller
+ my $err;
+ for (@$impl) {
+- my $class = $_;
+- my @args;
+- ($class, @args) = @$class if ref($class);
+- no strict 'refs';
+- unless (exists ${"$class\::"}{"VERSION"}) {
+- eval "require $class";
+- if ($@) {
+- $err ||= $@;
+- next;
+- }
+- }
+- return $class->new(@args, @_);
++ my $class = $_;
++ my @args;
++ ($class, @args) = @$class if ref($class);
++ no strict 'refs';
++ unless (exists ${"$class\::"}{"VERSION"}) {
++ my $pm_file = $class . ".pm";
++ $pm_file =~ s{::}{/}g;
++ eval { require $pm_file };
++ if ($@) {
++ $err ||= $@;
++ next;
++ }
++ }
++ return $class->new(@args, @_);
+ }
+ die $err;
+ }
+diff -Naur perl-5.12.4/cpan/Digest/t/base.t new/cpan/Digest/t/base.t
+--- perl-5.12.4/cpan/Digest/t/base.t 2011-06-01 00:47:46.000000000 -0700
++++ new/cpan/Digest/t/base.t 2012-04-09 14:20:51.993284381 -0700
+@@ -1,7 +1,6 @@
+ #!perl -w
+
+-use Test qw(plan ok);
+-plan tests => 12;
++use Test::More tests => 12;
+
+ {
+ package LenDigest;
+@@ -31,26 +30,26 @@
+ }
+
+ my $ctx = LenDigest->new;
+-ok($ctx->digest, "X0000");
++is($ctx->digest, "X0000");
+
+ my $EBCDIC = ord('A') == 193;
+
+ if ($EBCDIC) {
+- ok($ctx->hexdigest, "e7f0f0f0f0");
+- ok($ctx->b64digest, "5/Dw8PA");
++ is($ctx->hexdigest, "e7f0f0f0f0");
++ is($ctx->b64digest, "5/Dw8PA");
+ } else {
+- ok($ctx->hexdigest, "5830303030");
+- ok($ctx->b64digest, "WDAwMDA");
++ is($ctx->hexdigest, "5830303030");
++ is($ctx->b64digest, "WDAwMDA");
+ }
+
+ $ctx->add("foo");
+-ok($ctx->digest, "f0003");
++is($ctx->digest, "f0003");
+
+ $ctx->add("foo");
+-ok($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033");
++is($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033");
+
+ $ctx->add("foo");
+-ok($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM");
++is($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM");
+
+ open(F, ">xxtest$$") || die;
+ binmode(F);
+@@ -62,23 +61,23 @@
+ close(F);
+ unlink("xxtest$$") || warn;
+
+-ok($ctx->digest, "a0301");
++is($ctx->digest, "a0301");
+
+ eval {
+ $ctx->add_bits("1010");
+ };
+-ok($@ =~ /^Number of bits must be multiple of 8/);
++like($@, '/^Number of bits must be multiple of 8/');
+
+ $ctx->add_bits($EBCDIC ? "11100100" : "01010101");
+-ok($ctx->digest, "U0001");
++is($ctx->digest, "U0001");
+
+ eval {
+ $ctx->add_bits("abc", 12);
+ };
+-ok($@ =~ /^Number of bits must be multiple of 8/);
++like($@, '/^Number of bits must be multiple of 8/');
+
+ $ctx->add_bits("abc", 16);
+-ok($ctx->digest, "a0002");
++is($ctx->digest, "a0002");
+
+ $ctx->add_bits("abc", 32);
+-ok($ctx->digest, "a0003");
++is($ctx->digest, "a0003");
+diff -Naur perl-5.12.4/cpan/Digest/t/digest.t new/cpan/Digest/t/digest.t
+--- perl-5.12.4/cpan/Digest/t/digest.t 2011-06-01 00:47:46.000000000 -0700
++++ new/cpan/Digest/t/digest.t 2012-04-16 14:02:55.704568190 -0700
+@@ -1,36 +1,23 @@
+-print "1..3\n";
++#!/usr/bin/env perl
+
+-use Digest;
++use strict;
++use Test::More tests => 4;
++
++# To find Digest::Dummy
++use lib 't/lib';
++use lib 'lib';
+
+-{
+- package Digest::Dummy;
+- use vars qw($VERSION @ISA);
+- $VERSION = 1;
+-
+- require Digest::base;
+- @ISA = qw(Digest::base);
+-
+- sub new {
+- my $class = shift;
+- my $d = shift || "ooo";
+- bless { d => $d }, $class;
+- }
+- sub add {}
+- sub digest { shift->{d} }
+-}
++use Digest;
+
++$@ = "rt#50663";
+ my $d;
+ $d = Digest->new("Dummy");
+-print "not " unless $d->digest eq "ooo";
+-print "ok 1\n";
++is $@, "rt#50663";
++is $d->digest, "ooo";
+
+ $d = Digest->Dummy;
+-print "not " unless $d->digest eq "ooo";
+-print "ok 2\n";
++is $d->digest, "ooo";
+
+ $Digest::MMAP{"Dummy-24"} = [["NotThere"], "NotThereEither", ["Digest::Dummy", 24]];
+ $d = Digest->new("Dummy-24");
+-print "not " unless $d->digest eq "24";
+-print "ok 3\n";
+-
+-
++is $d->digest, "24";
+diff -Naur perl-5.12.4/cpan/Digest/t/file.t new/cpan/Digest/t/file.t
+--- perl-5.12.4/cpan/Digest/t/file.t 2011-06-01 00:47:46.000000000 -0700
++++ new/cpan/Digest/t/file.t 2012-04-09 14:20:52.032053178 -0700
+@@ -1,7 +1,6 @@
+ #!perl -w
+
+-use Test qw(plan ok);
+-plan tests => 5;
++use Test::More tests => 5;
+
+ {
+ package Digest::Foo;
+@@ -36,17 +35,17 @@
+ print F "foo\0\n";
+ close(F) || die "Can't write '$file': $!";
+
+-ok(digest_file($file, "Foo"), "0005");
++is(digest_file($file, "Foo"), "0005");
+
+ if (ord('A') == 193) { # EBCDIC.
+- ok(digest_file_hex($file, "Foo"), "f0f0f0f5");
+- ok(digest_file_base64($file, "Foo"), "8PDw9Q");
++ is(digest_file_hex($file, "Foo"), "f0f0f0f5");
++ is(digest_file_base64($file, "Foo"), "8PDw9Q");
+ } else {
+- ok(digest_file_hex($file, "Foo"), "30303035");
+- ok(digest_file_base64($file, "Foo"), "MDAwNQ");
++ is(digest_file_hex($file, "Foo"), "30303035");
++ is(digest_file_base64($file, "Foo"), "MDAwNQ");
+ }
+
+ unlink($file) || warn "Can't unlink '$file': $!";
+
+-ok(eval { digest_file("not-there.txt", "Foo") }, undef);
+-ok($@);
++ok !eval { digest_file("not-there.txt", "Foo") };
++ok $@;
+diff -Naur perl-5.12.4/cpan/Digest/t/lib/Digest/Dummy.pm new/cpan/Digest/t/lib/Digest/Dummy.pm
+--- perl-5.12.4/cpan/Digest/t/lib/Digest/Dummy.pm 1969-12-31 16:00:00.000000000 -0800
++++ new/cpan/Digest/t/lib/Digest/Dummy.pm 2012-04-09 14:20:52.091220603 -0700
+@@ -0,0 +1,20 @@
++package Digest::Dummy;
++
++use strict;
++use vars qw($VERSION @ISA);
++$VERSION = 1;
++
++require Digest::base;
++@ISA = qw(Digest::base);
++
++sub new {
++ my $class = shift;
++ my $d = shift || "ooo";
++ bless { d => $d }, $class;
++}
++
++sub add {}
++sub digest { shift->{d} }
++
++1;
++
+diff -Naur perl-5.12.4/cpan/Digest/t/security.t new/cpan/Digest/t/security.t
+--- perl-5.12.4/cpan/Digest/t/security.t 1969-12-31 16:00:00.000000000 -0800
++++ new/cpan/Digest/t/security.t 2012-04-09 14:20:52.126914007 -0700
+@@ -0,0 +1,14 @@
++#!/usr/bin/env perl
++
++# Digest->new() had an exploitable eval
++
++use strict;
++use warnings;
++
++use Test::More tests => 1;
++
++use Digest;
++
++$LOL::PWNED = 0;
++eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
++is $LOL::PWNED, 0;