main/perl-digest-sha1: fix segfault

https://rt.cpan.org/Public/Bug/Display.html?id=94188

2 files changed, 49 insertions, 6 deletions

diff --git a/main/perl-digest-sha1/APKBUILD b/main/perl-digest-sha1/APKBUILD
index fb95ca72ce..6ed9e10533 100644
--- a/main/perl-digest-sha1/APKBUILD
+++ b/main/perl-digest-sha1/APKBUILD
@@ -3,25 +3,46 @@
 pkgname=perl-digest-sha1
 _realname=Digest-SHA1
 pkgver=2.13
-pkgrel=5
+pkgrel=6
 pkgdesc="Perl interface to the SHA-1 algorithm"
-url="http://search.cpan.org/~gaas/Digest-SHA1-2.12/"
+url="http://search.cpan.org/dist/Digest-SHA1/"
 arch="all"
 license="GPL PerlArtistic"
 depends="perl"
 makedepends="perl-dev"
 install=
 subpackages="$pkgname-doc"
-source="http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/$_realname-$pkgver.tar.gz"
+source="http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/$_realname-$pkgver.tar.gz
+	perl-digest-sha1-check-object.patch
+	"
 
-build() {
+prepare() {
 	cd "$srcdir/$_realname-$pkgver"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor \
+		OPTIMIZE="$CFLAGS" || return 1
+}
 
-	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+build() {
+	cd "$srcdir/$_realname-$pkgver"
 	make || return 1
+}
+
+package() {
+	cd "$srcdir/$_realname-$pkgver"
 	make DESTDIR="$pkgdir" install
 	# creates file collision among perl modules
 	find "$pkgdir" -name perllocal.pod -delete
 }
 
-md5sums="bd22388f268434f2b24f64e28bf1aa35  Digest-SHA1-2.13.tar.gz"
+md5sums="bd22388f268434f2b24f64e28bf1aa35  Digest-SHA1-2.13.tar.gz
+fac055476741f65e4f6b04c609d72e9b  perl-digest-sha1-check-object.patch"
+sha256sums="68c1dac2187421f0eb7abf71452a06f190181b8fc4b28ededf5b90296fb943cc  Digest-SHA1-2.13.tar.gz
+eb40d553901495de6283de0c5bfe20aff9c255db1e88a82615b5e71be689e814  perl-digest-sha1-check-object.patch"
+sha512sums="44d0c57ecc7d2126a0387552e76c9204e45fba174af6ff7abc1c9ae00d549eb7370ee20948caf12fafefedec0098b8231249d14b109c53470ee1d5bf3de3305d  Digest-SHA1-2.13.tar.gz
+73547d04bbd77cb82f0611132c2105574f528f2a07f4de436c41af606ec505a6a4b634f4397f4cee2d9aa94687957515ac8546b264ca8f71cbd4d4f5fdd5ee74  perl-digest-sha1-check-object.patch"
diff --git a/main/perl-digest-sha1/perl-digest-sha1-check-object.patch b/main/perl-digest-sha1/perl-digest-sha1-check-object.patch
new file mode 100644
index 0000000000..110ef42d7e
--- /dev/null
+++ b/main/perl-digest-sha1/perl-digest-sha1-check-object.patch
@@ -0,0 +1,22 @@
+https://rt.cpan.org/Public/Ticket/Attachment/WithHeaders/712715
+
+The get_sha_info() function in SHA1.xs does not check that its argument
+is an actual object.  This means that segfaults can be generated by
+commands such as:
+
+$ perl -Mblib -e "use Digest::SHA1; print Digest::SHA1->add(q(a))->hexdigest"
+Segmentation fault
+
+diff -Naur Digest-SHA1-2.13/SHA1.xs Digest-SHA1-2.13.patched/SHA1.xs
+--- Digest-SHA1-2.13/SHA1.xs	2010-07-02 23:51:12.000000000 -0700
++++ Digest-SHA1-2.13.patched/SHA1.xs	2014-03-25 12:43:53.233272555 -0700
+@@ -372,7 +372,7 @@
+ 
+ static SHA_INFO* get_sha_info(pTHX_ SV* sv)
+ {
+-    if (sv_derived_from(sv, "Digest::SHA1"))
++    if (sv_isobject(sv) && sv_derived_from(sv, "Digest::SHA1"))
+ 	return INT2PTR(SHA_INFO*, SvIV(SvRV(sv)));
+     croak("Not a reference to a Digest::SHA1 object");
+     return (SHA_INFO*)0; /* some compilers insist on a return value */
+