diff options
-rw-r--r-- | main/perl-digest-sha1/APKBUILD | 33 | ||||
-rw-r--r-- | main/perl-digest-sha1/perl-digest-sha1-check-object.patch | 22 |
2 files changed, 49 insertions, 6 deletions
diff --git a/main/perl-digest-sha1/APKBUILD b/main/perl-digest-sha1/APKBUILD index fb95ca72ce..6ed9e10533 100644 --- a/main/perl-digest-sha1/APKBUILD +++ b/main/perl-digest-sha1/APKBUILD @@ -3,25 +3,46 @@ pkgname=perl-digest-sha1 _realname=Digest-SHA1 pkgver=2.13 -pkgrel=5 +pkgrel=6 pkgdesc="Perl interface to the SHA-1 algorithm" -url="http://search.cpan.org/~gaas/Digest-SHA1-2.12/" +url="http://search.cpan.org/dist/Digest-SHA1/" arch="all" license="GPL PerlArtistic" depends="perl" makedepends="perl-dev" install= subpackages="$pkgname-doc" -source="http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/$_realname-$pkgver.tar.gz" +source="http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/$_realname-$pkgver.tar.gz + perl-digest-sha1-check-object.patch + " -build() { +prepare() { cd "$srcdir/$_realname-$pkgver" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done + + PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor \ + OPTIMIZE="$CFLAGS" || return 1 +} - PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1 +build() { + cd "$srcdir/$_realname-$pkgver" make || return 1 +} + +package() { + cd "$srcdir/$_realname-$pkgver" make DESTDIR="$pkgdir" install # creates file collision among perl modules find "$pkgdir" -name perllocal.pod -delete } -md5sums="bd22388f268434f2b24f64e28bf1aa35 Digest-SHA1-2.13.tar.gz" +md5sums="bd22388f268434f2b24f64e28bf1aa35 Digest-SHA1-2.13.tar.gz +fac055476741f65e4f6b04c609d72e9b perl-digest-sha1-check-object.patch" +sha256sums="68c1dac2187421f0eb7abf71452a06f190181b8fc4b28ededf5b90296fb943cc Digest-SHA1-2.13.tar.gz +eb40d553901495de6283de0c5bfe20aff9c255db1e88a82615b5e71be689e814 perl-digest-sha1-check-object.patch" +sha512sums="44d0c57ecc7d2126a0387552e76c9204e45fba174af6ff7abc1c9ae00d549eb7370ee20948caf12fafefedec0098b8231249d14b109c53470ee1d5bf3de3305d Digest-SHA1-2.13.tar.gz +73547d04bbd77cb82f0611132c2105574f528f2a07f4de436c41af606ec505a6a4b634f4397f4cee2d9aa94687957515ac8546b264ca8f71cbd4d4f5fdd5ee74 perl-digest-sha1-check-object.patch" diff --git a/main/perl-digest-sha1/perl-digest-sha1-check-object.patch b/main/perl-digest-sha1/perl-digest-sha1-check-object.patch new file mode 100644 index 0000000000..110ef42d7e --- /dev/null +++ b/main/perl-digest-sha1/perl-digest-sha1-check-object.patch @@ -0,0 +1,22 @@ +https://rt.cpan.org/Public/Ticket/Attachment/WithHeaders/712715 + +The get_sha_info() function in SHA1.xs does not check that its argument +is an actual object. This means that segfaults can be generated by +commands such as: + +$ perl -Mblib -e "use Digest::SHA1; print Digest::SHA1->add(q(a))->hexdigest" +Segmentation fault + +diff -Naur Digest-SHA1-2.13/SHA1.xs Digest-SHA1-2.13.patched/SHA1.xs +--- Digest-SHA1-2.13/SHA1.xs 2010-07-02 23:51:12.000000000 -0700 ++++ Digest-SHA1-2.13.patched/SHA1.xs 2014-03-25 12:43:53.233272555 -0700 +@@ -372,7 +372,7 @@ + + static SHA_INFO* get_sha_info(pTHX_ SV* sv) + { +- if (sv_derived_from(sv, "Digest::SHA1")) ++ if (sv_isobject(sv) && sv_derived_from(sv, "Digest::SHA1")) + return INT2PTR(SHA_INFO*, SvIV(SvRV(sv))); + croak("Not a reference to a Digest::SHA1 object"); + return (SHA_INFO*)0; /* some compilers insist on a return value */ + |