From a2fa999d41c94d622051667d897fedca90be1828 Mon Sep 17 00:00:00 2001 From: Chris 'BinGOs' Williams Date: Sun, 2 Oct 2011 19:24:33 +0100 Subject: [PATCH] Update Digest to CPAN version 1.17 [DELTA] 2011-10-02 Gisle Aas Release 1.17. Gisle Aas (6): Less noisy 'git status' output Merge pull request #1 from schwern/bug/require_eval Don't clobber $@ in Digest->new [RT#50663] More meta info added to Makefile.PL Fix typo in RIPEMD160 [RT#50629] Add schwern's test files Michael G. Schwern (5): Turn on strict. Convert tests to use Test::More Untabify Turn Digest::Dummy into a real file which exercises the Digest->new() require logic. Close the eval "require $module" security hole in Digest->new($algorithm) --- MANIFEST | 2 ++ Porting/Maintainers.pl | 2 +- cpan/Digest/Changes | 21 +++++++++++++++++++++ cpan/Digest/Digest.pm | 35 +++++++++++++++++++---------------- cpan/Digest/t/base.t | 31 +++++++++++++++---------------- cpan/Digest/t/digest.t | 36 +++++++++++------------------------- cpan/Digest/t/file.t | 17 ++++++++--------- cpan/Digest/t/lib/Digest/Dummy.pm | 20 ++++++++++++++++++++ cpan/Digest/t/security.t | 14 ++++++++++++++ pod/perldelta.pod | 4 ++++ 10 files changed, 115 insertions(+), 67 deletions(-) create mode 100644 cpan/Digest/t/lib/Digest/Dummy.pm create mode 100644 cpan/Digest/t/security.t diff --git a/MANIFEST b/MANIFEST index b8c5d9c..b6eaf80 100644 --- a/MANIFEST +++ b/MANIFEST @@ -794,6 +794,8 @@ cpan/Digest-SHA/typemap Typemap for Digest::SHA cpan/Digest/t/base.t See if Digest extensions work cpan/Digest/t/digest.t See if Digest extensions work cpan/Digest/t/file.t See if Digest extensions work +cpan/Digest/t/lib/Digest/Dummy.pm See if Digest extensions work +cpan/Digest/t/security.t See if Digest extensions work cpan/Encode/AUTHORS List of authors cpan/Encode/bin/enc2xs Encode module generator cpan/Encode/bin/piconv iconv by perl diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl index 9e76e03..b4c8211 100755 --- a/Porting/Maintainers.pl +++ b/Porting/Maintainers.pl @@ -579,7 +579,7 @@ use File::Glob qw(:case); 'Digest' => { 'MAINTAINER' => 'gaas', - 'DISTRIBUTION' => 'GAAS/Digest-1.16.tar.gz', + 'DISTRIBUTION' => 'GAAS/Digest-1.17.tar.gz', 'FILES' => q[cpan/Digest], 'EXCLUDED' => [ qw{digest-bench} ], 'UPSTREAM' => "cpan", diff --git a/cpan/Digest/Changes b/cpan/Digest/Changes index be5a3de..d91cb35 100644 --- a/cpan/Digest/Changes +++ b/cpan/Digest/Changes @@ -1,3 +1,24 @@ +2011-10-02 Gisle Aas + + Release 1.17. + + Gisle Aas (6): + Less noisy 'git status' output + Merge pull request #1 from schwern/bug/require_eval + Don't clobber $@ in Digest->new [RT#50663] + More meta info added to Makefile.PL + Fix typo in RIPEMD160 [RT#50629] + Add schwern's test files + + Michael G. Schwern (5): + Turn on strict. + Convert tests to use Test::More + Untabify + Turn Digest::Dummy into a real file which exercises the Digest->new() require logic. + Close the eval "require $module" security hole in Digest->new($algorithm) + + + 2009-06-09 Gisle Aas Release 1.16. diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm index 384dfc8..c3355a8 100644 --- a/cpan/Digest/Digest.pm +++ b/cpan/Digest/Digest.pm @@ -3,7 +3,7 @@ package Digest; use strict; use vars qw($VERSION %MMAP $AUTOLOAD); -$VERSION = "1.16"; +$VERSION = "1.17"; %MMAP = ( "SHA-1" => [["Digest::SHA", 1], "Digest::SHA1", ["Digest::SHA2", 1]], @@ -16,7 +16,7 @@ $VERSION = "1.16"; "CRC-16" => [["Digest::CRC", type => "crc16"]], "CRC-32" => [["Digest::CRC", type => "crc32"]], "CRC-CCITT" => [["Digest::CRC", type => "crcccitt"]], - "RIPEMD-160" => "Crypt::PIPEMD160", + "RIPEMD-160" => "Crypt::RIPEMD160", ); sub new @@ -24,24 +24,27 @@ sub new shift; # class ignored my $algorithm = shift; my $impl = $MMAP{$algorithm} || do { - $algorithm =~ s/\W+//; - "Digest::$algorithm"; + $algorithm =~ s/\W+//g; + "Digest::$algorithm"; }; $impl = [$impl] unless ref($impl); + local $@; # don't clobber it for our caller my $err; for (@$impl) { - my $class = $_; - my @args; - ($class, @args) = @$class if ref($class); - no strict 'refs'; - unless (exists ${"$class\::"}{"VERSION"}) { - eval "require $class"; - if ($@) { - $err ||= $@; - next; - } - } - return $class->new(@args, @_); + my $class = $_; + my @args; + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { + my $pm_file = $class . ".pm"; + $pm_file =~ s{::}{/}g; + eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; + } + } + return $class->new(@args, @_); } die $err; } diff --git a/cpan/Digest/t/base.t b/cpan/Digest/t/base.t index b2614f7..bd87a5d 100644 --- a/cpan/Digest/t/base.t +++ b/cpan/Digest/t/base.t @@ -1,7 +1,6 @@ #!perl -w -use Test qw(plan ok); -plan tests => 12; +use Test::More tests => 12; { package LenDigest; @@ -31,26 +30,26 @@ plan tests => 12; } my $ctx = LenDigest->new; -ok($ctx->digest, "X0000"); +is($ctx->digest, "X0000"); my $EBCDIC = ord('A') == 193; if ($EBCDIC) { - ok($ctx->hexdigest, "e7f0f0f0f0"); - ok($ctx->b64digest, "5/Dw8PA"); + is($ctx->hexdigest, "e7f0f0f0f0"); + is($ctx->b64digest, "5/Dw8PA"); } else { - ok($ctx->hexdigest, "5830303030"); - ok($ctx->b64digest, "WDAwMDA"); + is($ctx->hexdigest, "5830303030"); + is($ctx->b64digest, "WDAwMDA"); } $ctx->add("foo"); -ok($ctx->digest, "f0003"); +is($ctx->digest, "f0003"); $ctx->add("foo"); -ok($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033"); +is($ctx->hexdigest, $EBCDIC ? "86f0f0f0f3" : "6630303033"); $ctx->add("foo"); -ok($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM"); +is($ctx->b64digest, $EBCDIC ? "hvDw8PM" : "ZjAwMDM"); open(F, ">xxtest$$") || die; binmode(F); @@ -62,23 +61,23 @@ $ctx->addfile(*F); close(F); unlink("xxtest$$") || warn; -ok($ctx->digest, "a0301"); +is($ctx->digest, "a0301"); eval { $ctx->add_bits("1010"); }; -ok($@ =~ /^Number of bits must be multiple of 8/); +like($@, '/^Number of bits must be multiple of 8/'); $ctx->add_bits($EBCDIC ? "11100100" : "01010101"); -ok($ctx->digest, "U0001"); +is($ctx->digest, "U0001"); eval { $ctx->add_bits("abc", 12); }; -ok($@ =~ /^Number of bits must be multiple of 8/); +like($@, '/^Number of bits must be multiple of 8/'); $ctx->add_bits("abc", 16); -ok($ctx->digest, "a0002"); +is($ctx->digest, "a0002"); $ctx->add_bits("abc", 32); -ok($ctx->digest, "a0003"); +is($ctx->digest, "a0003"); diff --git a/cpan/Digest/t/digest.t b/cpan/Digest/t/digest.t index c5da8f0..8126027 100644 --- a/cpan/Digest/t/digest.t +++ b/cpan/Digest/t/digest.t @@ -1,36 +1,22 @@ -print "1..3\n"; +#!/usr/bin/env perl -use Digest; - -{ - package Digest::Dummy; - use vars qw($VERSION @ISA); - $VERSION = 1; +use strict; +use Test::More tests => 4; - require Digest::base; - @ISA = qw(Digest::base); +# To find Digest::Dummy +use lib 't/lib'; - sub new { - my $class = shift; - my $d = shift || "ooo"; - bless { d => $d }, $class; - } - sub add {} - sub digest { shift->{d} } -} +use Digest; +$@ = "rt#50663"; my $d; $d = Digest->new("Dummy"); -print "not " unless $d->digest eq "ooo"; -print "ok 1\n"; +is $@, "rt#50663"; +is $d->digest, "ooo"; $d = Digest->Dummy; -print "not " unless $d->digest eq "ooo"; -print "ok 2\n"; +is $d->digest, "ooo"; $Digest::MMAP{"Dummy-24"} = [["NotThere"], "NotThereEither", ["Digest::Dummy", 24]]; $d = Digest->new("Dummy-24"); -print "not " unless $d->digest eq "24"; -print "ok 3\n"; - - +is $d->digest, "24"; diff --git a/cpan/Digest/t/file.t b/cpan/Digest/t/file.t index f431a38..79f32de 100644 --- a/cpan/Digest/t/file.t +++ b/cpan/Digest/t/file.t @@ -1,7 +1,6 @@ #!perl -w -use Test qw(plan ok); -plan tests => 5; +use Test::More tests => 5; { package Digest::Foo; @@ -36,17 +35,17 @@ binmode(F); print F "foo\0\n"; close(F) || die "Can't write '$file': $!"; -ok(digest_file($file, "Foo"), "0005"); +is(digest_file($file, "Foo"), "0005"); if (ord('A') == 193) { # EBCDIC. - ok(digest_file_hex($file, "Foo"), "f0f0f0f5"); - ok(digest_file_base64($file, "Foo"), "8PDw9Q"); + is(digest_file_hex($file, "Foo"), "f0f0f0f5"); + is(digest_file_base64($file, "Foo"), "8PDw9Q"); } else { - ok(digest_file_hex($file, "Foo"), "30303035"); - ok(digest_file_base64($file, "Foo"), "MDAwNQ"); + is(digest_file_hex($file, "Foo"), "30303035"); + is(digest_file_base64($file, "Foo"), "MDAwNQ"); } unlink($file) || warn "Can't unlink '$file': $!"; -ok(eval { digest_file("not-there.txt", "Foo") }, undef); -ok($@); +ok !eval { digest_file("not-there.txt", "Foo") }; +ok $@; diff --git a/cpan/Digest/t/lib/Digest/Dummy.pm b/cpan/Digest/t/lib/Digest/Dummy.pm new file mode 100644 index 0000000..b3db0db --- /dev/null +++ b/cpan/Digest/t/lib/Digest/Dummy.pm @@ -0,0 +1,20 @@ +package Digest::Dummy; + +use strict; +use vars qw($VERSION @ISA); +$VERSION = 1; + +require Digest::base; +@ISA = qw(Digest::base); + +sub new { + my $class = shift; + my $d = shift || "ooo"; + bless { d => $d }, $class; +} + +sub add {} +sub digest { shift->{d} } + +1; + diff --git a/cpan/Digest/t/security.t b/cpan/Digest/t/security.t new file mode 100644 index 0000000..5cba122 --- /dev/null +++ b/cpan/Digest/t/security.t @@ -0,0 +1,14 @@ +#!/usr/bin/env perl + +# Digest->new() had an exploitable eval + +use strict; +use warnings; + +use Test::More tests => 1; + +use Digest; + +$LOL::PWNED = 0; +eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) }; +is $LOL::PWNED, 0; diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 4afdba4..9b50c80 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -104,6 +104,10 @@ L has been upgraded from version 5.0150034 to version 5.0150035. =item * +L has been upgraded from version 1.16 to version 1.17. + +=item * + L has been upgraded from version 6.59 to version 6.61_01. =back -- 2.7.4