[arch-commits] Commit in perl/trunk (digest_eval_hole.diff)
Florian Pritz
bluewind at nymeria.archlinux.org
Sun Mar 10 13:01:58 UTC 2013
Date: Sunday, March 10, 2013 @ 14:01:58
Author: bluewind
Revision: 179849
remove more unneeded patches
Deleted:
perl/trunk/digest_eval_hole.diff
-----------------------+
digest_eval_hole.diff | 61 ------------------------------------------------
1 file changed, 61 deletions(-)
Deleted: digest_eval_hole.diff
===================================================================
--- digest_eval_hole.diff 2013-03-10 12:58:30 UTC (rev 179848)
+++ digest_eval_hole.diff 2013-03-10 13:01:58 UTC (rev 179849)
@@ -1,61 +0,0 @@
-From 4b6a7324284e7435a361c58f7ddb32fc0c635bd0 Mon Sep 17 00:00:00 2001
-From: "Michael G. Schwern" <schwern at pobox.com>
-Date: Mon, 3 Oct 2011 19:05:29 +0100
-Subject: Close the eval "require $module" security hole in
- Digest->new($algorithm)
-
-Also the filter was incomplete.
-
-Bug-Debian: http://bugs.debian.org/644108
-
-Patch-Name: fixes/digest_eval_hole.diff
----
- cpan/Digest/Digest.pm | 6 ++++--
- cpan/Digest/t/security.t | 14 ++++++++++++++
- 2 files changed, 18 insertions(+), 2 deletions(-)
- create mode 100644 cpan/Digest/t/security.t
-
-diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
-index 384dfc8..d714434 100644
---- a/cpan/Digest/Digest.pm
-+++ b/cpan/Digest/Digest.pm
-@@ -24,7 +24,7 @@ sub new
- shift; # class ignored
- my $algorithm = shift;
- my $impl = $MMAP{$algorithm} || do {
-- $algorithm =~ s/\W+//;
-+ $algorithm =~ s/\W+//g;
- "Digest::$algorithm";
- };
- $impl = [$impl] unless ref($impl);
-@@ -35,7 +35,9 @@ sub new
- ($class, @args) = @$class if ref($class);
- no strict 'refs';
- unless (exists ${"$class\::"}{"VERSION"}) {
-- eval "require $class";
-+ my $pm_file = $class . ".pm";
-+ $pm_file =~ s{::}{/}g;
-+ eval { require $pm_file };
- if ($@) {
- $err ||= $@;
- next;
-diff --git a/cpan/Digest/t/security.t b/cpan/Digest/t/security.t
-new file mode 100644
-index 0000000..5cba122
---- /dev/null
-+++ b/cpan/Digest/t/security.t
-@@ -0,0 +1,14 @@
-+#!/usr/bin/env perl
-+
-+# Digest->new() had an exploitable eval
-+
-+use strict;
-+use warnings;
-+
-+use Test::More tests => 1;
-+
-+use Digest;
-+
-+$LOL::PWNED = 0;
-+eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
-+is $LOL::PWNED, 0;
More information about the arch-commits
mailing list