Tue Oct 2 07:58:00 2012 UTC ()
Apply a fix for CVE-2009-0129, taken from Debian's problem report.
Also reported upstream, ref.
  https://rt.cpan.org/Public/Bug/Display.html?id=79958
Bump PKGREVISION.


(he)
diff -r1.15 -r1.16 pkgsrc/security/p5-Crypt-OpenSSL-DSA/Makefile
diff -r1.3 -r1.4 pkgsrc/security/p5-Crypt-OpenSSL-DSA/distinfo
diff -r0 -r1.1 pkgsrc/security/p5-Crypt-OpenSSL-DSA/patches/patch-DSA.xs
diff -r0 -r1.1 pkgsrc/security/p5-Crypt-OpenSSL-DSA/patches/patch-lib_Crypt_OpenSSL_DSA.pm
cvs diff -r1.15 -r1.16 pkgsrc/security/p5-Crypt-OpenSSL-DSA/Makefile (expand / switch to unified diff)

--- pkgsrc/security/p5-Crypt-OpenSSL-DSA/Makefile 2011/08/14 14:42:48 1.15
+++ pkgsrc/security/p5-Crypt-OpenSSL-DSA/Makefile 2012/10/02 07:58:00 1.16
@@ -1,21 +1,22 @@ @@ -1,21 +1,22 @@
1# $NetBSD: Makefile,v 1.15 2011/08/14 14:42:48 obache Exp $ 1# $NetBSD: Makefile,v 1.16 2012/10/02 07:58:00 he Exp $
2# 2#
3 3
4DISTNAME= Crypt-OpenSSL-DSA-0.13 4DISTNAME= Crypt-OpenSSL-DSA-0.13
5PKGNAME= p5-${DISTNAME} 5PKGNAME= p5-${DISTNAME}
6PKGREVISION= 5 6PKGREVISION= 6
7SVR4_PKGNAME= p5ods 7SVR4_PKGNAME= p5ods
8CATEGORIES= security perl5 8CATEGORIES= security perl5
9MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=Crypt/} 9MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=Crypt/}
10 10
11MAINTAINER= heinz@NetBSD.org 11MAINTAINER= heinz@NetBSD.org
12HOMEPAGE= http://perl-openssl.sourceforge.net/ 12HOMEPAGE= http://perl-openssl.sourceforge.net/
13COMMENT= Perl5 wrapper module for the OpenSSL DSA functions 13COMMENT= Perl5 wrapper module for the OpenSSL DSA functions
 14LICENSE= ${PERL5_LICENSE}
14 15
15PKG_DESTDIR_SUPPORT= user-destdir 16PKG_DESTDIR_SUPPORT= user-destdir
16 17
17PERL5_PACKLIST= auto/Crypt/OpenSSL/DSA/.packlist 18PERL5_PACKLIST= auto/Crypt/OpenSSL/DSA/.packlist
18 19
19.include "../../security/openssl/buildlink3.mk" 20.include "../../security/openssl/buildlink3.mk"
20.include "../../lang/perl5/module.mk" 21.include "../../lang/perl5/module.mk"
21.include "../../mk/bsd.pkg.mk" 22.include "../../mk/bsd.pkg.mk"
cvs diff -r1.3 -r1.4 pkgsrc/security/p5-Crypt-OpenSSL-DSA/distinfo (expand / switch to unified diff)

--- pkgsrc/security/p5-Crypt-OpenSSL-DSA/distinfo 2006/02/15 22:08:19 1.3
+++ pkgsrc/security/p5-Crypt-OpenSSL-DSA/distinfo 2012/10/02 07:58:00 1.4
@@ -1,5 +1,7 @@ @@ -1,5 +1,7 @@
1$NetBSD: distinfo,v 1.3 2006/02/15 22:08:19 heinz Exp $ 1$NetBSD: distinfo,v 1.4 2012/10/02 07:58:00 he Exp $
2 2
3SHA1 (Crypt-OpenSSL-DSA-0.13.tar.gz) = e0e15b244b9a1beb17ede4165f629b6beadb745c 3SHA1 (Crypt-OpenSSL-DSA-0.13.tar.gz) = e0e15b244b9a1beb17ede4165f629b6beadb745c
4RMD160 (Crypt-OpenSSL-DSA-0.13.tar.gz) = dc5be607395dd747bc213491244d6c3d5c81f796 4RMD160 (Crypt-OpenSSL-DSA-0.13.tar.gz) = dc5be607395dd747bc213491244d6c3d5c81f796
5Size (Crypt-OpenSSL-DSA-0.13.tar.gz) = 6796 bytes 5Size (Crypt-OpenSSL-DSA-0.13.tar.gz) = 6796 bytes
 6SHA1 (patch-DSA.xs) = bd14859fe2ea82c6d2f7d1eb0e018c19caf0388b
 7SHA1 (patch-lib_Crypt_OpenSSL_DSA.pm) = 2429aced940250d03349ec093b66f14ae26a17f1
File Added: pkgsrc/security/p5-Crypt-OpenSSL-DSA/patches/Attic/patch-DSA.xs
$NetBSD: patch-DSA.xs,v 1.1 2012/10/02 07:58:00 he Exp $

Croak in do_verify() if the openssl library returns an error,
similar to what is already done in verify().

--- DSA.xs.orig	2005-05-22 20:14:52.000000000 +0000
+++ DSA.xs
@@ -139,6 +139,8 @@ do_verify(dsa, dgst, sig)
     CODE:
         dgst_pv = SvPV(dgst, dgst_len);
         RETVAL = DSA_do_verify(dgst_pv, dgst_len, sig, dsa);
+	if (RETVAL == -1)
+	  croak("Error in DSA_do_verify: %s",ERR_error_string(ERR_get_error(), NULL));
     OUTPUT:
         RETVAL
File Added: pkgsrc/security/p5-Crypt-OpenSSL-DSA/patches/Attic/patch-lib_Crypt_OpenSSL_DSA.pm
$NetBSD: patch-lib_Crypt_OpenSSL_DSA.pm,v 1.1 2012/10/02 07:58:00 he Exp $

Document that the verify and do_verify methods will croak on library errors.

--- lib/Crypt/OpenSSL/DSA.pm.orig	2005-10-15 21:38:04.000000000 +0000
+++ lib/Crypt/OpenSSL/DSA.pm
@@ -124,10 +124,14 @@ Verifies that the $sig signature for $me
 
 $dsa is the signer's public key.
 
+Note: it croaks if the underlying library call returns error (-1).
+
 =item $valid = $dsa->do_verify( $message, $sig_obj );
 
 Similar to C<verify>, but uses a L<Crypt::OpenSSL::DSA::Signature> object.
 
+Note: it croaks if the underlying library call returns error (-1).
+
 =item $dsa->write_params( $filename );
 
 Writes the parameters into a PEM file.