Tue Oct 2 07:58:00 2012 UTC ()
Apply a fix for CVE-2009-0129, taken from Debian's problem report.
Also reported upstream, ref.
https://rt.cpan.org/Public/Bug/Display.html?id=79958
Bump PKGREVISION.
(he)
diff -r1.15 -r1.16 pkgsrc/security/p5-Crypt-OpenSSL-DSA/Makefile
diff -r1.3 -r1.4 pkgsrc/security/p5-Crypt-OpenSSL-DSA/distinfo
diff -r0 -r1.1 pkgsrc/security/p5-Crypt-OpenSSL-DSA/patches/patch-DSA.xs
diff -r0 -r1.1 pkgsrc/security/p5-Crypt-OpenSSL-DSA/patches/patch-lib_Crypt_OpenSSL_DSA.pm
--- pkgsrc/security/p5-Crypt-OpenSSL-DSA/Makefile 2011/08/14 14:42:48 1.15
+++ pkgsrc/security/p5-Crypt-OpenSSL-DSA/Makefile 2012/10/02 07:58:00 1.16
| @@ -1,21 +1,22 @@ | | | @@ -1,21 +1,22 @@ |
1 | # $NetBSD: Makefile,v 1.15 2011/08/14 14:42:48 obache Exp $ | | 1 | # $NetBSD: Makefile,v 1.16 2012/10/02 07:58:00 he Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | DISTNAME= Crypt-OpenSSL-DSA-0.13 | | 4 | DISTNAME= Crypt-OpenSSL-DSA-0.13 |
5 | PKGNAME= p5-${DISTNAME} | | 5 | PKGNAME= p5-${DISTNAME} |
6 | PKGREVISION= 5 | | 6 | PKGREVISION= 6 |
7 | SVR4_PKGNAME= p5ods | | 7 | SVR4_PKGNAME= p5ods |
8 | CATEGORIES= security perl5 | | 8 | CATEGORIES= security perl5 |
9 | MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=Crypt/} | | 9 | MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=Crypt/} |
10 | | | 10 | |
11 | MAINTAINER= heinz@NetBSD.org | | 11 | MAINTAINER= heinz@NetBSD.org |
12 | HOMEPAGE= http://perl-openssl.sourceforge.net/ | | 12 | HOMEPAGE= http://perl-openssl.sourceforge.net/ |
13 | COMMENT= Perl5 wrapper module for the OpenSSL DSA functions | | 13 | COMMENT= Perl5 wrapper module for the OpenSSL DSA functions |
| | | 14 | LICENSE= ${PERL5_LICENSE} |
14 | | | 15 | |
15 | PKG_DESTDIR_SUPPORT= user-destdir | | 16 | PKG_DESTDIR_SUPPORT= user-destdir |
16 | | | 17 | |
17 | PERL5_PACKLIST= auto/Crypt/OpenSSL/DSA/.packlist | | 18 | PERL5_PACKLIST= auto/Crypt/OpenSSL/DSA/.packlist |
18 | | | 19 | |
19 | .include "../../security/openssl/buildlink3.mk" | | 20 | .include "../../security/openssl/buildlink3.mk" |
20 | .include "../../lang/perl5/module.mk" | | 21 | .include "../../lang/perl5/module.mk" |
21 | .include "../../mk/bsd.pkg.mk" | | 22 | .include "../../mk/bsd.pkg.mk" |
--- pkgsrc/security/p5-Crypt-OpenSSL-DSA/distinfo 2006/02/15 22:08:19 1.3
+++ pkgsrc/security/p5-Crypt-OpenSSL-DSA/distinfo 2012/10/02 07:58:00 1.4
| @@ -1,5 +1,7 @@ | | | @@ -1,5 +1,7 @@ |
1 | $NetBSD: distinfo,v 1.3 2006/02/15 22:08:19 heinz Exp $ | | 1 | $NetBSD: distinfo,v 1.4 2012/10/02 07:58:00 he Exp $ |
2 | | | 2 | |
3 | SHA1 (Crypt-OpenSSL-DSA-0.13.tar.gz) = e0e15b244b9a1beb17ede4165f629b6beadb745c | | 3 | SHA1 (Crypt-OpenSSL-DSA-0.13.tar.gz) = e0e15b244b9a1beb17ede4165f629b6beadb745c |
4 | RMD160 (Crypt-OpenSSL-DSA-0.13.tar.gz) = dc5be607395dd747bc213491244d6c3d5c81f796 | | 4 | RMD160 (Crypt-OpenSSL-DSA-0.13.tar.gz) = dc5be607395dd747bc213491244d6c3d5c81f796 |
5 | Size (Crypt-OpenSSL-DSA-0.13.tar.gz) = 6796 bytes | | 5 | Size (Crypt-OpenSSL-DSA-0.13.tar.gz) = 6796 bytes |
| | | 6 | SHA1 (patch-DSA.xs) = bd14859fe2ea82c6d2f7d1eb0e018c19caf0388b |
| | | 7 | SHA1 (patch-lib_Crypt_OpenSSL_DSA.pm) = 2429aced940250d03349ec093b66f14ae26a17f1 |
$NetBSD: patch-DSA.xs,v 1.1 2012/10/02 07:58:00 he Exp $
Croak in do_verify() if the openssl library returns an error,
similar to what is already done in verify().
--- DSA.xs.orig 2005-05-22 20:14:52.000000000 +0000
+++ DSA.xs
@@ -139,6 +139,8 @@ do_verify(dsa, dgst, sig)
CODE:
dgst_pv = SvPV(dgst, dgst_len);
RETVAL = DSA_do_verify(dgst_pv, dgst_len, sig, dsa);
+ if (RETVAL == -1)
+ croak("Error in DSA_do_verify: %s",ERR_error_string(ERR_get_error(), NULL));
OUTPUT:
RETVAL
$NetBSD: patch-lib_Crypt_OpenSSL_DSA.pm,v 1.1 2012/10/02 07:58:00 he Exp $
Document that the verify and do_verify methods will croak on library errors.
--- lib/Crypt/OpenSSL/DSA.pm.orig 2005-10-15 21:38:04.000000000 +0000
+++ lib/Crypt/OpenSSL/DSA.pm
@@ -124,10 +124,14 @@ Verifies that the $sig signature for $me
$dsa is the signer's public key.
+Note: it croaks if the underlying library call returns error (-1).
+
=item $valid = $dsa->do_verify( $message, $sig_obj );
Similar to C<verify>, but uses a L<Crypt::OpenSSL::DSA::Signature> object.
+Note: it croaks if the underlying library call returns error (-1).
+
=item $dsa->write_params( $filename );
Writes the parameters into a PEM file.