From eaf000db48d9eba9437b682e92dfa3d235623613 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Tue, 26 Jun 2018 05:56:36 -0500
Subject: system/perl-digest-sha1: pull in for git-email

---
 system/perl-digest-sha1/APKBUILD                   | 45 ++++++++++++++++++++++
 .../perl-digest-sha1-check-object.patch            | 22 +++++++++++
 2 files changed, 67 insertions(+)
 create mode 100644 system/perl-digest-sha1/APKBUILD
 create mode 100644 system/perl-digest-sha1/perl-digest-sha1-check-object.patch

(limited to 'system/perl-digest-sha1')

diff --git a/system/perl-digest-sha1/APKBUILD b/system/perl-digest-sha1/APKBUILD
new file mode 100644
index 000000000..60205b85b
--- /dev/null
+++ b/system/perl-digest-sha1/APKBUILD
@@ -0,0 +1,45 @@
+# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
+# Maintainer: Adélie Perl Team <adelie-perl@lists.adelielinux.org>
+pkgname=perl-digest-sha1
+_realname=Digest-SHA1
+pkgver=2.13
+pkgrel=11
+pkgdesc="Perl interface to the SHA-1 algorithm"
+url="http://search.cpan.org/dist/Digest-SHA1/"
+arch="all"
+license="GPL-2.0-only OR Artistic-1.0-Perl"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/$_realname-$pkgver.tar.gz
+	perl-digest-sha1-check-object.patch
+	"
+builddir="$srcdir/$_realname-$pkgver"
+
+prepare() {
+	cd "$builddir"
+	default_prepare
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor \
+		OPTIMIZE="$CFLAGS"
+}
+
+build() {
+	cd "$builddir"
+	make
+}
+
+check() {
+	cd "$builddir"
+	make test
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+sha512sums="44d0c57ecc7d2126a0387552e76c9204e45fba174af6ff7abc1c9ae00d549eb7370ee20948caf12fafefedec0098b8231249d14b109c53470ee1d5bf3de3305d  Digest-SHA1-2.13.tar.gz
+73547d04bbd77cb82f0611132c2105574f528f2a07f4de436c41af606ec505a6a4b634f4397f4cee2d9aa94687957515ac8546b264ca8f71cbd4d4f5fdd5ee74  perl-digest-sha1-check-object.patch"
diff --git a/system/perl-digest-sha1/perl-digest-sha1-check-object.patch b/system/perl-digest-sha1/perl-digest-sha1-check-object.patch
new file mode 100644
index 000000000..110ef42d7
--- /dev/null
+++ b/system/perl-digest-sha1/perl-digest-sha1-check-object.patch
@@ -0,0 +1,22 @@
+https://rt.cpan.org/Public/Ticket/Attachment/WithHeaders/712715
+
+The get_sha_info() function in SHA1.xs does not check that its argument
+is an actual object.  This means that segfaults can be generated by
+commands such as:
+
+$ perl -Mblib -e "use Digest::SHA1; print Digest::SHA1->add(q(a))->hexdigest"
+Segmentation fault
+
+diff -Naur Digest-SHA1-2.13/SHA1.xs Digest-SHA1-2.13.patched/SHA1.xs
+--- Digest-SHA1-2.13/SHA1.xs	2010-07-02 23:51:12.000000000 -0700
++++ Digest-SHA1-2.13.patched/SHA1.xs	2014-03-25 12:43:53.233272555 -0700
+@@ -372,7 +372,7 @@
+ 
+ static SHA_INFO* get_sha_info(pTHX_ SV* sv)
+ {
+-    if (sv_derived_from(sv, "Digest::SHA1"))
++    if (sv_isobject(sv) && sv_derived_from(sv, "Digest::SHA1"))
+ 	return INT2PTR(SHA_INFO*, SvIV(SvRV(sv)));
+     croak("Not a reference to a Digest::SHA1 object");
+     return (SHA_INFO*)0; /* some compilers insist on a return value */
+
-- 
cgit v1.2.3-60-g2f50