r30225 - in /trunk/libcrypt-openssl-dsa-perl/debian: changelog patches/security_croak-in-do_verify-too.patch patches/series

dmn at users.alioth.debian.org dmn at users.alioth.debian.org
Thu Jan 29 10:22:30 UTC 2009


Author: dmn
Date: Thu Jan 29 10:22:24 2009
New Revision: 30225

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=30225
Log:
add security_croak-in-do_verify-too.patch making do_verify() croak on
error the same way varify() already does. Document that verify() and
do_verify() croak on errors.
Closes: #511519. Thanks to Kurt Roeckx

Added:
    trunk/libcrypt-openssl-dsa-perl/debian/patches/security_croak-in-do_verify-too.patch
Modified:
    trunk/libcrypt-openssl-dsa-perl/debian/changelog
    trunk/libcrypt-openssl-dsa-perl/debian/patches/series

Modified: trunk/libcrypt-openssl-dsa-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-openssl-dsa-perl/debian/changelog?rev=30225&op=diff
==============================================================================
--- trunk/libcrypt-openssl-dsa-perl/debian/changelog (original)
+++ trunk/libcrypt-openssl-dsa-perl/debian/changelog Thu Jan 29 10:22:24 2009
@@ -1,9 +1,16 @@
 libcrypt-openssl-dsa-perl (0.13-4) UNRELEASED; urgency=low
 
+  [ gregor herrmann ]
   * Add debian/README.source to document quilt usage, as required by
     Debian Policy since 3.8.0.
   * debian/control: Changed: Switched Vcs-Browser field to ViewSVN
     (source stanza).
+
+  [ Damyan Ivanov ]
+  * add security_croak-in-do_verify-too.patch making do_verify() croak on
+    error the same way varify() already does. Document that verify() and
+    do_verify() croak on errors.
+    Closes: #511519. Thanks to Kurt Roeckx
 
  -- gregor herrmann <gregoa at debian.org>  Wed, 06 Aug 2008 21:33:30 -0300
 

Added: trunk/libcrypt-openssl-dsa-perl/debian/patches/security_croak-in-do_verify-too.patch
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-openssl-dsa-perl/debian/patches/security_croak-in-do_verify-too.patch?rev=30225&op=file
==============================================================================
--- trunk/libcrypt-openssl-dsa-perl/debian/patches/security_croak-in-do_verify-too.patch (added)
+++ trunk/libcrypt-openssl-dsa-perl/debian/patches/security_croak-in-do_verify-too.patch Thu Jan 29 10:22:24 2009
@@ -1,0 +1,34 @@
+# Author: Damyan Ivanov <dmn at debian.org>
+# Description: make do_verify() croak on error in the same way
+#              verify() already does
+#              Document that verify()/do_verify() croak on errors
+# Debian-Bug: http://bugs.debian.org/511519
+# Upstream-Bug: http://sourceforge.net/tracker/index.php?func=detail&aid=2545158&group_id=73194&atid=537053
+--- a/DSA.xs
++++ b/DSA.xs
+@@ -139,6 +139,8 @@ do_verify(dsa, dgst, sig)
+     CODE:
+         dgst_pv = SvPV(dgst, dgst_len);
+         RETVAL = DSA_do_verify(dgst_pv, dgst_len, sig, dsa);
++        if (RETVAL == -1)
++          croak("Error in DSA_do_verify: %s",ERR_error_string(ERR_get_error(), NULL));
+     OUTPUT:
+         RETVAL
+ 
+--- a/lib/Crypt/OpenSSL/DSA.pm
++++ b/lib/Crypt/OpenSSL/DSA.pm
+@@ -124,10 +124,14 @@ Verifies that the $sig signature for $me
+ 
+ $dsa is the signer's public key.
+ 
++Note it croaks if the underlying library call returns error (-1).
++
+ =item $valid = $dsa->do_verify( $message, $sig_obj );
+ 
+ Similar to C<verify>, but uses a L<Crypt::OpenSSL::DSA::Signature> object.
+ 
++Note it croaks if the underlying library call returns error (-1).
++
+ =item $dsa->write_params( $filename );
+ 
+ Writes the parameters into a PEM file.

Modified: trunk/libcrypt-openssl-dsa-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcrypt-openssl-dsa-perl/debian/patches/series?rev=30225&op=diff
==============================================================================
--- trunk/libcrypt-openssl-dsa-perl/debian/patches/series (original)
+++ trunk/libcrypt-openssl-dsa-perl/debian/patches/series Thu Jan 29 10:22:24 2009
@@ -1,1 +1,2 @@
 Makefile.PL-no-ssl-in-LIBS.patch
+security_croak-in-do_verify-too.patch




More information about the Pkg-perl-cvs-commits mailing list