1 files changed, 0 insertions, 61 deletions

diff --git a/abs/core/perl/digest_eval_hole.diff b/abs/core/perl/digest_eval_hole.diff
deleted file mode 100644
index 4790413..0000000
--- a/abs/core/perl/digest_eval_hole.diff
+++ /dev/null
@@ -1,61 +0,0 @@
-From 4b6a7324284e7435a361c58f7ddb32fc0c635bd0 Mon Sep 17 00:00:00 2001
-From: "Michael G. Schwern" <schwern@pobox.com>
-Date: Mon, 3 Oct 2011 19:05:29 +0100
-Subject: Close the eval "require $module" security hole in
- Digest->new($algorithm)
-
-Also the filter was incomplete.
-
-Bug-Debian: http://bugs.debian.org/644108
-
-Patch-Name: fixes/digest_eval_hole.diff
----
- cpan/Digest/Digest.pm    |    6 ++++--
- cpan/Digest/t/security.t |   14 ++++++++++++++
- 2 files changed, 18 insertions(+), 2 deletions(-)
- create mode 100644 cpan/Digest/t/security.t
-
-diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
-index 384dfc8..d714434 100644
---- a/cpan/Digest/Digest.pm
-+++ b/cpan/Digest/Digest.pm
-@@ -24,7 +24,7 @@ sub new
-     shift;  # class ignored
-     my $algorithm = shift;
-     my $impl = $MMAP{$algorithm} || do {
--	$algorithm =~ s/\W+//;
-+	$algorithm =~ s/\W+//g;
- 	"Digest::$algorithm";
-     };
-     $impl = [$impl] unless ref($impl);
-@@ -35,7 +35,9 @@ sub new
- 	($class, @args) = @$class if ref($class);
- 	no strict 'refs';
- 	unless (exists ${"$class\::"}{"VERSION"}) {
--	    eval "require $class";
-+	    my $pm_file = $class . ".pm";
-+	    $pm_file =~ s{::}{/}g;
-+	    eval { require $pm_file };
- 	    if ($@) {
- 		$err ||= $@;
- 		next;
-diff --git a/cpan/Digest/t/security.t b/cpan/Digest/t/security.t
-new file mode 100644
-index 0000000..5cba122
---- /dev/null
-+++ b/cpan/Digest/t/security.t
-@@ -0,0 +1,14 @@
-+#!/usr/bin/env perl
-+
-+# Digest->new() had an exploitable eval
-+
-+use strict;
-+use warnings;
-+
-+use Test::More tests => 1;
-+
-+use Digest;
-+
-+$LOL::PWNED = 0;
-+eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
-+is $LOL::PWNED, 0;