netbsd-bugs: pkg/14127: security/p5-Crypt-CBC: code uses old MD5 perl module interface

Subject: pkg/14127: security/p5-Crypt-CBC: code uses old MD5 perl module interface
To: None <gnats-bugs@gnats.netbsd.org>
From: None <sen@eccosys.com>
List: netbsd-bugs
Date: 10/02/2001 03:30:58

>Number:         14127
>Category:       pkg
>Synopsis:       security/p5-Crypt-CBC: code uses old MD5 perl module interface
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 02 03:32:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Sen Nagata
>Release:        1.5.2
>Organization:
>Environment:
>Description:
The current p5-Crypt-CBC uses Crypt::CBC version 1.25, which appears
to use an old MD5 interface (newer interface uses "Digest::MD5").  As
a consequence, the package does not appear to "make" correctly -- note
the warning in the output of "make" below:

===> Validating dependencies for p5-Crypt-CBC-1.25
=> Checksum OK for Crypt-CBC-1.25.tar.gz.
===> Extracting for p5-Crypt-CBC-1.25
===> Required installed package p5-Digest-MD5>=2.12: p5-Digest-MD5-2.16 found
===> Required installed package perl>=5.0: perl-5.6.1nb4 found
===> Patching for p5-Crypt-CBC-1.25
===> Configuring for p5-Crypt-CBC-1.25
Checking if your kit is complete...
Looks good
Warning: prerequisite MD5 failed to load: Can't locate MD5.pm in @INC (@INC contains: /usr/pkg/lib/perl5/5.6.1/i386-netbsd /usr/pkg/lib/perl5/5.6.1 /usr/pkg/lib /perl5/site_perl/5.6.1/i386-netbsd /usr/pkg/lib/perl5/site_perl/5.6.1 /usr/pkg/lib/perl5/site_perl .) at (eval 4) line 3.
Writing Makefile for Crypt::CBC
===> Building for p5-Crypt-CBC-1.25
cp CBC.pm blib/lib/Crypt/CBC.pm
A quick inspection of packages suggested that www/p5-Apache-Session may
also be affected by this problem.  Other packages that were checked
but seemed fine were:

  comms/pilotmgr
  databases/p5-perl-ldap
  security/p5-Crypt-RSA
  textproc/p5-Convert-ASCII-Armour
  textproc/p5-Convert-PEM
  www/p5-libwww
>How-To-Repeat:
cd /usr/pkgsrc/security/p5-Crypt-CBC
make

>Fix:
It seems like the upstream source should be updated to use the newer
interface.  Changes might include:

1) Change Makefile.PL to check for Digest::MD5 instead of MD5
2) Change CBC.pm to "use Digest::MD5;" instead of "use MD5;"
3) Change references to "new MD5" to "Digest::MD5->new" (point made
by Johnny Lam)


>Release-Note:
>Audit-Trail:
>Unformatted: