.gitignore

@@ -1 +1 @@
-SOURCES/Digest-1.17.tar.gz
+SOURCES/Digest-1.20.tar.gz

.perl-Digest.metadata

@@ -1 +1 @@
-7f06ec78496a8a865313be75d1905d73ced602e9 SOURCES/Digest-1.17.tar.gz
+d0fa43663d75423dee8d41743398bfb9e88e658c SOURCES/Digest-1.20.tar.gz

SOURCES/Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch

@@ -1,41 +0,0 @@
-From 8cfc4916736280dd76655fdef5b78331bfac414d Mon Sep 17 00:00:00 2001
-From: Tony Cook <tony@develop-help.com>
-Date: Wed, 27 Jul 2016 14:04:59 +1000
-Subject: [PATCH] CVE-2016-1238: prevent loading optional modules from default
- .
-
-Digest attempts to load Digest::SHA, only failing if Digest::SHA2
-is also unavailable.
-
-If a system has Digest installed, but not Digest::SHA, and a user
-attempts to run a program using Digest with SHA-256 from a world
-writable directory such as /tmp and since perl adds "." to the end
-of @INC an attacker can run code as the original user by creating
-/tmp/Digest/SHA.pm.
-
-The change temporarily removes the default "." entry from the end of
-@INC preventing that attack.
----
- Digest.pm | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/Digest.pm b/Digest.pm
-index 2ae6eec..c75649f 100644
---- a/Digest.pm
-+++ b/Digest.pm
-@@ -42,7 +42,11 @@ sub new
-         unless (exists ${"$class\::"}{"VERSION"}) {
-             my $pm_file = $class . ".pm";
-             $pm_file =~ s{::}{/}g;
--            eval { require $pm_file };
-+            eval {
-+                local @INC = @INC;
-+                pop @INC if $INC[-1] eq '.';
-+                require $pm_file;
-+            };
-             if ($@) {
-                 $err ||= $@;
-                 next;
--- 
-2.1.4
-

SPECS/perl-Digest.spec

@@ -1,24 +1,25 @@
 Name:           perl-Digest
-Version:        1.17
-Release:        396%{?dist}
+Version:        1.20
+Release:        1%{?dist}
 Summary:        Modules that calculate message digests
 License:        GPL+ or Artistic
-Group:          Development/Libraries
-URL:            http://search.cpan.org/dist/Digest/
-Source0:        http://www.cpan.org/authors/id/G/GA/GAAS/Digest-%{version}.tar.gz
-# Avoid loading optional modules from default . (CVE-2016-1238)
-Patch0:         Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
+URL:            https://metacpan.org/release/Digest
+Source0:        https://cpan.metacpan.org/authors/id/T/TO/TODDR/Digest-%{version}.tar.gz
 BuildArch:      noarch
 BuildRequires:  coreutils
-BuildRequires:  findutils
 BuildRequires:  make
-BuildRequires:  perl-interpreter
 BuildRequires:  perl-generators
+BuildRequires:  perl-interpreter
+BuildRequires:  perl(:VERSION) >= 5.6
+BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
+BuildRequires:  perl(strict)
+BuildRequires:  perl(warnings)
+# Run-time:
 BuildRequires:  perl(Carp)
 BuildRequires:  perl(Exporter)
-BuildRequires:  perl(ExtUtils::MakeMaker)
 BuildRequires:  perl(MIME::Base64)
 # Tests only:
+BuildRequires:  perl(File::Temp)
 BuildRequires:  perl(lib)
 BuildRequires:  perl(Test::More) >= 0.47
 Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@@ -26,24 +27,20 @@ Requires:       perl(MIME::Base64)
 
 %description
 The Digest:: modules calculate digests, also called "fingerprints" or
-"hashes", of some data, called a message. The digest is (usually)
-some small/fixed size string. The actual size of the digest depend of
-the algorithm used. The message is simply a sequence of arbitrary
-bytes or bits.
+"hashes", of some data, called a message. The digest is (usually) some
+small/fixed size string. The actual size of the digest depends of the
+algorithm used. The message is simply a sequence of arbitrary bytes or bits.
 
 %prep
 %setup -q -n Digest-%{version}
-%patch0 -p1
 chmod -x digest-bench
 
 %build
-%{__perl} Makefile.PL INSTALLDIRS=vendor
-make %{?_smp_mflags}
+perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
+%{make_build}
 
 %install
-make pure_install PERL_INSTALL_ROOT=$RPM_BUILD_ROOT
-find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \;
-find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null \;
+%{make_install}
 %{_fixperms} $RPM_BUILD_ROOT/*
 
 %check
@@ -55,8 +52,35 @@ make test
 %{_mandir}/man3/*
 
 %changelog
-* Fri Mar 29 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-396
-- Rebuild with enable hardening (bug #1636329)
+* Thu Sep 02 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1.20-1
+- 1.20 bump
+
+* Wed Oct 14 2020 Petr Pisar <ppisar@redhat.com> - 1.19-1
+- 1.19 bump
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-457
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-456
+- Increase release to favour standalone package
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-440
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-439
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-438
+- Increase release to favour standalone package
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-418
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-417
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.17-416
+- Increase release to favour standalone package
 
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.17-395
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild