Bug#998247: bullseye-pu: package libencode-perl/3.08-1+deb11u2
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-perl@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I've uploaded libencode-perl/3.08-1+deb11u2 to bullseye.
It fixes a memory leak with a patch backported from newer upstream
releases which is already in unstable.
Bug: https://rt.cpan.org/Ticket/Display.html?id=139622
Bug-Debian: #995804
Complete debdiff attached.
Cheers,
gregor
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmGABmVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgbVRQ/+IG3HcRjqmmdwdLJEEuLrtYGTjWTFnEt9Dv4OuMUgJYBNqk0UPxTzvacE
V77Gqt/0A8hadc/LZ8i9roj07swpViKrcmn4OIhQ00KrKMykdvSku7gn9UfkeC/4
GNwozyaS+frn1jQh92zdNyiyyEFbc+MIVBCJBs09nD7DJDdOsXJD6aAkSvAK+MYs
sVnvUA8Z/eZwdTdVbqnGTAJFR0645KLmuJ43eb38kR+izp5M++K1GyGSJBzlI7ZE
PowBCZ/nUbwhOMZ8gq0KDq7TwnIH77sDgGieUCTdEj/A6BPSR5zfBGC93DGWhPgJ
fZsyRa4R0HcTYcZig9xfQTrY6gAG+7RiVpAi3JxW6Jub7Egia/KNsPketkUNk3CU
g3pep3jVxS8YgD0XepeTbg5+o1zSMpzv7KY1L1in3T/AzER9fk6TF8uuKvQQlRF4
kr8OUbLUE3H4CZB6c48n1gLIT2JQslgGRof/RE/6WSlsDbCREppym08/P1FnngYC
Hqebq/D3aw8JPfaaipUgT1bpB3LM/rTNUuJBGZMepQp2LVpB9lq8PFCQAiaiY17c
kH739P6Wyc6a/DGzm+2h34+3I0SHczORnXf3OjV3zoTovwkKcbhZi68l9zGm4SuZ
4e5/hVKjFxGWWGrOBopSeZ0A8sIl9aOKAYs1Jhsoeo4dQGM3vM8=
=2XB1
-----END PGP SIGNATURE-----
diff -Nru libencode-perl-3.08/debian/changelog libencode-perl-3.08/debian/changelog
--- libencode-perl-3.08/debian/changelog 2021-08-06 20:49:32.000000000 +0200
+++ libencode-perl-3.08/debian/changelog 2021-11-01 16:15:54.000000000 +0100
@@ -1,3 +1,13 @@
+libencode-perl (3.08-1+deb11u2) bullseye; urgency=medium
+
+ * Fix memory leak.
+ Add patch rt_139622_memory-leak.patch, taken from upstream releases 3.13,
+ 3.14, 3.15 to fix a memory leak in Encode.xs.
+ Cf. https://rt.cpan.org/Ticket/Display.html?id=139622
+ (Closes: #995804)
+
+ -- gregor herrmann <gregoa@debian.org> Mon, 01 Nov 2021 16:15:54 +0100
+
libencode-perl (3.08-1+deb11u1) bullseye-security; urgency=high
* [SECURITY] CVE-2021-36770: Encode loading code from working directory
diff -Nru libencode-perl-3.08/debian/patches/rt_139622_memory-leak.patch libencode-perl-3.08/debian/patches/rt_139622_memory-leak.patch
--- libencode-perl-3.08/debian/patches/rt_139622_memory-leak.patch 1970-01-01 01:00:00.000000000 +0100
+++ libencode-perl-3.08/debian/patches/rt_139622_memory-leak.patch 2021-11-01 16:15:54.000000000 +0100
@@ -0,0 +1,82 @@
+Description: Fix memory leak
+Origin: upstream releases 3.13, 3.14, 3.15
+Bug-Debian: https://bugs.debian.org/995804
+Bug: https://rt.cpan.org/Ticket/Display.html?id=139622
+Reviewed-by: gregor herrmann <gregoa@debian.org>
+Last-Update: 2021-11-01
+
+--- a/Encode.xs
++++ b/Encode.xs
+@@ -154,7 +154,7 @@ encode_method(pTHX_ const encode_t * enc
+ STRLEN sdone = 0;
+ /* We allocate slen+1.
+ PerlIO dumps core if this value is smaller than this. */
+- SV *dst = newSV(slen+1);
++ SV *dst = sv_2mortal(newSV(slen+1));
+ U8 *d = (U8 *)SvPVX(dst);
+ STRLEN dlen = SvLEN(dst)-1;
+ int code = 0;
+@@ -810,13 +810,12 @@ CODE:
+ tmp = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
+ &offset, term, &code, fallback_cb);
+ sv_catsv(dst, tmp);
+- SvREFCNT_dec(tmp);
+ SvIV_set(off, (IV)offset);
+ RETVAL = (code == ENCODE_FOUND_TERM);
+ OUTPUT:
+ RETVAL
+
+-SV *
++void
+ Method_decode(obj,src,check_sv = &PL_sv_no)
+ SV * obj
+ SV * src
+@@ -828,6 +827,7 @@ PREINIT:
+ encode_t *enc;
+ U8 *s;
+ STRLEN slen;
++ SV *ret;
+ INIT:
+ SvGETMAGIC(src);
+ SvGETMAGIC(check_sv);
+@@ -841,13 +841,13 @@ CODE:
+ s = modify ? (U8 *)SvPV_force_nomg(src, slen) : (U8 *)SvPV_nomg(src, slen);
+ if (SvUTF8(src))
+ utf8_safe_downgrade(aTHX_ &src, &s, &slen, modify);
+- RETVAL = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
++ ret = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
+ NULL, Nullsv, NULL, fallback_cb);
+- SvUTF8_on(RETVAL);
+-OUTPUT:
+- RETVAL
++ SvUTF8_on(ret);
++ ST(0) = ret;
++ XSRETURN(1);
+
+-SV *
++void
+ Method_encode(obj,src,check_sv = &PL_sv_no)
+ SV * obj
+ SV * src
+@@ -859,6 +859,7 @@ PREINIT:
+ encode_t *enc;
+ U8 *s;
+ STRLEN slen;
++ SV *ret;
+ INIT:
+ SvGETMAGIC(src);
+ SvGETMAGIC(check_sv);
+@@ -872,10 +873,10 @@ CODE:
+ s = modify ? (U8 *)SvPV_force_nomg(src, slen) : (U8 *)SvPV_nomg(src, slen);
+ if (!SvUTF8(src))
+ utf8_safe_upgrade(aTHX_ &src, &s, &slen, modify);
+- RETVAL = encode_method(aTHX_ enc, enc->f_utf8, src, s, slen, check,
++ ret = encode_method(aTHX_ enc, enc->f_utf8, src, s, slen, check,
+ NULL, Nullsv, NULL, fallback_cb);
+-OUTPUT:
+- RETVAL
++ ST(0) = ret;
++ XSRETURN(1);
+
+ bool
+ Method_needs_lines(obj)
diff -Nru libencode-perl-3.08/debian/patches/series libencode-perl-3.08/debian/patches/series
--- libencode-perl-3.08/debian/patches/series 2021-08-06 20:49:32.000000000 +0200
+++ libencode-perl-3.08/debian/patches/series 2021-11-01 16:15:54.000000000 +0100
@@ -1 +1,2 @@
0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch
+rt_139622_memory-leak.patch
Reply to: