Bug#698342: unblock: libdigest-sha-perl/5.71-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#698342: unblock: libdigest-sha-perl/5.71-2
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 17 Jan 2013 10:32:11 +0100
Message-id: <20130117093211.14248.20619.reportbug@elende.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 698342@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Release Team

Please unblock package libdigest-sha-perl

libdigest-sha-perl 5.71-2 fixes #698172: "Fix double-free when loading
Digest::SHA object representing the intermediate SHA state from a
file."

Would it be possible to get an unblock? I attached the debdiff against
current version in testing.

unblock libdigest-sha-perl/5.71-2

Regards,
Salvatore

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ98UXAAoJEHidbwV/2GP+OPUP/1HgGCJH0VcLZZHSr8LnXtzz
2y6jew/W+infHLlxlFfMGdN8yHz2dYhFghmToxipLiOayGyYbTd3D12vyUeZOj5U
h19HETMS3wZdg2In+2tebWIcjI/O3CoqzJalIUN39e4gclc6oZyn1qEmQM0620OK
uqKYfCrk6cCTy5nL/xcWyS7CySShAPjWsKZcZ2BKn/TB1ZyD2iLUQKahHONEvvDO
yHTcL6PEvnWkJGzCM3Aunzi6Myy8iZveRKpTbtfo7S7UGkXK/AdCVAgRRhBCV+R0
ImfKD4ZiQzURQFlZ3R07PxO8OpjZEejNHp285GeOsRa4aM57pGpSXG/eY89aSBDJ
61qNDy/BCFrIuTur1jVMGIDbe9GPaEzlsPwhvJKX7g2qWcSrUABEYCqkCMywbW9c
XFBm8+LhQ51hJldS92FYMFe4+iMTSKH09yG1vVGJECFewtUNSdTqG0pbzAdKcb/K
6i6qpGkmEHDE/RYfjjQKaeSV4Kp9XmvsXWajHNN5kh2we+QB8IQEKOiU6oJcn0Vg
LHh8GvpOXtWOx1bLLscrnngvU/Tc/AukMYX+ZGVWlqW0Au6A/TY9PMOGqZIom2/s
13qkPXNK7of9iiQrFu2Y9a57AcFIrGpkNzPvN/rfP0+Uam9FZpHhspW5V/EmFS+U
dDndLe5zQWA21nBrEx4g
=ShhJ
-----END PGP SIGNATURE-----

Base version: libdigest-sha-perl_5.71-1 from testing
Target version: libdigest-sha-perl_5.71-2 from unstable

No hints in place.

 changelog                                               |    8 ++
 patches/698172-fix-double-free-in-load-subroutine.patch |   58 ++++++++++++++++
 patches/series                                          |    1 
 3 files changed, 67 insertions(+)

diff -Nru libdigest-sha-perl-5.71/debian/changelog libdigest-sha-perl-5.71/debian/changelog
--- libdigest-sha-perl-5.71/debian/changelog	2012-02-29 19:57:28.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/changelog	2013-01-16 19:54:39.000000000 +0000
@@ -1,3 +1,11 @@
+libdigest-sha-perl (5.71-2) unstable; urgency=low
+
+  * Add 698172-fix-double-free-in-load-subroutine.patch patch.
+    Fix double-free when loading Digest::SHA object representing the
+    intermediate SHA state from a file. (Closes: #698172)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 16 Jan 2013 20:51:48 +0100
+
 libdigest-sha-perl (5.71-1) unstable; urgency=low
 
   * Imported Upstream version 5.71
diff -Nru libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch
--- libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch	1970-01-01 00:00:00.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch	2013-01-16 19:54:39.000000000 +0000
@@ -0,0 +1,58 @@
+Description: corrected load subroutine (SHA.pm) to prevent double-free
+ Fix double-free when loading Digest::SHA object representing the
+ intermediate SHA state from a file.
+Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
+Bug: https://rt.cpan.org/Ticket/Display.html?id=82655
+Bug-Debian: http://bugs.debian.org/698172
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2013-01-14
+Applied-Upstream: yes, 5.81
+
+--- a/lib/Digest/SHA.pm
++++ b/lib/Digest/SHA.pm
+@@ -50,7 +50,7 @@
+ 			return($class);
+ 		}
+ 		shaclose($$class) if $$class;
+-		$$class = shaopen($alg) || return;
++		return unless $$class = shaopen($alg);
+ 		return($class);
+ 	}
+ 	$alg = 1 unless defined $alg;
+@@ -163,18 +163,21 @@
+ 
+ sub dump {
+ 	my $self = shift;
+-	my $file = shift || "";
++	my $file = shift;
+ 
++	$file = "" unless defined $file;
+ 	shadump($file, $$self) || return;
+ 	return($self);
+ }
+ 
+ sub load {
+ 	my $class = shift;
+-	my $file = shift || "";
++	my $file = shift;
++
++	$file = "" unless defined $file;
+ 	if (ref($class)) {	# instance method
+ 		shaclose($$class) if $$class;
+-		$$class = shaload($file) || return;
++		return unless $$class = shaload($file);
+ 		return($class);
+ 	}
+ 	my $state = shaload($file) || return;
+--- a/src/sha.c
++++ b/src/sha.c
+@@ -272,7 +272,7 @@
+ /* shaopen: creates a new digest object */
+ SHA *shaopen(int alg)
+ {
+-	SHA *s;
++	SHA *s = NULL;
+ 
+ 	if (alg != SHA1 && alg != SHA224 && alg != SHA256 &&
+ 		alg != SHA384    && alg != SHA512 &&
diff -Nru libdigest-sha-perl-5.71/debian/patches/series libdigest-sha-perl-5.71/debian/patches/series
--- libdigest-sha-perl-5.71/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/patches/series	2013-01-16 19:54:39.000000000 +0000
@@ -0,0 +1 @@
+698172-fix-double-free-in-load-subroutine.patch

Reply to:

Follow-Ups:
- Bug#698342: marked as done (unblock: libdigest-sha-perl/5.71-2)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#698341: RM: spatialite-tools/3.0.0~beta20110817-3
Next by Date: Bug#698341: RM: spatialite-tools/3.0.0~beta20110817-3
Previous by thread: Processed: Re: Bug#698341: RM: spatialite-tools/3.0.0~beta20110817-3
Next by thread: Bug#698342: marked as done (unblock: libdigest-sha-perl/5.71-2)
Index(es):
- Date
- Thread