Bug#698342: unblock: libdigest-sha-perl/5.71-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Release Team
Please unblock package libdigest-sha-perl
libdigest-sha-perl 5.71-2 fixes #698172: "Fix double-free when loading
Digest::SHA object representing the intermediate SHA state from a
file."
Would it be possible to get an unblock? I attached the debdiff against
current version in testing.
unblock libdigest-sha-perl/5.71-2
Regards,
Salvatore
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ98UXAAoJEHidbwV/2GP+OPUP/1HgGCJH0VcLZZHSr8LnXtzz
2y6jew/W+infHLlxlFfMGdN8yHz2dYhFghmToxipLiOayGyYbTd3D12vyUeZOj5U
h19HETMS3wZdg2In+2tebWIcjI/O3CoqzJalIUN39e4gclc6oZyn1qEmQM0620OK
uqKYfCrk6cCTy5nL/xcWyS7CySShAPjWsKZcZ2BKn/TB1ZyD2iLUQKahHONEvvDO
yHTcL6PEvnWkJGzCM3Aunzi6Myy8iZveRKpTbtfo7S7UGkXK/AdCVAgRRhBCV+R0
ImfKD4ZiQzURQFlZ3R07PxO8OpjZEejNHp285GeOsRa4aM57pGpSXG/eY89aSBDJ
61qNDy/BCFrIuTur1jVMGIDbe9GPaEzlsPwhvJKX7g2qWcSrUABEYCqkCMywbW9c
XFBm8+LhQ51hJldS92FYMFe4+iMTSKH09yG1vVGJECFewtUNSdTqG0pbzAdKcb/K
6i6qpGkmEHDE/RYfjjQKaeSV4Kp9XmvsXWajHNN5kh2we+QB8IQEKOiU6oJcn0Vg
LHh8GvpOXtWOx1bLLscrnngvU/Tc/AukMYX+ZGVWlqW0Au6A/TY9PMOGqZIom2/s
13qkPXNK7of9iiQrFu2Y9a57AcFIrGpkNzPvN/rfP0+Uam9FZpHhspW5V/EmFS+U
dDndLe5zQWA21nBrEx4g
=ShhJ
-----END PGP SIGNATURE-----
Base version: libdigest-sha-perl_5.71-1 from testing
Target version: libdigest-sha-perl_5.71-2 from unstable
No hints in place.
changelog | 8 ++
patches/698172-fix-double-free-in-load-subroutine.patch | 58 ++++++++++++++++
patches/series | 1
3 files changed, 67 insertions(+)
diff -Nru libdigest-sha-perl-5.71/debian/changelog libdigest-sha-perl-5.71/debian/changelog
--- libdigest-sha-perl-5.71/debian/changelog 2012-02-29 19:57:28.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/changelog 2013-01-16 19:54:39.000000000 +0000
@@ -1,3 +1,11 @@
+libdigest-sha-perl (5.71-2) unstable; urgency=low
+
+ * Add 698172-fix-double-free-in-load-subroutine.patch patch.
+ Fix double-free when loading Digest::SHA object representing the
+ intermediate SHA state from a file. (Closes: #698172)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Wed, 16 Jan 2013 20:51:48 +0100
+
libdigest-sha-perl (5.71-1) unstable; urgency=low
* Imported Upstream version 5.71
diff -Nru libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch
--- libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch 1970-01-01 00:00:00.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch 2013-01-16 19:54:39.000000000 +0000
@@ -0,0 +1,58 @@
+Description: corrected load subroutine (SHA.pm) to prevent double-free
+ Fix double-free when loading Digest::SHA object representing the
+ intermediate SHA state from a file.
+Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
+Bug: https://rt.cpan.org/Ticket/Display.html?id=82655
+Bug-Debian: http://bugs.debian.org/698172
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2013-01-14
+Applied-Upstream: yes, 5.81
+
+--- a/lib/Digest/SHA.pm
++++ b/lib/Digest/SHA.pm
+@@ -50,7 +50,7 @@
+ return($class);
+ }
+ shaclose($$class) if $$class;
+- $$class = shaopen($alg) || return;
++ return unless $$class = shaopen($alg);
+ return($class);
+ }
+ $alg = 1 unless defined $alg;
+@@ -163,18 +163,21 @@
+
+ sub dump {
+ my $self = shift;
+- my $file = shift || "";
++ my $file = shift;
+
++ $file = "" unless defined $file;
+ shadump($file, $$self) || return;
+ return($self);
+ }
+
+ sub load {
+ my $class = shift;
+- my $file = shift || "";
++ my $file = shift;
++
++ $file = "" unless defined $file;
+ if (ref($class)) { # instance method
+ shaclose($$class) if $$class;
+- $$class = shaload($file) || return;
++ return unless $$class = shaload($file);
+ return($class);
+ }
+ my $state = shaload($file) || return;
+--- a/src/sha.c
++++ b/src/sha.c
+@@ -272,7 +272,7 @@
+ /* shaopen: creates a new digest object */
+ SHA *shaopen(int alg)
+ {
+- SHA *s;
++ SHA *s = NULL;
+
+ if (alg != SHA1 && alg != SHA224 && alg != SHA256 &&
+ alg != SHA384 && alg != SHA512 &&
diff -Nru libdigest-sha-perl-5.71/debian/patches/series libdigest-sha-perl-5.71/debian/patches/series
--- libdigest-sha-perl-5.71/debian/patches/series 1970-01-01 00:00:00.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/patches/series 2013-01-16 19:54:39.000000000 +0000
@@ -0,0 +1 @@
+698172-fix-double-free-in-load-subroutine.patch
Reply to: