Bug#699276: unblock: perl/5.14.2-17

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#699276: unblock: perl/5.14.2-17
From: Niko Tyni <ntyni@debian.org>
Date: Tue, 29 Jan 2013 19:27:03 +0200
Message-id: <20130129172703.4437.53043.reportbug@madeleine.local.invalid>
Reply-to: Niko Tyni <ntyni@debian.org>, 699276@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package perl. 

Changes: 
 perl (5.14.2-17) unstable; urgency=low
 .
   * Fix a double-free bug in Digest::SHA. (Closes: #698174)
     + update the Breaks: entry accordingly.
   * Avoid wraparound when casting unsigned size_t to signed ssize_t.
     (Closes: #698320)

The first bugfix was already unblocked for the separate libdigest-sha-perl
package, so it makes sense to get it fixed in perl too. The other fix
was pre-approved by Adam.

Please note that the debian/t/ change is in a maintainer test that is
not run during the build.

 debian/changelog                                         |    9 +
 debian/control                                           |    2 
 debian/patches/fixes/64bitint-signedness-wraparound.diff |   56 ++++++++++++
 debian/patches/fixes/digest-sha-doublefree.diff          |   69 +++++++++++++++
 debian/patches/series                                    |    2 
 debian/t/control.t                                       |    3 
 6 files changed, 140 insertions(+), 1 deletion(-)

unblock perl/5.14.2-17

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog
--- perl-5.14.2/debian/changelog	2012-12-10 14:49:33.000000000 +0200
+++ perl-5.14.2/debian/changelog	2013-01-26 19:30:14.000000000 +0200
@@ -1,3 +1,12 @@
+perl (5.14.2-17) unstable; urgency=low
+
+  * Fix a double-free bug in Digest::SHA. (Closes: #698174)
+    + update the Breaks: entry accordingly.
+  * Avoid wraparound when casting unsigned size_t to signed ssize_t.
+    (Closes: #698320)
+
+ -- Niko Tyni <ntyni@debian.org>  Fri, 25 Jan 2013 15:22:58 +0200
+
 perl (5.14.2-16) unstable; urgency=medium
 
   * [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
diff -Nru perl-5.14.2/debian/control perl-5.14.2/debian/control
--- perl-5.14.2/debian/control	2012-12-10 14:49:33.000000000 +0200
+++ perl-5.14.2/debian/control	2013-01-25 15:18:21.000000000 +0200
@@ -282,7 +282,7 @@
  libmime-base64-perl (<< 3.13),
  libtime-hires-perl (<< 1.9721.01),
  libstorable-perl (<< 2.27),
- libdigest-sha-perl (<< 5.61),
+ libdigest-sha-perl (<< 5.71-2),
  libsys-syslog-perl (<< 0.27),
  libcompress-zlib-perl (<< 2.033),
  libcompress-raw-zlib-perl (<< 2.033),
diff -Nru perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff
--- perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff	2013-01-25 15:18:22.000000000 +0200
@@ -0,0 +1,56 @@
+From e36d65ba661bd0f9c9ae741c8f18d2e08682e97a Mon Sep 17 00:00:00 2001
+From: Andy Dougherty <doughera@lafayette.edu>
+Date: Wed, 16 Jan 2013 12:30:43 -0500
+Subject: Avoid wraparound when casting unsigned size_t to signed ssize_t.
+
+Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
+system.  In that instance a value of count >= 2**31 would turn negative
+when cast to (ssize_t).
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/94e529cc4d56863d7272c254a29eda2b002a4335
+Bug-Debian: http://bugs.debian.org/698320
+Patch-Name: fixes/64bitint-signedness-wraparound.diff
+---
+ perlio.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/perlio.c b/perlio.c
+index e42a78f..6c40e34 100644
+--- a/perlio.c
++++ b/perlio.c
+@@ -2192,7 +2192,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ 	    SSize_t avail = PerlIO_get_cnt(f);
+ 	    SSize_t take = 0;
+ 	    if (avail > 0)
+-		take = ((SSize_t)count < avail) ? (SSize_t)count : avail;
++		take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail;
+ 	    if (take > 0) {
+ 		STDCHAR *ptr = PerlIO_get_ptr(f);
+ 		Copy(ptr, buf, take, STDCHAR);
+@@ -4125,7 +4125,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+ 	     */
+ 	    b->posn -= b->bufsiz;
+ 	}
+-	if (avail > (SSize_t) count) {
++	if ((SSize_t) count >= 0 && avail > (SSize_t) count) {
+ 	    /*
+ 	     * If we have space for more than count, just move count
+ 	     */
+@@ -4175,7 +4175,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+     }
+     while (count > 0) {
+ 	SSize_t avail = b->bufsiz - (b->ptr - b->buf);
+-	if ((SSize_t) count < avail)
++	if ((SSize_t) count >= 0 && (SSize_t) count < avail)
+ 	    avail = count;
+ 	if (flushptr > buf && flushptr <= buf + avail)
+ 	    avail = flushptr - buf;
+@@ -4450,7 +4450,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ {
+     SSize_t avail = PerlIO_get_cnt(f);
+     SSize_t got = 0;
+-    if ((SSize_t)count < avail)
++    if ((SSize_t) count >= 0 && (SSize_t)count < avail)
+ 	avail = count;
+     if (avail > 0)
+ 	got = PerlIOBuf_read(aTHX_ f, vbuf, avail);
diff -Nru perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff
--- perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff	2013-01-25 15:18:21.000000000 +0200
@@ -0,0 +1,69 @@
+From d2d9e1560afaeb402dda69eba1d6e808d80c0c96 Mon Sep 17 00:00:00 2001
+From: Niko Tyni <ntyni@debian.org>
+Date: Fri, 25 Jan 2013 15:00:00 +0200
+Subject: Fix a double-free bug in Digest::SHA
+
+Fix double-free when loading Digest::SHA object representing the
+intermediate SHA state from a file.
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/a8c6ff7b8e8c6037333c21f9b3f6b38b9278df4f
+Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
+Bug-Debian: http://bugs.debian.org/698172
+Bug: https://rt.cpan.org/Ticket/Display.html?id=82655
+Patch-Name: fixes/digest-sha-doublefree.diff
+---
+ cpan/Digest-SHA/lib/Digest/SHA.pm |   11 +++++++----
+ cpan/Digest-SHA/src/sha.c         |    2 +-
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/cpan/Digest-SHA/lib/Digest/SHA.pm b/cpan/Digest-SHA/lib/Digest/SHA.pm
+index f809ce3..8cea302 100644
+--- a/cpan/Digest-SHA/lib/Digest/SHA.pm
++++ b/cpan/Digest-SHA/lib/Digest/SHA.pm
+@@ -53,7 +53,7 @@ sub new {
+ 			return($class);
+ 		}
+ 		shaclose($$class) if $$class;
+-		$$class = shaopen($alg) || return;
++		return unless $$class = shaopen($alg);
+ 		return($class);
+ 	}
+ 	$alg = 1 unless defined $alg;
+@@ -153,18 +153,21 @@ sub Addfile {
+ 
+ sub dump {
+ 	my $self = shift;
+-	my $file = shift || "";
++	my $file = shift;
+ 
++	$file = "" unless defined $file;
+ 	shadump($file, $$self) || return;
+ 	return($self);
+ }
+ 
+ sub load {
+ 	my $class = shift;
+-	my $file = shift || "";
++	my $file = shift;
++
++	$file = "" unless defined $file;
+ 	if (ref($class)) {	# instance method
+ 		shaclose($$class) if $$class;
+-		$$class = shaload($file) || return;
++		return unless $$class = shaload($file);
+ 		return($class);
+ 	}
+ 	my $state = shaload($file) || return;
+diff --git a/cpan/Digest-SHA/src/sha.c b/cpan/Digest-SHA/src/sha.c
+index 20f2d71..f512437 100644
+--- a/cpan/Digest-SHA/src/sha.c
++++ b/cpan/Digest-SHA/src/sha.c
+@@ -272,7 +272,7 @@ void sharewind(SHA *s)
+ /* shaopen: creates a new digest object */
+ SHA *shaopen(int alg)
+ {
+-	SHA *s;
++	SHA *s = NULL;
+ 
+ 	if (alg != SHA1 && alg != SHA224 && alg != SHA256 &&
+ 		alg != SHA384    && alg != SHA512 &&
diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series
--- perl-5.14.2/debian/patches/series	2012-12-10 14:49:34.000000000 +0200
+++ perl-5.14.2/debian/patches/series	2013-01-25 15:18:22.000000000 +0200
@@ -73,3 +73,5 @@
 fixes/cgi-cr-escaping.diff
 fixes/maketext-code-execution.diff
 fixes/storable-security-warning.diff
+fixes/digest-sha-doublefree.diff
+fixes/64bitint-signedness-wraparound.diff
diff -Nru perl-5.14.2/debian/t/control.t perl-5.14.2/debian/t/control.t
--- perl-5.14.2/debian/t/control.t	2012-12-10 14:49:34.000000000 +0200
+++ perl-5.14.2/debian/t/control.t	2013-01-25 15:18:21.000000000 +0200
@@ -46,6 +46,9 @@
 	"libautodie-perl" => {
 		"2.1001" => "2.10.01",
 	},
+	"libdigest-sha-perl" => {
+		"5.61"  =>  "5.71",
+	},
 );
 
 # list special cases where a Breaks entry doesn't need to imply

Reply to:

Follow-Ups:
- Bug#699276: marked as done (unblock: perl/5.14.2-17)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Bug#691600: libghc-warp-dev: does not parse request headers correctly
Next by Date: Re: Update on state of Mono for Wheezy
Previous by thread: Bug#699271: marked as done (unblock: libpdfbox-java/1:1.7.0+dfsg-4)
Next by thread: Bug#699276: marked as done (unblock: perl/5.14.2-17)
Index(es):
- Date
- Thread