Bug#699276: unblock: perl/5.14.2-17
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package perl.
Changes:
perl (5.14.2-17) unstable; urgency=low
.
* Fix a double-free bug in Digest::SHA. (Closes: #698174)
+ update the Breaks: entry accordingly.
* Avoid wraparound when casting unsigned size_t to signed ssize_t.
(Closes: #698320)
The first bugfix was already unblocked for the separate libdigest-sha-perl
package, so it makes sense to get it fixed in perl too. The other fix
was pre-approved by Adam.
Please note that the debian/t/ change is in a maintainer test that is
not run during the build.
debian/changelog | 9 +
debian/control | 2
debian/patches/fixes/64bitint-signedness-wraparound.diff | 56 ++++++++++++
debian/patches/fixes/digest-sha-doublefree.diff | 69 +++++++++++++++
debian/patches/series | 2
debian/t/control.t | 3
6 files changed, 140 insertions(+), 1 deletion(-)
unblock perl/5.14.2-17
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog
--- perl-5.14.2/debian/changelog 2012-12-10 14:49:33.000000000 +0200
+++ perl-5.14.2/debian/changelog 2013-01-26 19:30:14.000000000 +0200
@@ -1,3 +1,12 @@
+perl (5.14.2-17) unstable; urgency=low
+
+ * Fix a double-free bug in Digest::SHA. (Closes: #698174)
+ + update the Breaks: entry accordingly.
+ * Avoid wraparound when casting unsigned size_t to signed ssize_t.
+ (Closes: #698320)
+
+ -- Niko Tyni <ntyni@debian.org> Fri, 25 Jan 2013 15:22:58 +0200
+
perl (5.14.2-16) unstable; urgency=medium
* [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
diff -Nru perl-5.14.2/debian/control perl-5.14.2/debian/control
--- perl-5.14.2/debian/control 2012-12-10 14:49:33.000000000 +0200
+++ perl-5.14.2/debian/control 2013-01-25 15:18:21.000000000 +0200
@@ -282,7 +282,7 @@
libmime-base64-perl (<< 3.13),
libtime-hires-perl (<< 1.9721.01),
libstorable-perl (<< 2.27),
- libdigest-sha-perl (<< 5.61),
+ libdigest-sha-perl (<< 5.71-2),
libsys-syslog-perl (<< 0.27),
libcompress-zlib-perl (<< 2.033),
libcompress-raw-zlib-perl (<< 2.033),
diff -Nru perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff
--- perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff 1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff 2013-01-25 15:18:22.000000000 +0200
@@ -0,0 +1,56 @@
+From e36d65ba661bd0f9c9ae741c8f18d2e08682e97a Mon Sep 17 00:00:00 2001
+From: Andy Dougherty <doughera@lafayette.edu>
+Date: Wed, 16 Jan 2013 12:30:43 -0500
+Subject: Avoid wraparound when casting unsigned size_t to signed ssize_t.
+
+Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
+system. In that instance a value of count >= 2**31 would turn negative
+when cast to (ssize_t).
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/94e529cc4d56863d7272c254a29eda2b002a4335
+Bug-Debian: http://bugs.debian.org/698320
+Patch-Name: fixes/64bitint-signedness-wraparound.diff
+---
+ perlio.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/perlio.c b/perlio.c
+index e42a78f..6c40e34 100644
+--- a/perlio.c
++++ b/perlio.c
+@@ -2192,7 +2192,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ SSize_t avail = PerlIO_get_cnt(f);
+ SSize_t take = 0;
+ if (avail > 0)
+- take = ((SSize_t)count < avail) ? (SSize_t)count : avail;
++ take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail;
+ if (take > 0) {
+ STDCHAR *ptr = PerlIO_get_ptr(f);
+ Copy(ptr, buf, take, STDCHAR);
+@@ -4125,7 +4125,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+ */
+ b->posn -= b->bufsiz;
+ }
+- if (avail > (SSize_t) count) {
++ if ((SSize_t) count >= 0 && avail > (SSize_t) count) {
+ /*
+ * If we have space for more than count, just move count
+ */
+@@ -4175,7 +4175,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+ }
+ while (count > 0) {
+ SSize_t avail = b->bufsiz - (b->ptr - b->buf);
+- if ((SSize_t) count < avail)
++ if ((SSize_t) count >= 0 && (SSize_t) count < avail)
+ avail = count;
+ if (flushptr > buf && flushptr <= buf + avail)
+ avail = flushptr - buf;
+@@ -4450,7 +4450,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ {
+ SSize_t avail = PerlIO_get_cnt(f);
+ SSize_t got = 0;
+- if ((SSize_t)count < avail)
++ if ((SSize_t) count >= 0 && (SSize_t)count < avail)
+ avail = count;
+ if (avail > 0)
+ got = PerlIOBuf_read(aTHX_ f, vbuf, avail);
diff -Nru perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff
--- perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff 1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff 2013-01-25 15:18:21.000000000 +0200
@@ -0,0 +1,69 @@
+From d2d9e1560afaeb402dda69eba1d6e808d80c0c96 Mon Sep 17 00:00:00 2001
+From: Niko Tyni <ntyni@debian.org>
+Date: Fri, 25 Jan 2013 15:00:00 +0200
+Subject: Fix a double-free bug in Digest::SHA
+
+Fix double-free when loading Digest::SHA object representing the
+intermediate SHA state from a file.
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/a8c6ff7b8e8c6037333c21f9b3f6b38b9278df4f
+Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
+Bug-Debian: http://bugs.debian.org/698172
+Bug: https://rt.cpan.org/Ticket/Display.html?id=82655
+Patch-Name: fixes/digest-sha-doublefree.diff
+---
+ cpan/Digest-SHA/lib/Digest/SHA.pm | 11 +++++++----
+ cpan/Digest-SHA/src/sha.c | 2 +-
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/cpan/Digest-SHA/lib/Digest/SHA.pm b/cpan/Digest-SHA/lib/Digest/SHA.pm
+index f809ce3..8cea302 100644
+--- a/cpan/Digest-SHA/lib/Digest/SHA.pm
++++ b/cpan/Digest-SHA/lib/Digest/SHA.pm
+@@ -53,7 +53,7 @@ sub new {
+ return($class);
+ }
+ shaclose($$class) if $$class;
+- $$class = shaopen($alg) || return;
++ return unless $$class = shaopen($alg);
+ return($class);
+ }
+ $alg = 1 unless defined $alg;
+@@ -153,18 +153,21 @@ sub Addfile {
+
+ sub dump {
+ my $self = shift;
+- my $file = shift || "";
++ my $file = shift;
+
++ $file = "" unless defined $file;
+ shadump($file, $$self) || return;
+ return($self);
+ }
+
+ sub load {
+ my $class = shift;
+- my $file = shift || "";
++ my $file = shift;
++
++ $file = "" unless defined $file;
+ if (ref($class)) { # instance method
+ shaclose($$class) if $$class;
+- $$class = shaload($file) || return;
++ return unless $$class = shaload($file);
+ return($class);
+ }
+ my $state = shaload($file) || return;
+diff --git a/cpan/Digest-SHA/src/sha.c b/cpan/Digest-SHA/src/sha.c
+index 20f2d71..f512437 100644
+--- a/cpan/Digest-SHA/src/sha.c
++++ b/cpan/Digest-SHA/src/sha.c
+@@ -272,7 +272,7 @@ void sharewind(SHA *s)
+ /* shaopen: creates a new digest object */
+ SHA *shaopen(int alg)
+ {
+- SHA *s;
++ SHA *s = NULL;
+
+ if (alg != SHA1 && alg != SHA224 && alg != SHA256 &&
+ alg != SHA384 && alg != SHA512 &&
diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series
--- perl-5.14.2/debian/patches/series 2012-12-10 14:49:34.000000000 +0200
+++ perl-5.14.2/debian/patches/series 2013-01-25 15:18:22.000000000 +0200
@@ -73,3 +73,5 @@
fixes/cgi-cr-escaping.diff
fixes/maketext-code-execution.diff
fixes/storable-security-warning.diff
+fixes/digest-sha-doublefree.diff
+fixes/64bitint-signedness-wraparound.diff
diff -Nru perl-5.14.2/debian/t/control.t perl-5.14.2/debian/t/control.t
--- perl-5.14.2/debian/t/control.t 2012-12-10 14:49:34.000000000 +0200
+++ perl-5.14.2/debian/t/control.t 2013-01-25 15:18:21.000000000 +0200
@@ -46,6 +46,9 @@
"libautodie-perl" => {
"2.1001" => "2.10.01",
},
+ "libdigest-sha-perl" => {
+ "5.61" => "5.71",
+ },
);
# list special cases where a Breaks entry doesn't need to imply
Reply to: