[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#699276: marked as done (unblock: perl/5.14.2-17)

Your message dated Tue, 29 Jan 2013 21:05:07 +0000
with message-id <1359493507.10515.1.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#699276: unblock: perl/5.14.2-17
has caused the Debian Bug report #699276,
regarding unblock: perl/5.14.2-17
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
699276: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699276
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package perl. 

Changes: 
 perl (5.14.2-17) unstable; urgency=low
 .
   * Fix a double-free bug in Digest::SHA. (Closes: #698174)
     + update the Breaks: entry accordingly.
   * Avoid wraparound when casting unsigned size_t to signed ssize_t.
     (Closes: #698320)

The first bugfix was already unblocked for the separate libdigest-sha-perl
package, so it makes sense to get it fixed in perl too. The other fix
was pre-approved by Adam.

Please note that the debian/t/ change is in a maintainer test that is
not run during the build.

 debian/changelog                                         |    9 +
 debian/control                                           |    2 
 debian/patches/fixes/64bitint-signedness-wraparound.diff |   56 ++++++++++++
 debian/patches/fixes/digest-sha-doublefree.diff          |   69 +++++++++++++++
 debian/patches/series                                    |    2 
 debian/t/control.t                                       |    3 
 6 files changed, 140 insertions(+), 1 deletion(-)

unblock perl/5.14.2-17

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog
--- perl-5.14.2/debian/changelog	2012-12-10 14:49:33.000000000 +0200
+++ perl-5.14.2/debian/changelog	2013-01-26 19:30:14.000000000 +0200
@@ -1,3 +1,12 @@
+perl (5.14.2-17) unstable; urgency=low
+
+  * Fix a double-free bug in Digest::SHA. (Closes: #698174)
+    + update the Breaks: entry accordingly.
+  * Avoid wraparound when casting unsigned size_t to signed ssize_t.
+    (Closes: #698320)
+
+ -- Niko Tyni <ntyni@debian.org>  Fri, 25 Jan 2013 15:22:58 +0200
+
 perl (5.14.2-16) unstable; urgency=medium
 
   * [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
diff -Nru perl-5.14.2/debian/control perl-5.14.2/debian/control
--- perl-5.14.2/debian/control	2012-12-10 14:49:33.000000000 +0200
+++ perl-5.14.2/debian/control	2013-01-25 15:18:21.000000000 +0200
@@ -282,7 +282,7 @@
  libmime-base64-perl (<< 3.13),
  libtime-hires-perl (<< 1.9721.01),
  libstorable-perl (<< 2.27),
- libdigest-sha-perl (<< 5.61),
+ libdigest-sha-perl (<< 5.71-2),
  libsys-syslog-perl (<< 0.27),
  libcompress-zlib-perl (<< 2.033),
  libcompress-raw-zlib-perl (<< 2.033),
diff -Nru perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff
--- perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff	2013-01-25 15:18:22.000000000 +0200
@@ -0,0 +1,56 @@
+From e36d65ba661bd0f9c9ae741c8f18d2e08682e97a Mon Sep 17 00:00:00 2001
+From: Andy Dougherty <doughera@lafayette.edu>
+Date: Wed, 16 Jan 2013 12:30:43 -0500
+Subject: Avoid wraparound when casting unsigned size_t to signed ssize_t.
+
+Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
+system.  In that instance a value of count >= 2**31 would turn negative
+when cast to (ssize_t).
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/94e529cc4d56863d7272c254a29eda2b002a4335
+Bug-Debian: http://bugs.debian.org/698320
+Patch-Name: fixes/64bitint-signedness-wraparound.diff
+---
+ perlio.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/perlio.c b/perlio.c
+index e42a78f..6c40e34 100644
+--- a/perlio.c
++++ b/perlio.c
+@@ -2192,7 +2192,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ 	    SSize_t avail = PerlIO_get_cnt(f);
+ 	    SSize_t take = 0;
+ 	    if (avail > 0)
+-		take = ((SSize_t)count < avail) ? (SSize_t)count : avail;
++		take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail;
+ 	    if (take > 0) {
+ 		STDCHAR *ptr = PerlIO_get_ptr(f);
+ 		Copy(ptr, buf, take, STDCHAR);
+@@ -4125,7 +4125,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+ 	     */
+ 	    b->posn -= b->bufsiz;
+ 	}
+-	if (avail > (SSize_t) count) {
++	if ((SSize_t) count >= 0 && avail > (SSize_t) count) {
+ 	    /*
+ 	     * If we have space for more than count, just move count
+ 	     */
+@@ -4175,7 +4175,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+     }
+     while (count > 0) {
+ 	SSize_t avail = b->bufsiz - (b->ptr - b->buf);
+-	if ((SSize_t) count < avail)
++	if ((SSize_t) count >= 0 && (SSize_t) count < avail)
+ 	    avail = count;
+ 	if (flushptr > buf && flushptr <= buf + avail)
+ 	    avail = flushptr - buf;
+@@ -4450,7 +4450,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ {
+     SSize_t avail = PerlIO_get_cnt(f);
+     SSize_t got = 0;
+-    if ((SSize_t)count < avail)
++    if ((SSize_t) count >= 0 && (SSize_t)count < avail)
+ 	avail = count;
+     if (avail > 0)
+ 	got = PerlIOBuf_read(aTHX_ f, vbuf, avail);
diff -Nru perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff
--- perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff	2013-01-25 15:18:21.000000000 +0200
@@ -0,0 +1,69 @@
+From d2d9e1560afaeb402dda69eba1d6e808d80c0c96 Mon Sep 17 00:00:00 2001
+From: Niko Tyni <ntyni@debian.org>
+Date: Fri, 25 Jan 2013 15:00:00 +0200
+Subject: Fix a double-free bug in Digest::SHA
+
+Fix double-free when loading Digest::SHA object representing the
+intermediate SHA state from a file.
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/a8c6ff7b8e8c6037333c21f9b3f6b38b9278df4f
+Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
+Bug-Debian: http://bugs.debian.org/698172
+Bug: https://rt.cpan.org/Ticket/Display.html?id=82655
+Patch-Name: fixes/digest-sha-doublefree.diff
+---
+ cpan/Digest-SHA/lib/Digest/SHA.pm |   11 +++++++----
+ cpan/Digest-SHA/src/sha.c         |    2 +-
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/cpan/Digest-SHA/lib/Digest/SHA.pm b/cpan/Digest-SHA/lib/Digest/SHA.pm
+index f809ce3..8cea302 100644
+--- a/cpan/Digest-SHA/lib/Digest/SHA.pm
++++ b/cpan/Digest-SHA/lib/Digest/SHA.pm
+@@ -53,7 +53,7 @@ sub new {
+ 			return($class);
+ 		}
+ 		shaclose($$class) if $$class;
+-		$$class = shaopen($alg) || return;
++		return unless $$class = shaopen($alg);
+ 		return($class);
+ 	}
+ 	$alg = 1 unless defined $alg;
+@@ -153,18 +153,21 @@ sub Addfile {
+ 
+ sub dump {
+ 	my $self = shift;
+-	my $file = shift || "";
++	my $file = shift;
+ 
++	$file = "" unless defined $file;
+ 	shadump($file, $$self) || return;
+ 	return($self);
+ }
+ 
+ sub load {
+ 	my $class = shift;
+-	my $file = shift || "";
++	my $file = shift;
++
++	$file = "" unless defined $file;
+ 	if (ref($class)) {	# instance method
+ 		shaclose($$class) if $$class;
+-		$$class = shaload($file) || return;
++		return unless $$class = shaload($file);
+ 		return($class);
+ 	}
+ 	my $state = shaload($file) || return;
+diff --git a/cpan/Digest-SHA/src/sha.c b/cpan/Digest-SHA/src/sha.c
+index 20f2d71..f512437 100644
+--- a/cpan/Digest-SHA/src/sha.c
++++ b/cpan/Digest-SHA/src/sha.c
+@@ -272,7 +272,7 @@ void sharewind(SHA *s)
+ /* shaopen: creates a new digest object */
+ SHA *shaopen(int alg)
+ {
+-	SHA *s;
++	SHA *s = NULL;
+ 
+ 	if (alg != SHA1 && alg != SHA224 && alg != SHA256 &&
+ 		alg != SHA384    && alg != SHA512 &&
diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series
--- perl-5.14.2/debian/patches/series	2012-12-10 14:49:34.000000000 +0200
+++ perl-5.14.2/debian/patches/series	2013-01-25 15:18:22.000000000 +0200
@@ -73,3 +73,5 @@
 fixes/cgi-cr-escaping.diff
 fixes/maketext-code-execution.diff
 fixes/storable-security-warning.diff
+fixes/digest-sha-doublefree.diff
+fixes/64bitint-signedness-wraparound.diff
diff -Nru perl-5.14.2/debian/t/control.t perl-5.14.2/debian/t/control.t
--- perl-5.14.2/debian/t/control.t	2012-12-10 14:49:34.000000000 +0200
+++ perl-5.14.2/debian/t/control.t	2013-01-25 15:18:21.000000000 +0200
@@ -46,6 +46,9 @@
 	"libautodie-perl" => {
 		"2.1001" => "2.10.01",
 	},
+	"libdigest-sha-perl" => {
+		"5.61"  =>  "5.71",
+	},
 );
 
 # list special cases where a Breaks entry doesn't need to imply

--- End Message ---
--- Begin Message --- 
On Tue, 2013-01-29 at 19:27 +0200, Niko Tyni wrote:
>  perl (5.14.2-17) unstable; urgency=low
>  .
>    * Fix a double-free bug in Digest::SHA. (Closes: #698174)
>      + update the Breaks: entry accordingly.
>    * Avoid wraparound when casting unsigned size_t to signed ssize_t.
>      (Closes: #698320)

Unblocked; thanks.

Regards,

Adam

--- End Message ---
Reply to: