Bug#698342: marked as done (unblock: libdigest-sha-perl/5.71-2)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#698342: marked as done (unblock: libdigest-sha-perl/5.71-2)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 17 Jan 2013 09:42:06 +0000
Message-id: <handler.698342.D698342.13584155519771.ackdone@bugs.debian.org>
References: <50F7C6B6.1010506@thykier.net> <20130117093211.14248.20619.reportbug@elende.valinor.li>

Your message dated Thu, 17 Jan 2013 10:39:02 +0100
with message-id <50F7C6B6.1010506@thykier.net>
and subject line Re: Bug#698342: unblock: libdigest-sha-perl/5.71-2
has caused the Debian Bug report #698342,
regarding unblock: libdigest-sha-perl/5.71-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
698342: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698342
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: libdigest-sha-perl/5.71-2
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 17 Jan 2013 10:32:11 +0100
Message-id: <20130117093211.14248.20619.reportbug@elende.valinor.li>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Release Team

Please unblock package libdigest-sha-perl

libdigest-sha-perl 5.71-2 fixes #698172: "Fix double-free when loading
Digest::SHA object representing the intermediate SHA state from a
file."

Would it be possible to get an unblock? I attached the debdiff against
current version in testing.

unblock libdigest-sha-perl/5.71-2

Regards,
Salvatore

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ98UXAAoJEHidbwV/2GP+OPUP/1HgGCJH0VcLZZHSr8LnXtzz
2y6jew/W+infHLlxlFfMGdN8yHz2dYhFghmToxipLiOayGyYbTd3D12vyUeZOj5U
h19HETMS3wZdg2In+2tebWIcjI/O3CoqzJalIUN39e4gclc6oZyn1qEmQM0620OK
uqKYfCrk6cCTy5nL/xcWyS7CySShAPjWsKZcZ2BKn/TB1ZyD2iLUQKahHONEvvDO
yHTcL6PEvnWkJGzCM3Aunzi6Myy8iZveRKpTbtfo7S7UGkXK/AdCVAgRRhBCV+R0
ImfKD4ZiQzURQFlZ3R07PxO8OpjZEejNHp285GeOsRa4aM57pGpSXG/eY89aSBDJ
61qNDy/BCFrIuTur1jVMGIDbe9GPaEzlsPwhvJKX7g2qWcSrUABEYCqkCMywbW9c
XFBm8+LhQ51hJldS92FYMFe4+iMTSKH09yG1vVGJECFewtUNSdTqG0pbzAdKcb/K
6i6qpGkmEHDE/RYfjjQKaeSV4Kp9XmvsXWajHNN5kh2we+QB8IQEKOiU6oJcn0Vg
LHh8GvpOXtWOx1bLLscrnngvU/Tc/AukMYX+ZGVWlqW0Au6A/TY9PMOGqZIom2/s
13qkPXNK7of9iiQrFu2Y9a57AcFIrGpkNzPvN/rfP0+Uam9FZpHhspW5V/EmFS+U
dDndLe5zQWA21nBrEx4g
=ShhJ
-----END PGP SIGNATURE-----

Base version: libdigest-sha-perl_5.71-1 from testing
Target version: libdigest-sha-perl_5.71-2 from unstable

No hints in place.

 changelog                                               |    8 ++
 patches/698172-fix-double-free-in-load-subroutine.patch |   58 ++++++++++++++++
 patches/series                                          |    1 
 3 files changed, 67 insertions(+)

diff -Nru libdigest-sha-perl-5.71/debian/changelog libdigest-sha-perl-5.71/debian/changelog
--- libdigest-sha-perl-5.71/debian/changelog	2012-02-29 19:57:28.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/changelog	2013-01-16 19:54:39.000000000 +0000
@@ -1,3 +1,11 @@
+libdigest-sha-perl (5.71-2) unstable; urgency=low
+
+  * Add 698172-fix-double-free-in-load-subroutine.patch patch.
+    Fix double-free when loading Digest::SHA object representing the
+    intermediate SHA state from a file. (Closes: #698172)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 16 Jan 2013 20:51:48 +0100
+
 libdigest-sha-perl (5.71-1) unstable; urgency=low
 
   * Imported Upstream version 5.71
diff -Nru libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch
--- libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch	1970-01-01 00:00:00.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch	2013-01-16 19:54:39.000000000 +0000
@@ -0,0 +1,58 @@
+Description: corrected load subroutine (SHA.pm) to prevent double-free
+ Fix double-free when loading Digest::SHA object representing the
+ intermediate SHA state from a file.
+Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
+Bug: https://rt.cpan.org/Ticket/Display.html?id=82655
+Bug-Debian: http://bugs.debian.org/698172
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2013-01-14
+Applied-Upstream: yes, 5.81
+
+--- a/lib/Digest/SHA.pm
++++ b/lib/Digest/SHA.pm
+@@ -50,7 +50,7 @@
+ 			return($class);
+ 		}
+ 		shaclose($$class) if $$class;
+-		$$class = shaopen($alg) || return;
++		return unless $$class = shaopen($alg);
+ 		return($class);
+ 	}
+ 	$alg = 1 unless defined $alg;
+@@ -163,18 +163,21 @@
+ 
+ sub dump {
+ 	my $self = shift;
+-	my $file = shift || "";
++	my $file = shift;
+ 
++	$file = "" unless defined $file;
+ 	shadump($file, $$self) || return;
+ 	return($self);
+ }
+ 
+ sub load {
+ 	my $class = shift;
+-	my $file = shift || "";
++	my $file = shift;
++
++	$file = "" unless defined $file;
+ 	if (ref($class)) {	# instance method
+ 		shaclose($$class) if $$class;
+-		$$class = shaload($file) || return;
++		return unless $$class = shaload($file);
+ 		return($class);
+ 	}
+ 	my $state = shaload($file) || return;
+--- a/src/sha.c
++++ b/src/sha.c
+@@ -272,7 +272,7 @@
+ /* shaopen: creates a new digest object */
+ SHA *shaopen(int alg)
+ {
+-	SHA *s;
++	SHA *s = NULL;
+ 
+ 	if (alg != SHA1 && alg != SHA224 && alg != SHA256 &&
+ 		alg != SHA384    && alg != SHA512 &&
diff -Nru libdigest-sha-perl-5.71/debian/patches/series libdigest-sha-perl-5.71/debian/patches/series
--- libdigest-sha-perl-5.71/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/patches/series	2013-01-16 19:54:39.000000000 +0000
@@ -0,0 +1 @@
+698172-fix-double-free-in-load-subroutine.patch

--- End Message ---

--- Begin Message ---

To: Salvatore Bonaccorso <carnil@debian.org>, 698342-done@bugs.debian.org

Subject: Re: Bug#698342: unblock: libdigest-sha-perl/5.71-2

From: Niels Thykier <niels@thykier.net>

Date: Thu, 17 Jan 2013 10:39:02 +0100

Message-id: <50F7C6B6.1010506@thykier.net>

In-reply-to: <20130117093211.14248.20619.reportbug@elende.valinor.li>

References: <20130117093211.14248.20619.reportbug@elende.valinor.li>
On 2013-01-17 10:32, Salvatore Bonaccorso wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi Release Team
> 
> Please unblock package libdigest-sha-perl
> 
> libdigest-sha-perl 5.71-2 fixes #698172: "Fix double-free when loading
> Digest::SHA object representing the intermediate SHA state from a
> file."
> 
> Would it be possible to get an unblock? I attached the debdiff against
> current version in testing.
> 
> unblock libdigest-sha-perl/5.71-2
> 
> Regards,
> Salvatore
> 

Unblocked, thanks.

~Niels
--- End Message ---

Reply to:

References:
- Bug#698342: unblock: libdigest-sha-perl/5.71-2
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#698341: RM: spatialite-tools/3.0.0~beta20110817-3
Next by Date: Bug#698341: RM: spatialite-tools/3.0.0~beta20110817-3
Previous by thread: Bug#698342: unblock: libdigest-sha-perl/5.71-2
Next by thread: Bug#692363: unblock: texstudio/2.3+debian-4
Index(es):
- Date
- Thread