Bug#995804: marked as done (libencode-perl: Encode <3.12 leaks)

[Debian Bug Tracking System]

Your message dated Tue, 12 Oct 2021 15:18:41 +0000
with message-id <e1majy9-0007bc...@fasolo.debian.org>
and subject line Bug#995804: fixed in libencode-perl 3.15-1
has caused the Debian Bug report #995804,
regarding libencode-perl: Encode <3.12 leaks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
995804: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995804
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libencode-perl
Version: Encode <=3.12 leaks on decode, 3.13 released
Severity: normal
Tags: upstream patch

Dear Maintainer,

Encode 3.13 was just released with a memory leak fix for:
  https://rt.cpan.org/Ticket/Display.html?id=139622

Since Encode is also bunded with various libperl5.xx packages,
I'm not sure how to go about getting those fixed.

>From 23978817a2c1ed13861167154e8eb3d829104b6b Mon Sep 17 00:00:00 2001
From: Dan Kogai <dankogai+git...@gmail.com>
Date: Wed, 6 Oct 2021 08:37:27 +0900
Subject: [PATCH] resolve RT#139622

---
 Changes   | 5 +++++
 Encode.xs | 1 +
 2 files changed, 6 insertions(+)

diff --git a/Changes b/Changes
index 39e0bc1..1613abc 100644
--- a/Changes
+++ b/Changes
@@ -3,6 +3,11 @@
 # $Id: Changes,v 3.12 2021/08/09 14:17:04 dankogai Exp dankogai $
 #
 $Revision: 3.12 $ $Date: 2021/08/09 14:17:04 $
+! Encode.xs
+  Apply the patch of RT#139622 to fix a memory leak on FB_CROAK
+  https://rt.cpan.org/Ticket/Display.html?id=139622
+
+3.12 2021/08/09 14:17:04
 ! Encode.pm
   Address CVE-2021-36770
   <9639159a-d070-4762-9cbd-f1622f104...@beta.fastmail.com>
diff --git a/Encode.xs b/Encode.xs
index 4baf296..8cc8d15 100644
--- a/Encode.xs
+++ b/Encode.xs
@@ -275,6 +275,7 @@ encode_method(pTHX_ const encode_t * enc, const encpage_t * 
dir, SV * src, U8 *
         /* decoding */
         else {
         if (check & ENCODE_DIE_ON_ERR){
+            SvREFCNT_dec(dst);
             Perl_croak(aTHX_ ERR_DECODE_NOMAP,
                               enc->name[0], (UV)s[slen]);
             return &PL_sv_undef; /* never reaches but be safe */

--- End Message ---

--- Begin Message ---

Source: libencode-perl
Source-Version: 3.15-1
Done: Yadd <y...@debian.org>

We believe that the bug you reported is fixed in the latest version of
libencode-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 995...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated libencode-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Oct 2021 16:53:54 +0200
Source: libencode-perl
Architecture: source
Version: 3.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 995804
Changes:
 libencode-perl (3.15-1) unstable; urgency=medium
 .
   * Add debian/gbp.conf
   * New upstream version 3.15 (Closes: #995804)
   * Refresh lintian overrides
Checksums-Sha1: 
 73563f66f913db146b6e8e481dbec60bd8c068de 2158 libencode-perl_3.15-1.dsc
 71597bd88758c2f80c3007c062a506460f0378e4 2056639 
libencode-perl_3.15.orig.tar.gz
 c4c886c47e4536d5c966c63764189fb3402b8d90 6688 
libencode-perl_3.15-1.debian.tar.xz
Checksums-Sha256: 
 fdae11894ddf2616f4be8bd20606411d653e2c56e8b98ac482541a830d3f710d 2158 
libencode-perl_3.15-1.dsc
 0905fea22c183cc450577ebdf59784728d322a57754d33c6283745e020437204 2056639 
libencode-perl_3.15.orig.tar.gz
 5886261f93d0bd590c10fc576f8d3cffbef1533797db7dac8f1f52c1c00c1925 6688 
libencode-perl_3.15-1.debian.tar.xz
Files: 
 83600ba3e5f1d8eeadbf5cb7e44bdc38 2158 perl optional libencode-perl_3.15-1.dsc
 ede05c64f48334694bd8393450dc1db4 2056639 perl optional 
libencode-perl_3.15.orig.tar.gz
 17a5e8b3f77c3f417a16011e1fae0985 6688 perl optional 
libencode-perl_3.15-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmFlod0ACgkQ9tdMp8mZ
7unb8w//b296uo4W7+EuwE8zyWKD3yzhkF4fIZo2mgRBJH0aMl4jO+D824xtA2Oj
xovMSBnXOJ5gE9TV7Hx7G2t+4bvEx2Nl1uqqbTjK+R5fvXAyc4uP/R6to0M+a90X
213eR2bLMwdNivqM0An6ut2So5oJcloYd+Qsev0cQzevqWxNMFLCdR0E34jd7J77
GIseazQDLqvO0WHLF3DRGH8FMt+7BEgBYme6bw+0hMhqBz5buUPPHdJC3VNCVChg
Oo3aHfLcO3ap9SY45krzbG88N5cuGXqkYKhB6vADcM1++F6yyQ4/UE9sCX8ONeTy
JrIbPFROATQAqhSWZ/cueTzZR8c1nEdt/KEbuxofDPv/n9XFUiKLyhUNBeOewhq6
DQDCPH7Zf/kGR0q4jMO8kKDWZTDTlmzDIfRV1dcriwQR/JoB6qIOzBaDtbNQi/li
0WE3MAD74QFHrcVKpoVjSP1hiiUHYWcNY11ZDxRoyKbng55tcWCZnGMkix3uKibH
+1k9RJdARFZIMngfGVSPww9m3/2PrOOiaRdTx/mcCvRVsBOz+zlu54bDpL90zoOU
PODVAEFblan5i0mKCXwtB85AKrl28dtgHxPcINfuFtqkGbRvpxT9j7yozkevYlU4
sJW826drwGj+kXuBUvmZTxMgLySqGqkW7AxRYmGGLjKouAxQ9FI=
=cKWQ
-----END PGP SIGNATURE-----

--- End Message ---