Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Release Team Please unblock package libdigest-sha-perl libdigest-sha-perl 5.71-2 fixes #698172: "Fix double-free when loading Digest::SHA object representing the intermediate SHA state from a file." Would it be possible to get an unblock? I attached the debdiff against current version in testing. unblock libdigest-sha-perl/5.71-2 Regards, Salvatore -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ98UXAAoJEHidbwV/2GP+OPUP/1HgGCJH0VcLZZHSr8LnXtzz 2y6jew/W+infHLlxlFfMGdN8yHz2dYhFghmToxipLiOayGyYbTd3D12vyUeZOj5U h19HETMS3wZdg2In+2tebWIcjI/O3CoqzJalIUN39e4gclc6oZyn1qEmQM0620OK uqKYfCrk6cCTy5nL/xcWyS7CySShAPjWsKZcZ2BKn/TB1ZyD2iLUQKahHONEvvDO yHTcL6PEvnWkJGzCM3Aunzi6Myy8iZveRKpTbtfo7S7UGkXK/AdCVAgRRhBCV+R0 ImfKD4ZiQzURQFlZ3R07PxO8OpjZEejNHp285GeOsRa4aM57pGpSXG/eY89aSBDJ 61qNDy/BCFrIuTur1jVMGIDbe9GPaEzlsPwhvJKX7g2qWcSrUABEYCqkCMywbW9c XFBm8+LhQ51hJldS92FYMFe4+iMTSKH09yG1vVGJECFewtUNSdTqG0pbzAdKcb/K 6i6qpGkmEHDE/RYfjjQKaeSV4Kp9XmvsXWajHNN5kh2we+QB8IQEKOiU6oJcn0Vg LHh8GvpOXtWOx1bLLscrnngvU/Tc/AukMYX+ZGVWlqW0Au6A/TY9PMOGqZIom2/s 13qkPXNK7of9iiQrFu2Y9a57AcFIrGpkNzPvN/rfP0+Uam9FZpHhspW5V/EmFS+U dDndLe5zQWA21nBrEx4g =ShhJ -----END PGP SIGNATURE-----
Base version: libdigest-sha-perl_5.71-1 from testing Target version: libdigest-sha-perl_5.71-2 from unstable No hints in place. changelog | 8 ++ patches/698172-fix-double-free-in-load-subroutine.patch | 58 ++++++++++++++++ patches/series | 1 3 files changed, 67 insertions(+) diff -Nru libdigest-sha-perl-5.71/debian/changelog libdigest-sha-perl-5.71/debian/changelog --- libdigest-sha-perl-5.71/debian/changelog 2012-02-29 19:57:28.000000000 +0000 +++ libdigest-sha-perl-5.71/debian/changelog 2013-01-16 19:54:39.000000000 +0000 @@ -1,3 +1,11 @@ +libdigest-sha-perl (5.71-2) unstable; urgency=low + + * Add 698172-fix-double-free-in-load-subroutine.patch patch. + Fix double-free when loading Digest::SHA object representing the + intermediate SHA state from a file. (Closes: #698172) + + -- Salvatore Bonaccorso <car...@debian.org> Wed, 16 Jan 2013 20:51:48 +0100 + libdigest-sha-perl (5.71-1) unstable; urgency=low * Imported Upstream version 5.71 diff -Nru libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch --- libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch 1970-01-01 00:00:00.000000000 +0000 +++ libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch 2013-01-16 19:54:39.000000000 +0000 @@ -0,0 +1,58 @@ +Description: corrected load subroutine (SHA.pm) to prevent double-free + Fix double-free when loading Digest::SHA object representing the + intermediate SHA state from a file. +Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81 +Bug: https://rt.cpan.org/Ticket/Display.html?id=82655 +Bug-Debian: http://bugs.debian.org/698172 +Forwarded: not-needed +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2013-01-14 +Applied-Upstream: yes, 5.81 + +--- a/lib/Digest/SHA.pm ++++ b/lib/Digest/SHA.pm +@@ -50,7 +50,7 @@ + return($class); + } + shaclose($$class) if $$class; +- $$class = shaopen($alg) || return; ++ return unless $$class = shaopen($alg); + return($class); + } + $alg = 1 unless defined $alg; +@@ -163,18 +163,21 @@ + + sub dump { + my $self = shift; +- my $file = shift || ""; ++ my $file = shift; + ++ $file = "" unless defined $file; + shadump($file, $$self) || return; + return($self); + } + + sub load { + my $class = shift; +- my $file = shift || ""; ++ my $file = shift; ++ ++ $file = "" unless defined $file; + if (ref($class)) { # instance method + shaclose($$class) if $$class; +- $$class = shaload($file) || return; ++ return unless $$class = shaload($file); + return($class); + } + my $state = shaload($file) || return; +--- a/src/sha.c ++++ b/src/sha.c +@@ -272,7 +272,7 @@ + /* shaopen: creates a new digest object */ + SHA *shaopen(int alg) + { +- SHA *s; ++ SHA *s = NULL; + + if (alg != SHA1 && alg != SHA224 && alg != SHA256 && + alg != SHA384 && alg != SHA512 && diff -Nru libdigest-sha-perl-5.71/debian/patches/series libdigest-sha-perl-5.71/debian/patches/series --- libdigest-sha-perl-5.71/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ libdigest-sha-perl-5.71/debian/patches/series 2013-01-16 19:54:39.000000000 +0000 @@ -0,0 +1 @@ +698172-fix-double-free-in-load-subroutine.patch