Your message dated Thu, 17 Jan 2013 10:39:02 +0100
with message-id <[email protected]>
and subject line Re: Bug#698342: unblock: libdigest-sha-perl/5.71-2
has caused the Debian Bug report #698342,
regarding unblock: libdigest-sha-perl/5.71-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
698342: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698342
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Release Team
Please unblock package libdigest-sha-perl
libdigest-sha-perl 5.71-2 fixes #698172: "Fix double-free when loading
Digest::SHA object representing the intermediate SHA state from a
file."
Would it be possible to get an unblock? I attached the debdiff against
current version in testing.
unblock libdigest-sha-perl/5.71-2
Regards,
Salvatore
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ98UXAAoJEHidbwV/2GP+OPUP/1HgGCJH0VcLZZHSr8LnXtzz
2y6jew/W+infHLlxlFfMGdN8yHz2dYhFghmToxipLiOayGyYbTd3D12vyUeZOj5U
h19HETMS3wZdg2In+2tebWIcjI/O3CoqzJalIUN39e4gclc6oZyn1qEmQM0620OK
uqKYfCrk6cCTy5nL/xcWyS7CySShAPjWsKZcZ2BKn/TB1ZyD2iLUQKahHONEvvDO
yHTcL6PEvnWkJGzCM3Aunzi6Myy8iZveRKpTbtfo7S7UGkXK/AdCVAgRRhBCV+R0
ImfKD4ZiQzURQFlZ3R07PxO8OpjZEejNHp285GeOsRa4aM57pGpSXG/eY89aSBDJ
61qNDy/BCFrIuTur1jVMGIDbe9GPaEzlsPwhvJKX7g2qWcSrUABEYCqkCMywbW9c
XFBm8+LhQ51hJldS92FYMFe4+iMTSKH09yG1vVGJECFewtUNSdTqG0pbzAdKcb/K
6i6qpGkmEHDE/RYfjjQKaeSV4Kp9XmvsXWajHNN5kh2we+QB8IQEKOiU6oJcn0Vg
LHh8GvpOXtWOx1bLLscrnngvU/Tc/AukMYX+ZGVWlqW0Au6A/TY9PMOGqZIom2/s
13qkPXNK7of9iiQrFu2Y9a57AcFIrGpkNzPvN/rfP0+Uam9FZpHhspW5V/EmFS+U
dDndLe5zQWA21nBrEx4g
=ShhJ
-----END PGP SIGNATURE-----
Base version: libdigest-sha-perl_5.71-1 from testing
Target version: libdigest-sha-perl_5.71-2 from unstable
No hints in place.
changelog | 8 ++
patches/698172-fix-double-free-in-load-subroutine.patch | 58 ++++++++++++++++
patches/series | 1
3 files changed, 67 insertions(+)
diff -Nru libdigest-sha-perl-5.71/debian/changelog libdigest-sha-perl-5.71/debian/changelog
--- libdigest-sha-perl-5.71/debian/changelog 2012-02-29 19:57:28.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/changelog 2013-01-16 19:54:39.000000000 +0000
@@ -1,3 +1,11 @@
+libdigest-sha-perl (5.71-2) unstable; urgency=low
+
+ * Add 698172-fix-double-free-in-load-subroutine.patch patch.
+ Fix double-free when loading Digest::SHA object representing the
+ intermediate SHA state from a file. (Closes: #698172)
+
+ -- Salvatore Bonaccorso <[email protected]> Wed, 16 Jan 2013 20:51:48 +0100
+
libdigest-sha-perl (5.71-1) unstable; urgency=low
* Imported Upstream version 5.71
diff -Nru libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch
--- libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch 1970-01-01 00:00:00.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/patches/698172-fix-double-free-in-load-subroutine.patch 2013-01-16 19:54:39.000000000 +0000
@@ -0,0 +1,58 @@
+Description: corrected load subroutine (SHA.pm) to prevent double-free
+ Fix double-free when loading Digest::SHA object representing the
+ intermediate SHA state from a file.
+Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
+Bug: https://rt.cpan.org/Ticket/Display.html?id=82655
+Bug-Debian: http://bugs.debian.org/698172
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <[email protected]>
+Last-Update: 2013-01-14
+Applied-Upstream: yes, 5.81
+
+--- a/lib/Digest/SHA.pm
++++ b/lib/Digest/SHA.pm
+@@ -50,7 +50,7 @@
+ return($class);
+ }
+ shaclose($$class) if $$class;
+- $$class = shaopen($alg) || return;
++ return unless $$class = shaopen($alg);
+ return($class);
+ }
+ $alg = 1 unless defined $alg;
+@@ -163,18 +163,21 @@
+
+ sub dump {
+ my $self = shift;
+- my $file = shift || "";
++ my $file = shift;
+
++ $file = "" unless defined $file;
+ shadump($file, $$self) || return;
+ return($self);
+ }
+
+ sub load {
+ my $class = shift;
+- my $file = shift || "";
++ my $file = shift;
++
++ $file = "" unless defined $file;
+ if (ref($class)) { # instance method
+ shaclose($$class) if $$class;
+- $$class = shaload($file) || return;
++ return unless $$class = shaload($file);
+ return($class);
+ }
+ my $state = shaload($file) || return;
+--- a/src/sha.c
++++ b/src/sha.c
+@@ -272,7 +272,7 @@
+ /* shaopen: creates a new digest object */
+ SHA *shaopen(int alg)
+ {
+- SHA *s;
++ SHA *s = NULL;
+
+ if (alg != SHA1 && alg != SHA224 && alg != SHA256 &&
+ alg != SHA384 && alg != SHA512 &&
diff -Nru libdigest-sha-perl-5.71/debian/patches/series libdigest-sha-perl-5.71/debian/patches/series
--- libdigest-sha-perl-5.71/debian/patches/series 1970-01-01 00:00:00.000000000 +0000
+++ libdigest-sha-perl-5.71/debian/patches/series 2013-01-16 19:54:39.000000000 +0000
@@ -0,0 +1 @@
+698172-fix-double-free-in-load-subroutine.patch
--- End Message ---
--- Begin Message ---
On 2013-01-17 10:32, Salvatore Bonaccorso wrote:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
>
> Hi Release Team
>
> Please unblock package libdigest-sha-perl
>
> libdigest-sha-perl 5.71-2 fixes #698172: "Fix double-free when loading
> Digest::SHA object representing the intermediate SHA state from a
> file."
>
> Would it be possible to get an unblock? I attached the debdiff against
> current version in testing.
>
> unblock libdigest-sha-perl/5.71-2
>
> Regards,
> Salvatore
>
Unblocked, thanks.
~Niels
--- End Message ---
