Your message dated Tue, 29 Jan 2013 21:05:07 +0000
with message-id <[email protected]>
and subject line Re: Bug#699276: unblock: perl/5.14.2-17
has caused the Debian Bug report #699276,
regarding unblock: perl/5.14.2-17
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
699276: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699276
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package perl.
Changes:
perl (5.14.2-17) unstable; urgency=low
.
* Fix a double-free bug in Digest::SHA. (Closes: #698174)
+ update the Breaks: entry accordingly.
* Avoid wraparound when casting unsigned size_t to signed ssize_t.
(Closes: #698320)
The first bugfix was already unblocked for the separate libdigest-sha-perl
package, so it makes sense to get it fixed in perl too. The other fix
was pre-approved by Adam.
Please note that the debian/t/ change is in a maintainer test that is
not run during the build.
debian/changelog | 9 +
debian/control | 2
debian/patches/fixes/64bitint-signedness-wraparound.diff | 56 ++++++++++++
debian/patches/fixes/digest-sha-doublefree.diff | 69 +++++++++++++++
debian/patches/series | 2
debian/t/control.t | 3
6 files changed, 140 insertions(+), 1 deletion(-)
unblock perl/5.14.2-17
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog
--- perl-5.14.2/debian/changelog 2012-12-10 14:49:33.000000000 +0200
+++ perl-5.14.2/debian/changelog 2013-01-26 19:30:14.000000000 +0200
@@ -1,3 +1,12 @@
+perl (5.14.2-17) unstable; urgency=low
+
+ * Fix a double-free bug in Digest::SHA. (Closes: #698174)
+ + update the Breaks: entry accordingly.
+ * Avoid wraparound when casting unsigned size_t to signed ssize_t.
+ (Closes: #698320)
+
+ -- Niko Tyni <[email protected]> Fri, 25 Jan 2013 15:22:58 +0200
+
perl (5.14.2-16) unstable; urgency=medium
* [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
diff -Nru perl-5.14.2/debian/control perl-5.14.2/debian/control
--- perl-5.14.2/debian/control 2012-12-10 14:49:33.000000000 +0200
+++ perl-5.14.2/debian/control 2013-01-25 15:18:21.000000000 +0200
@@ -282,7 +282,7 @@
libmime-base64-perl (<< 3.13),
libtime-hires-perl (<< 1.9721.01),
libstorable-perl (<< 2.27),
- libdigest-sha-perl (<< 5.61),
+ libdigest-sha-perl (<< 5.71-2),
libsys-syslog-perl (<< 0.27),
libcompress-zlib-perl (<< 2.033),
libcompress-raw-zlib-perl (<< 2.033),
diff -Nru perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff
--- perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff 1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/64bitint-signedness-wraparound.diff 2013-01-25 15:18:22.000000000 +0200
@@ -0,0 +1,56 @@
+From e36d65ba661bd0f9c9ae741c8f18d2e08682e97a Mon Sep 17 00:00:00 2001
+From: Andy Dougherty <[email protected]>
+Date: Wed, 16 Jan 2013 12:30:43 -0500
+Subject: Avoid wraparound when casting unsigned size_t to signed ssize_t.
+
+Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
+system. In that instance a value of count >= 2**31 would turn negative
+when cast to (ssize_t).
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/94e529cc4d56863d7272c254a29eda2b002a4335
+Bug-Debian: http://bugs.debian.org/698320
+Patch-Name: fixes/64bitint-signedness-wraparound.diff
+---
+ perlio.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/perlio.c b/perlio.c
+index e42a78f..6c40e34 100644
+--- a/perlio.c
++++ b/perlio.c
+@@ -2192,7 +2192,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ SSize_t avail = PerlIO_get_cnt(f);
+ SSize_t take = 0;
+ if (avail > 0)
+- take = ((SSize_t)count < avail) ? (SSize_t)count : avail;
++ take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail;
+ if (take > 0) {
+ STDCHAR *ptr = PerlIO_get_ptr(f);
+ Copy(ptr, buf, take, STDCHAR);
+@@ -4125,7 +4125,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+ */
+ b->posn -= b->bufsiz;
+ }
+- if (avail > (SSize_t) count) {
++ if ((SSize_t) count >= 0 && avail > (SSize_t) count) {
+ /*
+ * If we have space for more than count, just move count
+ */
+@@ -4175,7 +4175,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+ }
+ while (count > 0) {
+ SSize_t avail = b->bufsiz - (b->ptr - b->buf);
+- if ((SSize_t) count < avail)
++ if ((SSize_t) count >= 0 && (SSize_t) count < avail)
+ avail = count;
+ if (flushptr > buf && flushptr <= buf + avail)
+ avail = flushptr - buf;
+@@ -4450,7 +4450,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ {
+ SSize_t avail = PerlIO_get_cnt(f);
+ SSize_t got = 0;
+- if ((SSize_t)count < avail)
++ if ((SSize_t) count >= 0 && (SSize_t)count < avail)
+ avail = count;
+ if (avail > 0)
+ got = PerlIOBuf_read(aTHX_ f, vbuf, avail);
diff -Nru perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff
--- perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff 1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/digest-sha-doublefree.diff 2013-01-25 15:18:21.000000000 +0200
@@ -0,0 +1,69 @@
+From d2d9e1560afaeb402dda69eba1d6e808d80c0c96 Mon Sep 17 00:00:00 2001
+From: Niko Tyni <[email protected]>
+Date: Fri, 25 Jan 2013 15:00:00 +0200
+Subject: Fix a double-free bug in Digest::SHA
+
+Fix double-free when loading Digest::SHA object representing the
+intermediate SHA state from a file.
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/a8c6ff7b8e8c6037333c21f9b3f6b38b9278df4f
+Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
+Bug-Debian: http://bugs.debian.org/698172
+Bug: https://rt.cpan.org/Ticket/Display.html?id=82655
+Patch-Name: fixes/digest-sha-doublefree.diff
+---
+ cpan/Digest-SHA/lib/Digest/SHA.pm | 11 +++++++----
+ cpan/Digest-SHA/src/sha.c | 2 +-
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/cpan/Digest-SHA/lib/Digest/SHA.pm b/cpan/Digest-SHA/lib/Digest/SHA.pm
+index f809ce3..8cea302 100644
+--- a/cpan/Digest-SHA/lib/Digest/SHA.pm
++++ b/cpan/Digest-SHA/lib/Digest/SHA.pm
+@@ -53,7 +53,7 @@ sub new {
+ return($class);
+ }
+ shaclose($$class) if $$class;
+- $$class = shaopen($alg) || return;
++ return unless $$class = shaopen($alg);
+ return($class);
+ }
+ $alg = 1 unless defined $alg;
+@@ -153,18 +153,21 @@ sub Addfile {
+
+ sub dump {
+ my $self = shift;
+- my $file = shift || "";
++ my $file = shift;
+
++ $file = "" unless defined $file;
+ shadump($file, $$self) || return;
+ return($self);
+ }
+
+ sub load {
+ my $class = shift;
+- my $file = shift || "";
++ my $file = shift;
++
++ $file = "" unless defined $file;
+ if (ref($class)) { # instance method
+ shaclose($$class) if $$class;
+- $$class = shaload($file) || return;
++ return unless $$class = shaload($file);
+ return($class);
+ }
+ my $state = shaload($file) || return;
+diff --git a/cpan/Digest-SHA/src/sha.c b/cpan/Digest-SHA/src/sha.c
+index 20f2d71..f512437 100644
+--- a/cpan/Digest-SHA/src/sha.c
++++ b/cpan/Digest-SHA/src/sha.c
+@@ -272,7 +272,7 @@ void sharewind(SHA *s)
+ /* shaopen: creates a new digest object */
+ SHA *shaopen(int alg)
+ {
+- SHA *s;
++ SHA *s = NULL;
+
+ if (alg != SHA1 && alg != SHA224 && alg != SHA256 &&
+ alg != SHA384 && alg != SHA512 &&
diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series
--- perl-5.14.2/debian/patches/series 2012-12-10 14:49:34.000000000 +0200
+++ perl-5.14.2/debian/patches/series 2013-01-25 15:18:22.000000000 +0200
@@ -73,3 +73,5 @@
fixes/cgi-cr-escaping.diff
fixes/maketext-code-execution.diff
fixes/storable-security-warning.diff
+fixes/digest-sha-doublefree.diff
+fixes/64bitint-signedness-wraparound.diff
diff -Nru perl-5.14.2/debian/t/control.t perl-5.14.2/debian/t/control.t
--- perl-5.14.2/debian/t/control.t 2012-12-10 14:49:34.000000000 +0200
+++ perl-5.14.2/debian/t/control.t 2013-01-25 15:18:21.000000000 +0200
@@ -46,6 +46,9 @@
"libautodie-perl" => {
"2.1001" => "2.10.01",
},
+ "libdigest-sha-perl" => {
+ "5.61" => "5.71",
+ },
);
# list special cases where a Breaks entry doesn't need to imply
--- End Message ---
--- Begin Message ---
On Tue, 2013-01-29 at 19:27 +0200, Niko Tyni wrote:
> perl (5.14.2-17) unstable; urgency=low
> .
> * Fix a double-free bug in Digest::SHA. (Closes: #698174)
> + update the Breaks: entry accordingly.
> * Avoid wraparound when casting unsigned size_t to signed ssize_t.
> (Closes: #698320)
Unblocked; thanks.
Regards,
Adam
--- End Message ---
