Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock X-Debbugs-Cc: [email protected], [email protected]
I'd like to fix #702416 / #702444 (memory leak in Encode::decode) in perl + libencode-perl in wheezy. It's not a regression from squeeze, but I intend to pursue a squeeze fix in a point release later. The wheezy side would need a tpu upload of libencode-perl and a sid upload of perl (obviously after 5.14.2-19 has migrated.) I'm attaching the preliminary debdiffs. The perl package needs to Break the unfixed versions of libencode-perl, because the separate packaged version takes precedence in @INC when installed. So perl/5.14.2-20 can't migrate before libencode-perl 2.44-1+deb7u1 but the latter could be uploaded straight away. Would you be OK with this? Thanks for your work, -- Niko Tyni [email protected]
diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog --- perl-5.14.2/debian/changelog 2013-03-05 21:38:31.000000000 +0200 +++ perl-5.14.2/debian/changelog 2013-03-07 19:08:49.000000000 +0200 @@ -1,3 +1,12 @@ +perl (5.14.2-20) unstable; urgency=low + + * Fix an Encode memory leak that occurred in the UTF-8 encoding. + (Closes: #702416) + + upgrade the Broken versions of the separate libencode-perl + package accordingly. + + -- Niko Tyni <[email protected]> Thu, 07 Mar 2013 19:08:47 +0200 + perl (5.14.2-19) unstable; urgency=high * [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity diff -Nru perl-5.14.2/debian/control perl-5.14.2/debian/control --- perl-5.14.2/debian/control 2013-03-05 21:38:02.000000000 +0200 +++ perl-5.14.2/debian/control 2013-03-07 19:02:52.000000000 +0200 @@ -294,7 +294,7 @@ libthreads-perl (<< 1.83), libthreads-shared-perl (<< 1.37), libtime-piece-perl (<< 1.20.01), - libencode-perl (<< 2.42.01), + libencode-perl (<< 2.44-1+deb7u1), libdevel-dprof-perl (<< 20110228.00), mrtg (<< 2.16.3-3.1), libhtml-template-compiled-perl (<< 0.95-1), diff -Nru perl-5.14.2/debian/patches/fixes/encode-memleak.diff perl-5.14.2/debian/patches/fixes/encode-memleak.diff --- perl-5.14.2/debian/patches/fixes/encode-memleak.diff 1970-01-01 02:00:00.000000000 +0200 +++ perl-5.14.2/debian/patches/fixes/encode-memleak.diff 2013-03-07 19:01:39.000000000 +0200 @@ -0,0 +1,64 @@ +From 89405c8ebc5bf8ae4ed6479de2bc0f311c1f6fe1 Mon Sep 17 00:00:00 2001 +From: chansen <[email protected]> +Date: Sun, 3 Mar 2013 22:43:53 +0100 +Subject: Encode: Fixed a memory leak that occurred in the UTF-8 encoding. + +The decode and encode methods allocated a SV for the result, this SV +is passed to the process_utf8() function which may croak() if the +CHECK flag has FB_CROAK set. + +Origin: upstream, http://perl5.git.perl.org/perl.git/commit/5814803a8fa15d6b5fd483efdaf849a7166f9ac4 +Bug: https://github.com/dankogai/p5-encode/issues/8 +Bug-Debian: http://bugs.debian.org/702416 +Patch-Name: fixes/encode-memleak.diff +--- + cpan/Encode/Encode.xs | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/cpan/Encode/Encode.xs b/cpan/Encode/Encode.xs +index 723170c..4fa4ac3 100644 +--- a/cpan/Encode/Encode.xs ++++ b/cpan/Encode/Encode.xs +@@ -440,7 +440,6 @@ CODE: + if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0)); + s = (U8 *) SvPV(src, slen); + e = (U8 *) SvEND(src); +- dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */ + check = SvROK(check_sv) ? ENCODE_PERLQQ|ENCODE_LEAVE_SRC : SvIV(check_sv); + /* + * PerlIO check -- we assume the object is of PerlIO if renewed +@@ -471,6 +470,7 @@ CODE: + } + } + ++ dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */ + s = process_utf8(aTHX_ dst, s, e, check_sv, 0, strict_utf8(aTHX_ obj), renewed); + + /* Clear out translated part of source unless asked not to */ +@@ -482,7 +482,7 @@ CODE: + SvCUR_set(src, slen); + } + SvUTF8_on(dst); +- ST(0) = sv_2mortal(dst); ++ ST(0) = dst; + XSRETURN(1); + } + +@@ -504,7 +504,7 @@ CODE: + if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0)); + s = (U8 *) SvPV(src, slen); + e = (U8 *) SvEND(src); +- dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */ ++ dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */ + if (SvUTF8(src)) { + /* Already encoded */ + if (strict_utf8(aTHX_ obj)) { +@@ -543,7 +543,7 @@ CODE: + } + SvPOK_only(dst); + SvUTF8_off(dst); +- ST(0) = sv_2mortal(dst); ++ ST(0) = dst; + XSRETURN(1); + } + diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series --- perl-5.14.2/debian/patches/series 2013-03-05 21:38:04.000000000 +0200 +++ perl-5.14.2/debian/patches/series 2013-03-07 19:01:39.000000000 +0200 @@ -77,3 +77,4 @@ fixes/64bitint-signedness-wraparound.diff fixes/stdin-sigchld.diff fixes/hsplit-rehash.diff +fixes/encode-memleak.diff diff -Nru perl-5.14.2/debian/t/control.t perl-5.14.2/debian/t/control.t --- perl-5.14.2/debian/t/control.t 2013-03-05 21:38:02.000000000 +0200 +++ perl-5.14.2/debian/t/control.t 2013-03-07 19:08:24.000000000 +0200 @@ -49,6 +49,9 @@ "libdigest-sha-perl" => { "5.61" => "5.71", }, + "libencode-perl" => { + "2.42_01" => "2.44-1+deb7u1", + }, ); # list special cases where a Breaks entry doesn't need to imply
diff --git a/debian/changelog b/debian/changelog index 35a103a..28e4ea4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +libencode-perl (2.44-1+deb7u1) UNRELEASED; urgency=low + + * Add patch memory_leak.patch, backported from the 2.49 release. + (Closes: #702444) + + -- gregor herrmann <[email protected]> Wed, 06 Mar 2013 22:03:32 +0100 + libencode-perl (2.44-1) unstable; urgency=high * Team upload. diff --git a/debian/patches/memory_leak.patch b/debian/patches/memory_leak.patch new file mode 100644 index 0000000..28e975a --- /dev/null +++ b/debian/patches/memory_leak.patch @@ -0,0 +1,56 @@ +Description: fix memory leak: + The decode and encode methods allocated a SV for the result, this SV is + passed to the process_utf8() function which may croak() if the CHECK flag + has FB_CROAK set. +Origin: upstream, 2.49 release +Bug: https://github.com/dankogai/p5-encode/issues/8 +Bug-Debian: http://bugs.debian.org/702444 +Author: Christian Hansen +Reviewed-by: gregor herrmann <[email protected]> +Last-Update: 2013-03-06 + +--- a/Encode.xs ++++ b/Encode.xs +@@ -440,7 +440,6 @@ + if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0)); + s = (U8 *) SvPV(src, slen); + e = (U8 *) SvEND(src); +- dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */ + check = SvROK(check_sv) ? ENCODE_PERLQQ|ENCODE_LEAVE_SRC : SvIV(check_sv); + /* + * PerlIO check -- we assume the object is of PerlIO if renewed +@@ -471,6 +470,7 @@ + } + } + ++ dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */ + s = process_utf8(aTHX_ dst, s, e, check_sv, 0, strict_utf8(aTHX_ obj), renewed); + + /* Clear out translated part of source unless asked not to */ +@@ -482,7 +482,7 @@ + SvCUR_set(src, slen); + } + SvUTF8_on(dst); +- ST(0) = sv_2mortal(dst); ++ ST(0) = dst; + XSRETURN(1); + } + +@@ -504,7 +504,7 @@ + if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0)); + s = (U8 *) SvPV(src, slen); + e = (U8 *) SvEND(src); +- dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */ ++ dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */ + if (SvUTF8(src)) { + /* Already encoded */ + if (strict_utf8(aTHX_ obj)) { +@@ -543,7 +543,7 @@ + } + SvPOK_only(dst); + SvUTF8_off(dst); +- ST(0) = sv_2mortal(dst); ++ ST(0) = dst; + XSRETURN(1); + } + diff --git a/debian/patches/series b/debian/patches/series index 5299247..0d7aa92 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ spelling.patch +memory_leak.patch
