[SCM] Debian packaging of libdigest-sha-perl branch, master, updated. debian/5.71-2-23-g2f89d01
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 16 20:04:21 UTC 2013
The following commit has been merged in the master branch:
commit b79e33ac12b14185fe2b3bf7dc0d692faa00a902
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Mon Jan 14 23:57:42 2013 +0100
Add 698172-fix-double-free-in-load-subroutine.patch patch
Fix double-free when loading Digest::SHA object representing the
intermediate SHA state from a file.
Closes: #698172
diff --git a/debian/patches/698172-fix-double-free-in-load-subroutine.patch b/debian/patches/698172-fix-double-free-in-load-subroutine.patch
new file mode 100644
index 0000000..25f8b14
--- /dev/null
+++ b/debian/patches/698172-fix-double-free-in-load-subroutine.patch
@@ -0,0 +1,58 @@
+Description: corrected load subroutine (SHA.pm) to prevent double-free
+ Fix double-free when loading Digest::SHA object representing the
+ intermediate SHA state from a file.
+Origin: upstream, https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
+Bug: https://rt.cpan.org/Ticket/Display.html?id=82655
+Bug-Debian: http://bugs.debian.org/698172
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil at debian.org>
+Last-Update: 2013-01-14
+Applied-Upstream: yes, 5.81
+
+--- a/lib/Digest/SHA.pm
++++ b/lib/Digest/SHA.pm
+@@ -50,7 +50,7 @@
+ return($class);
+ }
+ shaclose($$class) if $$class;
+- $$class = shaopen($alg) || return;
++ return unless $$class = shaopen($alg);
+ return($class);
+ }
+ $alg = 1 unless defined $alg;
+@@ -163,18 +163,21 @@
+
+ sub dump {
+ my $self = shift;
+- my $file = shift || "";
++ my $file = shift;
+
++ $file = "" unless defined $file;
+ shadump($file, $$self) || return;
+ return($self);
+ }
+
+ sub load {
+ my $class = shift;
+- my $file = shift || "";
++ my $file = shift;
++
++ $file = "" unless defined $file;
+ if (ref($class)) { # instance method
+ shaclose($$class) if $$class;
+- $$class = shaload($file) || return;
++ return unless $$class = shaload($file);
+ return($class);
+ }
+ my $state = shaload($file) || return;
+--- a/src/sha.c
++++ b/src/sha.c
+@@ -272,7 +272,7 @@
+ /* shaopen: creates a new digest object */
+ SHA *shaopen(int alg)
+ {
+- SHA *s;
++ SHA *s = NULL;
+
+ if (alg != SHA1 && alg != SHA224 && alg != SHA256 &&
+ alg != SHA384 && alg != SHA512 &&
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..04c11bb
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+698172-fix-double-free-in-load-subroutine.patch
--
Debian packaging of libdigest-sha-perl
More information about the Pkg-perl-cvs-commits
mailing list