Bug#998247: bullseye-pu: package libencode-perl/3.08-1+deb11u2

Mon, 01 Nov 2021 08:27:25 -0700 

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-p...@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I've uploaded libencode-perl/3.08-1+deb11u2 to bullseye.

It fixes a memory leak with a patch backported from newer upstream
releases which is already in unstable.

Bug: https://rt.cpan.org/Ticket/Display.html?id=139622
Bug-Debian: #995804

Complete debdiff attached.


Cheers,
gregor

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmGABmVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgbVRQ/+IG3HcRjqmmdwdLJEEuLrtYGTjWTFnEt9Dv4OuMUgJYBNqk0UPxTzvacE
V77Gqt/0A8hadc/LZ8i9roj07swpViKrcmn4OIhQ00KrKMykdvSku7gn9UfkeC/4
GNwozyaS+frn1jQh92zdNyiyyEFbc+MIVBCJBs09nD7DJDdOsXJD6aAkSvAK+MYs
sVnvUA8Z/eZwdTdVbqnGTAJFR0645KLmuJ43eb38kR+izp5M++K1GyGSJBzlI7ZE
PowBCZ/nUbwhOMZ8gq0KDq7TwnIH77sDgGieUCTdEj/A6BPSR5zfBGC93DGWhPgJ
fZsyRa4R0HcTYcZig9xfQTrY6gAG+7RiVpAi3JxW6Jub7Egia/KNsPketkUNk3CU
g3pep3jVxS8YgD0XepeTbg5+o1zSMpzv7KY1L1in3T/AzER9fk6TF8uuKvQQlRF4
kr8OUbLUE3H4CZB6c48n1gLIT2JQslgGRof/RE/6WSlsDbCREppym08/P1FnngYC
Hqebq/D3aw8JPfaaipUgT1bpB3LM/rTNUuJBGZMepQp2LVpB9lq8PFCQAiaiY17c
kH739P6Wyc6a/DGzm+2h34+3I0SHczORnXf3OjV3zoTovwkKcbhZi68l9zGm4SuZ
4e5/hVKjFxGWWGrOBopSeZ0A8sIl9aOKAYs1Jhsoeo4dQGM3vM8=
=2XB1
-----END PGP SIGNATURE-----

diff -Nru libencode-perl-3.08/debian/changelog 
libencode-perl-3.08/debian/changelog
--- libencode-perl-3.08/debian/changelog        2021-08-06 20:49:32.000000000 
+0200
+++ libencode-perl-3.08/debian/changelog        2021-11-01 16:15:54.000000000 
+0100
@@ -1,3 +1,13 @@
+libencode-perl (3.08-1+deb11u2) bullseye; urgency=medium
+
+  * Fix memory leak.
+    Add patch rt_139622_memory-leak.patch, taken from upstream releases 3.13,
+    3.14, 3.15 to fix a memory leak in Encode.xs.
+    Cf. https://rt.cpan.org/Ticket/Display.html?id=139622
+    (Closes: #995804)
+
+ -- gregor herrmann <gre...@debian.org>  Mon, 01 Nov 2021 16:15:54 +0100
+
 libencode-perl (3.08-1+deb11u1) bullseye-security; urgency=high
 
   * [SECURITY] CVE-2021-36770: Encode loading code from working directory
diff -Nru libencode-perl-3.08/debian/patches/rt_139622_memory-leak.patch 
libencode-perl-3.08/debian/patches/rt_139622_memory-leak.patch
--- libencode-perl-3.08/debian/patches/rt_139622_memory-leak.patch      
1970-01-01 01:00:00.000000000 +0100
+++ libencode-perl-3.08/debian/patches/rt_139622_memory-leak.patch      
2021-11-01 16:15:54.000000000 +0100
@@ -0,0 +1,82 @@
+Description: Fix memory leak
+Origin: upstream releases 3.13, 3.14, 3.15
+Bug-Debian: https://bugs.debian.org/995804
+Bug: https://rt.cpan.org/Ticket/Display.html?id=139622
+Reviewed-by: gregor herrmann <gre...@debian.org>
+Last-Update: 2021-11-01
+
+--- a/Encode.xs
++++ b/Encode.xs
+@@ -154,7 +154,7 @@ encode_method(pTHX_ const encode_t * enc
+     STRLEN sdone = 0;
+     /* We allocate slen+1.
+        PerlIO dumps core if this value is smaller than this. */
+-    SV *dst = newSV(slen+1);
++    SV *dst = sv_2mortal(newSV(slen+1));
+     U8 *d = (U8 *)SvPVX(dst);
+     STRLEN dlen = SvLEN(dst)-1;
+     int code = 0;
+@@ -810,13 +810,12 @@ CODE:
+     tmp = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
+                 &offset, term, &code, fallback_cb);
+     sv_catsv(dst, tmp);
+-    SvREFCNT_dec(tmp);
+     SvIV_set(off, (IV)offset);
+     RETVAL = (code == ENCODE_FOUND_TERM);
+ OUTPUT:
+     RETVAL
+ 
+-SV *
++void
+ Method_decode(obj,src,check_sv = &PL_sv_no)
+ SV *  obj
+ SV *  src
+@@ -828,6 +827,7 @@ PREINIT:
+     encode_t *enc;
+     U8 *s;
+     STRLEN slen;
++    SV *ret;
+ INIT:
+     SvGETMAGIC(src);
+     SvGETMAGIC(check_sv);
+@@ -841,13 +841,13 @@ CODE:
+     s = modify ? (U8 *)SvPV_force_nomg(src, slen) : (U8 *)SvPV_nomg(src, 
slen);
+     if (SvUTF8(src))
+         utf8_safe_downgrade(aTHX_ &src, &s, &slen, modify);
+-    RETVAL = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
++    ret = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
+               NULL, Nullsv, NULL, fallback_cb);
+-    SvUTF8_on(RETVAL);
+-OUTPUT:
+-    RETVAL
++    SvUTF8_on(ret);
++    ST(0) = ret;
++    XSRETURN(1);
+ 
+-SV *
++void
+ Method_encode(obj,src,check_sv = &PL_sv_no)
+ SV *  obj
+ SV *  src
+@@ -859,6 +859,7 @@ PREINIT:
+     encode_t *enc;
+     U8 *s;
+     STRLEN slen;
++    SV *ret;
+ INIT:
+     SvGETMAGIC(src);
+     SvGETMAGIC(check_sv);
+@@ -872,10 +873,10 @@ CODE:
+     s = modify ? (U8 *)SvPV_force_nomg(src, slen) : (U8 *)SvPV_nomg(src, 
slen);
+     if (!SvUTF8(src))
+         utf8_safe_upgrade(aTHX_ &src, &s, &slen, modify);
+-    RETVAL = encode_method(aTHX_ enc, enc->f_utf8, src, s, slen, check,
++    ret = encode_method(aTHX_ enc, enc->f_utf8, src, s, slen, check,
+               NULL, Nullsv, NULL, fallback_cb);
+-OUTPUT:
+-    RETVAL
++    ST(0) = ret;
++    XSRETURN(1);
+ 
+ bool
+ Method_needs_lines(obj)
diff -Nru libencode-perl-3.08/debian/patches/series 
libencode-perl-3.08/debian/patches/series
--- libencode-perl-3.08/debian/patches/series   2021-08-06 20:49:32.000000000 
+0200
+++ libencode-perl-3.08/debian/patches/series   2021-11-01 16:15:54.000000000 
+0100
@@ -1 +1,2 @@
 0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch
+rt_139622_memory-leak.patch

Reply via email to