Bug#816243: marked as done (jessie-pu: package subversion/1.8.10-6+deb8u3)

Sat, 02 Apr 2016 06:29:21 -0700 

Your message dated Sat, 02 Apr 2016 14:20:04 +0100
with message-id <1459603204.2441.216.ca...@adam-barratt.org.uk>
and subject line Fix included in stable
has caused the Debian Bug report #816243,
regarding jessie-pu: package subversion/1.8.10-6+deb8u3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
816243: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816243
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

I'd like to propose the following update (+ s/UNRELEASED/jessie/) to fix a
crash when running svn and using kwallet to store credentials.

$ debdiff subversion_1.8.10-6+deb8u{2,3}.dsc
diffstat for subversion_1.8.10-6+deb8u2 subversion_1.8.10-6+deb8u3

 debian/patches/r1701440-kwallet-segfault |  145 +++++++++++++++++++++++++++++++
 subversion-1.8.10/debian/changelog       |    7 +
 subversion-1.8.10/debian/patches/series  |    1 
 3 files changed, 153 insertions(+)

diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog
--- subversion-1.8.10/debian/changelog
+++ subversion-1.8.10/debian/changelog
@@ -1,3 +1,10 @@
+subversion (1.8.10-6+deb8u3) UNRELEASED; urgency=medium
+
+  * patches/r1701440-kwallet-segfault: Fix segfault when using kwallet to
+    store authentication information.  (Closes: #736879)
+
+ -- James McCoy <james...@debian.org>  Sat, 27 Feb 2016 14:08:40 -0500
+
 subversion (1.8.10-6+deb8u2) jessie-security; urgency=high
 
   * patches/r1708699-mod_auth_ntlm-kerb-fix: Fix regression interacting with
diff -u subversion-1.8.10/debian/patches/series 
subversion-1.8.10/debian/patches/series
--- subversion-1.8.10/debian/patches/series
+++ subversion-1.8.10/debian/patches/series
@@ -28,0 +29 @@
+r1701440-kwallet-segfault
only in patch2:
unchanged:
--- subversion-1.8.10.orig/debian/patches/r1701440-kwallet-segfault
+++ subversion-1.8.10/debian/patches/r1701440-kwallet-segfault
@@ -0,0 +1,145 @@
+------------------------------------------------------------------------
+r1701440 | svn-role | 2015-09-06 00:00:12 -0400 (Sun, 06 Sep 2015) | 9 lines
+
+Merge the r1700740 group from trunk:
+
+ * r1700740, r1700951
+   Fix registration of kwallet to avoid double free on close
+   Justification:
+     Fixes segfault on kwallet close. User reported problem.
+   Votes:
+     +1: rhuijben, stsp, brane
+
+
+Index: 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp
+===================================================================
+--- 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp   (revision 1701439)
++++ 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp   (revision 1701440)
+@@ -47,6 +47,7 @@
+ #include "svn_auth.h"
+ #include "svn_config.h"
+ #include "svn_error.h"
++#include "svn_hash.h"
+ #include "svn_io.h"
+ #include "svn_pools.h"
+ #include "svn_string.h"
+@@ -135,35 +136,37 @@
+   return wid;
+ }
+ 
++/* Forward definition */
++static apr_status_t
++kwallet_terminate(void *data);
++
+ static KWallet::Wallet *
+ get_wallet(QString wallet_name,
+            apr_hash_t *parameters)
+ {
+   KWallet::Wallet *wallet =
+-    static_cast<KWallet::Wallet *> (apr_hash_get(parameters,
+-                                                 "kwallet-wallet",
+-                                                 APR_HASH_KEY_STRING));
+-  if (! wallet && ! apr_hash_get(parameters,
+-                                 "kwallet-opening-failed",
+-                                 APR_HASH_KEY_STRING))
++    static_cast<KWallet::Wallet *> (svn_hash_gets(parameters,
++                                                  "kwallet-wallet"));
++  if (! wallet && ! svn_hash_gets(parameters, "kwallet-opening-failed"))
+     {
+       wallet = KWallet::Wallet::openWallet(wallet_name, get_wid(),
+                                            KWallet::Wallet::Synchronous);
++
++      if (wallet)
++        {
++          svn_hash_sets(parameters, "kwallet-wallet", wallet);
++
++          apr_pool_cleanup_register(apr_hash_pool_get(parameters),
++                                    parameters, kwallet_terminate,
++                                    apr_pool_cleanup_null);
++
++          svn_hash_sets(parameters, "kwallet-initialized", "");
++        }
++      else
++        {
++          svn_hash_sets(parameters, "kwallet-opening-failed", "");
++        }
+     }
+-  if (wallet)
+-    {
+-      apr_hash_set(parameters,
+-                   "kwallet-wallet",
+-                   APR_HASH_KEY_STRING,
+-                   wallet);
+-    }
+-  else
+-    {
+-      apr_hash_set(parameters,
+-                   "kwallet-opening-failed",
+-                   APR_HASH_KEY_STRING,
+-                   "");
+-    }
+   return wallet;
+ }
+ 
+@@ -171,14 +174,12 @@
+ kwallet_terminate(void *data)
+ {
+   apr_hash_t *parameters = static_cast<apr_hash_t *> (data);
+-  if (apr_hash_get(parameters, "kwallet-initialized", APR_HASH_KEY_STRING))
++  if (svn_hash_gets(parameters, "kwallet-initialized"))
+     {
+       KWallet::Wallet *wallet = get_wallet(NULL, parameters);
+       delete wallet;
+-      apr_hash_set(parameters,
+-                   "kwallet-initialized",
+-                   APR_HASH_KEY_STRING,
+-                   NULL);
++      svn_hash_sets(parameters, "kwallet-wallet", NULL);
++      svn_hash_sets(parameters, "kwallet-initialized", NULL);
+     }
+   return APR_SUCCESS;
+ }
+@@ -236,10 +237,6 @@
+       KWallet::Wallet *wallet = get_wallet(wallet_name, parameters);
+       if (wallet)
+         {
+-          apr_hash_set(parameters,
+-                       "kwallet-initialized",
+-                       APR_HASH_KEY_STRING,
+-                       "");
+           if (wallet->setFolder(folder))
+             {
+               QString q_password;
+@@ -254,9 +251,6 @@
+         }
+     }
+ 
+-  apr_pool_cleanup_register(pool, parameters, kwallet_terminate,
+-                            apr_pool_cleanup_null);
+-
+   return SVN_NO_ERROR;
+ }
+ 
+@@ -310,10 +304,6 @@
+   KWallet::Wallet *wallet = get_wallet(wallet_name, parameters);
+   if (wallet)
+     {
+-      apr_hash_set(parameters,
+-                   "kwallet-initialized",
+-                   APR_HASH_KEY_STRING,
+-                   "");
+       if (! wallet->hasFolder(folder))
+         {
+           wallet->createFolder(folder);
+@@ -329,9 +319,6 @@
+         }
+     }
+ 
+-  apr_pool_cleanup_register(pool, parameters, kwallet_terminate,
+-                            apr_pool_cleanup_null);
+-
+   return SVN_NO_ERROR;
+ }
+ 
+
+------------------------------------------------------------------------

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
Version: 8.4

Hi,

The packages referenced by these bugs were included in today's stable
point release.

Regards,

Adam

--- End Message ---

Reply via email to