* apt-pkg/contrib/sha1.cc:

  - fix illegally casts of on-stack buffer to a type requiring more
    alignment than it has resulting in segfaults on sparc (Closes: #634696)

The problem is how sha1.cc codes the SHA1 transform, it illegally
casts the on-stack workspace buffer to a type requiring more
alignment than 'workspace' is actually declared to have.

This only shows up recently because gcc-4.6 now does a really
aggressive optimization where it gets rid of the workspace
buffer entirely and just accesses 'buffer' directly, and assumes
it has the necessary alignment for 32-bit loads (which it
doesn't).

diff --git a/apt-pkg/contrib/sha1.cc b/apt-pkg/contrib/sha1.cc
index eae52d52f6341ea22abdb3ee3493bd48c3407316..abc2aaf9f22314ea7a4ef56c7cbc7dcc56e7693e 100644 (file)
--- a/apt-pkg/contrib/sha1.cc
+++ b/apt-pkg/contrib/sha1.cc
@@ -74,10 +74,9 @@ static void SHA1Transform(uint32_t state[5],uint8_t const buffer[64])
       uint32_t l[16];
    }
    CHAR64LONG16;
-   CHAR64LONG16 *block;
+   CHAR64LONG16 workspace, *block;
 
-   uint8_t workspace[64];
-   block = (CHAR64LONG16 *)workspace;
+   block = &workspace;
    memcpy(block,buffer,sizeof(workspace));
 
    /* Copy context->state[] to working vars */

diff --git a/debian/changelog b/debian/changelog
index 18b59ec4e5747d67a9d257fc9eb1e422540d8777..1eeb57ae76ebc833bd5bbbfee9cdd37afd7831df 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+apt (0.8.15.4) unstable; urgency=low
+
+  [ David Miller ]
+  * apt-pkg/contrib/sha1.cc:
+    - fix illegally casts of on-stack buffer to a type requiring more
+      alignment than it has resulting in segfaults on sparc (Closes: #634696)
+
+ -- David Kalnischkies <kalnischkies@gmail.com>  Tue, 26 Jul 2011 08:26:53 +0200
+
 apt (0.8.15.3) unstable; urgency=low
 
   [ Michael Vogt ]