Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package iucode-tool Coverity scan found a few issues in iucode-tool v1.1. I fixed them in iucode-tool v1.1.1. These fixes are the only changes between v1.1 and v1.1.1. While many of the fixes are to error paths, one of them is for an off-by-one overflow in a heap-allocated buffer (which writes an entire extra dword past the end of the allocated memory region). This new upstream release was uploaded to unstable in 2014-10-28. Unfortunately, it did not migrate to testing before the first freeze deadline. It has been in use in unstable since then, and no bugs were reported. Here's the diffstat for the debdiff: ChangeLog | 13 + README | 4 aclocal.m4 | 7 config.sub | 9 - configure | 24 +- configure.ac | 2 debian/changelog | 16 + debian/control | 2 depcomp | 453 ++++++++++++++++++++++++++++++++----------------------- install-sh | 14 - iucode_tool.c | 34 ++-- missing | 412 +++++++++++++++++--------------------------------- 12 files changed, 495 insertions(+), 495 deletions(-) Most of that is useless noise, caused by autoconf and automake. I have attached the debdiff with the hunks caused by autoconf/automake removed by filterdiff (i.e. with "aclocal.m4", "config.sub", "configure", "depcomp", "instal-sh" and "missing" removed). I'd really appreciate if iucode-tool 1.1.1's migration to testing could be approved by the release team. Thank you! unblock iucode-tool/1.1.1-1 -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
diff -Nru iucode-tool-1.1/aclocal.m4 iucode-tool-1.1.1/aclocal.m4 diff -Nru iucode-tool-1.1/ChangeLog iucode-tool-1.1.1/ChangeLog --- iucode-tool-1.1/ChangeLog 2014-09-09 14:47:27.000000000 -0300 +++ iucode-tool-1.1.1/ChangeLog 2014-10-28 16:28:51.000000000 -0200 @@ -1,3 +1,16 @@ +2014-10-28, iucode_tool v1.1.1 + + * Fix issues found by the Coverity static checker: + + CID 72165: An off-by-one error caused an out-of-bounds write to a + buffer while loading large microcode data files in ascii format + (will not be triggered by the data files currently issued by Intel) + + CID 72163: The code could attempt to close an already closed file + descriptor in certain conditions when processing directories + + CID 72161: Stop memory leak in error path when loading microcode + data files + + CID 72159, 72164, 72166, 72167, 72168, 72169: Cosmetic issues + that could not cause problems at runtime. + 2014-09-09, iucode_tool v1.1 * Don't output duplicates for microcodes with extended signatures diff -Nru iucode-tool-1.1/config.sub iucode-tool-1.1.1/config.sub diff -Nru iucode-tool-1.1/configure iucode-tool-1.1.1/configure diff -Nru iucode-tool-1.1/configure.ac iucode-tool-1.1.1/configure.ac --- iucode-tool-1.1/configure.ac 2014-09-09 14:47:27.000000000 -0300 +++ iucode-tool-1.1.1/configure.ac 2014-10-28 16:28:51.000000000 -0200 @@ -16,7 +16,7 @@ dnl along with this program; if not, write to the Free Software dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -AC_INIT([iucode_tool], [1.1]) +AC_INIT([iucode_tool], [1.1.1]) AC_PREREQ([2.61]) AC_CONFIG_SRCDIR([iucode_tool.c]) diff -Nru iucode-tool-1.1/debian/changelog iucode-tool-1.1.1/debian/changelog --- iucode-tool-1.1/debian/changelog 2014-09-12 08:56:35.000000000 -0300 +++ iucode-tool-1.1.1/debian/changelog 2014-10-28 17:02:45.000000000 -0200 @@ -1,3 +1,19 @@ +iucode-tool (1.1.1-1) unstable; urgency=medium + + * New upstream release + + Fix issues found by the Coverity static checker: + + CID 72165: An off-by-one error caused an out-of-bounds write to a + buffer while loading large microcode data files in ascii format + + CID 72163: The code could attempt to close an already closed file + descriptor in certain conditions when processing directories + + CID 72161: Stop memory leak in error path when loading microcode + data files + + CID 72159, 72164, 72166, 72167, 72168, 72169: Cosmetic issues + that could not cause problems at runtime + * debian/control: bump standards version to 3.9.6 + + -- Henrique de Moraes Holschuh <h...@debian.org> Tue, 28 Oct 2014 17:02:42 -0200 + iucode-tool (1.1-1) unstable; urgency=medium * New upstream release diff -Nru iucode-tool-1.1/debian/control iucode-tool-1.1.1/debian/control --- iucode-tool-1.1/debian/control 2014-09-11 20:48:49.000000000 -0300 +++ iucode-tool-1.1.1/debian/control 2014-10-28 17:02:09.000000000 -0200 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Henrique de Moraes Holschuh <h...@debian.org> Build-Depends: debhelper (>= 7), autotools-dev, automake (>= 1:1.10), autoconf (>= 2.61) -Standards-Version: 3.9.5 +Standards-Version: 3.9.6 Homepage: https://gitorious.org/iucode-tool/pages/Home Vcs-Git: git://gitorious.org/iucode-tool/iucode-tool.git -b debian/master Vcs-Browser: https://gitorious.org/iucode-tool/iucode-tool diff -Nru iucode-tool-1.1/depcomp iucode-tool-1.1.1/depcomp diff -Nru iucode-tool-1.1/install-sh iucode-tool-1.1.1/install-sh diff -Nru iucode-tool-1.1/iucode_tool.c iucode-tool-1.1.1/iucode_tool.c --- iucode-tool-1.1/iucode_tool.c 2014-09-09 14:47:12.000000000 -0300 +++ iucode-tool-1.1.1/iucode_tool.c 2014-10-28 16:28:51.000000000 -0200 @@ -609,7 +609,7 @@ /* we did read a value */ pos++; - if (unlikely(mcb_buflen < pos)) { + if (unlikely(mcb_buflen <= pos)) { /* expand buffer */ if (unlikely(buffer_limit - mcb_buflen < buffer_size_granularity)) { err = EFBIG; @@ -762,12 +762,12 @@ *mcb = rp; *mcb_length = mcb_size; + return 0; + err_out: - if (err) { - free(mcb_buffer); - *mcb = NULL; - *mcb_length = 0; - } + free(mcb_buffer); + *mcb = NULL; + *mcb_length = 0; return err; } @@ -807,7 +807,7 @@ goto err_out; } - if (!err && mcb && mcb_length) { + if (!err && mcb) { last_bundle_id++; err = add_intel_microcode_bundle(fn, last_bundle_id, mcb, mcb_length); @@ -837,6 +837,8 @@ else if (fd != -1) close(fd); + free(mcb); + return err; } @@ -874,8 +876,10 @@ err = 0; - if (fd != -1) + if (fd != -1) { close(fd); + fd = -1; + } if (dir) { errno = 0; @@ -2010,15 +2014,12 @@ uint32_t cpuid_buf[8]; struct microcode_filter_entry *uc_cpu = NULL; - int cpuid_fd = -1; + int cpuid_fd; unsigned int i = 0; unsigned int ncpu = 0; int rc = 0; while (1) { - if (cpuid_fd != -1) - close(cpuid_fd); - snprintf(cpuid_device, sizeof(cpuid_device), CPUID_DEVICE_BASE, i); cpuid_fd = open(cpuid_device, O_RDONLY); @@ -2052,12 +2053,12 @@ print_err("%s: access to CPUID(0) and CPUID(1) failed", cpuid_device); /* this is in the should not happen list, so abort */ + close(cpuid_fd); rc = 1; goto err_out; } close(cpuid_fd); - cpuid_fd = -1; ncpu++; /* Is it a supported Intel processor ? */ @@ -2123,9 +2124,6 @@ print_msg(2, "checked the signature of %u processor(s)", ncpu); err_out: - if (cpuid_fd != -1) - close(cpuid_fd); - if (uc_cpu) free_filter_list(uc_cpu); @@ -2442,6 +2440,7 @@ switch (key) { case 'h': argp_state_help(state, stdout, ARGP_HELP_STD_HELP); + break; /* usually not reached */ case 'q': verbosity = 0; @@ -2458,7 +2457,7 @@ break; case 't': - if (!arg || strlen(arg) > 1) + if (strlen(arg) > 1) argp_error(state, "unknown file type: %s\n", arg); switch (*arg) { case 'd': /* .dat */ @@ -2540,6 +2539,7 @@ break; /* success */ case EINVAL: argp_error(state, "invalid filter: %s", arg); + break; /* not reached */ default: argp_failure(state, EXIT_SWFAILURE, rc, "could not add filter '%s'", arg); diff -Nru iucode-tool-1.1/missing iucode-tool-1.1.1/missing diff -Nru iucode-tool-1.1/README iucode-tool-1.1.1/README --- iucode-tool-1.1/README 2014-09-11 16:59:57.000000000 -0300 +++ iucode-tool-1.1.1/README 2014-10-28 16:28:51.000000000 -0200 @@ -2,8 +2,8 @@ iucode_tool - IntelĀ® 64 and IA-32 processor microcode tool - Version 1.1 - September 9th, 2014 + Version 1.1.1 + October, 28th, 2014 https://gitorious.org/iucode-tool