Bug#771214: unblock: iucode-tool/1.1.1-1

2014-11-27 Thread Henrique de Moraes Holschuh 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package iucode-tool

Coverity scan found a few issues in iucode-tool v1.1.  I fixed them in
iucode-tool v1.1.1.  These fixes are the only changes between v1.1 and
v1.1.1.

While many of the fixes are to error paths, one of them is for an off-by-one
overflow in a heap-allocated buffer (which writes an entire extra dword past
the end of the allocated memory region).

This new upstream release was uploaded to unstable in 2014-10-28.
Unfortunately, it did not migrate to testing before the first freeze
deadline.

It has been in use in unstable since then, and no bugs were reported.

Here's the diffstat for the debdiff:

 ChangeLog|   13 +
 README   |4 
 aclocal.m4   |7 
 config.sub   |9 -
 configure|   24 +-
 configure.ac |2 
 debian/changelog |   16 +
 debian/control   |2 
 depcomp  |  453 ---
 install-sh   |   14 -
 iucode_tool.c|   34 ++--
 missing  |  412 +-
 12 files changed, 495 insertions(+), 495 deletions(-)

Most of that is useless noise, caused by autoconf and automake.

I have attached the debdiff with the hunks caused by autoconf/automake
removed by filterdiff (i.e. with aclocal.m4, config.sub, configure,
depcomp, instal-sh and missing removed).

I'd really appreciate if iucode-tool 1.1.1's migration to testing could be
approved by the release team.

Thank you!

unblock iucode-tool/1.1.1-1

-- 
  One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie. -- The Silicon Valley Tarot
  Henrique Holschuh
diff -Nru iucode-tool-1.1/aclocal.m4 iucode-tool-1.1.1/aclocal.m4
diff -Nru iucode-tool-1.1/ChangeLog iucode-tool-1.1.1/ChangeLog
--- iucode-tool-1.1/ChangeLog	2014-09-09 14:47:27.0 -0300
+++ iucode-tool-1.1.1/ChangeLog	2014-10-28 16:28:51.0 -0200
@@ -1,3 +1,16 @@
+2014-10-28, iucode_tool v1.1.1
+
+  * Fix issues found by the Coverity static checker:
++ CID 72165: An off-by-one error caused an out-of-bounds write to a
+  buffer while loading large microcode data files in ascii format
+  (will not be triggered by the data files currently issued by Intel)
++ CID 72163: The code could attempt to close an already closed file
+  descriptor in certain conditions when processing directories
++ CID 72161: Stop memory leak in error path when loading microcode
+  data files
++ CID 72159, 72164, 72166, 72167, 72168, 72169: Cosmetic issues
+  that could not cause problems at runtime.
+
 2014-09-09, iucode_tool v1.1
 
   * Don't output duplicates for microcodes with extended signatures
diff -Nru iucode-tool-1.1/config.sub iucode-tool-1.1.1/config.sub
diff -Nru iucode-tool-1.1/configure iucode-tool-1.1.1/configure
diff -Nru iucode-tool-1.1/configure.ac iucode-tool-1.1.1/configure.ac
--- iucode-tool-1.1/configure.ac	2014-09-09 14:47:27.0 -0300
+++ iucode-tool-1.1.1/configure.ac	2014-10-28 16:28:51.0 -0200
@@ -16,7 +16,7 @@
 dnl along with this program; if not, write to the Free Software
 dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
-AC_INIT([iucode_tool], [1.1])
+AC_INIT([iucode_tool], [1.1.1])
 
 AC_PREREQ([2.61])
 AC_CONFIG_SRCDIR([iucode_tool.c])
diff -Nru iucode-tool-1.1/debian/changelog iucode-tool-1.1.1/debian/changelog
--- iucode-tool-1.1/debian/changelog	2014-09-12 08:56:35.0 -0300
+++ iucode-tool-1.1.1/debian/changelog	2014-10-28 17:02:45.0 -0200
@@ -1,3 +1,19 @@
+iucode-tool (1.1.1-1) unstable; urgency=medium
+
+  * New upstream release
++ Fix issues found by the Coverity static checker:
++ CID 72165: An off-by-one error caused an out-of-bounds write to a
+  buffer while loading large microcode data files in ascii format
++ CID 72163: The code could attempt to close an already closed file
+  descriptor in certain conditions when processing directories
++ CID 72161: Stop memory leak in error path when loading microcode
+  data files
++ CID 72159, 72164, 72166, 72167, 72168, 72169: Cosmetic issues
+  that could not cause problems at runtime
+  * debian/control: bump standards version to 3.9.6
+
+ -- Henrique de Moraes Holschuh h...@debian.org  Tue, 28 Oct 2014 17:02:42 -0200
+
 iucode-tool (1.1-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru iucode-tool-1.1/debian/control iucode-tool-1.1.1/debian/control
--- iucode-tool-1.1/debian/control	2014-09-11 20:48:49.0 -0300
+++ iucode-tool-1.1.1/debian/control	2014-10-28 17:02:09.0 -0200
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Henrique de Moraes Holschuh h...@debian.org
 Build-Depends: debhelper (= 7), autotools-dev, automake (= 1:1.10), autoconf (= 2.61)
-Standards-Version:

Bug#771214: unblock: iucode-tool/1.1.1-1

2014-11-27 Thread Henrique de Moraes Holschuh 
On Thu, 27 Nov 2014, Niels Thykier wrote:
 On 2014-11-27 17:43, Henrique de Moraes Holschuh wrote:
  Package: release.debian.org
  Severity: normal
  User: release.debian@packages.debian.org
  Usertags: unblock
  
  Please unblock package iucode-tool
  
  [...]
  
  I'd really appreciate if iucode-tool 1.1.1's migration to testing could be
  approved by the release team.
  
  Thank you!
  
  unblock iucode-tool/1.1.1-1
  
 
 Unblocked, thanks.

Thank you!

And kudos to the release team for the extremely fast reply!

-- 
  One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie. -- The Silicon Valley Tarot
  Henrique Holschuh


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141127181804.ga27...@khazad-dum.debian.net