Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package iucode-tool
Coverity scan found a few issues in iucode-tool v1.1. I fixed them in
iucode-tool v1.1.1. These fixes are the only changes between v1.1 and
v1.1.1.
While many of the fixes are to error paths, one of them is for an off-by-one
overflow in a heap-allocated buffer (which writes an entire extra dword past
the end of the allocated memory region).
This new upstream release was uploaded to unstable in 2014-10-28.
Unfortunately, it did not migrate to testing before the first freeze
deadline.
It has been in use in unstable since then, and no bugs were reported.
Here's the diffstat for the debdiff:
ChangeLog| 13 +
README |4
aclocal.m4 |7
config.sub |9 -
configure| 24 +-
configure.ac |2
debian/changelog | 16 +
debian/control |2
depcomp | 453 ---
install-sh | 14 -
iucode_tool.c| 34 ++--
missing | 412 +-
12 files changed, 495 insertions(+), 495 deletions(-)
Most of that is useless noise, caused by autoconf and automake.
I have attached the debdiff with the hunks caused by autoconf/automake
removed by filterdiff (i.e. with aclocal.m4, config.sub, configure,
depcomp, instal-sh and missing removed).
I'd really appreciate if iucode-tool 1.1.1's migration to testing could be
approved by the release team.
Thank you!
unblock iucode-tool/1.1.1-1
--
One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie. -- The Silicon Valley Tarot
Henrique Holschuh
diff -Nru iucode-tool-1.1/aclocal.m4 iucode-tool-1.1.1/aclocal.m4
diff -Nru iucode-tool-1.1/ChangeLog iucode-tool-1.1.1/ChangeLog
--- iucode-tool-1.1/ChangeLog 2014-09-09 14:47:27.0 -0300
+++ iucode-tool-1.1.1/ChangeLog 2014-10-28 16:28:51.0 -0200
@@ -1,3 +1,16 @@
+2014-10-28, iucode_tool v1.1.1
+
+ * Fix issues found by the Coverity static checker:
++ CID 72165: An off-by-one error caused an out-of-bounds write to a
+ buffer while loading large microcode data files in ascii format
+ (will not be triggered by the data files currently issued by Intel)
++ CID 72163: The code could attempt to close an already closed file
+ descriptor in certain conditions when processing directories
++ CID 72161: Stop memory leak in error path when loading microcode
+ data files
++ CID 72159, 72164, 72166, 72167, 72168, 72169: Cosmetic issues
+ that could not cause problems at runtime.
+
2014-09-09, iucode_tool v1.1
* Don't output duplicates for microcodes with extended signatures
diff -Nru iucode-tool-1.1/config.sub iucode-tool-1.1.1/config.sub
diff -Nru iucode-tool-1.1/configure iucode-tool-1.1.1/configure
diff -Nru iucode-tool-1.1/configure.ac iucode-tool-1.1.1/configure.ac
--- iucode-tool-1.1/configure.ac 2014-09-09 14:47:27.0 -0300
+++ iucode-tool-1.1.1/configure.ac 2014-10-28 16:28:51.0 -0200
@@ -16,7 +16,7 @@
dnl along with this program; if not, write to the Free Software
dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-AC_INIT([iucode_tool], [1.1])
+AC_INIT([iucode_tool], [1.1.1])
AC_PREREQ([2.61])
AC_CONFIG_SRCDIR([iucode_tool.c])
diff -Nru iucode-tool-1.1/debian/changelog iucode-tool-1.1.1/debian/changelog
--- iucode-tool-1.1/debian/changelog 2014-09-12 08:56:35.0 -0300
+++ iucode-tool-1.1.1/debian/changelog 2014-10-28 17:02:45.0 -0200
@@ -1,3 +1,19 @@
+iucode-tool (1.1.1-1) unstable; urgency=medium
+
+ * New upstream release
++ Fix issues found by the Coverity static checker:
++ CID 72165: An off-by-one error caused an out-of-bounds write to a
+ buffer while loading large microcode data files in ascii format
++ CID 72163: The code could attempt to close an already closed file
+ descriptor in certain conditions when processing directories
++ CID 72161: Stop memory leak in error path when loading microcode
+ data files
++ CID 72159, 72164, 72166, 72167, 72168, 72169: Cosmetic issues
+ that could not cause problems at runtime
+ * debian/control: bump standards version to 3.9.6
+
+ -- Henrique de Moraes Holschuh h...@debian.org Tue, 28 Oct 2014 17:02:42 -0200
+
iucode-tool (1.1-1) unstable; urgency=medium
* New upstream release
diff -Nru iucode-tool-1.1/debian/control iucode-tool-1.1.1/debian/control
--- iucode-tool-1.1/debian/control 2014-09-11 20:48:49.0 -0300
+++ iucode-tool-1.1.1/debian/control 2014-10-28 17:02:09.0 -0200
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Henrique de Moraes Holschuh h...@debian.org
Build-Depends: debhelper (= 7), autotools-dev, automake (= 1:1.10), autoconf (= 2.61)
-Standards-Version: