Permission to upload geordi 0:20080725T0146-1+lenny1?

[Chris Lamb <lamby@debian.org>]

Hi -release,

I would like to upload geordi 0:20080725T0146-1+lenny1 to t-p-u to fix a
DoS issue. The relevant changelog entry is:

 geordi (0:20080725T0146-1+lenny1) testing-proposed-updates; urgency=low

   * Ignore (rather than allow) fcntl system call to prevent a DoS. Upstream
     writes:

       By using fcntl with F_SETOWN to make the geordi process the owner of
       its stdout and then using fcntl again to set O_ASYNC on stdout, the
       C++ program could have the geordi process receive SIGIO, causing it
       to shut down.

       We only allowed fcntl because g++ appeared to need it. Upon closer
       inspection, it turns out g++ only uses it to check some flags on the
       precompiled header fd, and the system call can just be ignored
       altogether.

     Patch backported from upstream darcs repository.

The debdiff is attached to this mail. I will be making the parallel change
to sid's version this evening.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org
       `-

diff --git a/debian/changelog b/debian/changelog
index 2382468..5fdc1ec 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+geordi (0:20080725T0146-1+lenny1) testing-proposed-updates; urgency=low
+
+  * Ignore (rather than allow) fcntl system call to prevent a DoS. Upstream
+    writes:
+
+      By using fcntl with F_SETOWN to make the geordi process the owner of its
+      stdout and then using fcntl again to set O_ASYNC on stdout, the C++
+      program could have the geordi process receive SIGIO, causing it to shut
+      down.
+
+      We only allowed fcntl because g++ appeared to need it. Upon closer
+      inspection, it turns out g++ only uses it to check some flags on the
+      precompiled header fd, and the system call can just be ignored
+      altogether.
+
+    Patch backported from upstream darcs repository.
+
+ -- Chris Lamb <lamby@debian.org>  Wed, 28 Jan 2009 21:54:03 +0000
+
 geordi (0:20080725T0146-1) unstable; urgency=low
 
   * New upstream release.
diff --git a/debian/control b/debian/control
index 34828b0..279c0a5 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,7 @@
 Source: geordi
 Section: net
 Priority: optional
-Maintainer: Chris Lamb <chris@chris-lamb.co.uk>
+Maintainer: Chris Lamb <lamby@debian.org>
 Build-Depends: debhelper (>= 5), ghc6 (>= 6.6.1), quilt, libboost-dev, libghc6-parallel-dev, libghc6-mtl-dev, libghc6-regex-compat-dev, libghc6-network-dev, libghc6-irc-dev, libghc6-utf8-string-dev
 Standards-Version: 3.8.0
 Vcs-Git: git://git.chris-lamb.co.uk/pkg-geordi.git
diff --git a/debian/patches/04-ignore-fcntl.diff b/debian/patches/04-ignore-fcntl.diff
new file mode 100644
index 0000000..d1ed6f9
--- /dev/null
+++ b/debian/patches/04-ignore-fcntl.diff
@@ -0,0 +1,31 @@
+diff -urNad /tmp/bp-build/geordi-20080725T0146.orig/src/EvalCxx.hsc /tmp/bp-build/geordi-20080725T0146/src/EvalCxx.hsc
+--- geordi-20080725T0146.orig/src/EvalCxx.hsc	2009-01-28 22:26:57.000000000 +0000
++++ geordi-20080725T0146/src/EvalCxx.hsc	2009-01-28 22:28:00.000000000 +0000
+@@ -269,8 +269,14 @@
+ ignored_syscalls, allowed_syscalls :: [SysCall]
+ 
+ ignored_syscalls = -- These are effectively replaced with "return 0;".
+-  [ SYS_chmod, SYS_fadvise64, SYS_unlink, SYS_munmap, SYS_madvise, SYS_umask, SYS_rt_sigaction, SYS_rt_sigprocmask, SYS_ioctl, SYS_setitimer, SYS_vfork {- see "Secure compilation" -} ]
++  [ SYS_chmod, SYS_fadvise64, SYS_unlink, SYS_munmap, SYS_madvise, SYS_umask, SYS_rt_sigaction, SYS_rt_sigprocmask, SYS_ioctl, SYS_setitimer, SYS_vfork {- see "Secure compilation" -}
+ 
++  #ifdef __x86_64__
++    , SYS_fcntl
++  #else
++    , SYS_fcntl64
++  #endif
++  ]
+ allowed_syscalls =
+   [ SYS_open, SYS_write, SYS_uname, SYS_brk, SYS_read, SYS_mmap, SYS_exit_group, SYS_getpid, SYS_access, SYS_getrusage, SYS_close, SYS_gettimeofday, SYS_time, SYS_writev, SYS_execve, SYS_mprotect, SYS_getcwd, SYS_times
+ 
+@@ -279,9 +285,9 @@
+   , SYS_getdents64, SYS_pread64, SYS_readv -- for gold
+ 
+   #ifdef __x86_64__
+-    , SYS_stat, SYS_fstat, SYS_arch_prctl, SYS_getrlimit, SYS_fcntl, SYS_lseek, SYS_lstat, SYS_dup
++    , SYS_stat, SYS_fstat, SYS_arch_prctl, SYS_getrlimit, SYS_lseek, SYS_lstat, SYS_dup
+   #else
+-    , SYS_fstat64, SYS_lstat64, SYS_stat64, SYS_ugetrlimit, SYS_fcntl64, SYS__llseek, SYS_mmap2, SYS_mremap, SYS_set_thread_area, SYS_readlink
++    , SYS_fstat64, SYS_lstat64, SYS_stat64, SYS_ugetrlimit, SYS__llseek, SYS_mmap2, SYS_mremap, SYS_set_thread_area, SYS_readlink
+   #endif
+   ]
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 573ddbc..7c879e0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 01-jail-config.diff
 02-gcc-c++0x-support-missing-unordered-map.diff
 03-hsc2hs6.diff
+04-ignore-fcntl.diff

Attachment: signature.asc
Description: PGP signature