Bug#680728: unblock: linux-igd/1.0+cvs20070630-4 (re-send with debdiff)
Please unblock package linux-igd.
The upload fixes one severity Important use-after-free-bug:
#499827 linux-igd: upnpd segfault error 4 in libc-2.7.so
and also applies the Wheezy hardening release goal as this package meets
the category "All daemons and libraries accessible from the network".
linux-igd (1.0+cvs20070630-4) unstable; urgency=low
* Apply patch 16 from Rob Lesley to fix use-after-free (Closes: #499827)
* Apply hardening in line with Wheezy release goal, as we are a daemon
and handle unsanitised input from the net. Update *FLAGS in line
with this to be supplied by dh_buildflags.
* Update Policy to 3.9.3 (no change to package).
On a review of the debdiff I can see that there are two additional changes
in the packaging but they should not affect the build or the resulting
binary so I hope the upload can still be accepted. Please let me know
if you would rather I re-upload anyway:
* the versioned B-D on libupnp4-dev is tightened but still matches the
version in Wheezy (before freeze I was considering updating linux-igd
to use a newer libupnp, but that is too invasive a change so I reverted
it for this upload, but it left this one change in debian/control).
* a change to the comments in debian/watch (this was a Lintian warning
I was also working on at the time)
unblock linux-igd/1.0+cvs20070630-4
diff -u linux-igd-1.0+cvs20070630/debian/control linux-igd-1.0+cvs20070630/debian/control
--- linux-igd-1.0+cvs20070630/debian/control
+++ linux-igd-1.0+cvs20070630/debian/control
@@ -4,8 +4,8 @@
Homepage: http://linux-igd.sourceforge.net/
Maintainer: Nick Leverton <nick@leverton.org>
Build-Depends: debhelper (>= 7.0.50), quilt (>= 0.46-8~), iptables-dev, pkg-config,
- libupnp4-dev (>= 1.8.0~svn20100507)
-Standards-Version: 3.8.4
+ libupnp4-dev (>= 1.8.0~svn20100507-1.1)
+Standards-Version: 3.9.3
Package: linux-igd
Architecture: any
diff -u linux-igd-1.0+cvs20070630/debian/rules linux-igd-1.0+cvs20070630/debian/rules
--- linux-igd-1.0+cvs20070630/debian/rules
+++ linux-igd-1.0+cvs20070630/debian/rules
@@ -3,8 +3,12 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
-# enable libupnp debugging
-CFLAGS += -DDEBUG
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -DDEBUG
+
+CPPFLAGS_DEF += `dpkg-buildflags --get CPPFLAGS`
+CFLAGS_DEF += `dpkg-buildflags --get CFLAGS`
+LDFLAGS_DEF += `dpkg-buildflags --get LDFLAGS`
%:
dh --with quilt $@
@@ -15,3 +19,3 @@
# dh_auto_build -- HAVE_LIBIPTC=1 HAVE_XTABLES=1 HAVE_IPTABLES_143=1
- dh_auto_build
+ dh_auto_build -- CFLAGS="$(CPPFLAGS_DEF) $(CFLAGS_DEF)" LDFLAGS="$(LDFLAGS_DEF)"
diff -u linux-igd-1.0+cvs20070630/debian/watch linux-igd-1.0+cvs20070630/debian/watch
--- linux-igd-1.0+cvs20070630/debian/watch
+++ linux-igd-1.0+cvs20070630/debian/watch
@@ -1,6 +1,3 @@
-# Example watch control file for uscan
-# Rename this file to "watch" and then you can run the "uscan" command
-# to check for upstream updates and more.
# Site Directory Pattern Version Script
version=3
http://sf.net/linux-igd/linuxigd-(.*)\.(?:tar.bz2|tar.gz|tar|tgz)
diff -u linux-igd-1.0+cvs20070630/debian/changelog linux-igd-1.0+cvs20070630/debian/changelog
--- linux-igd-1.0+cvs20070630/debian/changelog
+++ linux-igd-1.0+cvs20070630/debian/changelog
@@ -1,3 +1,13 @@
+linux-igd (1.0+cvs20070630-4) unstable; urgency=low
+
+ * Apply patch 16 from Rob Lesley to fix use-after-free (Closes: #499827)
+ * Apply hardening in line with Wheezy release goal, as we are a daemon
+ and handle unsanitised input from the net. Update *FLAGS in line
+ with this to be supplied by dh_buildflags.
+ * Update Policy to 3.9.3 (no change to package).
+
+ -- Nick Leverton <nick@leverton.org> Sat, 07 Jul 2012 21:54:47 +0100
+
linux-igd (1.0+cvs20070630-3) unstable; urgency=low
* Use debhelper 7 and dh; update patch 02-makefile to support DESTDIR.
diff -u linux-igd-1.0+cvs20070630/debian/patches/02-makefile.diff linux-igd-1.0+cvs20070630/debian/patches/02-makefile.diff
--- linux-igd-1.0+cvs20070630/debian/patches/02-makefile.diff
+++ linux-igd-1.0+cvs20070630/debian/patches/02-makefile.diff
@@ -52,7 +52,7 @@
upnpd: $(FILES)
- $(CC) $(CFLAGS) $(FILES) $(LIBS) -o $@
-+ $(CC) $(CFLAGS) $(LDFLAGS) $(FILES) $(LIBS) -o $@
++ $(CC) $(LDFLAGS) $(FILES) $(LIBS) -o $@
@echo "make $@ finished on `date`"
%.o: %.c
diff -u linux-igd-1.0+cvs20070630/debian/patches/series linux-igd-1.0+cvs20070630/debian/patches/series
--- linux-igd-1.0+cvs20070630/debian/patches/series
+++ linux-igd-1.0+cvs20070630/debian/patches/series
@@ -21,0 +22 @@
+16-nullify-event-mapping-to-prevent-writing-over-free-d.patch
only in patch2:
unchanged:
--- linux-igd-1.0+cvs20070630.orig/debian/patches/16-nullify-event-mapping-to-prevent-writing-over-free-d.patch
+++ linux-igd-1.0+cvs20070630/debian/patches/16-nullify-event-mapping-to-prevent-writing-over-free-d.patch
@@ -0,0 +1,24 @@
+Description: Nullify event->mapping to prevent writing over free'd memory
+Author: Rob Leslie <rob@mars.org>
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499827
+Bug: https://sourceforge.net/tracker/index.php?func=detail&aid=3541140&group_id=52728&atid=467821
+Forwarded: yes
+
+Without this patch, free_expiration_event() will write to memory
+free()'d by pmlist_Delete().
+---
+ gatedevice.c | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+Index: linux-igd-1.0+cvs20070630/gatedevice.c
+===================================================================
+--- linux-igd-1.0+cvs20070630.orig/gatedevice.c 2012-07-07 17:58:53.000000000 +0100
++++ linux-igd-1.0+cvs20070630/gatedevice.c 2012-07-07 17:58:54.000000000 +0100
+@@ -805,6 +805,7 @@
+ //will not call CancelMappingExpiration
+ event->mapping->expirationEventId = -1;
+ pmlist_Delete(event->mapping);
++ event->mapping = NULL;
+
+ snprintf(num, sizeof(num), "%d", pmlist_Size());
+ UpnpAddToPropertySet(&propSet, "PortMappingNumberOfEntries", num);
Reply to: