Bug#680728: unblock: linux-igd/1.0+cvs20070630-4 (re-send with debdiff)

[Nick Leverton]

Please unblock package linux-igd.

The upload fixes one severity Important use-after-free-bug:
  #499827  linux-igd: upnpd segfault error 4 in libc-2.7.so

and also applies the Wheezy hardening release goal as this package meets
the category "All daemons and libraries accessible from the network".

linux-igd (1.0+cvs20070630-4) unstable; urgency=low

  * Apply patch 16 from Rob Lesley to fix use-after-free (Closes: #499827)
  * Apply hardening in line with Wheezy release goal, as we are a daemon
    and handle unsanitised input from the net.  Update *FLAGS in line
    with this to be supplied by dh_buildflags.
  * Update Policy to 3.9.3 (no change to package).

On a review of the debdiff I can see that there are two additional changes
in the packaging but they should not affect the build or the resulting
binary so I hope the upload can still be accepted.  Please let me know
if you would rather I re-upload anyway:

* the versioned B-D on libupnp4-dev is tightened but still matches the
  version in Wheezy (before freeze I was considering updating linux-igd
  to use a newer libupnp, but that is too invasive a change so I reverted
  it for this upload, but it left this one change in debian/control).
* a change to the comments in debian/watch (this was a Lintian warning
  I was also working on at the time)

unblock linux-igd/1.0+cvs20070630-4

diff -u linux-igd-1.0+cvs20070630/debian/control linux-igd-1.0+cvs20070630/debian/control
--- linux-igd-1.0+cvs20070630/debian/control
+++ linux-igd-1.0+cvs20070630/debian/control
@@ -4,8 +4,8 @@
 Homepage: http://linux-igd.sourceforge.net/
 Maintainer: Nick Leverton <n...@leverton.org>
 Build-Depends: debhelper (>= 7.0.50), quilt (>= 0.46-8~), iptables-dev, pkg-config,
- libupnp4-dev (>= 1.8.0~svn20100507)
-Standards-Version: 3.8.4
+ libupnp4-dev (>= 1.8.0~svn20100507-1.1)
+Standards-Version: 3.9.3
 
 Package: linux-igd
 Architecture: any
diff -u linux-igd-1.0+cvs20070630/debian/rules linux-igd-1.0+cvs20070630/debian/rules
--- linux-igd-1.0+cvs20070630/debian/rules
+++ linux-igd-1.0+cvs20070630/debian/rules
@@ -3,8 +3,12 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
-# enable libupnp debugging
-CFLAGS += -DDEBUG
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -DDEBUG
+
+CPPFLAGS_DEF += `dpkg-buildflags --get CPPFLAGS`
+CFLAGS_DEF += `dpkg-buildflags --get CFLAGS`
+LDFLAGS_DEF += `dpkg-buildflags --get LDFLAGS`
 
 %:
 	dh --with quilt $@
@@ -15,3 +19,3 @@
 	# dh_auto_build -- HAVE_LIBIPTC=1 HAVE_XTABLES=1 HAVE_IPTABLES_143=1
-	dh_auto_build
+	dh_auto_build -- CFLAGS="$(CPPFLAGS_DEF) $(CFLAGS_DEF)" LDFLAGS="$(LDFLAGS_DEF)"
 
diff -u linux-igd-1.0+cvs20070630/debian/watch linux-igd-1.0+cvs20070630/debian/watch
--- linux-igd-1.0+cvs20070630/debian/watch
+++ linux-igd-1.0+cvs20070630/debian/watch
@@ -1,6 +1,3 @@
-# Example watch control file for uscan
-# Rename this file to "watch" and then you can run the "uscan" command
-# to check for upstream updates and more.
 # Site		Directory		Pattern			Version	Script
 version=3
 http://sf.net/linux-igd/linuxigd-(.*)\.(?:tar.bz2|tar.gz|tar|tgz)
diff -u linux-igd-1.0+cvs20070630/debian/changelog linux-igd-1.0+cvs20070630/debian/changelog
--- linux-igd-1.0+cvs20070630/debian/changelog
+++ linux-igd-1.0+cvs20070630/debian/changelog
@@ -1,3 +1,13 @@
+linux-igd (1.0+cvs20070630-4) unstable; urgency=low
+
+  * Apply patch 16 from Rob Lesley to fix use-after-free (Closes: #499827)
+  * Apply hardening in line with Wheezy release goal, as we are a daemon
+    and handle unsanitised input from the net.  Update *FLAGS in line
+    with this to be supplied by dh_buildflags.
+  * Update Policy to 3.9.3 (no change to package).
+
+ -- Nick Leverton <n...@leverton.org>  Sat, 07 Jul 2012 21:54:47 +0100
+
 linux-igd (1.0+cvs20070630-3) unstable; urgency=low
 
   * Use debhelper 7 and dh; update patch 02-makefile to support DESTDIR.
diff -u linux-igd-1.0+cvs20070630/debian/patches/02-makefile.diff linux-igd-1.0+cvs20070630/debian/patches/02-makefile.diff
--- linux-igd-1.0+cvs20070630/debian/patches/02-makefile.diff
+++ linux-igd-1.0+cvs20070630/debian/patches/02-makefile.diff
@@ -52,7 +52,7 @@
  
  upnpd: $(FILES)
 -	$(CC) $(CFLAGS) $(FILES) $(LIBS) -o $@
-+	$(CC) $(CFLAGS) $(LDFLAGS) $(FILES) $(LIBS) -o $@
++	$(CC) $(LDFLAGS) $(FILES) $(LIBS) -o $@
  	@echo "make $@ finished on `date`"
  
  %.o:	%.c
diff -u linux-igd-1.0+cvs20070630/debian/patches/series linux-igd-1.0+cvs20070630/debian/patches/series
--- linux-igd-1.0+cvs20070630/debian/patches/series
+++ linux-igd-1.0+cvs20070630/debian/patches/series
@@ -21,0 +22 @@
+16-nullify-event-mapping-to-prevent-writing-over-free-d.patch
only in patch2:
unchanged:
--- linux-igd-1.0+cvs20070630.orig/debian/patches/16-nullify-event-mapping-to-prevent-writing-over-free-d.patch
+++ linux-igd-1.0+cvs20070630/debian/patches/16-nullify-event-mapping-to-prevent-writing-over-free-d.patch
@@ -0,0 +1,24 @@
+Description: Nullify event->mapping to prevent writing over free'd memory
+Author: Rob Leslie <r...@mars.org>
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499827
+Bug: https://sourceforge.net/tracker/index.php?func=detail&aid=3541140&group_id=52728&atid=467821
+Forwarded: yes
+
+Without this patch, free_expiration_event() will write to memory
+free()'d by pmlist_Delete().
+---
+ gatedevice.c |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+Index: linux-igd-1.0+cvs20070630/gatedevice.c
+===================================================================
+--- linux-igd-1.0+cvs20070630.orig/gatedevice.c	2012-07-07 17:58:53.000000000 +0100
++++ linux-igd-1.0+cvs20070630/gatedevice.c	2012-07-07 17:58:54.000000000 +0100
+@@ -805,6 +805,7 @@
+   //will not call CancelMappingExpiration
+   event->mapping->expirationEventId = -1;
+   pmlist_Delete(event->mapping);
++  event->mapping = NULL;
+   
+   snprintf(num, sizeof(num), "%d", pmlist_Size());
+   UpnpAddToPropertySet(&propSet, "PortMappingNumberOfEntries", num);