On Sat, Jun 24, 2023 at 10:13:58AM +0100, Adam D. Barratt wrote: > I was about to say "nothing other than a little more patience", given > the request is only a few days old at this point. Looking back, > however, it appears that there isn't actually a debdiff attached, as > was claimed in the original mail.
I apologize. Here we go. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
diff -Nru aide-0.17.3/debian/changelog aide-0.17.3/debian/changelog --- aide-0.17.3/debian/changelog 2022-01-16 13:36:56.000000000 +0100 +++ aide-0.17.3/debian/changelog 2023-06-21 18:28:37.000000000 +0200 @@ -1,3 +1,9 @@ +aide (0.17.3-4+deb11u2) bullseye; urgency=medium + + * Fix handling of extended attributes on symlinks. (Closes: #1037436) + + -- Marc Haber <mh+debian-packa...@zugschlus.de> Wed, 21 Jun 2023 18:28:37 +0200 + aide (0.17.3-4+deb11u1) bullseye-security; urgency=high * Apply upstream patch to fix heap-based buffer overflow in base64 functions diff -Nru aide-0.17.3/debian/patches/debian-bug-1037436 aide-0.17.3/debian/patches/debian-bug-1037436 --- aide-0.17.3/debian/patches/debian-bug-1037436 1970-01-01 01:00:00.000000000 +0100 +++ aide-0.17.3/debian/patches/debian-bug-1037436 2023-06-21 18:28:37.000000000 +0200 @@ -0,0 +1,25 @@ +Description: Fix handling of extended attributes on symlinks +Author: Hannes von Haugwitz <han...@vonhaugwitz.com> +Origin: 04b34dd46292dedf830ef2366a86666869a31488 +Date: Mon Jun 12 22:20:50 2023 +0200 +Forwarded: not-needed +--- a/src/do_md.c ++++ b/src/do_md.c +@@ -565,7 +565,7 @@ void xattrs2line(db_line *line) { + strncmp(attr, "trusted.", strlen("trusted."))) + goto next_attr; /* only store normal xattrs, and SELinux */ + +- while (((aret = getxattr(line->fullpath, attr, val, asz)) == ++ while (((aret = lgetxattr(line->fullpath, attr, val, asz)) == + -1) && (errno == ERANGE)) { + asz <<= 1; + val = realloc (val, asz); +@@ -574,7 +574,7 @@ void xattrs2line(db_line *line) { + if (aret != -1) + xattr_add(xattrs, attr, val, aret); + else if (errno != ENOATTR) +- log_msg(LOG_LEVEL_WARNING, "getxattr failed for %s:%s", line->fullpath, strerror(errno)); ++ log_msg(LOG_LEVEL_WARNING, "lgetxattr failed for %s:%s", line->fullpath, strerror(errno)); + + next_attr: + attr += len + 1; diff -Nru aide-0.17.3/debian/patches/series aide-0.17.3/debian/patches/series --- aide-0.17.3/debian/patches/series 2022-01-16 13:09:51.000000000 +0100 +++ aide-0.17.3/debian/patches/series 2023-06-21 18:28:37.000000000 +0200 @@ -1 +1,2 @@ 20-aide-0.17-cve-2021-45417.patch +debian-bug-1037436