Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: a...@packages.debian.org
Control: affects -1 + src:aide
User: release.debian....@packages.debian.org
Usertags: pu
This upload fixes #1070805. The reporter, Hannes, is upstream and a DD,
and thinks the issue warrants a stable update.
[ Reason ]
aide 0.18 has introduced some concurrency in processing. There is a bug
that makes fail to concurrently read extended attributes (xattrs) due to
variables shared between worker threads.
[ Impact ]
Incomplete aide checks
[ Tests ]
The fix is in productive use (in a git snapshot of HEAD) at upstream and
the Debian maintainer.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Upstream patch 732e7e2e
diff -Nru aide-0.18.3/debian/changelog aide-0.18.3/debian/changelog
--- aide-0.18.3/debian/changelog 2023-07-01 14:37:51.000000000 +0200
+++ aide-0.18.3/debian/changelog 2024-05-16 13:32:11.000000000 +0200
@@ -1,3 +1,10 @@
+aide (0.18.3-1+deb12u3) bookworm; urgency=medium
+
+ * Upstream patch to fix concurrent reading of extended
+ attributes (xattrs) (Closes: #1070805)
+
+ -- Marc Haber <mh+debian-packa...@zugschlus.de> Thu, 16 May 2024 13:32:11
+0200
+
aide (0.18.3-1+deb12u2) bookworm; urgency=medium
* Upstream patch to fix child directory processing on equal match
diff -Nru aide-0.18.3/debian/patches/debian-bug-1070805
aide-0.18.3/debian/patches/debian-bug-1070805
--- aide-0.18.3/debian/patches/debian-bug-1070805 1970-01-01
01:00:00.000000000 +0100
+++ aide-0.18.3/debian/patches/debian-bug-1070805 2024-05-16
13:32:11.000000000 +0200
@@ -0,0 +1,47 @@
+Description: Fix concurrent reading of extended attributes (xattrs)
+Author: Hannes von Haugwitz <han...@vonhaugwitz.com>
+Origin: 732e7e2e7dc91bb614c508518c0abc6cab85565c
+Date: Mon May 16 13:30:00 2024 +0200
+Forwarded: not-needed
+--- a/src/do_md.c
++++ b/src/do_md.c
+@@ -478,14 +478,13 @@ static void xattr_add(xattrs_type *xattr
+ void xattrs2line(db_line *line) {
+ /* get all generic user xattrs. */
+ xattrs_type *xattrs = NULL;
+- static ssize_t xsz = 1024;
+- static char *xatrs = NULL;
+ ssize_t xret = -1;
+
+ if (!(ATTR(attr_xattrs)&line->attr))
+ return;
+
+- if (!xatrs) xatrs = checked_malloc(xsz);
++ ssize_t xsz = 1024;
++ char *xatrs = xatrs = checked_malloc(xsz);
+
+ while (((xret = llistxattr(line->fullpath, xatrs, xsz)) == -1) && (errno
== ERANGE)) {
+ xsz <<= 1;
+@@ -498,10 +497,8 @@ void xattrs2line(db_line *line) {
+ log_msg(LOG_LEVEL_WARNING, "listxattrs failed for %s:%s",
line->fullpath, strerror(errno));
+ } else if (xret) {
+ const char *attr = xatrs;
+- static ssize_t asz = 1024;
+- static char *val = NULL;
+-
+- if (!val) val = checked_malloc(asz);
++ ssize_t asz = 1024;
++ char *val = checked_malloc(asz);
+
+ xattrs = xattr_new();
+
+@@ -529,7 +526,9 @@ next_attr:
+ attr += len + 1;
+ xret -= len + 1;
+ }
++ free(val);
+ }
++ free(xatrs);
+
+ line->xattrs = xattrs;
+ }
diff -Nru aide-0.18.3/debian/patches/series aide-0.18.3/debian/patches/series
--- aide-0.18.3/debian/patches/series 2023-07-01 14:37:51.000000000 +0200
+++ aide-0.18.3/debian/patches/series 2024-05-16 13:32:11.000000000 +0200
@@ -1,3 +1,4 @@
debian-bug-1039936
debian-bug-1037436
compare-logs
+debian-bug-1070805
