Bug#994574: bullseye-pu: package dazzdb/1.0+git20201103.8d98c37-1+deb11u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#994574: bullseye-pu: package dazzdb/1.0+git20201103.8d98c37-1+deb11u1
From: Sebastian Ramacher <sramacher@debian.org>
Date: Fri, 17 Sep 2021 22:42:09 +0200
Message-id: <[🔎] YUT9oTB1PpIJ4cub@ramacher.at>
Reply-to: Sebastian Ramacher <sramacher@debian.org>, 994574@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: sramacher@debian.org, dazzdb@packages.debian.org

[ Reason ]
glibc 2.32 uncovered a use-after-free issue in dazzdb (#993770). While
dazzdb technically does not crash on bullseye, a fix for the issue helps
us in avoiding a Breaks in glibc for bullseye -> bookworm upgrades.

[ Tests ]
The code is covered by autopkgtests

[ Risks ]
It's the exact same patch as in unstable.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Cheers
-- 
Sebastian Ramacher

diff -Nru dazzdb-1.0+git20201103.8d98c37/debian/changelog dazzdb-1.0+git20201103.8d98c37/debian/changelog
--- dazzdb-1.0+git20201103.8d98c37/debian/changelog	2021-01-19 10:02:03.000000000 +0100
+++ dazzdb-1.0+git20201103.8d98c37/debian/changelog	2021-09-17 20:48:03.000000000 +0200
@@ -1,3 +1,10 @@
+dazzdb (1.0+git20201103.8d98c37-1+deb11u1) bullseye; urgency=medium
+
+  [ Aurelien Jarno ]
+  * Fix a use-after-free in DBstats (Closes: #993770)
+
+ -- Sebastian Ramacher <sramacher@debian.org>  Fri, 17 Sep 2021 20:48:03 +0200
+
 dazzdb (1.0+git20201103.8d98c37-1) unstable; urgency=medium
 
   * New upstream version
diff -Nru dazzdb-1.0+git20201103.8d98c37/debian/patches/series dazzdb-1.0+git20201103.8d98c37/debian/patches/series
--- dazzdb-1.0+git20201103.8d98c37/debian/patches/series	2021-01-19 10:02:03.000000000 +0100
+++ dazzdb-1.0+git20201103.8d98c37/debian/patches/series	2021-09-14 20:49:54.000000000 +0200
@@ -2,3 +2,4 @@
 compiler-flags.patch
 destdir.patch
 cross.patch
+use-after-free.patch
diff -Nru dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch
--- dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch	1970-01-01 01:00:00.000000000 +0100
+++ dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch	2021-09-14 20:49:57.000000000 +0200
@@ -0,0 +1,16 @@
+Description: fix a use-after-free causing a segmentation fault with glibc 2.32
+Author: Aurelien Jarno <aurel32@debian.org>
+Forwarded: https://github.com/thegenemyers/DAZZ_DB/issues/41 
+Last-Update: 2021-09-14
+
+--- dazzdb-1.0+git20201103.8d98c37.orig/DBstats.c
++++ dazzdb-1.0+git20201103.8d98c37/DBstats.c
+@@ -346,8 +346,6 @@ int main(int argc, char *argv[])
+               }
+           }
+         printf("\n");
+-
+-        Close_Track(db,track);
+       }
+   }
+

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#994574: dazzdb 1.0+git20201103.8d98c37-1+deb11u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#994097: bullseye-pu: package osmpbf/1.5.0-1+deb11u1
Next by Date: Bug#992870: transition: GNOME 40 (libmutter-8-0 and friends)
Previous by thread: Bug#994560: Bug#995032: GNOME components segfault as a result of libffi transition
Next by thread: Bug#994574: dazzdb 1.0+git20201103.8d98c37-1+deb11u1 flagged for acceptance
Index(es):
- Date
- Thread