Import Debian changes 2.31-13+deb11u8

416df274 · Aurelien Jarno · Dylan Aïssi · 7a82a095 · 416df274 · 416df274
Commit 416df274 authored 1 year ago by Aurelien Jarno Committed by Dylan Aïssi 1 year ago
--- a/debian/changelog
+++ b/debian/changelog
+glibc (2.31-13+deb11u8) bullseye; urgency=medium
+
+  * debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory
+    corruption in qsort() when using nontransitive comparison functions.
+
+ -- Aurelien Jarno <aurel32@debian.org>  Sun, 28 Jan 2024 23:58:14 +0100
+
 glibc (2.31-13+deb11u7) bullseye-security; urgency=medium
  
  * debian/patches/any/local-CVE-2023-4911.patch: Fix a buffer overflow in the

--- a/debian/patches/any/local-qsort-memory-corruption.patch
+++ b/debian/patches/any/local-qsort-memory-corruption.patch
+diff -rup a/stdlib/qsort.c b/stdlib/qsort.c
+--- a/stdlib/qsort.c	2023-07-31 10:54:16.000000000 -0700
+++ b/stdlib/qsort.c	2024-01-15 09:08:25.596167959 -0800
+@@ -224,7 +224,8 @@ _quicksort (void *const pbase, size_t to
+     while ((run_ptr += size) <= end_ptr)
+       {
+ 	tmp_ptr = run_ptr - size;
+-	while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0)
+	while (tmp_ptr != base_ptr
+	       && (*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0)
+ 	  tmp_ptr -= size;
+ 
+ 	tmp_ptr += size;
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -170,3 +170,4 @@ any/git-surplus-tls-accounting.diff
 any/git-ld.so-cache-endianness-markup.diff
 any/local-CVE-2021-33574-mq_notify-use-after-free.diff
 any/local-CVE-2023-4911.patch
+any/local-qsort-memory-corruption.patch