[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#935165: marked as done (buster-pu: package newsboat/2.13-1+deb10u1)

Your message dated Sat, 07 Sep 2019 14:34:49 +0100
with message-id <[🔎] f49e2985d8466065c49c03185c24465a32228fb5.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes including in 10.1 point release
has caused the Debian Bug report #935165,
regarding buster-pu: package newsboat/2.13-1+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
935165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935165
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I'd like to patch a use-after-free bug in newsboat. It was reported in debian
in #898559[1] and fixed upstream[2]. While I haven't been able to reproduce a
crash with it it's clear that it's there and I have received feedback that it
indeed fixes the linked issue.

Debdiff attached

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898559
[2] https://github.com/newsboat/newsboat/pull/603

diff -Nru newsboat-2.13/debian/changelog newsboat-2.13/debian/changelog
--- newsboat-2.13/debian/changelog	2018-09-23 21:01:29.000000000 +0300
+++ newsboat-2.13/debian/changelog	2019-08-17 21:10:38.000000000 +0300
@@ -1,3 +1,10 @@
+newsboat (2.13-1+deb10u1) buster; urgency=medium
+
+  [ Nikos Tsipinakis ]
+  * Patch use after free in itemlist (Closes: #898559)
+
+ -- Nikos Tsipinakis <nikos@tsipinakis.com>  Sat, 17 Aug 2019 21:10:38 +0300
+
 newsboat (2.13-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru newsboat-2.13/debian/patches/02-fix-use-after-free.patch newsboat-2.13/debian/patches/02-fix-use-after-free.patch
--- newsboat-2.13/debian/patches/02-fix-use-after-free.patch	1970-01-01 02:00:00.000000000 +0200
+++ newsboat-2.13/debian/patches/02-fix-use-after-free.patch	2019-08-17 21:10:22.000000000 +0300
@@ -0,0 +1,33 @@
+From a44a72ffa5c66a1de21476d23a8523001eecfc23 Mon Sep 17 00:00:00 2001
+From: Juho Pohjala <juho.pohjala@gmail.com>
+Date: Tue, 13 Aug 2019 16:10:16 +0300
+Subject: [PATCH] Crash when opening a url (#189)
+
+Caused by heap-use-after-free in ItemListFormAction::prepare().
+
+The complete invalidation mode repopulates the listfmt vector, thus it's
+not enough to clear the invalidated_itempos only in case of partial
+invalidation mode. The fix is to clear the invalidated_itempos vector
+also in case of complete invalidation mode.
+---
+ src/itemlistformaction.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/itemlist_formaction.cpp
++++ b/src/itemlist_formaction.cpp
+@@ -930,7 +930,6 @@
+ 					datetime_format);
+ 				listfmt.set_line(itempos, line, item.second);
+ 			}
+-			invalidated_itempos.clear();
+ 		} else {
+ 			LOG(level::ERROR,
+ 				"invalidation_mode is neither COMPLETE nor "
+@@ -942,6 +941,7 @@
+ 			listfmt.format_list(rxman, "articlelist"));
+ 	}
+ 
++	invalidated_itempos.clear();
+ 	invalidated = false;
+ 
+ 	set_head(feed->title(),
diff -Nru newsboat-2.13/debian/patches/series newsboat-2.13/debian/patches/series
--- newsboat-2.13/debian/patches/series	2018-09-23 21:01:29.000000000 +0300
+++ newsboat-2.13/debian/patches/series	2019-08-17 21:10:22.000000000 +0300
@@ -1 +1,2 @@
 01-use-policy-compliant-perl-hashbang.patch
+02-fix-use-after-free.patch

--- End Message ---
--- Begin Message --- 
Version: 10.1

Hi,

The fixes referenced by each of these bugs were included in today's
buster point release.

Regards,

Adam

--- End Message ---
Reply to: