Bug#686852: unblock: trn4/4.0-test77-6
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Enabling fortification in 4.0-test77-5 caused trn4 to crash on some
articles, because trn is slightly sketchy code from the dawn of time and
has some hardcoded limits. We should really lift these limits properly,
but for now apparently doubling the line buffer size sorts out crashes
in practice. Since the current status is that fortification has caused
a regression from squeeze, I think we should include this patch in
wheezy.
diff -Nru trn4-4.0-test77/debian/changelog trn4-4.0-test77/debian/changelog
--- trn4-4.0-test77/debian/changelog 2012-06-22 14:15:11.000000000 +0100
+++ trn4-4.0-test77/debian/changelog 2012-08-24 06:23:46.000000000 +0100
@@ -1,3 +1,13 @@
+trn4 (4.0-test77-6) unstable; urgency=low
+
+ [ Nick Leverton ]
+ * Double the size of the line buffer to fix a segfault whilst applying
+ killfile to article with long header line; articles with References
+ headers > 1024 bytes are not uncommon, but in practice they do not seem
+ to grow very much beyond that (closes: #682803).
+
+ -- Colin Watson <cjwatson@debian.org> Fri, 24 Aug 2012 06:23:45 +0100
+
trn4 (4.0-test77-5) unstable; urgency=low
* Use dpkg-buildflags to enable hardening options.
diff -Nru trn4-4.0-test77/debian/patches/longer-line-buffer.patch trn4-4.0-test77/debian/patches/longer-line-buffer.patch
--- trn4-4.0-test77/debian/patches/longer-line-buffer.patch 1970-01-01 01:00:00.000000000 +0100
+++ trn4-4.0-test77/debian/patches/longer-line-buffer.patch 2012-08-24 06:21:49.000000000 +0100
@@ -0,0 +1,33 @@
+From: Nick Leverton <nick@leverton.org>
+Subject: Segfault whilst applying killfile to article with long header line
+Bug-Debian: http://bugs.debian.org/682803
+Forwarded: no
+Last-Update: 2012-08-24
+
+This now reminds me of some investigations I did a few years back into a
+similar issue in inn's nntpget. I found that a small number of clients
+did not trim References headers when they grew past 1024 bytes, or perhaps
+trimmed before appending the new message-id rather than afterwards.
+
+Regardless, the number of articles with References headers > 1024
+was non-zero, but few had them very much longer than that as most of
+these lengthy subthreads involved at least one person with a non-broken
+newsreader.
+
+I therefore think the attached patch should be more than adequate.
+Tested here and solves the problem on all the newsgroups I'm subscribed
+to that have long enough threads to cause this issue.
+
+Index: b/common.h
+===================================================================
+--- a/common.h
++++ b/common.h
+@@ -55,7 +55,7 @@
+ #include "typedef.h"
+
+ #define BITSPERBYTE 8
+-#define LBUFLEN 1024 /* line buffer length */
++#define LBUFLEN 2048 /* line buffer length */
+ /* (don't worry, .newsrc lines can exceed this) */
+ #define CBUFLEN 512 /* command buffer length */
+ #define PUSHSIZE 256
diff -Nru trn4-4.0-test77/debian/patches/series trn4-4.0-test77/debian/patches/series
--- trn4-4.0-test77/debian/patches/series 2012-03-27 10:10:43.000000000 +0100
+++ trn4-4.0-test77/debian/patches/series 2012-08-24 06:20:27.000000000 +0100
@@ -5,3 +5,4 @@
earlier-util-init.patch
libtinfo.patch
thread-tree-stability.patch
+longer-line-buffer.patch
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: