Bug#935165: buster-pu: package newsboat/2.13-1+deb10u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#935165: buster-pu: package newsboat/2.13-1+deb10u1
From: Nikos Tsipinakis <nikos@tsipinakis.com>
Date: Tue, 20 Aug 2019 13:33:41 +0300
Message-id: <[🔎] 20190820103341.GA32052@tsipinakis.com>
Reply-to: Nikos Tsipinakis <nikos@tsipinakis.com>, 935165@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I'd like to patch a use-after-free bug in newsboat. It was reported in debian
in #898559[1] and fixed upstream[2]. While I haven't been able to reproduce a
crash with it it's clear that it's there and I have received feedback that it
indeed fixes the linked issue.

Debdiff attached

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898559
[2] https://github.com/newsboat/newsboat/pull/603

diff -Nru newsboat-2.13/debian/changelog newsboat-2.13/debian/changelog
--- newsboat-2.13/debian/changelog	2018-09-23 21:01:29.000000000 +0300
+++ newsboat-2.13/debian/changelog	2019-08-17 21:10:38.000000000 +0300
@@ -1,3 +1,10 @@
+newsboat (2.13-1+deb10u1) buster; urgency=medium
+
+  [ Nikos Tsipinakis ]
+  * Patch use after free in itemlist (Closes: #898559)
+
+ -- Nikos Tsipinakis <nikos@tsipinakis.com>  Sat, 17 Aug 2019 21:10:38 +0300
+
 newsboat (2.13-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru newsboat-2.13/debian/patches/02-fix-use-after-free.patch newsboat-2.13/debian/patches/02-fix-use-after-free.patch
--- newsboat-2.13/debian/patches/02-fix-use-after-free.patch	1970-01-01 02:00:00.000000000 +0200
+++ newsboat-2.13/debian/patches/02-fix-use-after-free.patch	2019-08-17 21:10:22.000000000 +0300
@@ -0,0 +1,33 @@
+From a44a72ffa5c66a1de21476d23a8523001eecfc23 Mon Sep 17 00:00:00 2001
+From: Juho Pohjala <juho.pohjala@gmail.com>
+Date: Tue, 13 Aug 2019 16:10:16 +0300
+Subject: [PATCH] Crash when opening a url (#189)
+
+Caused by heap-use-after-free in ItemListFormAction::prepare().
+
+The complete invalidation mode repopulates the listfmt vector, thus it's
+not enough to clear the invalidated_itempos only in case of partial
+invalidation mode. The fix is to clear the invalidated_itempos vector
+also in case of complete invalidation mode.
+---
+ src/itemlistformaction.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/itemlist_formaction.cpp
++++ b/src/itemlist_formaction.cpp
+@@ -930,7 +930,6 @@
+ 					datetime_format);
+ 				listfmt.set_line(itempos, line, item.second);
+ 			}
+-			invalidated_itempos.clear();
+ 		} else {
+ 			LOG(level::ERROR,
+ 				"invalidation_mode is neither COMPLETE nor "
+@@ -942,6 +941,7 @@
+ 			listfmt.format_list(rxman, "articlelist"));
+ 	}
+ 
++	invalidated_itempos.clear();
+ 	invalidated = false;
+ 
+ 	set_head(feed->title(),
diff -Nru newsboat-2.13/debian/patches/series newsboat-2.13/debian/patches/series
--- newsboat-2.13/debian/patches/series	2018-09-23 21:01:29.000000000 +0300
+++ newsboat-2.13/debian/patches/series	2019-08-17 21:10:22.000000000 +0300
@@ -1 +1,2 @@
 01-use-policy-compliant-perl-hashbang.patch
+02-fix-use-after-free.patch

Reply to:

Follow-Ups:
- Bug#935165: buster-pu: package newsboat/2.13-1+deb10u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#935165: buster-pu: package newsboat/2.13-1+deb10u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#935165: newsboat 2.13-1+deb10u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#935158: Patch
Next by Date: Bug#931245: unblock: encoding-rs/0.8.15-2
Previous by thread: Processed: libgovirt 0.3.4-2+deb9u1 flagged for acceptance
Next by thread: Bug#935165: buster-pu: package newsboat/2.13-1+deb10u1
Index(es):
- Date
- Thread