Your message dated Sat, 07 Sep 2019 14:34:49 +0100
with message-id
<f49e2985d8466065c49c03185c24465a32228fb5.ca...@adam-barratt.org.uk>
and subject line Closing bugs for fixes including in 10.1 point release
has caused the Debian Bug report #935165,
regarding buster-pu: package newsboat/2.13-1+deb10u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
935165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935165
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: [email protected]
Usertags: pu
Hi,
I'd like to patch a use-after-free bug in newsboat. It was reported in debian
in #898559[1] and fixed upstream[2]. While I haven't been able to reproduce a
crash with it it's clear that it's there and I have received feedback that it
indeed fixes the linked issue.
Debdiff attached
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898559
[2] https://github.com/newsboat/newsboat/pull/603
diff -Nru newsboat-2.13/debian/changelog newsboat-2.13/debian/changelog
--- newsboat-2.13/debian/changelog 2018-09-23 21:01:29.000000000 +0300
+++ newsboat-2.13/debian/changelog 2019-08-17 21:10:38.000000000 +0300
@@ -1,3 +1,10 @@
+newsboat (2.13-1+deb10u1) buster; urgency=medium
+
+ [ Nikos Tsipinakis ]
+ * Patch use after free in itemlist (Closes: #898559)
+
+ -- Nikos Tsipinakis <[email protected]> Sat, 17 Aug 2019 21:10:38 +0300
+
newsboat (2.13-1) unstable; urgency=medium
* New upstream release
diff -Nru newsboat-2.13/debian/patches/02-fix-use-after-free.patch
newsboat-2.13/debian/patches/02-fix-use-after-free.patch
--- newsboat-2.13/debian/patches/02-fix-use-after-free.patch 1970-01-01
02:00:00.000000000 +0200
+++ newsboat-2.13/debian/patches/02-fix-use-after-free.patch 2019-08-17
21:10:22.000000000 +0300
@@ -0,0 +1,33 @@
+From a44a72ffa5c66a1de21476d23a8523001eecfc23 Mon Sep 17 00:00:00 2001
+From: Juho Pohjala <[email protected]>
+Date: Tue, 13 Aug 2019 16:10:16 +0300
+Subject: [PATCH] Crash when opening a url (#189)
+
+Caused by heap-use-after-free in ItemListFormAction::prepare().
+
+The complete invalidation mode repopulates the listfmt vector, thus it's
+not enough to clear the invalidated_itempos only in case of partial
+invalidation mode. The fix is to clear the invalidated_itempos vector
+also in case of complete invalidation mode.
+---
+ src/itemlistformaction.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/itemlist_formaction.cpp
++++ b/src/itemlist_formaction.cpp
+@@ -930,7 +930,6 @@
+ datetime_format);
+ listfmt.set_line(itempos, line, item.second);
+ }
+- invalidated_itempos.clear();
+ } else {
+ LOG(level::ERROR,
+ "invalidation_mode is neither COMPLETE nor "
+@@ -942,6 +941,7 @@
+ listfmt.format_list(rxman, "articlelist"));
+ }
+
++ invalidated_itempos.clear();
+ invalidated = false;
+
+ set_head(feed->title(),
diff -Nru newsboat-2.13/debian/patches/series
newsboat-2.13/debian/patches/series
--- newsboat-2.13/debian/patches/series 2018-09-23 21:01:29.000000000 +0300
+++ newsboat-2.13/debian/patches/series 2019-08-17 21:10:22.000000000 +0300
@@ -1 +1,2 @@
01-use-policy-compliant-perl-hashbang.patch
+02-fix-use-after-free.patch
--- End Message ---
--- Begin Message ---
Version: 10.1
Hi,
The fixes referenced by each of these bugs were included in today's
buster point release.
Regards,
Adam
--- End Message ---
