summaryrefslogtreecommitdiff
path: root/mail/mutt
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2006-12-11 12:46:51 +0000
committersalo <salo@pkgsrc.org>2006-12-11 12:46:51 +0000
commit9c7d1b525ffd6e1005f03e13337bc6c2ba981643 (patch)
tree51f76889729bb10f646066f1ccf0c040abf8807c /mail/mutt
parentb55a67fbcde8d2200bb47df17cef4b65dc797392 (diff)
downloadpkgsrc-9c7d1b525ffd6e1005f03e13337bc6c2ba981643.tar.gz
Use official upstream patch for CVE-2006-5297 and CVE-2006-5298 security
issues from mutt GIT repo. Bump PKGREVISION. ok <tron>
Diffstat (limited to 'mail/mutt')
-rw-r--r--mail/mutt/Makefile4
-rw-r--r--mail/mutt/distinfo4
-rw-r--r--mail/mutt/patches/patch-ad106
3 files changed, 88 insertions, 26 deletions
diff --git a/mail/mutt/Makefile b/mail/mutt/Makefile
index e2358ff0253..5b3235c1358 100644
--- a/mail/mutt/Makefile
+++ b/mail/mutt/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.146 2006/11/02 07:52:50 joerg Exp $
+# $NetBSD: Makefile,v 1.147 2006/12/11 12:46:51 salo Exp $
DISTNAME= mutt-1.4.2.2i
-PKGREVISION= 2
+PKGREVISION= 3
PKGNAME= ${DISTNAME:C/i$//}
CATEGORIES= mail
MASTER_SITES= ftp://ftp.mutt.org/mutt/ \
diff --git a/mail/mutt/distinfo b/mail/mutt/distinfo
index 50243082013..72aabbcc2dd 100644
--- a/mail/mutt/distinfo
+++ b/mail/mutt/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2006/11/01 13:32:32 tron Exp $
+$NetBSD: distinfo,v 1.33 2006/12/11 12:46:51 salo Exp $
SHA1 (mutt-1.4.2.2i.tar.gz) = 0ee12f734f21186b143fa96a5ea79f72397747fb
RMD160 (mutt-1.4.2.2i.tar.gz) = a749c13e9b56b0f3cf09ce5eabae3fd2edce4c0a
@@ -6,7 +6,7 @@ Size (mutt-1.4.2.2i.tar.gz) = 2676306 bytes
SHA1 (patch-aa) = 057c11486bb855e321853a106992c8792b75b812
SHA1 (patch-ab) = 46518ebcd144bdb19da3f2238455d25544539e23
SHA1 (patch-ac) = acfece3438c1cadc43247c590045699be7212ede
-SHA1 (patch-ad) = e207b279b4b6cf9bd29f5537beedb3f34453b62d
+SHA1 (patch-ad) = 8baac1337c1ab65e98055915f045e99d91015677
SHA1 (patch-ag) = c369b0b5d4855e50a016530f81190b2cbd47cef1
SHA1 (patch-ah) = 04549728683b4250a26f6d6c7a212b8d505014d2
SHA1 (patch-ai) = 317b736d6b9a896e1ee185cce37a1c2184c02cde
diff --git a/mail/mutt/patches/patch-ad b/mail/mutt/patches/patch-ad
index 2c25dcead29..aded4370a80 100644
--- a/mail/mutt/patches/patch-ad
+++ b/mail/mutt/patches/patch-ad
@@ -1,29 +1,91 @@
-$NetBSD: patch-ad,v 1.8 2006/11/01 13:32:32 tron Exp $
+$NetBSD: patch-ad,v 1.9 2006/12/11 12:46:51 salo Exp $
---- lib.c.orig 2002-04-29 18:12:18.000000000 +0100
-+++ lib.c 2006-11-01 13:22:51.000000000 +0000
-@@ -351,8 +351,8 @@
+Security fixes for CVE-2006-5297 and CVE-2006-5298, from mutt git.
+
+--- lib.c.orig 2002-04-29 19:12:18.000000000 +0200
++++ lib.c 2006-12-11 13:24:17.000000000 +0100
+@@ -346,13 +346,84 @@ int safe_rename (const char *src, const
+ return 0;
+ }
+
++/* Create a temporary directory next to a file name */
++
++int mutt_mkwrapdir (const char *path, char *newfile, size_t nflen,
++ char *newdir, size_t ndlen)
++{
++ const char *basename;
++ char parent[_POSIX_PATH_MAX];
++ char *p;
++ int rv;
++
++ strfcpy (parent, NONULL (path), sizeof (parent));
++
++ if ((p = strrchr (parent, '/')))
++ {
++ *p = '\0';
++ basename = p + 1;
++ }
++ else
++ {
++ strfcpy (parent, ".", sizeof (parent));
++ basename = path;
++ }
++
++ do
++ {
++ snprintf (newdir, ndlen, "%s/%s", parent, ".muttXXXXXX");
++ mktemp (newdir);
++ }
++ while ((rv = mkdir (newdir, 0700)) == -1 && errno == EEXIST);
++
++ if (rv == -1)
++ return -1;
++
++ snprintf (newfile, nflen, "%s/%s", newdir, NONULL(basename));
++ return 0;
++}
++
++int mutt_put_file_in_place (const char *path, const char *safe_file, const char *safe_dir)
++{
++ int rv;
++
++ rv = safe_rename (safe_file, path);
++ unlink (safe_file);
++ rmdir (safe_dir);
++ return rv;
++}
++
+ int safe_open (const char *path, int flags)
+ {
struct stat osb, nsb;
int fd;
-- if ((fd = open (path, flags, 0600)) < 0)
-- return fd;
-+ if ((fd = open (path, flags, S_IRUSR|S_IWUSR)) < 0)
-+ return (-1);
++ if (flags & O_EXCL)
++ {
++ char safe_file[_POSIX_PATH_MAX];
++ char safe_dir[_POSIX_PATH_MAX];
++
++ if (mutt_mkwrapdir (path, safe_file, sizeof (safe_file),
++ safe_dir, sizeof (safe_dir)) == -1)
++ return -1;
++
++ if ((fd = open (safe_file, flags, 0600)) < 0)
++ {
++ rmdir (safe_dir);
++ return fd;
++ }
++
++ if (mutt_put_file_in_place (path, safe_file, safe_dir) == -1)
++ {
++ close (fd);
++ return -1;
++ }
++ }
++ else
++ {
+ if ((fd = open (path, flags, 0600)) < 0)
+ return fd;
++ }
/* make sure the file is not symlink */
if (lstat (path, &osb) < 0 || fstat (fd, &nsb) < 0 ||
-@@ -363,6 +363,13 @@
- return (-1);
- }
-
-+ /* Make sure the file is owned by us and has save permissions. */
-+ if (nsb.st_uid != geteuid() ||
-+ (nsb.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
-+ close (fd);
-+ return (-1);
-+ }
-+
- return (fd);
- }
-