diff options
| author | tonio <tonio> | 2007-05-27 17:39:47 +0000 |
|---|---|---|
| committer | tonio <tonio> | 2007-05-27 17:39:47 +0000 |
| commit | fe9c5759fa073a7974ffa73f8c0710dc8d793371 (patch) | |
| tree | 79953c50f8e5312a614e158b82eecc798f010bed /mail | |
| parent | 51daab3d25f5e38acfb020caa348e518f313d8d7 (diff) | |
| download | pkgsrc-fe9c5759fa073a7974ffa73f8c0710dc8d793371.tar.gz | |
Add a fix for Fix CVE-2007-2683
Bump PKGREVISION
Use signed arithmetic in mutt_gecos_name to avoid an overflow.
From http://dev.mutt.org/hg/mutt/rev/47d08903b79b
And trac: http://dev.mutt.org/trac/ticket/2885
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/mutt-devel/Makefile | 3 | ||||
| -rw-r--r-- | mail/mutt-devel/distinfo | 3 | ||||
| -rw-r--r-- | mail/mutt-devel/options.mk | 6 | ||||
| -rw-r--r-- | mail/mutt-devel/patches/patch-am | 17 |
4 files changed, 24 insertions, 5 deletions
diff --git a/mail/mutt-devel/Makefile b/mail/mutt-devel/Makefile index 18285a28e33..690d81a19bf 100644 --- a/mail/mutt-devel/Makefile +++ b/mail/mutt-devel/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.58 2007/04/21 18:27:21 tonio Exp $ +# $NetBSD: Makefile,v 1.59 2007/05/27 17:39:47 tonio Exp $ DISTNAME= mutt-1.5.15 +PKGREVISION= 1 CATEGORIES= mail MUTT_SITES= ftp://ftp.mutt.org/mutt/ \ ftp://ftp.stealth.net/pub/mirrors/ftp.mutt.org/pub/mutt/ \ diff --git a/mail/mutt-devel/distinfo b/mail/mutt-devel/distinfo index f97e0d939a6..b43d186a5c1 100644 --- a/mail/mutt-devel/distinfo +++ b/mail/mutt-devel/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.39 2007/04/21 18:27:21 tonio Exp $ +$NetBSD: distinfo,v 1.40 2007/05/27 17:39:47 tonio Exp $ SHA1 (mutt-1.5.15.tar.gz) = 1adabf6e07e099bb664c83e3c0100bbbdfec7a9a RMD160 (mutt-1.5.15.tar.gz) = 0cc084d2fcdabc0bc41632fcff90703c206de3db @@ -15,3 +15,4 @@ SHA1 (patch-ag) = b8daf23256cd2cfd8c60cae646eb36ec1656823f SHA1 (patch-ah) = 4227c5768b900e58fa4a679e6ad67efc974a70b5 SHA1 (patch-ai) = 9cbd895520d94d11655c57c01d3e8b4150f0e9bb SHA1 (patch-al) = d4dae28192d7a3b3fad316d9f31ab69106eac9c2 +SHA1 (patch-am) = e481e4f76da79e71ed94090cb049f51f91d9a2b5 diff --git a/mail/mutt-devel/options.mk b/mail/mutt-devel/options.mk index d443b238f84..b845d120784 100644 --- a/mail/mutt-devel/options.mk +++ b/mail/mutt-devel/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.24 2007/04/21 18:27:21 tonio Exp $ +# $NetBSD: options.mk,v 1.25 2007/05/27 17:39:47 tonio Exp $ # Global and legacy options @@ -100,9 +100,9 @@ CONFIGURE_ARGS+= --disable-hcache ### Internal SMTP relay support ### .if !empty(PKG_OPTIONS:Mmutt-smtp) -CONFIGURE_ARGS+= --enable-smtp +CONFIGURE_ARGS+= --enable-smtp .else -CONFIGURE_ARGS+= --disable-smtp +CONFIGURE_ARGS+= --disable-smtp .endif ### diff --git a/mail/mutt-devel/patches/patch-am b/mail/mutt-devel/patches/patch-am new file mode 100644 index 00000000000..4c0b0aee93a --- /dev/null +++ b/mail/mutt-devel/patches/patch-am @@ -0,0 +1,17 @@ +$NetBSD: patch-am,v 1.3 2007/05/27 17:39:48 tonio Exp $ + +Use signed arithmetic in mutt_gecos_name to avoid an overflow. +From http://dev.mutt.org/hg/mutt/rev/47d08903b79b +Fix CVE-2007-2683 + +--- muttlib.c.orig 2007-04-03 19:52:56.000000000 +0200 ++++ muttlib.c +@@ -540,7 +540,7 @@ char *mutt_gecos_name (char *dest, size_ + if (dest[idx] == '&') + { + memmove (&dest[idx + pwnl], &dest[idx + 1], +- MAX(destlen - idx - pwnl - 1, 0)); ++ MAX((ssize_t)(destlen - idx - pwnl - 1), 0)); + memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl)); + dest[idx] = toupper ((unsigned char) dest[idx]); + } |