diff options
author | jperkin <jperkin> | 2015-02-19 10:50:44 +0000 |
---|---|---|
committer | jperkin <jperkin> | 2015-02-19 10:50:44 +0000 |
commit | 7e7a0c7dfc7a219b19c7cc3f5895852f3fc82fa8 (patch) | |
tree | 54ebf4cda6013395a275985fb228f74c2a047e8d /mail | |
parent | 46b281c1ccbb4d0d84b3a1e906ac596f3f3ffbad (diff) | |
download | pkgsrc-7e7a0c7dfc7a219b19c7cc3f5895852f3fc82fa8.tar.gz |
Use the official upstream fix for CVE-2014-9116. The proposed patch that
we were previously using has unwanted side-effects, such as appending ","
to To/Cc/Mail-Followup-To, and other spacing issues.
Bump PKGREVISION.
Diffstat (limited to 'mail')
-rw-r--r-- | mail/mutt-devel/Makefile | 4 | ||||
-rw-r--r-- | mail/mutt-devel/distinfo | 5 | ||||
-rw-r--r-- | mail/mutt-devel/patches/patch-af | 15 | ||||
-rw-r--r-- | mail/mutt-devel/patches/patch-sendlib.c | 23 |
4 files changed, 29 insertions, 18 deletions
diff --git a/mail/mutt-devel/Makefile b/mail/mutt-devel/Makefile index 62b472387d5..ee607f9fdbc 100644 --- a/mail/mutt-devel/Makefile +++ b/mail/mutt-devel/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.101 2015/02/19 10:00:26 jperkin Exp $ +# $NetBSD: Makefile,v 1.102 2015/02/19 10:50:44 jperkin Exp $ DISTNAME= mutt-1.5.23 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= mail MUTT_SITES= ftp://ftp.mutt.org/mutt/ \ ftp://ftp.stealth.net/pub/mirrors/ftp.mutt.org/pub/mutt/ \ diff --git a/mail/mutt-devel/distinfo b/mail/mutt-devel/distinfo index f6782c75e72..4f852f9005a 100644 --- a/mail/mutt-devel/distinfo +++ b/mail/mutt-devel/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.81 2014/12/19 20:45:52 tron Exp $ +$NetBSD: distinfo,v 1.82 2015/02/19 10:50:44 jperkin Exp $ SHA1 (mutt-1.5.23.tar.gz) = 8ac821d8b1e25504a31bf5fda9c08d93a4acc862 RMD160 (mutt-1.5.23.tar.gz) = 2476a9e202ab1cd20a512253246e37538e0aad5a @@ -8,7 +8,7 @@ SHA1 (patch-ab) = 857799206db0784672ad9042799eb12703711a31 SHA1 (patch-ac) = 40d119b7efed1a4622c42badc9ee97349b504044 SHA1 (patch-ad) = ecfa994c7c5e494b6eb7356327b96de6559146fc SHA1 (patch-ae) = 6534848a4c27d4a3830edd8d4e19d1181fe396d6 -SHA1 (patch-af) = 97b02bba89eed5c9b148664d96b6d665b3e6cb48 +SHA1 (patch-af) = edc107c535789919ba2cda5f81a4b640b6100b91 SHA1 (patch-ag) = 6633e7485c948433f9122a649fdf3a548197eced SHA1 (patch-ah) = dfe747c30a44bb309cccaca1bd5174fccc3c2bed SHA1 (patch-al) = 49542905cde263b8d4c79f71cce3759024c804a3 @@ -17,3 +17,4 @@ SHA1 (patch-an) = b9cc3e957bb1650c8e22c0edf0ce112f769664a1 SHA1 (patch-ao) = a5dddb01d30f28337ca825c6461139c2d9f288d5 SHA1 (patch-ap) = c6f79d5c4e19efdc15e9d5a59934da52b16b7a62 SHA1 (patch-aq) = e363d8929ced9731a31af1137b111d3476a3d05d +SHA1 (patch-sendlib.c) = 0c14236d28f55eae88aea409acc5b8cdcb241556 diff --git a/mail/mutt-devel/patches/patch-af b/mail/mutt-devel/patches/patch-af index 10ec383adc8..5e3daa798a1 100644 --- a/mail/mutt-devel/patches/patch-af +++ b/mail/mutt-devel/patches/patch-af @@ -1,12 +1,8 @@ -$NetBSD: patch-af,v 1.2 2014/12/19 20:45:53 tron Exp $ +$NetBSD: patch-af,v 1.3 2015/02/19 10:50:44 jperkin Exp $ 1.) On some systems, curses.h defines TRUE and FALSE, so conditionalise them here to avoid compiler complaints about duplicate definitions. -2.) Fix CVE-2014-9116, patch take from here: - - http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-dev.patch - --- lib.h.orig 2014-03-12 16:03:45.000000000 +0000 +++ lib.h 2014-12-19 20:41:07.000000000 +0000 @@ -54,8 +54,12 @@ @@ -24,12 +20,3 @@ $NetBSD: patch-af,v 1.2 2014/12/19 20:45:53 tron Exp $ # define HUGE_STRING 5120 # define LONG_STRING 1024 -@@ -98,7 +102,7 @@ - on some systems */ - # define SKIPWS(c) while (*(c) && isspace ((unsigned char) *(c))) c++; - --#define EMAIL_WSP " \t\r\n" -+#define EMAIL_WSP " \t" - - /* skip over WSP as defined by RFC5322. This is used primarily for parsing - * header fields. */ diff --git a/mail/mutt-devel/patches/patch-sendlib.c b/mail/mutt-devel/patches/patch-sendlib.c new file mode 100644 index 00000000000..78c0bb5c648 --- /dev/null +++ b/mail/mutt-devel/patches/patch-sendlib.c @@ -0,0 +1,23 @@ +$NetBSD: patch-sendlib.c,v 1.3 2015/02/19 10:50:44 jperkin Exp $ + +Fix CVE-2014-9116 using the upstream patch from +http://dev.mutt.org/trac/changeset/0aebf1df43598b442ac75ae4fe17875351854db0 + +--- sendlib.c.orig 2014-03-12 16:03:45.000000000 +0000 ++++ sendlib.c +@@ -1814,7 +1814,14 @@ static int write_one_header (FILE *fp, i + { + tagbuf = mutt_substrdup (start, t); + /* skip over the colon separating the header field name and value */ +- t = skip_email_wsp(t + 1); ++ ++t; ++ ++ /* skip over any leading whitespace (WSP, as defined in RFC5322) ++ * NOTE: skip_email_wsp() does the wrong thing here. ++ * See tickets 3609 and 3716. */ ++ while (*t == ' ' || *t == '\t') ++ t++; ++ + valbuf = mutt_substrdup (t, end); + } + dprint(4,(debugfile,"mwoh: buf[%s%s] too long, " |