summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-01-27 10:54:03 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-01-27 10:56:34 +0000
commit1e5e7cc1578a74a3582a3b8e43a1b27efd8b1622 (patch)
tree78c141ba1e960597fb82721da908ab834b990ea1
parent5c323cd20a116d7f9b4761e8b231bc83274b0c97 (diff)
downloadaports-1e5e7cc1578a74a3582a3b8e43a1b27efd8b1622.tar.bz2
aports-1e5e7cc1578a74a3582a3b8e43a1b27efd8b1622.tar.xz
main/mutt: security fix for CVE-2014-9116
ref #3766 fixes #3770 (cherry picked from commit 65306a18e2d26e3724f00b5856166a87ebf4439e)
-rw-r--r--main/mutt/APKBUILD20
-rw-r--r--main/mutt/CVE-2014-9116.patch45
2 files changed, 60 insertions, 5 deletions
diff --git a/main/mutt/APKBUILD b/main/mutt/APKBUILD
index 8c07f0add..189c42327 100644
--- a/main/mutt/APKBUILD
+++ b/main/mutt/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Andrew Manison<amanison@anselsystems.com>
pkgname=mutt
pkgver=1.5.23
-pkgrel=0
+pkgrel=1
pkgdesc="a small but very powerful text-mode email client"
url="http://www.mutt.org"
arch="all"
@@ -12,13 +12,20 @@ makedepends="cyrus-sasl-dev gdbm-dev gettext-dev gpgme-dev libiconv-dev
libidn-dev ncurses-dev openssl-dev perl"
install=
subpackages="$pkgname-doc $pkgname-lang"
-source="https://bitbucket.org/$pkgname/$pkgname/downloads/$pkgname-$pkgver.tar.gz"
+source="https://bitbucket.org/$pkgname/$pkgname/downloads/$pkgname-$pkgver.tar.gz
+ CVE-2014-9116.patch
+ "
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
update_config_sub || return 1
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
}
build() {
@@ -64,6 +71,9 @@ package() {
}
-md5sums="11f5b6a3eeba1afa1257fe93c9f26bff mutt-1.5.23.tar.gz"
-sha256sums="3af0701e57b9e1880ed3a0dee34498a228939e854a16cdccd24e5e502626fd37 mutt-1.5.23.tar.gz"
-sha512sums="f1b4a7230253651857f61bd7215cce870a613012f613d4c907d401556083726c8ed7d429d57a8bf858c3b5b23683380d4c1494540d86ca80813e22cb6b95bc1e mutt-1.5.23.tar.gz"
+md5sums="11f5b6a3eeba1afa1257fe93c9f26bff mutt-1.5.23.tar.gz
+6df95ec10fa73e3675dcc3b0a6372f50 CVE-2014-9116.patch"
+sha256sums="3af0701e57b9e1880ed3a0dee34498a228939e854a16cdccd24e5e502626fd37 mutt-1.5.23.tar.gz
+97fd773b5c58c7803c57fcd126c1c81c2c7cbb7b860f217571c6a2a47a5b01c5 CVE-2014-9116.patch"
+sha512sums="f1b4a7230253651857f61bd7215cce870a613012f613d4c907d401556083726c8ed7d429d57a8bf858c3b5b23683380d4c1494540d86ca80813e22cb6b95bc1e mutt-1.5.23.tar.gz
+14aba18442da7783ec76c17699c0e3e88c4f25a21418d37b48e456f572b0b56f9197aa8d694a8bf23be313252cf76e818bc5e9d3e30f2dfe8bff14eb8f6b01e8 CVE-2014-9116.patch"
diff --git a/main/mutt/CVE-2014-9116.patch b/main/mutt/CVE-2014-9116.patch
new file mode 100644
index 000000000..86b1b5f7d
--- /dev/null
+++ b/main/mutt/CVE-2014-9116.patch
@@ -0,0 +1,45 @@
+# HG changeset patch
+# User Kevin McCarthy <kevin@8t8.us>
+# Date 1417472364 28800
+# Mon Dec 01 14:19:24 2014 -0800
+# Branch stable
+# Node ID 0aebf1df43598b442ac75ae4fe17875351854db0
+# Parent 5a86319adad0d17e4acaf8a580bfc9eb247547d0
+Revert write_one_header() to skip space and tab. (closes #3716)
+
+This patch fixes CVE-2014-9116 in the stable branch. It reverts
+write_one_header() to the pre [f251d523ca5a] code for skipping
+whitespace.
+
+Thanks to Antonio Radici and Tomas Hoger for their analysis and patches
+to mutt, which this patch is based off of.
+
+diff --git a/sendlib.c b/sendlib.c
+--- a/sendlib.c
++++ b/sendlib.c
+@@ -1809,17 +1809,24 @@
+ {
+ tagbuf = NULL;
+ valbuf = mutt_substrdup (start, end);
+ }
+ else
+ {
+ tagbuf = mutt_substrdup (start, t);
+ /* skip over the colon separating the header field name and value */
+- t = skip_email_wsp(t + 1);
++ ++t;
++
++ /* skip over any leading whitespace (WSP, as defined in RFC5322)
++ * NOTE: skip_email_wsp() does the wrong thing here.
++ * See tickets 3609 and 3716. */
++ while (*t == ' ' || *t == '\t')
++ t++;
++
+ valbuf = mutt_substrdup (t, end);
+ }
+ dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "
+ "max width = %d > %d\n",
+ NONULL(pfx), valbuf, max, wraplen));
+ if (fold_one_header (fp, tagbuf, valbuf, pfx, wraplen, flags) < 0)
+ return -1;
+ FREE (&tagbuf);