summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabian Groffen <grobian@gentoo.org>2006-06-27 17:08:45 +0000
committerFabian Groffen <grobian@gentoo.org>2006-06-27 17:08:45 +0000
commit677fb0d3d463fc371d1362afe4f78c8f8972cbd8 (patch)
treeba6dd1ce5af3af2d0f06cea7a1635fb528ab067a /mail-client/muttng
parentppc stable, #138146 (diff)
downloadgentoo-2-677fb0d3d463fc371d1362afe4f78c8f8972cbd8.tar.gz
gentoo-2-677fb0d3d463fc371d1362afe4f78c8f8972cbd8.tar.bz2
gentoo-2-677fb0d3d463fc371d1362afe4f78c8f8972cbd8.zip
Add ported Mutt 1.5.11 IMAP buffer overflow patch (bug #138125)
(Portage version: 2.1-r1)
Diffstat (limited to 'mail-client/muttng')
-rw-r--r--mail-client/muttng/ChangeLog8
-rw-r--r--mail-client/muttng/files/digest-muttng-20060619-r13
-rw-r--r--mail-client/muttng/files/muttng-20060619-imap-browse.patch38
-rw-r--r--mail-client/muttng/muttng-20060619-r1.ebuild160
4 files changed, 208 insertions, 1 deletions
diff --git a/mail-client/muttng/ChangeLog b/mail-client/muttng/ChangeLog
index 6f6997a78df3..f53482ce600d 100644
--- a/mail-client/muttng/ChangeLog
+++ b/mail-client/muttng/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for mail-client/muttng
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/muttng/ChangeLog,v 1.20 2006/06/20 16:54:17 grobian Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/muttng/ChangeLog,v 1.21 2006/06/27 17:08:45 grobian Exp $
+
+*muttng-20060619-r1 (27 Jun 2006)
+
+ 27 Jun 2006; Fabian Groffen <grobian@gentoo.org>
+ +files/muttng-20060619-imap-browse.patch, +muttng-20060619-r1.ebuild:
+ Add ported Mutt 1.5.11 IMAP buffer overflow patch (bug #138125)
*muttng-20060619 (20 Jun 2006)
diff --git a/mail-client/muttng/files/digest-muttng-20060619-r1 b/mail-client/muttng/files/digest-muttng-20060619-r1
new file mode 100644
index 000000000000..84316cfe55d5
--- /dev/null
+++ b/mail-client/muttng/files/digest-muttng-20060619-r1
@@ -0,0 +1,3 @@
+MD5 7bc0c3fc4f1bfb28ec20c256e92cc41c muttng-20060619.tar.gz 2734131
+RMD160 d482eddb7ac5e1998faa570a496b14f85ff1eef1 muttng-20060619.tar.gz 2734131
+SHA256 151a99dd4c2b91805885c13b78e35e0f2f24ff01ff459945ca5d783a11c293a2 muttng-20060619.tar.gz 2734131
diff --git a/mail-client/muttng/files/muttng-20060619-imap-browse.patch b/mail-client/muttng/files/muttng-20060619-imap-browse.patch
new file mode 100644
index 000000000000..001a218869b9
--- /dev/null
+++ b/mail-client/muttng/files/muttng-20060619-imap-browse.patch
@@ -0,0 +1,38 @@
+commit 850d4a6b78730344ad7bb1d2a04cfcd35def3fec
+Author: brendan <brendan>
+Date: Mon Jun 19 18:14:03 2006 +0000
+
+ From: TAKAHASHI Tamotsu <tamo@momonga-linux.org>
+
+ Fix browse_get_namespace() which could overflow ns[LONG_STRING].
+ (Possible remote vulnerability)
+
+Fabian Groffen <grobian@gentoo.org>:
+* ported Mutt 1.5.11 patch to muttng-r804 (20060619)
+
+--- imap/browse.c
++++ imap/browse.c
+@@ -481,7 +481,7 @@
+
+ if (*s == '\"') {
+ s++;
+- while (*s && *s != '\"') {
++ while (*s && *s != '\"' && n < (sizeof(ns) - 1)) {
+ if (*s == '\\')
+ s++;
+ ns[n++] = *s;
+@@ -491,11 +491,13 @@
+ s++;
+ }
+ else
+- while (*s && !ISSPACE (*s)) {
++ while (*s && !ISSPACE (*s) && n < (sizeof(ns) - 1)) {
+ ns[n++] = *s;
+ s++;
+ }
+ ns[n] = '\0';
++ if (n == (sizeof(ns) - 1))
++ debug_print (1, ("browse_get_namespace: too long: [%s]\n", ns));
+ /* delim? */
+ s = imap_next_word (s);
+ /* delimiter is meaningless if namespace is "". Why does
diff --git a/mail-client/muttng/muttng-20060619-r1.ebuild b/mail-client/muttng/muttng-20060619-r1.ebuild
new file mode 100644
index 000000000000..da97c100cf39
--- /dev/null
+++ b/mail-client/muttng/muttng-20060619-r1.ebuild
@@ -0,0 +1,160 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-client/muttng/muttng-20060619-r1.ebuild,v 1.1 2006/06/27 17:08:45 grobian Exp $
+
+inherit eutils flag-o-matic
+
+DESCRIPTION="mutt-ng -- fork of mutt with added features"
+HOMEPAGE="http://www.muttng.org/"
+SRC_URI="http://nion.modprobe.de/mutt-ng/snapshots/${P}.tar.gz"
+IUSE="berkdb buffysize cjk crypt debug gdbm gnutls gpgme idn imap mbox nls nntp pop qdbm sasl slang smime smtp ssl doc"
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc-macos ~sparc ~x86"
+RDEPEND="nls? ( sys-devel/gettext )
+ >=sys-libs/ncurses-5.2
+ idn? ( net-dns/libidn )
+ qdbm? ( dev-db/qdbm )
+ !qdbm? (
+ gdbm? ( sys-libs/gdbm )
+ !gdbm? ( berkdb? ( >=sys-libs/db-4 ) )
+ )
+ slang? ( >=sys-libs/slang-1.4.2 )
+ smtp? ( net-libs/libesmtp )
+ imap? (
+ gnutls? ( >=net-libs/gnutls-1.0.17 )
+ !gnutls? ( ssl? ( >=dev-libs/openssl-0.9.6 ) )
+ sasl? ( >=dev-libs/cyrus-sasl-2 )
+ )
+ pop? (
+ gnutls? ( >=net-libs/gnutls-1.0.17 )
+ !gnutls? ( ssl? ( >=dev-libs/openssl-0.9.6 ) )
+ sasl? ( >=dev-libs/cyrus-sasl-2 )
+ )
+ gpgme? ( >=app-crypt/gpgme-0.9.0 )
+ doc? (
+ www-client/lynx
+ dev-libs/libxslt
+ app-text/htmltidy
+ app-text/openjade
+ virtual/tetex
+ )"
+DEPEND="${RDEPEND}
+ net-mail/mailbase"
+# sys-devel/automake
+# >=sys-devel/autoconf-2.5
+
+src_unpack() {
+ unpack ${A} || die "unpack failed"
+ cd "${S}"
+ epatch "${FILESDIR}/${PN}"-20060309-smarttime.patch
+ epatch "${FILESDIR}/${PN}"-20060317-sigremovereply.patch
+
+ # Fix possible vulnerability see bug #138125
+ epatch "${FILESDIR}/${P}"-imap-browse.patch
+
+ use doc || epatch "${FILESDIR}/${PN}"-20060309-nodoc.patch
+
+# aclocal -I m4 || die "aclocal failed"
+# autoheader || die "autoheader failed"
+# emake -C m4 -f Makefile.am.in || die "emake in m4 failed"
+# automake --foreign || die "automake failed"
+# WANT_AUTOCONF=2.5 autoconf || die "autoconf failed"
+}
+
+src_compile() {
+ declare myconf="
+ $(use_enable nls) \
+ $(use_enable gpgme) \
+ $(use_enable imap) \
+ $(use_enable pop) \
+ $(use_enable crypt pgp) \
+ $(use_enable smime) \
+ $(use_enable cjk default-japanese) \
+ $(use_enable debug) \
+ $(use_enable nntp) \
+ $(use_with idn) \
+ $(use_with smtp libesmtp) \
+ --enable-compressed \
+ --sysconfdir=/etc/${PN} \
+ --with-docdir=/usr/share/doc/${PN}-${PVR} \
+ --with-regex \
+ --disable-fcntl --enable-flock --enable-nfs-fix \
+ --with-mixmaster \
+ --without-sasl \
+ --enable-external-dotlock"
+
+ # muttng prioritizes qdbm over gdbm, so we will too.
+ # hcache feature requires at least one database is in USE.
+ if use qdbm; then
+ myconf="${myconf} --enable-hcache \
+ --with-qdbm --without-gdbm --without-bdb"
+ elif use gdbm; then
+ myconf="${myconf} --enable-hcache \
+ --with-gdbm --without-qdbm --without-bdb"
+ elif use berkdb; then
+ myconf="${myconf} --enable-hcache \
+ --with-bdb --without-gdbm --without-qdbm"
+ else
+ myconf="${myconf} --disable-hcache \
+ --without-gdbm --without-qdbm --without-bdb"
+ fi
+
+ # there's no need for gnutls or ssl without either pop or imap.
+ # in fact mutt's configure will bail if you do:
+ # --without-pop --without-imap --with-ssl
+ if use pop || use imap; then
+ if use gnutls; then
+ myconf="${myconf} --with-gnutls"
+ elif use ssl; then
+ myconf="${myconf} --with-ssl"
+ fi
+ # not sure if this should be mutually exclusive with the other two
+ myconf="${myconf} $(use_with sasl sasl2)"
+ else
+ myconf="${myconf} --without-gnutls --without-ssl --without-sasl2"
+ fi
+
+ # See Bug #11170
+ case ${ARCH} in
+ alpha|ppc) replace-flags "-O[3-9]" "-O2" ;;
+ esac
+
+ if use buffysize; then
+ ewarn "USE=buffy-size is just a workaround. Disable it if you don't need it."
+ myconf="${myconf} --enable-buffy-size"
+ fi
+
+ if use slang; then
+ myconf="${myconf} --with-slang"
+ ewarn "If you want a transparent background, merge ${PN} with USE=-slang."
+ else
+ # --without-slang doesn't work;
+ # specify --with-curses if you don't want slang
+ # (26 Sep 2001 agriffis)
+ myconf="${myconf} --with-curses"
+ fi
+
+ if use mbox; then
+ myconf="${myconf} --with-mailpath=/var/spool/mail"
+ else
+ myconf="${myconf} --with-homespool=Maildir"
+ fi
+
+ econf ${myconf}
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "install failed"
+ find "${D}"/usr/share/doc -type f | grep -v "html\|manual" | xargs gzip
+
+ dodoc COPYRIGHT ChangeLog NEWS OPS* PATCHES README* TODO
+}
+
+pkg_postinst() {
+ echo
+ einfo "NOTE: muttng is still under heavy development"
+ einfo "If you find a bug please report at http://bugs.gentoo.org"
+ echo
+}