diff options
author | Fabian Groffen <grobian@gentoo.org> | 2006-06-27 17:08:45 +0000 |
---|---|---|
committer | Fabian Groffen <grobian@gentoo.org> | 2006-06-27 17:08:45 +0000 |
commit | 677fb0d3d463fc371d1362afe4f78c8f8972cbd8 (patch) | |
tree | ba6dd1ce5af3af2d0f06cea7a1635fb528ab067a /mail-client/muttng | |
parent | ppc stable, #138146 (diff) | |
download | gentoo-2-677fb0d3d463fc371d1362afe4f78c8f8972cbd8.tar.gz gentoo-2-677fb0d3d463fc371d1362afe4f78c8f8972cbd8.tar.bz2 gentoo-2-677fb0d3d463fc371d1362afe4f78c8f8972cbd8.zip |
Add ported Mutt 1.5.11 IMAP buffer overflow patch (bug #138125)
(Portage version: 2.1-r1)
Diffstat (limited to 'mail-client/muttng')
-rw-r--r-- | mail-client/muttng/ChangeLog | 8 | ||||
-rw-r--r-- | mail-client/muttng/files/digest-muttng-20060619-r1 | 3 | ||||
-rw-r--r-- | mail-client/muttng/files/muttng-20060619-imap-browse.patch | 38 | ||||
-rw-r--r-- | mail-client/muttng/muttng-20060619-r1.ebuild | 160 |
4 files changed, 208 insertions, 1 deletions
diff --git a/mail-client/muttng/ChangeLog b/mail-client/muttng/ChangeLog index 6f6997a78df3..f53482ce600d 100644 --- a/mail-client/muttng/ChangeLog +++ b/mail-client/muttng/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for mail-client/muttng # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/mail-client/muttng/ChangeLog,v 1.20 2006/06/20 16:54:17 grobian Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-client/muttng/ChangeLog,v 1.21 2006/06/27 17:08:45 grobian Exp $ + +*muttng-20060619-r1 (27 Jun 2006) + + 27 Jun 2006; Fabian Groffen <grobian@gentoo.org> + +files/muttng-20060619-imap-browse.patch, +muttng-20060619-r1.ebuild: + Add ported Mutt 1.5.11 IMAP buffer overflow patch (bug #138125) *muttng-20060619 (20 Jun 2006) diff --git a/mail-client/muttng/files/digest-muttng-20060619-r1 b/mail-client/muttng/files/digest-muttng-20060619-r1 new file mode 100644 index 000000000000..84316cfe55d5 --- /dev/null +++ b/mail-client/muttng/files/digest-muttng-20060619-r1 @@ -0,0 +1,3 @@ +MD5 7bc0c3fc4f1bfb28ec20c256e92cc41c muttng-20060619.tar.gz 2734131 +RMD160 d482eddb7ac5e1998faa570a496b14f85ff1eef1 muttng-20060619.tar.gz 2734131 +SHA256 151a99dd4c2b91805885c13b78e35e0f2f24ff01ff459945ca5d783a11c293a2 muttng-20060619.tar.gz 2734131 diff --git a/mail-client/muttng/files/muttng-20060619-imap-browse.patch b/mail-client/muttng/files/muttng-20060619-imap-browse.patch new file mode 100644 index 000000000000..001a218869b9 --- /dev/null +++ b/mail-client/muttng/files/muttng-20060619-imap-browse.patch @@ -0,0 +1,38 @@ +commit 850d4a6b78730344ad7bb1d2a04cfcd35def3fec +Author: brendan <brendan> +Date: Mon Jun 19 18:14:03 2006 +0000 + + From: TAKAHASHI Tamotsu <tamo@momonga-linux.org> + + Fix browse_get_namespace() which could overflow ns[LONG_STRING]. + (Possible remote vulnerability) + +Fabian Groffen <grobian@gentoo.org>: +* ported Mutt 1.5.11 patch to muttng-r804 (20060619) + +--- imap/browse.c ++++ imap/browse.c +@@ -481,7 +481,7 @@ + + if (*s == '\"') { + s++; +- while (*s && *s != '\"') { ++ while (*s && *s != '\"' && n < (sizeof(ns) - 1)) { + if (*s == '\\') + s++; + ns[n++] = *s; +@@ -491,11 +491,13 @@ + s++; + } + else +- while (*s && !ISSPACE (*s)) { ++ while (*s && !ISSPACE (*s) && n < (sizeof(ns) - 1)) { + ns[n++] = *s; + s++; + } + ns[n] = '\0'; ++ if (n == (sizeof(ns) - 1)) ++ debug_print (1, ("browse_get_namespace: too long: [%s]\n", ns)); + /* delim? */ + s = imap_next_word (s); + /* delimiter is meaningless if namespace is "". Why does diff --git a/mail-client/muttng/muttng-20060619-r1.ebuild b/mail-client/muttng/muttng-20060619-r1.ebuild new file mode 100644 index 000000000000..da97c100cf39 --- /dev/null +++ b/mail-client/muttng/muttng-20060619-r1.ebuild @@ -0,0 +1,160 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-client/muttng/muttng-20060619-r1.ebuild,v 1.1 2006/06/27 17:08:45 grobian Exp $ + +inherit eutils flag-o-matic + +DESCRIPTION="mutt-ng -- fork of mutt with added features" +HOMEPAGE="http://www.muttng.org/" +SRC_URI="http://nion.modprobe.de/mutt-ng/snapshots/${P}.tar.gz" +IUSE="berkdb buffysize cjk crypt debug gdbm gnutls gpgme idn imap mbox nls nntp pop qdbm sasl slang smime smtp ssl doc" +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc-macos ~sparc ~x86" +RDEPEND="nls? ( sys-devel/gettext ) + >=sys-libs/ncurses-5.2 + idn? ( net-dns/libidn ) + qdbm? ( dev-db/qdbm ) + !qdbm? ( + gdbm? ( sys-libs/gdbm ) + !gdbm? ( berkdb? ( >=sys-libs/db-4 ) ) + ) + slang? ( >=sys-libs/slang-1.4.2 ) + smtp? ( net-libs/libesmtp ) + imap? ( + gnutls? ( >=net-libs/gnutls-1.0.17 ) + !gnutls? ( ssl? ( >=dev-libs/openssl-0.9.6 ) ) + sasl? ( >=dev-libs/cyrus-sasl-2 ) + ) + pop? ( + gnutls? ( >=net-libs/gnutls-1.0.17 ) + !gnutls? ( ssl? ( >=dev-libs/openssl-0.9.6 ) ) + sasl? ( >=dev-libs/cyrus-sasl-2 ) + ) + gpgme? ( >=app-crypt/gpgme-0.9.0 ) + doc? ( + www-client/lynx + dev-libs/libxslt + app-text/htmltidy + app-text/openjade + virtual/tetex + )" +DEPEND="${RDEPEND} + net-mail/mailbase" +# sys-devel/automake +# >=sys-devel/autoconf-2.5 + +src_unpack() { + unpack ${A} || die "unpack failed" + cd "${S}" + epatch "${FILESDIR}/${PN}"-20060309-smarttime.patch + epatch "${FILESDIR}/${PN}"-20060317-sigremovereply.patch + + # Fix possible vulnerability see bug #138125 + epatch "${FILESDIR}/${P}"-imap-browse.patch + + use doc || epatch "${FILESDIR}/${PN}"-20060309-nodoc.patch + +# aclocal -I m4 || die "aclocal failed" +# autoheader || die "autoheader failed" +# emake -C m4 -f Makefile.am.in || die "emake in m4 failed" +# automake --foreign || die "automake failed" +# WANT_AUTOCONF=2.5 autoconf || die "autoconf failed" +} + +src_compile() { + declare myconf=" + $(use_enable nls) \ + $(use_enable gpgme) \ + $(use_enable imap) \ + $(use_enable pop) \ + $(use_enable crypt pgp) \ + $(use_enable smime) \ + $(use_enable cjk default-japanese) \ + $(use_enable debug) \ + $(use_enable nntp) \ + $(use_with idn) \ + $(use_with smtp libesmtp) \ + --enable-compressed \ + --sysconfdir=/etc/${PN} \ + --with-docdir=/usr/share/doc/${PN}-${PVR} \ + --with-regex \ + --disable-fcntl --enable-flock --enable-nfs-fix \ + --with-mixmaster \ + --without-sasl \ + --enable-external-dotlock" + + # muttng prioritizes qdbm over gdbm, so we will too. + # hcache feature requires at least one database is in USE. + if use qdbm; then + myconf="${myconf} --enable-hcache \ + --with-qdbm --without-gdbm --without-bdb" + elif use gdbm; then + myconf="${myconf} --enable-hcache \ + --with-gdbm --without-qdbm --without-bdb" + elif use berkdb; then + myconf="${myconf} --enable-hcache \ + --with-bdb --without-gdbm --without-qdbm" + else + myconf="${myconf} --disable-hcache \ + --without-gdbm --without-qdbm --without-bdb" + fi + + # there's no need for gnutls or ssl without either pop or imap. + # in fact mutt's configure will bail if you do: + # --without-pop --without-imap --with-ssl + if use pop || use imap; then + if use gnutls; then + myconf="${myconf} --with-gnutls" + elif use ssl; then + myconf="${myconf} --with-ssl" + fi + # not sure if this should be mutually exclusive with the other two + myconf="${myconf} $(use_with sasl sasl2)" + else + myconf="${myconf} --without-gnutls --without-ssl --without-sasl2" + fi + + # See Bug #11170 + case ${ARCH} in + alpha|ppc) replace-flags "-O[3-9]" "-O2" ;; + esac + + if use buffysize; then + ewarn "USE=buffy-size is just a workaround. Disable it if you don't need it." + myconf="${myconf} --enable-buffy-size" + fi + + if use slang; then + myconf="${myconf} --with-slang" + ewarn "If you want a transparent background, merge ${PN} with USE=-slang." + else + # --without-slang doesn't work; + # specify --with-curses if you don't want slang + # (26 Sep 2001 agriffis) + myconf="${myconf} --with-curses" + fi + + if use mbox; then + myconf="${myconf} --with-mailpath=/var/spool/mail" + else + myconf="${myconf} --with-homespool=Maildir" + fi + + econf ${myconf} + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "install failed" + find "${D}"/usr/share/doc -type f | grep -v "html\|manual" | xargs gzip + + dodoc COPYRIGHT ChangeLog NEWS OPS* PATCHES README* TODO +} + +pkg_postinst() { + echo + einfo "NOTE: muttng is still under heavy development" + einfo "If you find a bug please report at http://bugs.gentoo.org" + echo +} |