~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[alpine-aports] [PATCH 1/2] main/gpgme: upgrade to 1.6.0

Details
Message ID
<1441454313-20572-1-git-send-email-soeren+git@soeren-tempel.net>
Sender timestamp
1441454312
DKIM signature
missing
Download raw message
Patch: +6 -6
---
 main/gpgme/APKBUILD | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/main/gpgme/APKBUILD b/main/gpgme/APKBUILD
index 623f312..797702d 100644
--- a/main/gpgme/APKBUILD
+++ b/main/gpgme/APKBUILD
@@ -1,18 +1,18 @@
# Contributor: William Pitcock <nenolod@dereferenced.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gpgme
pkgver=1.5.4
pkgver=1.6.0
pkgrel=0
pkgdesc="gnupg made easy"
url="http://www.gnupg.org/related_software/gpgme/"
arch="all"
license="GPL"
depends=gnupg
depends="gnupg"
depends_dev="libgpg-error-dev libassuan-dev"
makedepends="$depends_dev"
install=""
subpackages="$pkgname-dev $pkgname-doc"
source="ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-$pkgver.tar.bz2"
source="ftp://ftp.gnupg.org/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2"

_builddir="$srcdir"/gpgme-$pkgver
prepare() {
@@ -45,6 +45,6 @@ package() {
	rm "$pkgdir"/usr/lib/*.la || return 1
}

md5sums="feafa03ea064e1d1dc11bc2b88404623  gpgme-1.5.4.tar.bz2"
sha256sums="bb38c0ec8815c9e94e6047b484984808a8dad9d6bec8df33dc5339fd55ffea6c  gpgme-1.5.4.tar.bz2"
sha512sums="192c2aceb979915606cbc32164eafcfb907f1d6cc5058f71999f7a4b50bbc01063048fd5d907c149414f84a7dad909771f21c2e042850e0b21253c88942cf1f5  gpgme-1.5.4.tar.bz2"
md5sums="60d730d22e8065fd5de309e8b98e304b  gpgme-1.6.0.tar.bz2"
sha256sums="b09de4197ac280b102080e09eaec6211d081efff1963bf7821cf8f4f9916099d  gpgme-1.6.0.tar.bz2"
sha512sums="b7ccccc2bac246b0759c8752cadd3e77f03da39711badfc66d0f21cefab3f3b07fe1038611ad9ca1c16a8a48d7e831dcca68d83d052456a4cf794a73e287d41b  gpgme-1.6.0.tar.bz2"
-- 
2.5.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH 2/2] main/mutt: upgrade to 1.5.24

Details
Message ID
<1441454313-20572-2-git-send-email-soeren+git@soeren-tempel.net>
In-Reply-To
<1441454313-20572-1-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1441454313
DKIM signature
missing
Download raw message
Patch: +6 -58
---
 main/mutt/APKBUILD            | 19 ++++++------------
 main/mutt/CVE-2014-9116.patch | 45 -------------------------------------------
 2 files changed, 6 insertions(+), 58 deletions(-)
 delete mode 100644 main/mutt/CVE-2014-9116.patch

diff --git a/main/mutt/APKBUILD b/main/mutt/APKBUILD
index 8d9df5b..0cb9f13 100644
--- a/main/mutt/APKBUILD
+++ b/main/mutt/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Andrew Manison<amanison@anselsystems.com>
# Maintainer:  Andrew Manison<amanison@anselsystems.com>
pkgname=mutt
pkgver=1.5.23
pkgver=1.5.24
pkgrel=1
pkgdesc="a small but very powerful text-mode email client"
url="http://www.mutt.org"
@@ -12,15 +12,12 @@ makedepends="cyrus-sasl-dev gdbm-dev gettext-dev gpgme-dev
	libidn-dev ncurses-dev openssl-dev perl"
install=
subpackages="$pkgname-doc $pkgname-lang"
source="https://bitbucket.org/$pkgname/$pkgname/downloads/$pkgname-$pkgver.tar.gz
	CVE-2014-9116.patch
	"
source="https://bitbucket.org/$pkgname/$pkgname/downloads/$pkgname-$pkgver.tar.gz"

_builddir="$srcdir"/$pkgname-$pkgver

prepare() {
	cd "$_builddir"
	update_config_sub || return 1
	for i in $source; do
		case $i in
		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
@@ -56,7 +53,7 @@ build() {
package() {
	cd "$_builddir"
	make DESTDIR="$pkgdir" install
	

	rm "$pkgdir"/etc/*.dist \
		"$pkgdir"/etc/mime.types \
		"$pkgdir"/usr/bin/muttbug \
@@ -68,12 +65,8 @@ package() {
	grep -C 5 "^color" contrib/sample.muttrc >> "$pkgdir"/etc/Muttrc
	echo "source /etc/Muttrc.local" >> "$pkgdir"/etc/Muttrc
	echo "# Local configuration for Mutt." > "$pkgdir"/etc/Muttrc.local

}

md5sums="11f5b6a3eeba1afa1257fe93c9f26bff  mutt-1.5.23.tar.gz
6df95ec10fa73e3675dcc3b0a6372f50  CVE-2014-9116.patch"
sha256sums="3af0701e57b9e1880ed3a0dee34498a228939e854a16cdccd24e5e502626fd37  mutt-1.5.23.tar.gz
97fd773b5c58c7803c57fcd126c1c81c2c7cbb7b860f217571c6a2a47a5b01c5  CVE-2014-9116.patch"
sha512sums="f1b4a7230253651857f61bd7215cce870a613012f613d4c907d401556083726c8ed7d429d57a8bf858c3b5b23683380d4c1494540d86ca80813e22cb6b95bc1e  mutt-1.5.23.tar.gz
14aba18442da7783ec76c17699c0e3e88c4f25a21418d37b48e456f572b0b56f9197aa8d694a8bf23be313252cf76e818bc5e9d3e30f2dfe8bff14eb8f6b01e8  CVE-2014-9116.patch"
md5sums="7f25d27f3c7c82285ac07aac35f5f0f2  mutt-1.5.24.tar.gz"
sha256sums="a292ca765ed7b19db4ac495938a3ef808a16193b7d623d65562bb8feb2b42200  mutt-1.5.24.tar.gz"
sha512sums="f7fe7edf9d1701a8e92761b1f5e6ef2e3a3b513af7898872cbe36a8800714cb76945788a60d2008820c57bc5344a4147e2686f690da42cfc8a912e3a432452b1  mutt-1.5.24.tar.gz"
diff --git a/main/mutt/CVE-2014-9116.patch b/main/mutt/CVE-2014-9116.patch
deleted file mode 100644
index 86b1b5f..0000000
--- a/main/mutt/CVE-2014-9116.patch
@@ -1,45 +0,0 @@
# HG changeset patch
# User Kevin McCarthy <kevin@8t8.us>
# Date 1417472364 28800
#      Mon Dec 01 14:19:24 2014 -0800
# Branch stable
# Node ID 0aebf1df43598b442ac75ae4fe17875351854db0
# Parent  5a86319adad0d17e4acaf8a580bfc9eb247547d0
Revert write_one_header() to skip space and tab.  (closes #3716)

This patch fixes CVE-2014-9116 in the stable branch.  It reverts
write_one_header() to the pre [f251d523ca5a] code for skipping
whitespace.

Thanks to Antonio Radici and Tomas Hoger for their analysis and patches
to mutt, which this patch is based off of.

diff --git a/sendlib.c b/sendlib.c
--- a/sendlib.c
+++ b/sendlib.c
@@ -1809,17 +1809,24 @@
     {
       tagbuf = NULL;
       valbuf = mutt_substrdup (start, end);
     }
     else
     {
       tagbuf = mutt_substrdup (start, t);
       /* skip over the colon separating the header field name and value */
-      t = skip_email_wsp(t + 1);
+      ++t;
+
+      /* skip over any leading whitespace (WSP, as defined in RFC5322)
+       * NOTE: skip_email_wsp() does the wrong thing here.
+       *       See tickets 3609 and 3716. */
+      while (*t == ' ' || *t == '\t')
+        t++;
+
       valbuf = mutt_substrdup (t, end);
     }
     dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "
 	      "max width = %d > %d\n",
 	      NONULL(pfx), valbuf, max, wraplen));
     if (fold_one_header (fp, tagbuf, valbuf, pfx, wraplen, flags) < 0)
       return -1;
     FREE (&tagbuf);
-- 
2.5.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)