X-Original-To: alpine-aports@mail.alpinelinux.org Delivered-To: alpine-aports@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id 76E77DC196E for ; Sat, 5 Sep 2015 11:58:48 +0000 (UTC) Received: from lithium.8pit.net (lithium.8pit.net [141.101.32.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 294F0DC1462; Sat, 5 Sep 2015 11:58:46 +0000 (UTC) Received: from localhost (ip5f5ac8f2.dynamic.kabel-deutschland.de [95.90.200.242]); by lithium.8pit.net (OpenSMTPD) with ESMTPSA id 9d75331d; TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; Sat, 5 Sep 2015 13:58:42 +0200 (CEST) From: =?UTF-8?q?S=C3=B6ren=20Tempel?= To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] [PATCH 2/2] main/mutt: upgrade to 1.5.24 Date: Sat, 5 Sep 2015 13:58:33 +0200 Message-Id: <1441454313-20572-2-git-send-email-soeren+git@soeren-tempel.net> X-Mailer: git-send-email 2.5.1 In-Reply-To: <1441454313-20572-1-git-send-email-soeren+git@soeren-tempel.net> References: <1441454313-20572-1-git-send-email-soeren+git@soeren-tempel.net> X-Virus-Scanned: ClamAV using ClamSMTP X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: --- main/mutt/APKBUILD | 19 ++++++------------ main/mutt/CVE-2014-9116.patch | 45 ------------------------------------------- 2 files changed, 6 insertions(+), 58 deletions(-) delete mode 100644 main/mutt/CVE-2014-9116.patch diff --git a/main/mutt/APKBUILD b/main/mutt/APKBUILD index 8d9df5b..0cb9f13 100644 --- a/main/mutt/APKBUILD +++ b/main/mutt/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Andrew Manison # Maintainer: Andrew Manison pkgname=mutt -pkgver=1.5.23 +pkgver=1.5.24 pkgrel=1 pkgdesc="a small but very powerful text-mode email client" url="http://www.mutt.org" @@ -12,15 +12,12 @@ makedepends="cyrus-sasl-dev gdbm-dev gettext-dev gpgme-dev libidn-dev ncurses-dev openssl-dev perl" install= subpackages="$pkgname-doc $pkgname-lang" -source="https://bitbucket.org/$pkgname/$pkgname/downloads/$pkgname-$pkgver.tar.gz - CVE-2014-9116.patch - " +source="https://bitbucket.org/$pkgname/$pkgname/downloads/$pkgname-$pkgver.tar.gz" _builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" - update_config_sub || return 1 for i in $source; do case $i in *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; @@ -56,7 +53,7 @@ build() { package() { cd "$_builddir" make DESTDIR="$pkgdir" install - + rm "$pkgdir"/etc/*.dist \ "$pkgdir"/etc/mime.types \ "$pkgdir"/usr/bin/muttbug \ @@ -68,12 +65,8 @@ package() { grep -C 5 "^color" contrib/sample.muttrc >> "$pkgdir"/etc/Muttrc echo "source /etc/Muttrc.local" >> "$pkgdir"/etc/Muttrc echo "# Local configuration for Mutt." > "$pkgdir"/etc/Muttrc.local - } -md5sums="11f5b6a3eeba1afa1257fe93c9f26bff mutt-1.5.23.tar.gz -6df95ec10fa73e3675dcc3b0a6372f50 CVE-2014-9116.patch" -sha256sums="3af0701e57b9e1880ed3a0dee34498a228939e854a16cdccd24e5e502626fd37 mutt-1.5.23.tar.gz -97fd773b5c58c7803c57fcd126c1c81c2c7cbb7b860f217571c6a2a47a5b01c5 CVE-2014-9116.patch" -sha512sums="f1b4a7230253651857f61bd7215cce870a613012f613d4c907d401556083726c8ed7d429d57a8bf858c3b5b23683380d4c1494540d86ca80813e22cb6b95bc1e mutt-1.5.23.tar.gz -14aba18442da7783ec76c17699c0e3e88c4f25a21418d37b48e456f572b0b56f9197aa8d694a8bf23be313252cf76e818bc5e9d3e30f2dfe8bff14eb8f6b01e8 CVE-2014-9116.patch" +md5sums="7f25d27f3c7c82285ac07aac35f5f0f2 mutt-1.5.24.tar.gz" +sha256sums="a292ca765ed7b19db4ac495938a3ef808a16193b7d623d65562bb8feb2b42200 mutt-1.5.24.tar.gz" +sha512sums="f7fe7edf9d1701a8e92761b1f5e6ef2e3a3b513af7898872cbe36a8800714cb76945788a60d2008820c57bc5344a4147e2686f690da42cfc8a912e3a432452b1 mutt-1.5.24.tar.gz" diff --git a/main/mutt/CVE-2014-9116.patch b/main/mutt/CVE-2014-9116.patch deleted file mode 100644 index 86b1b5f..0000000 --- a/main/mutt/CVE-2014-9116.patch +++ /dev/null @@ -1,45 +0,0 @@ -# HG changeset patch -# User Kevin McCarthy -# Date 1417472364 28800 -# Mon Dec 01 14:19:24 2014 -0800 -# Branch stable -# Node ID 0aebf1df43598b442ac75ae4fe17875351854db0 -# Parent 5a86319adad0d17e4acaf8a580bfc9eb247547d0 -Revert write_one_header() to skip space and tab. (closes #3716) - -This patch fixes CVE-2014-9116 in the stable branch. It reverts -write_one_header() to the pre [f251d523ca5a] code for skipping -whitespace. - -Thanks to Antonio Radici and Tomas Hoger for their analysis and patches -to mutt, which this patch is based off of. - -diff --git a/sendlib.c b/sendlib.c ---- a/sendlib.c -+++ b/sendlib.c -@@ -1809,17 +1809,24 @@ - { - tagbuf = NULL; - valbuf = mutt_substrdup (start, end); - } - else - { - tagbuf = mutt_substrdup (start, t); - /* skip over the colon separating the header field name and value */ -- t = skip_email_wsp(t + 1); -+ ++t; -+ -+ /* skip over any leading whitespace (WSP, as defined in RFC5322) -+ * NOTE: skip_email_wsp() does the wrong thing here. -+ * See tickets 3609 and 3716. */ -+ while (*t == ' ' || *t == '\t') -+ t++; -+ - valbuf = mutt_substrdup (t, end); - } - dprint(4,(debugfile,"mwoh: buf[%s%s] too long, " - "max width = %d > %d\n", - NONULL(pfx), valbuf, max, wraplen)); - if (fold_one_header (fp, tagbuf, valbuf, pfx, wraplen, flags) < 0) - return -1; - FREE (&tagbuf); -- 2.5.1 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---