[arch-commits] Commit in mutt/repos (6 files)

Gaetan Bisson bisson at archlinux.org
Sat Jun 6 18:07:49 UTC 2015


    Date: Saturday, June 6, 2015 @ 20:07:49
  Author: bisson
Revision: 240378

archrelease: copy trunk to testing-i686, testing-x86_64

Added:
  mutt/repos/testing-i686/
  mutt/repos/testing-i686/PKGBUILD
    (from rev 240377, mutt/trunk/PKGBUILD)
  mutt/repos/testing-i686/cve-2014-9116.patch
    (from rev 240377, mutt/trunk/cve-2014-9116.patch)
  mutt/repos/testing-x86_64/
  mutt/repos/testing-x86_64/PKGBUILD
    (from rev 240377, mutt/trunk/PKGBUILD)
  mutt/repos/testing-x86_64/cve-2014-9116.patch
    (from rev 240377, mutt/trunk/cve-2014-9116.patch)

------------------------------------+
 testing-i686/PKGBUILD              |   61 +++++++++++++++++++++++++++++++++++
 testing-i686/cve-2014-9116.patch   |   35 ++++++++++++++++++++
 testing-x86_64/PKGBUILD            |   61 +++++++++++++++++++++++++++++++++++
 testing-x86_64/cve-2014-9116.patch |   35 ++++++++++++++++++++
 4 files changed, 192 insertions(+)

Copied: mutt/repos/testing-i686/PKGBUILD (from rev 240377, mutt/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD	                        (rev 0)
+++ testing-i686/PKGBUILD	2015-06-06 18:07:49 UTC (rev 240378)
@@ -0,0 +1,61 @@
+# $Id$
+# Contributor: tobias [tobias [at] archlinux.org]
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+
+pkgname=mutt
+pkgver=1.5.23
+pkgrel=2
+pkgdesc='Small but very powerful text-based mail client'
+url='http://www.mutt.org/'
+license=('GPL')
+backup=('etc/Muttrc')
+arch=('i686' 'x86_64')
+optdepends=('smtp-forwarder: to send mail')
+depends=('gpgme' 'ncurses' 'openssl' 'libsasl' 'gdbm' 'libidn' 'mime-types' 'krb5')
+source=("ftp://ftp.mutt.org/mutt/${pkgname}-${pkgver}.tar.gz"
+        'cve-2014-9116.patch')
+sha1sums=('8ac821d8b1e25504a31bf5fda9c08d93a4acc862'
+          '776e3e00fcf8a325e7b9c2bb456d3e9ba2c82307')
+
+makedepends=('mercurial')
+source=('hg+http://dev.mutt.org/hg/mutt#revision=0255b37be491bf11347c91d2197a4d9031423010')
+sha1sums=('SKIP')
+pkgver=1.5.23.hg.20150606
+
+#prepare() {
+#	cd "${srcdir}/${pkgname}-${pkgver}"
+#	patch -p1 -i ../cve-2014-9116.patch
+#}
+
+build() {
+#	cd "${srcdir}/${pkgname}-${pkgver}"
+	cd "${srcdir}/${pkgname}"
+#	./configure \
+	./prepare \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--enable-gpgme \
+		--enable-pop \
+		--enable-imap \
+		--enable-smtp \
+		--enable-hcache \
+		--with-curses=/usr \
+		--with-regex \
+		--with-gss=/usr \
+		--with-ssl=/usr \
+		--with-sasl \
+		--with-idn \
+
+	make
+}
+
+package() {
+#	cd "${srcdir}/${pkgname}-${pkgver}"
+	cd "${srcdir}/${pkgname}"
+	make DESTDIR="${pkgdir}" install
+
+	rm "${pkgdir}"/etc/mime.types{,.dist}
+	rm "${pkgdir}"/usr/bin/{flea,muttbug}
+	rm "${pkgdir}"/usr/share/man/man1/{flea,muttbug}.1
+	install -Dm644 contrib/gpg.rc "${pkgdir}"/etc/Muttrc.gpg.dist
+}

Copied: mutt/repos/testing-i686/cve-2014-9116.patch (from rev 240377, mutt/trunk/cve-2014-9116.patch)
===================================================================
--- testing-i686/cve-2014-9116.patch	                        (rev 0)
+++ testing-i686/cve-2014-9116.patch	2015-06-06 18:07:49 UTC (rev 240378)
@@ -0,0 +1,35 @@
+
+# HG changeset patch
+# User Kevin McCarthy <kevin at 8t8.us>
+# Date 1417472364 28800
+# Node ID 0aebf1df43598b442ac75ae4fe17875351854db0
+# Parent  5a86319adad0d17e4acaf8a580bfc9eb247547d0
+Revert write_one_header() to skip space and tab.  (closes #3716)
+
+This patch fixes CVE-2014-9116 in the stable branch.  It reverts
+write_one_header() to the pre [f251d523ca5a] code for skipping
+whitespace.
+
+Thanks to Antonio Radici and Tomas Hoger for their analysis and patches
+to mutt, which this patch is based off of.
+
+diff -r 5a86319adad0 -r 0aebf1df4359 sendlib.c
+--- a/sendlib.c	Mon Jan 05 18:28:59 2015 -0800
++++ b/sendlib.c	Mon Dec 01 14:19:24 2014 -0800
+@@ -1814,7 +1814,14 @@
+     {
+       tagbuf = mutt_substrdup (start, t);
+       /* skip over the colon separating the header field name and value */
+-      t = skip_email_wsp(t + 1);
++      ++t;
++
++      /* skip over any leading whitespace (WSP, as defined in RFC5322)
++       * NOTE: skip_email_wsp() does the wrong thing here.
++       *       See tickets 3609 and 3716. */
++      while (*t == ' ' || *t == '\t')
++        t++;
++
+       valbuf = mutt_substrdup (t, end);
+     }
+     dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "
+

Copied: mutt/repos/testing-x86_64/PKGBUILD (from rev 240377, mutt/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2015-06-06 18:07:49 UTC (rev 240378)
@@ -0,0 +1,61 @@
+# $Id$
+# Contributor: tobias [tobias [at] archlinux.org]
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+
+pkgname=mutt
+pkgver=1.5.23
+pkgrel=2
+pkgdesc='Small but very powerful text-based mail client'
+url='http://www.mutt.org/'
+license=('GPL')
+backup=('etc/Muttrc')
+arch=('i686' 'x86_64')
+optdepends=('smtp-forwarder: to send mail')
+depends=('gpgme' 'ncurses' 'openssl' 'libsasl' 'gdbm' 'libidn' 'mime-types' 'krb5')
+source=("ftp://ftp.mutt.org/mutt/${pkgname}-${pkgver}.tar.gz"
+        'cve-2014-9116.patch')
+sha1sums=('8ac821d8b1e25504a31bf5fda9c08d93a4acc862'
+          '776e3e00fcf8a325e7b9c2bb456d3e9ba2c82307')
+
+makedepends=('mercurial')
+source=('hg+http://dev.mutt.org/hg/mutt#revision=0255b37be491bf11347c91d2197a4d9031423010')
+sha1sums=('SKIP')
+pkgver=1.5.23.hg.20150606
+
+#prepare() {
+#	cd "${srcdir}/${pkgname}-${pkgver}"
+#	patch -p1 -i ../cve-2014-9116.patch
+#}
+
+build() {
+#	cd "${srcdir}/${pkgname}-${pkgver}"
+	cd "${srcdir}/${pkgname}"
+#	./configure \
+	./prepare \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--enable-gpgme \
+		--enable-pop \
+		--enable-imap \
+		--enable-smtp \
+		--enable-hcache \
+		--with-curses=/usr \
+		--with-regex \
+		--with-gss=/usr \
+		--with-ssl=/usr \
+		--with-sasl \
+		--with-idn \
+
+	make
+}
+
+package() {
+#	cd "${srcdir}/${pkgname}-${pkgver}"
+	cd "${srcdir}/${pkgname}"
+	make DESTDIR="${pkgdir}" install
+
+	rm "${pkgdir}"/etc/mime.types{,.dist}
+	rm "${pkgdir}"/usr/bin/{flea,muttbug}
+	rm "${pkgdir}"/usr/share/man/man1/{flea,muttbug}.1
+	install -Dm644 contrib/gpg.rc "${pkgdir}"/etc/Muttrc.gpg.dist
+}

Copied: mutt/repos/testing-x86_64/cve-2014-9116.patch (from rev 240377, mutt/trunk/cve-2014-9116.patch)
===================================================================
--- testing-x86_64/cve-2014-9116.patch	                        (rev 0)
+++ testing-x86_64/cve-2014-9116.patch	2015-06-06 18:07:49 UTC (rev 240378)
@@ -0,0 +1,35 @@
+
+# HG changeset patch
+# User Kevin McCarthy <kevin at 8t8.us>
+# Date 1417472364 28800
+# Node ID 0aebf1df43598b442ac75ae4fe17875351854db0
+# Parent  5a86319adad0d17e4acaf8a580bfc9eb247547d0
+Revert write_one_header() to skip space and tab.  (closes #3716)
+
+This patch fixes CVE-2014-9116 in the stable branch.  It reverts
+write_one_header() to the pre [f251d523ca5a] code for skipping
+whitespace.
+
+Thanks to Antonio Radici and Tomas Hoger for their analysis and patches
+to mutt, which this patch is based off of.
+
+diff -r 5a86319adad0 -r 0aebf1df4359 sendlib.c
+--- a/sendlib.c	Mon Jan 05 18:28:59 2015 -0800
++++ b/sendlib.c	Mon Dec 01 14:19:24 2014 -0800
+@@ -1814,7 +1814,14 @@
+     {
+       tagbuf = mutt_substrdup (start, t);
+       /* skip over the colon separating the header field name and value */
+-      t = skip_email_wsp(t + 1);
++      ++t;
++
++      /* skip over any leading whitespace (WSP, as defined in RFC5322)
++       * NOTE: skip_email_wsp() does the wrong thing here.
++       *       See tickets 3609 and 3716. */
++      while (*t == ' ' || *t == '\t')
++        t++;
++
+       valbuf = mutt_substrdup (t, end);
+     }
+     dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "
+



More information about the arch-commits mailing list