[arch-commits] Commit in mutt/repos/extra-x86_64 (5 files)

Gaëtan Bisson bisson at archlinux.org
Sun Jul 15 19:57:13 UTC 2018


    Date: Sunday, July 15, 2018 @ 19:57:13
  Author: bisson
Revision: 328696

archrelease: copy trunk to extra-x86_64

Added:
  mutt/repos/extra-x86_64/0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch
    (from rev 328695, mutt/trunk/0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch)
  mutt/repos/extra-x86_64/0002-Sanitize-POP-bcache-paths.patch
    (from rev 328695, mutt/trunk/0002-Sanitize-POP-bcache-paths.patch)
  mutt/repos/extra-x86_64/0003-Selectively-cache-headers.patch
    (from rev 328695, mutt/trunk/0003-Selectively-cache-headers.patch)
  mutt/repos/extra-x86_64/PKGBUILD
    (from rev 328695, mutt/trunk/PKGBUILD)
Deleted:
  mutt/repos/extra-x86_64/PKGBUILD

-----------------------------------------------------------------+
 0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch |  127 ++++++++++
 0002-Sanitize-POP-bcache-paths.patch                            |  100 +++++++
 0003-Selectively-cache-headers.patch                            |   39 +++
 PKGBUILD                                                        |  107 ++++----
 4 files changed, 326 insertions(+), 47 deletions(-)

Copied: mutt/repos/extra-x86_64/0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch (from rev 328695, mutt/trunk/0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch)
===================================================================
--- 0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch	                        (rev 0)
+++ 0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch	2018-07-15 19:57:13 UTC (rev 328696)
@@ -0,0 +1,127 @@
+From 185152818541f5cdc059cbff3f3e8b654fc27c1d Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin at 8t8.us>
+Date: Sat, 7 Jul 2018 19:03:44 -0700
+Subject: [PATCH] Properly quote IMAP mailbox names when (un)subscribing.
+
+When handling automatic subscription (via $imap_check_subscribed), or
+manual subscribe/unsubscribe commands, mutt generating a "mailboxes"
+command but failed to properly escape backquotes.
+
+Thanks to Jeriko One for the detailed bug report and patch, which this
+commit is based upon.
+---
+ imap/command.c      |  5 +++--
+ imap/imap.c         |  7 +++++--
+ imap/imap_private.h |  3 ++-
+ imap/util.c         | 25 ++++++++++++++++++++-----
+ 4 files changed, 30 insertions(+), 10 deletions(-)
+
+diff --git a/imap/command.c b/imap/command.c
+index c8825981..c79d4f28 100644
+--- a/imap/command.c
++++ b/imap/command.c
+@@ -842,8 +842,9 @@ static void cmd_parse_lsub (IMAP_DATA* idata, char* s)
+ 
+   strfcpy (buf, "mailboxes \"", sizeof (buf));
+   mutt_account_tourl (&idata->conn->account, &url);
+-  /* escape \ and " */
+-  imap_quote_string(errstr, sizeof (errstr), list.name);
++  /* escape \ and ". Also escape ` because the resulting
++   * string will be passed to mutt_parse_rc_line. */
++  imap_quote_string_and_backquotes (errstr, sizeof (errstr), list.name);
+   url.path = errstr + 1;
+   url.path[strlen(url.path) - 1] = '\0';
+   if (!mutt_strcmp (url.user, ImapUser))
+diff --git a/imap/imap.c b/imap/imap.c
+index 668203b8..c3a8ffd0 100644
+--- a/imap/imap.c
++++ b/imap/imap.c
+@@ -1930,6 +1930,7 @@ int imap_subscribe (char *path, int subscribe)
+   char buf[LONG_STRING];
+   char mbox[LONG_STRING];
+   char errstr[STRING];
++  int mblen;
+   BUFFER err, token;
+   IMAP_MBOX mx;
+ 
+@@ -1951,8 +1952,10 @@ int imap_subscribe (char *path, int subscribe)
+     mutt_buffer_init (&err);
+     err.data = errstr;
+     err.dsize = sizeof (errstr);
+-    snprintf (mbox, sizeof (mbox), "%smailboxes \"%s\"",
+-              subscribe ? "" : "un", path);
++    mblen = snprintf (mbox, sizeof (mbox), "%smailboxes ",
++                      subscribe ? "" : "un");
++    imap_quote_string_and_backquotes (mbox + mblen, sizeof(mbox) - mblen,
++                                      path);
+     if (mutt_parse_rc_line (mbox, &token, &err))
+       dprint (1, (debugfile, "Error adding subscribed mailbox: %s\n", errstr));
+     FREE (&token.data);
+diff --git a/imap/imap_private.h b/imap/imap_private.h
+index 312fbfe4..349c5a49 100644
+--- a/imap/imap_private.h
++++ b/imap/imap_private.h
+@@ -301,7 +301,8 @@ char* imap_next_word (char* s);
+ time_t imap_parse_date (char* s);
+ void imap_make_date (char* buf, time_t timestamp);
+ void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path);
+-void imap_quote_string (char* dest, size_t slen, const char* src);
++void imap_quote_string (char* dest, size_t dlen, const char* src);
++void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src);
+ void imap_unquote_string (char* s);
+ void imap_munge_mbox_name (IMAP_DATA *idata, char *dest, size_t dlen, const char *src);
+ void imap_unmunge_mbox_name (IMAP_DATA *idata, char *s);
+diff --git a/imap/util.c b/imap/util.c
+index 914c93c3..3274a70c 100644
+--- a/imap/util.c
++++ b/imap/util.c
+@@ -608,11 +608,9 @@ void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path)
+ }
+ 
+ 
+-/* imap_quote_string: quote string according to IMAP rules:
+- *   surround string with quotes, escape " and \ with \ */
+-void imap_quote_string (char *dest, size_t dlen, const char *src)
++static void _imap_quote_string (char *dest, size_t dlen, const char *src,
++                                const char *to_quote)
+ {
+-  static const char quote[] = "\"\\";
+   char *pt;
+   const char *s;
+ 
+@@ -625,7 +623,7 @@ void imap_quote_string (char *dest, size_t dlen, const char *src)
+ 
+   for (; *s && dlen; s++)
+   {
+-    if (strchr (quote, *s))
++    if (strchr (to_quote, *s))
+     {
+       dlen -= 2;
+       if (!dlen)
+@@ -643,6 +641,23 @@ void imap_quote_string (char *dest, size_t dlen, const char *src)
+   *pt = 0;
+ }
+ 
++/* imap_quote_string: quote string according to IMAP rules:
++ *   surround string with quotes, escape " and \ with \ */
++void imap_quote_string (char *dest, size_t dlen, const char *src)
++{
++  _imap_quote_string (dest, dlen, src, "\"\\");
++}
++
++/* imap_quote_string_and_backquotes: quote string according to IMAP rules:
++ *   surround string with quotes, escape " and \ with \.
++ * Additionally, escape backquotes with \ to protect against code injection
++ * when using the resulting string in mutt_parse_rc_line().
++ */
++void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src)
++{
++  _imap_quote_string (dest, dlen, src, "\"\\`");
++}
++
+ /* imap_unquote_string: equally stupid unquoting routine */
+ void imap_unquote_string (char *s)
+ {
+-- 
+2.18.0
+

Copied: mutt/repos/extra-x86_64/0002-Sanitize-POP-bcache-paths.patch (from rev 328695, mutt/trunk/0002-Sanitize-POP-bcache-paths.patch)
===================================================================
--- 0002-Sanitize-POP-bcache-paths.patch	                        (rev 0)
+++ 0002-Sanitize-POP-bcache-paths.patch	2018-07-15 19:57:13 UTC (rev 328696)
@@ -0,0 +1,100 @@
+From 6aed28b40a0410ec47d40c8c7296d8d10bae7576 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin at 8t8.us>
+Date: Fri, 13 Jul 2018 11:16:33 -0700
+Subject: [PATCH] Sanitize POP bcache paths.
+
+Protect against bcache directory path traversal for UID values.
+
+Thanks for Jeriko One for the bug report and patch, which this commit
+is based upon.
+---
+ pop.c | 31 +++++++++++++++++++++++++------
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+diff --git a/pop.c b/pop.c
+index d9d95fbe..288166de 100644
+--- a/pop.c
++++ b/pop.c
+@@ -40,6 +40,25 @@
+ #define HC_FEXT		"hcache"	/* extension for hcache as POP lacks paths */
+ #endif
+ 
++/**
++ * cache_id - Make a message-cache-compatible id
++ * @param id POP message id
++ * @retval ptr Sanitised string
++ *
++ * The POP message id may contain '/' and other awkward characters.
++ *
++ * @note This function returns a pointer to a static buffer.
++ */
++static const char *cache_id(const char *id)
++{
++  static char clean[SHORT_STRING];
++
++  strfcpy (clean, id, sizeof(clean));
++  mutt_sanitize_filename (clean, 1);
++
++  return clean;
++}
++
+ /* write line to file */
+ static int fetch_message (char *line, void *file)
+ {
+@@ -205,7 +224,7 @@ static int msg_cache_check (const char *id, body_cache_t *bcache, void *data)
+   /* message not found in context -> remove it from cache
+    * return the result of bcache, so we stop upon its first error
+    */
+-  return mutt_bcache_del (bcache, id);
++  return mutt_bcache_del (bcache, cache_id (id));
+ }
+ 
+ #ifdef USE_HCACHE
+@@ -355,7 +374,7 @@ static int pop_fetch_headers (CONTEXT *ctx)
+        *        - if we also have a body: read
+        *        - if we don't have a body: new
+        */
+-      bcached = mutt_bcache_exists (pop_data->bcache, ctx->hdrs[i]->data) == 0;
++      bcached = mutt_bcache_exists (pop_data->bcache, cache_id (ctx->hdrs[i]->data)) == 0;
+       ctx->hdrs[i]->old = 0;
+       ctx->hdrs[i]->read = 0;
+       if (hcached)
+@@ -531,7 +550,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno)
+   unsigned short bcache = 1;
+ 
+   /* see if we already have the message in body cache */
+-  if ((msg->fp = mutt_bcache_get (pop_data->bcache, h->data)))
++  if ((msg->fp = mutt_bcache_get (pop_data->bcache, cache_id (h->data))))
+     return 0;
+ 
+   /*
+@@ -578,7 +597,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno)
+ 			MUTT_PROGRESS_SIZE, NetInc, h->content->length + h->content->offset - 1);
+ 
+     /* see if we can put in body cache; use our cache as fallback */
+-    if (!(msg->fp = mutt_bcache_put (pop_data->bcache, h->data, 1)))
++    if (!(msg->fp = mutt_bcache_put (pop_data->bcache, cache_id (h->data), 1)))
+     {
+       /* no */
+       bcache = 0;
+@@ -624,7 +643,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno)
+    * portion of the headers, those required for the main display.
+    */
+   if (bcache)
+-    mutt_bcache_commit (pop_data->bcache, h->data);
++    mutt_bcache_commit (pop_data->bcache, cache_id (h->data));
+   else
+   {
+     cache->index = h->index;
+@@ -704,7 +723,7 @@ static int pop_sync_mailbox (CONTEXT *ctx, int *index_hint)
+ 	snprintf (buf, sizeof (buf), "DELE %d\r\n", ctx->hdrs[i]->refno);
+ 	if ((ret = pop_query (pop_data, buf, sizeof (buf))) == 0)
+ 	{
+-	  mutt_bcache_del (pop_data->bcache, ctx->hdrs[i]->data);
++	  mutt_bcache_del (pop_data->bcache, cache_id (ctx->hdrs[i]->data));
+ #if USE_HCACHE
+ 	  mutt_hcache_delete (hc, ctx->hdrs[i]->data, strlen);
+ #endif
+-- 
+2.18.0
+

Copied: mutt/repos/extra-x86_64/0003-Selectively-cache-headers.patch (from rev 328695, mutt/trunk/0003-Selectively-cache-headers.patch)
===================================================================
--- 0003-Selectively-cache-headers.patch	                        (rev 0)
+++ 0003-Selectively-cache-headers.patch	2018-07-15 19:57:13 UTC (rev 328696)
@@ -0,0 +1,39 @@
+From 31eef6c766f47df8281942d19f76e35f475c781d Mon Sep 17 00:00:00 2001
+From: Richard Russon <rich at flatcap.org>
+Date: Fri, 13 Jul 2018 11:33:16 -0700
+Subject: [PATCH] Selectively cache headers.
+
+Thanks to NeoMutt and Jeriko One for the patch, which was slightly
+modified to apply to the Mutt code.
+---
+ imap/util.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/imap/util.c b/imap/util.c
+index 27792944..d4cc2742 100644
+--- a/imap/util.c
++++ b/imap/util.c
+@@ -84,6 +84,7 @@ header_cache_t* imap_hcache_open (IMAP_DATA* idata, const char* path)
+   ciss_url_t url;
+   char cachepath[LONG_STRING];
+   char mbox[LONG_STRING];
++  size_t len;
+ 
+   if (path)
+     imap_cachepath (idata, path, mbox, sizeof (mbox));
+@@ -96,6 +97,12 @@ header_cache_t* imap_hcache_open (IMAP_DATA* idata, const char* path)
+     FREE (&mx.mbox);
+   }
+ 
++  if (strstr(mbox, "/../") || (strcmp(mbox, "..") == 0) || (strncmp(mbox, "../", 3) == 0))
++    return NULL;
++  len = strlen(mbox);
++  if ((len > 3) && (strcmp(mbox + len - 3, "/..") == 0))
++    return NULL;
++
+   mutt_account_tourl (&idata->conn->account, &url);
+   url.path = mbox;
+   url_ciss_tostring (&url, cachepath, sizeof (cachepath), U_PATH);
+-- 
+2.18.0
+

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2018-07-15 19:56:48 UTC (rev 328695)
+++ PKGBUILD	2018-07-15 19:57:13 UTC (rev 328696)
@@ -1,47 +0,0 @@
-# $Id$
-# Contributor: tobias [tobias [at] archlinux.org]
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-
-pkgname=mutt
-pkgver=1.10.0
-pkgrel=2
-pkgdesc='Small but very powerful text-based mail client'
-url='http://www.mutt.org/'
-license=('GPL')
-backup=('etc/Muttrc')
-arch=('x86_64')
-optdepends=('smtp-forwarder: to send mail')
-depends=('gpgme' 'ncurses' 'openssl' 'libsasl' 'gdbm' 'libidn' 'mime-types' 'krb5')
-source=("http://ftp.mutt.org/pub/mutt/${pkgname}-${pkgver}.tar.gz"{,.asc})
-sha256sums=('0215b5f90ef9cc33441a6ca842379b64412ed7f8da83ed68bfaa319179f5535b'
-            'SKIP')
-validpgpkeys=('8975A9B33AA37910385C5308ADEF768480316BDA')
-
-build() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-	./configure \
-		--prefix=/usr \
-		--sysconfdir=/etc \
-		--enable-gpgme \
-		--enable-pop \
-		--enable-imap \
-		--enable-smtp \
-		--enable-hcache \
-		--enable-sidebar \
-		--with-curses=/usr \
-		--with-regex \
-		--with-gss=/usr \
-		--with-ssl=/usr \
-		--with-sasl \
-		--with-idn \
-
-	make
-}
-
-package() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-	make DESTDIR="${pkgdir}" install
-
-	rm "${pkgdir}"/etc/mime.types{,.dist}
-	install -Dm644 contrib/gpg.rc "${pkgdir}"/etc/Muttrc.gpg.dist
-}

Copied: mutt/repos/extra-x86_64/PKGBUILD (from rev 328695, mutt/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2018-07-15 19:57:13 UTC (rev 328696)
@@ -0,0 +1,60 @@
+# $Id$
+# Contributor: tobias [tobias [at] archlinux.org]
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+
+pkgname=mutt
+pkgver=1.10.0
+pkgrel=3
+pkgdesc='Small but very powerful text-based mail client'
+url='http://www.mutt.org/'
+license=('GPL')
+backup=('etc/Muttrc')
+arch=('x86_64')
+optdepends=('smtp-forwarder: to send mail')
+depends=('gpgme' 'ncurses' 'openssl' 'libsasl' 'gdbm' 'libidn' 'mime-types' 'krb5')
+source=("http://ftp.mutt.org/pub/mutt/${pkgname}-${pkgver}.tar.gz"{,.asc}
+        '0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch'
+        '0002-Sanitize-POP-bcache-paths.patch'
+        '0003-Selectively-cache-headers.patch')
+sha256sums=('0215b5f90ef9cc33441a6ca842379b64412ed7f8da83ed68bfaa319179f5535b'
+            'SKIP'
+            '2baf7f86317d2d395a73010e62bf68c9f4bfcb2c60f7ca89a77fd0518ee9c521'
+            '108b43a4f1c9ff4011a37653a48bb1ce4b6863ba7c10d550249a231a22b07472'
+            'e9be583baaf2e23363c180dbea85a64b0b4c9c578953f328bb96a93ad9b4b7a5')
+validpgpkeys=('8975A9B33AA37910385C5308ADEF768480316BDA')
+
+prepare() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	patch -p1 -i ../0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch
+	patch -p1 -i ../0002-Sanitize-POP-bcache-paths.patch
+	patch -p1 -i ../0003-Selectively-cache-headers.patch
+}
+
+build() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--enable-gpgme \
+		--enable-pop \
+		--enable-imap \
+		--enable-smtp \
+		--enable-hcache \
+		--enable-sidebar \
+		--with-curses=/usr \
+		--with-regex \
+		--with-gss=/usr \
+		--with-ssl=/usr \
+		--with-sasl \
+		--with-idn \
+
+	make
+}
+
+package() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make DESTDIR="${pkgdir}" install
+
+	rm "${pkgdir}"/etc/mime.types{,.dist}
+	install -Dm644 contrib/gpg.rc "${pkgdir}"/etc/Muttrc.gpg.dist
+}



More information about the arch-commits mailing list