Date: Sunday, July 15, 2018 @ 19:57:13 Author: bisson Revision: 328696
archrelease: copy trunk to extra-x86_64 Added: mutt/repos/extra-x86_64/0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch (from rev 328695, mutt/trunk/0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch) mutt/repos/extra-x86_64/0002-Sanitize-POP-bcache-paths.patch (from rev 328695, mutt/trunk/0002-Sanitize-POP-bcache-paths.patch) mutt/repos/extra-x86_64/0003-Selectively-cache-headers.patch (from rev 328695, mutt/trunk/0003-Selectively-cache-headers.patch) mutt/repos/extra-x86_64/PKGBUILD (from rev 328695, mutt/trunk/PKGBUILD) Deleted: mutt/repos/extra-x86_64/PKGBUILD -----------------------------------------------------------------+ 0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch | 127 ++++++++++ 0002-Sanitize-POP-bcache-paths.patch | 100 +++++++ 0003-Selectively-cache-headers.patch | 39 +++ PKGBUILD | 107 ++++---- 4 files changed, 326 insertions(+), 47 deletions(-) Copied: mutt/repos/extra-x86_64/0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch (from rev 328695, mutt/trunk/0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch) =================================================================== --- 0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch (rev 0) +++ 0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch 2018-07-15 19:57:13 UTC (rev 328696) @@ -0,0 +1,127 @@ +From 185152818541f5cdc059cbff3f3e8b654fc27c1d Mon Sep 17 00:00:00 2001 +From: Kevin McCarthy <ke...@8t8.us> +Date: Sat, 7 Jul 2018 19:03:44 -0700 +Subject: [PATCH] Properly quote IMAP mailbox names when (un)subscribing. + +When handling automatic subscription (via $imap_check_subscribed), or +manual subscribe/unsubscribe commands, mutt generating a "mailboxes" +command but failed to properly escape backquotes. + +Thanks to Jeriko One for the detailed bug report and patch, which this +commit is based upon. +--- + imap/command.c | 5 +++-- + imap/imap.c | 7 +++++-- + imap/imap_private.h | 3 ++- + imap/util.c | 25 ++++++++++++++++++++----- + 4 files changed, 30 insertions(+), 10 deletions(-) + +diff --git a/imap/command.c b/imap/command.c +index c8825981..c79d4f28 100644 +--- a/imap/command.c ++++ b/imap/command.c +@@ -842,8 +842,9 @@ static void cmd_parse_lsub (IMAP_DATA* idata, char* s) + + strfcpy (buf, "mailboxes \"", sizeof (buf)); + mutt_account_tourl (&idata->conn->account, &url); +- /* escape \ and " */ +- imap_quote_string(errstr, sizeof (errstr), list.name); ++ /* escape \ and ". Also escape ` because the resulting ++ * string will be passed to mutt_parse_rc_line. */ ++ imap_quote_string_and_backquotes (errstr, sizeof (errstr), list.name); + url.path = errstr + 1; + url.path[strlen(url.path) - 1] = '\0'; + if (!mutt_strcmp (url.user, ImapUser)) +diff --git a/imap/imap.c b/imap/imap.c +index 668203b8..c3a8ffd0 100644 +--- a/imap/imap.c ++++ b/imap/imap.c +@@ -1930,6 +1930,7 @@ int imap_subscribe (char *path, int subscribe) + char buf[LONG_STRING]; + char mbox[LONG_STRING]; + char errstr[STRING]; ++ int mblen; + BUFFER err, token; + IMAP_MBOX mx; + +@@ -1951,8 +1952,10 @@ int imap_subscribe (char *path, int subscribe) + mutt_buffer_init (&err); + err.data = errstr; + err.dsize = sizeof (errstr); +- snprintf (mbox, sizeof (mbox), "%smailboxes \"%s\"", +- subscribe ? "" : "un", path); ++ mblen = snprintf (mbox, sizeof (mbox), "%smailboxes ", ++ subscribe ? "" : "un"); ++ imap_quote_string_and_backquotes (mbox + mblen, sizeof(mbox) - mblen, ++ path); + if (mutt_parse_rc_line (mbox, &token, &err)) + dprint (1, (debugfile, "Error adding subscribed mailbox: %s\n", errstr)); + FREE (&token.data); +diff --git a/imap/imap_private.h b/imap/imap_private.h +index 312fbfe4..349c5a49 100644 +--- a/imap/imap_private.h ++++ b/imap/imap_private.h +@@ -301,7 +301,8 @@ char* imap_next_word (char* s); + time_t imap_parse_date (char* s); + void imap_make_date (char* buf, time_t timestamp); + void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path); +-void imap_quote_string (char* dest, size_t slen, const char* src); ++void imap_quote_string (char* dest, size_t dlen, const char* src); ++void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src); + void imap_unquote_string (char* s); + void imap_munge_mbox_name (IMAP_DATA *idata, char *dest, size_t dlen, const char *src); + void imap_unmunge_mbox_name (IMAP_DATA *idata, char *s); +diff --git a/imap/util.c b/imap/util.c +index 914c93c3..3274a70c 100644 +--- a/imap/util.c ++++ b/imap/util.c +@@ -608,11 +608,9 @@ void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path) + } + + +-/* imap_quote_string: quote string according to IMAP rules: +- * surround string with quotes, escape " and \ with \ */ +-void imap_quote_string (char *dest, size_t dlen, const char *src) ++static void _imap_quote_string (char *dest, size_t dlen, const char *src, ++ const char *to_quote) + { +- static const char quote[] = "\"\\"; + char *pt; + const char *s; + +@@ -625,7 +623,7 @@ void imap_quote_string (char *dest, size_t dlen, const char *src) + + for (; *s && dlen; s++) + { +- if (strchr (quote, *s)) ++ if (strchr (to_quote, *s)) + { + dlen -= 2; + if (!dlen) +@@ -643,6 +641,23 @@ void imap_quote_string (char *dest, size_t dlen, const char *src) + *pt = 0; + } + ++/* imap_quote_string: quote string according to IMAP rules: ++ * surround string with quotes, escape " and \ with \ */ ++void imap_quote_string (char *dest, size_t dlen, const char *src) ++{ ++ _imap_quote_string (dest, dlen, src, "\"\\"); ++} ++ ++/* imap_quote_string_and_backquotes: quote string according to IMAP rules: ++ * surround string with quotes, escape " and \ with \. ++ * Additionally, escape backquotes with \ to protect against code injection ++ * when using the resulting string in mutt_parse_rc_line(). ++ */ ++void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src) ++{ ++ _imap_quote_string (dest, dlen, src, "\"\\`"); ++} ++ + /* imap_unquote_string: equally stupid unquoting routine */ + void imap_unquote_string (char *s) + { +-- +2.18.0 + Copied: mutt/repos/extra-x86_64/0002-Sanitize-POP-bcache-paths.patch (from rev 328695, mutt/trunk/0002-Sanitize-POP-bcache-paths.patch) =================================================================== --- 0002-Sanitize-POP-bcache-paths.patch (rev 0) +++ 0002-Sanitize-POP-bcache-paths.patch 2018-07-15 19:57:13 UTC (rev 328696) @@ -0,0 +1,100 @@ +From 6aed28b40a0410ec47d40c8c7296d8d10bae7576 Mon Sep 17 00:00:00 2001 +From: Kevin McCarthy <ke...@8t8.us> +Date: Fri, 13 Jul 2018 11:16:33 -0700 +Subject: [PATCH] Sanitize POP bcache paths. + +Protect against bcache directory path traversal for UID values. + +Thanks for Jeriko One for the bug report and patch, which this commit +is based upon. +--- + pop.c | 31 +++++++++++++++++++++++++------ + 1 file changed, 25 insertions(+), 6 deletions(-) + +diff --git a/pop.c b/pop.c +index d9d95fbe..288166de 100644 +--- a/pop.c ++++ b/pop.c +@@ -40,6 +40,25 @@ + #define HC_FEXT "hcache" /* extension for hcache as POP lacks paths */ + #endif + ++/** ++ * cache_id - Make a message-cache-compatible id ++ * @param id POP message id ++ * @retval ptr Sanitised string ++ * ++ * The POP message id may contain '/' and other awkward characters. ++ * ++ * @note This function returns a pointer to a static buffer. ++ */ ++static const char *cache_id(const char *id) ++{ ++ static char clean[SHORT_STRING]; ++ ++ strfcpy (clean, id, sizeof(clean)); ++ mutt_sanitize_filename (clean, 1); ++ ++ return clean; ++} ++ + /* write line to file */ + static int fetch_message (char *line, void *file) + { +@@ -205,7 +224,7 @@ static int msg_cache_check (const char *id, body_cache_t *bcache, void *data) + /* message not found in context -> remove it from cache + * return the result of bcache, so we stop upon its first error + */ +- return mutt_bcache_del (bcache, id); ++ return mutt_bcache_del (bcache, cache_id (id)); + } + + #ifdef USE_HCACHE +@@ -355,7 +374,7 @@ static int pop_fetch_headers (CONTEXT *ctx) + * - if we also have a body: read + * - if we don't have a body: new + */ +- bcached = mutt_bcache_exists (pop_data->bcache, ctx->hdrs[i]->data) == 0; ++ bcached = mutt_bcache_exists (pop_data->bcache, cache_id (ctx->hdrs[i]->data)) == 0; + ctx->hdrs[i]->old = 0; + ctx->hdrs[i]->read = 0; + if (hcached) +@@ -531,7 +550,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) + unsigned short bcache = 1; + + /* see if we already have the message in body cache */ +- if ((msg->fp = mutt_bcache_get (pop_data->bcache, h->data))) ++ if ((msg->fp = mutt_bcache_get (pop_data->bcache, cache_id (h->data)))) + return 0; + + /* +@@ -578,7 +597,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) + MUTT_PROGRESS_SIZE, NetInc, h->content->length + h->content->offset - 1); + + /* see if we can put in body cache; use our cache as fallback */ +- if (!(msg->fp = mutt_bcache_put (pop_data->bcache, h->data, 1))) ++ if (!(msg->fp = mutt_bcache_put (pop_data->bcache, cache_id (h->data), 1))) + { + /* no */ + bcache = 0; +@@ -624,7 +643,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) + * portion of the headers, those required for the main display. + */ + if (bcache) +- mutt_bcache_commit (pop_data->bcache, h->data); ++ mutt_bcache_commit (pop_data->bcache, cache_id (h->data)); + else + { + cache->index = h->index; +@@ -704,7 +723,7 @@ static int pop_sync_mailbox (CONTEXT *ctx, int *index_hint) + snprintf (buf, sizeof (buf), "DELE %d\r\n", ctx->hdrs[i]->refno); + if ((ret = pop_query (pop_data, buf, sizeof (buf))) == 0) + { +- mutt_bcache_del (pop_data->bcache, ctx->hdrs[i]->data); ++ mutt_bcache_del (pop_data->bcache, cache_id (ctx->hdrs[i]->data)); + #if USE_HCACHE + mutt_hcache_delete (hc, ctx->hdrs[i]->data, strlen); + #endif +-- +2.18.0 + Copied: mutt/repos/extra-x86_64/0003-Selectively-cache-headers.patch (from rev 328695, mutt/trunk/0003-Selectively-cache-headers.patch) =================================================================== --- 0003-Selectively-cache-headers.patch (rev 0) +++ 0003-Selectively-cache-headers.patch 2018-07-15 19:57:13 UTC (rev 328696) @@ -0,0 +1,39 @@ +From 31eef6c766f47df8281942d19f76e35f475c781d Mon Sep 17 00:00:00 2001 +From: Richard Russon <r...@flatcap.org> +Date: Fri, 13 Jul 2018 11:33:16 -0700 +Subject: [PATCH] Selectively cache headers. + +Thanks to NeoMutt and Jeriko One for the patch, which was slightly +modified to apply to the Mutt code. +--- + imap/util.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/imap/util.c b/imap/util.c +index 27792944..d4cc2742 100644 +--- a/imap/util.c ++++ b/imap/util.c +@@ -84,6 +84,7 @@ header_cache_t* imap_hcache_open (IMAP_DATA* idata, const char* path) + ciss_url_t url; + char cachepath[LONG_STRING]; + char mbox[LONG_STRING]; ++ size_t len; + + if (path) + imap_cachepath (idata, path, mbox, sizeof (mbox)); +@@ -96,6 +97,12 @@ header_cache_t* imap_hcache_open (IMAP_DATA* idata, const char* path) + FREE (&mx.mbox); + } + ++ if (strstr(mbox, "/../") || (strcmp(mbox, "..") == 0) || (strncmp(mbox, "../", 3) == 0)) ++ return NULL; ++ len = strlen(mbox); ++ if ((len > 3) && (strcmp(mbox + len - 3, "/..") == 0)) ++ return NULL; ++ + mutt_account_tourl (&idata->conn->account, &url); + url.path = mbox; + url_ciss_tostring (&url, cachepath, sizeof (cachepath), U_PATH); +-- +2.18.0 + Deleted: PKGBUILD =================================================================== --- PKGBUILD 2018-07-15 19:56:48 UTC (rev 328695) +++ PKGBUILD 2018-07-15 19:57:13 UTC (rev 328696) @@ -1,47 +0,0 @@ -# $Id$ -# Contributor: tobias [tobias [at] archlinux.org] -# Maintainer: Gaetan Bisson <bis...@archlinux.org> - -pkgname=mutt -pkgver=1.10.0 -pkgrel=2 -pkgdesc='Small but very powerful text-based mail client' -url='http://www.mutt.org/' -license=('GPL') -backup=('etc/Muttrc') -arch=('x86_64') -optdepends=('smtp-forwarder: to send mail') -depends=('gpgme' 'ncurses' 'openssl' 'libsasl' 'gdbm' 'libidn' 'mime-types' 'krb5') -source=("http://ftp.mutt.org/pub/mutt/${pkgname}-${pkgver}.tar.gz"{,.asc}) -sha256sums=('0215b5f90ef9cc33441a6ca842379b64412ed7f8da83ed68bfaa319179f5535b' - 'SKIP') -validpgpkeys=('8975A9B33AA37910385C5308ADEF768480316BDA') - -build() { - cd "${srcdir}/${pkgname}-${pkgver}" - ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --enable-gpgme \ - --enable-pop \ - --enable-imap \ - --enable-smtp \ - --enable-hcache \ - --enable-sidebar \ - --with-curses=/usr \ - --with-regex \ - --with-gss=/usr \ - --with-ssl=/usr \ - --with-sasl \ - --with-idn \ - - make -} - -package() { - cd "${srcdir}/${pkgname}-${pkgver}" - make DESTDIR="${pkgdir}" install - - rm "${pkgdir}"/etc/mime.types{,.dist} - install -Dm644 contrib/gpg.rc "${pkgdir}"/etc/Muttrc.gpg.dist -} Copied: mutt/repos/extra-x86_64/PKGBUILD (from rev 328695, mutt/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2018-07-15 19:57:13 UTC (rev 328696) @@ -0,0 +1,60 @@ +# $Id$ +# Contributor: tobias [tobias [at] archlinux.org] +# Maintainer: Gaetan Bisson <bis...@archlinux.org> + +pkgname=mutt +pkgver=1.10.0 +pkgrel=3 +pkgdesc='Small but very powerful text-based mail client' +url='http://www.mutt.org/' +license=('GPL') +backup=('etc/Muttrc') +arch=('x86_64') +optdepends=('smtp-forwarder: to send mail') +depends=('gpgme' 'ncurses' 'openssl' 'libsasl' 'gdbm' 'libidn' 'mime-types' 'krb5') +source=("http://ftp.mutt.org/pub/mutt/${pkgname}-${pkgver}.tar.gz"{,.asc} + '0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch' + '0002-Sanitize-POP-bcache-paths.patch' + '0003-Selectively-cache-headers.patch') +sha256sums=('0215b5f90ef9cc33441a6ca842379b64412ed7f8da83ed68bfaa319179f5535b' + 'SKIP' + '2baf7f86317d2d395a73010e62bf68c9f4bfcb2c60f7ca89a77fd0518ee9c521' + '108b43a4f1c9ff4011a37653a48bb1ce4b6863ba7c10d550249a231a22b07472' + 'e9be583baaf2e23363c180dbea85a64b0b4c9c578953f328bb96a93ad9b4b7a5') +validpgpkeys=('8975A9B33AA37910385C5308ADEF768480316BDA') + +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -i ../0001-Properly-quote-IMAP-mailbox-names-when-un-subscribin.patch + patch -p1 -i ../0002-Sanitize-POP-bcache-paths.patch + patch -p1 -i ../0003-Selectively-cache-headers.patch +} + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --enable-gpgme \ + --enable-pop \ + --enable-imap \ + --enable-smtp \ + --enable-hcache \ + --enable-sidebar \ + --with-curses=/usr \ + --with-regex \ + --with-gss=/usr \ + --with-ssl=/usr \ + --with-sasl \ + --with-idn \ + + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + + rm "${pkgdir}"/etc/mime.types{,.dist} + install -Dm644 contrib/gpg.rc "${pkgdir}"/etc/Muttrc.gpg.dist +}