OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 20-Mar-2003 16:07:00
Branch: OPENPKG_1_2_SOLID Handle: 2003032015065900
Added files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/mutt mutt.patch
Modified files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/mutt mutt.spec
Log:
OpenPKG-SA-2003.025-mutt
Summary:
Revision Changes Path
1.1.2.1 +82 -0 openpkg-src/mutt/mutt.patch
1.41.2.1.2.2+3 -1 openpkg-src/mutt/mutt.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/mutt/mutt.patch
============================================================================
$ cvs diff -u -r0 -r1.1.2.1 mutt.patch
--- /dev/null 2003-03-20 16:07:00.000000000 +0100
+++ mutt.patch 2003-03-20 16:07:00.000000000 +0100
@@ -0,0 +1,82 @@
+http://www.corest.com/common/showdoc.php?idx=310&idxseccion=10
+
+http://marc.theaimsgroup.com/?l=bugtraq&m=104812904712828&w=2
+ Mutt versions 1.4.1 and 1.5.4 have just been released and will soon
+ be available from ftp://ftp.mutt.org/mutt/.
+
+ Both versions fix a buffer overflow in mutt's IMAP client code which
+ was identified by Core Security Technologies, and fixed by Edmund
+ Grimley Evans. A more detailed advisory will be published by Core
+ Security.
+
+ChangeLog
+ mutt/imap/utf7.c:
+ From: Edmund GRIMLEY EVANS
+ Fix a buffer overflow in utf8_to_utf7
+
+--- mutt-1.4/browser.c Thu Mar 20 15:22:46 2003
++++ mutt-1.4.1/browser.c Thu Mar 20 15:24:13 2003
+@@ -192,25 +192,27 @@
+ break;
+
+ case 'f':
++ {
++ char *s;
+ #ifdef USE_IMAP
+ if (folder->ff->imap)
+- strfcpy (fn, NONULL(folder->ff->desc), sizeof (fn));
++ s = NONULL (folder->ff->desc);
+ else
+ #endif
+- strfcpy (fn, folder->ff->name, sizeof(fn));
+- if (folder->ff->st != NULL)
+- {
+- strcat (fn, S_ISLNK (folder->ff->st->st_mode) ? "@" : /*
__STRCAT_CHECKED__ */
+- (S_ISDIR (folder->ff->st->st_mode) ? "/" :
+- ((folder->ff->st->st_mode & S_IXUSR) != 0 ? "*" : "")));
+- }
++ s = NONULL (folder->ff->name);
++
++ snprintf (fn, sizeof (fn), "%s%s", s,
++ folder->ff->st ? (S_ISLNK (folder->ff->st->st_mode) ? "@" :
++ (S_ISDIR (folder->ff->st->st_mode) ? "/" :
++ ((folder->ff->st->st_mode & S_IXUSR) != 0 ? "*" :
""))) : "");
++
+ mutt_format_s (dest, destlen, fmt, fn);
+ break;
+-
++ }
+ case 'F':
+ if (folder->ff->st != NULL)
+ {
+- sprintf (permission, "%c%c%c%c%c%c%c%c%c%c",
++ snprintf (permission, sizeof (permission), "%c%c%c%c%c%c%c%c%c%c",
+ S_ISDIR(folder->ff->st->st_mode) ? 'd' : (S_ISLNK(folder->ff->st->st_mode)
? 'l' : '-'),
+ (folder->ff->st->st_mode & S_IRUSR) != 0 ? 'r': '-',
+ (folder->ff->st->st_mode & S_IWUSR) != 0 ? 'w' : '-',
+@@ -227,8 +229,8 @@
+ else if (folder->ff->imap)
+ {
+ /* mark folders with subfolders AND mail */
+- sprintf (permission, "IMAP %c",
+- (folder->ff->inferiors && folder->ff->selectable) ? '+' : ' ');
++ snprintf (permission, sizeof (permission), "IMAP %c",
++ (folder->ff->inferiors && folder->ff->selectable) ? '+' : ' ');
+ mutt_format_s (dest, destlen, fmt, permission);
+ }
+ #endif
+--- mutt-1.4/imap/utf7.c Tue Feb 13 23:06:16 2001
++++ mutt-1.4.1/imap/utf7.c Wed Mar 19 22:33:30 2003
+@@ -149,7 +149,11 @@
+ int n, i, b = 0, k = 0;
+ int base64 = 0;
+
+- p = buf = safe_malloc (u8len * 2 + 1);
++ /*
++ * In the worst case we convert 2 chars to 7 chars. For example:
++ * "\x10&\x10&..." -> "&ABA-&-&ABA-&-...".
++ */
++ p = buf = safe_malloc ((u8len / 2) * 7 + 6);
+
+ while (u8len)
+ {
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/mutt/mutt.spec
============================================================================
$ cvs diff -u -r1.41.2.1.2.1 -r1.41.2.1.2.2 mutt.spec
--- openpkg-src/mutt/mutt.spec 18 Jan 2003 17:21:04 -0000 1.41.2.1.2.1
+++ openpkg-src/mutt/mutt.spec 20 Mar 2003 15:06:59 -0000 1.41.2.1.2.2
@@ -36,7 +36,7 @@
Group: Mail
License: BSD
Version: %{V_mutt}i
-Release: 1.2.0
+Release: 1.2.1
# build options
%option with_comp no
@@ -48,6 +48,7 @@
Source2: muttrc
Patch0:
ftp://ftp.mutt.org.ua/pub/mutt/mutt-%{V_mutt}/patch-%{V_mutt}.rr.compressed.gz
Patch1:
ftp://ftp.mutt.org.ua/pub/mutt/mutt-%{V_mutt}/patch-%{V_mutt}.vvv.nntp.gz
+Patch2: mutt.patch
# build information
Prefix: %{l_prefix}
@@ -70,6 +71,7 @@
%if "%{with_nntp}" == "yes"
%patch1 -p1
%endif
+ %patch2 -p1
%build
# configure for particular platform
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
