diff options
| author | rodrigo <rodrigo@FreeBSD.org> | 2014-12-10 17:58:25 +0800 |
|---|---|---|
| committer | rodrigo <rodrigo@FreeBSD.org> | 2014-12-10 17:58:25 +0800 |
| commit | bfa8038ce316a6969cc8e1a8016ea022ed128947 (patch) | |
| tree | fcf618a5b62450d39ff0c3febe38956d298b71d0 /mail | |
| parent | 49cc7fc9106fb32c9e1e3f191e3a58c5988ade44 (diff) | |
| download | freebsd-ports-gnome-bfa8038ce316a6969cc8e1a8016ea022ed128947.tar.gz freebsd-ports-gnome-bfa8038ce316a6969cc8e1a8016ea022ed128947.tar.zst freebsd-ports-gnome-bfa8038ce316a6969cc8e1a8016ea022ed128947.zip | |
Update for mail/mutt: Fix security vulnerability CVE-2014-9116
PR: ports/195550
Submitted by: Udo.Schweigert@siemens.com (maintainer)
Obtained from: mutt
MFH: 2014Q4
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/mutt/Makefile | 2 | ||||
| -rw-r--r-- | mail/mutt/files/patch-CVE-2014-9116 | 43 |
2 files changed, 44 insertions, 1 deletions
diff --git a/mail/mutt/Makefile b/mail/mutt/Makefile index b41625e2d530..1156fb8f8bc2 100644 --- a/mail/mutt/Makefile +++ b/mail/mutt/Makefile @@ -3,7 +3,7 @@ PORTNAME= mutt PORTVERSION= 1.5.23 -PORTREVISION?= 6 +PORTREVISION?= 7 CATEGORIES+= mail ipv6 MASTER_SITES= ftp://ftp.mutt.org/mutt/ \ ftp://ftp.mutt.org/mutt/devel/ \ diff --git a/mail/mutt/files/patch-CVE-2014-9116 b/mail/mutt/files/patch-CVE-2014-9116 new file mode 100644 index 000000000000..830d606bfbe6 --- /dev/null +++ b/mail/mutt/files/patch-CVE-2014-9116 @@ -0,0 +1,43 @@ +# HG changeset patch +# User Kevin McCarthy <kevin@8t8.us> +# Date 1417472364 28800 +# Mon Dec 01 14:19:24 2014 -0800 +# Branch stable +# Node ID 54c59aaf88b9f6b50f1078fc6f7551fa9315ac3e +# Parent 1b583341d5ad677c8a1935eb4110eba27606878a +Revert write_one_header() to skip space and tab. (closes #3716) + +This patch fixes CVE-2014-9116 in the stable branch. It reverts +write_one_header() to the pre [f251d523ca5a] code for skipping +whitespace. + +Thanks to Antonio Radici and Tomas Hoger for their analysis and patches +to mutt, which this patch is based off of. + +diff --git a/sendlib.c b/sendlib.c +--- sendlib.c ++++ sendlib.c +@@ -1809,17 +1809,22 @@ + { + tagbuf = NULL; + valbuf = mutt_substrdup (start, end); + } + else + { + tagbuf = mutt_substrdup (start, t); + /* skip over the colon separating the header field name and value */ +- t = skip_email_wsp(t + 1); ++ ++t; ++ ++ /* skip over any leading whitespace (WSP, as defined in RFC5322) */ ++ while (*t == ' ' || *t == '\t') ++ t++; ++ + valbuf = mutt_substrdup (t, end); + } + dprint(4,(debugfile,"mwoh: buf[%s%s] too long, " + "max width = %d > %d\n", + NONULL(pfx), valbuf, max, wraplen)); + if (fold_one_header (fp, tagbuf, valbuf, pfx, wraplen, flags) < 0) + return -1; + FREE (&tagbuf); |