diff options
| author | jim <jim@FreeBSD.org> | 2002-01-02 11:39:09 +0800 |
|---|---|---|
| committer | jim <jim@FreeBSD.org> | 2002-01-02 11:39:09 +0800 |
| commit | f4b12aff781b0b9ec10645078d8aab84be1a8a06 (patch) | |
| tree | 568ced0dcb644dfdc5ec806c9101782fc23b462d /mail | |
| parent | 09165e98e44fa03e8c88fe063aa428c70aa9e9ab (diff) | |
| download | freebsd-ports-gnome-f4b12aff781b0b9ec10645078d8aab84be1a8a06.tar.gz freebsd-ports-gnome-f4b12aff781b0b9ec10645078d8aab84be1a8a06.tar.zst freebsd-ports-gnome-f4b12aff781b0b9ec10645078d8aab84be1a8a06.zip | |
Fix a newly found security flaw.
Submitted by: maintainer
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/mutt-devel/Makefile | 15 | ||||
| -rw-r--r-- | mail/mutt-devel/files/extra-patch-inews | 8 | ||||
| -rw-r--r-- | mail/mutt-devel/files/patch-rfc822-security | 105 |
3 files changed, 120 insertions, 8 deletions
diff --git a/mail/mutt-devel/Makefile b/mail/mutt-devel/Makefile index 3b4d93e776b7..1338b5b3b909 100644 --- a/mail/mutt-devel/Makefile +++ b/mail/mutt-devel/Makefile @@ -8,7 +8,7 @@ PORTNAME= mutt-devel PORTVERSION= 1.3.24 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES+= mail .if defined(WITH_MUTT_NNTP) CATEGORIES+= news @@ -89,12 +89,10 @@ USE_OPENSSL= yes BUILD_DEPENDS+= sgmlfmt:${PORTSDIR}/textproc/sgmlformat .endif .if defined(WITH_MUTT_NNTP) -.if ! exists(${LOCALBASE}/bin/inews) -BUILD_DEPENDS+= nn-inews:${PORTSDIR}/news/nn +BUILD_DEPENDS+= ${LOCALBASE}/news/bin/inews:${PORTSDIR}/news/inn pre-configure:: ${PATCH} ${PATCH_ARGS} < ${PATCHDIR}/extra-patch-inews .endif -.endif .if defined(WITH_MUTT_CYRUS_SASL) LIB_DEPENDS+= sasl.8:${PORTSDIR}/security/cyrus-sasl .endif @@ -813,5 +811,14 @@ post-install: ${INSTALL_MAN} ${WRKSRC}/doc/*.latin1 ${PREFIX}/share/doc/mutt .endif .endif +.if defined(WITH_MUTT_NNTP) + @${ECHO} + @${ECHO} "------------------------------------------------" + @${ECHO} "Be sure to define NNTPSERVER in your environment" + @${ECHO} "and to be part of the group news in /etc/group" + @${ECHO} "if you want to post news with mutt" + @${ECHO} "------------------------------------------------" + @${ECHO} +.endif .include <bsd.port.post.mk> diff --git a/mail/mutt-devel/files/extra-patch-inews b/mail/mutt-devel/files/extra-patch-inews index 512388f813f5..cce61d6018b9 100644 --- a/mail/mutt-devel/files/extra-patch-inews +++ b/mail/mutt-devel/files/extra-patch-inews @@ -1,11 +1,11 @@ ---- configure.in.orig2 Mon Oct 29 10:12:28 2001 -+++ configure.in Mon Oct 29 10:16:16 2001 -@@ -456,7 +456,7 @@ +--- configure.in.orig2 Tue Jan 1 23:00:00 2002 ++++ configure.in Tue Jan 1 23:01:04 2002 +@@ -457,7 +457,7 @@ AC_ARG_ENABLE(nntp, [ --enable-nntp Enable NNTP support], [ if test x$enableval = xyes ; then AC_DEFINE(USE_NNTP) - AC_PATH_PROG(INEWS, inews, no, $PATH:/usr/sbin:/usr/lib) -+ AC_PATH_PROG(INEWS, nn-inews, no, $PATH:/usr/sbin:/usr/lib) ++ AC_PATH_PROG(INEWS, inews, no, $PATH:/usr/local/news/bin:/usr/sbin:/usr/lib) AC_DEFINE_UNQUOTED(INEWS, "$ac_cv_path_INEWS -hS") MUTT_LIB_OBJECTS="$MUTT_LIB_OBJECTS nntp.o newsrc.o" need_socket="yes" diff --git a/mail/mutt-devel/files/patch-rfc822-security b/mail/mutt-devel/files/patch-rfc822-security new file mode 100644 index 000000000000..ccb3e1768f79 --- /dev/null +++ b/mail/mutt-devel/files/patch-rfc822-security @@ -0,0 +1,105 @@ +--- rfc822.c.orig Wed Jan 17 09:53:12 2001 ++++ rfc822.c Tue Jan 1 22:29:12 2002 +@@ -33,6 +33,12 @@ + #include "rfc822.h" + #endif + ++#define terminate_string(a, b, c) do { if ((b) < (c)) a[(b)] = 0; else \ ++ a[(c)] = 0; } while (0) ++ ++#define terminate_buffer(a, b) terminate_string(a, b, sizeof (a) - 1) ++ ++ + const char RFC822Specials[] = "@.,:;<>[]\\\"()"; + #define is_special(x) strchr(RFC822Specials,x) + +@@ -227,12 +233,12 @@ + return NULL; + } + +- token[*tokenlen] = 0; ++ terminate_string (token, *tokenlen, tokenmax); + addr->mailbox = safe_strdup (token); + + if (*commentlen && !addr->personal) + { +- comment[*commentlen] = 0; ++ terminate_string (comment, *commentlen, commentmax); + addr->personal = safe_strdup (comment); + } + +@@ -320,9 +326,6 @@ + *last = cur; + } + +-#define terminate_string(a, b) do { if (b < sizeof(a) - 1) a[b] = 0; else \ +- a[sizeof(a) - 1] = 0; } while (0) +- + ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s) + { + const char *begin, *ps; +@@ -344,12 +347,12 @@ + { + if (phraselen) + { +- terminate_string (phrase, phraselen); ++ terminate_buffer (phrase, phraselen); + add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1); + } + else if (commentlen && last && !last->personal) + { +- terminate_string (comment, commentlen); ++ terminate_buffer (comment, commentlen); + last->personal = safe_strdup (comment); + } + +@@ -377,7 +380,7 @@ + else if (*s == ':') + { + cur = rfc822_new_address (); +- terminate_string (phrase, phraselen); ++ terminate_buffer (phrase, phraselen); + cur->mailbox = safe_strdup (phrase); + cur->group = 1; + +@@ -401,12 +404,12 @@ + { + if (phraselen) + { +- terminate_string (phrase, phraselen); ++ terminate_buffer (phrase, phraselen); + add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1); + } + else if (commentlen && last && !last->personal) + { +- terminate_string (phrase, phraselen); ++ terminate_buffer (phrase, phraselen); + last->personal = safe_strdup (comment); + } + #ifdef EXACT_ADDRESS +@@ -430,7 +433,7 @@ + } + else if (*s == '<') + { +- terminate_string (phrase, phraselen); ++ terminate_buffer (phrase, phraselen); + cur = rfc822_new_address (); + if (phraselen) + { +@@ -473,13 +476,13 @@ + + if (phraselen) + { +- terminate_string (phrase, phraselen); +- terminate_string (comment, commentlen); ++ terminate_buffer (phrase, phraselen); ++ terminate_buffer (comment, commentlen); + add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1); + } + else if (commentlen && last && !last->personal) + { +- terminate_string (comment, commentlen); ++ terminate_buffer (comment, commentlen); + last->personal = safe_strdup (comment); + } + #ifdef EXACT_ADDRESS |