pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/mutt-devel Add a fix for Fix CVE-2007-2683
details: https://anonhg.NetBSD.org/pkgsrc/rev/47243b1d9ccd
branches: trunk
changeset: 529205:47243b1d9ccd
user: tonio <tonio%pkgsrc.org@localhost>
date: Sun May 27 17:39:47 2007 +0000
description:
Add a fix for Fix CVE-2007-2683
Bump PKGREVISION
Use signed arithmetic in mutt_gecos_name to avoid an overflow.
>From http://dev.mutt.org/hg/mutt/rev/47d08903b79b
And trac: http://dev.mutt.org/trac/ticket/2885
diffstat:
mail/mutt-devel/Makefile | 3 ++-
mail/mutt-devel/distinfo | 3 ++-
mail/mutt-devel/options.mk | 6 +++---
mail/mutt-devel/patches/patch-am | 17 +++++++++++++++++
4 files changed, 24 insertions(+), 5 deletions(-)
diffs (68 lines):
diff -r 30ec0ddfba2a -r 47243b1d9ccd mail/mutt-devel/Makefile
--- a/mail/mutt-devel/Makefile Sun May 27 13:34:34 2007 +0000
+++ b/mail/mutt-devel/Makefile Sun May 27 17:39:47 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2007/04/21 18:27:21 tonio Exp $
+# $NetBSD: Makefile,v 1.59 2007/05/27 17:39:47 tonio Exp $
DISTNAME= mutt-1.5.15
+PKGREVISION= 1
CATEGORIES= mail
MUTT_SITES= ftp://ftp.mutt.org/mutt/ \
ftp://ftp.stealth.net/pub/mirrors/ftp.mutt.org/pub/mutt/ \
diff -r 30ec0ddfba2a -r 47243b1d9ccd mail/mutt-devel/distinfo
--- a/mail/mutt-devel/distinfo Sun May 27 13:34:34 2007 +0000
+++ b/mail/mutt-devel/distinfo Sun May 27 17:39:47 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.39 2007/04/21 18:27:21 tonio Exp $
+$NetBSD: distinfo,v 1.40 2007/05/27 17:39:47 tonio Exp $
SHA1 (mutt-1.5.15.tar.gz) = 1adabf6e07e099bb664c83e3c0100bbbdfec7a9a
RMD160 (mutt-1.5.15.tar.gz) = 0cc084d2fcdabc0bc41632fcff90703c206de3db
@@ -15,3 +15,4 @@
SHA1 (patch-ah) = 4227c5768b900e58fa4a679e6ad67efc974a70b5
SHA1 (patch-ai) = 9cbd895520d94d11655c57c01d3e8b4150f0e9bb
SHA1 (patch-al) = d4dae28192d7a3b3fad316d9f31ab69106eac9c2
+SHA1 (patch-am) = e481e4f76da79e71ed94090cb049f51f91d9a2b5
diff -r 30ec0ddfba2a -r 47243b1d9ccd mail/mutt-devel/options.mk
--- a/mail/mutt-devel/options.mk Sun May 27 13:34:34 2007 +0000
+++ b/mail/mutt-devel/options.mk Sun May 27 17:39:47 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.24 2007/04/21 18:27:21 tonio Exp $
+# $NetBSD: options.mk,v 1.25 2007/05/27 17:39:47 tonio Exp $
# Global and legacy options
@@ -100,9 +100,9 @@
### Internal SMTP relay support
###
.if !empty(PKG_OPTIONS:Mmutt-smtp)
-CONFIGURE_ARGS+= --enable-smtp
+CONFIGURE_ARGS+= --enable-smtp
.else
-CONFIGURE_ARGS+= --disable-smtp
+CONFIGURE_ARGS+= --disable-smtp
.endif
###
diff -r 30ec0ddfba2a -r 47243b1d9ccd mail/mutt-devel/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/mutt-devel/patches/patch-am Sun May 27 17:39:47 2007 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-am,v 1.3 2007/05/27 17:39:48 tonio Exp $
+
+Use signed arithmetic in mutt_gecos_name to avoid an overflow.
+From http://dev.mutt.org/hg/mutt/rev/47d08903b79b
+Fix CVE-2007-2683
+
+--- muttlib.c.orig 2007-04-03 19:52:56.000000000 +0200
++++ muttlib.c
+@@ -540,7 +540,7 @@ char *mutt_gecos_name (char *dest, size_
+ if (dest[idx] == '&')
+ {
+ memmove (&dest[idx + pwnl], &dest[idx + 1],
+- MAX(destlen - idx - pwnl - 1, 0));
++ MAX((ssize_t)(destlen - idx - pwnl - 1), 0));
+ memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
+ dest[idx] = toupper ((unsigned char) dest[idx]);
+ }
Home |
Main Index |
Thread Index |
Old Index