SECURITY FIX

This patch fixes a buffer overflow that can be triggered by incoming messages.
There are reports about spam that has actually triggered this problem and
crashed mutt.

bumped PKGNAME

noticed by markus@

mail/mutt/stable/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.16 2004/01/16 14:26:27 fgsch Exp $
+# $OpenBSD: Makefile,v 1.17 2004/02/11 19:19:47 sturm Exp $
 
 COMMENT=	"tty-based e-mail client"
 
 VERSION=	1.4.1
-DISTNAME=	mutt-${VERSION}i
+DISTNAME=	mutt-${VERSION}ip0
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.mutt.org/mutt/ \
 		ftp://ftp.gbnet.net/pub/mutt-international/ \
@@ -17,6 +17,7 @@ MODULES=	gettext
 
 MAINTAINER=	Federico Schwindt <fgsch@openbsd.org>
 
+# GPL
 PERMIT_PACKAGE_CDROM=	Yes
 PERMIT_PACKAGE_FTP=	Yes
 PERMIT_DISTFILES_CDROM=	Yes

mail/mutt/stable/patches/patch-menu_c

@@ -0,0 +1,39 @@
+$OpenBSD: patch-menu_c,v 1.1 2004/02/11 19:19:48 sturm Exp $
+--- menu.c.orig	2002-01-28 11:18:50.000000000 +0100
++++ menu.c	2004-02-11 20:03:43.000000000 +0100
+@@ -148,30 +148,13 @@ static void menu_make_entry (char *s, in
+     menu->make_entry (s, l, menu, i);
+ }
+ 
+-void menu_pad_string (char *s, size_t l)
++void menu_pad_string (char *s, size_t n)
+ {
+-  size_t n = mutt_strlen (s);
+   int shift = option (OPTARROWCURSOR) ? 3 : 0;
+-  
+-  l--; /* save room for the terminal \0 */
+-  if (l > COLS - shift)
+-    l = COLS - shift;
+-
+-  /* Let's just pad the string anyway ... */
+-  mutt_format_string (s, INT_MAX, l, l, 0, ' ', s, n, 1);
+-  return;
+-
+-#if !defined (HAVE_BKGDSET) && !defined (USE_SLANG_CURSES)
+-  /* we have to pad the string with blanks to the end of line */
+-  if (n < l)
+-  {
+-    while (n < l)
+-      s[n++] = ' ';
+-    s[n] = 0;
+-  }
+-  else
+-#endif
+-    s[l] = 0;
++  int cols = COLS - shift;
++
++  mutt_format_string (s, n, cols, cols, 0, ' ', s, strlen (s), 1);
++  s[n - 1] = 0;
+ }
+ 
+ void menu_redraw_full (MUTTMENU *menu)