gnu: mutt: Add fix for CVE-2014-9116.
* gnu/packages/patches/mutt-CVE-2014-9116.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/mail.scm (mutt): Add patch.
This commit is contained in:
parent
2d2301e37a
commit
63d526e268
@ -420,6 +420,7 @@ dist_patch_DATA = \
|
||||
gnu/packages/patches/mpc123-initialize-ao.patch \
|
||||
gnu/packages/patches/module-init-tools-moduledir.patch \
|
||||
gnu/packages/patches/mupdf-buildsystem-fix.patch \
|
||||
gnu/packages/patches/mutt-CVE-2014-9116.patch \
|
||||
gnu/packages/patches/net-tools-bitrot.patch \
|
||||
gnu/packages/patches/nvi-assume-preserve-path.patch \
|
||||
gnu/packages/patches/orpheus-cast-errors-and-includes.patch \
|
||||
|
@ -174,7 +174,8 @@ aliasing facilities to work just as they would on normal mail.")
|
||||
version ".tar.gz")))
|
||||
(sha256
|
||||
(base32
|
||||
"0dzx4qk50pjfsb6cs5jahng96a52k12f7pm0sc78iqdrawg71w1s"))))
|
||||
"0dzx4qk50pjfsb6cs5jahng96a52k12f7pm0sc78iqdrawg71w1s"))
|
||||
(patches (list (search-patch "mutt-CVE-2014-9116.patch")))))
|
||||
(build-system gnu-build-system)
|
||||
(inputs
|
||||
`(("cyrus-sasl" ,cyrus-sasl)
|
||||
|
46
gnu/packages/patches/mutt-CVE-2014-9116.patch
Normal file
46
gnu/packages/patches/mutt-CVE-2014-9116.patch
Normal file
@ -0,0 +1,46 @@
|
||||
Fix CVE-2014-9116. Copied from Debian:
|
||||
|
||||
This patch solves the issue raised by CVE-2014-9116 in bug 771125.
|
||||
|
||||
We correctly redefine what are the whitespace characters as per RFC5322; by
|
||||
doing so we prevent mutt_substrdup from being used in a way that could lead to
|
||||
a segfault.
|
||||
|
||||
The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
|
||||
crashes due to this kind of bugs from happening again.
|
||||
|
||||
The wheezy version of this patch is slightly different, therefore this patch
|
||||
has -jessie prefixed in its name.
|
||||
|
||||
The sendlib.c part was provided by Salvatore Bonaccorso and it is the same as
|
||||
the upstream patch reported here:
|
||||
http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable.patch
|
||||
|
||||
--- a/lib.c
|
||||
+++ b/lib.c
|
||||
@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
|
||||
size_t len;
|
||||
char *p;
|
||||
|
||||
+ if (end != NULL && end < begin)
|
||||
+ return NULL;
|
||||
+
|
||||
if (end)
|
||||
len = end - begin;
|
||||
else
|
||||
--- a/sendlib.c
|
||||
+++ b/sendlib.c
|
||||
@@ -1814,7 +1814,12 @@ static int write_one_header (FILE *fp, i
|
||||
{
|
||||
tagbuf = mutt_substrdup (start, t);
|
||||
/* skip over the colon separating the header field name and value */
|
||||
- t = skip_email_wsp(t + 1);
|
||||
+ ++t;
|
||||
+
|
||||
+ /* skip over any leading whitespace (WSP, as defined in RFC5322) */
|
||||
+ while (*t == ' ' || *t == '\t')
|
||||
+ t++;
|
||||
+
|
||||
valbuf = mutt_substrdup (t, end);
|
||||
}
|
||||
dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "
|
Loading…
Reference in New Issue
Block a user