Add ported Mutt 1.5.11 IMAP buffer overflow patch (bug #138125)

(Portage version: 2.1-r1)

4 files changed, 208 insertions, 1 deletions

diff --git a/mail-client/muttng/ChangeLog b/mail-client/muttng/ChangeLog
index 6f6997a78df3..f53482ce600d 100644
--- a/mail-client/muttng/ChangeLog
+++ b/mail-client/muttng/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for mail-client/muttng
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/muttng/ChangeLog,v 1.20 2006/06/20 16:54:17 grobian Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/muttng/ChangeLog,v 1.21 2006/06/27 17:08:45 grobian Exp $
+
+*muttng-20060619-r1 (27 Jun 2006)
+
+  27 Jun 2006; Fabian Groffen <grobian@gentoo.org>
+  +files/muttng-20060619-imap-browse.patch, +muttng-20060619-r1.ebuild:
+  Add ported Mutt 1.5.11 IMAP buffer overflow patch (bug #138125)
 
 *muttng-20060619 (20 Jun 2006)
 
diff --git a/mail-client/muttng/files/digest-muttng-20060619-r1 b/mail-client/muttng/files/digest-muttng-20060619-r1
new file mode 100644
index 000000000000..84316cfe55d5
--- /dev/null
+++ b/mail-client/muttng/files/digest-muttng-20060619-r1
@@ -0,0 +1,3 @@
+MD5 7bc0c3fc4f1bfb28ec20c256e92cc41c muttng-20060619.tar.gz 2734131
+RMD160 d482eddb7ac5e1998faa570a496b14f85ff1eef1 muttng-20060619.tar.gz 2734131
+SHA256 151a99dd4c2b91805885c13b78e35e0f2f24ff01ff459945ca5d783a11c293a2 muttng-20060619.tar.gz 2734131
diff --git a/mail-client/muttng/files/muttng-20060619-imap-browse.patch b/mail-client/muttng/files/muttng-20060619-imap-browse.patch
new file mode 100644
index 000000000000..001a218869b9
--- /dev/null
+++ b/mail-client/muttng/files/muttng-20060619-imap-browse.patch
@@ -0,0 +1,38 @@
+commit 850d4a6b78730344ad7bb1d2a04cfcd35def3fec
+Author: brendan <brendan>
+Date:   Mon Jun 19 18:14:03 2006 +0000
+
+    From: TAKAHASHI Tamotsu <tamo@momonga-linux.org>
+    
+    Fix browse_get_namespace() which could overflow ns[LONG_STRING].
+    (Possible remote vulnerability)
+
+Fabian Groffen <grobian@gentoo.org>:
+* ported Mutt 1.5.11 patch to muttng-r804 (20060619)
+
+--- imap/browse.c
++++ imap/browse.c
+@@ -481,7 +481,7 @@
+ 
+             if (*s == '\"') {
+               s++;
+-              while (*s && *s != '\"') {
++              while (*s && *s != '\"' && n < (sizeof(ns) - 1)) {
+                 if (*s == '\\')
+                   s++;
+                 ns[n++] = *s;
+@@ -491,11 +491,13 @@
+                 s++;
+             }
+             else
+-              while (*s && !ISSPACE (*s)) {
++              while (*s && !ISSPACE (*s) && n < (sizeof(ns) - 1)) {
+                 ns[n++] = *s;
+                 s++;
+               }
+             ns[n] = '\0';
++            if (n == (sizeof(ns) - 1))
++              debug_print (1, ("browse_get_namespace: too long: [%s]\n", ns));
+             /* delim? */
+             s = imap_next_word (s);
+             /* delimiter is meaningless if namespace is "". Why does
diff --git a/mail-client/muttng/muttng-20060619-r1.ebuild b/mail-client/muttng/muttng-20060619-r1.ebuild
new file mode 100644
index 000000000000..da97c100cf39
--- /dev/null
+++ b/mail-client/muttng/muttng-20060619-r1.ebuild
@@ -0,0 +1,160 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-client/muttng/muttng-20060619-r1.ebuild,v 1.1 2006/06/27 17:08:45 grobian Exp $
+
+inherit eutils flag-o-matic
+
+DESCRIPTION="mutt-ng -- fork of mutt with added features"
+HOMEPAGE="http://www.muttng.org/"
+SRC_URI="http://nion.modprobe.de/mutt-ng/snapshots/${P}.tar.gz"
+IUSE="berkdb buffysize cjk crypt debug gdbm gnutls gpgme idn imap mbox nls nntp pop qdbm sasl slang smime smtp ssl doc"
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc-macos ~sparc ~x86"
+RDEPEND="nls? ( sys-devel/gettext )
+	>=sys-libs/ncurses-5.2
+	idn?     ( net-dns/libidn )
+	qdbm?	 ( dev-db/qdbm )
+	!qdbm?	 (
+		gdbm?  ( sys-libs/gdbm )
+		!gdbm? ( berkdb? ( >=sys-libs/db-4 ) )
+	)
+	slang?   ( >=sys-libs/slang-1.4.2 )
+	smtp?    ( net-libs/libesmtp )
+	imap?    (
+		gnutls?  ( >=net-libs/gnutls-1.0.17 )
+		!gnutls? ( ssl? ( >=dev-libs/openssl-0.9.6 ) )
+		sasl?    ( >=dev-libs/cyrus-sasl-2 )
+	)
+	pop?     (
+		gnutls?  ( >=net-libs/gnutls-1.0.17 )
+		!gnutls? ( ssl? ( >=dev-libs/openssl-0.9.6 ) )
+		sasl?    ( >=dev-libs/cyrus-sasl-2 )
+	)
+	gpgme?   ( >=app-crypt/gpgme-0.9.0 )
+	doc?     (
+		www-client/lynx
+		dev-libs/libxslt
+		app-text/htmltidy
+		app-text/openjade
+		virtual/tetex
+	)"
+DEPEND="${RDEPEND}
+	net-mail/mailbase"
+#	sys-devel/automake
+#	>=sys-devel/autoconf-2.5
+
+src_unpack() {
+	unpack ${A}                     || die "unpack failed"
+	cd "${S}"
+	epatch "${FILESDIR}/${PN}"-20060309-smarttime.patch
+	epatch "${FILESDIR}/${PN}"-20060317-sigremovereply.patch
+
+	# Fix possible vulnerability see bug #138125
+	epatch "${FILESDIR}/${P}"-imap-browse.patch
+
+	use doc || epatch "${FILESDIR}/${PN}"-20060309-nodoc.patch
+
+#	aclocal -I m4					|| die "aclocal failed"
+#	autoheader						|| die "autoheader failed"
+#	emake -C m4 -f Makefile.am.in	|| die "emake in m4 failed"
+#	automake --foreign				|| die "automake failed"
+#	WANT_AUTOCONF=2.5 autoconf		|| die "autoconf failed"
+}
+
+src_compile() {
+	declare myconf="
+		$(use_enable nls) \
+		$(use_enable gpgme) \
+		$(use_enable imap) \
+		$(use_enable pop) \
+		$(use_enable crypt pgp) \
+		$(use_enable smime) \
+		$(use_enable cjk default-japanese) \
+		$(use_enable debug) \
+		$(use_enable nntp) \
+		$(use_with idn) \
+		$(use_with smtp libesmtp) \
+		--enable-compressed \
+		--sysconfdir=/etc/${PN} \
+		--with-docdir=/usr/share/doc/${PN}-${PVR} \
+		--with-regex \
+		--disable-fcntl --enable-flock --enable-nfs-fix \
+		--with-mixmaster \
+		--without-sasl \
+		--enable-external-dotlock"
+
+	# muttng prioritizes qdbm over gdbm, so we will too.
+	# hcache feature requires at least one database is in USE.
+	if use qdbm; then
+		myconf="${myconf} --enable-hcache \
+			--with-qdbm --without-gdbm --without-bdb"
+	elif use gdbm; then
+		myconf="${myconf} --enable-hcache \
+			--with-gdbm --without-qdbm --without-bdb"
+	elif use berkdb; then
+		myconf="${myconf} --enable-hcache \
+			--with-bdb --without-gdbm --without-qdbm"
+	else
+		myconf="${myconf} --disable-hcache \
+			--without-gdbm --without-qdbm --without-bdb"
+	fi
+
+	# there's no need for gnutls or ssl without either pop or imap.
+	# in fact mutt's configure will bail if you do:
+	#   --without-pop --without-imap --with-ssl
+	if use pop || use imap; then
+		if use gnutls; then
+			myconf="${myconf} --with-gnutls"
+		elif use ssl; then
+			myconf="${myconf} --with-ssl"
+		fi
+		# not sure if this should be mutually exclusive with the other two
+		myconf="${myconf} $(use_with sasl sasl2)"
+	else
+		myconf="${myconf} --without-gnutls --without-ssl --without-sasl2"
+	fi
+
+	# See Bug #11170
+	case ${ARCH} in
+		alpha|ppc) replace-flags "-O[3-9]" "-O2" ;;
+	esac
+
+	if use buffysize; then
+		ewarn "USE=buffy-size is just a workaround. Disable it if you don't need it."
+		myconf="${myconf} --enable-buffy-size"
+	fi
+
+	if use slang; then
+		myconf="${myconf} --with-slang"
+		ewarn "If you want a transparent background, merge ${PN} with USE=-slang."
+	else
+		# --without-slang doesn't work;
+		# specify --with-curses if you don't want slang
+		# (26 Sep 2001 agriffis)
+		myconf="${myconf} --with-curses"
+	fi
+
+	if use mbox; then
+		myconf="${myconf} --with-mailpath=/var/spool/mail"
+	else
+		myconf="${myconf} --with-homespool=Maildir"
+	fi
+
+	econf ${myconf}
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "install failed"
+	find "${D}"/usr/share/doc -type f | grep -v "html\|manual" | xargs gzip
+
+	dodoc COPYRIGHT ChangeLog NEWS OPS* PATCHES README* TODO
+}
+
+pkg_postinst() {
+	echo
+	einfo "NOTE: muttng is still under heavy development"
+	einfo "If you find a bug please report at http://bugs.gentoo.org"
+	echo
+}