fix buffer overflow issue (CVE-2014-0567), bug #504462

Package-Manager: portage-2.2.8-r1/cvs/Linux x86_64 Manifest-Sign-Key: 0xEAD50D64D8D3571A!
author: Alexander Vershilov <qnikst@gentoo.org> 2014-03-13 20:45:28 +0000
committer: Alexander Vershilov <qnikst@gentoo.org> 2014-03-13 20:45:28 +0000
commit: 71ce5893721320b2c0b7341716221ca050a994f0 (patch)
tree: 7be883b40534b59c47d6eff0aa4d8ae732706f7c /mail-client
parent: added ~x64-macos (tested by me) (diff)
download: historical-71ce5893721320b2c0b7341716221ca050a994f0.tar.gz
historical-71ce5893721320b2c0b7341716221ca050a994f0.tar.bz2
historical-71ce5893721320b2c0b7341716221ca050a994f0.zip
4 files changed, 46 insertions, 11 deletions
diff --git a/mail-client/mutt/ChangeLog b/mail-client/mutt/ChangeLog
index ef92ae3c63b9..1433c4ffd6cc 100644
--- a/mail-client/mutt/ChangeLog
+++ b/mail-client/mutt/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for mail-client/mutt
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/mutt/ChangeLog,v 1.253 2014/03/09 11:45:53 grobian Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/mutt/ChangeLog,v 1.254 2014/03/13 20:44:53 qnikst Exp $
+
+*mutt-1.5.22-r3 (13 Mar 2014)
+
+  13 Mar 2014; Alexander Vershilov <qnikst@gentoo.org>
+  +files/mutt-1.5.22-cve-2014-0567.patch, +mutt-1.5.22-r3.ebuild,
+  -mutt-1.5.22-r2.ebuild:
+  fix buffer overflow issue (CVE-2014-0567), bug #504462
 
 *mutt-1.5.22-r2 (09 Mar 2014)
 
diff --git a/mail-client/mutt/Manifest b/mail-client/mutt/Manifest
index 576d37ec821f..3ccdbe206d02 100644
--- a/mail-client/mutt/Manifest
+++ b/mail-client/mutt/Manifest
@@ -3,22 +3,29 @@ Hash: SHA256
 
 AUX Muttrc 667 SHA256 932940db69c951caaa87a17ee98a8e2262aeadf1e978f6d671b642184c5d545f SHA512 b64d6e857f0c7de2e2e5b23cecd869f8a9807aa827ad6221e3c5864b2a31fb0136aeaf09ffdb2549645507fe92f724774a80395b6ab2345068903f5ee1269f29 WHIRLPOOL 91275eb31729bf72bcc29eaa61f72c88f8a75bc5e8bf2220b7d9aaf1eb9211335b1cbc481f906325dc36d30853c94330a8b59b3d4707d269f2c075c2332166bb
 AUX Muttrc.mbox 486 SHA256 10b251f88ccc5d4c95c96ab17b6ab6a30a16d6590ab896a60037f869fc4d44a0 SHA512 aece9a734d292b6f638d2a0dd39f20d9894b4bb6e6888da606a49274faef9c1864e98eec907ffa7742af58d46456e46b8945d2d47c8b89fc95daa2a8833d3e90 WHIRLPOOL 0bb72d4f1c6d33ececd928dcbbc517be048414beabf2bc488dd3b534633c5b8e30cf3ebe6bc86d76abd84f63657c4fbae05ea61680c4d1b9323ccefaa8b74b89
+AUX mutt-1.5.22-cve-2014-0567.patch 564 SHA256 493c7c47a0ae36fb70f07e16de7740cd90b67c456784605a87b7bfab2b77c844 SHA512 44f7b87fc043c10513d1eb76e3dc7ce01d126dfc0271d1ff1a607daca5501e4c0908a4b8081bd4a7dcb0b284905060503805cee435af111557ed97d777c9b5d0 WHIRLPOOL c14af805dc7ab05755c8df11548fe5afd475c4aaf811fdb86899696427c8e61e9712f0bc969af758acfb4f301f7fcf1c00b0a5e6ef51325c639ea8e8dbd5ef45
 DIST mutt-1.5.21-gentoo-patches-r15.tar.bz2 96063 SHA256 01182bcc23a916a72c19a0cf67a4fb52e7bc4d2b65fb1531c076c8b4c74fdc12 SHA512 8b49cc69788fb0cc886dde0f3e2a5c1d421650cb5ad25310429b4dc82f15591c2b4a1fc97f76b6f2566fc12e4224986d92cf72f92c7b4617f35bb77755485734 WHIRLPOOL aeb2c4a82d8ff87364926022b919334bcb472bae20334544f163ab0435457a462bd46c8cf4d8bdc27c71c59108907a94887ad868a548cf3ec08d7a1fbf593bca
 DIST mutt-1.5.21-gentoo-patches-r16.tar.bz2 120095 SHA256 cd0d548e428d27b4f53d347d1aeed1461ecce31d6815b535fe5257ee2ccc199f SHA512 364853593c84e538d727993dd934b26055329a227c71c27f2c17511743e1c7e065c11a641e35e70c6e5ea0a7cd73360e2812214927a35d23ff86e45242fe6548 WHIRLPOOL b60a1dbf7cba3b556ce73d7a667eef36a8734129edef5ebe684bc847b1833e60cc482bd2a9bd19da2e6f3e1770978892520522362653f094ca0148b8e7bc29cd
 DIST mutt-1.5.21-gentoo-patches-r17.tar.bz2 120189 SHA256 0e472fbf6bda19ed1432b20baa7c74a994d336e275643c25bdc79b839f93ee6c SHA512 49c3185377c329036622e2826326652ba31a8c0b601b064298c312edfb6579a3c150b2ff3c9f2a8640f1a5b67237ea7e74a988dffcc359d6259a6247a83a47f6 WHIRLPOOL 468e208023139ac8026bd3c84225d5269373031eb068c78c41ba3a82b03146fd6572b737414a50c8c27beda8b369f1abf0ec34e5756bdcf7dbe941246a35d882
 DIST mutt-1.5.21.tar.gz 3716886 SHA256 2141f36e8d0f4f71c9ca6780001e7cc679fe313e643953fc07f001223e67c4a0 SHA512 077dd8a0dd586badb836b04680052bfadd8574130f27ab11ce9cdbbe8bd5f365e0e79ae3669fad52b2754bc7a66006b242308db1f8d90edd10f6807d7c1b2d12 WHIRLPOOL 818b6d2edfdb3c56475a51f1b8911263f006f0d8a62064ad6dcabc952183c261b920a88a9afd85f3176cc96cb46349c8e4f0110edb228ec412c4d3e2eaebe5c9
-DIST mutt-1.5.22-gentoo-patches-r2.tar.bz2 81259 SHA256 d4ec35bfaf51276645feb9a7808455e6970aa2c171ed9767d2c6c2f3c9c60f5c SHA512 99b5c37dcd74aabc6c8673321aa13d00dab6bf82ad593ede920897921d633903d1de7fc4a80e04cccf0a5d7673560cb7a4e94830fcae27b60d696cb65315ba50 WHIRLPOOL c164faa5822a8181497a57526dcfe123e2fd5d0aa4db76c702a3794a1adb0fdb56377c4471464828617e44beadd7cd7509c2145fb7ae038b753b61be826bf6ba
+DIST mutt-1.5.22-gentoo-patches-r1.tar.bz2 80981 SHA256 8952ca835096cc76708529a8297b013cea606ba58114f0b0c0ac5a5e5f4376ed SHA512 6a40b3688c874633411da93c3594d512b6945fcf00c29a16bebbc865c21f2c59934bfc276538fc3795bef0949e79ab714c19018e42c4d52e05856e78a6d81a8c WHIRLPOOL 7ca9e4d29579bd0f5e50f75d6cdf1be6a9765d936fb9878151d45d6e8669e4ab7fe7b551924806a352364223d55dcd9069ec833d7275e5221bdf7a776c0b4cec
 DIST mutt-1.5.22.tar.gz 3782237 SHA256 8feae890ed0758a5108bafaef27bd8fc9c378675acf25a3c620f2c7b7540f3a7 SHA512 96edfafa9460bbaff1c5a78f40735599f53e08f794866822558d59e351646b1d2045afbf97000012a6d9f261649e9b473c01f89ade542712120f9213c657b0a1 WHIRLPOOL 4c13c6f667a8990b933c8e25f43e96ba0562785b4038776949abea45454a1621bf1bb9351a52bec3d69909b9dc643de7f7ba383119f1ab8b20cea77d0bad1da9
 EBUILD mutt-1.5.21-r12.ebuild 7888 SHA256 8cb1fd474f1985a9fbed705cc51a35958364070c60fbe98508c9df163b7a0c73 SHA512 63f00130ecbf6de35d5d099060847f4ed7100067a93da8269e6ef1430ce0f618493e796a684c73f1f80409c602e4aa15299d891d5da5a9ccdab362b0771349b5 WHIRLPOOL 10bb2aa302630a50762755eb29a96dcb4d30a4e42ad39a045a8bf6938594feb82c077eb7800ca3b77f49784db2ecc7010bfb980b68af58f8b2c375a1114eeebf
 EBUILD mutt-1.5.21-r13.ebuild 7771 SHA256 0f029bfd6ee94fc312f251da99298027be6900f34f2a6701777300ecf6f049c4 SHA512 6d510116d8398c89356d86e5d94898e161d7df533f5d0515fda9425a874b9e28f965874669090f4ea292561e1e03996874031a05b1353ba809a10dd87f412dc6 WHIRLPOOL c853245f0b022fd304de563339c4d584151a8b995b4defb6fe83fdb9a8aa770eac4d8b7be113e6324f7289537879378cda95bec254a4b6648435742fc6ceb7fd
 EBUILD mutt-1.5.21-r14.ebuild 7793 SHA256 fc56f4a127eca8495a674de97bb681c28c574fd3c3e19144d5438d55cf1ce68b SHA512 dfe91b3bb7a86079c658f9a3521c8a517848979a40e5f7d67b6265ec9d1843cfdba8452afa17ac6920982b4c8709888848935cac410bc0ed46c000751bed592e WHIRLPOOL 42d4aedead5264f06ee5b2a56bda857215a105da9b9df946ff457e9d261cb0a85a111f1d37b2757c01fba989cfe2508bf884c7feb1166375bf3026874e74ecd7
-EBUILD mutt-1.5.22-r2.ebuild 7968 SHA256 71bedf7caa4af8d50d92398196c30c0c3392544ddd53a7db479e41ddebd6e5f1 SHA512 8bce4b47b9cf0e1175dc08bfb9b0d1a2bf8f1de36b2402b48ec1752910736d259dbcdf51112b810c02781e7cdb34c618dcd233f6edfb6d6b79c32b8c29f901fb WHIRLPOOL 0916081b035701e48e8a87dbef6be7cc1121bb84bd4a57386dfa152b772505a4ad1dab6bf7d85d8b1f788ff23cdf1925d4f02ddcc97bfaed526afc7b59c256a7
-MISC ChangeLog 54857 SHA256 9fe6faf03ae56cdbda78cd6e014034c68754311ae57feada3b4a3558ff7b5d0b SHA512 6afd1771f5a2599c5baf3b25be18c58f72486e1bb420b7c61f54dace3278312dd1abb8ffb152eeb61b5a6cf5b7f20de2284c0b2e724c7f8f913ea28503f34351 WHIRLPOOL 104bd921aa80583bc1ca2ae2324439db9baa269f597956e6efe5c3e2cee5477e5919eeaf3ee6641b8f2694ee473faaed0cb958f73f7f0a2dbf97d2a083af6533
+EBUILD mutt-1.5.22-r3.ebuild 8051 SHA256 d000ea94909b0d16b1848ef4ef40e0bacb5696a5cdc2d1208655c009e32ab5d3 SHA512 75c0a30d449528b05775b9d9b5bab7dd365e21e625caf86e99917315a4ea61c35de34908163254070cb11ac1b46240e2e6396d97e2f811d2e68bd05d0b71e83d WHIRLPOOL 27ea4f1b8c73b925bbad8528e1152cfd5fd0c8b50c0ba24e849e83d0e3d74bae42144c3e28681e1c08f753413c462d256bb7f4cf887dbff7df107dc299e74321
+MISC ChangeLog 55092 SHA256 0e5d79299cdbec66b085883909d0856bb1fbcacbde0d21e8076843b736bc39f5 SHA512 d7fb8874765fe0cff1c2245ff8407f9dac015aac5424dc5573a4fb424904475b1953b2c7f6891fd899c73f930b9e591d827f5973b02a30297de4e7b01ecab5e2 WHIRLPOOL a4e85bdc4718b5e79dc8e7e94da8dfdc4f281f238295292179ad5b36ff038b0df7bb08b1af0e6d0014496e06c31c821bf57a05e9626d6e61d93090f9d67d59da
 MISC metadata.xml 650 SHA256 b7ca8aa383b947a5e90eafab3839a9ed2a8c4f36f4890fec19636d774ccf5320 SHA512 26cb0a77d35e30432a88cf487d61da45c52967e8327f605a25f97a455fbb0eb518a44e589e140fa55cd7610b8fd22861c0149ef4ebaadd78173cbf8431adee5a WHIRLPOOL e4a73bbce432f77cc336bc93fed13ac6fc4e0e651643cc06402488383c5297a360c59a90e7e67667e2b48a564f10e5169282fe053a5426ee5f186338eddd2cee
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (SunOS)
+Version: GnuPG v2.0.22 (GNU/Linux)
 
-iEYEAREIAAYFAlMcVHMACgkQX3X2B8XHTokZOQCdG4l/C0FMro1JlxhstmB/Vw5t
-pOEAnjm3H86iQK46BuZlZvHb/G+CAjYW
-=AM+Z
+iQF8BAEBCABmBQJTIhjoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwMTlGQTEwRTVCMUJCNjdFRDM5Qzg3RjdF
+QUQ1MEQ2NEQ4RDM1NzFBAAoJEOrVDWTY01ca1BgH/j53LxY3oFNM6Gnli9yAzoSH
+ivkRlX3a8zFf67gZIStGR2Rz9Q0FVSzbAMc2fXOunoSRjXyIlHaFcM0DJCXVf7UC
+YcZT2uRcNwGPffkCaAZRZb9d6zNdZV7iURxxsiX1bPKUlENzH9vTnXyxE4yDHckJ
+rRMVZN3x0jt267q1ntu9Y14geRJGW28b1WM9auPeft64PLr9olfeD+zvSFxVxNXu
+mERianMZrc917FAzuL04VmapDI8IIhIqt3Msk3abzh/bInkKF9bTj7xyLff4fent
+3D76deB0VLmVo3OhTfzWqEymaHEV0tjxSJTR6i27nX6/bRliVWLUnnvsi9ZoqX0=
+=oNXe
 -----END PGP SIGNATURE-----
diff --git a/mail-client/mutt/files/mutt-1.5.22-cve-2014-0567.patch b/mail-client/mutt/files/mutt-1.5.22-cve-2014-0567.patch
new file mode 100644
index 000000000000..50373f1331b9
--- /dev/null
+++ b/mail-client/mutt/files/mutt-1.5.22-cve-2014-0567.patch
@@ -0,0 +1,20 @@
+# HG changeset patch
+# User Michael Elkins <me@sigpipe.org>
+# Date 1394556009 25200
+#      Tue Mar 11 09:40:09 2014 -0700
+# Branch stable
+# Node ID 9bf7593e3c08cc32bd69595d5c1cac75c29ba09d
+# Parent  3d5e23a66a1a179d9be25767e634174905ae2bdb
+Fix buffer overrun caused by not updating a string length after address expansion.
+
+diff --git a/copy.c b/copy.c
+--- a/copy.c
++++ b/copy.c
+@@ -254,6 +254,7 @@
+     {
+       if (!address_header_decode (&this_one))
+ 	rfc2047_decode (&this_one);
++      this_one_len = mutt_strlen (this_one);
+     }
+     
+     if (!headers[x])
diff --git a/mail-client/mutt/mutt-1.5.22-r2.ebuild b/mail-client/mutt/mutt-1.5.22-r3.ebuild
index d37b184de24b..24d1f029e496 100644
--- a/mail-client/mutt/mutt-1.5.22-r2.ebuild
+++ b/mail-client/mutt/mutt-1.5.22-r3.ebuild
@@ -1,12 +1,12 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/mutt/mutt-1.5.22-r2.ebuild,v 1.1 2014/03/09 11:45:53 grobian Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/mutt/mutt-1.5.22-r3.ebuild,v 1.1 2014/03/13 20:44:53 qnikst Exp $
 
 EAPI="5"
 
 inherit eutils flag-o-matic autotools
 
-PATCHSET_REV="-r2"
+PATCHSET_REV="-r1"
 
 DESCRIPTION="A small but very powerful text-based mail client"
 HOMEPAGE="http://www.mutt.org/"
@@ -75,9 +75,10 @@ src_prepare() {
 		[[ -e ${revpatch} ]] && \
 			epatch "${revpatch}"
 	done
-
 	# fix compilation with ncurses[tinfo], #459260
 	epatch "${PATCHDIR}"/ncurses-tinfo.patch
+	# fix buffer overflow issut, #504462
+	epatch "${FILESDIR}"/${P}-cve-2014-0567.patch
 
 	# this patch is non-generic and only works because we use a sysconfdir
 	# different from the one used by the mailbase ebuild
author	Alexander Vershilov <qnikst@gentoo.org>	2014-03-13 20:45:28 +0000
committer	Alexander Vershilov <qnikst@gentoo.org>	2014-03-13 20:45:28 +0000
commit	71ce5893721320b2c0b7341716221ca050a994f0 (patch)
tree	7be883b40534b59c47d6eff0aa4d8ae732706f7c /mail-client
parent	added ~x64-macos (tested by me) (diff)
download	historical-71ce5893721320b2c0b7341716221ca050a994f0.tar.gz historical-71ce5893721320b2c0b7341716221ca050a994f0.tar.bz2 historical-71ce5893721320b2c0b7341716221ca050a994f0.zip