Date: Wed, 2 Jan 2002 00:08:51 +0100 (CET) From: Udo Schweigert <udo.schweigert@siemens.com> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/33456: maintainer update of mail/mutt-devel Message-ID: <200201012308.g01N8pMB047656@reims.mchp.siemens.de>
next in thread | raw e-mail | index | archive | help
>Number: 33456
>Category: ports
>Synopsis: maintainer update of mail/mutt-devel
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 01 15:10:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Udo Schweigert
>Release: FreeBSD 4.5-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD alaska.cert.siemens.de 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #38: Sat Dec 22 08:45:23 CET 2001 ust@alaska.cert.siemens.de:/usr/obj/work/src/RELENG_4/sys/alaska i386
>Description:
The attached patch fixes a security problem in the mutt-devel port as just
announced on the mutt mailinglist. The fix is a stripped down version taken
from the freshly released mutt version 1.3.25 - but an entire update of the
port will take more time because I'm waiting for some other contributions.
So this is an update which fixes only the security flaw.
Also it fixes the handling of mutt when used as a news-client and gives
some hints how to setup this.
>How-To-Repeat:
>Fix:
diff -ruN --exclude=CVS /usr/ports/mail/mutt-devel/Makefile mutt-devel/Makefile
--- /usr/ports/mail/mutt-devel/Makefile Sun Dec 23 11:34:30 2001
+++ mutt-devel/Makefile Tue Jan 1 23:49:09 2002
@@ -8,7 +8,7 @@
PORTNAME= mutt-devel
PORTVERSION= 1.3.24
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES+= mail
.if defined(WITH_MUTT_NNTP)
CATEGORIES+= news
@@ -89,12 +89,10 @@
BUILD_DEPENDS+= sgmlfmt:${PORTSDIR}/textproc/sgmlformat
.endif
.if defined(WITH_MUTT_NNTP)
-.if ! exists(${LOCALBASE}/bin/inews)
-BUILD_DEPENDS+= nn-inews:${PORTSDIR}/news/nn
+BUILD_DEPENDS+= ${LOCALBASE}/news/bin/inews:${PORTSDIR}/news/inn
pre-configure::
${PATCH} ${PATCH_ARGS} < ${PATCHDIR}/extra-patch-inews
.endif
-.endif
.if defined(WITH_MUTT_CYRUS_SASL)
LIB_DEPENDS+= sasl.8:${PORTSDIR}/security/cyrus-sasl
.endif
@@ -812,6 +810,15 @@
${INSTALL_MAN} ${WRKSRC}/doc/*.html ${PREFIX}/share/doc/mutt/html
${INSTALL_MAN} ${WRKSRC}/doc/*.latin1 ${PREFIX}/share/doc/mutt
.endif
+.endif
+.if defined(WITH_MUTT_NNTP)
+ @${ECHO}
+ @${ECHO} "------------------------------------------------"
+ @${ECHO} "Be sure to define NNTPSERVER in your environment"
+ @${ECHO} "and to be part of the group news in /etc/group"
+ @${ECHO} "if you want to post news with mutt"
+ @${ECHO} "------------------------------------------------"
+ @${ECHO}
.endif
.include <bsd.port.post.mk>
diff -ruN --exclude=CVS /usr/ports/mail/mutt-devel/files/extra-patch-inews mutt-devel/files/extra-patch-inews
--- /usr/ports/mail/mutt-devel/files/extra-patch-inews Mon Oct 29 18:41:59 2001
+++ mutt-devel/files/extra-patch-inews Tue Jan 1 23:23:05 2002
@@ -1,11 +1,11 @@
---- configure.in.orig2 Mon Oct 29 10:12:28 2001
-+++ configure.in Mon Oct 29 10:16:16 2001
-@@ -456,7 +456,7 @@
+--- configure.in.orig2 Tue Jan 1 23:00:00 2002
++++ configure.in Tue Jan 1 23:01:04 2002
+@@ -457,7 +457,7 @@
AC_ARG_ENABLE(nntp, [ --enable-nntp Enable NNTP support],
[ if test x$enableval = xyes ; then
AC_DEFINE(USE_NNTP)
- AC_PATH_PROG(INEWS, inews, no, $PATH:/usr/sbin:/usr/lib)
-+ AC_PATH_PROG(INEWS, nn-inews, no, $PATH:/usr/sbin:/usr/lib)
++ AC_PATH_PROG(INEWS, inews, no, $PATH:/usr/local/news/bin:/usr/sbin:/usr/lib)
AC_DEFINE_UNQUOTED(INEWS, "$ac_cv_path_INEWS -hS")
MUTT_LIB_OBJECTS="$MUTT_LIB_OBJECTS nntp.o newsrc.o"
need_socket="yes"
diff -ruN --exclude=CVS /usr/ports/mail/mutt-devel/files/patch-rfc822-security mutt-devel/files/patch-rfc822-security
--- /usr/ports/mail/mutt-devel/files/patch-rfc822-security Thu Jan 1 01:00:00 1970
+++ mutt-devel/files/patch-rfc822-security Tue Jan 1 22:30:57 2002
@@ -0,0 +1,105 @@
+--- rfc822.c.orig Wed Jan 17 09:53:12 2001
++++ rfc822.c Tue Jan 1 22:29:12 2002
+@@ -33,6 +33,12 @@
+ #include "rfc822.h"
+ #endif
+
++#define terminate_string(a, b, c) do { if ((b) < (c)) a[(b)] = 0; else \
++ a[(c)] = 0; } while (0)
++
++#define terminate_buffer(a, b) terminate_string(a, b, sizeof (a) - 1)
++
++
+ const char RFC822Specials[] = "@.,:;<>[]\\\"()";
+ #define is_special(x) strchr(RFC822Specials,x)
+
+@@ -227,12 +233,12 @@
+ return NULL;
+ }
+
+- token[*tokenlen] = 0;
++ terminate_string (token, *tokenlen, tokenmax);
+ addr->mailbox = safe_strdup (token);
+
+ if (*commentlen && !addr->personal)
+ {
+- comment[*commentlen] = 0;
++ terminate_string (comment, *commentlen, commentmax);
+ addr->personal = safe_strdup (comment);
+ }
+
+@@ -320,9 +326,6 @@
+ *last = cur;
+ }
+
+-#define terminate_string(a, b) do { if (b < sizeof(a) - 1) a[b] = 0; else \
+- a[sizeof(a) - 1] = 0; } while (0)
+-
+ ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s)
+ {
+ const char *begin, *ps;
+@@ -344,12 +347,12 @@
+ {
+ if (phraselen)
+ {
+- terminate_string (phrase, phraselen);
++ terminate_buffer (phrase, phraselen);
+ add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
+ }
+ else if (commentlen && last && !last->personal)
+ {
+- terminate_string (comment, commentlen);
++ terminate_buffer (comment, commentlen);
+ last->personal = safe_strdup (comment);
+ }
+
+@@ -377,7 +380,7 @@
+ else if (*s == ':')
+ {
+ cur = rfc822_new_address ();
+- terminate_string (phrase, phraselen);
++ terminate_buffer (phrase, phraselen);
+ cur->mailbox = safe_strdup (phrase);
+ cur->group = 1;
+
+@@ -401,12 +404,12 @@
+ {
+ if (phraselen)
+ {
+- terminate_string (phrase, phraselen);
++ terminate_buffer (phrase, phraselen);
+ add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
+ }
+ else if (commentlen && last && !last->personal)
+ {
+- terminate_string (phrase, phraselen);
++ terminate_buffer (phrase, phraselen);
+ last->personal = safe_strdup (comment);
+ }
+ #ifdef EXACT_ADDRESS
+@@ -430,7 +433,7 @@
+ }
+ else if (*s == '<')
+ {
+- terminate_string (phrase, phraselen);
++ terminate_buffer (phrase, phraselen);
+ cur = rfc822_new_address ();
+ if (phraselen)
+ {
+@@ -473,13 +476,13 @@
+
+ if (phraselen)
+ {
+- terminate_string (phrase, phraselen);
+- terminate_string (comment, commentlen);
++ terminate_buffer (phrase, phraselen);
++ terminate_buffer (comment, commentlen);
+ add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
+ }
+ else if (commentlen && last && !last->personal)
+ {
+- terminate_string (comment, commentlen);
++ terminate_buffer (comment, commentlen);
+ last->personal = safe_strdup (comment);
+ }
+ #ifdef EXACT_ADDRESS
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201012308.g01N8pMB047656>