From owner-freebsd-ports  Tue Jan  1 15:11:13 2002
Delivered-To: freebsd-ports@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 2749F37B439
	for <freebsd-ports@hub.freebsd.org>; Tue,  1 Jan 2002 15:10:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g01NA1S63526;
	Tue, 1 Jan 2002 15:10:01 -0800 (PST)
	(envelope-from gnats)
Received: from goliath.siemens.de (goliath.siemens.de [194.138.37.131])
	by hub.freebsd.org (Postfix) with ESMTP id BAC0137B426
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  1 Jan 2002 15:08:57 -0800 (PST)
Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14])
	by goliath.siemens.de (8.11.6/8.11.6) with ESMTP id g01N8qQ19932
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 2 Jan 2002 00:08:52 +0100 (MET)
Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17])
	by mail3.siemens.de (8.11.6/8.11.6) with ESMTP id g01N8qH24878
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 2 Jan 2002 00:08:52 +0100 (MET)
Received: from reims.mchp.siemens.de (alaska [139.23.202.134])
	by mars.cert.siemens.de (8.12.1/8.12.1/Siemens CERT [ $Revision: 1.21 ]) with ESMTP id g01N8pVB085903
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 2 Jan 2002 00:08:51 +0100 (CET)
Received: from reims.mchp.siemens.de (localhost [127.0.0.1])
	by reims.mchp.siemens.de (8.12.1/8.12.1/alaska [ $Revision: 1.10 ]) with ESMTP id g01N8pxV047657
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 2 Jan 2002 00:08:51 +0100 (CET)
Received: (from ust@localhost)
	by reims.mchp.siemens.de (8.12.1/8.12.1/alaska [ $Revision: 1.2 ]) id g01N8pMB047656;
	Wed, 2 Jan 2002 00:08:51 +0100 (CET)
Message-Id: <200201012308.g01N8pMB047656@reims.mchp.siemens.de>
Date: Wed, 2 Jan 2002 00:08:51 +0100 (CET)
From: Udo Schweigert <udo.schweigert@siemens.com>
Reply-To: Udo Schweigert <udo.schweigert@siemens.com>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: ports/33456: maintainer update of mail/mutt-devel
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


>Number:         33456
>Category:       ports
>Synopsis:       maintainer update of mail/mutt-devel
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 01 15:10:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Udo Schweigert
>Release:        FreeBSD 4.5-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD alaska.cert.siemens.de 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #38: Sat Dec 22 08:45:23 CET 2001 ust@alaska.cert.siemens.de:/usr/obj/work/src/RELENG_4/sys/alaska i386


>Description:

The attached patch fixes a security problem in the mutt-devel port as just
announced on the mutt mailinglist. The fix is a stripped down version taken
from the freshly released mutt version 1.3.25 - but an entire update of the
port will take more time because I'm waiting for some other contributions. 
So this is an update which fixes only the security flaw.

Also it fixes the handling of mutt when used as a news-client and gives 
some hints how to setup this.

>How-To-Repeat:
>Fix:
diff -ruN --exclude=CVS /usr/ports/mail/mutt-devel/Makefile mutt-devel/Makefile
--- /usr/ports/mail/mutt-devel/Makefile	Sun Dec 23 11:34:30 2001
+++ mutt-devel/Makefile	Tue Jan  1 23:49:09 2002
@@ -8,7 +8,7 @@
 
 PORTNAME=	mutt-devel
 PORTVERSION=	1.3.24
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES+=	mail
 .if defined(WITH_MUTT_NNTP)
 CATEGORIES+=	news
@@ -89,12 +89,10 @@
 BUILD_DEPENDS+=	sgmlfmt:${PORTSDIR}/textproc/sgmlformat
 .endif
 .if defined(WITH_MUTT_NNTP)
-.if ! exists(${LOCALBASE}/bin/inews)
-BUILD_DEPENDS+=	nn-inews:${PORTSDIR}/news/nn
+BUILD_DEPENDS+=	${LOCALBASE}/news/bin/inews:${PORTSDIR}/news/inn
 pre-configure::
 	${PATCH} ${PATCH_ARGS} < ${PATCHDIR}/extra-patch-inews
 .endif
-.endif
 .if defined(WITH_MUTT_CYRUS_SASL)
 LIB_DEPENDS+=	sasl.8:${PORTSDIR}/security/cyrus-sasl
 .endif
@@ -812,6 +810,15 @@
 	${INSTALL_MAN} ${WRKSRC}/doc/*.html ${PREFIX}/share/doc/mutt/html
 	${INSTALL_MAN} ${WRKSRC}/doc/*.latin1 ${PREFIX}/share/doc/mutt
 .endif
+.endif
+.if defined(WITH_MUTT_NNTP)
+	@${ECHO} 
+	@${ECHO} "------------------------------------------------"
+	@${ECHO} "Be sure to define NNTPSERVER in your environment"
+	@${ECHO} "and to be part of the group news in /etc/group"
+	@${ECHO} "if you want to post news with mutt"
+	@${ECHO} "------------------------------------------------"
+	@${ECHO} 
 .endif
 
 .include <bsd.port.post.mk>
diff -ruN --exclude=CVS /usr/ports/mail/mutt-devel/files/extra-patch-inews mutt-devel/files/extra-patch-inews
--- /usr/ports/mail/mutt-devel/files/extra-patch-inews	Mon Oct 29 18:41:59 2001
+++ mutt-devel/files/extra-patch-inews	Tue Jan  1 23:23:05 2002
@@ -1,11 +1,11 @@
---- configure.in.orig2	Mon Oct 29 10:12:28 2001
-+++ configure.in	Mon Oct 29 10:16:16 2001
-@@ -456,7 +456,7 @@
+--- configure.in.orig2	Tue Jan  1 23:00:00 2002
++++ configure.in	Tue Jan  1 23:01:04 2002
+@@ -457,7 +457,7 @@
  AC_ARG_ENABLE(nntp, [  --enable-nntp              Enable NNTP support],
  [	if test x$enableval = xyes ; then
  		AC_DEFINE(USE_NNTP)
 -		AC_PATH_PROG(INEWS, inews, no, $PATH:/usr/sbin:/usr/lib)
-+		AC_PATH_PROG(INEWS, nn-inews, no, $PATH:/usr/sbin:/usr/lib)
++		AC_PATH_PROG(INEWS, inews, no, $PATH:/usr/local/news/bin:/usr/sbin:/usr/lib)
  		AC_DEFINE_UNQUOTED(INEWS, "$ac_cv_path_INEWS -hS")
  		MUTT_LIB_OBJECTS="$MUTT_LIB_OBJECTS nntp.o newsrc.o"
  		need_socket="yes"
diff -ruN --exclude=CVS /usr/ports/mail/mutt-devel/files/patch-rfc822-security mutt-devel/files/patch-rfc822-security
--- /usr/ports/mail/mutt-devel/files/patch-rfc822-security	Thu Jan  1 01:00:00 1970
+++ mutt-devel/files/patch-rfc822-security	Tue Jan  1 22:30:57 2002
@@ -0,0 +1,105 @@
+--- rfc822.c.orig	Wed Jan 17 09:53:12 2001
++++ rfc822.c	Tue Jan  1 22:29:12 2002
+@@ -33,6 +33,12 @@
+ #include "rfc822.h"
+ #endif
+ 
++#define terminate_string(a, b, c) do { if ((b) < (c)) a[(b)] = 0; else \
++	a[(c)] = 0; } while (0)
++
++#define terminate_buffer(a, b) terminate_string(a, b, sizeof (a) - 1)
++
++
+ const char RFC822Specials[] = "@.,:;<>[]\\\"()";
+ #define is_special(x) strchr(RFC822Specials,x)
+ 
+@@ -227,12 +233,12 @@
+       return NULL;
+   }
+ 
+-  token[*tokenlen] = 0;
++  terminate_string (token, *tokenlen, tokenmax);
+   addr->mailbox = safe_strdup (token);
+ 
+   if (*commentlen && !addr->personal)
+   {
+-    comment[*commentlen] = 0;
++    terminate_string (comment, *commentlen, commentmax);
+     addr->personal = safe_strdup (comment);
+   }
+ 
+@@ -320,9 +326,6 @@
+   *last = cur;
+ }
+ 
+-#define terminate_string(a, b) do { if (b < sizeof(a) - 1) a[b] = 0; else \
+-	a[sizeof(a) - 1] = 0; } while (0)
+-
+ ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s)
+ {
+   const char *begin, *ps;
+@@ -344,12 +347,12 @@
+     {
+       if (phraselen)
+       {
+-	terminate_string (phrase, phraselen);
++	terminate_buffer (phrase, phraselen);
+ 	add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
+       }
+       else if (commentlen && last && !last->personal)
+       {
+-	terminate_string (comment, commentlen);
++	terminate_buffer (comment, commentlen);
+ 	last->personal = safe_strdup (comment);
+       }
+ 
+@@ -377,7 +380,7 @@
+     else if (*s == ':')
+     {
+       cur = rfc822_new_address ();
+-      terminate_string (phrase, phraselen);
++      terminate_buffer (phrase, phraselen);
+       cur->mailbox = safe_strdup (phrase);
+       cur->group = 1;
+ 
+@@ -401,12 +404,12 @@
+     {
+       if (phraselen)
+       {
+-	terminate_string (phrase, phraselen);
++	terminate_buffer (phrase, phraselen);
+ 	add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
+       }
+       else if (commentlen && last && !last->personal)
+       {
+-	terminate_string (phrase, phraselen);
++	terminate_buffer (phrase, phraselen);
+ 	last->personal = safe_strdup (comment);
+       }
+ #ifdef EXACT_ADDRESS
+@@ -430,7 +433,7 @@
+     }
+     else if (*s == '<')
+     {
+-      terminate_string (phrase, phraselen);
++      terminate_buffer (phrase, phraselen);
+       cur = rfc822_new_address ();
+       if (phraselen)
+       {
+@@ -473,13 +476,13 @@
+   
+   if (phraselen)
+   {
+-    terminate_string (phrase, phraselen);
+-    terminate_string (comment, commentlen);
++    terminate_buffer (phrase, phraselen);
++    terminate_buffer (comment, commentlen);
+     add_addrspec (&top, &last, phrase, comment, &commentlen, sizeof (comment) - 1);
+   }
+   else if (commentlen && last && !last->personal)
+   {
+-    terminate_string (comment, commentlen);
++    terminate_buffer (comment, commentlen);
+     last->personal = safe_strdup (comment);
+   }
+ #ifdef EXACT_ADDRESS
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message