Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Dec 2014 09:58:25 +0000 (UTC)
From:      Rodrigo Osorio <rodrigo@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r374445 - in head/mail/mutt: . files
Message-ID:  <201412100958.sBA9wPOG077805@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rodrigo
Date: Wed Dec 10 09:58:25 2014
New Revision: 374445
URL: https://svnweb.freebsd.org/changeset/ports/374445
QAT: https://qat.redports.org/buildarchive/r374445/

Log:
  Update for mail/mutt: Fix security vulnerability CVE-2014-9116
  
  PR:		ports/195550
  Submitted by:	Udo.Schweigert@siemens.com (maintainer)
  Obtained from:	mutt
  MFH:		2014Q4

Added:
  head/mail/mutt/files/patch-CVE-2014-9116   (contents, props changed)
Modified:
  head/mail/mutt/Makefile

Modified: head/mail/mutt/Makefile
==============================================================================
--- head/mail/mutt/Makefile	Wed Dec 10 07:32:17 2014	(r374444)
+++ head/mail/mutt/Makefile	Wed Dec 10 09:58:25 2014	(r374445)
@@ -3,7 +3,7 @@
 
 PORTNAME=	mutt
 PORTVERSION=	1.5.23
-PORTREVISION?=	6
+PORTREVISION?=	7
 CATEGORIES+=	mail ipv6
 MASTER_SITES=	ftp://ftp.mutt.org/mutt/ \
 		ftp://ftp.mutt.org/mutt/devel/ \

Added: head/mail/mutt/files/patch-CVE-2014-9116
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/mail/mutt/files/patch-CVE-2014-9116	Wed Dec 10 09:58:25 2014	(r374445)
@@ -0,0 +1,43 @@
+# HG changeset patch
+# User Kevin McCarthy <kevin@8t8.us>
+# Date 1417472364 28800
+#      Mon Dec 01 14:19:24 2014 -0800
+# Branch stable
+# Node ID 54c59aaf88b9f6b50f1078fc6f7551fa9315ac3e
+# Parent  1b583341d5ad677c8a1935eb4110eba27606878a
+Revert write_one_header() to skip space and tab.  (closes #3716)
+
+This patch fixes CVE-2014-9116 in the stable branch.  It reverts
+write_one_header() to the pre [f251d523ca5a] code for skipping
+whitespace.
+
+Thanks to Antonio Radici and Tomas Hoger for their analysis and patches
+to mutt, which this patch is based off of.
+
+diff --git a/sendlib.c b/sendlib.c
+--- sendlib.c
++++ sendlib.c
+@@ -1809,17 +1809,22 @@
+     {
+       tagbuf = NULL;
+       valbuf = mutt_substrdup (start, end);
+     }
+     else
+     {
+       tagbuf = mutt_substrdup (start, t);
+       /* skip over the colon separating the header field name and value */
+-      t = skip_email_wsp(t + 1);
++      ++t;
++
++      /* skip over any leading whitespace (WSP, as defined in RFC5322) */
++      while (*t == ' ' || *t == '\t')
++        t++;
++
+       valbuf = mutt_substrdup (t, end);
+     }
+     dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "
+ 	      "max width = %d > %d\n",
+ 	      NONULL(pfx), valbuf, max, wraplen));
+     if (fold_one_header (fp, tagbuf, valbuf, pfx, wraplen, flags) < 0)
+       return -1;
+     FREE (&tagbuf);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201412100958.sBA9wPOG077805>