[Frugalware-darcs] frugalware-0.6: mutt-ng-20070125-2terminus1-i686

VMiklos vmiklos at frugalware.org
Fri Jun 8 23:50:38 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070608214849-e2957-3e838f49fba4d55ed0bd978a632ee34b43116185.gz;

[mutt-ng-20070125-2terminus1-i686
VMiklos <vmiklos at frugalware.org>**20070608214849
 added 3d1d7f6cf693.diff and CVE-2007-2683.diff secpatches
 closes #2140
] {
addfile ./source/network-extra/mutt-ng/3d1d7f6cf693.diff
hunk ./source/network-extra/mutt-ng/3d1d7f6cf693.diff 1
+
+# HG changeset patch
+# User Brendan Cully <brendan at kublai.com>
+# Date 1175552458 25200
+# Node ID 3d1d7f6cf693b610993860b2495fb3f01da97f88
+# Parent 35f6cfe99fc50571364877f7c7b3b2d0b3ef1602
+Validate msgid in APOP authentication. Closes #2846
+
+--- a/pop_auth.c	Sat Nov 11 03:40:03 2006 +0000
++++ b/pop_auth.c	Mon Apr 02 15:20:58 2007 -0700
+@@ -184,6 +184,13 @@ static pop_auth_res_t pop_auth_apop (POP
+   if (!pop_data->timestamp)
+     return POP_A_UNAVAIL;
+ 
++  if (rfc822_valid_msgid (pop_data->timestamp) < 0)
++  {
++    mutt_error _("POP timestamp is invalid!");
++    mutt_sleep (2);
++    return POP_A_UNAVAIL;
++  }
++
+   mutt_message _("Authenticating (APOP)...");
+ 
+   /* Compute the authentication hash to send to the server */
+--- a/rfc822.c	Sat Nov 11 03:40:03 2006 +0000
++++ b/rfc822.c	Mon Apr 02 15:20:58 2007 -0700
+@@ -764,6 +764,52 @@ ADDRESS *rfc822_append (ADDRESS **a, ADD
+   return tmp;
+ }
+ 
++/* incomplete. Only used to thwart the APOP MD5 attack (#2846). */
++int rfc822_valid_msgid (const char *msgid)
++{
++  /* msg-id         = "<" addr-spec ">"
++   * addr-spec      = local-part "@" domain
++   * local-part     = word *("." word)
++   * word           = atom / quoted-string
++   * atom           = 1*<any CHAR except specials, SPACE and CTLs>
++   * CHAR           = ( 0.-127. )
++   * specials       = "(" / ")" / "<" / ">" / "@"
++                    / "," / ";" / ":" / "\" / <">
++		    / "." / "[" / "]"
++   * SPACE          = ( 32. )
++   * CTLS           = ( 0.-31., 127.)
++   * quoted-string  = <"> *(qtext/quoted-pair) <">
++   * qtext          = <any CHAR except <">, "\" and CR>
++   * CR             = ( 13. )
++   * quoted-pair    = "\" CHAR
++   * domain         = sub-domain *("." sub-domain)
++   * sub-domain     = domain-ref / domain-literal
++   * domain-ref     = atom
++   * domain-literal = "[" *(dtext / quoted-pair) "]"
++   */
++
++  char* dom;
++  unsigned int l, i;
++
++  if (!msgid || !*msgid)
++    return -1;
++
++  l = mutt_strlen (msgid);
++  if (l < 5) /* <atom at atom> */
++    return -1;
++  if (msgid[0] != '<' || msgid[l-1] != '>')
++    return -1;
++  if (!(dom = strrchr (msgid, '@')))
++    return -1;
++
++  /* TODO: complete parser */
++  for (i = 0; i < l; i++)
++    if (msgid[i] > 127)
++      return -1;
++
++  return 0;
++}
++
+ #ifdef TESTING
+ int safe_free (void **p)
+ {
+--- a/rfc822.h	Sat Nov 11 03:40:03 2006 +0000
++++ b/rfc822.h	Mon Apr 02 15:20:58 2007 -0700
+@@ -55,6 +55,7 @@ void rfc822_write_list (char *, size_t, 
+ void rfc822_write_list (char *, size_t, ADDRESS *);
+ void rfc822_free_address (ADDRESS **addr);
+ void rfc822_cat (char *, size_t, const char *, const char *);
++int rfc822_valid_msgid (const char *msgid);
+ 
+ extern int RFC822Error;
+ extern const char *RFC822Errors[];
+
addfile ./source/network-extra/mutt-ng/CVE-2007-2683.diff
hunk ./source/network-extra/mutt-ng/CVE-2007-2683.diff 1
+
+# HG changeset patch
+# User Jonathan Smith <https://issues.rpath.com/>
+# Date 1179873167 14400
+# Node ID 736653ce1896d754da5771458af0c6f68c4cf17c
+# Parent 3d1d7f6cf693b610993860b2495fb3f01da97f88
+merge changeset 47d08903b79b: Use signed arithmetic in mutt_gecos_name to avoid an overflow. Closes #2885.
+
+--- a/muttlib.c	Mon Apr 02 15:20:58 2007 -0700
++++ b/muttlib.c	Tue May 22 18:32:47 2007 -0400
+@@ -514,7 +514,7 @@ char *mutt_gecos_name (char *dest, size_
+     if (dest[idx] == '&')
+     {
+       memmove (&dest[idx + pwnl], &dest[idx + 1],
+-	       MAX(destlen - idx - pwnl - 1, 0));
++	       MAX((ssize_t)(destlen - idx - pwnl - 1), 0));
+       memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
+       dest[idx] = toupper (dest[idx]);
+     }
+
hunk ./source/network-extra/mutt-ng/FrugalBuild 7
-pkgrel=1
+pkgrel=2terminus1
hunk ./source/network-extra/mutt-ng/FrugalBuild 18
-source=(http://mutt.kublai.com/nightlies/mutt-$pkgver.tar.gz)
-sha1sums=('ccf520e3aabd095bb93a17872995eebcf83dfbd3')
+source=(http://mutt.kublai.com/nightlies/mutt-$pkgver.tar.gz 3d1d7f6cf693.diff CVE-2007-2683.diff)
+sha1sums=('ccf520e3aabd095bb93a17872995eebcf83dfbd3' \
+          '8fec3548ef5ab49751baeb6748a656935b3263e2' \
+          '4d458de180b57558c41450992b5d78ce8b3040f0')
hunk ./source/network-extra/mutt-ng/FrugalBuild 26
-		svn co http://bereshit.synflood.at/svn/mutt-patches/trunk || Fdie
+		svn co -r 576 http://bereshit.synflood.at/svn/mutt-patches/trunk || Fdie
}


More information about the Frugalware-darcs mailing list