FreeBSD Bugzilla – Attachment 150259 Details for
Bug 195550
maintainer update of mail/mutt
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for mutt port
mutt-2.diff (text/plain), 1.95 KB, created by
Udo.Schweigert
on 2014-12-06 10:42:37 UTC
(
hide
)
Description:
Patch for mutt port
Filename:
MIME Type:
Creator:
Udo.Schweigert
Created:
2014-12-06 10:42:37 UTC
Size:
1.95 KB
patch
obsolete
>diff -ru /usr/ports/mail/mutt/Makefile ./Makefile >--- /usr/ports/mail/mutt/Makefile 2014-12-01 12:14:18.000000000 +0100 >+++ ./Makefile 2014-12-01 12:22:09.000000000 +0100 >@@ -3,7 +3,7 @@ > > PORTNAME= mutt > PORTVERSION= 1.5.23 >-PORTREVISION?= 6 >+PORTREVISION?= 7 > CATEGORIES+= mail ipv6 > MASTER_SITES= ftp://ftp.mutt.org/mutt/ \ > ftp://ftp.mutt.org/mutt/devel/ \ >diff -ru /usr/ports/mail/mutt/files/patch-CVE-2014-9116 ./files/patch-CVE-2014-9116 >--- /usr/ports/mail/mutt/files/patch-CVE-2014-9116 1970-01-01 01:00:00.000000000 +0100 >+++ ./files/patch-CVE-2014-9116 2014-12-06 11:27:39.000000000 +0100 >@@ -0,0 +1,43 @@ >+# HG changeset patch >+# User Kevin McCarthy <kevin@8t8.us> >+# Date 1417472364 28800 >+# Mon Dec 01 14:19:24 2014 -0800 >+# Branch stable >+# Node ID 54c59aaf88b9f6b50f1078fc6f7551fa9315ac3e >+# Parent 1b583341d5ad677c8a1935eb4110eba27606878a >+Revert write_one_header() to skip space and tab. (closes #3716) >+ >+This patch fixes CVE-2014-9116 in the stable branch. It reverts >+write_one_header() to the pre [f251d523ca5a] code for skipping >+whitespace. >+ >+Thanks to Antonio Radici and Tomas Hoger for their analysis and patches >+to mutt, which this patch is based off of. >+ >+diff --git a/sendlib.c b/sendlib.c >+--- sendlib.c >++++ sendlib.c >+@@ -1809,17 +1809,22 @@ >+ { >+ tagbuf = NULL; >+ valbuf = mutt_substrdup (start, end); >+ } >+ else >+ { >+ tagbuf = mutt_substrdup (start, t); >+ /* skip over the colon separating the header field name and value */ >+- t = skip_email_wsp(t + 1); >++ ++t; >++ >++ /* skip over any leading whitespace (WSP, as defined in RFC5322) */ >++ while (*t == ' ' || *t == '\t') >++ t++; >++ >+ valbuf = mutt_substrdup (t, end); >+ } >+ dprint(4,(debugfile,"mwoh: buf[%s%s] too long, " >+ "max width = %d > %d\n", >+ NONULL(pfx), valbuf, max, wraplen)); >+ if (fold_one_header (fp, tagbuf, valbuf, pfx, wraplen, flags) < 0) >+ return -1; >+ FREE (&tagbuf);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=150259">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 195550
:
150063
| 150259