neomutt: chery picked PR 3090

3 files changed, 55 insertions, 4 deletions

diff --git a/neomutt/.signature b/neomutt/.signature
index 025e6fe4d..ed43d8cab 100644
--- a/neomutt/.signature
+++ b/neomutt/.signature
@@ -1,5 +1,6 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF3yRcmfAUz/hn3WEfk2facT09CJJzfYssRpU5Rd0+JSOhRjKwVlaacSrDLzatQ1C8LX0O1z7a3ymfqcv4FHb3UQI=
-SHA256 (Pkgfile) = 53ef30180cfdaecfdbef220e2e41610b1c9f751aa4b97c0661aec2f7a98d3e67
+RWSagIOpLGJF34u5LN4xn/g5R2H+XmU/8AwlbRrL+AXazsuM7lHMDB8gjLAumHlGiYPyt1P30i/X3dKoZBpYmfmrlRkMF5OQ7AU=
+SHA256 (Pkgfile) = 8f639addc7913e3afcc0016b7cf0c90a15a0c64f879276fbaa793b49de98a1c2
 SHA256 (.footprint) = 4b8b646e2de76fe03176e42efe0c768c5134d4c6ba4086f0c6c864ae2db092b7
 SHA256 (neomutt-20211022.tar.gz) = 49aa5029665c6819e708276b9efa1ca71ec5afe870eb9f08e656107d234941e6
+SHA256 (3090.patch) = 285bdeed6de07736f76af5b23a655029540d422c8cf744863ac503f62666bd79
diff --git a/neomutt/3090.patch b/neomutt/3090.patch
new file mode 100644
index 000000000..25e14ebb6
--- /dev/null
+++ b/neomutt/3090.patch
@@ -0,0 +1,47 @@
+From 91444b047466d8c9e331447bb257ff6498de47a4 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <git@diabonas.de>
+Date: Sat, 23 Oct 2021 14:31:17 +0200
+Subject: [PATCH] Fix use after free of a->mailbox due to missing strdup
+
+Commit 87ae932bcae3f229d681af9848015ba49049a581 ("Directly add full mailbox to
+GPG search hints") changed crypt_add_string_to_hints(a->mailbox, &hints) to
+mutt_list_insert_tail(&hints, a->mailbox). However, there is a behavioural
+difference between the two functions: crypt_add_string_to_hints() adds a copy
+of the string to the list, while mutt_list_insert_tail() does not. This leads
+to a crash because the original a->mailbox is freed prematurely as part of the
+hints list. Fix this by adding a copy of the original to the list instead.
+
+Note that commit 87ae932bcae3f229d681af9848015ba49049a581 originally came from
+Mutt. Upstream is not affected by this however because their mutt_add_list()
+functions always copies the data.
+---
+ ncrypt/crypt_gpgme.c | 2 +-
+ ncrypt/pgpkey.c      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ncrypt/crypt_gpgme.c b/ncrypt/crypt_gpgme.c
+index 8cd70fd626..50c588a275 100644
+--- a/ncrypt/crypt_gpgme.c
++++ b/ncrypt/crypt_gpgme.c
+@@ -3581,7 +3581,7 @@ static struct CryptKeyInfo *crypt_getkeybyaddr(struct Address *a,
+   *forced_valid = 0;
+ 
+   if (a && a->mailbox)
+-    mutt_list_insert_tail(&hints, a->mailbox);
++    mutt_list_insert_tail(&hints, mutt_str_dup(a->mailbox));
+   if (a && a->personal)
+     crypt_add_string_to_hints(a->personal, &hints);
+ 
+diff --git a/ncrypt/pgpkey.c b/ncrypt/pgpkey.c
+index 665f9afe41..45ceb8b8ad 100644
+--- a/ncrypt/pgpkey.c
++++ b/ncrypt/pgpkey.c
+@@ -369,7 +369,7 @@ struct PgpKeyInfo *pgp_getkeybyaddr(struct Address *a, KeyFlags abilities,
+   struct PgpUid *q = NULL;
+ 
+   if (a->mailbox)
+-    mutt_list_insert_tail(&hints, a->mailbox);
++    mutt_list_insert_tail(&hints, mutt_str_dup(a->mailbox));
+   if (a->personal)
+     pgp_add_string_to_hints(a->personal, &hints);
+ 
diff --git a/neomutt/Pkgfile b/neomutt/Pkgfile
index 52e9b8af7..a879d30f1 100644
--- a/neomutt/Pkgfile
+++ b/neomutt/Pkgfile
@@ -6,12 +6,15 @@
 
 name=neomutt
 version=20211022
-release=1
-source=(https://github.com/neomutt/neomutt/archive/$version/$name-$version.tar.gz)
+release=2
+source=(https://github.com/neomutt/neomutt/archive/$version/$name-$version.tar.gz
+  3090.patch)
 
 build() {
   cd $name-$version
 
+  patch -Np1 -i $SRC/3090.patch
+
   [[ -e /usr/lib/pkgconfig/gpgme.pc ]] && PKGMK_NEOMUTT+=' --gpgme'
   [[ -e /usr/lib/pkgconfig/lua.pc ]] && PKGMK_NEOMUTT+=' --enable-lua'
   [[ -e /usr/lib/pkgconfig/gssrpc.pc ]] && PKGMK_NEOMUTT+=' --gss'