[notify] mutt: added patch to fix CVE-2007-2683

See http://securitytracker.com/alerts/2007/May/1018066.html

3 files changed, 17 insertions, 2 deletions

diff --git a/mutt/.md5sum b/mutt/.md5sum
index e0daee1eb..7722aa9ff 100644
--- a/mutt/.md5sum
+++ b/mutt/.md5sum
@@ -1 +1,2 @@
 b2c1eb45fd958f6589ee52a98f2a3ce1  mutt-1.5.15.tar.gz
+d66caec79185a19a55f14a23ad6866e5  mutt_gecos_name.patch
diff --git a/mutt/Pkgfile b/mutt/Pkgfile
index bfa31d6f3..b134707ce 100644
--- a/mutt/Pkgfile
+++ b/mutt/Pkgfile
@@ -5,12 +5,14 @@
 
 name=mutt
 version=1.5.15
-release=1
-source=(http://mirrors.sunsite.dk/$name/devel/$name-$version.tar.gz)
+release=2
+source=(http://mirrors.sunsite.dk/$name/devel/$name-$version.tar.gz \
+        mutt_gecos_name.patch)
 
 build () {
     cd $name-$version
 
+    patch -p1 -i $SRC/mutt_gecos_name.patch
     ./configure --prefix=/usr \
                 --mandir=/usr/man \
                 --with-docdir=/usr/share/mutt \
diff --git a/mutt/mutt_gecos_name.patch b/mutt/mutt_gecos_name.patch
new file mode 100644
index 000000000..5f36fba77
--- /dev/null
+++ b/mutt/mutt_gecos_name.patch
@@ -0,0 +1,12 @@
+diff -Nru mutt-1.5.15.orig/muttlib.c mutt-1.5.15/muttlib.c
+--- mutt-1.5.15.orig/muttlib.c	2007-05-27 19:17:55.000000000 +0200
++++ mutt-1.5.15/muttlib.c	2007-05-27 19:26:39.000000000 +0200
+@@ -540,7 +540,7 @@
+     if (dest[idx] == '&')
+     {
+       memmove (&dest[idx + pwnl], &dest[idx + 1],
+-	       MAX(destlen - idx - pwnl - 1, 0));
++	       MAX((ssize_t)(destlen - idx - pwnl - 1), 0));
+       memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
+       dest[idx] = toupper ((unsigned char) dest[idx]);
+     }