From 1f93883f6f19e832c2edc31a320d77ca25c595f0 Mon Sep 17 00:00:00 2001 From: Juergen Daubert Date: Sat, 2 Jun 2007 10:14:45 +0200 Subject: [notify] mutt: added patch to fix CVE-2007-2683 See http://securitytracker.com/alerts/2007/May/1018066.html --- mutt/.md5sum | 1 + mutt/Pkgfile | 6 ++++-- mutt/mutt_gecos_name.patch | 12 ++++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 mutt/mutt_gecos_name.patch (limited to 'mutt') diff --git a/mutt/.md5sum b/mutt/.md5sum index e0daee1eb..7722aa9ff 100644 --- a/mutt/.md5sum +++ b/mutt/.md5sum @@ -1 +1,2 @@ b2c1eb45fd958f6589ee52a98f2a3ce1 mutt-1.5.15.tar.gz +d66caec79185a19a55f14a23ad6866e5 mutt_gecos_name.patch diff --git a/mutt/Pkgfile b/mutt/Pkgfile index bfa31d6f3..b134707ce 100644 --- a/mutt/Pkgfile +++ b/mutt/Pkgfile @@ -5,12 +5,14 @@ name=mutt version=1.5.15 -release=1 -source=(http://mirrors.sunsite.dk/$name/devel/$name-$version.tar.gz) +release=2 +source=(http://mirrors.sunsite.dk/$name/devel/$name-$version.tar.gz \ + mutt_gecos_name.patch) build () { cd $name-$version + patch -p1 -i $SRC/mutt_gecos_name.patch ./configure --prefix=/usr \ --mandir=/usr/man \ --with-docdir=/usr/share/mutt \ diff --git a/mutt/mutt_gecos_name.patch b/mutt/mutt_gecos_name.patch new file mode 100644 index 000000000..5f36fba77 --- /dev/null +++ b/mutt/mutt_gecos_name.patch @@ -0,0 +1,12 @@ +diff -Nru mutt-1.5.15.orig/muttlib.c mutt-1.5.15/muttlib.c +--- mutt-1.5.15.orig/muttlib.c 2007-05-27 19:17:55.000000000 +0200 ++++ mutt-1.5.15/muttlib.c 2007-05-27 19:26:39.000000000 +0200 +@@ -540,7 +540,7 @@ + if (dest[idx] == '&') + { + memmove (&dest[idx + pwnl], &dest[idx + 1], +- MAX(destlen - idx - pwnl - 1, 0)); ++ MAX((ssize_t)(destlen - idx - pwnl - 1), 0)); + memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl)); + dest[idx] = toupper ((unsigned char) dest[idx]); + } -- cgit v1.2.3