update to 2.2.10
This commit is contained in:
lyn1001
parent
152aca22e6
commit
44596816bf
@ -1,40 +0,0 @@
|
||||
From e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin McCarthy <kevin@8t8.us>
|
||||
Date: Tue, 5 Apr 2022 11:05:52 -0700
|
||||
Subject: [PATCH] Fix uudecode buffer overflow.
|
||||
|
||||
mutt_decode_uuencoded() used each line's initial "length character"
|
||||
without any validation. It would happily read past the end of the
|
||||
input line, and with a suitable value even past the length of the
|
||||
input buffer.
|
||||
|
||||
As I noted in ticket 404, there are several other changes that could
|
||||
be added to make the parser more robust. However, to avoid
|
||||
accidentally introducing another bug or regression, I'm restricting
|
||||
this patch to simply addressing the overflow.
|
||||
|
||||
Thanks to Tavis Ormandy for reporting the issue, along with a sample
|
||||
message demonstrating the problem.
|
||||
---
|
||||
handler.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/handler.c b/handler.c
|
||||
index d1b4bc73..c97cf0cb 100644
|
||||
--- a/handler.c
|
||||
+++ b/handler.c
|
||||
@@ -404,9 +404,9 @@ static void mutt_decode_uuencoded (STATE *s, LOFF_T len, int istext, iconv_t cd)
|
||||
pt = tmps;
|
||||
linelen = decode_byte (*pt);
|
||||
pt++;
|
||||
- for (c = 0; c < linelen;)
|
||||
+ for (c = 0; c < linelen && *pt;)
|
||||
{
|
||||
- for (l = 2; l <= 6; l += 2)
|
||||
+ for (l = 2; l <= 6 && *pt && *(pt + 1); l += 2)
|
||||
{
|
||||
out = decode_byte (*pt) << l;
|
||||
pt++;
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -1,13 +1,12 @@
|
||||
diff --git a/init.h b/init.h
|
||||
index acc7d8b..14d417c 100644
|
||||
--- a/init.h
|
||||
+++ b/init.h
|
||||
diff -up mutt-1.12.1/init.h.optusegpgagent mutt-1.12.1/init.h
|
||||
--- mutt-1.12.1/init.h.optusegpgagent 2019-08-29 09:29:38.868810511 +0200
|
||||
+++ mutt-1.12.1/init.h 2019-08-29 09:30:29.899395370 +0200
|
||||
@@ -2444,7 +2444,7 @@ struct option_t MuttVars[] = {
|
||||
** subprocess failed.
|
||||
** not used.
|
||||
** (PGP only)
|
||||
*/
|
||||
- { "pgp_check_gpg_decrypt_status_fd", DT_BOOL, R_NONE, {.l=OPTPGPCHECKGPGDECRYPTSTATUSFD}, {.l=1} },
|
||||
+ { "pgp_check_gpg_decrypt_status_fd", DT_BOOL, R_NONE, {.l=OPTPGPCHECKGPGDECRYPTSTATUSFD}, {.l=0} },
|
||||
- { "pgp_use_gpg_agent", DT_BOOL, R_NONE, {.l=OPTUSEGPGAGENT}, {.l=1} },
|
||||
+ { "pgp_use_gpg_agent", DT_BOOL, R_NONE, {.l=OPTUSEGPGAGENT}, {.l=0} },
|
||||
/*
|
||||
** .pp
|
||||
** If \fIset\fP, mutt will check the status file descriptor output
|
||||
** If \fIset\fP, mutt expects a \fCgpg-agent(1)\fP process will handle
|
||||
|
||||
@ -4,7 +4,7 @@ diff -rup mutt-17a4f92e4a95-orig/init.h mutt-17a4f92e4a95-new/init.h
|
||||
@@ -2989,7 +2989,7 @@ struct option_t MuttVars[] = {
|
||||
*/
|
||||
#if defined(USE_SSL)
|
||||
#ifdef USE_SSL_GNUTLS
|
||||
# ifdef USE_SSL_GNUTLS
|
||||
- { "ssl_ca_certificates_file", DT_PATH, R_NONE, {.p=&SslCACertFile}, {.p=0} },
|
||||
+ { "ssl_ca_certificates_file", DT_PATH, R_NONE, {.p=&SslCACertFile}, {.p="/etc/ssl/certs/ca-bundle.crt"} },
|
||||
/*
|
||||
|
||||
@ -26,4 +26,3 @@ diff -ur mutt-1.8.0.orig/doc/smime-notes.txt mutt-1.8.0/doc/smime-notes.txt
|
||||
signed by one of them. You can use "smime_keys add_root" to do so, or
|
||||
just copy ca-bundle.crt into the place you point mutt's smime_ca_location
|
||||
variable to.
|
||||
|
||||
|
||||
Binary file not shown.
BIN
mutt-2.2.10.tar.gz
Normal file
BIN
mutt-2.2.10.tar.gz
Normal file
Binary file not shown.
@ -1,6 +1,6 @@
|
||||
Name: mutt
|
||||
Version: 2.1.3
|
||||
Release: 2
|
||||
Version: 2.2.10
|
||||
Release: 1
|
||||
Epoch: 5
|
||||
Summary: Text-based mail client
|
||||
License: GPLv2+ and Public Domain
|
||||
@ -16,8 +16,6 @@ Patch5: mutt-1.9.4-lynx_no_backscapes.patch
|
||||
Patch6: mutt-1.9.5-nodotlock.patch
|
||||
Patch7: mutt-1.10.0-muttrc.patch
|
||||
Patch8: mutt-1.12.1-optusegpgagent.patch
|
||||
#https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5.patch
|
||||
Patch9: CVE-2022-1328.patch
|
||||
|
||||
BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc
|
||||
BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators
|
||||
@ -125,6 +123,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
|
||||
%{_infodir}/mutt.info.*
|
||||
|
||||
%changelog
|
||||
* Wed May 10 2023 liyanan <thistleslyn@163.com> - 5:2.2.10-1
|
||||
- Update package to version 2.2.10
|
||||
|
||||
* Sun Apr 24 2022 yaoxin <yaoxin30@h-partners.com> - 2.1.3-2
|
||||
- Fix CVE-2022-1328
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user