diff options
-rw-r--r-- | gnu-system.am | 1 | ||||
-rw-r--r-- | gnu/packages/mail.scm | 16 | ||||
-rw-r--r-- | gnu/packages/patches/mutt-CVE-2014-9116.patch | 46 |
3 files changed, 5 insertions, 58 deletions
diff --git a/gnu-system.am b/gnu-system.am index d846bcecde..e62fe18c97 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -567,7 +567,6 @@ dist_patch_DATA = \ gnu/packages/patches/module-init-tools-moduledir.patch \ gnu/packages/patches/mumps-build-parallelism.patch \ gnu/packages/patches/mupdf-buildsystem-fix.patch \ - gnu/packages/patches/mutt-CVE-2014-9116.patch \ gnu/packages/patches/mutt-store-references.patch \ gnu/packages/patches/net-tools-bitrot.patch \ gnu/packages/patches/ngircd-handle-zombies.patch \ diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index 53842b3aa0..25407b835a 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -171,21 +171,15 @@ aliasing facilities to work just as they would on normal mail.") (define-public mutt (package (name "mutt") - (version "1.5.23") + (version "1.5.24") (source (origin (method url-fetch) - (uri (list ;; Temporarily put bitbucket first, because - ;; ftp.mutt.org has been down for a while. - (string-append "https://bitbucket.org/mutt/mutt/downloads/mutt-" - version ".tar.gz") - (string-append "ftp://ftp.mutt.org/mutt/devel/mutt-" - version ".tar.gz"))) + (uri (string-append "ftp://ftp.mutt.org/pub/mutt/mutt-" + version ".tar.gz")) (sha256 (base32 - "0dzx4qk50pjfsb6cs5jahng96a52k12f7pm0sc78iqdrawg71w1s")) - (patches (map search-patch - '("mutt-CVE-2014-9116.patch" - "mutt-store-references.patch"))))) + "0012njrgxf1barjksqkx7ccid2l0xyikhna9mjs9vcfpbrvcm4m2")) + (patches (list (search-patch "mutt-store-references.patch"))))) (build-system gnu-build-system) (inputs `(("cyrus-sasl" ,cyrus-sasl) diff --git a/gnu/packages/patches/mutt-CVE-2014-9116.patch b/gnu/packages/patches/mutt-CVE-2014-9116.patch deleted file mode 100644 index 91e17ecbe0..0000000000 --- a/gnu/packages/patches/mutt-CVE-2014-9116.patch +++ /dev/null @@ -1,46 +0,0 @@ -Fix CVE-2014-9116. Copied from Debian: - -This patch solves the issue raised by CVE-2014-9116 in bug 771125. - -We correctly redefine what are the whitespace characters as per RFC5322; by -doing so we prevent mutt_substrdup from being used in a way that could lead to -a segfault. - -The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent -crashes due to this kind of bugs from happening again. - -The wheezy version of this patch is slightly different, therefore this patch -has -jessie prefixed in its name. - -The sendlib.c part was provided by Salvatore Bonaccorso and it is the same as -the upstream patch reported here: -http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable.patch - ---- a/lib.c -+++ b/lib.c -@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin, - size_t len; - char *p; - -+ if (end != NULL && end < begin) -+ return NULL; -+ - if (end) - len = end - begin; - else ---- a/sendlib.c -+++ b/sendlib.c -@@ -1814,7 +1814,12 @@ static int write_one_header (FILE *fp, i - { - tagbuf = mutt_substrdup (start, t); - /* skip over the colon separating the header field name and value */ -- t = skip_email_wsp(t + 1); -+ ++t; -+ -+ /* skip over any leading whitespace (WSP, as defined in RFC5322) */ -+ while (*t == ' ' || *t == '\t') -+ t++; -+ - valbuf = mutt_substrdup (t, end); - } - dprint(4,(debugfile,"mwoh: buf[%s%s] too long, " |