From c3b470bb37da4b88e10594d0106538ee7b644f6c Mon Sep 17 00:00:00 2001 From: Matej Muzila Date: Dec 03 2014 19:02:14 +0000 Subject: added patch file forgotten in last commit --- diff --git a/mutt-1.5.23-sendlib.patch b/mutt-1.5.23-sendlib.patch new file mode 100644 index 0000000..b5212d1 --- /dev/null +++ b/mutt-1.5.23-sendlib.patch @@ -0,0 +1,43 @@ +# HG changeset patch +# User Kevin McCarthy +# Date 1417472364 28800 +# Mon Dec 01 14:19:24 2014 -0800 +# Branch stable +# Node ID 54c59aaf88b9f6b50f1078fc6f7551fa9315ac3e +# Parent 1b583341d5ad677c8a1935eb4110eba27606878a +Revert write_one_header() to skip space and tab. (closes #3716) + +This patch fixes CVE-2014-9116 in the stable branch. It reverts +write_one_header() to the pre [f251d523ca5a] code for skipping +whitespace. + +Thanks to Antonio Radici and Tomas Hoger for their analysis and patches +to mutt, which this patch is based off of. + +diff --git a/sendlib.c b/sendlib.c +--- a/sendlib.c ++++ b/sendlib.c +@@ -1809,17 +1809,22 @@ + { + tagbuf = NULL; + valbuf = mutt_substrdup (start, end); + } + else + { + tagbuf = mutt_substrdup (start, t); + /* skip over the colon separating the header field name and value */ +- t = skip_email_wsp(t + 1); ++ ++t; ++ ++ /* skip over any leading whitespace (WSP, as defined in RFC5322) */ ++ while (*t == ' ' || *t == '\t') ++ t++; ++ + valbuf = mutt_substrdup (t, end); + } + dprint(4,(debugfile,"mwoh: buf[%s%s] too long, " + "max width = %d > %d\n", + NONULL(pfx), valbuf, max, wraplen)); + if (fold_one_header (fp, tagbuf, valbuf, pfx, wraplen, flags) < 0) + return -1; + FREE (&tagbuf); diff --git a/mutt.spec b/mutt.spec index b6a7085..226c980 100644 --- a/mutt.spec +++ b/mutt.spec @@ -18,7 +18,7 @@ Summary: A text mode mail user agent Name: mutt Version: 1.5.23 -Release: 6%{?dist} +Release: 7%{?dist} Epoch: 5 # The entire source code is GPLv2+ except # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain @@ -186,6 +186,10 @@ ln -sf ./muttrc.5 $RPM_BUILD_ROOT%{_mandir}/man5/muttrc.local.5 %changelog +* Wed Dec 03 2014 Matej Muzila - 5:1.5.23-7 +- added patch file forgotten in last commit + + * Wed Dec 03 2014 Matej Muzila - 5:1.5.23-6 - resolves #1168464 (CVE-2014-9116)