[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: gnu: mutt: Add fix for CVE-2014-9116.
|
From: |
Mark H. Weaver |
|
Subject: |
02/02: gnu: mutt: Add fix for CVE-2014-9116. |
|
Date: |
Tue, 30 Dec 2014 20:19:42 +0000 |
mhw pushed a commit to branch master
in repository guix.
commit 63d526e2689774ff2897446b870c3817b95c75d7
Author: Mark H Weaver <address@hidden>
Date: Tue Dec 30 15:17:44 2014 -0500
gnu: mutt: Add fix for CVE-2014-9116.
* gnu/packages/patches/mutt-CVE-2014-9116.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (mutt): Add patch.
---
gnu-system.am | 1 +
gnu/packages/mail.scm | 3 +-
gnu/packages/patches/mutt-CVE-2014-9116.patch | 46 +++++++++++++++++++++++++
3 files changed, 49 insertions(+), 1 deletions(-)
diff --git a/gnu-system.am b/gnu-system.am
index 3d145b1..dc881bb 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -420,6 +420,7 @@ dist_patch_DATA =
\
gnu/packages/patches/mpc123-initialize-ao.patch \
gnu/packages/patches/module-init-tools-moduledir.patch \
gnu/packages/patches/mupdf-buildsystem-fix.patch \
+ gnu/packages/patches/mutt-CVE-2014-9116.patch \
gnu/packages/patches/net-tools-bitrot.patch \
gnu/packages/patches/nvi-assume-preserve-path.patch \
gnu/packages/patches/orpheus-cast-errors-and-includes.patch \
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 534476f..8424d8c 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -174,7 +174,8 @@ aliasing facilities to work just as they would on normal
mail.")
version ".tar.gz")))
(sha256
(base32
- "0dzx4qk50pjfsb6cs5jahng96a52k12f7pm0sc78iqdrawg71w1s"))))
+ "0dzx4qk50pjfsb6cs5jahng96a52k12f7pm0sc78iqdrawg71w1s"))
+ (patches (list (search-patch "mutt-CVE-2014-9116.patch")))))
(build-system gnu-build-system)
(inputs
`(("cyrus-sasl" ,cyrus-sasl)
diff --git a/gnu/packages/patches/mutt-CVE-2014-9116.patch
b/gnu/packages/patches/mutt-CVE-2014-9116.patch
new file mode 100644
index 0000000..91e17ec
--- /dev/null
+++ b/gnu/packages/patches/mutt-CVE-2014-9116.patch
@@ -0,0 +1,46 @@
+Fix CVE-2014-9116. Copied from Debian:
+
+This patch solves the issue raised by CVE-2014-9116 in bug 771125.
+
+We correctly redefine what are the whitespace characters as per RFC5322; by
+doing so we prevent mutt_substrdup from being used in a way that could lead to
+a segfault.
+
+The lib.c part was written by Antonio Radici <address@hidden> to prevent
+crashes due to this kind of bugs from happening again.
+
+The wheezy version of this patch is slightly different, therefore this patch
+has -jessie prefixed in its name.
+
+The sendlib.c part was provided by Salvatore Bonaccorso and it is the same as
+the upstream patch reported here:
+http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable.patch
+
+--- a/lib.c
++++ b/lib.c
+@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
+ size_t len;
+ char *p;
+
++ if (end != NULL && end < begin)
++ return NULL;
++
+ if (end)
+ len = end - begin;
+ else
+--- a/sendlib.c
++++ b/sendlib.c
+@@ -1814,7 +1814,12 @@ static int write_one_header (FILE *fp, i
+ {
+ tagbuf = mutt_substrdup (start, t);
+ /* skip over the colon separating the header field name and value */
+- t = skip_email_wsp(t + 1);
++ ++t;
++
++ /* skip over any leading whitespace (WSP, as defined in RFC5322) */
++ while (*t == ' ' || *t == '\t')
++ t++;
++
+ valbuf = mutt_substrdup (t, end);
+ }
+ dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "