commit 1f93883f6f19e832c2edc31a320d77ca25c595f0 Author: Juergen Daubert <jue@jue.li> Date: Sat Jun 2 10:14:45 2007 +0200 [notify] mutt: added patch to fix CVE-2007-2683 See http://securitytracker.com/alerts/2007/May/1018066.html diff --git a/mutt/.md5sum b/mutt/.md5sum index e0daee1..7722aa9 100644 --- a/mutt/.md5sum +++ b/mutt/.md5sum @@ -1 +1,2 @@ b2c1eb45fd958f6589ee52a98f2a3ce1 mutt-1.5.15.tar.gz +d66caec79185a19a55f14a23ad6866e5 mutt_gecos_name.patch diff --git a/mutt/Pkgfile b/mutt/Pkgfile index bfa31d6..b134707 100644 --- a/mutt/Pkgfile +++ b/mutt/Pkgfile @@ -5,12 +5,14 @@ name=mutt version=1.5.15 -release=1 -source=(http://mirrors.sunsite.dk/$name/devel/$name-$version.tar.gz) +release=2 +source=(http://mirrors.sunsite.dk/$name/devel/$name-$version.tar.gz \ + mutt_gecos_name.patch) build () { cd $name-$version + patch -p1 -i $SRC/mutt_gecos_name.patch ./configure --prefix=/usr \ --mandir=/usr/man \ --with-docdir=/usr/share/mutt \ diff --git a/mutt/mutt_gecos_name.patch b/mutt/mutt_gecos_name.patch new file mode 100644 index 0000000..5f36fba --- /dev/null +++ b/mutt/mutt_gecos_name.patch @@ -0,0 +1,12 @@ +diff -Nru mutt-1.5.15.orig/muttlib.c mutt-1.5.15/muttlib.c +--- mutt-1.5.15.orig/muttlib.c 2007-05-27 19:17:55.000000000 +0200 ++++ mutt-1.5.15/muttlib.c 2007-05-27 19:26:39.000000000 +0200 +@@ -540,7 +540,7 @@ + if (dest[idx] == '&') + { + memmove (&dest[idx + pwnl], &dest[idx + 1], +- MAX(destlen - idx - pwnl - 1, 0)); ++ MAX((ssize_t)(destlen - idx - pwnl - 1), 0)); + memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl)); + dest[idx] = toupper ((unsigned char) dest[idx]); + }