gnu: mutt: Add fix for CVE-2014-9116.

* gnu/packages/patches/mutt-CVE-2014-9116.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/mail.scm (mutt): Add patch.
2014-12-30 15:17:44 -05:00 · 2014-12-30 15:17:44 -05:00 · 63d526e268
parent 2d2301e37a
commit 63d526e268
3 changed files with 49 additions and 1 deletions
--- a/gnu-system.am
+++ b/gnu-system.am
@ -420,6 +420,7 @@ dist_patch_DATA =						\
  gnu/packages/patches/mpc123-initialize-ao.patch		\
  gnu/packages/patches/module-init-tools-moduledir.patch	\
  gnu/packages/patches/mupdf-buildsystem-fix.patch		\
+  gnu/packages/patches/mutt-CVE-2014-9116.patch			\
  gnu/packages/patches/net-tools-bitrot.patch			\
  gnu/packages/patches/nvi-assume-preserve-path.patch           \
  gnu/packages/patches/orpheus-cast-errors-and-includes.patch	\
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@ -174,7 +174,8 @@ aliasing facilities to work just as they would on normal mail.")
                                       version ".tar.gz")))
             (sha256
              (base32
-               "0dzx4qk50pjfsb6cs5jahng96a52k12f7pm0sc78iqdrawg71w1s"))))
+               "0dzx4qk50pjfsb6cs5jahng96a52k12f7pm0sc78iqdrawg71w1s"))
+             (patches (list (search-patch "mutt-CVE-2014-9116.patch")))))
    (build-system gnu-build-system)
    (inputs
     `(("cyrus-sasl" ,cyrus-sasl)
--- a/gnu/packages/patches/mutt-CVE-2014-9116.patch
+++ b/gnu/packages/patches/mutt-CVE-2014-9116.patch
@ -0,0 +1,46 @@
+Fix CVE-2014-9116.  Copied from Debian:
+
+This patch solves the issue raised by CVE-2014-9116 in bug 771125.
+
+We correctly redefine what are the whitespace characters as per RFC5322; by
+doing so we prevent mutt_substrdup from being used in a way that could lead to
+a segfault.
+
+The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
+crashes due to this kind of bugs from happening again.
+
+The wheezy version of this patch is slightly different, therefore this patch
+has -jessie prefixed in its name.
+
+The sendlib.c part was provided by Salvatore Bonaccorso and it is the same as
+the upstream patch reported here:
+http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable.patch
+
+--- a/lib.c
+++ b/lib.c
+@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
+   size_t len;
+   char *p;
+ 
+  if (end != NULL && end < begin)
+    return NULL;
+
+   if (end)
+     len = end - begin;
+   else
+--- a/sendlib.c
+++ b/sendlib.c
+@@ -1814,7 +1814,12 @@ static int write_one_header (FILE *fp, i
+     {
+       tagbuf = mutt_substrdup (start, t);
+       /* skip over the colon separating the header field name and value */
+-      t = skip_email_wsp(t + 1);
+      ++t;
+
+      /* skip over any leading whitespace (WSP, as defined in RFC5322) */
+      while (*t == ' ' || *t == '\t')
+        t++;
+
+       valbuf = mutt_substrdup (t, end);
+     }
+     dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "