From 976d072aa24e07691df56fd5987ef04238fc734d Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 17 Jan 2021 23:38:47 +0100 Subject: gnu: mblaze: Update to 1.1. * gnu/packages/mail.scm (mblaze): Update to 1.1. --- gnu/packages/mail.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/mail.scm') diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index 043f5c5fec..5b235eea85 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -2631,7 +2631,7 @@ converts them to maildir format directories.") (define-public mblaze (package (name "mblaze") - (version "1.0") + (version "1.1") (source (origin (method git-fetch) @@ -2640,7 +2640,7 @@ converts them to maildir format directories.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "0hxy3mjjv4hg856sl1r15fdmqaw4s9c26b3lidsd5x0kpqy601ai")))) + (base32 "1bir977vnqs76g8jgv1yivqw0wk2kn56l3l5r4w2ipix3fir138y")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) -- cgit v1.2.3 From 708d3ec0de9cfffc933615d92825906efacd4c6d Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 20 Jan 2021 19:35:37 -0500 Subject: gnu: Mutt: Fix CVE-2021-3181. * gnu/packages/patches/mutt-CVE-2021-3181.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/mail.scm (mutt)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/mail.scm | 3 +- gnu/packages/patches/mutt-CVE-2021-3181.patch | 45 +++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/mutt-CVE-2021-3181.patch (limited to 'gnu/packages/mail.scm') diff --git a/gnu/local.mk b/gnu/local.mk index c631e449d1..0553c12f28 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1385,6 +1385,7 @@ dist_patch_DATA = \ %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \ %D%/packages/patches/musl-cross-locale.patch \ %D%/packages/patches/mutt-store-references.patch \ + %D%/packages/patches/mutt-CVE-2021-3181.patch \ %D%/packages/patches/m4-gnulib-libio.patch \ %D%/packages/patches/ncompress-fix-softlinks.patch \ %D%/packages/patches/netcdf-date-time.patch \ diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index 5b235eea85..ab3a19578e 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -456,7 +456,8 @@ aliasing facilities to work just as they would on normal mail.") (sha256 (base32 "1m4ig69qw4g3lhm4351snmy5i0ch65fqc9vqqdybr6jy21w7w225")) - (patches (search-patches "mutt-store-references.patch")))) + (patches (search-patches "mutt-store-references.patch" + "mutt-CVE-2021-3181.patch")))) (build-system gnu-build-system) (inputs `(("cyrus-sasl" ,cyrus-sasl) diff --git a/gnu/packages/patches/mutt-CVE-2021-3181.patch b/gnu/packages/patches/mutt-CVE-2021-3181.patch new file mode 100644 index 0000000000..df5214b052 --- /dev/null +++ b/gnu/packages/patches/mutt-CVE-2021-3181.patch @@ -0,0 +1,45 @@ +Fix CVE-2021-3181: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181 + +Patch copied from upstream source repository: + +https://gitlab.com/muttmua/mutt/-/commit/c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545 + +From c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545 Mon Sep 17 00:00:00 2001 +From: Kevin McCarthy +Date: Sun, 17 Jan 2021 10:40:37 -0800 +Subject: [PATCH] Fix memory leak parsing group address. + +When there was a group address terminator with no previous addresses, +an address would be allocated but not attached to the address list. + +Change this to only allocate when last exists. + +It would be more correct to not allocate at all unless we are inside a +group list, but I will address that in a separate commit to master. +--- + rfc822.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/rfc822.c b/rfc822.c +index 7ff4eaa3..ced619f2 100644 +--- a/rfc822.c ++++ b/rfc822.c +@@ -587,11 +587,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s) + #endif + + /* add group terminator */ +- cur = rfc822_new_address (); + if (last) + { +- last->next = cur; +- last = cur; ++ last->next = rfc822_new_address (); ++ last = last->next; + } + + phraselen = 0; +-- +GitLab + -- cgit v1.2.3 From 59c03bd4f9aba7ccd90428508ad072f8db01b9ed Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 25 Jan 2021 16:36:53 -0500 Subject: gnu: Mutt: Update to 2.0.5. * gnu/packages/patches/mutt-CVE-2021-3181.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/mail.scm (mutt): Update to 2.0.5. [source]: Remove obsolete patch. --- gnu/local.mk | 1 - gnu/packages/mail.scm | 7 ++--- gnu/packages/patches/mutt-CVE-2021-3181.patch | 45 --------------------------- 3 files changed, 3 insertions(+), 50 deletions(-) delete mode 100644 gnu/packages/patches/mutt-CVE-2021-3181.patch (limited to 'gnu/packages/mail.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 0553c12f28..c631e449d1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1385,7 +1385,6 @@ dist_patch_DATA = \ %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \ %D%/packages/patches/musl-cross-locale.patch \ %D%/packages/patches/mutt-store-references.patch \ - %D%/packages/patches/mutt-CVE-2021-3181.patch \ %D%/packages/patches/m4-gnulib-libio.patch \ %D%/packages/patches/ncompress-fix-softlinks.patch \ %D%/packages/patches/netcdf-date-time.patch \ diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index ab3a19578e..b3927bbafe 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -445,7 +445,7 @@ aliasing facilities to work just as they would on normal mail.") (define-public mutt (package (name "mutt") - (version "2.0.4") + (version "2.0.5") (source (origin (method url-fetch) (uri (list @@ -455,9 +455,8 @@ aliasing facilities to work just as they would on normal mail.") version ".tar.gz"))) (sha256 (base32 - "1m4ig69qw4g3lhm4351snmy5i0ch65fqc9vqqdybr6jy21w7w225")) - (patches (search-patches "mutt-store-references.patch" - "mutt-CVE-2021-3181.patch")))) + "0k80s27sf7djb7zxj81ihksr8jkr71mfaa8976fzh41i1pn5l7g2")) + (patches (search-patches "mutt-store-references.patch")))) (build-system gnu-build-system) (inputs `(("cyrus-sasl" ,cyrus-sasl) diff --git a/gnu/packages/patches/mutt-CVE-2021-3181.patch b/gnu/packages/patches/mutt-CVE-2021-3181.patch deleted file mode 100644 index df5214b052..0000000000 --- a/gnu/packages/patches/mutt-CVE-2021-3181.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2021-3181: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181 - -Patch copied from upstream source repository: - -https://gitlab.com/muttmua/mutt/-/commit/c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545 - -From c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545 Mon Sep 17 00:00:00 2001 -From: Kevin McCarthy -Date: Sun, 17 Jan 2021 10:40:37 -0800 -Subject: [PATCH] Fix memory leak parsing group address. - -When there was a group address terminator with no previous addresses, -an address would be allocated but not attached to the address list. - -Change this to only allocate when last exists. - -It would be more correct to not allocate at all unless we are inside a -group list, but I will address that in a separate commit to master. ---- - rfc822.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/rfc822.c b/rfc822.c -index 7ff4eaa3..ced619f2 100644 ---- a/rfc822.c -+++ b/rfc822.c -@@ -587,11 +587,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s) - #endif - - /* add group terminator */ -- cur = rfc822_new_address (); - if (last) - { -- last->next = cur; -- last = cur; -+ last->next = rfc822_new_address (); -+ last = last->next; - } - - phraselen = 0; --- -GitLab - -- cgit v1.2.3