[pkgsrc/trunk]: pkgsrc/mail/mutt-devel Add a fix for Fix CVE-2007-2683

[tonio <tonio%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/47243b1d9ccd
branches:  trunk
changeset: 529205:47243b1d9ccd
user:      tonio <tonio%pkgsrc.org@localhost>
date:      Sun May 27 17:39:47 2007 +0000

description:
Add a fix for Fix CVE-2007-2683
Bump PKGREVISION

Use signed arithmetic in mutt_gecos_name to avoid an overflow.
>From http://dev.mutt.org/hg/mutt/rev/47d08903b79b

And trac: http://dev.mutt.org/trac/ticket/2885

diffstat:

 mail/mutt-devel/Makefile         |   3 ++-
 mail/mutt-devel/distinfo         |   3 ++-
 mail/mutt-devel/options.mk       |   6 +++---
 mail/mutt-devel/patches/patch-am |  17 +++++++++++++++++
 4 files changed, 24 insertions(+), 5 deletions(-)

diffs (68 lines):

diff -r 30ec0ddfba2a -r 47243b1d9ccd mail/mutt-devel/Makefile
--- a/mail/mutt-devel/Makefile  Sun May 27 13:34:34 2007 +0000
+++ b/mail/mutt-devel/Makefile  Sun May 27 17:39:47 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2007/04/21 18:27:21 tonio Exp $
+# $NetBSD: Makefile,v 1.59 2007/05/27 17:39:47 tonio Exp $
 
 DISTNAME=              mutt-1.5.15
+PKGREVISION=           1
 CATEGORIES=            mail
 MUTT_SITES=            ftp://ftp.mutt.org/mutt/ \
                        ftp://ftp.stealth.net/pub/mirrors/ftp.mutt.org/pub/mutt/ \
diff -r 30ec0ddfba2a -r 47243b1d9ccd mail/mutt-devel/distinfo
--- a/mail/mutt-devel/distinfo  Sun May 27 13:34:34 2007 +0000
+++ b/mail/mutt-devel/distinfo  Sun May 27 17:39:47 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.39 2007/04/21 18:27:21 tonio Exp $
+$NetBSD: distinfo,v 1.40 2007/05/27 17:39:47 tonio Exp $
 
 SHA1 (mutt-1.5.15.tar.gz) = 1adabf6e07e099bb664c83e3c0100bbbdfec7a9a
 RMD160 (mutt-1.5.15.tar.gz) = 0cc084d2fcdabc0bc41632fcff90703c206de3db
@@ -15,3 +15,4 @@
 SHA1 (patch-ah) = 4227c5768b900e58fa4a679e6ad67efc974a70b5
 SHA1 (patch-ai) = 9cbd895520d94d11655c57c01d3e8b4150f0e9bb
 SHA1 (patch-al) = d4dae28192d7a3b3fad316d9f31ab69106eac9c2
+SHA1 (patch-am) = e481e4f76da79e71ed94090cb049f51f91d9a2b5
diff -r 30ec0ddfba2a -r 47243b1d9ccd mail/mutt-devel/options.mk
--- a/mail/mutt-devel/options.mk        Sun May 27 13:34:34 2007 +0000
+++ b/mail/mutt-devel/options.mk        Sun May 27 17:39:47 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.24 2007/04/21 18:27:21 tonio Exp $
+# $NetBSD: options.mk,v 1.25 2007/05/27 17:39:47 tonio Exp $
 
 # Global and legacy options
 
@@ -100,9 +100,9 @@
 ### Internal SMTP relay support
 ###
 .if !empty(PKG_OPTIONS:Mmutt-smtp)
-CONFIGURE_ARGS+=       --enable-smtp
+CONFIGURE_ARGS+=       --enable-smtp
 .else
-CONFIGURE_ARGS+=       --disable-smtp
+CONFIGURE_ARGS+=       --disable-smtp
 .endif
 
 ###
diff -r 30ec0ddfba2a -r 47243b1d9ccd mail/mutt-devel/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/mutt-devel/patches/patch-am  Sun May 27 17:39:47 2007 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-am,v 1.3 2007/05/27 17:39:48 tonio Exp $
+
+Use signed arithmetic in mutt_gecos_name to avoid an overflow.
+From http://dev.mutt.org/hg/mutt/rev/47d08903b79b
+Fix CVE-2007-2683
+
+--- muttlib.c.orig     2007-04-03 19:52:56.000000000 +0200
++++ muttlib.c
+@@ -540,7 +540,7 @@ char *mutt_gecos_name (char *dest, size_
+     if (dest[idx] == '&')
+     {
+       memmove (&dest[idx + pwnl], &dest[idx + 1],
+-             MAX(destlen - idx - pwnl - 1, 0));
++             MAX((ssize_t)(destlen - idx - pwnl - 1), 0));
+       memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
+       dest[idx] = toupper ((unsigned char) dest[idx]);
+     }