diff options
author | Christian Faulhammer <fauli@gentoo.org> | 2012-10-11 19:05:34 +0000 |
---|---|---|
committer | Christian Faulhammer <fauli@gentoo.org> | 2012-10-11 19:05:34 +0000 |
commit | 96bc661937c82e609d651a1fa3e95664b2583ead (patch) | |
tree | a8709b617e346aa6fe671c4ed8750647d35a9df4 /mail-client | |
parent | stable ppc64, bug #437746 (diff) | |
download | historical-96bc661937c82e609d651a1fa3e95664b2583ead.tar.gz historical-96bc661937c82e609d651a1fa3e95664b2583ead.tar.bz2 historical-96bc661937c82e609d651a1fa3e95664b2583ead.zip |
version bump for security bug 437814 (CVE 2012-4507), null pointer exception
Package-Manager: portage-2.1.11.9/cvs/Linux i686
Diffstat (limited to 'mail-client')
-rw-r--r-- | mail-client/claws-mail/ChangeLog | 8 | ||||
-rw-r--r-- | mail-client/claws-mail/Manifest | 11 | ||||
-rw-r--r-- | mail-client/claws-mail/claws-mail-3.8.1-r2.ebuild | 140 | ||||
-rw-r--r-- | mail-client/claws-mail/files/claws-mail-3.8.1_procmime-vuln.patch | 35 |
4 files changed, 188 insertions, 6 deletions
diff --git a/mail-client/claws-mail/ChangeLog b/mail-client/claws-mail/ChangeLog index aa35fc2b1266..5d7e433e3b02 100644 --- a/mail-client/claws-mail/ChangeLog +++ b/mail-client/claws-mail/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for mail-client/claws-mail # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/mail-client/claws-mail/ChangeLog,v 1.209 2012/09/05 07:48:27 jlec Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-client/claws-mail/ChangeLog,v 1.210 2012/10/11 19:05:33 fauli Exp $ + +*claws-mail-3.8.1-r2 (11 Oct 2012) + + 11 Oct 2012; Christian Faulhammer <fauli@gentoo.org> + +claws-mail-3.8.1-r2.ebuild, +files/claws-mail-3.8.1_procmime-vuln.patch: + version bump for security bug 437814 (CVE 2012-4507), null pointer exception 05 Sep 2012; Justin Lecher <jlec@gentoo.org> claws-mail-3.8.0.ebuild, claws-mail-3.8.1-r1.ebuild, claws-mail-3.8.1.ebuild: diff --git a/mail-client/claws-mail/Manifest b/mail-client/claws-mail/Manifest index 8b7a98adafe0..eea88fd35895 100644 --- a/mail-client/claws-mail/Manifest +++ b/mail-client/claws-mail/Manifest @@ -2,18 +2,19 @@ Hash: SHA256 AUX claws-mail-3.8.1_fix-signature.patch 926 SHA256 3c106c1fe6a40c712c67586cf2cac8cb6d32539c6490f505a6ca260f599f0415 SHA512 db2e79b0ed9b3a6c8dda68149c1065a62f90cd7f96e6149b1b32734970569d8188858f21aa03a1a117e57155f86fbe08e34d09e5be706642b6072013423ff99a WHIRLPOOL eaecb4f3f7843986fe526740b44c1b3375b545c8906932c5f3588dc5f921efc7d057ddf903f47e9521863aec8b7fc7bb79ef59e9e7b610e419166c83b6335a69 +AUX claws-mail-3.8.1_procmime-vuln.patch 1263 SHA256 3cf11125bac591645d341a5201dc3402b0c83f85abee131ca3da00762415c242 SHA512 85d3884cf79a55f637916b07487236ccd396fde5896f7ae428b083c600c5acc176237510c2a146179931431ea31dc15e458bc5ce0ded9fbbc7bb8fb10755135f WHIRLPOOL bb5c47fba7a24e66929b1cb3557fef0abf31616b6d79c0e9db65f13638363cd93a08faf2f94dffd996920b10f673fea9a453915a92b208a388f07151deaf503a DIST claws-mail-3.8.0.tar.bz2 7190415 SHA256 ec945e3b0f3df6f1f13fcf149ad3ee5306c0e6575bb375cf558e9028a0eb6231 SHA512 da1f45f2c528b003c57059ea94c372a7778f59702043b24c166f78c0b5b3455ced97faead781d1f92dec443ecc24a136bd9235537e04d492dd8c4fafcb161562 WHIRLPOOL c2d7141a38d91b8945370bd3c5fbc521287bf96b742b4090e2b533688cce48166e2d335a107c36ecb8a3b1e44078b14df14e34ab5e14e6bb287d3dd2485ae6e9 DIST claws-mail-3.8.1.tar.bz2 7335864 SHA256 b421fd913694f9d04635212b0c47c9808a3f20a4f9a5dd15b6f4cd5022c6ee6f SHA512 c55bfdcece77d7f9341a03a66dd02c5f7126049c3063492b2f6eace41f89aa2bea2b5ddc84fd3743318c5baed9aeb9a6406c6fa9c41254305dfed726f85bf40a WHIRLPOOL e0adde62288f6b600baddb6d3f62f952ee3bbed32a165d3d518d740038aa3fe017ede50b84cd1597fa52eb1ec8877ee4472dac544689e95a2ae65f61b1a5238a EBUILD claws-mail-3.8.0.ebuild 3738 SHA256 a444e8fccf5e8e6ea6d961e20f0cda4677539193a9037d947eb134158ce4a158 SHA512 c26e0d6b7d3295440b3a0332d84858aaff4283813f268792a6d0af531f8a52962b9711b039c8ae438eb0602d59c0f8c6e1b80b8d14619e9881a852ebce97cf49 WHIRLPOOL 5eee304207d8df6667e1a37b089cf59fc019b438ec70db6920a93ea274f438a90cf31bc8c140e14b68b6ba306112e0ab60b81dc5d7b1ca44f3f8ca7994fe2b97 EBUILD claws-mail-3.8.1-r1.ebuild 3829 SHA256 35af432974db467ad9c72725b8d5ced0934b2aaca0d2e7a3673038a135a7c333 SHA512 3f6fb30063489f2407400a2226d6e30803f1f27e90500871a41cd16898572c7a360c658c8cba84c1fab1a8730a0f772dd270f1cfbd85f518696105880c293f08 WHIRLPOOL a6177edd9e231f7fd88d57dae52b409927dcafbb4e34da87c308a8c5fafdc46f3a2b90decc31a00022be7ed43ff8356cb6d15290e98ba571b55445bf3491173b +EBUILD claws-mail-3.8.1-r2.ebuild 3882 SHA256 95624983248a9f13c5218e5d081365596b4e738e66c7d630d272168adc29c46d SHA512 580f7db02d81619e72841d4c88f069951053b21feafaa1607de0762714426a834a479344fa92ceb020f33f24cd63ceee1435baad45a7b60d0bba805fbe385ec4 WHIRLPOOL 36b4f6f402cf9797c612e59168f63cd5b960ed87a3db5c88167d6ad5a174d379fde2692a0807416ceaf3cd03439a85dacf86f569227050506c233a4e738bf741 EBUILD claws-mail-3.8.1.ebuild 3756 SHA256 f4216c8f35e7cf66b1c4ef59da85e727bbe190e21a27a105059eaadcb346c12f SHA512 8f7d42c837fd86f0848d43833371372a6b262095914c1d5a347e3ae1e82d6d4324e70880fd2e0f7da0c27a7ef1a690626f9936b3137da367670be1119735c32f WHIRLPOOL d7d921e607c32b98e3276b7f83b71b3cf4b029f87a4052e180bf419a8b6065f89b27c57d203509bf9fe3fe95436f1cbbd70e0ace65b459267c72c611524948c2 -MISC ChangeLog 43516 SHA256 98d34c1eed36c1921f9aca812639f29f517ee583133274462f7fda10ab38a358 SHA512 57133dd7b7d0d8bc64885da40d378317eab18f8d882f0b17c4bf7b3975e38b1195c4f011d746561b128efd61f0d2664efa347fe0aba07daea900c144437c8e1f WHIRLPOOL 1014e945b3361e77d45b0ff2a91b32699111aa7fdccfeb0524a03471d1f783ea09ab8f8681fb33164f294871318ef3217e69b0ff8f32e1b58f5e347310b5ee47 +MISC ChangeLog 43764 SHA256 a5dcc90b17b7a235da47ff95df95d398e4ca974e40b18c4e80fa4f1b11baa4f1 SHA512 eebc9299f4bebeb92d5fcdd3083d2d8cce495363ad7e1dde7bad11c0fca952dffd5e234cb1ef7bbbf50a1e3f91b9b0a50e5d7626dc85af3a12d4d4c363cf688b WHIRLPOOL 03128a5a9df914530f2f49c685013f76424f36bde176c5c84640c4fcc995dbdf507da61ecfa236a5caf6d2f1d586a1154072d7db24aadcbc48cda3a3c0b80a05 MISC metadata.xml 778 SHA256 deae27a074e4678336af25da5b7a620236ba449406c595828eaaea5310e8d07b SHA512 8e436c28f69a11bd8d3b2a39ddbb5189e25090801e45524d94007b9620c5b6d9cfeb94984603f6f1d4a83f0524a006967a84393a571934802188c75791b6589b WHIRLPOOL f1c271a33cf7279479bf2ce1d7aab957eb30bbcada1fcb28cb164236cb1411771346404a44d7c9b4cfb11d5cad2e48955333fb0de9e96908d43018e5d8c0842b -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) -Comment: GPGTools - http://gpgtools.org -iEYEAREIAAYFAlBHA9EACgkQgAnW8HDreRb6kwCeJbLnOeHaEpECj7bmHsD/+nJO -AroAn0FMJElcb6LLkpGnwCBRhDzWsep5 -=hFln +iEYEAREIAAYFAlB3GVEACgkQNQqtfCuFneMQCQCbBsnSKNiZpMcjB3v1mIW6rkJ9 +Wz0An3q03SD1qropohblw5wn3O4MBQGo +=YVNp -----END PGP SIGNATURE----- diff --git a/mail-client/claws-mail/claws-mail-3.8.1-r2.ebuild b/mail-client/claws-mail/claws-mail-3.8.1-r2.ebuild new file mode 100644 index 000000000000..444189bdcdfd --- /dev/null +++ b/mail-client/claws-mail/claws-mail-3.8.1-r2.ebuild @@ -0,0 +1,140 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-client/claws-mail/claws-mail-3.8.1-r2.ebuild,v 1.1 2012/10/11 19:05:33 fauli Exp $ + +EAPI="4" + +inherit autotools-utils multilib gnome2-utils eutils + +DESCRIPTION="An email client (and news reader) based on GTK+" +HOMEPAGE="http://www.claws-mail.org/" + +SRC_URI="mirror://sourceforge/sylpheed-claws/${P}.tar.bz2" + +SLOT="0" +LICENSE="GPL-3" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="bogofilter crypt dbus dillo doc +imap ipv6 ldap nntp pda session smime spamassassin spell +ssl startup-notification xface" + +COMMONDEPEND=">=x11-libs/gtk+-2.20:2 + pda? ( >=app-pda/jpilot-0.99 ) + ssl? ( >=net-libs/gnutls-2.2.0 ) + ldap? ( >=net-nds/openldap-2.0.7 ) + crypt? ( >=app-crypt/gpgme-0.4.5 ) + dbus? ( >=dev-libs/dbus-glib-0.60 ) + dillo? ( www-client/dillo ) + spell? ( >=app-text/enchant-1.0.0 ) + imap? ( >=net-libs/libetpan-0.57 ) + nntp? ( >=net-libs/libetpan-0.57 ) + startup-notification? ( x11-libs/startup-notification ) + bogofilter? ( mail-filter/bogofilter ) + session? ( x11-libs/libSM + x11-libs/libICE ) + smime? ( >=app-crypt/gpgme-0.4.5 )" + +DEPEND="${COMMONDEPEND} + xface? ( >=media-libs/compface-1.4 ) + virtual/pkgconfig" + +RDEPEND="${COMMONDEPEND} + app-misc/mime-types + x11-misc/shared-mime-info" + +PLUGIN_NAMES="acpi-notifier address_keeper archive att-remover attachwarner clamd fancy fetchinfo geolocation gdata gtkhtml mailmbox newmail notification perl python rssyl spam_report tnef_parse vcalendar" + +PATCHES=( + "${FILESDIR}"/claws-mail-${PV}_fix-signature.patch + "${FILESDIR}"/claws-mail-${PV}_procmime-vuln.patch +) + +src_configure() { + local myeconfargs=( + $(use_enable ipv6) + $(use_enable ldap) + $(use_enable dbus) + $(use_enable pda jpilot) + $(use_enable spell enchant) + $(use_enable xface compface) + $(use_enable doc manual) + $(use_enable startup-notification) + $(use_enable session libsm) + $(use_enable crypt pgpmime-plugin) + $(use_enable crypt pgpinline-plugin) + $(use_enable crypt pgpcore-plugin) + $(use_enable dillo dillo-viewer-plugin) + $(use_enable spamassassin spamassassin-plugin) + $(use_enable bogofilter bogofilter-plugin) + $(use_enable smime smime-plugin) + --enable-trayicon-plugin + --disable-maemo + ) + + # libetpan is needed if user wants nntp or imap functionality + if use imap || use nntp; then + myeconfargs+=( --enable-libetpan ) + else + myeconfargs+=( --disable-libetpan ) + fi + + if use ssl; then + myeconfargs+=( --enable-gnutls ) + else + myeconfargs+=( --disable-gnutls ) + fi + + autotools-utils_src_configure +} + +src_install() { + local DOCS=( AUTHORS ChangeLog* INSTALL* NEWS README* TODO* ) + autotools-utils_src_install + + # Makefile install claws-mail.png in /usr/share/icons/hicolor/48x48/apps + # => also install it in /usr/share/pixmaps for other desktop envs + # => also install higher resolution icons in /usr/share/icons/hicolor/... + insinto /usr/share/pixmaps + doins ${PN}.png || die + local res resdir + for res in 64x64 128x128 ; do + resdir="/usr/share/icons/hicolor/${res}/apps" + insinto ${resdir} + newins ${PN}-${res}.png ${PN}.png || die + done + + docinto tools + dodoc tools/README* + + domenu ${PN}.desktop + + einfo "Installing extra tools" + cd "${S}"/tools + exeinto /usr/$(get_libdir)/${PN}/tools + doexe *.pl *.py *.conf *.sh || die + doexe tb2claws-mail update-po uudec uuooffice || die +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + gnome2_icon_cache_update + + UPDATE_PLUGINS="" + for x in ${PLUGIN_NAMES}; do + has_version mail-client/${PN}-$x && UPDATE_PLUGINS="${UPDATE_PLUGINS} $x" + done + if [ -n "${UPDATE_PLUGINS}" ]; then + elog + elog "You have to re-emerge or update the following plugins:" + elog + for x in ${UPDATE_PLUGINS}; do + elog " mail-client/${PN}-$x" + done + elog + fi +} + +pkg_postrm() { + gnome2_icon_cache_update +} diff --git a/mail-client/claws-mail/files/claws-mail-3.8.1_procmime-vuln.patch b/mail-client/claws-mail/files/claws-mail-3.8.1_procmime-vuln.patch new file mode 100644 index 000000000000..05498eddd552 --- /dev/null +++ b/mail-client/claws-mail/files/claws-mail-3.8.1_procmime-vuln.patch @@ -0,0 +1,35 @@ +A specific mail in the user mbox file cause claws-mail to crash reliabily. + +claws-mail-3.8.1 + +truncated backtrace: +:Thread no. 1 (10 frames) +: #0 strchr at ../sysdeps/x86_64/strchr.S:33 +: #1 parse_parameters at procmime.c:1756 +: #2 procmime_parse_content_disposition at procmime.c:1842 +: #3 procmime_parse_mimepart at procmime.c:1967 +: #4 procmime_parse_multipart at procmime.c:1566 +: #5 procmime_parse_mimepart at procmime.c:1994 +: #6 procmime_parse_message_rfc822 at procmime.c:1393 +: #7 procmime_scan_file_with_offset at procmime.c:2058 +: #8 procmime_scan_file_full at procmime.c:2071 +: #9 procmime_scan_file at procmime.c:2078 + +CVE-2012-4507 + +Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=437814 +CVE request: http://permalink.gmane.org/gmane.comp.security.oss.general/8561 +redhat bug: https://bugzilla.redhat.com/show_bug.cgi?id=862578 +claws-mail bug: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743 + +--- claws-mail-3.8.1-orig/src/procmime.c 2012-06-27 11:05:22.000000000 +0200 ++++ claws-mail-3.8.1/src/procmime.c 2012-10-03 18:00:09.438577924 +0200 +@@ -1753,6 +1753,8 @@ + continue; + + charset = value; ++ if (charset == NULL) ++ continue; + lang = strchr(charset, '\''); + if (lang == NULL) + continue; |