rpms/mutt/F-7 mutt-apopmsgid.patch, NONE, 1.1 mutt-gecos.patch, NONE, 1.1 mutt.spec, 1.44, 1.45
Miroslav Lichvar (mlichvar)
fedora-extras-commits at redhat.com
Thu May 31 07:54:27 UTC 2007
- Previous message (by thread): rpms/wallpapoz/devel .cvsignore, 1.6, 1.7 sources, 1.6, 1.7 wallpapoz.spec, 1.7, 1.8
- Next message (by thread): rpms/scim/F-7 initial-locale-hotkey-186861.patch, 1.6, 1.7 scim.spec, 1.88, 1.89
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mlichvar
Update of /cvs/pkgs/rpms/mutt/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8202
Modified Files:
mutt.spec
Added Files:
mutt-apopmsgid.patch mutt-gecos.patch
Log Message:
- validate msgid in APOP authentication (CVE-2007-1558)
- fix overflow in gecos field handling (CVE-2007-2683)
mutt-apopmsgid.patch:
--- NEW FILE mutt-apopmsgid.patch ---
# HG changeset patch
# User Brendan Cully <brendan at kublai.com>
# Date 1175552458 25200
# Node ID 4adb236ca78d25cd6eb4805da033a0951b62b0dd
# Parent e363d7a6904653f2b5acc17f6ea0da526bb63711
Validate msgid in APOP authentication. Closes #2846
diff -r e363d7a69046 -r 4adb236ca78d pop_auth.c
--- a/pop_auth.c Tue Apr 03 08:59:11 2007 -0700
+++ b/pop_auth.c Mon Apr 02 15:20:58 2007 -0700
@@ -183,6 +183,13 @@ static pop_auth_res_t pop_auth_apop (POP
if (!pop_data->timestamp)
return POP_A_UNAVAIL;
+ if (rfc822_valid_msgid (pop_data->timestamp) < 0)
+ {
+ mutt_error _("POP timestamp is invalid!");
+ mutt_sleep (2);
+ return POP_A_UNAVAIL;
+ }
+
mutt_message _("Authenticating (APOP)...");
/* Compute the authentication hash to send to the server */
diff -r e363d7a69046 -r 4adb236ca78d rfc822.c
--- a/rfc822.c Tue Apr 03 08:59:11 2007 -0700
+++ b/rfc822.c Mon Apr 02 15:20:58 2007 -0700
@@ -792,6 +792,52 @@ ADDRESS *rfc822_append (ADDRESS **a, ADD
return tmp;
}
+/* incomplete. Only used to thwart the APOP MD5 attack (#2846). */
+int rfc822_valid_msgid (const char *msgid)
+{
+ /* msg-id = "<" addr-spec ">"
+ * addr-spec = local-part "@" domain
+ * local-part = word *("." word)
+ * word = atom / quoted-string
+ * atom = 1*<any CHAR except specials, SPACE and CTLs>
+ * CHAR = ( 0.-127. )
+ * specials = "(" / ")" / "<" / ">" / "@"
+ / "," / ";" / ":" / "\" / <">
+ / "." / "[" / "]"
+ * SPACE = ( 32. )
+ * CTLS = ( 0.-31., 127.)
+ * quoted-string = <"> *(qtext/quoted-pair) <">
+ * qtext = <any CHAR except <">, "\" and CR>
+ * CR = ( 13. )
+ * quoted-pair = "\" CHAR
+ * domain = sub-domain *("." sub-domain)
+ * sub-domain = domain-ref / domain-literal
+ * domain-ref = atom
+ * domain-literal = "[" *(dtext / quoted-pair) "]"
+ */
+
+ char* dom;
+ unsigned int l, i;
+
+ if (!msgid || !*msgid)
+ return -1;
+
+ l = mutt_strlen (msgid);
+ if (l < 5) /* <atom at atom> */
+ return -1;
+ if (msgid[0] != '<' || msgid[l-1] != '>')
+ return -1;
+ if (!(dom = strrchr (msgid, '@')))
+ return -1;
+
+ /* TODO: complete parser */
+ for (i = 0; i < l; i++)
+ if ((unsigned char)msgid[i] > 127)
+ return -1;
+
+ return 0;
+}
+
#ifdef TESTING
int safe_free (void **p) /* __SAFE_FREE_CHECKED__ */
{
diff -r e363d7a69046 -r 4adb236ca78d rfc822.h
--- a/rfc822.h Tue Apr 03 08:59:11 2007 -0700
+++ b/rfc822.h Mon Apr 02 15:20:58 2007 -0700
@@ -52,6 +52,7 @@ void rfc822_write_address_single (char *
void rfc822_write_address_single (char *, size_t, ADDRESS *, int);
void rfc822_free_address (ADDRESS **addr);
void rfc822_cat (char *, size_t, const char *, const char *);
+int rfc822_valid_msgid (const char *msgid);
extern int RFC822Error;
extern const char *RFC822Errors[];
mutt-gecos.patch:
--- NEW FILE mutt-gecos.patch ---
# HG changeset patch
# User Brendan Cully <brendan at kublai.com>
# Date 1178561955 25200
# Node ID 47d08903b79b78ce26516de97682b244d3573c47
# Parent f6861b85f22b1656a870aeabad83a1bbd9794af9
Use signed arithmetic in mutt_gecos_name to avoid an overflow.
Closes #2885.
diff -r f6861b85f22b -r 47d08903b79b muttlib.c
--- a/muttlib.c Wed May 02 10:50:07 2007 -0700
+++ b/muttlib.c Mon May 07 11:19:15 2007 -0700
@@ -540,7 +540,7 @@ char *mutt_gecos_name (char *dest, size_
if (dest[idx] == '&')
{
memmove (&dest[idx + pwnl], &dest[idx + 1],
- MAX(destlen - idx - pwnl - 1, 0));
+ MAX((ssize_t)(destlen - idx - pwnl - 1), 0));
memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
dest[idx] = toupper ((unsigned char) dest[idx]);
}
Index: mutt.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mutt/F-7/mutt.spec,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- mutt.spec 19 Mar 2007 13:41:20 -0000 1.44
+++ mutt.spec 31 May 2007 07:53:47 -0000 1.45
@@ -1,7 +1,7 @@
Summary: A text mode mail user agent
Name: mutt
Version: 1.5.14
-Release: 3%{?dist}
+Release: 4%{?dist}
Epoch: 5
License: GPL
Group: Applications/Internet
@@ -15,6 +15,8 @@
Patch5: urlview-0.9-default.patch
Patch6: urlview.diff
Patch7: mutt-1.5.14-checkmboxsize.patch
+Patch8: mutt-apopmsgid.patch
+Patch9: mutt-gecos.patch
Url: http://www.mutt.org/
Requires: /usr/sbin/sendmail webclient mailcap
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -39,6 +41,8 @@
%patch5 -p0 -b .default
%patch6 -p0 -b .build
%patch7 -p1 -b .checkmboxsize
+%patch8 -p1 -b .apopmsgid
+%patch9 -p1 -b .gecos
install -p -m644 %{SOURCE1} mutt_ldap_query
@@ -117,6 +121,10 @@
%{_mandir}/man5/muttrc.*
%changelog
+* Thu May 31 2007 Miroslav Lichvar <mlichvar at redhat.com> 5:1.5.14-4
+- validate msgid in APOP authentication (CVE-2007-1558)
+- fix overflow in gecos field handling (CVE-2007-2683)
+
* Mon Mar 19 2007 Miroslav Lichvar <mlichvar at redhat.com> 5:1.5.14-3
- fix building
- Previous message (by thread): rpms/wallpapoz/devel .cvsignore, 1.6, 1.7 sources, 1.6, 1.7 wallpapoz.spec, 1.7, 1.8
- Next message (by thread): rpms/scim/F-7 initial-locale-hotkey-186861.patch, 1.6, 1.7 scim.spec, 1.88, 1.89
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list