| 1 |
commit: 4ba91eed15ea76165f60e3478cd4461ce3d0cd3d |
| 2 |
Author: Eray Aslan <eras <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Jul 30 07:07:37 2021 +0000 |
| 4 |
Commit: Eray Aslan <eras <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Jul 30 07:07:37 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ba91eed |
| 7 |
|
| 8 |
net-mail/mailutils: disable escapes in non-interactive mode |
| 9 |
|
| 10 |
unlike other mail(1) implementations, mailutils mail command allowed |
| 11 |
escape characters in non-interactive mode, resulting in CVE-2021-32749 |
| 12 |
in fail2ban package. backport fix for mailutils-3.12 |
| 13 |
|
| 14 |
Bug: https://bugs.gentoo.org/802513 |
| 15 |
Package-Manager: Portage-3.0.20, Repoman-3.0.3 |
| 16 |
Signed-off-by: Eray Aslan <eras <AT> gentoo.org> |
| 17 |
|
| 18 |
.../files/mailutils-3.12-disable_escapes.patch | 24 ++++ |
| 19 |
net-mail/mailutils/mailutils-3.12-r3.ebuild | 144 +++++++++++++++++++++ |
| 20 |
2 files changed, 168 insertions(+) |
| 21 |
|
| 22 |
diff --git a/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch b/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch |
| 23 |
new file mode 100644 |
| 24 |
index 00000000000..073d1b67121 |
| 25 |
--- /dev/null |
| 26 |
+++ b/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch |
| 27 |
@@ -0,0 +1,24 @@ |
| 28 |
+From 4befcfd015256c568121653038accbd84820198f Mon Sep 17 00:00:00 2001 |
| 29 |
+From: Sergey Poznyakoff <gray@×××.org> |
| 30 |
+Date: Mon, 19 Jul 2021 11:27:40 +0300 |
| 31 |
+Subject: mail: disable compose escapes in non-interctive mode. |
| 32 |
+ |
| 33 |
+diff --git a/mail/send.c b/mail/send.c |
| 34 |
+index 1bdfe1134..098374dab 100644 |
| 35 |
+--- a/mail/send.c |
| 36 |
++++ b/mail/send.c |
| 37 |
+@@ -1324,8 +1324,9 @@ mail_compose_send (compose_env_t *env, int save_to) |
| 38 |
+ |
| 39 |
+ if (strcmp (buf, ".") == 0 && mailvar_is_true (mailvar_name_dot)) |
| 40 |
+ done = 1; |
| 41 |
+- else if (mailvar_get (&escape, mailvar_name_escape, |
| 42 |
+- mailvar_type_string, 0) == 0 |
| 43 |
++ else if (interactive |
| 44 |
++ && mailvar_get (&escape, mailvar_name_escape, |
| 45 |
++ mailvar_type_string, 0) == 0 |
| 46 |
+ && buf[0] == escape[0]) |
| 47 |
+ { |
| 48 |
+ if (buf[1] == buf[0]) |
| 49 |
+-- |
| 50 |
+cgit v1.2.1 |
| 51 |
+ |
| 52 |
|
| 53 |
diff --git a/net-mail/mailutils/mailutils-3.12-r3.ebuild b/net-mail/mailutils/mailutils-3.12-r3.ebuild |
| 54 |
new file mode 100644 |
| 55 |
index 00000000000..c4afe8dbaa5 |
| 56 |
--- /dev/null |
| 57 |
+++ b/net-mail/mailutils/mailutils-3.12-r3.ebuild |
| 58 |
@@ -0,0 +1,144 @@ |
| 59 |
+# Copyright 1999-2021 Gentoo Authors |
| 60 |
+# Distributed under the terms of the GNU General Public License v2 |
| 61 |
+ |
| 62 |
+EAPI=7 |
| 63 |
+PYTHON_COMPAT=( python3_{7,8,9,10} ) |
| 64 |
+ |
| 65 |
+inherit autotools elisp-common eutils flag-o-matic python-single-r1 toolchain-funcs |
| 66 |
+ |
| 67 |
+DESCRIPTION="A useful collection of mail servers, clients, and filters" |
| 68 |
+HOMEPAGE="https://mailutils.org/" |
| 69 |
+SRC_URI="mirror://gnu/mailutils/${P}.tar.xz" |
| 70 |
+ |
| 71 |
+LICENSE="GPL-2 LGPL-2.1" |
| 72 |
+SLOT="0" |
| 73 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-macos ~x64-macos" |
| 74 |
+IUSE="berkdb bidi +clients emacs gdbm sasl guile ipv6 kerberos kyotocabinet \ |
| 75 |
+ ldap mysql nls pam postgres python servers split-usr ssl static-libs +threads tcpd \ |
| 76 |
+ tokyocabinet" |
| 77 |
+ |
| 78 |
+RDEPEND=" |
| 79 |
+ !mail-filter/libsieve |
| 80 |
+ !mail-client/mailx |
| 81 |
+ sys-libs/ncurses:= |
| 82 |
+ sys-libs/readline:= |
| 83 |
+ dev-libs/libltdl:0 |
| 84 |
+ virtual/libcrypt:= |
| 85 |
+ virtual/mta |
| 86 |
+ berkdb? ( sys-libs/db:= ) |
| 87 |
+ bidi? ( dev-libs/fribidi ) |
| 88 |
+ emacs? ( >=app-editors/emacs-23.1:* ) |
| 89 |
+ gdbm? ( sys-libs/gdbm:= ) |
| 90 |
+ guile? ( dev-scheme/guile:12/2.2-1 ) |
| 91 |
+ kerberos? ( virtual/krb5 ) |
| 92 |
+ kyotocabinet? ( dev-db/kyotocabinet ) |
| 93 |
+ ldap? ( net-nds/openldap ) |
| 94 |
+ mysql? ( dev-db/mysql-connector-c ) |
| 95 |
+ nls? ( sys-devel/gettext ) |
| 96 |
+ pam? ( sys-libs/pam:= ) |
| 97 |
+ postgres? ( dev-db/postgresql:= ) |
| 98 |
+ python? ( ${PYTHON_DEPS} ) |
| 99 |
+ sasl? ( virtual/gsasl ) |
| 100 |
+ servers? ( virtual/libiconv dev-libs/libunistring:= ) |
| 101 |
+ ssl? ( net-libs/gnutls:= ) |
| 102 |
+ tcpd? ( sys-apps/tcp-wrappers ) |
| 103 |
+ tokyocabinet? ( dev-db/tokyocabinet ) |
| 104 |
+ " |
| 105 |
+ |
| 106 |
+DEPEND="${RDEPEND}" |
| 107 |
+ |
| 108 |
+BDEPEND="virtual/pkgconfig" |
| 109 |
+ |
| 110 |
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) |
| 111 |
+ servers? ( tcpd ldap )" |
| 112 |
+ |
| 113 |
+DOCS=( ABOUT-NLS AUTHORS COPYING COPYING.LESSER ChangeLog INSTALL NEWS README THANKS TODO ) |
| 114 |
+PATCHES=( |
| 115 |
+ "${FILESDIR}"/${PN}-3.5-add-include.patch |
| 116 |
+ "${FILESDIR}"/${P}-misssing-endif.patch |
| 117 |
+ "${FILESDIR}"/${P}-fix-big-endians.patch |
| 118 |
+ "${FILESDIR}"/${P}-disable_escapes.patch |
| 119 |
+) |
| 120 |
+ |
| 121 |
+pkg_setup() { |
| 122 |
+ use python && python-single-r1_pkg_setup |
| 123 |
+} |
| 124 |
+ |
| 125 |
+src_prepare() { |
| 126 |
+ default |
| 127 |
+ if use mysql; then |
| 128 |
+ sed -i -e /^INCLUDES/"s:$:$(mysql_config --include):" \ |
| 129 |
+ sql/Makefile.am || die |
| 130 |
+ fi |
| 131 |
+ eautoreconf |
| 132 |
+} |
| 133 |
+ |
| 134 |
+src_configure() { |
| 135 |
+ append-flags -fno-strict-aliasing |
| 136 |
+ |
| 137 |
+ # maildir is the Gentoo default |
| 138 |
+ econf \ |
| 139 |
+ MU_DEFAULT_SCHEME=maildir \ |
| 140 |
+ CURSES_LIBS="$($(tc-getPKG_CONFIG) --libs ncurses)" \ |
| 141 |
+ $(use_with berkdb berkeley-db) \ |
| 142 |
+ $(use_with bidi fribidi) \ |
| 143 |
+ $(use_enable ipv6) \ |
| 144 |
+ $(use_with gdbm) \ |
| 145 |
+ $(use_with sasl gsasl) \ |
| 146 |
+ $(use_with guile) \ |
| 147 |
+ $(use_with kerberos gssapi) \ |
| 148 |
+ $(use_with ldap) \ |
| 149 |
+ $(use_with mysql) \ |
| 150 |
+ $(use_enable nls) \ |
| 151 |
+ $(use_enable pam) \ |
| 152 |
+ $(use_with postgres) \ |
| 153 |
+ $(use_enable python) \ |
| 154 |
+ $(use_with ssl gnutls) \ |
| 155 |
+ $(use_enable static-libs static) \ |
| 156 |
+ $(use_enable threads pthread) \ |
| 157 |
+ $(use_with tokyocabinet) \ |
| 158 |
+ $(use_with kyotocabinet) \ |
| 159 |
+ $(use_with tcpd tcp-wrappers) \ |
| 160 |
+ $(use_enable servers build-servers) \ |
| 161 |
+ $(use_with servers unistring ) \ |
| 162 |
+ $(use_enable clients build-clients) \ |
| 163 |
+ EMACS=$(usex emacs emacs no) \ |
| 164 |
+ --with-lispdir="${EPREFIX}${SITELISP}/${PN}" \ |
| 165 |
+ --with-mail-spool=/var/spool/mail \ |
| 166 |
+ --with-readline \ |
| 167 |
+ --enable-sendmail \ |
| 168 |
+ --disable-debug |
| 169 |
+} |
| 170 |
+ |
| 171 |
+src_install() { |
| 172 |
+ default |
| 173 |
+ |
| 174 |
+ insinto /etc |
| 175 |
+ # bug 613112 |
| 176 |
+ newins "${FILESDIR}/mailutils.rc" mailutils.conf |
| 177 |
+ keepdir /etc/mailutils.d/ |
| 178 |
+ insinto /etc/mailutils.d |
| 179 |
+ doins "${FILESDIR}/mail" |
| 180 |
+ |
| 181 |
+ if use python; then |
| 182 |
+ python_optimize |
| 183 |
+ if use static-libs; then |
| 184 |
+ rm -r "${D}$(python_get_sitedir)/mailutils"/*.{a,la} || die |
| 185 |
+ fi |
| 186 |
+ fi |
| 187 |
+ |
| 188 |
+ if use servers; then |
| 189 |
+ newinitd "${FILESDIR}"/imap4d.initd imap4d |
| 190 |
+ newinitd "${FILESDIR}"/pop3d.initd pop3d |
| 191 |
+ newinitd "${FILESDIR}"/comsatd.initd comsatd |
| 192 |
+ fi |
| 193 |
+ |
| 194 |
+ # compatibility link |
| 195 |
+ if use clients && use split-usr; then |
| 196 |
+ dosym ../usr/bin/mail /bin/mail |
| 197 |
+ fi |
| 198 |
+ |
| 199 |
+ if ! use static-libs; then |
| 200 |
+ find "${D}" -name "*.la" -delete || die |
| 201 |
+ fi |
| 202 |
+} |
Archives