From: "Eray Aslan" <eras@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-mail/mailutils/files/, net-mail/mailutils/
Date: Fri, 30 Jul 2021 07:08:16 +0000 (UTC) [thread overview]
Message-ID: <1627628857.4ba91eed15ea76165f60e3478cd4461ce3d0cd3d.eras@gentoo> (raw)
commit: 4ba91eed15ea76165f60e3478cd4461ce3d0cd3d
Author: Eray Aslan <eras <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 30 07:07:37 2021 +0000
Commit: Eray Aslan <eras <AT> gentoo <DOT> org>
CommitDate: Fri Jul 30 07:07:37 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ba91eed
net-mail/mailutils: disable escapes in non-interactive mode
unlike other mail(1) implementations, mailutils mail command allowed
escape characters in non-interactive mode, resulting in CVE-2021-32749
in fail2ban package. backport fix for mailutils-3.12
Bug: https://bugs.gentoo.org/802513
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Eray Aslan <eras <AT> gentoo.org>
.../files/mailutils-3.12-disable_escapes.patch | 24 ++++
net-mail/mailutils/mailutils-3.12-r3.ebuild | 144 +++++++++++++++++++++
2 files changed, 168 insertions(+)
diff --git a/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch b/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch
new file mode 100644
index 00000000000..073d1b67121
--- /dev/null
+++ b/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch
@@ -0,0 +1,24 @@
+From 4befcfd015256c568121653038accbd84820198f Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Mon, 19 Jul 2021 11:27:40 +0300
+Subject: mail: disable compose escapes in non-interctive mode.
+
+diff --git a/mail/send.c b/mail/send.c
+index 1bdfe1134..098374dab 100644
+--- a/mail/send.c
++++ b/mail/send.c
+@@ -1324,8 +1324,9 @@ mail_compose_send (compose_env_t *env, int save_to)
+
+ if (strcmp (buf, ".") == 0 && mailvar_is_true (mailvar_name_dot))
+ done = 1;
+- else if (mailvar_get (&escape, mailvar_name_escape,
+- mailvar_type_string, 0) == 0
++ else if (interactive
++ && mailvar_get (&escape, mailvar_name_escape,
++ mailvar_type_string, 0) == 0
+ && buf[0] == escape[0])
+ {
+ if (buf[1] == buf[0])
+--
+cgit v1.2.1
+
diff --git a/net-mail/mailutils/mailutils-3.12-r3.ebuild b/net-mail/mailutils/mailutils-3.12-r3.ebuild
new file mode 100644
index 00000000000..c4afe8dbaa5
--- /dev/null
+++ b/net-mail/mailutils/mailutils-3.12-r3.ebuild
@@ -0,0 +1,144 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+PYTHON_COMPAT=( python3_{7,8,9,10} )
+
+inherit autotools elisp-common eutils flag-o-matic python-single-r1 toolchain-funcs
+
+DESCRIPTION="A useful collection of mail servers, clients, and filters"
+HOMEPAGE="https://mailutils.org/"
+SRC_URI="mirror://gnu/mailutils/${P}.tar.xz"
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-macos ~x64-macos"
+IUSE="berkdb bidi +clients emacs gdbm sasl guile ipv6 kerberos kyotocabinet \
+ ldap mysql nls pam postgres python servers split-usr ssl static-libs +threads tcpd \
+ tokyocabinet"
+
+RDEPEND="
+ !mail-filter/libsieve
+ !mail-client/mailx
+ sys-libs/ncurses:=
+ sys-libs/readline:=
+ dev-libs/libltdl:0
+ virtual/libcrypt:=
+ virtual/mta
+ berkdb? ( sys-libs/db:= )
+ bidi? ( dev-libs/fribidi )
+ emacs? ( >=app-editors/emacs-23.1:* )
+ gdbm? ( sys-libs/gdbm:= )
+ guile? ( dev-scheme/guile:12/2.2-1 )
+ kerberos? ( virtual/krb5 )
+ kyotocabinet? ( dev-db/kyotocabinet )
+ ldap? ( net-nds/openldap )
+ mysql? ( dev-db/mysql-connector-c )
+ nls? ( sys-devel/gettext )
+ pam? ( sys-libs/pam:= )
+ postgres? ( dev-db/postgresql:= )
+ python? ( ${PYTHON_DEPS} )
+ sasl? ( virtual/gsasl )
+ servers? ( virtual/libiconv dev-libs/libunistring:= )
+ ssl? ( net-libs/gnutls:= )
+ tcpd? ( sys-apps/tcp-wrappers )
+ tokyocabinet? ( dev-db/tokyocabinet )
+ "
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="virtual/pkgconfig"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )
+ servers? ( tcpd ldap )"
+
+DOCS=( ABOUT-NLS AUTHORS COPYING COPYING.LESSER ChangeLog INSTALL NEWS README THANKS TODO )
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.5-add-include.patch
+ "${FILESDIR}"/${P}-misssing-endif.patch
+ "${FILESDIR}"/${P}-fix-big-endians.patch
+ "${FILESDIR}"/${P}-disable_escapes.patch
+)
+
+pkg_setup() {
+ use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+ if use mysql; then
+ sed -i -e /^INCLUDES/"s:$:$(mysql_config --include):" \
+ sql/Makefile.am || die
+ fi
+ eautoreconf
+}
+
+src_configure() {
+ append-flags -fno-strict-aliasing
+
+ # maildir is the Gentoo default
+ econf \
+ MU_DEFAULT_SCHEME=maildir \
+ CURSES_LIBS="$($(tc-getPKG_CONFIG) --libs ncurses)" \
+ $(use_with berkdb berkeley-db) \
+ $(use_with bidi fribidi) \
+ $(use_enable ipv6) \
+ $(use_with gdbm) \
+ $(use_with sasl gsasl) \
+ $(use_with guile) \
+ $(use_with kerberos gssapi) \
+ $(use_with ldap) \
+ $(use_with mysql) \
+ $(use_enable nls) \
+ $(use_enable pam) \
+ $(use_with postgres) \
+ $(use_enable python) \
+ $(use_with ssl gnutls) \
+ $(use_enable static-libs static) \
+ $(use_enable threads pthread) \
+ $(use_with tokyocabinet) \
+ $(use_with kyotocabinet) \
+ $(use_with tcpd tcp-wrappers) \
+ $(use_enable servers build-servers) \
+ $(use_with servers unistring ) \
+ $(use_enable clients build-clients) \
+ EMACS=$(usex emacs emacs no) \
+ --with-lispdir="${EPREFIX}${SITELISP}/${PN}" \
+ --with-mail-spool=/var/spool/mail \
+ --with-readline \
+ --enable-sendmail \
+ --disable-debug
+}
+
+src_install() {
+ default
+
+ insinto /etc
+ # bug 613112
+ newins "${FILESDIR}/mailutils.rc" mailutils.conf
+ keepdir /etc/mailutils.d/
+ insinto /etc/mailutils.d
+ doins "${FILESDIR}/mail"
+
+ if use python; then
+ python_optimize
+ if use static-libs; then
+ rm -r "${D}$(python_get_sitedir)/mailutils"/*.{a,la} || die
+ fi
+ fi
+
+ if use servers; then
+ newinitd "${FILESDIR}"/imap4d.initd imap4d
+ newinitd "${FILESDIR}"/pop3d.initd pop3d
+ newinitd "${FILESDIR}"/comsatd.initd comsatd
+ fi
+
+ # compatibility link
+ if use clients && use split-usr; then
+ dosym ../usr/bin/mail /bin/mail
+ fi
+
+ if ! use static-libs; then
+ find "${D}" -name "*.la" -delete || die
+ fi
+}
next reply other threads:[~2021-07-30 7:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-30 7:08 Eray Aslan [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-01-08 10:12 [gentoo-commits] repo/gentoo:master commit in: net-mail/mailutils/files/, net-mail/mailutils/ Eray Aslan
2021-04-17 9:05 Eray Aslan
2020-03-23 11:51 Eray Aslan
2019-08-08 6:00 Eray Aslan
2019-02-07 13:14 Eray Aslan
2018-06-22 12:21 Eray Aslan
2018-06-19 15:58 Eray Aslan
2015-12-24 7:44 Eray Aslan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1627628857.4ba91eed15ea76165f60e3478cd4461ce3d0cd3d.eras@gentoo \
--to=eras@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox