commit: a760a283613c47ac37b31c6394f89a431e823ca8 Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> AuthorDate: Sun Jun 21 07:44:41 2020 +0000 Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> CommitDate: Sun Jun 21 07:44:41 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a760a283
mail-client/mutt-1.14.4-r1: yet another security bump Bug: https://bugs.gentoo.org/728708 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> mail-client/mutt/Manifest | 2 -- .../mutt-1.14.4-no-imap-preauth-with-tunnel.patch | 30 ++++++++++++++++++++++ .../{mutt-1.14.2.ebuild => mutt-1.14.4-r1.ebuild} | 3 +++ 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/mail-client/mutt/Manifest b/mail-client/mutt/Manifest index 59e1934cdb4..53bf8d6a901 100644 --- a/mail-client/mutt/Manifest +++ b/mail-client/mutt/Manifest @@ -1,8 +1,6 @@ DIST mutt-1.13.5.tar.gz 4902500 BLAKE2B 24c7f40ca177a64118f30d3ea1af95ebbf88c4e9b53a12bab058544350606b85d47ed659eab5f59e5bf17964843243ce175b6e0f0571baca93367ed1bc866a94 SHA512 f2ea863626e5dad4854c98a1797faa97c9f14fb5161c590e88ee02afbdde7f48493bd2cce6109f9839501cf38aa238dc804f4c98f17ac97c68b48cb0bc0e5b4a -DIST mutt-1.14.2.tar.gz 5222938 BLAKE2B e59dd4e1e61380a3c49fce8d722e7a263e81713208660e28629f428bc13724ccc80cffb3345ec1b8dd0a8aefa32ccdea94b8098b826268ce0fe64f6a11bdfec5 SHA512 b18b0bc52341d31a60558ca9b11545f5352e89bf7c215b10061efcd382af287416299f7efa017e3a03937a11fd630330ff8389dbe80fae2e6437297687653cb8 DIST mutt-1.14.3.tar.gz 5003987 BLAKE2B 43e9be05e3da6f3c257bc405fdf45b87114efdeece169d2919390b5cf35a935d1c2798b0ab7eb213eb25eed3008e452fc4c9f02ca8fdb209dce8d9655fe7fb84 SHA512 d7ac53cd383e7491666aeb0b33703dee47cfb9a8671484b713f3b5051227ca2fa618320df0267b7d4eb43a22f9fc9d20d457ddb3f98f907ce49fe7f2915a865e DIST mutt-1.14.4.tar.gz 5007437 BLAKE2B 89d4327ddd86ec320c63db6ee9d3c07b7540a74aba7efdcb9605e5c5c242dec99fb5137d1cfc62fd4401e2af7589f03ebce78dfa2deae262aef408b804544656 SHA512 86484f009ca8bd1e26206694e03609a16f8a4e8c83620a07a4376fe160535a838e8c918a8a30799fb3d9cf46c059d67124f7425c42093fb5e5bf8ea4ac310daa DIST mutt-gentoo-1.13.5-patches-r0.tar.xz 35932 BLAKE2B 7f4488e6478ba2a2593a58d9905fd8cb857d95a7c05dd90d7d08843bafc060c0560fc5061a85a0a91baf063f055139fa09e5a54ea353e0118418f73baa333928 SHA512 1ddad0550a9bc772247d5ca468efd044c9eeccb497cbe391b19382d598fd0ec8dbdb3d34d4297cc5cd3a8ff43c881155a5874db24e89c0f2a4702b6e0ba4f0d9 -DIST mutt-gentoo-1.14.2-patches-r0.tar.xz 31076 BLAKE2B 31bb4efd03f45b4b79ed325471166e91f0e419318f3cf1e5426a627e2557bf19fbe03ae2c19cc97719c574b6a8df19b96955429651bffb41d5220888553b86a9 SHA512 5a0ddf0242caed5bed19700904b0fd91883542b9b12f0b16c1b4f7f39944d0737429991cca7cbf4f9932deada8b7fd71caff284775ddfcf3ec283554d3e727a9 DIST mutt-gentoo-1.14.3-patches-r0.tar.xz 31148 BLAKE2B 49f5f7b446d635de31e5280bad09422bcf27543b58e2eade6ddec35524e9c49083fe59224e6103d6992f53571d77c606c6280e58d05606900ed01ccbd4c4d697 SHA512 444f6456b3c1eb423cd990c3f5a7f4f6ce7f0706f461ca507846ce6ee855e32331720bc7c0fa2cb834d5433d9e7a0d7d2d90c5b8c0ac917dbd3c63a622ae6ce5 DIST mutt-gentoo-1.14.4-patches-r0.tar.xz 31124 BLAKE2B a9774a5bb5af18a275f7ea171cb08a12a98d63cbff57320d5d3fb4f995aac16f409689ac0015f3b5d37cfc20004c9fca72a3f63663aaa679a129d5f3886bc5cc SHA512 05506399a471c262479db88ef11d2a95d79598fd696fe50de5f5c1c3cae5adf30a2806a1500ba94a62bcbf7deed99acc59a8afb903f50169e41b77010e0ad8cc diff --git a/mail-client/mutt/files/mutt-1.14.4-no-imap-preauth-with-tunnel.patch b/mail-client/mutt/files/mutt-1.14.4-no-imap-preauth-with-tunnel.patch new file mode 100644 index 00000000000..d4d2104db08 --- /dev/null +++ b/mail-client/mutt/files/mutt-1.14.4-no-imap-preauth-with-tunnel.patch @@ -0,0 +1,30 @@ +From dc909119b3433a84290f0095c0f43a23b98b3748 Mon Sep 17 00:00:00 2001 +From: Kevin McCarthy <[email protected]> +Date: Sat, 20 Jun 2020 06:35:35 -0700 +Subject: [PATCH] Don't check IMAP PREAUTH encryption if $tunnel is in use. + +$tunnel is used to create an external encrypted connection. The +default of $ssl_starttls is yes, meaning those kinds of connections +will be broken by the CVE-2020-14093 fix. +--- + imap/imap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/imap/imap.c b/imap/imap.c +index 3ca10df4..78d75b07 100644 +--- a/imap/imap.c ++++ b/imap/imap.c +@@ -532,8 +532,8 @@ int imap_open_connection (IMAP_DATA* idata) + { + #if defined(USE_SSL) + /* An unencrypted PREAUTH response is most likely a MITM attack. +- * Require a confirmation. */ +- if (!idata->conn->ssf) ++ * Require a confirmation unless using $tunnel. */ ++ if (!idata->conn->ssf && !Tunnel) + { + if (option(OPTSSLFORCETLS) || + (query_quadoption (OPT_SSLSTARTTLS, +-- +GitLab + diff --git a/mail-client/mutt/mutt-1.14.2.ebuild b/mail-client/mutt/mutt-1.14.4-r1.ebuild similarity index 98% rename from mail-client/mutt/mutt-1.14.2.ebuild rename to mail-client/mutt/mutt-1.14.4-r1.ebuild index 655ecdfe2af..7703c01f823 100644 --- a/mail-client/mutt/mutt-1.14.2.ebuild +++ b/mail-client/mutt/mutt-1.14.4-r1.ebuild @@ -74,6 +74,9 @@ RDEPEND="${CDEPEND} src_prepare() { local PATCHDIR="${WORKDIR}"/mutt-gentoo-${PV}-patches-${PATCHREV} + # really unfortunate security fix of the day ... + eapply "${FILESDIR}"/${P}-no-imap-preauth-with-tunnel.patch + if use !vanilla ; then # apply patches export EPATCH_FORCE="yes"
