Hello community, here is the log from the commit of package mutt for openSUSE:Factory checked in at 2020-06-25 15:07:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mutt (Old) and /work/SRC/openSUSE:Factory/.mutt.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mutt" Thu Jun 25 15:07:27 2020 rev:94 rq:816866 version:1.14.4 Changes: -------- --- /work/SRC/openSUSE:Factory/mutt/mutt.changes 2020-05-26 17:24:21.968625664 +0200 +++ /work/SRC/openSUSE:Factory/.mutt.new.3060/mutt.changes 2020-06-25 15:08:37.317590052 +0200 @@ -1,0 +2,35 @@ +Mon Jun 22 13:57:52 UTC 2020 - Dr. Werner Fink <[email protected]> + +- Update to 1.14.4 - bug-fix release (boo#1173197, CVE-2020-14954) + * Fix STARTTLS response injection attack. + +------------------------------------------------------------------- +Mon Jun 15 15:05:52 UTC 2020 - Werner Fink <[email protected]> + +- Update to 1.14.3 - bug-fix release (boo#1172906, boo#1172935, + CVE-2020-14093, CVE-2020-14154) + * Prevent possible IMAP MITM via PREAUTH response. + * expired where certs not properly rejected with GnuTLS + * Fix GnuTLS interactive prompt short-circuiting. + * Abort GnuTLS certificate check if a cert in the chain is rejected. + * Fix GnuTLS tls_verify_peers() checking. + * Fix GNUTLS_E_NO_CERTIFICATE_FOUND check to be against verify_ret + instead of certstat. + * Fix gnutls_strerror() call to use verify_ret instead of certstat. +- Modify/refresh patches + * aw.listreply.diff + * bsc907453-CVE-2014-9116-jessie.patch + * bug-676388-largefile.patch + * mutt-1.10.1-imap.patch + * mutt-1.13.3.dif + * mutt-1.5.15-wrapcolumn.diff + * mutt-1.5.20-sendgroupreplyto.diff + * mutt-1.5.21-mailcap.diff + * mutt-1.5.23-carriage-return.path + * mutt-1.5.9i-pgpewrap.diff + * mutt-1.6.1-opennfs.dif + * mutt-Fix-SIGQUIT-handling.patch + * patch-1.5.24.vk.pgp_verbose_mime + * widechar.sidebar.dif + +------------------------------------------------------------------- Old: ---- mutt-1.14.1.tar.gz New: ---- mutt-1.14.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mutt.spec ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.121601988 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.125602001 +0200 @@ -78,7 +78,7 @@ Requires(post): shared-mime-info Requires(postun): shared-mime-info %endif -Version: 1.14.1 +Version: 1.14.4 Release: 0 Summary: Mail Program # ftp://ftp.mutt.org/mutt/devel/ ++++++ aw.listreply.diff ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.169602139 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.169602139 +0200 @@ -8,7 +8,7 @@ --- init.h +++ init.h 2020-01-14 13:35:13.352604037 +0000 -@@ -1745,6 +1745,13 @@ struct option_t MuttVars[] = { +@@ -1819,6 +1819,13 @@ struct option_t MuttVars[] = { ** from your spool mailbox to your $$mbox mailbox, or as a result of ** a ``$mbox-hook'' command. */ @@ -24,7 +24,7 @@ ** .pp --- mutt.h +++ mutt.h 2020-01-14 13:32:27.595685455 +0000 -@@ -338,6 +338,7 @@ enum +@@ -337,6 +337,7 @@ enum #endif OPT_SUBJECT, OPT_VERIFYSIG, /* verify PGP signatures */ @@ -34,7 +34,7 @@ OPT_MAX --- send.c +++ send.c 2020-01-14 13:32:27.599685379 +0000 -@@ -565,6 +565,7 @@ static int include_reply (CONTEXT *ctx, +@@ -567,6 +567,7 @@ static int include_reply (CONTEXT *ctx, static int default_to (ADDRESS **to, ENVELOPE *env, int flags, int hmfupto) { char prompt[STRING]; @@ -42,7 +42,7 @@ if (flags && env->mail_followup_to && hmfupto == MUTT_YES) { -@@ -578,6 +579,23 @@ static int default_to (ADDRESS **to, ENV +@@ -580,6 +581,23 @@ static int default_to (ADDRESS **to, ENV if (flags & SENDLISTREPLY) return 0; ++++++ bsc907453-CVE-2014-9116-jessie.patch ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.177602165 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.177602165 +0200 @@ -18,7 +18,7 @@ --- lib.c +++ lib.c 2019-01-02 13:25:44.767193676 +0000 -@@ -662,6 +662,9 @@ char *mutt_substrdup (const char *begin, +@@ -666,6 +666,9 @@ char *mutt_substrdup (const char *begin, size_t len; char *p; ++++++ bug-676388-largefile.patch ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.189602202 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.189602202 +0200 @@ -20,7 +20,7 @@ return -1; --- mutt.h +++ mutt.h 2020-01-14 13:31:51.368358811 +0000 -@@ -759,7 +759,7 @@ typedef struct body +@@ -766,7 +766,7 @@ typedef struct body PARAMETER *parameter; /* parameters of the content-type */ char *description; /* content-description */ char *form_name; /* Content-Disposition form-data name param */ ++++++ mutt-1.10.1-imap.patch ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.197602227 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.197602227 +0200 @@ -4,7 +4,7 @@ --- browser.c +++ browser.c 2020-01-14 14:51:44.927127369 +0000 -@@ -969,6 +969,16 @@ void _mutt_buffer_select_file (BUFFER *f +@@ -974,6 +974,16 @@ void _mutt_buffer_select_file (BUFFER *f mutt_buffer_strcpy (f, state.entry[menu->current].full_path); ++++++ mutt-1.13.3.dif ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.209602264 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.209602264 +0200 @@ -16,7 +16,7 @@ CPPFLAGS="$CPPFLAGS -I${withval}/include" fi LDFLAGS="$LDFLAGS -L${withval}/lib" -@@ -766,8 +766,12 @@ AC_ARG_WITH(ssl, AS_HELP_STRING([--with- +@@ -799,8 +799,12 @@ AC_ARG_WITH(ssl, AS_HELP_STRING([--with- else if test "$with_ssl" != "yes" then @@ -31,7 +31,7 @@ fi saved_LIBS="$LIBS" -@@ -854,8 +858,12 @@ AC_ARG_WITH(sasl, AS_HELP_STRING([--with +@@ -887,8 +891,12 @@ AC_ARG_WITH(sasl, AS_HELP_STRING([--with if test "$with_sasl" != "yes" then ++++++ mutt-1.14.1.tar.gz -> mutt-1.14.4.tar.gz ++++++ ++++ 21026 lines of diff (skipped) ++++++ mutt-1.5.15-wrapcolumn.diff ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.681603746 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.681603746 +0200 @@ -6,7 +6,7 @@ --- init.h +++ init.h 2020-01-14 13:28:27.408149074 +0000 -@@ -4345,6 +4345,7 @@ struct option_t MuttVars[] = { +@@ -4423,6 +4423,7 @@ struct option_t MuttVars[] = { ** printing, or replying to messages. */ { "wrap", DT_NUM, R_PAGER, {.p=&Wrap}, {.l=0} }, ++++++ mutt-1.5.20-sendgroupreplyto.diff ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.689603771 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.689603771 +0200 @@ -6,7 +6,7 @@ --- init.h +++ init.h 2020-01-14 13:12:26.725982952 +0000 -@@ -3078,6 +3078,13 @@ struct option_t MuttVars[] = { +@@ -3155,6 +3155,13 @@ struct option_t MuttVars[] = { ** .pp ** Also see the $$force_name variable. */ @@ -22,7 +22,7 @@ ** .pp --- mutt.h +++ mutt.h 2020-01-14 13:07:33.727426389 +0000 -@@ -509,6 +509,7 @@ enum +@@ -515,6 +515,7 @@ enum OPTSAVEADDRESS, OPTSAVEEMPTY, OPTSAVENAME, @@ -32,7 +32,7 @@ OPTSIDEBAR, --- send.c +++ send.c 2020-01-14 13:07:33.727426389 +0000 -@@ -679,9 +679,12 @@ int mutt_fetch_recips (ENVELOPE *out, EN +@@ -681,9 +681,12 @@ int mutt_fetch_recips (ENVELOPE *out, EN (!in->mail_followup_to || hmfupto != MUTT_YES)) { /* if (!mutt_addr_is_user(in->to)) */ ++++++ mutt-1.5.21-mailcap.diff ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.693603784 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.697603796 +0200 @@ -9,7 +9,7 @@ --- init.c +++ init.c 2019-01-02 13:25:20.795634552 +0000 -@@ -3577,7 +3577,7 @@ void mutt_init (int skip_sys_rc, LIST *c +@@ -3620,7 +3620,7 @@ void mutt_init (int skip_sys_rc, LIST *c else { /* Default search path from RFC1524 */ ++++++ mutt-1.5.23-carriage-return.path ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.705603821 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.705603821 +0200 @@ -19,7 +19,7 @@ } --- lib.c +++ lib.c 2019-11-13 13:42:00.245189313 +0000 -@@ -718,6 +718,17 @@ int mutt_strcmp(const char *a, const cha +@@ -722,6 +722,17 @@ int mutt_strcmp(const char *a, const cha return strcmp(NONULL(a), NONULL(b)); } @@ -49,7 +49,7 @@ int mutt_strcoll (const char *, const char *); --- pager.c +++ pager.c 2019-11-13 13:48:32.257845120 +0000 -@@ -826,7 +826,7 @@ resolve_types (char *buf, char *raw, str +@@ -829,7 +829,7 @@ resolve_types (char *buf, char *raw, str lineInfo[n].type = MT_COLOR_NORMAL; else if (check_attachment_marker ((char *) raw) == 0) lineInfo[n].type = MT_COLOR_ATTACHMENT; @@ -116,7 +116,7 @@ key = 1; } } -@@ -1297,9 +1297,9 @@ BODY *pgp_sign_message (BODY *a) +@@ -1303,9 +1303,9 @@ BODY *pgp_sign_message (BODY *a) */ while (fgets (buffer, sizeof (buffer) - 1, pgpout) != NULL) { ++++++ mutt-1.5.9i-pgpewrap.diff ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.709603834 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.713603846 +0200 @@ -4,7 +4,7 @@ --- pgpewrap.c +++ pgpewrap.c 2019-11-13 13:00:01.256398592 +0000 -@@ -65,6 +65,11 @@ int main(int argc, char **argv) +@@ -57,6 +57,11 @@ int main(int argc, char **argv) } *opt = NULL; ++++++ mutt-1.6.1-opennfs.dif ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.721603872 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.721603872 +0200 @@ -19,7 +19,7 @@ postpone.c query.c recvattach.c recvcmd.c \ rfc822.c rfc1524.c rfc2047.c rfc2231.c rfc3676.c \ score.c send.c sendlib.c signal.c sort.c \ -@@ -89,7 +89,7 @@ mutt_dotlock_SOURCES = mutt_dotlock.c +@@ -94,7 +94,7 @@ mutt_dotlock_SOURCES = mutt_dotlock.c mutt_dotlock_LDADD = $(LIBOBJS) mutt_dotlock_DEPENDENCIES = $(LIBOBJS) @@ -73,7 +73,7 @@ { --- mutt.h +++ mutt.h 2020-01-14 13:28:45.787807571 +0000 -@@ -1169,4 +1169,7 @@ typedef struct +@@ -1183,4 +1183,7 @@ typedef struct #include "lib.h" #include "globals.h" @@ -83,7 +83,7 @@ #endif /*MUTT_H*/ --- muttlib.c +++ muttlib.c 2020-01-14 13:28:45.787807571 +0000 -@@ -2391,6 +2391,10 @@ int safe_open (const char *path, int fla +@@ -2496,6 +2496,10 @@ int safe_open (const char *path, int fla BUFFER *safe_file = NULL; BUFFER *safe_dir = NULL; @@ -94,7 +94,7 @@ if (flags & O_EXCL) { safe_file = mutt_buffer_pool_get (); -@@ -2419,7 +2423,7 @@ int safe_open (const char *path, int fla +@@ -2524,7 +2528,7 @@ int safe_open (const char *path, int fla if ((fd = open (path, flags & ~O_EXCL, 0600)) < 0) goto cleanup; @@ -230,7 +230,7 @@ +} --- sendlib.c +++ sendlib.c 2020-01-14 13:28:45.787807571 +0000 -@@ -2489,7 +2489,11 @@ send_msg (const char *path, char **args, +@@ -2496,7 +2496,11 @@ send_msg (const char *path, char **args, if (SendmailWait >= 0 && tempfile && *tempfile) { /* *tempfile will be opened as stdout */ ++++++ mutt-Fix-SIGQUIT-handling.patch ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.729603896 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.729603896 +0200 @@ -40,7 +40,7 @@ sigaction (SIGINT, &act, NULL); #if defined (USE_SLANG_CURSES) || defined (HAVE_RESIZETERM) sigaction (SIGWINCH, &act, NULL); -@@ -215,6 +216,7 @@ void mutt_block_signals (void) +@@ -213,6 +214,7 @@ void mutt_block_signals (void) sigaddset (&Sigset, SIGTERM); sigaddset (&Sigset, SIGHUP); sigaddset (&Sigset, SIGTSTP); @@ -48,7 +48,7 @@ sigaddset (&Sigset, SIGINT); #if defined (USE_SLANG_CURSES) || defined (HAVE_RESIZETERM) sigaddset (&Sigset, SIGWINCH); -@@ -289,5 +291,6 @@ void mutt_allow_interrupt (int dispositi +@@ -287,5 +289,6 @@ void mutt_allow_interrupt (int dispositi if (disposition == 0) sa.sa_flags |= SA_RESTART; #endif ++++++ patch-1.5.24.vk.pgp_verbose_mime ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.761603997 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.761603997 +0200 @@ -6,7 +6,7 @@ --- globals.h +++ globals.h 2020-01-14 13:37:00.770606718 +0000 -@@ -270,6 +270,8 @@ WHERE char *PgpDefaultKey; +@@ -275,6 +275,8 @@ WHERE char *PgpDefaultKey; WHERE char *PgpSignAs; WHERE long PgpTimeout; WHERE char *PgpEntryFormat; @@ -17,7 +17,7 @@ WHERE char *PgpVerifyCommand; --- init.h +++ init.h 2020-01-14 13:41:15.145875625 +0000 -@@ -3461,9 +3461,18 @@ struct option_t MuttVars[] = { +@@ -3538,9 +3538,18 @@ struct option_t MuttVars[] = { ** a line quoted text if it also matches $$smileys. This mostly ** happens at the beginning of a line. */ @@ -41,7 +41,7 @@ ** .pp --- pgp.c +++ pgp.c 2020-01-14 13:42:29.880485319 +0000 -@@ -1360,7 +1360,8 @@ BODY *pgp_sign_message (BODY *a) +@@ -1366,7 +1366,8 @@ BODY *pgp_sign_message (BODY *a) t->disposition = DISPNONE; t->encoding = ENC7BIT; t->unlink = 1; /* ok to remove this file after sending. */ ++++++ widechar.sidebar.dif ++++++ --- /var/tmp/diff_new_pack.QV6CHa/_old 2020-06-25 15:08:41.781604060 +0200 +++ /var/tmp/diff_new_pack.QV6CHa/_new 2020-06-25 15:08:41.785604072 +0200 @@ -42,7 +42,7 @@ } break; -@@ -1580,7 +1580,7 @@ void mutt_decode_attachment (BODY *b, ST +@@ -1588,7 +1588,7 @@ void mutt_decode_attachment (BODY *b, ST * strip all trailing spaces to improve interoperability; * if $text_flowed is unset, simply verbatim copy input */
