summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/mail.scm16
-rw-r--r--gnu/packages/patches/mutt-CVE-2014-9116.patch46
3 files changed, 5 insertions, 58 deletions
diff --git a/gnu-system.am b/gnu-system.am
index d846bcecde..e62fe18c97 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -567,7 +567,6 @@ dist_patch_DATA =						\
   gnu/packages/patches/module-init-tools-moduledir.patch	\
   gnu/packages/patches/mumps-build-parallelism.patch		\
   gnu/packages/patches/mupdf-buildsystem-fix.patch		\
-  gnu/packages/patches/mutt-CVE-2014-9116.patch			\
   gnu/packages/patches/mutt-store-references.patch		\
   gnu/packages/patches/net-tools-bitrot.patch			\
   gnu/packages/patches/ngircd-handle-zombies.patch		\
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 53842b3aa0..25407b835a 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -171,21 +171,15 @@ aliasing facilities to work just as they would on normal mail.")
 (define-public mutt
   (package
     (name "mutt")
-    (version "1.5.23")
+    (version "1.5.24")
     (source (origin
              (method url-fetch)
-             (uri (list ;; Temporarily put bitbucket first, because
-                        ;; ftp.mutt.org has been down for a while.
-                        (string-append "https://bitbucket.org/mutt/mutt/downloads/mutt-"
-                                       version ".tar.gz")
-                        (string-append "ftp://ftp.mutt.org/mutt/devel/mutt-"
-                                       version ".tar.gz")))
+             (uri (string-append "ftp://ftp.mutt.org/pub/mutt/mutt-"
+                                 version ".tar.gz"))
              (sha256
               (base32
-               "0dzx4qk50pjfsb6cs5jahng96a52k12f7pm0sc78iqdrawg71w1s"))
-             (patches (map search-patch
-                           '("mutt-CVE-2014-9116.patch"
-                             "mutt-store-references.patch")))))
+               "0012njrgxf1barjksqkx7ccid2l0xyikhna9mjs9vcfpbrvcm4m2"))
+             (patches (list (search-patch "mutt-store-references.patch")))))
     (build-system gnu-build-system)
     (inputs
      `(("cyrus-sasl" ,cyrus-sasl)
diff --git a/gnu/packages/patches/mutt-CVE-2014-9116.patch b/gnu/packages/patches/mutt-CVE-2014-9116.patch
deleted file mode 100644
index 91e17ecbe0..0000000000
--- a/gnu/packages/patches/mutt-CVE-2014-9116.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Fix CVE-2014-9116.  Copied from Debian:
-
-This patch solves the issue raised by CVE-2014-9116 in bug 771125.
-
-We correctly redefine what are the whitespace characters as per RFC5322; by
-doing so we prevent mutt_substrdup from being used in a way that could lead to
-a segfault.
-
-The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
-crashes due to this kind of bugs from happening again.
-
-The wheezy version of this patch is slightly different, therefore this patch
-has -jessie prefixed in its name.
-
-The sendlib.c part was provided by Salvatore Bonaccorso and it is the same as
-the upstream patch reported here:
-http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable.patch
-
---- a/lib.c
-+++ b/lib.c
-@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
-   size_t len;
-   char *p;
- 
-+  if (end != NULL && end < begin)
-+    return NULL;
-+
-   if (end)
-     len = end - begin;
-   else
---- a/sendlib.c
-+++ b/sendlib.c
-@@ -1814,7 +1814,12 @@ static int write_one_header (FILE *fp, i
-     {
-       tagbuf = mutt_substrdup (start, t);
-       /* skip over the colon separating the header field name and value */
--      t = skip_email_wsp(t + 1);
-+      ++t;
-+
-+      /* skip over any leading whitespace (WSP, as defined in RFC5322) */
-+      while (*t == ' ' || *t == '\t')
-+        t++;
-+
-       valbuf = mutt_substrdup (t, end);
-     }
-     dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "