From 26e612a8c37bb8190c7c9cb309e0160adf51615b Mon Sep 17 00:00:00 2001 From: Tuan Van Date: Tue, 14 Mar 2006 18:45:11 +0000 Subject: [PATCH] security bump. Bug #126052. Patch by Ulf Harnhammar from Debian bug (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482) Package-Manager: portage-2.1_pre5-r4 --- net-mail/metamail/ChangeLog | 13 +++++- net-mail/metamail/Manifest | 33 +++++++++++--- .../files/digest-metamail-2.7.45.3-r1 | 6 +++ .../metamail-2.7.45.3-CVE-2006-0709.patch | 40 +++++++++++++++++ net-mail/metamail/metamail-2.7.45.3-r1.ebuild | 43 +++++++++++++++++++ 5 files changed, 126 insertions(+), 9 deletions(-) create mode 100644 net-mail/metamail/files/digest-metamail-2.7.45.3-r1 create mode 100644 net-mail/metamail/files/metamail-2.7.45.3-CVE-2006-0709.patch create mode 100644 net-mail/metamail/metamail-2.7.45.3-r1.ebuild diff --git a/net-mail/metamail/ChangeLog b/net-mail/metamail/ChangeLog index b38b56e3f505..332f2d9ff2ec 100644 --- a/net-mail/metamail/ChangeLog +++ b/net-mail/metamail/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-mail/metamail -# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-mail/metamail/ChangeLog,v 1.26 2005/09/12 08:46:20 ticho Exp $ +# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-mail/metamail/ChangeLog,v 1.27 2006/03/14 18:45:11 langthang Exp $ + +*metamail-2.7.45.3-r1 (14 Mar 2006) + + 14 Mar 2006; Tuấn Văn + +files/metamail-2.7.45.3-CVE-2006-0709.patch, + +metamail-2.7.45.3-r1.ebuild: + security bump. Bug #126052. + Patch by Ulf Harnhammar from Debian bug + (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482) 12 Sep 2005; Andrej Kacian metamail-2.7.45.3.ebuild: Use mirror:// in SRC_URI. diff --git a/net-mail/metamail/Manifest b/net-mail/metamail/Manifest index 4d1d3a410c44..b8edc0dc00f3 100644 --- a/net-mail/metamail/Manifest +++ b/net-mail/metamail/Manifest @@ -1,15 +1,34 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 111db6d63212d78d79a731558243e46d metamail-2.7.45.3.ebuild 1061 -MD5 f7ce31b81bf5f8106f49db0c632e4ffa ChangeLog 3460 -MD5 5721b86fd871bdfab77231abc6e02f68 metadata.xml 161 +MD5 b146d9f93f710f85edae38afc3a8360c ChangeLog 3765 +RMD160 d4ad0829e05ce79872991512e2dc7008079e7db4 ChangeLog 3765 +SHA256 4b3df5df2751ac41fdd34a4491f1840124d2eb13e78801055cd36209f3fd1adb ChangeLog 3765 MD5 b421f8d33431489dece46eb18ef7c643 files/digest-metamail-2.7.45.3 126 +RMD160 e0a6521c05f99814c0280fa9938230e68a8ffbb0 files/digest-metamail-2.7.45.3 126 +SHA256 e774748a48911ad61eb0b4cd91d9f2a8359409787adb9d6b5bcfd3ea0af3af8c files/digest-metamail-2.7.45.3 126 +MD5 a787cdcf9e8a3472fae8552fe2777a5f files/digest-metamail-2.7.45.3-r1 470 +RMD160 45f696d9763595e6ca12efad18033f566b2bc04a files/digest-metamail-2.7.45.3-r1 470 +SHA256 932d2925a35cc977d35ebf3f0bde4708618f1c7af59f3bbe6524179ed4a58bab files/digest-metamail-2.7.45.3-r1 470 +MD5 573a9bfc8feea6f3e10f43aae15d5c53 files/metamail-2.7.45.3-CVE-2006-0709.patch 1900 +RMD160 36717abc5bb938a03d143f82c8870e376e4fb426 files/metamail-2.7.45.3-CVE-2006-0709.patch 1900 +SHA256 cd5363d62d3f277c5d13694b364177230976c2abca508d8adbcaf1d4d520fc3a files/metamail-2.7.45.3-CVE-2006-0709.patch 1900 MD5 2c155e17aab4712ce1deb01c3601cc18 files/mime.types 16442 +RMD160 6bf3a0c4ddf4313985a37f4377d8775fdebc714f files/mime.types 16442 +SHA256 83191c4d60ad3874f7ce9cac45d6fe30cb71ed3c623c312600a1a284735515b3 files/mime.types 16442 +MD5 5721b86fd871bdfab77231abc6e02f68 metadata.xml 161 +RMD160 273e570423fa3cd9d3f15f7967a43307c8ee9661 metadata.xml 161 +SHA256 4ebf9a8f60040bfb95f13790c1d146a49c69f791f9c421e02a5d96fd6fcb2b32 metadata.xml 161 +MD5 9cbeaf1f89d17971613831096305eb61 metamail-2.7.45.3-r1.ebuild 1119 +RMD160 ccd19b3b76578d6e333389e09d99c5902fdbf0c4 metamail-2.7.45.3-r1.ebuild 1119 +SHA256 6353b4eca95f8cdc64916cf1acfabd45ad530658e014c666aa61be28c3cb1df5 metamail-2.7.45.3-r1.ebuild 1119 +MD5 111db6d63212d78d79a731558243e46d metamail-2.7.45.3.ebuild 1061 +RMD160 3b47f71c2f3552a81fe3ba2b853dfd9936d39438 metamail-2.7.45.3.ebuild 1061 +SHA256 7894b9ffad95c88e6955801455ff8a266f2ed535b2bc3c3d8fbc8c697b76f92e metamail-2.7.45.3.ebuild 1061 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.2 (GNU/Linux) +Version: GnuPG v1.4.2.2 (GNU/Linux) -iD8DBQFDJUByQlM6RnzZP+IRAqLGAJ9qnBpkA/eoOJW1Bml+DKqWC8UvrACdHl2S -Ug53gX9w5de/9PeAADZeYXY= -=z8h2 +iD8DBQFEFw8x5FrxP71izLARAvtwAJ9wz4d8UGGZpSnjKz9OhilmY9HslgCfSy7O +UKjKH3DOXBYPhmleeNtW/+Y= +=/Bf7 -----END PGP SIGNATURE----- diff --git a/net-mail/metamail/files/digest-metamail-2.7.45.3-r1 b/net-mail/metamail/files/digest-metamail-2.7.45.3-r1 new file mode 100644 index 000000000000..99739afb6222 --- /dev/null +++ b/net-mail/metamail/files/digest-metamail-2.7.45.3-r1 @@ -0,0 +1,6 @@ +MD5 dbdec335a800cafac0c3353649ed01ac metamail_2.7-45.3.diff.gz 337924 +RMD160 b3643b36aa973a620c83a7ab2f7a826643dbc612 metamail_2.7-45.3.diff.gz 337924 +SHA256 4708d439000c2c05dea91b8ed184aa06dbba037c14e880154f54ad57eef9e5e4 metamail_2.7-45.3.diff.gz 337924 +MD5 fd5617ea87e20d7f2fa839e1d1fede60 mm2.7.tar.Z 262881 +RMD160 ae322cad0653140cbe7f0148ce48757df98c26b0 mm2.7.tar.Z 262881 +SHA256 9c0281bdce32a7d3e61c1e3c703a748acb5d216d082a718efa316f68b9808a96 mm2.7.tar.Z 262881 diff --git a/net-mail/metamail/files/metamail-2.7.45.3-CVE-2006-0709.patch b/net-mail/metamail/files/metamail-2.7.45.3-CVE-2006-0709.patch new file mode 100644 index 000000000000..6572a514c37c --- /dev/null +++ b/net-mail/metamail/files/metamail-2.7.45.3-CVE-2006-0709.patch @@ -0,0 +1,40 @@ +--- src/src/metamail/metamail.c.old 2006-03-14 10:13:35.000000000 -0800 ++++ src/src/metamail/metamail.c 2006-03-14 10:11:52.000000000 -0800 +@@ -313,7 +313,7 @@ + WroteSquirrelFile = 0; + } + LineBuf = XMALLOC(char, LINE_BUF_SIZE); +- sprintf(LineBuf, "--%s", boundary); ++ snprintf(LineBuf, LINE_BUF_SIZE, "--%s", boundary); + strcpy(boundary, LineBuf); + boundarylen = strlen(boundary); + if (BoundaryCt >= BoundaryAlloc) { +@@ -1712,7 +1712,7 @@ + if (boundary[0] == '"') { + boundary=UnquoteString(boundary); + } +- sprintf(LineBuf, "--%s", boundary); ++ snprintf(LineBuf, LINE_BUF_SIZE, "--%s", boundary); + strcpy(boundary, LineBuf); + boundarylen = strlen(boundary); + if (BoundaryCt >= BoundaryAlloc) { +--- src/metamail/metamail.c.old 2006-03-14 10:12:39.000000000 -0800 ++++ src/metamail/metamail.c 2006-03-14 10:14:53.000000000 -0800 +@@ -445,7 +445,7 @@ + } + LineBuf = malloc(LINE_BUF_SIZE); + if (!LineBuf) ExitWithError(nomem); +- sprintf(LineBuf, "--%s", boundary); ++ snprintf(LineBuf, LINE_BUF_SIZE, "--%s", boundary); + strcpy(boundary, LineBuf); + boundarylen = strlen(boundary); + if (BoundaryCt >= BoundaryAlloc) { +@@ -2115,7 +2115,7 @@ + if (boundary[0] == '"') { + boundary=UnquoteString(boundary); + } +- sprintf(LineBuf, "--%s", boundary); ++ snprintf(LineBuf, LINE_BUF_SIZE, "--%s", boundary); + strcpy(boundary, LineBuf); + boundarylen = strlen(boundary); + if (BoundaryCt >= BoundaryAlloc) { diff --git a/net-mail/metamail/metamail-2.7.45.3-r1.ebuild b/net-mail/metamail/metamail-2.7.45.3-r1.ebuild new file mode 100644 index 000000000000..9906b7d19620 --- /dev/null +++ b/net-mail/metamail/metamail-2.7.45.3-r1.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-mail/metamail/metamail-2.7.45.3-r1.ebuild,v 1.1 2006/03/14 18:45:11 langthang Exp $ + +inherit eutils + +IUSE="" + +MY_PV=${PV%.*.*}-${PV#*.*.} +S=${WORKDIR}/mm${PV%.*.*}/src +DESCRIPTION="Metamail (with Debian patches) - Generic MIME package" +HOMEPAGE="ftp://thumper.bellcore.com/pub/nsb/" +SRC_URI="ftp://thumper.bellcore.com/pub/nsb/mm${PV%.*.*}.tar.Z + mirror://debian/pool/main/m/metamail/metamail_${MY_PV}.diff.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~x86 ~ppc ~alpha ~ia64 ~sparc ~s390 ~amd64 ~hppa ~ppc64" + +DEPEND="sys-libs/ncurses + app-arch/sharutils + net-mail/mailbase" +RDEPEND="app-misc/mime-types" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${WORKDIR}/metamail_${MY_PV}.diff + epatch $FILESDIR/${P}-CVE-2006-0709.patch + chmod +x ${S}/configure +} + +src_compile() { + export WANT_AUTOCONF=2.5 + econf || die + emake || die +} +src_install () { + make DESTDIR=${D} install || die + dodoc COPYING CREDITS README + rm man/mmencode.1 + doman man/* debian/mimencode.1 debian/mimeit.1 +} -- 2.26.2