commit: 4ba91eed15ea76165f60e3478cd4461ce3d0cd3d Author: Eray Aslan <eras <AT> gentoo <DOT> org> AuthorDate: Fri Jul 30 07:07:37 2021 +0000 Commit: Eray Aslan <eras <AT> gentoo <DOT> org> CommitDate: Fri Jul 30 07:07:37 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ba91eed
net-mail/mailutils: disable escapes in non-interactive mode unlike other mail(1) implementations, mailutils mail command allowed escape characters in non-interactive mode, resulting in CVE-2021-32749 in fail2ban package. backport fix for mailutils-3.12 Bug: https://bugs.gentoo.org/802513 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras <AT> gentoo.org> .../files/mailutils-3.12-disable_escapes.patch | 24 ++++ net-mail/mailutils/mailutils-3.12-r3.ebuild | 144 +++++++++++++++++++++ 2 files changed, 168 insertions(+) diff --git a/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch b/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch new file mode 100644 index 00000000000..073d1b67121 --- /dev/null +++ b/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch @@ -0,0 +1,24 @@ +From 4befcfd015256c568121653038accbd84820198f Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <[email protected]> +Date: Mon, 19 Jul 2021 11:27:40 +0300 +Subject: mail: disable compose escapes in non-interctive mode. + +diff --git a/mail/send.c b/mail/send.c +index 1bdfe1134..098374dab 100644 +--- a/mail/send.c ++++ b/mail/send.c +@@ -1324,8 +1324,9 @@ mail_compose_send (compose_env_t *env, int save_to) + + if (strcmp (buf, ".") == 0 && mailvar_is_true (mailvar_name_dot)) + done = 1; +- else if (mailvar_get (&escape, mailvar_name_escape, +- mailvar_type_string, 0) == 0 ++ else if (interactive ++ && mailvar_get (&escape, mailvar_name_escape, ++ mailvar_type_string, 0) == 0 + && buf[0] == escape[0]) + { + if (buf[1] == buf[0]) +-- +cgit v1.2.1 + diff --git a/net-mail/mailutils/mailutils-3.12-r3.ebuild b/net-mail/mailutils/mailutils-3.12-r3.ebuild new file mode 100644 index 00000000000..c4afe8dbaa5 --- /dev/null +++ b/net-mail/mailutils/mailutils-3.12-r3.ebuild @@ -0,0 +1,144 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +PYTHON_COMPAT=( python3_{7,8,9,10} ) + +inherit autotools elisp-common eutils flag-o-matic python-single-r1 toolchain-funcs + +DESCRIPTION="A useful collection of mail servers, clients, and filters" +HOMEPAGE="https://mailutils.org/"; +SRC_URI="mirror://gnu/mailutils/${P}.tar.xz" + +LICENSE="GPL-2 LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-macos ~x64-macos" +IUSE="berkdb bidi +clients emacs gdbm sasl guile ipv6 kerberos kyotocabinet \ + ldap mysql nls pam postgres python servers split-usr ssl static-libs +threads tcpd \ + tokyocabinet" + +RDEPEND=" + !mail-filter/libsieve + !mail-client/mailx + sys-libs/ncurses:= + sys-libs/readline:= + dev-libs/libltdl:0 + virtual/libcrypt:= + virtual/mta + berkdb? ( sys-libs/db:= ) + bidi? ( dev-libs/fribidi ) + emacs? ( >=app-editors/emacs-23.1:* ) + gdbm? ( sys-libs/gdbm:= ) + guile? ( dev-scheme/guile:12/2.2-1 ) + kerberos? ( virtual/krb5 ) + kyotocabinet? ( dev-db/kyotocabinet ) + ldap? ( net-nds/openldap ) + mysql? ( dev-db/mysql-connector-c ) + nls? ( sys-devel/gettext ) + pam? ( sys-libs/pam:= ) + postgres? ( dev-db/postgresql:= ) + python? ( ${PYTHON_DEPS} ) + sasl? ( virtual/gsasl ) + servers? ( virtual/libiconv dev-libs/libunistring:= ) + ssl? ( net-libs/gnutls:= ) + tcpd? ( sys-apps/tcp-wrappers ) + tokyocabinet? ( dev-db/tokyocabinet ) + " + +DEPEND="${RDEPEND}" + +BDEPEND="virtual/pkgconfig" + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) + servers? ( tcpd ldap )" + +DOCS=( ABOUT-NLS AUTHORS COPYING COPYING.LESSER ChangeLog INSTALL NEWS README THANKS TODO ) +PATCHES=( + "${FILESDIR}"/${PN}-3.5-add-include.patch + "${FILESDIR}"/${P}-misssing-endif.patch + "${FILESDIR}"/${P}-fix-big-endians.patch + "${FILESDIR}"/${P}-disable_escapes.patch +) + +pkg_setup() { + use python && python-single-r1_pkg_setup +} + +src_prepare() { + default + if use mysql; then + sed -i -e /^INCLUDES/"s:$:$(mysql_config --include):" \ + sql/Makefile.am || die + fi + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + + # maildir is the Gentoo default + econf \ + MU_DEFAULT_SCHEME=maildir \ + CURSES_LIBS="$($(tc-getPKG_CONFIG) --libs ncurses)" \ + $(use_with berkdb berkeley-db) \ + $(use_with bidi fribidi) \ + $(use_enable ipv6) \ + $(use_with gdbm) \ + $(use_with sasl gsasl) \ + $(use_with guile) \ + $(use_with kerberos gssapi) \ + $(use_with ldap) \ + $(use_with mysql) \ + $(use_enable nls) \ + $(use_enable pam) \ + $(use_with postgres) \ + $(use_enable python) \ + $(use_with ssl gnutls) \ + $(use_enable static-libs static) \ + $(use_enable threads pthread) \ + $(use_with tokyocabinet) \ + $(use_with kyotocabinet) \ + $(use_with tcpd tcp-wrappers) \ + $(use_enable servers build-servers) \ + $(use_with servers unistring ) \ + $(use_enable clients build-clients) \ + EMACS=$(usex emacs emacs no) \ + --with-lispdir="${EPREFIX}${SITELISP}/${PN}" \ + --with-mail-spool=/var/spool/mail \ + --with-readline \ + --enable-sendmail \ + --disable-debug +} + +src_install() { + default + + insinto /etc + # bug 613112 + newins "${FILESDIR}/mailutils.rc" mailutils.conf + keepdir /etc/mailutils.d/ + insinto /etc/mailutils.d + doins "${FILESDIR}/mail" + + if use python; then + python_optimize + if use static-libs; then + rm -r "${D}$(python_get_sitedir)/mailutils"/*.{a,la} || die + fi + fi + + if use servers; then + newinitd "${FILESDIR}"/imap4d.initd imap4d + newinitd "${FILESDIR}"/pop3d.initd pop3d + newinitd "${FILESDIR}"/comsatd.initd comsatd + fi + + # compatibility link + if use clients && use split-usr; then + dosym ../usr/bin/mail /bin/mail + fi + + if ! use static-libs; then + find "${D}" -name "*.la" -delete || die + fi +}
