Add patch to fix ssl security issue CVE-2009-3765, bug #290660

(Portage version: 2.2.00.14724-prefix/cvs/SunOS i386)

3 files changed, 37 insertions, 3 deletions

diff --git a/mail-client/mutt/ChangeLog b/mail-client/mutt/ChangeLog
index 3ac344752aab..b0e0ffa11145 100644
--- a/mail-client/mutt/ChangeLog
+++ b/mail-client/mutt/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for mail-client/mutt
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/mutt/ChangeLog,v 1.161 2009/10/27 09:08:08 grobian Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/mutt/ChangeLog,v 1.162 2009/10/27 09:20:24 grobian Exp $
+
+*mutt-1.5.20-r8 (27 Oct 2009)
+
+  27 Oct 2009; Fabian Groffen <grobian@gentoo.org> -mutt-1.5.20-r7.ebuild,
+  +mutt-1.5.20-r8.ebuild,
+  +files/mutt-1.5.20-ssl-CVE-2009-3765-dc09812e63a3.patch:
+  Add patch to fix ssl security issue CVE-2009-3765, bug #290660
 
   27 Oct 2009; Fabian Groffen <grobian@gentoo.org> -mutt-1.5.16.ebuild,
   -mutt-1.5.19-r1.ebuild:
diff --git a/mail-client/mutt/files/mutt-1.5.20-ssl-CVE-2009-3765-dc09812e63a3.patch b/mail-client/mutt/files/mutt-1.5.20-ssl-CVE-2009-3765-dc09812e63a3.patch
new file mode 100644
index 000000000000..becf16baa486
--- /dev/null
+++ b/mail-client/mutt/files/mutt-1.5.20-ssl-CVE-2009-3765-dc09812e63a3.patch
@@ -0,0 +1,25 @@
+http://bugs.gentoo.org/show_bug.cgi?id=290660
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3765
+http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c
+
+Index: mutt_ssl.c
+===================================================================
+--- mutt_ssl.c (revision 5870:dc9ec900c657)
++++ mutt_ssl.c (revision 6016:dc09812e63a3)
+@@ -682,5 +682,6 @@
+       if (subj_alt_name->type == GEN_DNS)
+       {
+-	if ((match_found = hostname_match(hostname_ascii,
++	if (mutt_strlen(subj_alt_name) == subj_alt_name->d.ia5->length  &&
++	    (match_found = hostname_match(hostname_ascii,
+ 					  (char *)(subj_alt_name->d.ia5->data))))
+ 	{
+@@ -712,5 +713,7 @@
+       goto out;
+     }
+-    match_found = hostname_match(hostname_ascii, buf);
++    if (mutt_strlen(buf) == bufsize - 1) {
++      match_found = hostname_match(hostname_ascii, buf);
++    }
+   }
+ 
diff --git a/mail-client/mutt/mutt-1.5.20-r7.ebuild b/mail-client/mutt/mutt-1.5.20-r8.ebuild
index 0edb74418da6..5afdfdb9ea80 100644
--- a/mail-client/mutt/mutt-1.5.20-r7.ebuild
+++ b/mail-client/mutt/mutt-1.5.20-r8.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/mutt/mutt-1.5.20-r7.ebuild,v 1.2 2009/10/26 20:37:21 klausman Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/mutt/mutt-1.5.20-r8.ebuild,v 1.1 2009/10/27 09:20:24 grobian Exp $
 
 inherit eutils flag-o-matic autotools
 
@@ -78,6 +78,8 @@ src_unpack() {
 	built_with_use sys-libs/ncurses unicode && \
 		epatch "${FILESDIR}"/mutt-1.5.18-solaris-ncurses-chars.patch
 	epatch "${FILESDIR}"/mutt-1.5.20-gpgme-1.2.0.patch
+	epatch "${FILESDIR}"/mutt-1.5.20-dont-reveal-bbc.patch
+
 	# post-release hot-fixes
 	epatch "${FILESDIR}"/mutt-1.5.20-imap-port-invalid-d6f88fbf8387.patch
 	epatch "${FILESDIR}"/mutt-1.5.20-header-weeding-f40de578e8ed.patch
@@ -98,7 +100,7 @@ src_unpack() {
 	epatch "${FILESDIR}"/mutt-1.5.20-fix-mh-parsing-14bb498c6a1c.patch
 	epatch "${FILESDIR}"/mutt-1.5.20-search-pattern-crash-053ef7bbaa72.patch
 	epatch "${FILESDIR}"/mutt-1.5.20-next-invalid-pattern-crash-6a08a5244d60.patch
-	epatch "${FILESDIR}"/mutt-1.5.20-dont-reveal-bbc.patch
+	epatch "${FILESDIR}"/mutt-1.5.20-ssl-CVE-2009-3765-dc09812e63a3.patch
 
 	# patch version string for bug reports
 	sed -i -e 's/"Mutt %s (%s)"/"Mutt %s (%s, Gentoo '"${PVR}"')"/' \