version bump for security bug 437814 (CVE 2012-4507), null pointer exception

Package-Manager: portage-2.1.11.9/cvs/Linux i686
author: Christian Faulhammer <fauli@gentoo.org> 2012-10-11 19:05:34 +0000
committer: Christian Faulhammer <fauli@gentoo.org> 2012-10-11 19:05:34 +0000
commit: 96bc661937c82e609d651a1fa3e95664b2583ead (patch)
tree: a8709b617e346aa6fe671c4ed8750647d35a9df4 /mail-client/claws-mail
parent: stable ppc64, bug #437746 (diff)
download: historical-96bc661937c82e609d651a1fa3e95664b2583ead.tar.gz
historical-96bc661937c82e609d651a1fa3e95664b2583ead.tar.bz2
historical-96bc661937c82e609d651a1fa3e95664b2583ead.zip
4 files changed, 188 insertions, 6 deletions
diff --git a/mail-client/claws-mail/ChangeLog b/mail-client/claws-mail/ChangeLog
index aa35fc2b1266..5d7e433e3b02 100644
--- a/mail-client/claws-mail/ChangeLog
+++ b/mail-client/claws-mail/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for mail-client/claws-mail
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/claws-mail/ChangeLog,v 1.209 2012/09/05 07:48:27 jlec Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/claws-mail/ChangeLog,v 1.210 2012/10/11 19:05:33 fauli Exp $
+
+*claws-mail-3.8.1-r2 (11 Oct 2012)
+
+  11 Oct 2012; Christian Faulhammer <fauli@gentoo.org>
+  +claws-mail-3.8.1-r2.ebuild, +files/claws-mail-3.8.1_procmime-vuln.patch:
+  version bump for security bug 437814 (CVE 2012-4507), null pointer exception
 
   05 Sep 2012; Justin Lecher <jlec@gentoo.org> claws-mail-3.8.0.ebuild,
   claws-mail-3.8.1-r1.ebuild, claws-mail-3.8.1.ebuild:
diff --git a/mail-client/claws-mail/Manifest b/mail-client/claws-mail/Manifest
index 8b7a98adafe0..eea88fd35895 100644
--- a/mail-client/claws-mail/Manifest
+++ b/mail-client/claws-mail/Manifest
@@ -2,18 +2,19 @@
 Hash: SHA256
 
 AUX claws-mail-3.8.1_fix-signature.patch 926 SHA256 3c106c1fe6a40c712c67586cf2cac8cb6d32539c6490f505a6ca260f599f0415 SHA512 db2e79b0ed9b3a6c8dda68149c1065a62f90cd7f96e6149b1b32734970569d8188858f21aa03a1a117e57155f86fbe08e34d09e5be706642b6072013423ff99a WHIRLPOOL eaecb4f3f7843986fe526740b44c1b3375b545c8906932c5f3588dc5f921efc7d057ddf903f47e9521863aec8b7fc7bb79ef59e9e7b610e419166c83b6335a69
+AUX claws-mail-3.8.1_procmime-vuln.patch 1263 SHA256 3cf11125bac591645d341a5201dc3402b0c83f85abee131ca3da00762415c242 SHA512 85d3884cf79a55f637916b07487236ccd396fde5896f7ae428b083c600c5acc176237510c2a146179931431ea31dc15e458bc5ce0ded9fbbc7bb8fb10755135f WHIRLPOOL bb5c47fba7a24e66929b1cb3557fef0abf31616b6d79c0e9db65f13638363cd93a08faf2f94dffd996920b10f673fea9a453915a92b208a388f07151deaf503a
 DIST claws-mail-3.8.0.tar.bz2 7190415 SHA256 ec945e3b0f3df6f1f13fcf149ad3ee5306c0e6575bb375cf558e9028a0eb6231 SHA512 da1f45f2c528b003c57059ea94c372a7778f59702043b24c166f78c0b5b3455ced97faead781d1f92dec443ecc24a136bd9235537e04d492dd8c4fafcb161562 WHIRLPOOL c2d7141a38d91b8945370bd3c5fbc521287bf96b742b4090e2b533688cce48166e2d335a107c36ecb8a3b1e44078b14df14e34ab5e14e6bb287d3dd2485ae6e9
 DIST claws-mail-3.8.1.tar.bz2 7335864 SHA256 b421fd913694f9d04635212b0c47c9808a3f20a4f9a5dd15b6f4cd5022c6ee6f SHA512 c55bfdcece77d7f9341a03a66dd02c5f7126049c3063492b2f6eace41f89aa2bea2b5ddc84fd3743318c5baed9aeb9a6406c6fa9c41254305dfed726f85bf40a WHIRLPOOL e0adde62288f6b600baddb6d3f62f952ee3bbed32a165d3d518d740038aa3fe017ede50b84cd1597fa52eb1ec8877ee4472dac544689e95a2ae65f61b1a5238a
 EBUILD claws-mail-3.8.0.ebuild 3738 SHA256 a444e8fccf5e8e6ea6d961e20f0cda4677539193a9037d947eb134158ce4a158 SHA512 c26e0d6b7d3295440b3a0332d84858aaff4283813f268792a6d0af531f8a52962b9711b039c8ae438eb0602d59c0f8c6e1b80b8d14619e9881a852ebce97cf49 WHIRLPOOL 5eee304207d8df6667e1a37b089cf59fc019b438ec70db6920a93ea274f438a90cf31bc8c140e14b68b6ba306112e0ab60b81dc5d7b1ca44f3f8ca7994fe2b97
 EBUILD claws-mail-3.8.1-r1.ebuild 3829 SHA256 35af432974db467ad9c72725b8d5ced0934b2aaca0d2e7a3673038a135a7c333 SHA512 3f6fb30063489f2407400a2226d6e30803f1f27e90500871a41cd16898572c7a360c658c8cba84c1fab1a8730a0f772dd270f1cfbd85f518696105880c293f08 WHIRLPOOL a6177edd9e231f7fd88d57dae52b409927dcafbb4e34da87c308a8c5fafdc46f3a2b90decc31a00022be7ed43ff8356cb6d15290e98ba571b55445bf3491173b
+EBUILD claws-mail-3.8.1-r2.ebuild 3882 SHA256 95624983248a9f13c5218e5d081365596b4e738e66c7d630d272168adc29c46d SHA512 580f7db02d81619e72841d4c88f069951053b21feafaa1607de0762714426a834a479344fa92ceb020f33f24cd63ceee1435baad45a7b60d0bba805fbe385ec4 WHIRLPOOL 36b4f6f402cf9797c612e59168f63cd5b960ed87a3db5c88167d6ad5a174d379fde2692a0807416ceaf3cd03439a85dacf86f569227050506c233a4e738bf741
 EBUILD claws-mail-3.8.1.ebuild 3756 SHA256 f4216c8f35e7cf66b1c4ef59da85e727bbe190e21a27a105059eaadcb346c12f SHA512 8f7d42c837fd86f0848d43833371372a6b262095914c1d5a347e3ae1e82d6d4324e70880fd2e0f7da0c27a7ef1a690626f9936b3137da367670be1119735c32f WHIRLPOOL d7d921e607c32b98e3276b7f83b71b3cf4b029f87a4052e180bf419a8b6065f89b27c57d203509bf9fe3fe95436f1cbbd70e0ace65b459267c72c611524948c2
-MISC ChangeLog 43516 SHA256 98d34c1eed36c1921f9aca812639f29f517ee583133274462f7fda10ab38a358 SHA512 57133dd7b7d0d8bc64885da40d378317eab18f8d882f0b17c4bf7b3975e38b1195c4f011d746561b128efd61f0d2664efa347fe0aba07daea900c144437c8e1f WHIRLPOOL 1014e945b3361e77d45b0ff2a91b32699111aa7fdccfeb0524a03471d1f783ea09ab8f8681fb33164f294871318ef3217e69b0ff8f32e1b58f5e347310b5ee47
+MISC ChangeLog 43764 SHA256 a5dcc90b17b7a235da47ff95df95d398e4ca974e40b18c4e80fa4f1b11baa4f1 SHA512 eebc9299f4bebeb92d5fcdd3083d2d8cce495363ad7e1dde7bad11c0fca952dffd5e234cb1ef7bbbf50a1e3f91b9b0a50e5d7626dc85af3a12d4d4c363cf688b WHIRLPOOL 03128a5a9df914530f2f49c685013f76424f36bde176c5c84640c4fcc995dbdf507da61ecfa236a5caf6d2f1d586a1154072d7db24aadcbc48cda3a3c0b80a05
 MISC metadata.xml 778 SHA256 deae27a074e4678336af25da5b7a620236ba449406c595828eaaea5310e8d07b SHA512 8e436c28f69a11bd8d3b2a39ddbb5189e25090801e45524d94007b9620c5b6d9cfeb94984603f6f1d4a83f0524a006967a84393a571934802188c75791b6589b WHIRLPOOL f1c271a33cf7279479bf2ce1d7aab957eb30bbcada1fcb28cb164236cb1411771346404a44d7c9b4cfb11d5cad2e48955333fb0de9e96908d43018e5d8c0842b
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
-Comment: GPGTools - http://gpgtools.org
 
-iEYEAREIAAYFAlBHA9EACgkQgAnW8HDreRb6kwCeJbLnOeHaEpECj7bmHsD/+nJO
-AroAn0FMJElcb6LLkpGnwCBRhDzWsep5
-=hFln
+iEYEAREIAAYFAlB3GVEACgkQNQqtfCuFneMQCQCbBsnSKNiZpMcjB3v1mIW6rkJ9
+Wz0An3q03SD1qropohblw5wn3O4MBQGo
+=YVNp
 -----END PGP SIGNATURE-----
diff --git a/mail-client/claws-mail/claws-mail-3.8.1-r2.ebuild b/mail-client/claws-mail/claws-mail-3.8.1-r2.ebuild
new file mode 100644
index 000000000000..444189bdcdfd
--- /dev/null
+++ b/mail-client/claws-mail/claws-mail-3.8.1-r2.ebuild
@@ -0,0 +1,140 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-client/claws-mail/claws-mail-3.8.1-r2.ebuild,v 1.1 2012/10/11 19:05:33 fauli Exp $
+
+EAPI="4"
+
+inherit autotools-utils multilib gnome2-utils eutils
+
+DESCRIPTION="An email client (and news reader) based on GTK+"
+HOMEPAGE="http://www.claws-mail.org/"
+
+SRC_URI="mirror://sourceforge/sylpheed-claws/${P}.tar.bz2"
+
+SLOT="0"
+LICENSE="GPL-3"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="bogofilter crypt dbus dillo doc +imap ipv6 ldap nntp pda session smime spamassassin spell +ssl startup-notification xface"
+
+COMMONDEPEND=">=x11-libs/gtk+-2.20:2
+	pda? ( >=app-pda/jpilot-0.99 )
+	ssl? ( >=net-libs/gnutls-2.2.0 )
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	crypt? ( >=app-crypt/gpgme-0.4.5 )
+	dbus? ( >=dev-libs/dbus-glib-0.60 )
+	dillo? ( www-client/dillo )
+	spell? ( >=app-text/enchant-1.0.0 )
+	imap? ( >=net-libs/libetpan-0.57 )
+	nntp? ( >=net-libs/libetpan-0.57 )
+	startup-notification? ( x11-libs/startup-notification )
+	bogofilter? ( mail-filter/bogofilter )
+	session? ( x11-libs/libSM
+			x11-libs/libICE )
+	smime? ( >=app-crypt/gpgme-0.4.5 )"
+
+DEPEND="${COMMONDEPEND}
+	xface? ( >=media-libs/compface-1.4 )
+	virtual/pkgconfig"
+
+RDEPEND="${COMMONDEPEND}
+	app-misc/mime-types
+	x11-misc/shared-mime-info"
+
+PLUGIN_NAMES="acpi-notifier address_keeper archive att-remover attachwarner clamd fancy fetchinfo geolocation gdata gtkhtml mailmbox newmail notification perl python rssyl spam_report tnef_parse vcalendar"
+
+PATCHES=(
+	"${FILESDIR}"/claws-mail-${PV}_fix-signature.patch
+	"${FILESDIR}"/claws-mail-${PV}_procmime-vuln.patch
+)
+
+src_configure() {
+	local myeconfargs=(
+		$(use_enable ipv6)
+		$(use_enable ldap)
+		$(use_enable dbus)
+		$(use_enable pda jpilot)
+		$(use_enable spell enchant)
+		$(use_enable xface compface)
+		$(use_enable doc manual)
+		$(use_enable startup-notification)
+		$(use_enable session libsm)
+		$(use_enable crypt pgpmime-plugin)
+		$(use_enable crypt pgpinline-plugin)
+		$(use_enable crypt pgpcore-plugin)
+		$(use_enable dillo dillo-viewer-plugin)
+		$(use_enable spamassassin spamassassin-plugin)
+		$(use_enable bogofilter bogofilter-plugin)
+		$(use_enable smime smime-plugin)
+		--enable-trayicon-plugin
+		--disable-maemo
+	)
+
+	# libetpan is needed if user wants nntp or imap functionality
+	if use imap || use nntp; then
+		myeconfargs+=( --enable-libetpan )
+	else
+		myeconfargs+=( --disable-libetpan )
+	fi
+
+	if use ssl; then
+		myeconfargs+=( --enable-gnutls )
+	else
+		myeconfargs+=( --disable-gnutls )
+	fi
+
+	autotools-utils_src_configure
+}
+
+src_install() {
+	local DOCS=( AUTHORS ChangeLog* INSTALL* NEWS README* TODO* )
+	autotools-utils_src_install
+
+	# Makefile install claws-mail.png in /usr/share/icons/hicolor/48x48/apps
+	# => also install it in /usr/share/pixmaps for other desktop envs
+	# => also install higher resolution icons in /usr/share/icons/hicolor/...
+	insinto /usr/share/pixmaps
+	doins ${PN}.png || die
+	local res resdir
+	for res in 64x64 128x128 ; do
+		resdir="/usr/share/icons/hicolor/${res}/apps"
+		insinto ${resdir}
+		newins ${PN}-${res}.png ${PN}.png || die
+	done
+
+	docinto tools
+	dodoc tools/README*
+
+	domenu ${PN}.desktop
+
+	einfo "Installing extra tools"
+	cd "${S}"/tools
+	exeinto /usr/$(get_libdir)/${PN}/tools
+	doexe *.pl *.py *.conf *.sh || die
+	doexe tb2claws-mail update-po uudec uuooffice || die
+}
+
+pkg_preinst() {
+	gnome2_icon_savelist
+}
+
+pkg_postinst() {
+	gnome2_icon_cache_update
+
+	UPDATE_PLUGINS=""
+	for x in ${PLUGIN_NAMES}; do
+		has_version mail-client/${PN}-$x && UPDATE_PLUGINS="${UPDATE_PLUGINS} $x"
+	done
+	if [ -n "${UPDATE_PLUGINS}" ]; then
+		elog
+		elog "You have to re-emerge or update the following plugins:"
+		elog
+		for x in ${UPDATE_PLUGINS}; do
+			elog "    mail-client/${PN}-$x"
+		done
+		elog
+	fi
+}
+
+pkg_postrm() {
+	gnome2_icon_cache_update
+}
diff --git a/mail-client/claws-mail/files/claws-mail-3.8.1_procmime-vuln.patch b/mail-client/claws-mail/files/claws-mail-3.8.1_procmime-vuln.patch
new file mode 100644
index 000000000000..05498eddd552
--- /dev/null
+++ b/mail-client/claws-mail/files/claws-mail-3.8.1_procmime-vuln.patch
@@ -0,0 +1,35 @@
+A specific mail in the user mbox file cause claws-mail to crash reliabily. 
+
+claws-mail-3.8.1
+
+truncated backtrace:
+:Thread no. 1 (10 frames)
+: #0 strchr at ../sysdeps/x86_64/strchr.S:33
+: #1 parse_parameters at procmime.c:1756
+: #2 procmime_parse_content_disposition at procmime.c:1842
+: #3 procmime_parse_mimepart at procmime.c:1967
+: #4 procmime_parse_multipart at procmime.c:1566
+: #5 procmime_parse_mimepart at procmime.c:1994
+: #6 procmime_parse_message_rfc822 at procmime.c:1393
+: #7 procmime_scan_file_with_offset at procmime.c:2058
+: #8 procmime_scan_file_full at procmime.c:2071
+: #9 procmime_scan_file at procmime.c:2078
+
+CVE-2012-4507
+
+Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=437814
+CVE request: http://permalink.gmane.org/gmane.comp.security.oss.general/8561
+redhat bug: https://bugzilla.redhat.com/show_bug.cgi?id=862578
+claws-mail bug: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743
+
+--- claws-mail-3.8.1-orig/src/procmime.c	2012-06-27 11:05:22.000000000 +0200
++++ claws-mail-3.8.1/src/procmime.c	2012-10-03 18:00:09.438577924 +0200
+@@ -1753,6 +1753,8 @@
+ 			continue;
+ 
+ 		charset = value;
++        if (charset == NULL)
++            continue;
+ 		lang = strchr(charset, '\'');
+ 		if (lang == NULL)
+ 			continue;
author	Christian Faulhammer <fauli@gentoo.org>	2012-10-11 19:05:34 +0000
committer	Christian Faulhammer <fauli@gentoo.org>	2012-10-11 19:05:34 +0000
commit	96bc661937c82e609d651a1fa3e95664b2583ead (patch)
tree	a8709b617e346aa6fe671c4ed8750647d35a9df4 /mail-client/claws-mail
parent	stable ppc64, bug #437746 (diff)
download	historical-96bc661937c82e609d651a1fa3e95664b2583ead.tar.gz historical-96bc661937c82e609d651a1fa3e95664b2583ead.tar.bz2 historical-96bc661937c82e609d651a1fa3e95664b2583ead.zip