From e9f5dfc00497e3b5340166d029075d9bb29b2ad6 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 25 Nov 2020 13:18:15 -0500 Subject: [PATCH] gnu: Mutt: Update to 2.0.2 [fixes CVE-2020-28896]. * gnu/packages/mail.scm (mutt): Update to 2.0.2. * gnu/packages/patches/mutt-store-references.patch: Adjust to changes in Mutt 2.0.2. --- gnu/packages/mail.scm | 4 ++-- gnu/packages/patches/mutt-store-references.patch | 13 +++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index aa26a75c48..84b1f1c6d3 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -444,7 +444,7 @@ (define-public fetchmail (define-public mutt (package (name "mutt") - (version "1.14.7") + (version "2.0.2") (source (origin (method url-fetch) (uri (list @@ -454,7 +454,7 @@ (define-public mutt version ".tar.gz"))) (sha256 (base32 - "0r58xnjgkw0kmnnzhb32mk5gkkani5kbi5krybpbag156fqhgxg4")) + "1j0i2jmlk5sc78af9flj3ynj0iiwa8biw7jgf12qm5lppsx1h4j7")) (patches (search-patches "mutt-store-references.patch")))) (build-system gnu-build-system) (inputs diff --git a/gnu/packages/patches/mutt-store-references.patch b/gnu/packages/patches/mutt-store-references.patch index 3b69c7b0bd..77d1680d60 100644 --- a/gnu/packages/patches/mutt-store-references.patch +++ b/gnu/packages/patches/mutt-store-references.patch @@ -2,15 +2,16 @@ By default 'mutt' embeds configure flags and the output of 'gcc -v', which contains the store file name of Bash and GCC. This patch makes sure we don't embed a reference to these in 'mutt'. ---- mutt-1.5.23/txt2c.sh 2015-06-26 22:56:56.500731643 +0200 -+++ mutt-1.5.23/txt2c.sh 2015-06-26 22:57:26.664583900 +0200 +diff --git a/txt2c.sh b/txt2c.sh +index f634bb9..53845cf 100755 +--- a/txt2c.sh ++++ b/txt2c.sh @@ -21,6 +21,8 @@ txt2c_fallback () { echo ";" } +echo "unsigned char $1[] = \"value of '$1' not kept\";" +exit 0 - ./txt2c test /dev/null 2>&1 && - ./txt2c "$1" || - txt2c_fallback "$1" - + if ./txt2c test /dev/null 2>&1; then + ./txt2c "$1" + else