summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabian Groffen <grobian@gentoo.org>2020-06-21 09:44:41 +0200
committerFabian Groffen <grobian@gentoo.org>2020-06-21 09:44:41 +0200
commita760a283613c47ac37b31c6394f89a431e823ca8 (patch)
tree1a6a6151ea6e71b9700341d9712e6e65ba9417d7 /mail-client/mutt/files
parentapp-misc/hatools: update HOMEPAGE. (diff)
downloadgentoo-a760a283613c47ac37b31c6394f89a431e823ca8.tar.gz
gentoo-a760a283613c47ac37b31c6394f89a431e823ca8.tar.bz2
gentoo-a760a283613c47ac37b31c6394f89a431e823ca8.zip
mail-client/mutt-1.14.4-r1: yet another security bump
Bug: https://bugs.gentoo.org/728708 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Diffstat (limited to 'mail-client/mutt/files')
-rw-r--r--mail-client/mutt/files/mutt-1.14.4-no-imap-preauth-with-tunnel.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/mail-client/mutt/files/mutt-1.14.4-no-imap-preauth-with-tunnel.patch b/mail-client/mutt/files/mutt-1.14.4-no-imap-preauth-with-tunnel.patch
new file mode 100644
index 00000000000..d4d2104db08
--- /dev/null
+++ b/mail-client/mutt/files/mutt-1.14.4-no-imap-preauth-with-tunnel.patch
@@ -0,0 +1,30 @@
+From dc909119b3433a84290f0095c0f43a23b98b3748 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Sat, 20 Jun 2020 06:35:35 -0700
+Subject: [PATCH] Don't check IMAP PREAUTH encryption if $tunnel is in use.
+
+$tunnel is used to create an external encrypted connection. The
+default of $ssl_starttls is yes, meaning those kinds of connections
+will be broken by the CVE-2020-14093 fix.
+---
+ imap/imap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/imap/imap.c b/imap/imap.c
+index 3ca10df4..78d75b07 100644
+--- a/imap/imap.c
++++ b/imap/imap.c
+@@ -532,8 +532,8 @@ int imap_open_connection (IMAP_DATA* idata)
+ {
+ #if defined(USE_SSL)
+ /* An unencrypted PREAUTH response is most likely a MITM attack.
+- * Require a confirmation. */
+- if (!idata->conn->ssf)
++ * Require a confirmation unless using $tunnel. */
++ if (!idata->conn->ssf && !Tunnel)
+ {
+ if (option(OPTSSLFORCETLS) ||
+ (query_quadoption (OPT_SSLSTARTTLS,
+--
+GitLab
+