net-mail/mailutils: disable escapes in non-interactive mode

unlike other mail(1) implementations, mailutils mail command allowed
escape characters in non-interactive mode, resulting in CVE-2021-32749
in fail2ban package. backport fix for mailutils-3.12

Bug: https://bugs.gentoo.org/802513
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Eray Aslan <eras@gentoo.org>

2 files changed, 168 insertions, 0 deletions

diff --git a/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch b/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch
new file mode 100644
index 000000000000..073d1b671219
--- /dev/null
+++ b/net-mail/mailutils/files/mailutils-3.12-disable_escapes.patch
@@ -0,0 +1,24 @@
+From 4befcfd015256c568121653038accbd84820198f Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Mon, 19 Jul 2021 11:27:40 +0300
+Subject: mail: disable compose escapes in non-interctive mode.
+
+diff --git a/mail/send.c b/mail/send.c
+index 1bdfe1134..098374dab 100644
+--- a/mail/send.c
++++ b/mail/send.c
+@@ -1324,8 +1324,9 @@ mail_compose_send (compose_env_t *env, int save_to)
+ 
+       if (strcmp (buf, ".") == 0 && mailvar_is_true (mailvar_name_dot))
+ 	done = 1;
+-      else if (mailvar_get (&escape, mailvar_name_escape,
+-			    mailvar_type_string, 0) == 0
++      else if (interactive
++	       && mailvar_get (&escape, mailvar_name_escape,
++			       mailvar_type_string, 0) == 0
+ 	       && buf[0] == escape[0])
+ 	{
+ 	  if (buf[1] == buf[0])
+-- 
+cgit v1.2.1
+
diff --git a/net-mail/mailutils/mailutils-3.12-r3.ebuild b/net-mail/mailutils/mailutils-3.12-r3.ebuild
new file mode 100644
index 000000000000..c4afe8dbaa55
--- /dev/null
+++ b/net-mail/mailutils/mailutils-3.12-r3.ebuild
@@ -0,0 +1,144 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+PYTHON_COMPAT=( python3_{7,8,9,10} )
+
+inherit autotools elisp-common eutils flag-o-matic python-single-r1 toolchain-funcs
+
+DESCRIPTION="A useful collection of mail servers, clients, and filters"
+HOMEPAGE="https://mailutils.org/"
+SRC_URI="mirror://gnu/mailutils/${P}.tar.xz"
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-macos ~x64-macos"
+IUSE="berkdb bidi +clients emacs gdbm sasl guile ipv6 kerberos kyotocabinet \
+	ldap mysql nls pam postgres python servers split-usr ssl static-libs +threads tcpd \
+	tokyocabinet"
+
+RDEPEND="
+	!mail-filter/libsieve
+	!mail-client/mailx
+	sys-libs/ncurses:=
+	sys-libs/readline:=
+	dev-libs/libltdl:0
+	virtual/libcrypt:=
+	virtual/mta
+	berkdb? ( sys-libs/db:= )
+	bidi? ( dev-libs/fribidi )
+	emacs? ( >=app-editors/emacs-23.1:* )
+	gdbm? ( sys-libs/gdbm:= )
+	guile? ( dev-scheme/guile:12/2.2-1 )
+	kerberos? ( virtual/krb5 )
+	kyotocabinet? ( dev-db/kyotocabinet )
+	ldap? ( net-nds/openldap )
+	mysql? ( dev-db/mysql-connector-c )
+	nls? ( sys-devel/gettext )
+	pam? ( sys-libs/pam:= )
+	postgres? ( dev-db/postgresql:= )
+	python? ( ${PYTHON_DEPS} )
+	sasl? ( virtual/gsasl )
+	servers? ( virtual/libiconv dev-libs/libunistring:= )
+	ssl? ( net-libs/gnutls:= )
+	tcpd? ( sys-apps/tcp-wrappers )
+	tokyocabinet? ( dev-db/tokyocabinet )
+	"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="virtual/pkgconfig"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )
+	servers? ( tcpd ldap )"
+
+DOCS=( ABOUT-NLS AUTHORS COPYING COPYING.LESSER ChangeLog INSTALL NEWS README THANKS TODO )
+PATCHES=(
+	"${FILESDIR}"/${PN}-3.5-add-include.patch
+	"${FILESDIR}"/${P}-misssing-endif.patch
+	"${FILESDIR}"/${P}-fix-big-endians.patch
+	"${FILESDIR}"/${P}-disable_escapes.patch
+)
+
+pkg_setup() {
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+	if use mysql; then
+		sed -i -e /^INCLUDES/"s:$:$(mysql_config --include):" \
+			sql/Makefile.am || die
+	fi
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	# maildir is the Gentoo default
+	econf \
+		MU_DEFAULT_SCHEME=maildir \
+		CURSES_LIBS="$($(tc-getPKG_CONFIG) --libs ncurses)" \
+		$(use_with berkdb berkeley-db) \
+		$(use_with bidi fribidi) \
+		$(use_enable ipv6) \
+		$(use_with gdbm) \
+		$(use_with sasl gsasl) \
+		$(use_with guile) \
+		$(use_with kerberos gssapi) \
+		$(use_with ldap) \
+		$(use_with mysql) \
+		$(use_enable nls) \
+		$(use_enable pam) \
+		$(use_with postgres) \
+		$(use_enable python) \
+		$(use_with ssl gnutls) \
+		$(use_enable static-libs static) \
+		$(use_enable threads pthread) \
+		$(use_with tokyocabinet) \
+		$(use_with kyotocabinet) \
+		$(use_with tcpd tcp-wrappers) \
+		$(use_enable servers build-servers) \
+		$(use_with servers unistring ) \
+		$(use_enable clients build-clients) \
+		EMACS=$(usex emacs emacs no) \
+		--with-lispdir="${EPREFIX}${SITELISP}/${PN}" \
+		--with-mail-spool=/var/spool/mail \
+		--with-readline \
+		--enable-sendmail \
+		--disable-debug
+}
+
+src_install() {
+	default
+
+	insinto /etc
+	# bug 613112
+	newins "${FILESDIR}/mailutils.rc" mailutils.conf
+	keepdir /etc/mailutils.d/
+	insinto /etc/mailutils.d
+	doins "${FILESDIR}/mail"
+
+	if use python; then
+		python_optimize
+		if use static-libs; then
+			rm -r "${D}$(python_get_sitedir)/mailutils"/*.{a,la} || die
+		fi
+	fi
+
+	if use servers; then
+		newinitd "${FILESDIR}"/imap4d.initd imap4d
+		newinitd "${FILESDIR}"/pop3d.initd pop3d
+		newinitd "${FILESDIR}"/comsatd.initd comsatd
+	fi
+
+	# compatibility link
+	if use clients && use split-usr; then
+		dosym ../usr/bin/mail /bin/mail
+	fi
+
+	if ! use static-libs; then
+		find "${D}" -name "*.la" -delete || die
+	fi
+}