From 5b65f9618ae67256bc939b084e12dbb4f3c3aca7 Mon Sep 17 00:00:00 2001
From: Alessio Sergi <al3hex@gmail.com>
Date: Mon, 1 Dec 2014 01:01:12 +0100
Subject: [PATCH] mutt: patch for CVE-2014-9116

---
 srcpkgs/mutt/patches/CVE-2014-9116.patch | 32 ++++++++++++++++++++++++
 srcpkgs/mutt/template                    |  6 ++---
 2 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/mutt/patches/CVE-2014-9116.patch

diff --git a/srcpkgs/mutt/patches/CVE-2014-9116.patch b/srcpkgs/mutt/patches/CVE-2014-9116.patch
new file mode 100644
index 00000000000..8751325d536
--- /dev/null
+++ b/srcpkgs/mutt/patches/CVE-2014-9116.patch
@@ -0,0 +1,32 @@
+This patch solves the issue raised by CVE-2014-9116.
+
+We correctly redefine what are the whitespace characters as per RFC5322; by
+doing so we prevent mutt_substrdup from being used in a way that could lead to
+a segfault.
+
+The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
+crashes due to this kind of bugs from happening again.
+
+--- lib.c.orig
++++ lib.c
+@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
+   size_t len;
+   char *p;
+ 
++  if (end != NULL && end < begin)
++    return NULL;
++
+   if (end)
+     len = end - begin;
+   else
+--- lib.h.orig
++++ lib.h
+@@ -98,7 +98,7 @@
+    on some systems */
+ # define SKIPWS(c) while (*(c) && isspace ((unsigned char) *(c))) c++;
+ 
+-#define EMAIL_WSP " \t\r\n"
++#define EMAIL_WSP " \t\r"
+ 
+ /* skip over WSP as defined by RFC5322.  This is used primarily for parsing
+  * header fields. */
diff --git a/srcpkgs/mutt/template b/srcpkgs/mutt/template
index 8ddd3c9b9b7..d3e858844e8 100644
--- a/srcpkgs/mutt/template
+++ b/srcpkgs/mutt/template
@@ -1,14 +1,15 @@
 # Template file for 'mutt'
 pkgname=mutt
 version=1.5.23
-revision=5
+revision=6
 build_style=gnu-configure
 configure_args="--enable-pop --enable-imap --enable-smtp
  --enable-gpgme --with-regex --with-idn --with-ssl --with-sasl
  --with-gpgme-prefix=${XBPS_CROSS_BASE}/usr
  --with-gdbm=${XBPS_CROSS_BASE}/usr mutt_cv_regex_broken=no"
 hostmakedepends="perl pkg-config libidn-devel automake"
-makedepends="ncurses-devel libressl-devel libidn-devel gpgme-devel libsasl-devel"
+makedepends="ncurses-devel libressl-devel libidn-devel gpgme-devel gdbm-devel
+ libsasl-devel"
 depends="mime-types"
 conf_files="/etc/Muttrc"
 short_desc="The Mutt Mail Client"
@@ -26,7 +27,6 @@ desc_option_sidebar="apply sidebar patch"
 # Disable hcache for cross builds
 if [ -z "$CROSS_BUILD" ]; then
 	configure_args+=" --enable-hcache"
-	makedepends+=" gdbm-devel"
 fi
 
 pre_configure() {