kumquat-buildroot/package/mutt/mutt.mk
Fabrice Fontaine 89a9f74fa8 package/mutt: fix CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
$ssl_force_tls was processed if an IMAP server's initial server response
was invalid. The connection was not properly closed, and the code could
continue attempting to authenticate. This could result in authentication
credentials being exposed on an unencrypted connection, or to a
machine-in-the-middle.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-23 09:29:29 +01:00

89 lines
2.2 KiB
Makefile

################################################################################
#
# mutt
#
################################################################################
MUTT_VERSION = 1.14.7
MUTT_SITE = https://bitbucket.org/mutt/mutt/downloads
MUTT_LICENSE = GPL-2.0+
MUTT_LICENSE_FILES = GPL
MUTT_DEPENDENCIES = ncurses
MUTT_CONF_OPTS = --disable-doc --disable-smtp
# 0001-Ensure-IMAP-connection-is-closed-after-a-connection-error.patch
MUTT_IGNORE_CVES += CVE-2020-28896
ifeq ($(BR2_PACKAGE_LIBICONV),y)
MUTT_DEPENDENCIES += libiconv
MUTT_CONF_OPTS += --enable-iconv
endif
# Both options can't be selected at the same time so prefer libidn2
ifeq ($(BR2_PACKAGE_LIBIDN2),y)
MUTT_DEPENDENCIES += libidn2
MUTT_CONF_OPTS += --with-idn2 --without-idn
else ifeq ($(BR2_PACKAGE_LIBIDN),y)
MUTT_DEPENDENCIES += libidn
MUTT_CONF_OPTS += --with-idn --without-idn2
else
MUTT_CONF_OPTS += --without-idn --without-idn2
endif
ifeq ($(BR2_PACKAGE_MUTT_IMAP),y)
MUTT_CONF_OPTS += --enable-imap
else
MUTT_CONF_OPTS += --disable-imap
endif
ifeq ($(BR2_PACKAGE_MUTT_POP3),y)
MUTT_CONF_OPTS += --enable-pop
else
MUTT_CONF_OPTS += --disable-pop
endif
# SSL support is only used by imap or pop3 module
ifneq ($(BR2_PACKAGET_MUTT_IMAP)$(BR2_PACKAGE_MUTT_POP3),)
ifeq ($(BR2_PACKAGE_OPENSSL),y)
MUTT_DEPENDENCIES += openssl
MUTT_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr
else
MUTT_CONF_OPTS += --without-ssl
endif
else
MUTT_CONF_OPTS += --without-ssl
endif
ifeq ($(BR2_PACKAGE_SQLITE),y)
MUTT_DEPENDENCIES += sqlite
MUTT_CONF_OPTS += --with-sqlite3
else
MUTT_CONF_OPTS += --without-sqlite3
endif
# Avoid running tests to check for:
# - target system is *BSD
# - C99 conformance (snprintf, vsnprintf)
# - behaviour of the regex library
# - if mail spool directory is world/group writable
# - we have a working libiconv
MUTT_CONF_ENV += \
mutt_cv_bsdish=no \
mutt_cv_c99_snprintf=yes \
mutt_cv_c99_vsnprintf=yes \
mutt_cv_regex_broken=no \
mutt_cv_worldwrite=yes \
mutt_cv_groupwrite=yes \
mutt_cv_iconv_good=yes \
mutt_cv_iconv_nontrans=no
MUTT_CONF_OPTS += --with-mailpath=/var/mail
define MUTT_VAR_MAIL
mkdir -p $(TARGET_DIR)/var
ln -sf /tmp $(TARGET_DIR)/var/mail
endef
MUTT_POST_INSTALL_TARGET_HOOKS += MUTT_VAR_MAIL
$(eval $(autotools-package))