gnu: Mutt: Update to 2.0.2 [fixes CVE-2020-28896].

* gnu/packages/mail.scm (mutt): Update to 2.0.2. * gnu/packages/patches/mutt-store-references.patch: Adjust to changes in Mutt 2.0.2.
2020-11-25 13:18:15 -05:00 · 2020-11-25 13:18:15 -05:00 · e9f5dfc004
parent f85490869e
commit e9f5dfc004
2 changed files with 9 additions and 8 deletions
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@ -444,7 +444,7 @@ aliasing facilities to work just as they would on normal mail.")
 (define-public mutt
  (package
    (name "mutt")
-    (version "1.14.7")
+    (version "2.0.2")
    (source (origin
             (method url-fetch)
             (uri (list
@ -454,7 +454,7 @@ aliasing facilities to work just as they would on normal mail.")
                                   version ".tar.gz")))
             (sha256
              (base32
-               "0r58xnjgkw0kmnnzhb32mk5gkkani5kbi5krybpbag156fqhgxg4"))
+               "1j0i2jmlk5sc78af9flj3ynj0iiwa8biw7jgf12qm5lppsx1h4j7"))
             (patches (search-patches "mutt-store-references.patch"))))
    (build-system gnu-build-system)
    (inputs
--- a/gnu/packages/patches/mutt-store-references.patch
+++ b/gnu/packages/patches/mutt-store-references.patch
@ -2,15 +2,16 @@ By default 'mutt' embeds configure flags and the output of 'gcc -v',
 which contains the store file name of Bash and GCC.  This patch makes
 sure we don't embed a reference to these in 'mutt'.

--- mutt-1.5.23/txt2c.sh	2015-06-26 22:56:56.500731643 +0200
-+++ mutt-1.5.23/txt2c.sh	2015-06-26 22:57:26.664583900 +0200
+diff --git a/txt2c.sh b/txt2c.sh
+index f634bb9..53845cf 100755
+--- a/txt2c.sh
+++ b/txt2c.sh
@@ -21,6 +21,8 @@ txt2c_fallback () {
 	echo ";"
 }
 
 +echo "unsigned char $1[] = \"value of '$1' not kept\";"
 +exit 0
- ./txt2c test </dev/null >/dev/null 2>&1 &&
- ./txt2c "$1" ||
- txt2c_fallback "$1"
-
+ if ./txt2c test </dev/null >/dev/null 2>&1; then
+     ./txt2c "$1"
+ else