--- a/components/mutt/Makefile Mon Feb 25 10:47:26 2013 -0800
+++ b/components/mutt/Makefile Mon Feb 25 11:30:46 2013 -0800
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -59,6 +59,8 @@
$(GSED) -i 's%XXX-CUSAGE-XXX%$(shell $(CC) -V 2>&1 | head -1)%' \
$(BUILD_DIR_32)/muttbug.sh
+ASLR_MODE = $(ASLR_ENABLE)
+
# common targets
build: $(BUILD_32)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/mutt/patches/16390278-parfait.patch Mon Feb 25 11:30:46 2013 -0800
@@ -0,0 +1,44 @@
+# These patches have been accepted upstream and should thus be removed upon
+# the next upgrade; details in the bug report.
+--- mutt-1.5.21/rfc1524.c.orig Mon Mar 1 09:56:19 2010
++++ mutt-1.5.21/rfc1524.c Thu Feb 21 13:05:24 2013
+@@ -68,7 +68,7 @@
+ if (option (OPTMAILCAPSANITIZE))
+ mutt_sanitize_filename (type, 0);
+
+- while (x < clen && command[x] && y < sizeof (buf) - 1)
++ while (x < clen - 1 && command[x] && y < sizeof (buf) - 1)
+ {
+ if (command[x] == '\\')
+ {
+--- mutt-1.5.21/sendlib.c.orig Mon Sep 13 10:19:55 2010
++++ mutt-1.5.21/sendlib.c Thu Feb 21 13:27:42 2013
+@@ -1664,7 +1664,7 @@
+ /* find the next word and place it in `buf'. it may start with
+ * whitespace we can fold before */
+ next = find_word (p);
+- l = MIN(sizeof (buf), next - p);
++ l = MIN(sizeof (buf) - 1, next - p);
+ memcpy (buf, p, l);
+ buf[l] = 0;
+
+--- mutt-1.5.21/smime.c.orig Mon Sep 13 10:19:55 2010
++++ mutt-1.5.21/smime.c Fri Feb 22 04:17:00 2013
+@@ -357,7 +357,7 @@
+ char index_file[_POSIX_PATH_MAX];
+ FILE *index;
+ char buf[LONG_STRING];
+- char fields[5][STRING];
++ char fields[5][STRING+1]; /* +1 due to use of fscanf() below. the max field width does not include the null terminator (see http://dev.mutt.org/trac/ticket/3636) */
+ int numFields, hash_suffix, done, cur; /* The current entry */
+ MUTTMENU* menu;
+ unsigned int hash;
+@@ -470,7 +470,7 @@
+ int addr_len, query_len, found = 0, ask = 0, choice = 0;
+ char cert_path[_POSIX_PATH_MAX];
+ char buf[LONG_STRING], prompt[STRING];
+- char fields[5][STRING];
++ char fields[5][STRING+1]; /* +1 due to use of fscanf() below. the max field width does not include the null terminator (see http://dev.mutt.org/trac/ticket/3636) */
+ char key[STRING];
+ int numFields;
+ struct stat info;
--- a/components/mutt/patches/PATCHES.patch Mon Feb 25 10:47:26 2013 -0800
+++ b/components/mutt/patches/PATCHES.patch Mon Feb 25 11:30:46 2013 -0800
@@ -1,9 +1,11 @@
diff -ur mutt-1.5.21.orig/PATCHES mutt-1.5.21/PATCHES
--- mutt-1.5.21.orig/PATCHES
+++ mutt-1.5.21/PATCHES
-@@ -1,0 +1,5 @@
+@@ -1,0 +1,7 @@
+In addition, these upstream defects are fixed:
+#2064 wish: imap operations should be interruptable
+#3288 seg fault in mx_update_context
+#3392 Whitespace garbage in pager mode
+#3537 flea/muttbug tries to run C compiler with -v option to get the version number
++#3635 potential buffer overruns
++#3636 Possible buffer overflow in smime.c