.gitignore

@@ -1 +1,45 @@
-SOURCES/mutt-2.0.7.tar.gz
+mutt-1.5.20-20100718hg1a35f0.tar.bz2
+mutt-1.5.21.tar.gz
+mutt-1.5.22.tar.gz
+mutt-1.5.23.tar.gz
+/mutt-1.5.23-20150609hg17a4f92e4a95.tar.gz
+/mutt-1.5.24.tar.gz
+/mutt-1.6.0.tar.gz
+/mutt-1.6.1.tar.gz
+/mutt-1.6.2.tar.gz
+/mutt-1.7.0.tar.gz
+/mutt-1.7.1.tar.gz
+/mutt-1.7.2.tar.gz
+/mutt-1.8.2.tar.gz
+/mutt-1.8.3.tar.gz
+/mutt-1.9.0.tar.gz
+/mutt-1.9.1.tar.gz
+/mutt-1.9.2.tar.gz
+/mutt-1.9.3.tar.gz
+/mutt-1.9.4.tar.gz
+/mutt-1.9.5.tar.gz
+/mutt-1.10.0.tar.gz
+/mutt-1.10.1.tar.gz
+/mutt-1.11.2.tar.gz
+/mutt-1.11.3.tar.gz
+/mutt-1.11.4.tar.gz
+/mutt-1.12.0.tar.gz
+/mutt-1.12.1.tar.gz
+/mutt-1.12.2.tar.gz
+/mutt-1.13.0.tar.gz
+/mutt-1.13.2.tar.gz
+/mutt-1.13.3.tar.gz
+/mutt-1.13.4.tar.gz
+/mutt-1.13.5.tar.gz
+/mutt-1.14.0.tar.gz
+/mutt-1.14.2.tar.gz
+/mutt-1.14.3.tar.gz
+/mutt-1.14.4.tar.gz
+/mutt-1.14.5.tar.gz
+/mutt-1.14.6.tar.gz
+/mutt-1.14.7.tar.gz
+/mutt-2.0.2.tar.gz
+/mutt-2.0.5.tar.gz
+/mutt-2.0.6.tar.gz
+/mutt-2.1.5.tar.gz
+/mutt-2.2.6.tar.gz

.mutt.metadata

@@ -1 +1 @@
-7421d0c5db7e264f00bd8a149f5f92d99c3afa83 SOURCES/mutt-2.0.7.tar.gz
+3dabf53ea1a45e67fe77a5072bb4c104afb2ad1e mutt-2.2.6.tar.gz

0014-Fix-rfc2047-base64-decoding-to-abort-on-illegal-char.patch

@@ -0,0 +1,41 @@
+From 96610c6cfa796dc15c5afcf0fd9f9b75869827fe Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Sun, 3 Sep 2023 12:22:01 +0800
+Subject: [PATCH] Fix rfc2047 base64 decoding to abort on illegal characters.
+
+For some reason, the rfc2047 base64 decoder ignored illegal
+characters, instead of aborting.  This seems innocuous, but in fact
+leads to at least three crash-bugs elsewhere in Mutt.
+
+These stem from Mutt, in some cases, passing an entire header
+field (name, colon, and body) to the rfc2047 decoder.  (It is
+technically incorrect to do so, by the way, but is beyond scope for
+these fixes in stable).  Mutt then assumes the result can't be empty
+because of a previous check that the header contains at least a colon.
+
+This commit takes care of the source of the crashes, by aborting the
+rfc2047 decode.  The following two commits add protective fixes to the
+specific crash points.
+
+Thanks to Chenyuan Mi (@morningbread) for discovering the strchr
+crashes, giving a working example draft message, and providing the
+stack traces for the two NULL derefences.
+
+(cherry picked from commit 452ee330e094bfc7c9a68555e5152b1826534555)
+---
+ rfc2047.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rfc2047.c b/rfc2047.c
+index 1ce82ebb..36cc76db 100644
+--- a/rfc2047.c
++++ b/rfc2047.c
+@@ -724,7 +724,7 @@ static int rfc2047_decode_word (BUFFER *d, const char *s, char **charset)
+ 	    if (*pp == '=')
+ 	      break;
+ 	    if ((*pp & ~127) || (c = base64val(*pp)) == -1)
+-	      continue;
++              goto error_out_0;
+ 	    if (k + 6 >= 8)
+ 	    {
+ 	      k -= 2;

0015-CVE-2023-4874-Fix-write_one_header-illegal-header-ch.patch

@@ -0,0 +1,37 @@
+From d75eaee07138aa661b5c8b49242d20ba95894efb Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Sun, 3 Sep 2023 14:11:48 +0800
+Subject: [PATCH] (CVE-2023-4874) Fix write_one_header() illegal header check.
+
+This is another crash caused by the rfc2047 decoding bug fixed in the
+second prior commit.
+
+In this case, an empty header line followed by a header line starting
+with ":", would result in t==end.
+
+The mutt_substrdup() further below would go very badly at that point,
+with t >= end+1.  This could result in either a memcpy onto NULL or a
+huge malloc call.
+
+Thanks to Chenyuan Mi (@morningbread) for giving a working example
+draft message of the rfc2047 decoding flaw.  This allowed me, with
+further testing, to discover this additional crash bug.
+
+(cherry picked from commit a4752eb0ae0a521eec02e59e51ae5daedf74fda0)
+---
+ sendlib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sendlib.c b/sendlib.c
+index b0b94b4f..7d2feb62 100644
+--- a/sendlib.c
++++ b/sendlib.c
+@@ -2121,7 +2121,7 @@ static int write_one_header (FILE *fp, int pfxw, int max, int wraplen,
+   else
+   {
+     t = strchr (start, ':');
+-    if (!t || t > end)
++    if (!t || t >= end)
+     {
+       dprint (1, (debugfile, "mwoh: warning: header not in "
+ 		  "'key: value' format!\n"));

0016-CVE-2023-4875-Check-for-NULL-userhdrs.patch

@@ -0,0 +1,47 @@
+From d9e00fa1a7c0f30529d71d818a4e1518f1537053 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Mon, 4 Sep 2023 12:50:07 +0800
+Subject: [PATCH] (CVE-2023-4875) Check for NULL userhdrs.
+
+When composing an email, miscellaneous extra headers are stored in a
+userhdrs list.  Mutt first checks to ensure each header contains at
+least a colon character, passes the entire userhdr field (name, colon,
+and body) to the rfc2047 decoder, and safe_strdup()'s the result on
+the userhdrs list.  An empty result would from the decode would result
+in a NULL headers being added to list.
+
+The previous commit removed the possibility of the decoded header
+field being empty, but it's prudent to add a check to the strchr
+calls, in case there is another unexpected bug resulting in one.
+
+Thanks to Chenyuan Mi (@morningbread) for discovering the two strchr
+crashes, giving a working example draft message, and providing the
+stack traces for the two NULL derefences.
+
+(cherry picked from commit 4cc3128abdf52c615911589394a03271fddeefc6)
+---
+ sendlib.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sendlib.c b/sendlib.c
+index 7d2feb62..ed4d7a25 100644
+--- a/sendlib.c
++++ b/sendlib.c
+@@ -2409,7 +2409,7 @@ int mutt_write_rfc822_header (FILE *fp, ENVELOPE *env, BODY *attach, char *date,
+   /* Add any user defined headers */
+   for (; tmp; tmp = tmp->next)
+   {
+-    if ((p = strchr (tmp->data, ':')))
++    if ((p = strchr (NONULL (tmp->data), ':')))
+     {
+       q = p;
+ 
+@@ -2457,7 +2457,7 @@ static void encode_headers (LIST *h)
+ 
+   for (; h; h = h->next)
+   {
+-    if (!(p = strchr (h->data, ':')))
++    if (!(p = strchr (NONULL (h->data), ':')))
+       continue;
+ 
+     i = p - h->data;

SOURCES/mutt-1.10.1-mutt-1.9.3-1_coverity_166.patch

@@ -1,11 +0,0 @@
-diff -up mutt-1.10.1/query.c.mutt-1.9.3-1_coverity_166 mutt-1.10.1/query.c
---- mutt-1.10.1/query.c.mutt-1.9.3-1_coverity_166	2018-11-26 11:54:55.078468192 +0100
-+++ mutt-1.10.1/query.c	2018-11-26 11:55:12.035710707 +0100
-@@ -443,6 +443,7 @@ static void query_menu (char *buf, size_
- 	      }
- 
- 	    mutt_create_alias (NULL, naddr);
-+		rfc822_free_address (&naddr);
- 	  }
- 	  else
- 	  {

SOURCES/mutt-1.10.1-mutt-1.9.3-1_coverity_181.patch

@@ -1,12 +0,0 @@
-diff -up mutt-1.10.1/send.c.mutt-1.9.3-1_coverity_181 mutt-1.10.1/send.c
---- mutt-1.10.1/send.c.mutt-1.9.3-1_coverity_181	2018-11-26 12:08:42.615216677 +0100
-+++ mutt-1.10.1/send.c	2018-11-26 12:08:52.007351542 +0100
-@@ -243,7 +243,7 @@ static int edit_envelope (ENVELOPE *en)
-       if (ascii_strncasecmp ("subject:", uh->data, 8) == 0)
-       {
- 	p = skip_email_wsp(uh->data + 8);
--	strncpy (buf, p, sizeof (buf));
-+	strfcpy (buf, p, sizeof (buf));
-       }
-     }
-   }

SOURCES/mutt-1.10.1-mutt-1.9.3-1_coverity_187_188_189_190.patch

@@ -1,31 +0,0 @@
-diff -up mutt-1.10.1/sendlib.c.mutt-1.9.3-1_coverity_187_188_189_190 mutt-1.10.1/sendlib.c
---- mutt-1.10.1/sendlib.c.mutt-1.9.3-1_coverity_187_188_189_190	2018-11-26 12:34:51.007894823 +0100
-+++ mutt-1.10.1/sendlib.c	2018-11-26 12:35:08.374143006 +0100
-@@ -1815,11 +1815,15 @@ static int write_one_header (FILE *fp, i
- 	      NONULL(pfx), valbuf, max, wraplen));
-     if (pfx && *pfx)
-       if (fputs (pfx, fp) == EOF)
-+      {
-+        FREE(&valbuf);
- 	return -1;
-+      }
-     if (!(t = strchr (valbuf, ':')))
-     {
-       dprint (1, (debugfile, "mwoh: warning: header not in "
- 		  "'key: value' format!\n"));
-+      FREE(&valbuf);
-       return 0;
-     }
-     if (print_val (fp, pfx, valbuf, flags, mutt_strlen (pfx)) < 0)
-@@ -1861,7 +1865,11 @@ static int write_one_header (FILE *fp, i
- 	      "max width = %d > %d\n",
- 	      NONULL(pfx), valbuf, max, wraplen));
-     if (fold_one_header (fp, tagbuf, valbuf, pfx, wraplen, flags) < 0)
-+    {
-+      FREE (&tagbuf);
-+      FREE (&valbuf);
-       return -1;
-+    }
-     FREE (&tagbuf);
-     FREE (&valbuf);
-   }

SOURCES/mutt-2.0.7-cve-2022-1328.patch

@@ -1,40 +0,0 @@
-From e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 Mon Sep 17 00:00:00 2001
-From: Kevin McCarthy <kevin@8t8.us>
-Date: Tue, 5 Apr 2022 11:05:52 -0700
-Subject: [PATCH] Fix uudecode buffer overflow.
-
-mutt_decode_uuencoded() used each line's initial "length character"
-without any validation.  It would happily read past the end of the
-input line, and with a suitable value even past the length of the
-input buffer.
-
-As I noted in ticket 404, there are several other changes that could
-be added to make the parser more robust.  However, to avoid
-accidentally introducing another bug or regression, I'm restricting
-this patch to simply addressing the overflow.
-
-Thanks to Tavis Ormandy for reporting the issue, along with a sample
-message demonstrating the problem.
----
- handler.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/handler.c b/handler.c
-index d1b4bc73..c97cf0cb 100644
---- a/handler.c
-+++ b/handler.c
-@@ -404,9 +404,9 @@ static void mutt_decode_uuencoded (STATE *s, LOFF_T len, int istext, iconv_t cd)
-     pt = tmps;
-     linelen = decode_byte (*pt);
-     pt++;
--    for (c = 0; c < linelen;)
-+    for (c = 0; c < linelen && *pt;)
-     {
--      for (l = 2; l <= 6; l += 2)
-+      for (l = 2; l <= 6 && *pt && *(pt + 1); l += 2)
-       {
- 	out = decode_byte (*pt) << l;
- 	pt++;
--- 
-2.34.1
-

SOURCES/mutt_disable_ssl_enforce.patch

@@ -1,26 +0,0 @@
-Based on https://gitlab.com/muttmua/mutt/-/commit/9204b24e99767ae06b5df25eca55c028d702528b
-This patch disable enforcing of ssl
-diff -ur mutt-2.0.2/doc/manual.xml.head mutt_patch/doc/manual.xml.head
---- mutt-2.0.2/doc/manual.xml.head	2020-11-07 21:30:03.000000000 +0100
-+++ mutt_patch/doc/manual.xml.head	2021-01-27 20:21:05.964647359 +0100
-@@ -9104,7 +9104,7 @@
-   <para>
-     When connecting through a <link linkend="tunnel">$tunnel</link>
-     and <link linkend="tunnel-is-secure">$tunnel_is_secure</link> is
--    set (the default), Mutt will assume the connection to the server
-+    set (Not the default!), Mutt will assume the connection to the server
-     through the pipe is already secured.  Mutt will ignore <link
-     linkend="ssl-starttls">$ssl_starttls</link> and <link
-     linkend="ssl-force-tls">$ssl_force_tls</link>, behaving as if TLS
-diff -ur mutt-2.0.2/init.h mutt_patch/init.h
---- mutt-2.0.2/init.h	2020-11-20 02:28:59.000000000 +0100
-+++ mutt_patch/init.h	2021-01-27 20:20:09.696052996 +0100
-@@ -4021,7 +4021,7 @@
-   ** The file containing a client certificate and its associated private
-   ** key.
-   */
--  { "ssl_force_tls",		DT_BOOL, R_NONE, {.l=OPTSSLFORCETLS}, {.l=1} },
-+  { "ssl_force_tls",		DT_BOOL, R_NONE, {.l=OPTSSLFORCETLS}, {.l=0} },
-   /*
-   ** .pp
-   ** If this variable is \fIset\fP, Mutt will require that all connections

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

mutt-1.12.1-optusegpgagent.patch

@@ -0,0 +1,12 @@
+diff -up mutt-1.12.1/init.h.optusegpgagent mutt-1.12.1/init.h
+--- mutt-1.12.1/init.h.optusegpgagent	2019-08-29 09:29:38.868810511 +0200
++++ mutt-1.12.1/init.h	2019-08-29 09:30:29.899395370 +0200
+@@ -2444,7 +2444,7 @@ struct option_t MuttVars[] = {
+   ** not used.
+   ** (PGP only)
+   */
+-  { "pgp_use_gpg_agent", DT_BOOL, R_NONE, {.l=OPTUSEGPGAGENT}, {.l=1} },
++  { "pgp_use_gpg_agent", DT_BOOL, R_NONE, {.l=OPTUSEGPGAGENT}, {.l=0} },
+   /*
+   ** .pp
+   ** If \fIset\fP, mutt expects a \fCgpg-agent(1)\fP process will handle

mutt-1.5.23-system_certs.patch

@@ -4,7 +4,7 @@ diff -rup mutt-17a4f92e4a95-orig/init.h mutt-17a4f92e4a95-new/init.h
 @@ -2989,7 +2989,7 @@ struct option_t MuttVars[] = {
    */
  #if defined(USE_SSL)
- #ifdef USE_SSL_GNUTLS
+ # ifdef USE_SSL_GNUTLS
 -  { "ssl_ca_certificates_file", DT_PATH, R_NONE, {.p=&SslCACertFile}, {.p=0} },
 +  { "ssl_ca_certificates_file", DT_PATH, R_NONE, {.p=&SslCACertFile}, {.p="/etc/ssl/certs/ca-bundle.crt"} },
    /*

mutt-1.9.4-lynx_no_backscapes.patch

@@ -5,7 +5,7 @@ diff -up mutt-1.9.1/doc/Makefile.am.lynx_no_backscapes mutt-1.9.1/doc/Makefile.a
  
  check:
  manual.txt: manual.html
--	-LC_ALL=C lynx -localhost -dump -nolist -with_backspaces -display_charset=us-ascii manual.html > $@ || \
+-	-LC_ALL=C lynx -localhost -dump -nolist -nonumbers -with_backspaces -display_charset=us-ascii manual.html > $@ || \
 +	-LC_ALL=C lynx -localhost -dump -nolist -display_charset=us-ascii manual.html > $@ || \
  	LC_ALL=C w3m -T text/html -I utf-8 -O utf-8 -dump < manual.html > $@ || \
  	LC_ALL=C elinks -dump -no-numbering -no-references manual.html | sed -e 's,\\001, ,g' > $@

mutt.spec

@@ -19,13 +19,12 @@
 
 Summary: A text mode mail user agent
 Name: mutt
-Version: 2.0.7
+Version: 2.2.6
 Release: 2%{?dist}
 Epoch: 5
 # The entire source code is GPLv2+ except
 # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
 License: GPLv2+ and Public Domain
-Group: Applications/Internet
 # hg snapshot created from http://dev.mutt.org/hg/mutt
 Source: ftp://ftp.mutt.org/pub/%{name}/%{name}-%{version}.tar.gz
 Source1: mutt_ldap_query
@@ -38,19 +37,15 @@ Patch8: mutt-1.5.23-system_certs.patch
 Patch9: mutt-1.9.0-ssl_ciphers.patch
 Patch10: mutt-1.9.4-lynx_no_backscapes.patch
 Patch12: mutt-1.9.5-nodotlock.patch
-# Fixs compatibility with previous versions
-Patch13: mutt_disable_ssl_enforce.patch
-Patch14: mutt-2.0.7-cve-2022-1328.patch
-
-# Coverity patches
-# https://cov01.lab.eng.brq.redhat.com/el8-results/el8/mutt-1.9.3-1.el8+7/scan-results-imp.html
-Patch111: mutt-1.10.1-mutt-1.9.3-1_coverity_166.patch
-Patch112: mutt-1.10.1-mutt-1.9.3-1_coverity_181.patch
-Patch113: mutt-1.10.1-mutt-1.9.3-1_coverity_187_188_189_190.patch
+Patch13: mutt-1.12.1-optusegpgagent.patch
+Patch0014: 0014-Fix-rfc2047-base64-decoding-to-abort-on-illegal-char.patch
+Patch0015: 0015-CVE-2023-4874-Fix-write_one_header-illegal-header-ch.patch
+Patch0016: 0016-CVE-2023-4875-Check-for-NULL-userhdrs.patch
 
 Url: http://www.mutt.org
 Requires: mailcap, urlview
-BuildRequires:  gcc, make
+BuildRequires: make
+BuildRequires: gcc
 BuildRequires: ncurses-devel, gettext, automake
 # manual generation
 BuildRequires: /usr/bin/xsltproc, docbook-style-xsl, perl-interpreter
@@ -101,12 +96,10 @@ autoreconf --install
 %patch3 -p1 -b .syncdebug
 %patch8 -p1 -b .system_certs
 %patch9 -p1 -b .ssl_ciphers
-%patch13 -p1
-%patch14 -p1 -b .cve-2022-1328
-
-%patch111 -p1 -b .mutt-1.9.3-1_coverity_166
-%patch112 -p1 -b .mutt-1.9.3-1_coverity_181
-%patch113 -p1 -b .mutt-1.9.3-1_coverity_187_188_189_190.patch
+%patch13 -p1 -b .optusegpgagent
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
 
 sed -i -r 's/`$GPGME_CONFIG --libs`/"\0 -lgpg-error"/' configure
 
@@ -158,7 +151,6 @@ rm -f mutt_ssl.c
     %{?with_sidebar: --enable-sidebar} \
     --with-docdir=%{_pkgdocdir}
 
-#make %{?_smp_mflags}
 %make_build
 
 # remove unique id in manual.html because multilib conflicts
@@ -166,7 +158,7 @@ sed -i -r 's/<a id="id[a-z0-9]\+">/<a id="id">/g' doc/manual.html
 
 
 %install
-make install DESTDIR=%{buildroot}
+%make_install
 
 # we like GPG here
 cat contrib/gpg.rc >> \
@@ -197,7 +189,6 @@ rm -f %{buildroot}%{_mandir}/man5/mmdf.5*
 rm -rf %{buildroot}%{_pkgdocdir}
 
 # remove /usr/share/info/dir
-# prevents adding dir file without installed info utility
 rm %{buildroot}%{_infodir}/dir
 
 # provide muttrc.local(5): the same as muttrc(5)
@@ -227,21 +218,129 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
 
 
 %changelog
-* Thu Jul 21 2022 Matej Mužila <mmuzila@redhat.com> - 5:2.0.7-2
-- Fix CVE-2022-1328 (#2109247)
+* Wed Oct 11 2023 Matej Mužila <mmuzila@redhat.com> - 5:2.2.6-2
+- Fix for: CVE-2023-4874 CVE-2023-4875
+- Resolves: RHEL-2812
 
-* Wed May 5 2021 Filip Januš <fjanus@redhat.com> - 5:2.0.7-1
-- Upgrade to v2.0.7
-- New bug fix release
-- Resolves: #1912614
+* Mon Jul 25 2022 Matej Mužila <mmuzila@redhat.com> - 5:2.2.6-1
+- Rebase to upstream version 2.2.6
+  Resolves: CVE-2022-1328
 
-* Thu Apr 8 2021 Filip Januš <fjanus@redhat.com> - 5:2.0.6-1
-- Upgrade to v2.0.6
-- Resolves: #1912614
+* Tue Jan 11 2022 Matej Mužila <mmuzila@redhat.com> - 5:2.1.5-1
+- Rebase to upstream version 2.1.5
+  Resolves: rhbz#2032988 rhbz#1959896
 
-* Thu Jun 13 2019 Matej Mužila <mmuzila@redhat.com> - 5:1.10.1-2
-- Fix Coverity issues
-- Resolves: #1602622
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5:2.0.6-3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5:2.0.6-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Mon Mar 22 2021 Filip Januš <fjanus@redhat.com> 5:2.0.6-1
+- Rebase to upstream version 2.0.6
+
+* Mon Feb 1 2021 Filip Januš <fjanus@redhat.com> -5:2.0.5-1
+- Rebase to upstream version 2.0.5
+- Fix CVE-2021-3181
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5:2.0.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec 01 2020 Matej Mužila <mmuzila@redhat.com> - 5:2.0.2-1
+- Upgrade to 2.0.2
+- Resolves: #1895629, #1900827, CVE-2020-28896
+
+* Tue Sep 01 2020 Matej Mužila <mmuzila@redhat.com> - 5:1.14.7-2
+- Fix mutt-1.9.4-lynx_no_backscapes.patch
+
+* Mon Aug 31 2020 Matej Mužila <mmuzila@redhat.com> - 5:1.14.7-1
+- Upgrade to 1.14.7
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5:1.14.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 22 2020 Fabio Alessandro Locati <fale@fedoraproject.org> - 5:1.14.6-1
+- Upgrade to 1.14.6
+
+* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 5:1.14.5-2
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Wed Jun 24 2020 Fabio Alessandro Locati <fale@fedoraproject.org> - 5:1.14.5-1
+- Upgrade to 1.14.5
+
+* Fri Jun 19 2020 Fabio Alessandro Locati <fale@fedoraproject.org> - 5:1.14.4-1
+- Upgrade to 1.14.4
+- Resolves: #1848768
+
+* Mon Jun 15 2020 Fabio Alessandro Locati <fale@fedoraproject.org> - 5:1.14.3-1
+- Upgrade to 1.14.3
+- Resolves: #1836550
+
+* Tue May 26 2020 Matej Mužila <mmuzila@redhat.com> - 5:1.14.2-1
+- Upgrade to 1.14.2
+- Resolves: #1836550
+
+* Sat May 09 2020 Fabio Alessandro Locati <fale@fedoraproject.org> - 5:1.14.0-1
+- Upgrade to 1.14.0
+- Resolves: #1818513
+
+* Tue Apr 07 2020 Matej Mužila <mmuzila@redhat.com> - 5:1.13.5-1
+- Upgrade to 1.13.5
+- Resolves: #1818513
+
+* Mon Feb 17 2020 Matej Mužila <mmuzila@redhat.com> - 5:1.13.4-1
+- Upgrade to 1.13.4
+- Resolves: #1803392
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5:1.13.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Jan 15 2020 Matej Mužila <mmuzila@redhat.com> - 5:1.13.3-1
+- Upgrade to 1.13.3
+- Resolves: #1783717, #1785500
+
+* Fri Jan 03 2020 Matej Mužila <mmuzila@redhat.com> - 5:1.13.2-1
+- Upgrade to 1.13.2
+- Resolves: #1783717
+
+* Mon Dec 02 2019 Matej Mužila <mmuzila@redhat.com> - 5:1.13.0-1
+- Upgrade to 1.13.0
+- Resolves: #1754211
+
+* Tue Sep 24 2019 Matej Mužila <mmuzila@redhat.com> - 5:1.12.2-1
+- Upgrade to 1.12.2
+- Resolves: #1754211
+
+* Thu Aug 29 2019 Matej Mužila <mmuzila@redhat.com> - 5:1.12.1-3
+- Make mutt to ask for GPG passphrase
+- Resolves: #1731854
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5:1.12.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed Jul 17 2019 Matej Mužila <mmuzila@redhat.com> - 5:1.12.1-1
+- Upgrade to 1.12.1
+- Resolves #1720848
+
+* Tue May 28 2019 Matej Mužila <mmuzila@redhat.com> - 5:1.12.0-1
+- Upgrade to 1.12.0
+- Resolves #1710398,#1713910
+
+* Wed Apr 24 2019 Björn Esser <besser82@fedoraproject.org> - 5:1.11.4-2
+- Remove hardcoded gzip suffix from GNU info pages
+
+* Wed Feb 06 2019 Matej Mužila <mmuzila@redhat.com> - 5:1.11.4-1
+- Upgrade to 1.11.4
+- Resolves #1688091
+
+* Wed Feb 06 2019 Matej Mužila <mmuzila@redhat.com> - 5:1.11.3-1
+- Upgrade to 1.11.3
+- Resolves #1659217
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5:1.10.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
 * Tue Jul 17 2018 Matej Mužila <mmuzila@redhat.com> - 5:1.10.1-1
 - Upgrade to 1.10.1

sources

@@ -0,0 +1 @@
+SHA512 (mutt-2.2.6.tar.gz) = 07d473b6e6774f3988538e799fcc73ad35efceb5b1a3ee377754332f34db664d40ffa650711c7720ddc5c248e5379bba19fc5fd3dc7418a25305780e25f3b52b