From c38a6698f96d6ecd0f4559efb62f88b9b70fb313 Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Sat, 6 Jan 2024 04:11:58 +0100 Subject: [PATCH] update to 1.9.4 [release 1.9.4-1mamba;Sun Jul 25 2021] --- ...a-after-STARTTLS-response-and-exit-3.patch | 30 +++++++++++++ libetpan.spec | 42 +++++++++++++++---- 2 files changed, 63 insertions(+), 9 deletions(-) create mode 100644 libetpan-1.9.4-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch diff --git a/libetpan-1.9.4-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch b/libetpan-1.9.4-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch new file mode 100644 index 0000000..d889378 --- /dev/null +++ b/libetpan-1.9.4-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch @@ -0,0 +1,30 @@ +From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001 +From: Damian Poddebniak +Date: Fri, 24 Jul 2020 19:39:53 +0200 +Subject: [PATCH 1/2] Detect extra data after STARTTLS response and exit (#387) + +--- + src/low-level/imap/mailimap.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c +index bb17119..4ffcf55 100644 +--- a/src/low-level/imap/mailimap.c ++++ b/src/low-level/imap/mailimap.c +@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session) + + mailimap_response_free(response); + ++ // Detect if the server send extra data after the STARTTLS response. ++ // This *may* be a "response injection attack". ++ if (session->imap_stream->read_buffer_len != 0) { ++ // Since it is also an IMAP protocol violation, exit. ++ return MAILIMAP_ERROR_STARTTLS; ++ } ++ + switch (error_code) { + case MAILIMAP_RESP_COND_STATE_OK: + return MAILIMAP_NO_ERROR; +-- +2.26.2 + diff --git a/libetpan.spec b/libetpan.spec index 90aa27f..ecd1b67 100644 --- a/libetpan.spec +++ b/libetpan.spec @@ -1,5 +1,6 @@ Name: libetpan -Version: 20130506git +Epoch: 1 +Version: 1.9.4 Release: 1mamba Summary: Mail Framework for C Language Group: System/Libraries @@ -7,20 +8,37 @@ Vendor: openmamba Distribution: openmamba Packager: Silvan Calarco URL: http://www.etpan.org/ -## GITSOURCE git://github.com/dinhviethoa/libetpan.git -Source: git://github.com/dinhviethoa/libetpan.git/master/libetpan-%{version}.tar.bz2 +Source: https://github.com/dinhviethoa/libetpan.git/master/libetpan-%{version}.tar.bz2 Patch0: libetpan-20130506git-NULL-missing-include.patch +Patch1: libetpan-1.9.4-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch License: BSD ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel -BuildRequires: libdb51-devel +BuildRequires: libbrotli-devel +BuildRequires: libcares-devel +BuildRequires: libcurl-devel +BuildRequires: libdb53-devel +BuildRequires: libe2fs-devel +BuildRequires: libexpat-devel BuildRequires: libgcc +BuildRequires: libgsasl-devel +BuildRequires: libgss-devel +BuildRequires: libidn-devel +BuildRequires: libidn2-devel +BuildRequires: libkrb5-devel +BuildRequires: libnghttp2-devel +BuildRequires: libntlm-devel +BuildRequires: libopenldap-devel BuildRequires: libopenssl-devel -BuildRequires: libsasl-devel +BuildRequires: libpsl-devel +BuildRequires: librtmp-devel +BuildRequires: libsasl2-devel +BuildRequires: libssh2-devel BuildRequires: libstdc++6-devel +BuildRequires: libunistring-devel BuildRequires: libz-devel +BuildRequires: libzstd-devel ## AUTOBUILDREQ-END -BuildRoot: %{_tmppath}/%{name}-%{version}-root %description Mail Framework for C Language. @@ -37,10 +55,12 @@ This package contains libraries and header files for developing applications tha %prep %setup -q -%patch0 -p1 +#%patch0 -p1 +%patch1 -p1 + +./autogen.sh %build -./autogen.sh %configure %make @@ -61,15 +81,19 @@ This package contains libraries and header files for developing applications tha %files devel %defattr(-,root,root) -%{_bindir}/libetpan-config +#%{_bindir}/libetpan-config %{_includedir}/libetpan.h %dir %{_includedir}/libetpan %{_includedir}/libetpan/*.h %{_libdir}/libetpan.a %{_libdir}/libetpan.la %{_libdir}/libetpan.so +%{_libdir}/pkgconfig/libetpan.pc %doc ChangeLog NEWS %changelog +* Sun Jul 25 2021 Silvan Calarco 1.9.4-1mamba +- update to 1.9.4 + * Mon May 06 2013 Silvan Calarco 20130506git-1mamba - package created by silvan using the webbuild interface