packages/libetpan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Workaround for CVE-2022-4121

Browse Source 
(cherry picked from commit bb2bbcc67f93f195f8455476f9b3a0806b5ea151)
This commit is contained in:
peijiankang 2022-11-25 10:16:53 +08:00 committed by openeuler-sync-bot
parent 0b96b9c0df
commit 4bf921bc18
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libetpan-1.9.4-mailbox_data_status-info_list-invalid-free.patch Normal file
View File

@ -0,0 +1,17 @@
--- libetpan-1.9.4.orig/src/low-level/imap/mailimap_types.c 2019-11-02 02:58:50.000000000 +0900
+++ libetpan-1.9.4/src/low-level/imap/mailimap_types.c 2022-11-23 14:58:47.075176654 +0900
@@ -1389,9 +1389,12 @@ void
mailimap_mailbox_data_status_free(struct mailimap_mailbox_data_status * info)
{
mailimap_mailbox_free(info->st_mailbox);
- clist_foreach(info->st_info_list, (clist_func) mailimap_status_info_free,
+ if (info->st_info_list)
+ {
+ clist_foreach(info->st_info_list, (clist_func) mailimap_status_info_free,
NULL);
- clist_free(info->st_info_list);
+ clist_free(info->st_info_list);
+ }
free(info);
}

13
libetpan.spec
View File

@ -1,6 +1,6 @@
Name: libetpan
Version: 1.9.4
Release: 6
Release: 7
Summary: Portable, efficient middle-ware for different kinds of mail access
License: BSD
@ -18,6 +18,9 @@ Patch101: libetpan-1.9.4-0001-Detect-extra-data-after-STARTTLS-response-an
# Detect extra data after STARTTLS responses in SMTP and POP3 and exit
# https://github.com/dinhvh/libetpan/pull/388
Patch102: libetpan-1.9.4-0002-Detect-extra-data-after-STARTTLS-responses-in-SMTP-a.patch
# https://github.com/dinhvh/libetpan/issues/420
# Workaround, "formal" fix is under discussion
Patch103: libetpan-1.9.4-mailbox_data_status-info_list-invalid-free.patch
BuildRequires: gcc-c++
BuildRequires: liblockfile-devel
@ -27,7 +30,7 @@ BuildRequires: gnutls-devel
BuildRequires: libtool
BuildRequires: zlib-devel
BuildRequires: autoconf automake
BuildRequires: make
BuildRequires: make
# disabled by default in configure.ac accidentally
# https://github.com/dinhviethoa/libetpan/issues/221
# libcurl and libexpat not needed by Claws Mail:
@ -56,6 +59,7 @@ sed -i.flags libetpan.pc.in \
%patch10 -p1 -b .crypto-policy
%patch101 -p1 -b .CVE-2020-15953-1
%patch102 -p1 -b .CVE-2020-15953-2
%patch103 -p1 -b .CVE-2022-4121.tmp
# 2013-08-05 F20 development, bz 992070: The configure scripts adds some
# extra libs to the GnuTLS link options, which cause rebuilds to fail, since
@ -97,5 +101,8 @@ iconv -f iso8859-1 -t utf-8 ChangeLog > ChangeLog.conv && mv -f ChangeLog.conv C
%{_libdir}/%{name}.so
%changelog
* Fri Nov 25 2022 peijiankang <peijiankang@kylinos.cn> - 1.9.4-7
- Workaround for CVE-2022-4121
* Wed Sep 22 2021 douyan <douyan@kylinos.cn> - 1.9.4-6
- Init package for openEuler
- Init package for openEuler