From 4bf921bc182dbfeadd353cfb39bbe3f3345356ff Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Fri, 25 Nov 2022 10:16:53 +0800
Subject: [PATCH] Workaround for CVE-2022-4121

(cherry picked from commit bb2bbcc67f93f195f8455476f9b3a0806b5ea151)
---
 ...box_data_status-info_list-invalid-free.patch | 17 +++++++++++++++++
 libetpan.spec                                   | 13 ++++++++++---
 2 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 libetpan-1.9.4-mailbox_data_status-info_list-invalid-free.patch

diff --git a/libetpan-1.9.4-mailbox_data_status-info_list-invalid-free.patch b/libetpan-1.9.4-mailbox_data_status-info_list-invalid-free.patch
new file mode 100644
index 0000000..b1219b3
--- /dev/null
+++ b/libetpan-1.9.4-mailbox_data_status-info_list-invalid-free.patch
@@ -0,0 +1,17 @@
+--- libetpan-1.9.4.orig/src/low-level/imap/mailimap_types.c	2019-11-02 02:58:50.000000000 +0900
++++ libetpan-1.9.4/src/low-level/imap/mailimap_types.c	2022-11-23 14:58:47.075176654 +0900
+@@ -1389,9 +1389,12 @@ void
+ mailimap_mailbox_data_status_free(struct mailimap_mailbox_data_status * info)
+ {
+   mailimap_mailbox_free(info->st_mailbox);
+-  clist_foreach(info->st_info_list, (clist_func) mailimap_status_info_free,
++  if (info->st_info_list)
++  {
++  	clist_foreach(info->st_info_list, (clist_func) mailimap_status_info_free,
+ 		 NULL);
+-  clist_free(info->st_info_list);
++  	clist_free(info->st_info_list);
++  }
+   free(info);
+ }
+ 
diff --git a/libetpan.spec b/libetpan.spec
index 17bd804..926803b 100644
--- a/libetpan.spec
+++ b/libetpan.spec
@@ -1,6 +1,6 @@
 Name:           libetpan
 Version:        1.9.4
-Release:        6
+Release:        7
 Summary:        Portable, efficient middle-ware for different kinds of mail access
 
 License:        BSD
@@ -18,6 +18,9 @@ Patch101:       libetpan-1.9.4-0001-Detect-extra-data-after-STARTTLS-response-an
 # Detect extra data after STARTTLS responses in SMTP and POP3 and exit
 # https://github.com/dinhvh/libetpan/pull/388
 Patch102:       libetpan-1.9.4-0002-Detect-extra-data-after-STARTTLS-responses-in-SMTP-a.patch
+# https://github.com/dinhvh/libetpan/issues/420
+# Workaround, "formal" fix is under discussion
+Patch103:       libetpan-1.9.4-mailbox_data_status-info_list-invalid-free.patch
 
 BuildRequires:  gcc-c++
 BuildRequires:  liblockfile-devel
@@ -27,7 +30,7 @@ BuildRequires:  gnutls-devel
 BuildRequires:  libtool
 BuildRequires:  zlib-devel
 BuildRequires:  autoconf automake
-BuildRequires: make
+BuildRequires:  make
 # disabled by default in configure.ac accidentally
 # https://github.com/dinhviethoa/libetpan/issues/221
 # libcurl and libexpat not needed by Claws Mail:
@@ -56,6 +59,7 @@ sed -i.flags libetpan.pc.in \
 %patch10 -p1 -b .crypto-policy
 %patch101 -p1 -b .CVE-2020-15953-1
 %patch102 -p1 -b .CVE-2020-15953-2
+%patch103 -p1 -b .CVE-2022-4121.tmp
 
 # 2013-08-05 F20 development, bz 992070: The configure scripts adds some
 # extra libs to the GnuTLS link options, which cause rebuilds to fail, since
@@ -97,5 +101,8 @@ iconv -f iso8859-1 -t utf-8 ChangeLog > ChangeLog.conv && mv -f ChangeLog.conv C
 %{_libdir}/%{name}.so
 
 %changelog
+* Fri Nov 25 2022 peijiankang <peijiankang@kylinos.cn> - 1.9.4-7
+- Workaround for CVE-2022-4121
+
 * Wed Sep 22 2021 douyan <douyan@kylinos.cn> - 1.9.4-6
-- Init package for openEuler
\ No newline at end of file
+- Init package for openEuler