packages/libetpan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libetpan/libetpan.spec
peijiankang 4bf921bc18 Workaround for CVE-2022-4121 
(cherry picked from commit bb2bbcc67f93f195f8455476f9b3a0806b5ea151)
2022-11-25 11:25:34 +08:00

109 lines
3.6 KiB
RPMSpec
Raw Permalink Blame History

Name: libetpan
Version: 1.9.4
Release: 7
Summary: Portable, efficient middle-ware for different kinds of mail access
License: BSD
URL: http://www.etpan.org/
Source0: https://github.com/dinhviethoa/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
# system crypto policy (see rhbz#1179310)
Patch10: libetpan-1.9.2-cryptopolicy.patch
# Upstream patches
#
# CVE-2020-15953
# https://github.com/dinhvh/libetpan/issues/386
# Detect extra data after STARTTLS response and exit
# https://github.com/dinhvh/libetpan/pull/387
Patch101: libetpan-1.9.4-0001-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch
# Detect extra data after STARTTLS responses in SMTP and POP3 and exit
# https://github.com/dinhvh/libetpan/pull/388
Patch102: libetpan-1.9.4-0002-Detect-extra-data-after-STARTTLS-responses-in-SMTP-a.patch
# https://github.com/dinhvh/libetpan/issues/420
# Workaround, "formal" fix is under discussion
Patch103: libetpan-1.9.4-mailbox_data_status-info_list-invalid-free.patch
BuildRequires: gcc-c++
BuildRequires: liblockfile-devel
BuildRequires: libdb-devel < 5.4
BuildRequires: cyrus-sasl-devel
BuildRequires: gnutls-devel
BuildRequires: libtool
BuildRequires: zlib-devel
BuildRequires: autoconf automake
BuildRequires: make
# disabled by default in configure.ac accidentally
# https://github.com/dinhviethoa/libetpan/issues/221
# libcurl and libexpat not needed by Claws Mail:
# http://lists.claws-mail.org/pipermail/users/2016-January/015665.html
#BuildRequires: libcurl-devel expat-devel
%description
The purpose of this mail library is to provide a portable, efficient middle-ware
for different kinds of mail access. When using the drivers interface, the
interface is the same for all kinds of mail access, remote and local mailboxes.
%package devel
Summary: Development package for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
The %{name}-devel package contains the files needed for development
with %{name}.
%prep
%setup -q
#%patch0 -b .libetpan-config-script
sed -i.flags libetpan.pc.in \
-e 's|-letpan@LIBSUFFIX@.*$|-letpan@LIBSUFFIX@|'
%patch10 -p1 -b .crypto-policy
%patch101 -p1 -b .CVE-2020-15953-1
%patch102 -p1 -b .CVE-2020-15953-2
%patch103 -p1 -b .CVE-2022-4121.tmp
# 2013-08-05 F20 development, bz 992070: The configure scripts adds some
# extra libs to the GnuTLS link options, which cause rebuilds to fail, since
# gnutls-devel no longer pulls in libgcrypt-devel libgpg-error-devel
# [The alternative fix is to BR those packages, of course.]
grep 'GNUTLSLIB="-lgnutls -lgcrypt -lgpg-error -lz"' configure.ac || exit -1
sed -i '\@GNUTLSLIB=@s!-lgcrypt -lgpg-error -lz!!g' configure.ac
env NOCONFIGURE=1 ./autogen.sh
%build
#%global optflags %(echo %{optflags} | sed 's/-g /-g -Wno-format-truncation /')
%configure --disable-static --with-gnutls=yes --with-openssl=no
make LIBTOOL=%{_bindir}/libtool %{?_smp_mflags}
cd doc
make doc
%install
make install DESTDIR=$RPM_BUILD_ROOT
rm -rf $RPM_BUILD_ROOT%{_libdir}/libetpan.{,l}a
iconv -f iso8859-1 -t utf-8 ChangeLog > ChangeLog.conv && mv -f ChangeLog.conv ChangeLog
%ldconfig_scriptlets
%files
%license COPYRIGHT
%doc ChangeLog NEWS
%{_libdir}/%{name}.so.20
%{_libdir}/%{name}.so.20.*
%files devel
%doc doc/API.html doc/README.html doc/DOCUMENTATION
%{_libdir}/pkgconfig/%{name}.pc
%{_includedir}/libetpan/
%{_includedir}/libetpan.h
%{_libdir}/%{name}.so
%changelog
* Fri Nov 25 2022 peijiankang <peijiankang@kylinos.cn> - 1.9.4-7
- Workaround for CVE-2022-4121
* Wed Sep 22 2021 douyan <douyan@kylinos.cn> - 1.9.4-6
- Init package for openEuler
Reference in New Issue View Git Blame Copy Permalink