From 939f5a0df22bed67dbba49111be883d7878623f9 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Tue, 27 Jul 2021 17:08:15 +0800
Subject: [PATCH] fix CVE-2020-14093

---
 ...3.patch => backport-CVE-2020-14093-1.patch |  0
 backport-CVE-2020-14093-2.patch               | 28 +++++++++++++++++++
 mutt.spec                                     |  8 ++++--
 3 files changed, 34 insertions(+), 2 deletions(-)
 rename CVE-2020-14093.patch => backport-CVE-2020-14093-1.patch (100%)
 create mode 100644 backport-CVE-2020-14093-2.patch

diff --git a/CVE-2020-14093.patch b/backport-CVE-2020-14093-1.patch
similarity index 100%
rename from CVE-2020-14093.patch
rename to backport-CVE-2020-14093-1.patch
diff --git a/backport-CVE-2020-14093-2.patch b/backport-CVE-2020-14093-2.patch
new file mode 100644
index 0000000..e7066a4
--- /dev/null
+++ b/backport-CVE-2020-14093-2.patch
@@ -0,0 +1,28 @@
+From bfb4ba6e6e742d3ca1a23697228fdddc957819a6 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Sat, 20 Jun 2020 06:35:35 -0700
+Subject: [PATCH] Don't check IMAP PREAUTH encryption if $tunnel is in use.
+
+$tunnel is used to create an external encrypted connection.  The default of $ssl_starttls is yes, meaning those kinds of connections will be broken by the CVE-2020-14093 fix.
+---
+ imap/imap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/imap/imap.c b/imap/imap.c
+index 17d1411..a41ed46 100644
+--- a/imap/imap.c
++++ b/imap/imap.c
+@@ -495,8 +495,8 @@ int imap_open_connection (IMAP_DATA* idata)
+   {
+ #if defined(USE_SSL)
+     /* An unencrypted PREAUTH response is most likely a MITM attack.
+-     * Require a confirmation. */
+-    if (!idata->conn->ssf)
++     * Require a confirmation unless using $tunnel. */
++    if (!idata->conn->ssf && !Tunnel)
+     {
+       if (option(OPTSSLFORCETLS) ||
+           (query_quadoption (OPT_SSLSTARTTLS,
+-- 
+2.23.0
+
diff --git a/mutt.spec b/mutt.spec
index 8c4080c..19f9b16 100644
--- a/mutt.spec
+++ b/mutt.spec
@@ -1,6 +1,6 @@
 Name:           mutt
 Version:        1.10.1
-Release:        5
+Release:        6
 Epoch:          5
 Summary:        Text-based mail client
 License:        GPLv2+ and Public Domain
@@ -17,7 +17,8 @@ Patch8:         mutt-1.5.23-system_certs.patch
 Patch9:         mutt-1.9.0-ssl_ciphers.patch
 Patch13:        CVE-2020-28896.patch
 Patch14:        CVE-2021-3181.patch
-Patch15:        CVE-2020-14093.patch
+Patch15:        backport-CVE-2020-14093-1.patch
+Patch16:        backport-CVE-2020-14093-2.patch
 
 BuildRequires:  gcc ncurses-devel gettext automake /usr/bin/xsltproc
 BuildRequires:  lynx docbook-style-xsl perl-interpreter perl-generators
@@ -122,6 +123,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
 %{_mandir}/man5/muttrc.*
 
 %changelog
+- Tue Jul 27 2021 wangyue<wangyue92@huawei.com> - 1.10.1-6
+- fix CVE-2020-14093
+
 * Fri Jul 23 2021 yaoxin<yaoxin30@huawei.com> - 1.10.1-5
 - fix CVE-2020-14093