ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-11 15:27:20 +03:00
Code Issues Projects Releases Wiki Activity

libetpan: Fix CVE-2020-15953

Browse Source 
This commit patches the vulnerable libetpan release 1.9.4 with its
upstream patches against the CVE-2020-15953.

Merging this will close #113463.
This commit is contained in:
Alvar Penning 2021-02-18 09:51:21 +01:00
parent 8d007abd0b
commit 2b344e02ad
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
pkgs/development/libraries/libetpan/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, fetchFromGitHub
{ stdenv, lib, fetchFromGitHub, fetchpatch
, autoconf, automake, libtool, openssl, pkg-config
}:
@ -13,6 +13,28 @@ stdenv.mkDerivation rec {
sha256 = "0g7an003simfdn7ihg9yjv7hl2czsmjsndjrp39i7cad8icixscn";
};
patches = [
# The following two patches are fixing CVE-2020-15953, as reported in the
# issue tracker: https://github.com/dinhvh/libetpan/issues/386
# They might be removed for the next version bump.
# CVE-2020-15953: Detect extra data after STARTTLS response and exit
# https://github.com/dinhvh/libetpan/pull/387
(fetchpatch {
name = "cve-2020-15953-imap.patch";
url = "https://github.com/dinhvh/libetpan/commit/1002a0121a8f5a9aee25357769807f2c519fa50b.patch";
sha256 = "1h9ds2z4jii40a0i3z6hsnzx1ldmd2jqidsxp2y2ksyp1ijcgabn";
})
# CVE-2020-15953: Detect extra data after STARTTLS responses in SMTP and POP3 and exit
# https://github.com/dinhvh/libetpan/pull/388
(fetchpatch {
name = "cve-2020-15953-pop3-smtp.patch";
url = "https://github.com/dinhvh/libetpan/commit/298460a2adaabd2f28f417a0f106cb3b68d27df9.patch";
sha256 = "0lq829djar7nb3fai3vdzirmks3w2lfagzqc809lx2lln6y213a0";
})
];
nativeBuildInputs = [ autoconf automake libtool pkg-config ];
buildInputs = [ openssl ];