net-libs/libetpan: Add patch for CVE-2022-4121

- Also bump EAPI to version 8 - Build succeeds on amd64 - Tests don't seem to run Bug: https://bugs.gentoo.org/891263 Signed-off-by: Christopher Fore <[email protected]> Closes: gentoo#36351 Signed-off-by: Bernard Cafarelli <[email protected]>
johu · Apr 22, 2024 · cbf4ae0 · cbf4ae0
1 parent 25dd5c0
commit cbf4ae0
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 0 deletions.
diff --git a/net-libs/libetpan/files/libetpan-1.9.4-CVE-2022-4121.patch b/net-libs/libetpan/files/libetpan-1.9.4-CVE-2022-4121.patch
@@ -0,0 +1,29 @@
+From 5c9eb6b6ba64c4eb927d7a902317410181aacbba Mon Sep 17 00:00:00 2001
+From: Hoa Dinh <[email protected]>
+Date: Mon, 19 Dec 2022 08:16:32 -0800
+Subject: [PATCH] Fixed crash when st_info_list is NULL. Fixes #420. Fixes
+ CVE-2022-4121.
+
+---
+ src/low-level/imap/mailimap_types.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/low-level/imap/mailimap_types.c b/src/low-level/imap/mailimap_types.c
+index 9923125c..79a0cc23 100644
+--- a/src/low-level/imap/mailimap_types.c
++++ b/src/low-level/imap/mailimap_types.c
+@@ -1389,9 +1389,11 @@ void
+ mailimap_mailbox_data_status_free(struct mailimap_mailbox_data_status * info)
+ {
+   mailimap_mailbox_free(info->st_mailbox);
+-  clist_foreach(info->st_info_list, (clist_func) mailimap_status_info_free,
+-		 NULL);
+-  clist_free(info->st_info_list);
++  if (info->st_info_list != NULL) {
++    clist_foreach(info->st_info_list, (clist_func) mailimap_status_info_free,
++      NULL);
++    clist_free(info->st_info_list);
++  }
+   free(info);
+ }
+
diff --git a/net-libs/libetpan/libetpan-1.9.4-r2.ebuild b/net-libs/libetpan/libetpan-1.9.4-r2.ebuild
@@ -0,0 +1,78 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+inherit autotools
+
+DESCRIPTION="A portable, efficient middleware for different kinds of mail access"
+HOMEPAGE="https://libetpan.sourceforge.net/"
+SRC_URI="https://github.com/dinhviethoa/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="berkdb gnutls ipv6 liblockfile lmdb sasl ssl static-libs"
+
+# BerkDB is only supported up to version 6.0
+DEPEND="sys-libs/zlib
+	!lmdb? ( berkdb? ( sys-libs/db:= ) )
+	lmdb? ( dev-db/lmdb )
+	ssl? (
+		gnutls? ( net-libs/gnutls:= )
+		!gnutls? (
+			dev-libs/openssl:0=
+		)
+	)
+	sasl? ( dev-libs/cyrus-sasl:2 )
+	liblockfile? ( net-libs/liblockfile )"
+RDEPEND="${DEPEND}"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0-nonnull.patch
+	"${FILESDIR}"/${PN}-1.9.4-berkdb_lookup.patch #519846
+	"${FILESDIR}"/${PN}-1.9.4-pkgconfig_file_no_ldflags.patch
+	"${FILESDIR}"/${P}-CVE-2020-15953.patch #734130
+	"${FILESDIR}"/${P}-CVE-2022-4121.patch #891263
+)
+
+pkg_pretend() {
+	if use gnutls && ! use ssl ; then
+		ewarn "You have \"gnutls\" USE flag enabled but \"ssl\" USE flag disabled!"
+		ewarn "No ssl support will be available in ${PN}."
+	fi
+
+	if use berkdb && use lmdb ; then
+		ewarn "You have \"berkdb\" _and_ \"lmdb\" USE flags enabled."
+		ewarn "Using lmdb as cache DB!"
+	fi
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# in Prefix emake uses SHELL=${BASH}, export CONFIG_SHELL to the same so
+	# libtool recognises it as valid shell (bug #300211)
+	use prefix && export CONFIG_SHELL=${BASH}
+	local myeconfargs=(
+		# --enable-debug simply injects "-O2 -g" into CFLAGS
+		--disable-debug
+		$(use_enable ipv6)
+		$(use_enable liblockfile lockfile)
+		$(use_enable static-libs static)
+		$(use_with sasl)
+		$(usex lmdb '--enable-lmdb --disable-db' "$(use_enable berkdb db) --disable-lmdb")
+		$(usex ssl "$(use_with gnutls) $(use_with !gnutls openssl)" '--without-gnutls --without-openssl')
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+	find "${ED}" -name "*.la" -delete || die
+	if ! use static-libs ; then
+		find "${ED}" -name "*.a" -delete || die
+	fi
+}