about summary refs log tree commit diff
path: root/nixpkgs/pkgs/development/libraries/libetpan
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2023-10-20 22:09:03 +0000
committerAlyssa Ross <hi@alyssa.is>2023-10-20 22:09:03 +0000
commit50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e (patch)
treef2556b911180125ccbb7ed0e78a54e92da89adce /nixpkgs/pkgs/development/libraries/libetpan
parent4c16d4548a98563c9d9ad76f4e5b2202864ccd54 (diff)
parentcfc75eec4603c06503ae750f88cf397e00796ea8 (diff)
downloadnixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar
nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.gz
nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.bz2
nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.lz
nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.xz
nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.zst
nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.zip
Merge commit 'cfc75eec4603c06503ae750f88cf397e00796ea8'
Conflicts:
	nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/libetpan')
-rw-r--r--nixpkgs/pkgs/development/libraries/libetpan/default.nix64
1 files changed, 56 insertions, 8 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libetpan/default.nix b/nixpkgs/pkgs/development/libraries/libetpan/default.nix
index 572c90b27b47..1f7f52c70ab5 100644
--- a/nixpkgs/pkgs/development/libraries/libetpan/default.nix
+++ b/nixpkgs/pkgs/development/libraries/libetpan/default.nix
@@ -10,20 +10,53 @@ stdenv.mkDerivation rec {
     owner = "dinhviethoa";
     repo = "libetpan";
     rev = version;
-    sha256 = "0g7an003simfdn7ihg9yjv7hl2czsmjsndjrp39i7cad8icixscn";
+    hash = "sha256-lukeWURNsRPTuFk2q2XVnwkKz5Y+PRiPba5GPQCw6jw=";
   };
 
+  outputs = [ "out" "dev" ];
+
   patches = [
-    # The following two patches are fixing CVE-2020-15953, as reported in the
-    # issue tracker: https://github.com/dinhvh/libetpan/issues/386
-    # They might be removed for the next version bump.
+    # The following patches are security and/or reliability fixes.
+    # They all must be removed for the next version bump.
+
+    # Fix potential null pointer deference
+    # https://github.com/dinhvh/libetpan/pull/348
+    (fetchpatch {
+      name = "pr-348-null-pointer-deference.patch";
+      url = "https://github.com/dinhvh/libetpan/commit/720e92e5752e562723a9730f8e604cb78f3a9163.patch";
+      hash = "sha256-/bA/ekeMhLE3OyREHIanlrb+uuSxwur+ZloeaX9AyyM=";
+    })
+
+    # Fix potential null pointer deference
+    # https://github.com/dinhvh/libetpan/pull/361
+    (fetchpatch {
+      name = "pr-361-null-pointer-deference.patch";
+      url = "https://github.com/dinhvh/libetpan/commit/0cdefb017fcfd0fae56a151dc14c8439a38ecc44.patch";
+      hash = "sha256-qbWisOCPI91AIXzg3n7mceSVbBKHZXd8Z0z1u/SrIG8=";
+    })
+
+    # Fix potential null pointer deference
+    # https://github.com/dinhvh/libetpan/pull/363
+    (fetchpatch {
+      name = "pr-363-null-pointer-deference.patch";
+      url = "https://github.com/dinhvh/libetpan/commit/68bde8b12b40a680c29d228f0b8fe4dfbf2d8d0b.patch";
+      hash = "sha256-dUbnh2RoeELk/usHeFsdGC+J198jcudx3rb6/3sUAX0=";
+    })
+
+    # Missing boundary fix
+    # https://github.com/dinhvh/libetpan/pull/384
+    (fetchpatch {
+      name = "pr-384-missing-boundary-fix.patch";
+      url = "https://github.com/dinhvh/libetpan/commit/24c485495216c00076b29391591f46b61fcb3dac.patch";
+      hash = "sha256-6ry8EfiYgbMtQYtT7L662I1A7N7N6OOy9T2ECgR7+cI=";
+    })
 
     # CVE-2020-15953: Detect extra data after STARTTLS response and exit
     # https://github.com/dinhvh/libetpan/pull/387
     (fetchpatch {
       name = "cve-2020-15953-imap.patch";
       url = "https://github.com/dinhvh/libetpan/commit/1002a0121a8f5a9aee25357769807f2c519fa50b.patch";
-      sha256 = "1h9ds2z4jii40a0i3z6hsnzx1ldmd2jqidsxp2y2ksyp1ijcgabn";
+      hash = "sha256-dqnHZAzX6ym8uF23iKVotdHQv9XQ/BGBAiRGSb7QLcE=";
     })
 
     # CVE-2020-15953: Detect extra data after STARTTLS responses in SMTP and POP3 and exit
@@ -31,7 +64,23 @@ stdenv.mkDerivation rec {
     (fetchpatch {
       name = "cve-2020-15953-pop3-smtp.patch";
       url = "https://github.com/dinhvh/libetpan/commit/298460a2adaabd2f28f417a0f106cb3b68d27df9.patch";
-      sha256 = "0lq829djar7nb3fai3vdzirmks3w2lfagzqc809lx2lln6y213a0";
+      hash = "sha256-QI0gvLGUik4TQAz/pxwVfOhZc/xtj6jcWPZkJVsSCFM=";
+    })
+
+    # Fix buffer overwrite for empty string in remove_trailing_eol
+    # https://github.com/dinhvh/libetpan/pull/408
+    (fetchpatch {
+      name = "pr-408-fix-buffer-overwrite.patch";
+      url = "https://github.com/dinhvh/libetpan/commit/078b924c7f49ac435b10b0f53a73f1bbc4717064.patch";
+      hash = "sha256-lBRS+bv/7IK7yat2p3mc0SRYn/wRB/spjE7ungj6DT0=";
+    })
+
+    # CVE-2022-4121: Fixed crash when st_info_list is NULL.
+    # https://github.com/dinhvh/libetpan/issues/420
+    (fetchpatch {
+      name = "cve-2022-4121.patch";
+      url = "https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba.patch";
+      hash = "sha256-O+LUkI91oej7MFg4Pg6/xq1uhSanweH81VzPXBdiPh4=";
     })
   ];
 
@@ -43,9 +92,8 @@ stdenv.mkDerivation rec {
 
   meta = with lib; {
     description = "Mail Framework for the C Language";
-    homepage = "http://www.etpan.org/libetpan.html";
+    homepage = "https://www.etpan.org/libetpan.html";
     license = licenses.bsd3;
     maintainers = with maintainers; [ oxzi ];
-    platforms = platforms.linux;
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-18 23:59:12 +0000