net-libs/libetpan: Security revbump to fix CVE-2020-15953

Bug: https://bugs.gentoo.org/734130
Package-Manager: Portage-3.0.1, Repoman-2.3.23
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

2 files changed, 164 insertions, 0 deletions

diff --git a/net-libs/libetpan/files/libetpan-1.9.4-CVE-2020-15953.patch b/net-libs/libetpan/files/libetpan-1.9.4-CVE-2020-15953.patch
new file mode 100644
index 000000000000..19e573569fad
--- /dev/null
+++ b/net-libs/libetpan/files/libetpan-1.9.4-CVE-2020-15953.patch
@@ -0,0 +1,86 @@
+From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001
+From: Damian Poddebniak <duesee@users.noreply.github.com>
+Date: Fri, 24 Jul 2020 19:39:53 +0200
+Subject: [PATCH 1/2] Detect extra data after STARTTLS response and exit (#387)
+
+---
+ src/low-level/imap/mailimap.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c
+index bb17119..4ffcf55 100644
+--- a/src/low-level/imap/mailimap.c
++++ b/src/low-level/imap/mailimap.c
+@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session)
+ 
+   mailimap_response_free(response);
+ 
++  // Detect if the server send extra data after the STARTTLS response.
++  // This *may* be a "response injection attack".
++  if (session->imap_stream->read_buffer_len != 0) {
++      // Since it is also an IMAP protocol violation, exit.
++      return MAILIMAP_ERROR_STARTTLS;
++  }
++
+   switch (error_code) {
+   case MAILIMAP_RESP_COND_STATE_OK:
+     return MAILIMAP_NO_ERROR;
+-- 
+2.28.0
+
+
+From 298460a2adaabd2f28f417a0f106cb3b68d27df9 Mon Sep 17 00:00:00 2001
+From: Fabian Ising <Murgeye@users.noreply.github.com>
+Date: Fri, 24 Jul 2020 19:40:48 +0200
+Subject: [PATCH 2/2] Detect extra data after STARTTLS responses in SMTP and
+ POP3 and exit (#388)
+
+* Detect extra data after STLS response and return error
+
+* Detect extra data after SMTP STARTTLS response and return error
+---
+ src/low-level/pop3/mailpop3.c | 8 ++++++++
+ src/low-level/smtp/mailsmtp.c | 8 ++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c
+index ab9535b..e2124bf 100644
+--- a/src/low-level/pop3/mailpop3.c
++++ b/src/low-level/pop3/mailpop3.c
+@@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f)
+ 
+   if (r != RESPONSE_OK)
+     return MAILPOP3_ERROR_STLS_NOT_SUPPORTED;
++
++  // Detect if the server send extra data after the STLS response.
++  // This *may* be a "response injection attack".
++  if (f->pop3_stream->read_buffer_len != 0) {
++    // Since it is also protocol violation, exit.
++    // There is no error type for STARTTLS errors in POP3
++    return MAILPOP3_ERROR_SSL;
++  }
+   
+   return MAILPOP3_NO_ERROR;
+ }
+diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c
+index b7fc459..3145cad 100644
+--- a/src/low-level/smtp/mailsmtp.c
++++ b/src/low-level/smtp/mailsmtp.c
+@@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session)
+     return MAILSMTP_ERROR_STREAM;
+   r = read_response(session);
+ 
++  // Detect if the server send extra data after the STARTTLS response.
++  // This *may* be a "response injection attack".
++  if (session->stream->read_buffer_len != 0) {
++    // Since it is also protocol violation, exit.
++    // There is no general error type for STARTTLS errors in SMTP
++    return MAILSMTP_ERROR_SSL;
++  }
++
+   switch (r) {
+   case 220:
+     return MAILSMTP_NO_ERROR;
+-- 
+2.28.0
+
diff --git a/net-libs/libetpan/libetpan-1.9.4-r1.ebuild b/net-libs/libetpan/libetpan-1.9.4-r1.ebuild
new file mode 100644
index 000000000000..9c243979d6d0
--- /dev/null
+++ b/net-libs/libetpan/libetpan-1.9.4-r1.ebuild
@@ -0,0 +1,78 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools
+
+DESCRIPTION="A portable, efficient middleware for different kinds of mail access"
+HOMEPAGE="http://libetpan.sourceforge.net/"
+SRC_URI="https://github.com/dinhviethoa/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
+IUSE="berkdb gnutls ipv6 liblockfile libressl lmdb sasl ssl static-libs"
+
+# BerkDB is only supported up to version 6.0
+DEPEND="sys-libs/zlib
+	!lmdb? ( berkdb? ( sys-libs/db:= ) )
+	lmdb? ( dev-db/lmdb )
+	ssl? (
+		gnutls? ( net-libs/gnutls:= )
+		!gnutls? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:0= )
+		)
+	)
+	sasl? ( dev-libs/cyrus-sasl:2 )
+	liblockfile? ( net-libs/liblockfile )"
+RDEPEND="${DEPEND}"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0-nonnull.patch
+	"${FILESDIR}"/${PN}-1.9.4-berkdb_lookup.patch #519846
+	"${FILESDIR}"/${PN}-1.9.4-pkgconfig_file_no_ldflags.patch
+	"${FILESDIR}"/${P}-CVE-2020-15953.patch #734130
+)
+
+pkg_pretend() {
+	if use gnutls && ! use ssl ; then
+		ewarn "You have \"gnutls\" USE flag enabled but \"ssl\" USE flag disabled!"
+		ewarn "No ssl support will be available in ${PN}."
+	fi
+
+	if use berkdb && use lmdb ; then
+		ewarn "You have \"berkdb\" _and_ \"lmdb\" USE flags enabled."
+		ewarn "Using lmdb as cache DB!"
+	fi
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# in Prefix emake uses SHELL=${BASH}, export CONFIG_SHELL to the same so
+	# libtool recognises it as valid shell (bug #300211)
+	use prefix && export CONFIG_SHELL=${BASH}
+	local myeconfargs=(
+		# --enable-debug simply injects "-O2 -g" into CFLAGS
+		--disable-debug
+		$(use_enable ipv6)
+		$(use_enable liblockfile lockfile)
+		$(use_enable static-libs static)
+		$(use_with sasl)
+		$(usex lmdb '--enable-lmdb --disable-db' "$(use_enable berkdb db) --disable-lmdb")
+		$(usex ssl "$(use_with gnutls) $(use_with !gnutls openssl)" '--without-gnutls --without-openssl')
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+	find "${ED}" -name "*.la" -delete || die
+	if ! use static-libs ; then
+		find "${ED}" -name "*.a" -delete || die
+	fi
+}