pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / development / libraries / libetpan / default.nix
at 23.11-beta 99 lines 3.7 kB view raw
1{ stdenv, lib, fetchFromGitHub, fetchpatch 2, autoconf, automake, libtool, openssl, pkg-config 3}: 4 5stdenv.mkDerivation rec { 6 pname = "libetpan"; 7 version = "1.9.4"; 8 9 src = fetchFromGitHub { 10 owner = "dinhviethoa"; 11 repo = "libetpan"; 12 rev = version; 13 hash = "sha256-lukeWURNsRPTuFk2q2XVnwkKz5Y+PRiPba5GPQCw6jw="; 14 }; 15 16 outputs = [ "out" "dev" ]; 17 18 patches = [ 19 # The following patches are security and/or reliability fixes. 20 # They all must be removed for the next version bump. 21 22 # Fix potential null pointer deference 23 # https://github.com/dinhvh/libetpan/pull/348 24 (fetchpatch { 25 name = "pr-348-null-pointer-deference.patch"; 26 url = "https://github.com/dinhvh/libetpan/commit/720e92e5752e562723a9730f8e604cb78f3a9163.patch"; 27 hash = "sha256-/bA/ekeMhLE3OyREHIanlrb+uuSxwur+ZloeaX9AyyM="; 28 }) 29 30 # Fix potential null pointer deference 31 # https://github.com/dinhvh/libetpan/pull/361 32 (fetchpatch { 33 name = "pr-361-null-pointer-deference.patch"; 34 url = "https://github.com/dinhvh/libetpan/commit/0cdefb017fcfd0fae56a151dc14c8439a38ecc44.patch"; 35 hash = "sha256-qbWisOCPI91AIXzg3n7mceSVbBKHZXd8Z0z1u/SrIG8="; 36 }) 37 38 # Fix potential null pointer deference 39 # https://github.com/dinhvh/libetpan/pull/363 40 (fetchpatch { 41 name = "pr-363-null-pointer-deference.patch"; 42 url = "https://github.com/dinhvh/libetpan/commit/68bde8b12b40a680c29d228f0b8fe4dfbf2d8d0b.patch"; 43 hash = "sha256-dUbnh2RoeELk/usHeFsdGC+J198jcudx3rb6/3sUAX0="; 44 }) 45 46 # Missing boundary fix 47 # https://github.com/dinhvh/libetpan/pull/384 48 (fetchpatch { 49 name = "pr-384-missing-boundary-fix.patch"; 50 url = "https://github.com/dinhvh/libetpan/commit/24c485495216c00076b29391591f46b61fcb3dac.patch"; 51 hash = "sha256-6ry8EfiYgbMtQYtT7L662I1A7N7N6OOy9T2ECgR7+cI="; 52 }) 53 54 # CVE-2020-15953: Detect extra data after STARTTLS response and exit 55 # https://github.com/dinhvh/libetpan/pull/387 56 (fetchpatch { 57 name = "cve-2020-15953-imap.patch"; 58 url = "https://github.com/dinhvh/libetpan/commit/1002a0121a8f5a9aee25357769807f2c519fa50b.patch"; 59 hash = "sha256-dqnHZAzX6ym8uF23iKVotdHQv9XQ/BGBAiRGSb7QLcE="; 60 }) 61 62 # CVE-2020-15953: Detect extra data after STARTTLS responses in SMTP and POP3 and exit 63 # https://github.com/dinhvh/libetpan/pull/388 64 (fetchpatch { 65 name = "cve-2020-15953-pop3-smtp.patch"; 66 url = "https://github.com/dinhvh/libetpan/commit/298460a2adaabd2f28f417a0f106cb3b68d27df9.patch"; 67 hash = "sha256-QI0gvLGUik4TQAz/pxwVfOhZc/xtj6jcWPZkJVsSCFM="; 68 }) 69 70 # Fix buffer overwrite for empty string in remove_trailing_eol 71 # https://github.com/dinhvh/libetpan/pull/408 72 (fetchpatch { 73 name = "pr-408-fix-buffer-overwrite.patch"; 74 url = "https://github.com/dinhvh/libetpan/commit/078b924c7f49ac435b10b0f53a73f1bbc4717064.patch"; 75 hash = "sha256-lBRS+bv/7IK7yat2p3mc0SRYn/wRB/spjE7ungj6DT0="; 76 }) 77 78 # CVE-2022-4121: Fixed crash when st_info_list is NULL. 79 # https://github.com/dinhvh/libetpan/issues/420 80 (fetchpatch { 81 name = "cve-2022-4121.patch"; 82 url = "https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba.patch"; 83 hash = "sha256-O+LUkI91oej7MFg4Pg6/xq1uhSanweH81VzPXBdiPh4="; 84 }) 85 ]; 86 87 nativeBuildInputs = [ autoconf automake libtool pkg-config ]; 88 89 buildInputs = [ openssl ]; 90 91 configureScript = "./autogen.sh"; 92 93 meta = with lib; { 94 description = "Mail Framework for the C Language"; 95 homepage = "https://www.etpan.org/libetpan.html"; 96 license = licenses.bsd3; 97 maintainers = with maintainers; [ oxzi ]; 98 }; 99}