pkgs/development/libraries/libetpan/default.nix

   1 { stdenv, lib, fetchFromGitHub, fetchpatch
   2 , autoconf, automake, libtool, openssl, pkg-config
   3 }:
   4
   5 stdenv.mkDerivation rec {
   6   pname = "libetpan";
   7   version = "1.9.4";
   8
   9   src = fetchFromGitHub {
  10     owner = "dinhviethoa";
  11     repo = "libetpan";
  12     rev = version;
  13     sha256 = "0g7an003simfdn7ihg9yjv7hl2czsmjsndjrp39i7cad8icixscn";
  14   };
  15
  16   patches = [
  17     # The following two patches are fixing CVE-2020-15953, as reported in the
  18     # issue tracker: https://github.com/dinhvh/libetpan/issues/386
  19     # They might be removed for the next version bump.
  20
  21     # CVE-2020-15953: Detect extra data after STARTTLS response and exit
  22     # https://github.com/dinhvh/libetpan/pull/387
  23     (fetchpatch {
  24       name = "cve-2020-15953-imap.patch";
  25       url = "https://github.com/dinhvh/libetpan/commit/1002a0121a8f5a9aee25357769807f2c519fa50b.patch";
  26       sha256 = "1h9ds2z4jii40a0i3z6hsnzx1ldmd2jqidsxp2y2ksyp1ijcgabn";
  27     })
  28
  29     # CVE-2020-15953: Detect extra data after STARTTLS responses in SMTP and POP3 and exit
  30     # https://github.com/dinhvh/libetpan/pull/388
  31     (fetchpatch {
  32       name = "cve-2020-15953-pop3-smtp.patch";
  33       url = "https://github.com/dinhvh/libetpan/commit/298460a2adaabd2f28f417a0f106cb3b68d27df9.patch";
  34       sha256 = "0lq829djar7nb3fai3vdzirmks3w2lfagzqc809lx2lln6y213a0";
  35     })
  36   ];
  37
  38   nativeBuildInputs = [ autoconf automake libtool pkg-config ];
  39
  40   buildInputs = [ openssl ];
  41
  42   configureScript = "./autogen.sh";
  43
  44   meta = with lib; {
  45     description = "Mail Framework for the C Language";
  46     homepage = "http://www.etpan.org/libetpan.html";
  47     license = licenses.bsd3;
  48     maintainers = with maintainers; [ oxzi ];
  49     platforms = platforms.linux;
  50   };
  51 }