uw-imap: patch CVE-2018-19518

Take patch from Debian from https://salsa.debian.org/lts-team/packages/uw-imap/-/commit/873b07f46ce40f43bca10ec85fe63a7a0b934294 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9f7c1e6bd101494c6cc5dad16a7fa65a13cbac70) Adapted to Kirkstone. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Peter Marko <peter.marko@siemens.com> 2025-11-14 20:45:19 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-30 15:13:57 +0100
commit: 57bbdc95e76a58c8aeb65c2a4a17e3c420809ea3 (patch)
tree: bd03b9778878b7b00d5ce44cf0f176f40ea601a5 /meta-oe
parent: c36dd4dabd12b30248744b8cb17ac88df80bfbb2 (diff)
download: meta-openembedded-57bbdc95e76a58c8aeb65c2a4a17e3c420809ea3.tar.gz
2 files changed, 25 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch
new file mode 100644
index 0000000000..d942a752b3
--- /dev/null
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch
@@ -0,0 +1,24 @@
+uw-imap (8:2007f~dfsg-6) unstable; urgency=medium
+  * [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP
+    mailboxes through running imapd over rsh, and therefore ssh (Closes:
+    #914632). Code using the library can enable it with tcp_parameters()
+    after making sure that the IMAP server name is sanitized.
+ -- Magnus Holmgren <holmgren@debian.org>  Tue, 26 Feb 2019 23:35:43 +0100
+CVE: CVE-2018-19518
+Upstream-Status: Inactive-Upstream [lastrelease: 2007]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+--- a/src/osdep/unix/Makefile
+++ b/src/osdep/unix/Makefile
+@@ -988,7 +988,7 @@ onceenv:
+         -DMD5ENABLE=\"$(MD5PWD)\" -DMAILSPOOL=\"$(MAILSPOOL)\" \
+         -DANONYMOUSHOME=\"$(MAILSPOOL)/anonymous\" \
+         -DACTIVEFILE=\"$(ACTIVEFILE)\" -DNEWSSPOOL=\"$(NEWSSPOOL)\" \
+-        -DRSHPATH=\"$(RSHPATH)\" -DLOCKPGM=\"$(LOCKPGM)\" \
+        -DLOCKPGM=\"$(LOCKPGM)\" \
+         -DLOCKPGM1=\"$(LOCKPGM1)\" -DLOCKPGM2=\"$(LOCKPGM2)\" \
+         -DLOCKPGM3=\"$(LOCKPGM3)\" > OSCFLAGS
+        echo $(BASELDFLAGS) $(EXTRALDFLAGS) > LDFLAGS
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
index df90b629a9..de614716cf 100644
--- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -11,6 +11,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
           file://imap-2007e-shared.patch \
           file://imap-2007f-format-security.patch \
           file://0001-Support-OpenSSL-1.1.patch \
+           file://CVE-2018-19518.patch \
           "
 SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
author	Peter Marko <peter.marko@siemens.com>	2025-11-14 20:45:19 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-30 15:13:57 +0100
commit	57bbdc95e76a58c8aeb65c2a4a17e3c420809ea3 (patch)
tree	bd03b9778878b7b00d5ce44cf0f176f40ea601a5 /meta-oe
parent	c36dd4dabd12b30248744b8cb17ac88df80bfbb2 (diff)
download	meta-openembedded-57bbdc95e76a58c8aeb65c2a4a17e3c420809ea3.tar.gz

diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch new file mode 100644 index 0000000000..d942a752b3 --- /dev/null +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch
@@ -0,0 +1,24 @@
		1	uw-imap (8:2007f~dfsg-6) unstable; urgency=medium
		2
		3	* [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP
		4	mailboxes through running imapd over rsh, and therefore ssh (Closes:
		5	#914632). Code using the library can enable it with tcp_parameters()
		6	after making sure that the IMAP server name is sanitized.
		7
		8	-- Magnus Holmgren <holmgren@debian.org> Tue, 26 Feb 2019 23:35:43 +0100
		9
		10	CVE: CVE-2018-19518
		11	Upstream-Status: Inactive-Upstream [lastrelease: 2007]
		12	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		13
		14	--- a/src/osdep/unix/Makefile
		15	+++ b/src/osdep/unix/Makefile
		16	@@ -988,7 +988,7 @@ onceenv:
		17	-DMD5ENABLE=\"$(MD5PWD)\" -DMAILSPOOL=\"$(MAILSPOOL)\" \
		18	-DANONYMOUSHOME=\"$(MAILSPOOL)/anonymous\" \
		19	-DACTIVEFILE=\"$(ACTIVEFILE)\" -DNEWSSPOOL=\"$(NEWSSPOOL)\" \
		20	- -DRSHPATH=\"$(RSHPATH)\" -DLOCKPGM=\"$(LOCKPGM)\" \
		21	+ -DLOCKPGM=\"$(LOCKPGM)\" \
		22	-DLOCKPGM1=\"$(LOCKPGM1)\" -DLOCKPGM2=\"$(LOCKPGM2)\" \
		23	-DLOCKPGM3=\"$(LOCKPGM3)\" > OSCFLAGS
		24	echo $(BASELDFLAGS) $(EXTRALDFLAGS) > LDFLAGS


diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index df90b629a9..de614716cf 100644 --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -11,6 +11,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
11	file://imap-2007e-shared.patch \	11	file://imap-2007e-shared.patch \
12	file://imap-2007f-format-security.patch \	12	file://imap-2007f-format-security.patch \
13	file://0001-Support-OpenSSL-1.1.patch \	13	file://0001-Support-OpenSSL-1.1.patch \
		14	file://CVE-2018-19518.patch \
14	"	15	"
15		16
16	SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"	17	SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"