forked from pool/javamail
Compare commits
34 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| bfb787d132 | |||
| fef3a6f5b2 | |||
| f00805dedc | |||
| 0dfe489ea6 | |||
| 1f8699efce | |||
| 3c70e1a5e8 | |||
| 331c2690ef | |||
| 1fdea59f1b | |||
| 60ba4b650d | |||
| cfd7f13fb7 | |||
| 9fa6c8bfe4 | |||
| ba1638a281 | |||
| 46481ca44f | |||
| 4c9e623686 | |||
| 7cf5df3a8f | |||
| c90893e9ed | |||
| 330814a6d2 | |||
| 892a7aa736 | |||
| 7c2ac620dc | |||
| 36bc5d061a | |||
| f49124b628 | |||
| b836a3c734 | |||
| 91ed275a1b | |||
| 6a65c79119 | |||
| 799301db9f | |||
| 61561ad1bf | |||
| de8160c9df | |||
|
eb5a37cabc | ||
| 3581d74c7f | |||
| 51cdbf954e | |||
| 122474a1c4 | |||
| 49b558b762 | |||
| e40ec01328 | |||
| 1bba9cef3c |
BIN
JAVAMAIL-1_5_2.tar.gz
(Stored with Git LFS)
BIN
JAVAMAIL-1_5_2.tar.gz
(Stored with Git LFS)
Binary file not shown.
29
javamail-CVE-2025-7962.patch
Normal file
29
javamail-CVE-2025-7962.patch
Normal file
@@ -0,0 +1,29 @@
|
||||
--- javamail-JAVAMAIL-1_6_2/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java 2025-07-23 08:57:23.698768098 +0200
|
||||
+++ javamail-JAVAMAIL-1_6_2/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java 2025-07-23 08:57:44.109600841 +0200
|
||||
@@ -2408,14 +2408,25 @@
|
||||
//logger.fine("SENT: " + new String(cmdBytes, 0));
|
||||
|
||||
try {
|
||||
+ validateCommand(cmdBytes);
|
||||
serverOutput.write(cmdBytes);
|
||||
serverOutput.write(CRLF);
|
||||
serverOutput.flush();
|
||||
- } catch (IOException ex) {
|
||||
+ } catch (IOException | RuntimeException ex) {
|
||||
throw new MessagingException("Can't send command to SMTP host", ex);
|
||||
}
|
||||
}
|
||||
|
||||
+ private void validateCommand(byte[] cmdBytes) throws MessagingException {
|
||||
+ final byte CR = '\r';
|
||||
+ final byte LF = '\n';
|
||||
+ for (byte b : cmdBytes) {
|
||||
+ if (b == LF || b == CR) {
|
||||
+ throw new IllegalArgumentException("Command contains illegal character: " + String.format("0x%02x",b));
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Reads server reponse returning the <code>returnCode</code>
|
||||
* as the number. Returns -1 on failure. Sets
|
||||
@@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 23 07:01:17 UTC 2025 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Added patch:
|
||||
* javamail-CVE-2025-7962.patch
|
||||
+ backport of upstream fix for bsc#1246873, CVE-2025-7962:
|
||||
improper neutralization of \r and \n UTF-8 characters can
|
||||
lead to SMTP injection
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 2 15:48:59 UTC 2024 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Spec file cleanup
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Sep 7 09:09:45 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package javamail
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -26,6 +26,7 @@ Group: Development/Libraries/Java
|
||||
URL: https://www.oracle.com/technetwork/java/javamail
|
||||
Source: https://github.com/javaee/javamail/archive/%{git_tag}.tar.gz
|
||||
Patch0: %{name}-javadoc.patch
|
||||
Patch1: %{name}-CVE-2025-7962.patch
|
||||
BuildRequires: ant
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: glassfish-activation-api
|
||||
@@ -51,6 +52,7 @@ Group: Documentation/HTML
|
||||
%prep
|
||||
%setup -q -n %{name}-%{git_tag}
|
||||
%patch -P 0 -p1
|
||||
%patch -P 1 -p1
|
||||
|
||||
add_dep() {
|
||||
%pom_xpath_inject pom:project "<dependencies/>" ${2}
|
||||
@@ -78,10 +80,8 @@ add_dep javax.mail mailapijar
|
||||
rm mail/src/test/java/com/sun/mail/imap/IMAPIdleUntaggedResponseTest.java
|
||||
rm mail/src/test/java/com/sun/mail/smtp/SMTPWriteTimeoutTest.java
|
||||
|
||||
%pom_remove_parent .
|
||||
|
||||
%build
|
||||
%{ant} -Djavac.source=1.8 -Djavac.target=1.8 \
|
||||
ant -Djavac.source=1.8 -Djavac.target=1.8 \
|
||||
-Dactivation.jar=$(find-jar glassfish-activation-api) \
|
||||
jar jars docs
|
||||
|
||||
@@ -108,20 +108,20 @@ ln -sf ../%{name}/javax.mail.jar %{buildroot}%{_javadir}/javax.mail/
|
||||
|
||||
# poms
|
||||
install -dm 0755 %{buildroot}%{_mavenpomdir}/%{name}
|
||||
%mvn_install_pom pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name pom.xml).pom
|
||||
%{mvn_install_pom} pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name pom.xml).pom
|
||||
pompart=%{name}/$(get_name pom.xml).pom
|
||||
%add_maven_depmap ${pompart}
|
||||
for i in mailapijar smtp imap gimap pop3 dsn; do
|
||||
%mvn_install_pom ${i}/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name ${i}/pom.xml).pom
|
||||
%{mvn_install_pom} ${i}/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name ${i}/pom.xml).pom
|
||||
pompart=%{name}/$(get_name ${i}/pom.xml).pom
|
||||
jarpart=%{name}/$(get_name ${i}/pom.xml).jar
|
||||
%add_maven_depmap ${pompart} ${jarpart}
|
||||
done
|
||||
%mvn_install_pom mail/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name mail/pom.xml).pom
|
||||
%{mvn_install_pom} mail/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name mail/pom.xml).pom
|
||||
pompart=%{name}/$(get_name mail/pom.xml).pom
|
||||
jarpart=%{name}/$(get_name mail/pom.xml).jar
|
||||
%add_maven_depmap ${pompart} ${jarpart} -a javax.mail:mail,org.eclipse.jetty.orbit:javax.mail.glassfish,com.sun.mail:jakarta.mail
|
||||
%mvn_install_pom mailapi/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name mailapi/pom.xml).pom
|
||||
%{mvn_install_pom} mailapi/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name mailapi/pom.xml).pom
|
||||
pompart=%{name}/$(get_name mailapi/pom.xml).pom
|
||||
jarpart=%{name}/$(get_name mailapi/pom.xml).jar
|
||||
%add_maven_depmap ${pompart} ${jarpart} -a javax.mail:mailapi
|
||||
|
||||
Reference in New Issue
Block a user