forked from pool/javamail
Compare commits
34 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| bfb787d132 | |||
| fef3a6f5b2 | |||
| f00805dedc | |||
| 0dfe489ea6 | |||
| 1f8699efce | |||
| 3c70e1a5e8 | |||
| 331c2690ef | |||
| 1fdea59f1b | |||
| 60ba4b650d | |||
| cfd7f13fb7 | |||
| 9fa6c8bfe4 | |||
| ba1638a281 | |||
| 46481ca44f | |||
| 4c9e623686 | |||
| 7cf5df3a8f | |||
| c90893e9ed | |||
| 330814a6d2 | |||
| 892a7aa736 | |||
| 7c2ac620dc | |||
| 36bc5d061a | |||
| f49124b628 | |||
| b836a3c734 | |||
| 91ed275a1b | |||
| 6a65c79119 | |||
| 799301db9f | |||
| 61561ad1bf | |||
| de8160c9df | |||
|
eb5a37cabc | ||
| 3581d74c7f | |||
| 51cdbf954e | |||
| 122474a1c4 | |||
| 49b558b762 | |||
| e40ec01328 | |||
| 1bba9cef3c |
BIN
JAVAMAIL-1_5_2.tar.gz
(Stored with Git LFS)
BIN
JAVAMAIL-1_5_2.tar.gz
(Stored with Git LFS)
Binary file not shown.
29
javamail-CVE-2025-7962.patch
Normal file
29
javamail-CVE-2025-7962.patch
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
--- javamail-JAVAMAIL-1_6_2/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java 2025-07-23 08:57:23.698768098 +0200
|
||||||
|
+++ javamail-JAVAMAIL-1_6_2/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java 2025-07-23 08:57:44.109600841 +0200
|
||||||
|
@@ -2408,14 +2408,25 @@
|
||||||
|
//logger.fine("SENT: " + new String(cmdBytes, 0));
|
||||||
|
|
||||||
|
try {
|
||||||
|
+ validateCommand(cmdBytes);
|
||||||
|
serverOutput.write(cmdBytes);
|
||||||
|
serverOutput.write(CRLF);
|
||||||
|
serverOutput.flush();
|
||||||
|
- } catch (IOException ex) {
|
||||||
|
+ } catch (IOException | RuntimeException ex) {
|
||||||
|
throw new MessagingException("Can't send command to SMTP host", ex);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ private void validateCommand(byte[] cmdBytes) throws MessagingException {
|
||||||
|
+ final byte CR = '\r';
|
||||||
|
+ final byte LF = '\n';
|
||||||
|
+ for (byte b : cmdBytes) {
|
||||||
|
+ if (b == LF || b == CR) {
|
||||||
|
+ throw new IllegalArgumentException("Command contains illegal character: " + String.format("0x%02x",b));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Reads server reponse returning the <code>returnCode</code>
|
||||||
|
* as the number. Returns -1 on failure. Sets
|
||||||
@@ -1,3 +1,17 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 23 07:01:17 UTC 2025 - Fridrich Strba <fstrba@suse.com>
|
||||||
|
|
||||||
|
- Added patch:
|
||||||
|
* javamail-CVE-2025-7962.patch
|
||||||
|
+ backport of upstream fix for bsc#1246873, CVE-2025-7962:
|
||||||
|
improper neutralization of \r and \n UTF-8 characters can
|
||||||
|
lead to SMTP injection
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 2 15:48:59 UTC 2024 - Fridrich Strba <fstrba@suse.com>
|
||||||
|
|
||||||
|
- Spec file cleanup
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Sep 7 09:09:45 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
|
Sat Sep 7 09:09:45 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package javamail
|
# spec file for package javamail
|
||||||
#
|
#
|
||||||
# Copyright (c) 2024 SUSE LLC
|
# Copyright (c) 2025 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@@ -26,6 +26,7 @@ Group: Development/Libraries/Java
|
|||||||
URL: https://www.oracle.com/technetwork/java/javamail
|
URL: https://www.oracle.com/technetwork/java/javamail
|
||||||
Source: https://github.com/javaee/javamail/archive/%{git_tag}.tar.gz
|
Source: https://github.com/javaee/javamail/archive/%{git_tag}.tar.gz
|
||||||
Patch0: %{name}-javadoc.patch
|
Patch0: %{name}-javadoc.patch
|
||||||
|
Patch1: %{name}-CVE-2025-7962.patch
|
||||||
BuildRequires: ant
|
BuildRequires: ant
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
BuildRequires: glassfish-activation-api
|
BuildRequires: glassfish-activation-api
|
||||||
@@ -51,6 +52,7 @@ Group: Documentation/HTML
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{git_tag}
|
%setup -q -n %{name}-%{git_tag}
|
||||||
%patch -P 0 -p1
|
%patch -P 0 -p1
|
||||||
|
%patch -P 1 -p1
|
||||||
|
|
||||||
add_dep() {
|
add_dep() {
|
||||||
%pom_xpath_inject pom:project "<dependencies/>" ${2}
|
%pom_xpath_inject pom:project "<dependencies/>" ${2}
|
||||||
@@ -78,10 +80,8 @@ add_dep javax.mail mailapijar
|
|||||||
rm mail/src/test/java/com/sun/mail/imap/IMAPIdleUntaggedResponseTest.java
|
rm mail/src/test/java/com/sun/mail/imap/IMAPIdleUntaggedResponseTest.java
|
||||||
rm mail/src/test/java/com/sun/mail/smtp/SMTPWriteTimeoutTest.java
|
rm mail/src/test/java/com/sun/mail/smtp/SMTPWriteTimeoutTest.java
|
||||||
|
|
||||||
%pom_remove_parent .
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%{ant} -Djavac.source=1.8 -Djavac.target=1.8 \
|
ant -Djavac.source=1.8 -Djavac.target=1.8 \
|
||||||
-Dactivation.jar=$(find-jar glassfish-activation-api) \
|
-Dactivation.jar=$(find-jar glassfish-activation-api) \
|
||||||
jar jars docs
|
jar jars docs
|
||||||
|
|
||||||
@@ -108,20 +108,20 @@ ln -sf ../%{name}/javax.mail.jar %{buildroot}%{_javadir}/javax.mail/
|
|||||||
|
|
||||||
# poms
|
# poms
|
||||||
install -dm 0755 %{buildroot}%{_mavenpomdir}/%{name}
|
install -dm 0755 %{buildroot}%{_mavenpomdir}/%{name}
|
||||||
%mvn_install_pom pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name pom.xml).pom
|
%{mvn_install_pom} pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name pom.xml).pom
|
||||||
pompart=%{name}/$(get_name pom.xml).pom
|
pompart=%{name}/$(get_name pom.xml).pom
|
||||||
%add_maven_depmap ${pompart}
|
%add_maven_depmap ${pompart}
|
||||||
for i in mailapijar smtp imap gimap pop3 dsn; do
|
for i in mailapijar smtp imap gimap pop3 dsn; do
|
||||||
%mvn_install_pom ${i}/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name ${i}/pom.xml).pom
|
%{mvn_install_pom} ${i}/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name ${i}/pom.xml).pom
|
||||||
pompart=%{name}/$(get_name ${i}/pom.xml).pom
|
pompart=%{name}/$(get_name ${i}/pom.xml).pom
|
||||||
jarpart=%{name}/$(get_name ${i}/pom.xml).jar
|
jarpart=%{name}/$(get_name ${i}/pom.xml).jar
|
||||||
%add_maven_depmap ${pompart} ${jarpart}
|
%add_maven_depmap ${pompart} ${jarpart}
|
||||||
done
|
done
|
||||||
%mvn_install_pom mail/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name mail/pom.xml).pom
|
%{mvn_install_pom} mail/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name mail/pom.xml).pom
|
||||||
pompart=%{name}/$(get_name mail/pom.xml).pom
|
pompart=%{name}/$(get_name mail/pom.xml).pom
|
||||||
jarpart=%{name}/$(get_name mail/pom.xml).jar
|
jarpart=%{name}/$(get_name mail/pom.xml).jar
|
||||||
%add_maven_depmap ${pompart} ${jarpart} -a javax.mail:mail,org.eclipse.jetty.orbit:javax.mail.glassfish,com.sun.mail:jakarta.mail
|
%add_maven_depmap ${pompart} ${jarpart} -a javax.mail:mail,org.eclipse.jetty.orbit:javax.mail.glassfish,com.sun.mail:jakarta.mail
|
||||||
%mvn_install_pom mailapi/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name mailapi/pom.xml).pom
|
%{mvn_install_pom} mailapi/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/$(get_name mailapi/pom.xml).pom
|
||||||
pompart=%{name}/$(get_name mailapi/pom.xml).pom
|
pompart=%{name}/$(get_name mailapi/pom.xml).pom
|
||||||
jarpart=%{name}/$(get_name mailapi/pom.xml).jar
|
jarpart=%{name}/$(get_name mailapi/pom.xml).jar
|
||||||
%add_maven_depmap ${pompart} ${jarpart} -a javax.mail:mailapi
|
%add_maven_depmap ${pompart} ${jarpart} -a javax.mail:mailapi
|
||||||
|
|||||||
Reference in New Issue
Block a user