Bug 27952

Summary: alpine should be built against system c-client library, c-client code should be synced with alpine
Product: Mageia Reporter: David Walser <luigiwalser>
Component: RPM PackagesAssignee: Christiaan Welvaart <cjw>
Status: NEW --- QA Contact:
Severity: major    
Priority: Normal CC: jani.valimaa
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: alpine-2.24-1.mga8.src.rpm, c-client0-2007f-15.mga8.src.rpm CVE:
Status comment:

Description David Walser 2020-12-27 22:27:47 CET 
+++ This bug was initially created as a clone of Bug #26880 +++

The "imap" code in alpine is a bundled copy of the code in c-client.
Comment 1 Jani Välimaa 2020-12-28 19:35:54 CET 
Alpine's "imap" code is newer than the one we have in c-client.

Alpine's c-client/mail.h:
#define CCLIENTVERSION "2010"

c-lient's c-client/mail.h:
#define CCLIENTVERSION "2007f"

CC: (none) => jani.valimaa

Comment 2 David Walser 2020-12-28 19:39:46 CET 
Ouch, and historically the imap code is full of vulnerabilities.  So the c-client version of the code would need to be updated (and probably synced with Alpine) too.
Comment 3 Jani Välimaa 2020-12-28 19:53:17 CET 
Alpine upgraded to Panda IMAP with version 2.19.1 in 2013.
https://repo.or.cz/alpine.git/commit/7fe712882b909931088a318c08041b0e7974a000

Commit history of c-client dir:
https://repo.or.cz/alpine.git/history/HEAD:/imap/src/c-client
David Walser 2020-12-28 19:56:20 CET

Source RPM: alpine-2.24-1.mga8.src.rpm => alpine-2.24-1.mga8.src.rpm, c-client0-2007f-15.mga8.src.rpm
Summary: alpine should be built against system c-client library => alpine should be built against system c-client library, c-client code should be synced with alpine