pool/libesmtp
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 39315 from GNOME:Factory

Browse Source 
Copy from GNOME:Factory/libesmtp based on submit request 39315 from user dimstar

OBS-URL: https://build.opensuse.org/request/show/39315
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libesmtp?expand=0&rev=6
This commit is contained in:
OBS User autobuild 2010-05-03 19:37:21 +00:00 committed by Git OBS Bridge
parent e32b1ab17a
commit 1c41633f0b
3 changed files with 186 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libesmtp.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Apr 28 08:16:43 UTC 2010 - freitag@novell.com
- Add libestmp-commonname.diff to do stricter check on commonName
bnc#585393.
-------------------------------------------------------------------
Wed Aug 06 13:52:23 CEST 2008 - bwalle@suse.de

39
libesmtp.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package libesmtp (Version 1.0.4)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -21,16 +21,18 @@
Name: libesmtp
BuildRequires: openssl-devel
Url: http://www.stafford.uklinux.net/libesmtp/
License: GPL v2 or later; LGPL v2.1 or later
License: GPLv2+ ; LGPLv2.1+
Group: Development/Libraries/C and C++
Summary: A Library for Posting Electronic Mail
Version: 1.0.4
Release: 157
Release: 171
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source0: %{name}-%{version}.tar.bz2
Patch0: libesmtp-removedecls.diff
Patch1: libesmtp-1.0.4-bloat.patch
Patch2: libesmtp-1.0.4-multiple-cc.patch
# PATCH-FIX-UPSTREAM libestmp-commonname.diff bnc#585393 freitag@novell.com -- Stricter checking on CommonName
Patch3: libestmp-commonname.diff
%description
libESMTP is a library to manage posting (or submission of) electronic
@ -46,7 +48,7 @@ Authors:
Brian Stafford <brian@stafford.uklinux.net>
%package devel
License: GPL v2 or later; LGPL v2.1 or later
License: GPLv2+ ; LGPLv2.1+
Summary: A Library for Posting Electronic Mail
Group: Development/Libraries/C and C++
Requires: libesmtp = %{version}
@ -69,6 +71,7 @@ Authors:
%patch0
%patch1
%patch2 -p1
%patch3
%build
autoreconf -fi
@ -104,31 +107,3 @@ rm -rf %{buildroot}
%{_libdir}/libesmtp.*so
%changelog
* Wed Aug 06 2008 bwalle@suse.de
- allow multiple calls of smtp_set_header() for Cc and Bcc headers
- disable lwres because we don't want to have a daemon (the lwresd)
running just for address resolution
* Tue Sep 04 2007 mrueckert@suse.de
- remove postfix from the buildrequires
- do not package generic INSTALL file
* Tue Sep 04 2007 crrodriguez@suse.de
- fix #307257 missing requires of the libesmtp-devel package
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Jan 17 2006 lmichnovic@suse.cz
- Updated to version 1.0.4
- enabled support for lwres: lwres_includedir.patch; bind-devel added into NFB
- enabled support for ntlm, etrn
* Wed Nov 02 2005 dmueller@suse.de
- don't build as root
* Tue Sep 27 2005 mls@suse.de
- move .so symlink into devel package
- make devel package require base package
* Sun May 08 2005 mmj@suse.de
- Don't declare things we have for sure on linux
* Fri Mar 26 2004 mmj@suse.de
- Add postfix to # neededforbuild
* Thu Feb 19 2004 sbrabec@suse.cz
- Updated to version 1.0.2.
* Wed Jul 30 2003 hhetter@suse.de
- initial SuSE package

173
libestmp-commonname.diff Normal file
View File

@ -0,0 +1,173 @@
--- smtp-tls.c.orig 2005-12-15 18:59:49.000000000 +0000
+++ smtp-tls.c 2010-03-17 01:15:06.000000000 +0000
@@ -439,15 +439,32 @@
match_component (const char *dom, const char *edom,
const char *ref, const char *eref)
{
- while (dom < edom && ref < eref)
+ /* If ref is the single character '*' then accept this as a wildcard
+ matching any valid domainname component, i.e. characters from the
+ range A-Z, a-z, 0-9, - or _
+ NB this is more restrictive than RFC 2818 which allows multiple
+ wildcard characters in the component pattern */
+ if (eref == ref + 1 && *ref == '*')
+ while (dom < edom)
+ {
+ if (!(isalnum (*dom) || *dom == '-' /*|| *dom == '_'*/))
+ return 0;
+ dom++;
+ }
+ else
{
- /* Accept a final '*' in the reference as a wildcard */
- if (*ref == '*' && ref + 1 == eref)
- break;
- /* compare the domain name case insensitive */
- if (!(*dom == *ref || tolower (*dom) == tolower (*ref)))
- return 0;
- ref++, dom++;
+ while (dom < edom && ref < eref)
+ {
+ /* check for valid domainname character */
+ if (!(isalnum (*dom) || *dom == '-' /*|| *dom == '_'*/))
+ return 0;
+ /* compare the domain name case-insensitively */
+ if (!(*dom == *ref || tolower (*dom) == tolower (*ref)))
+ return 0;
+ ref++, dom++;
+ }
+ if (dom < edom || ref < eref)
+ return 0;
}
return 1;
}
@@ -541,65 +560,83 @@
}
else
{
- int i, j, extcount;
+ char buf[256] = { 0 };
+ STACK_OF(GENERAL_NAME) *altnames;
+ int hasaltname = 0;
- extcount = X509_get_ext_count (cert);
- for (i = 0; i < extcount; i++)
+ altnames = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
+ if (altnames != NULL)
{
- const char *extstr;
- X509_EXTENSION *ext = X509_get_ext (cert, i);
+ int i;
- extstr = OBJ_nid2sn (OBJ_obj2nid (X509_EXTENSION_get_object (ext)));
- if (strcmp (extstr, "subjectAltName") == 0)
+ for (i = 0; i < sk_GENERAL_NAME_num (altnames); ++i)
{
- unsigned char *data;
- STACK_OF(CONF_VALUE) *val;
- CONF_VALUE *nval;
- X509V3_EXT_METHOD *meth;
- void *ext_str = NULL;
- int stack_len;
-
- meth = X509V3_EXT_get (ext);
- if (meth == NULL)
- break;
- data = ext->value->data;
-#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
- if (meth->it)
- ext_str = ASN1_item_d2i (NULL, &data, ext->value->length,
- ASN1_ITEM_ptr (meth->it));
- else
-#endif
- ext_str = meth->d2i (NULL, &data, ext->value->length);
- val = meth->i2v (meth, ext_str, NULL);
- stack_len = sk_CONF_VALUE_num (val);
- for (j = 0; j < stack_len; j++)
+ GENERAL_NAME *name = sk_GENERAL_NAME_value (altnames, i);
+
+ if (name->type == GEN_DNS)
{
- nval = sk_CONF_VALUE_value (val, j);
- if (strcmp (nval->name, "DNS") == 0
- && match_domain (session->host, nval->value))
+ const char *ia5str = (const char *) name->d.ia5->data;
+ int ia5len = name->d.ia5->length;
+
+ hasaltname = 1;
+ if (strlen (ia5str) == ia5len
+ && match_domain (session->host, ia5str))
+ ok = 1;
+ else
{
- ok = 1;
- break;
+ buf[0] = '\0';
+ strncat (buf, ia5str, sizeof buf - 1);
}
}
+ // TODO: handle GEN_IPADD
}
- if (ok)
- break;
+ sk_GENERAL_NAME_pop_free (altnames, GENERAL_NAME_free);
}
- if (!ok)
+
+ if (!hasaltname)
{
- /* Matching by subjectAltName failed, try commonName */
- X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
- NID_commonName, buf, sizeof buf);
- if (!match_domain (session->host, buf) != 0)
+ X509_NAME *subj = X509_get_subject_name (cert);
+
+ if (subj != NULL)
{
- if (session->event_cb != NULL)
- (*session->event_cb) (session, SMTP_EV_WRONG_PEER_CERTIFICATE,
- session->event_cb_arg, &ok, buf, ssl);
+ ASN1_STRING *cn;
+ int idx, i = -1;
+
+ do
+ {
+ idx = i;
+ i = X509_NAME_get_index_by_NID (subj, NID_commonName, i);
+ }
+ while (i >= 0);
+
+ if (idx >= 0
+ && (cn = X509_NAME_ENTRY_get_data (
+ X509_NAME_get_entry (subj, idx)
+ )) != NULL)
+ {
+ unsigned char *str = NULL;
+ int len = ASN1_STRING_to_UTF8 (&str, cn);
+
+ if (str != NULL)
+ {
+ if (strlen ((char *) str) == len
+ && match_domain (session->host, (char *) str))
+ ok = 1;
+ else
+ {
+ buf[0] = '\0';
+ strncat (buf, (char *) str, sizeof buf - 1);
+ }
+ OPENSSL_free (str);
+ }
+ }
}
- else
- ok = 1;
}
+
+ if (!ok && session->event_cb != NULL)
+ (*session->event_cb) (session, SMTP_EV_WRONG_PEER_CERTIFICATE,
+ session->event_cb_arg, &ok, buf, ssl);
+
X509_free (cert);
}
return ok;