Jan Engelhardt
440d916ee1
- Update to 1.1.0:
* CVE-2019-19977: avoid potential stack overflow in NTLM authenticator.
* Migrate build system to Meson
* Remove GNU libltdl support, assume dlopen() always available.
* Use a linker map to restrict public symbols to API only.
* Add sentinel and ‘format printf’ attributes to function declarations.
* Remove getaddrinfo() implementation.
* Use strlcpy() for safer string copies, provide implementation
for systems that need it.
* Update ‘application data’ APIs
* Add ‘smtp_get_server_name()’ API.
* Collect replacement functions into missing.c
* Prohibit Resent-Reply-To: header.
* Use canonic domain name of MTA where known
* Implement rfc2822date() with strftime() if available.
* add option for XDG file layout convention instead of ~/.authenticate
* OpenSSL
+ Remove support for OpenSSL versions before v1.1.0
+ Update OpenSSL API calls used for modern versions
+ Require TLS v1 or higher
* Add add_ntlm.patch
* Drop the following patches:
+ libesmtp-removedecls.diff
+ libesmtp-1.0.4-bloat.patch
+ libesmtp-fix-cve-2019-19977.patch
+ libesmtp-openssl11.patch
+ libesmtp-tlsv12.patch
OBS-URL: https://build.opensuse.org/request/show/1045487
OBS-URL: https://build.opensuse.org/package/show/server:mail/libesmtp?expand=0&rev=8
85 lines
3.2 KiB
Diff
85 lines
3.2 KiB
Diff
From 1c304e7886a08fb56485e41614ff3f8685afb59d Mon Sep 17 00:00:00 2001
|
|
From: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
Date: Tue, 8 Mar 2022 15:05:32 +0000
|
|
Subject: [PATCH] Add build option for NTLM support
|
|
|
|
Currently, NTLM plugin is built by default when openssl is available
|
|
and STARTTLS is enabled. But in libesmtp 1.0.6, there is a separate
|
|
build option. This commits adds the 'ntlm' option back. It's also
|
|
disabled by default.
|
|
|
|
Like 1.0.6, it will check openssl MD4 algorithm support as MD4 is
|
|
insecure and modern systems may drop MD4 support.
|
|
|
|
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
---
|
|
meson.build | 13 ++++++++++---
|
|
meson_options.txt | 1 +
|
|
ntlm/meson.build | 2 +-
|
|
3 files changed, 12 insertions(+), 4 deletions(-)
|
|
|
|
Index: libESMTP-1.1.0/meson.build
|
|
===================================================================
|
|
--- libESMTP-1.1.0.orig/meson.build
|
|
+++ libESMTP-1.1.0/meson.build
|
|
@@ -63,6 +63,7 @@ add_project_arguments(cc.get_supported_a
|
|
################################################################################
|
|
dldep = cc.find_library('dl')
|
|
ssldep = dependency('openssl', version : '>=1.1.0', required : get_option('tls'))
|
|
+ntlmdep = dependency('openssl', version : '>=1.1.0', required : get_option('ntlm'))
|
|
threaddep = dependency('threads', required : get_option('pthreads'))
|
|
|
|
#XXX add test for libbind9.so
|
|
@@ -71,6 +72,7 @@ lwresdep = cc.find_library('lwres', requ
|
|
deps = [
|
|
dldep,
|
|
ssldep,
|
|
+ ntlmdep,
|
|
threaddep,
|
|
lwresdep,
|
|
]
|
|
@@ -220,8 +222,12 @@ include_dir = include_directories('.')
|
|
subdir('login')
|
|
subdir('plain')
|
|
subdir('crammd5')
|
|
-if ssldep.found()
|
|
- subdir('ntlm')
|
|
+if ntlmdep.found()
|
|
+ if cc.has_header('openssl/md4.h') and cc.has_function('MD4_Init', dependencies : ntlmdep)
|
|
+ subdir('ntlm')
|
|
+ else
|
|
+ error('MD4 is not supported in current openssl, unable to build NTLM plugin')
|
|
+ endif
|
|
endif
|
|
|
|
################################################################################
|
|
@@ -247,4 +253,5 @@ summary({'current:revision:age': libesmt
|
|
'STARTTLS': ssldep.found(),
|
|
'CHUNKING': get_option('bdat'),
|
|
'ETRN': get_option('etrn'),
|
|
- 'XUSR': get_option('xusr')})
|
|
+ 'XUSR': get_option('xusr'),
|
|
+ 'NTLM': ntlmdep.found()})
|
|
Index: libESMTP-1.1.0/meson_options.txt
|
|
===================================================================
|
|
--- libESMTP-1.1.0.orig/meson_options.txt
|
|
+++ libESMTP-1.1.0/meson_options.txt
|
|
@@ -5,3 +5,4 @@ option('lwres', type : 'feature', value
|
|
option('bdat', type : 'boolean', value : 'true', description : 'enable SMTP BDAT extension')
|
|
option('etrn', type : 'boolean', value : 'true', description : 'enable SMTP ETRN extension')
|
|
option('xusr', type : 'boolean', value : 'true', description : 'enable sendmail XUSR extension')
|
|
+option('ntlm', type : 'feature', value : 'disabled', description : 'build with support for NTLM authentication')
|
|
Index: libESMTP-1.1.0/ntlm/meson.build
|
|
===================================================================
|
|
--- libESMTP-1.1.0.orig/ntlm/meson.build
|
|
+++ libESMTP-1.1.0/ntlm/meson.build
|
|
@@ -5,7 +5,7 @@ sasl_ntlm_sources = [
|
|
'ntlmstruct.c',
|
|
]
|
|
|
|
-ntlm_deps = [ ssldep, ]
|
|
+ntlm_deps = [ ntlmdep, ]
|
|
|
|
sasl_ntlm = shared_module('ntlm', sasl_ntlm_sources,
|
|
name_prefix : 'sasl-',
|