diff --git a/mutt-1.5.19-opennfs.dif b/mutt-1.5.19-opennfs.dif index 161f474..eda80bd 100644 --- a/mutt-1.5.19-opennfs.dif +++ b/mutt-1.5.19-opennfs.dif @@ -1,7 +1,5 @@ -Index: Makefile.am -=================================================================== ---- Makefile.am.orig -+++ Makefile.am +--- Makefile.am ++++ Makefile.am 2009-03-02 23:00:00.000000000 +0000 @@ -23,7 +23,7 @@ mutt_SOURCES = \ edit.c enter.c flags.c init.c filter.c from.c \ getdomain.c group.c \ @@ -20,10 +18,8 @@ Index: Makefile.am pgpring_LDADD = @LIBOBJS@ $(INTLLIBS) pgpring_DEPENDENCIES = @LIBOBJS@ $(INTLDEPS) -Index: Makefile.in -=================================================================== ---- Makefile.in.orig -+++ Makefile.in +--- Makefile.in ++++ Makefile.in 2009-03-03 16:00:38.000000000 +0000 @@ -77,7 +77,7 @@ am_mutt_OBJECTS = addrbook.$(OBJEXT) ali hash.$(OBJEXT) hdrline.$(OBJEXT) headers.$(OBJEXT) \ help.$(OBJEXT) hook.$(OBJEXT) keymap.$(OBJEXT) main.$(OBJEXT) \ @@ -51,10 +47,8 @@ Index: Makefile.in postpone.c query.c recvattach.c recvcmd.c \ rfc822.c rfc1524.c rfc2047.c rfc2231.c rfc3676.c \ score.c send.c sendlib.c signal.c sort.c \ -Index: lib.c -=================================================================== ---- lib.c.orig -+++ lib.c +--- lib.c ++++ lib.c 2009-03-02 23:00:00.000000000 +0000 @@ -50,6 +50,7 @@ #define EX_OK 0 #endif @@ -83,10 +77,8 @@ Index: lib.c /* make sure the file is not symlink */ if (lstat (path, &osb) < 0 || fstat (fd, &nsb) < 0 || compare_stat(&osb, &nsb) == -1) -Index: mbox.c -=================================================================== ---- mbox.c.orig -+++ mbox.c +--- mbox.c ++++ mbox.c 2009-03-02 23:00:00.000000000 +0000 @@ -767,7 +767,7 @@ int mbox_sync_mailbox (CONTEXT *ctx, int /* Create a temporary file to write the new version of the mailbox in. */ @@ -96,10 +88,8 @@ Index: mbox.c (fp = fdopen (i, "w")) == NULL) { if (-1 != i) -Index: mh.c -=================================================================== ---- mh.c.orig -+++ mh.c +--- mh.c ++++ mh.c 2009-03-02 23:00:00.000000000 +0000 @@ -252,7 +252,11 @@ static int mh_mkstemp (CONTEXT * dest, F { snprintf (path, _POSIX_PATH_MAX, "%s/.mutt-%s-%d-%d", @@ -125,20 +115,16 @@ Index: mh.c { if (errno != EEXIST) { -Index: mutt.h -=================================================================== ---- mutt.h.orig -+++ mutt.h +--- mutt.h ++++ mutt.h 2009-03-02 23:00:00.000000000 +0000 @@ -968,4 +968,5 @@ typedef struct #include "lib.h" #include "globals.h" +extern int opennfs(const char *, int, int); #endif /*MUTT_H*/ -Index: opennfs.c -=================================================================== ---- /dev/null -+++ opennfs.c +--- opennfs.c ++++ opennfs.c 2009-03-02 23:00:00.000000000 +0000 @@ -0,0 +1,122 @@ +#include +#include @@ -262,10 +248,8 @@ Index: opennfs.c + if (clear) free(clear); + return open(path, flags, mode); +} -Index: sendlib.c -=================================================================== ---- sendlib.c.orig -+++ sendlib.c +--- sendlib.c ++++ sendlib.c 2009-03-02 23:00:00.000000000 +0000 @@ -2122,7 +2122,7 @@ send_msg (const char *path, char **args, if (SendmailWait >= 0 && tempfile && *tempfile) { diff --git a/mutt-1.5.20-bnc537141.dif b/mutt-1.5.20-bnc537141.dif index 00d524c..9e36073 100644 --- a/mutt-1.5.20-bnc537141.dif +++ b/mutt-1.5.20-bnc537141.dif @@ -1,5 +1,5 @@ --- mutt_ssl.c -+++ mutt_ssl.c 2009-09-09 14:13:19.600635937 +0200 ++++ mutt_ssl.c 2009-11-25 12:48:35.000000000 +0000 @@ -681,7 +681,8 @@ static int check_host (X509 *x509cert, c subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i); if (subj_alt_name->type == GEN_DNS) @@ -21,3 +21,54 @@ } if (!match_found) +@@ -745,6 +748,7 @@ static int ssl_cache_trusted_cert (X509 + static int ssl_check_preauth (X509 *cert, const char* host) + { + char buf[SHORT_STRING]; ++ int trusted = 0; + + /* check session cache first */ + if (check_certificate_cache (cert)) +@@ -753,6 +757,13 @@ static int ssl_check_preauth (X509 *cert + return 1; + } + ++ /* automatic check from user's database */ ++ if (SslCertFile && check_certificate_by_digest (cert)) ++ { ++ dprint (2, (debugfile, "ssl_check_preauth: digest check passed\n")); ++ trusted++; ++ } ++ + buf[0] = 0; + if (host && option (OPTSSLVERIFYHOST) != M_NO) + { +@@ -760,24 +771,20 @@ static int ssl_check_preauth (X509 *cert + { + mutt_error (_("Certificate host check failed: %s"), buf); + mutt_sleep (2); +- return -1; ++ if (!trusted) /* don't fail if cert is manually trusted */ ++ return -1; + } + dprint (2, (debugfile, "ssl_check_preauth: hostname check passed\n")); + } + ++ if (trusted) return 1; ++ + if (check_certificate_by_signer (cert)) + { + dprint (2, (debugfile, "ssl_check_preauth: signer check passed\n")); + return 1; + } + +- /* automatic check from user's database */ +- if (SslCertFile && check_certificate_by_digest (cert)) +- { +- dprint (2, (debugfile, "ssl_check_preauth: digest check passed\n")); +- return 1; +- } +- + return 0; + } + diff --git a/mutt.changes b/mutt.changes index e135a19..d3e75d8 100644 --- a/mutt.changes +++ b/mutt.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Nov 25 13:55:43 CET 2009 - werner@suse.de + +- Update for bnc#537141: do not add certificates with wrong hosts + ------------------------------------------------------------------- Tue Nov 3 19:09:32 UTC 2009 - coolo@novell.com diff --git a/mutt.spec b/mutt.spec index 6b53572..20ae763 100644 --- a/mutt.spec +++ b/mutt.spec @@ -32,7 +32,7 @@ Requires: smtp_daemon #Requires: desktop-data-SuSE AutoReqProv: on Version: 1.5.20 -Release: 4 +Release: 5 Summary: Mail Program # ftp://ftp.mutt.org/mutt/devel/ Source0: %name-%version.tar.bz2 diff --git a/patch-1.5.20.sidebar.20090619.txt.bz2 b/patch-1.5.20.sidebar.20090619.txt.bz2 index ae7350b..15a1f9c 100644 --- a/patch-1.5.20.sidebar.20090619.txt.bz2 +++ b/patch-1.5.20.sidebar.20090619.txt.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ce80c95f83db56f636ef913da0093abe479691f1c21c12f9088f021e638884e5 -size 11882 +oid sha256:a8147c7c7377dc4aacbeb072d2a31ba2a246e795cd1d317a7c8a9100a0f5adc9 +size 12438