CVS commit: pkgsrc/mail/up-imappproxy

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail/up-imappproxy
From: "Thomas Merkel" <tm%netbsd.org@localhost>
Date: Thu, 18 Mar 2021 22:05:56 +0000

Module Name:    pkgsrc
Committed By:   tm
Date:           Thu Mar 18 22:05:56 UTC 2021

Modified Files:
        pkgsrc/mail/up-imappproxy: Makefile distinfo
Added Files:
        pkgsrc/mail/up-imappproxy/patches:
            patch-fix-verify-hostname-imapcommon.c

Log Message:
mail/up-imappproxy: add patch to verify hostname on tls connection

Patch provided from OpenBSD and reported by Stuart Henderson


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/mail/up-imappproxy/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/mail/up-imappproxy/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/up-imappproxy/Makefile
diff -u pkgsrc/mail/up-imappproxy/Makefile:1.3 pkgsrc/mail/up-imappproxy/Makefile:1.4
--- pkgsrc/mail/up-imappproxy/Makefile:1.3      Sat May  2 19:16:15 2020
+++ pkgsrc/mail/up-imappproxy/Makefile  Thu Mar 18 22:05:56 2021
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2020/05/02 19:16:15 rillig Exp $
+# $NetBSD: Makefile,v 1.4 2021/03/18 22:05:56 tm Exp $
 
 VERSION=       1.2.8
 PKGNAME=       up-imapproxy-${VERSION}
-PKGREVISION=   1
+PKGREVISION=   2
 DISTNAME=      up-imapproxy_${VERSION}~svn20171105.orig
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_DEBIAN:=pool/main/u/up-imapproxy/}

Index: pkgsrc/mail/up-imappproxy/distinfo
diff -u pkgsrc/mail/up-imappproxy/distinfo:1.4 pkgsrc/mail/up-imappproxy/distinfo:1.5
--- pkgsrc/mail/up-imappproxy/distinfo:1.4      Sat May  2 00:38:10 2020
+++ pkgsrc/mail/up-imappproxy/distinfo  Thu Mar 18 22:05:56 2021
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2020/05/02 00:38:10 mef Exp $
+$NetBSD: distinfo,v 1.5 2021/03/18 22:05:56 tm Exp $
 
 SHA1 (up-imapproxy_1.2.8~svn20171105.orig.tar.bz2) = 85e76717b0d2f790e366b7516cc567fc551c9cc6
 RMD160 (up-imapproxy_1.2.8~svn20171105.orig.tar.bz2) = dac57dcea68c333f6b05942c99fb8d0bfd0b7808
@@ -14,6 +14,7 @@ SHA1 (patch-fix-size_t-formatters-imapco
 SHA1 (patch-fix-socklen_t-types-main.c) = d9ec2c92ecfee08c54c6e28a6a15dfc6730eeffd
 SHA1 (patch-fix-socklen_t-types-request.c) = 99cd03e88f7885bebc766be9d2d14958ffd45be6
 SHA1 (patch-fix-ssl-types) = 2f32060a7ab8922dd038e07f20da6d4240c2bdb0
+SHA1 (patch-fix-verify-hostname-imapcommon.c) = 682355e3997367de2b918f455cdd6cc7c8edb4f8
 SHA1 (patch-openssl-1.1-imapcommon.c) = 69fca63f349fc4c2c11169936136e4611d496901
 SHA1 (patch-openssl-1.1-main.c) = fe2d2eab38a872dd55f0f1cf965e50bd9e501022
 SHA1 (patch-remove-install-chown) = e3811e13fa3fe89dc7d58162a3dcde9a57527be2

Added files:

Index: pkgsrc/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c
diff -u /dev/null pkgsrc/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c:1.1
--- /dev/null   Thu Mar 18 22:05:56 2021
+++ pkgsrc/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c    Thu Mar 18 22:05:56 2021
@@ -0,0 +1,39 @@
+Fix TLS verification to set hostname.
+
+Patch from OpenBSD
+Reported by Stuart Henderson
+
+--- src/imapcommon.c.orig
++++ src/imapcommon.c
+@@ -169,6 +169,7 @@ extern ProxyConfig_Struct PC_Struct;
+ static int send_queued_preauth_commands( char *, ITD_Struct * );
+ 
+ #if HAVE_LIBSSL
++#include <openssl/x509v3.h>
+ extern SSL_CTX *tls_ctx;
+ 
+ /*++
+@@ -369,6 +370,7 @@ extern void UnLockMutex( pthread_mutex_t *mutex )
+ extern int Attempt_STARTTLS( ITD_Struct *Server )
+ {
+     char *fn = "Attempt_STARTTLS()";
++    X509_VERIFY_PARAM *param = NULL;
+ 
+     unsigned int BufLen = BUFSIZE - 1;
+     char SendBuf[BUFSIZE];
+@@ -467,6 +469,15 @@ extern int Attempt_STARTTLS( ITD_Struct *Server )
+       {
+           syslog(LOG_INFO,
+                   "STARTTLS failed: SSL_set_fd() failed: %d",
++                  SSL_get_error( Server->conn->tls, rc ) );
++          goto fail;
++      }
++
++      param = SSL_get0_param(Server->conn->tls);
++      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++      if (!X509_VERIFY_PARAM_set1_host(param, PC_Struct.server_hostname, 0)) {
++          syslog(LOG_INFO,
++                  "STARTTLS failed: X509_VERIFY_PARAM_set1_host() failed: %d",
+                   SSL_get_error( Server->conn->tls, rc ) );
+           goto fail;
+       }

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index