summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortm <tm@pkgsrc.org>2021-03-18 22:05:56 +0000
committertm <tm@pkgsrc.org>2021-03-18 22:05:56 +0000
commitc4a900a13235c3bf701c15047c77f9c8777e52b1 (patch)
tree866f77697382777db726a9d64fe8a13960d80a55
parenta333a8a69e1624b0489cf02d89b806565116390c (diff)
downloadpkgsrc-c4a900a13235c3bf701c15047c77f9c8777e52b1.tar.gz
mail/up-imappproxy: add patch to verify hostname on tls connection
Patch provided from OpenBSD and reported by Stuart Henderson
-rw-r--r--mail/up-imappproxy/Makefile4
-rw-r--r--mail/up-imappproxy/distinfo3
-rw-r--r--mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c39
3 files changed, 43 insertions, 3 deletions
diff --git a/mail/up-imappproxy/Makefile b/mail/up-imappproxy/Makefile
index 1cfb2d12853..f9797f1bf6c 100644
--- a/mail/up-imappproxy/Makefile
+++ b/mail/up-imappproxy/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2020/05/02 19:16:15 rillig Exp $
+# $NetBSD: Makefile,v 1.4 2021/03/18 22:05:56 tm Exp $
VERSION= 1.2.8
PKGNAME= up-imapproxy-${VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
DISTNAME= up-imapproxy_${VERSION}~svn20171105.orig
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_DEBIAN:=pool/main/u/up-imapproxy/}
diff --git a/mail/up-imappproxy/distinfo b/mail/up-imappproxy/distinfo
index 4d25db71dc5..24b084d9b45 100644
--- a/mail/up-imappproxy/distinfo
+++ b/mail/up-imappproxy/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2020/05/02 00:38:10 mef Exp $
+$NetBSD: distinfo,v 1.5 2021/03/18 22:05:56 tm Exp $
SHA1 (up-imapproxy_1.2.8~svn20171105.orig.tar.bz2) = 85e76717b0d2f790e366b7516cc567fc551c9cc6
RMD160 (up-imapproxy_1.2.8~svn20171105.orig.tar.bz2) = dac57dcea68c333f6b05942c99fb8d0bfd0b7808
@@ -14,6 +14,7 @@ SHA1 (patch-fix-size_t-formatters-imapcommon.c) = 23ea515f680105864dd5c8381acdcf
SHA1 (patch-fix-socklen_t-types-main.c) = d9ec2c92ecfee08c54c6e28a6a15dfc6730eeffd
SHA1 (patch-fix-socklen_t-types-request.c) = 99cd03e88f7885bebc766be9d2d14958ffd45be6
SHA1 (patch-fix-ssl-types) = 2f32060a7ab8922dd038e07f20da6d4240c2bdb0
+SHA1 (patch-fix-verify-hostname-imapcommon.c) = 682355e3997367de2b918f455cdd6cc7c8edb4f8
SHA1 (patch-openssl-1.1-imapcommon.c) = 69fca63f349fc4c2c11169936136e4611d496901
SHA1 (patch-openssl-1.1-main.c) = fe2d2eab38a872dd55f0f1cf965e50bd9e501022
SHA1 (patch-remove-install-chown) = e3811e13fa3fe89dc7d58162a3dcde9a57527be2
diff --git a/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c b/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c
new file mode 100644
index 00000000000..f7339eed043
--- /dev/null
+++ b/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c
@@ -0,0 +1,39 @@
+Fix TLS verification to set hostname.
+
+Patch from OpenBSD
+Reported by Stuart Henderson
+
+--- src/imapcommon.c.orig
++++ src/imapcommon.c
+@@ -169,6 +169,7 @@ extern ProxyConfig_Struct PC_Struct;
+ static int send_queued_preauth_commands( char *, ITD_Struct * );
+
+ #if HAVE_LIBSSL
++#include <openssl/x509v3.h>
+ extern SSL_CTX *tls_ctx;
+
+ /*++
+@@ -369,6 +370,7 @@ extern void UnLockMutex( pthread_mutex_t *mutex )
+ extern int Attempt_STARTTLS( ITD_Struct *Server )
+ {
+ char *fn = "Attempt_STARTTLS()";
++ X509_VERIFY_PARAM *param = NULL;
+
+ unsigned int BufLen = BUFSIZE - 1;
+ char SendBuf[BUFSIZE];
+@@ -467,6 +469,15 @@ extern int Attempt_STARTTLS( ITD_Struct *Server )
+ {
+ syslog(LOG_INFO,
+ "STARTTLS failed: SSL_set_fd() failed: %d",
++ SSL_get_error( Server->conn->tls, rc ) );
++ goto fail;
++ }
++
++ param = SSL_get0_param(Server->conn->tls);
++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++ if (!X509_VERIFY_PARAM_set1_host(param, PC_Struct.server_hostname, 0)) {
++ syslog(LOG_INFO,
++ "STARTTLS failed: X509_VERIFY_PARAM_set1_host() failed: %d",
+ SSL_get_error( Server->conn->tls, rc ) );
+ goto fail;
+ }