diff options
author | tm <tm@pkgsrc.org> | 2021-03-18 22:05:56 +0000 |
---|---|---|
committer | tm <tm@pkgsrc.org> | 2021-03-18 22:05:56 +0000 |
commit | c4a900a13235c3bf701c15047c77f9c8777e52b1 (patch) | |
tree | 866f77697382777db726a9d64fe8a13960d80a55 | |
parent | a333a8a69e1624b0489cf02d89b806565116390c (diff) | |
download | pkgsrc-c4a900a13235c3bf701c15047c77f9c8777e52b1.tar.gz |
mail/up-imappproxy: add patch to verify hostname on tls connection
Patch provided from OpenBSD and reported by Stuart Henderson
-rw-r--r-- | mail/up-imappproxy/Makefile | 4 | ||||
-rw-r--r-- | mail/up-imappproxy/distinfo | 3 | ||||
-rw-r--r-- | mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c | 39 |
3 files changed, 43 insertions, 3 deletions
diff --git a/mail/up-imappproxy/Makefile b/mail/up-imappproxy/Makefile index 1cfb2d12853..f9797f1bf6c 100644 --- a/mail/up-imappproxy/Makefile +++ b/mail/up-imappproxy/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2020/05/02 19:16:15 rillig Exp $ +# $NetBSD: Makefile,v 1.4 2021/03/18 22:05:56 tm Exp $ VERSION= 1.2.8 PKGNAME= up-imapproxy-${VERSION} -PKGREVISION= 1 +PKGREVISION= 2 DISTNAME= up-imapproxy_${VERSION}~svn20171105.orig CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_DEBIAN:=pool/main/u/up-imapproxy/} diff --git a/mail/up-imappproxy/distinfo b/mail/up-imappproxy/distinfo index 4d25db71dc5..24b084d9b45 100644 --- a/mail/up-imappproxy/distinfo +++ b/mail/up-imappproxy/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2020/05/02 00:38:10 mef Exp $ +$NetBSD: distinfo,v 1.5 2021/03/18 22:05:56 tm Exp $ SHA1 (up-imapproxy_1.2.8~svn20171105.orig.tar.bz2) = 85e76717b0d2f790e366b7516cc567fc551c9cc6 RMD160 (up-imapproxy_1.2.8~svn20171105.orig.tar.bz2) = dac57dcea68c333f6b05942c99fb8d0bfd0b7808 @@ -14,6 +14,7 @@ SHA1 (patch-fix-size_t-formatters-imapcommon.c) = 23ea515f680105864dd5c8381acdcf SHA1 (patch-fix-socklen_t-types-main.c) = d9ec2c92ecfee08c54c6e28a6a15dfc6730eeffd SHA1 (patch-fix-socklen_t-types-request.c) = 99cd03e88f7885bebc766be9d2d14958ffd45be6 SHA1 (patch-fix-ssl-types) = 2f32060a7ab8922dd038e07f20da6d4240c2bdb0 +SHA1 (patch-fix-verify-hostname-imapcommon.c) = 682355e3997367de2b918f455cdd6cc7c8edb4f8 SHA1 (patch-openssl-1.1-imapcommon.c) = 69fca63f349fc4c2c11169936136e4611d496901 SHA1 (patch-openssl-1.1-main.c) = fe2d2eab38a872dd55f0f1cf965e50bd9e501022 SHA1 (patch-remove-install-chown) = e3811e13fa3fe89dc7d58162a3dcde9a57527be2 diff --git a/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c b/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c new file mode 100644 index 00000000000..f7339eed043 --- /dev/null +++ b/mail/up-imappproxy/patches/patch-fix-verify-hostname-imapcommon.c @@ -0,0 +1,39 @@ +Fix TLS verification to set hostname. + +Patch from OpenBSD +Reported by Stuart Henderson + +--- src/imapcommon.c.orig ++++ src/imapcommon.c +@@ -169,6 +169,7 @@ extern ProxyConfig_Struct PC_Struct; + static int send_queued_preauth_commands( char *, ITD_Struct * ); + + #if HAVE_LIBSSL ++#include <openssl/x509v3.h> + extern SSL_CTX *tls_ctx; + + /*++ +@@ -369,6 +370,7 @@ extern void UnLockMutex( pthread_mutex_t *mutex ) + extern int Attempt_STARTTLS( ITD_Struct *Server ) + { + char *fn = "Attempt_STARTTLS()"; ++ X509_VERIFY_PARAM *param = NULL; + + unsigned int BufLen = BUFSIZE - 1; + char SendBuf[BUFSIZE]; +@@ -467,6 +469,15 @@ extern int Attempt_STARTTLS( ITD_Struct *Server ) + { + syslog(LOG_INFO, + "STARTTLS failed: SSL_set_fd() failed: %d", ++ SSL_get_error( Server->conn->tls, rc ) ); ++ goto fail; ++ } ++ ++ param = SSL_get0_param(Server->conn->tls); ++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ++ if (!X509_VERIFY_PARAM_set1_host(param, PC_Struct.server_hostname, 0)) { ++ syslog(LOG_INFO, ++ "STARTTLS failed: X509_VERIFY_PARAM_set1_host() failed: %d", + SSL_get_error( Server->conn->tls, rc ) ); + goto fail; + } |