update libesmtp to 1.1.0

2023-08-04 06:29:44 +00:00 · 2023-08-04 06:29:44 +00:00 · 9ce978f339
commit 9ce978f339
parent bafa1f3ff8
6 changed files with 112 additions and 127 deletions
--- a/CVE-2019-19977.patch
+++ b/CVE-2019-19977.patch
@ -1,69 +0,0 @@
-From 9fc96e9f52b6b8ca67463289cde6d50b3d5911f9 Mon Sep 17 00:00:00 2001
-From: liaichun <liaichun@huawei.com>
-Date: Mon, 20 Apr 2020 14:35:35 +0800
-Subject: [PATCH] remove ntlm_build_type_2 to fix CVE-2019-19977
-
---
- ntlm/ntlm.h       |  2 --
- ntlm/ntlmstruct.c | 32 --------------------------------
- 2 files changed, 34 deletions(-)
-
-diff --git a/ntlm/ntlm.h b/ntlm/ntlm.h
-index 50a49d6..d5dae83 100644
--- a/ntlm/ntlm.h
-+++ b/ntlm/ntlm.h
-@@ -35,8 +35,6 @@ void ntlm_responses (unsigned char *lm_resp, unsigned char *nt_resp,
- 
- size_t ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags,
- 			  const char *domain, const char *workstation);
-size_t ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags,
-			  const unsigned char *nonce, const char *domain);
- size_t ntlm_build_type_3 (char *buf, size_t buflen,
- 			  unsigned int flags,
- 			  const unsigned char *lm_resp,
-diff --git a/ntlm/ntlmstruct.c b/ntlm/ntlmstruct.c
-index dfb80de..3167da7 100644
--- a/ntlm/ntlmstruct.c
-+++ b/ntlm/ntlmstruct.c
-@@ -218,38 +218,6 @@ ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags,
-   return offset;
- }
- 
-/* Build a NTLM type 2 structure in the buffer */
-size_t
-ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags,
-                   const unsigned char *nonce, const char *domain)
-{
-  size_t offset = T2SIZE;
-  size_t len;
-  char string[256];
-  unsigned char *up;
-
-  if (buflen < offset)
-    return 0;
-  memcpy (buf, NTLMSSP, 8);
-  write_uint32 (buf, MSGTYPE, 2);
-  up = NULL;
-  len = 0;
-  if (domain != NULL)
-    {
-      len = strlen (domain);
-      if (offset + 2 * len > buflen)
-	return 0;
-      up = nt_unicode (lm_uccpy (string, len, domain), 2 * len);
-    }
-  write_string (buf, T2AUTHTARGET, &offset, up, len);
-  if (up != NULL)
-    free (up);
-  write_uint32 (buf, T2FLAGS, flags);
-  memcpy (buf + T2NONCE, nonce, 8);
-  memset (buf + T2RESERVED, 0, 8);
-  return offset;
-}
-
- /* Build a NTLM type 3 structure in the buffer */
- size_t
- ntlm_build_type_3 (char *buf, size_t buflen, unsigned int flags,
-- 
-1.8.3.1
-
--- a/backport-add_ntlm.patch
+++ b/backport-add_ntlm.patch
@ -0,0 +1,89 @@
+From 1c304e7886a08fb56485e41614ff3f8685afb59d Mon Sep 17 00:00:00 2001
+From: Jiaqing Zhao <jiaqing.zhao@intel.com>
+Date: Tue, 8 Mar 2022 15:05:32 +0000
+Subject: [PATCH] Add build option for NTLM support
+
+Currently, NTLM plugin is built by default when openssl is available
+and STARTTLS is enabled. But in libesmtp 1.0.6, there is a separate
+build option. This commits adds the 'ntlm' option back. It's also
+disabled by default.
+
+Like 1.0.6, it will check openssl MD4 algorithm support as MD4 is
+insecure and modern systems may drop MD4 support.
+
+Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
+
+Reference:https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d
+Conflict:NA
+
+---
+ meson.build       | 13 ++++++++++---
+ meson_options.txt |  1 +
+ ntlm/meson.build  |  2 +-
+ 3 files changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 11d6ed8..d2a0e06 100644
+--- a/meson.build
+++ b/meson.build
+@@ -61,6 +61,7 @@ add_project_arguments(cc.get_supported_arguments(cflags), language: 'c')
+ ################################################################################
+ dldep = cc.find_library('dl')
+ ssldep = dependency('openssl', version : '>=1.1.0', required : get_option('tls'))
+ntlmdep = dependency('openssl', version : '>=1.1.0', required : get_option('ntlm'))
+ threaddep = dependency('threads', required : get_option('pthreads'))
+ 
+ #XXX add test for libbind9.so
+@@ -69,6 +70,7 @@ lwresdep = cc.find_library('lwres', required : get_option('lwres'))
+ deps = [
+   dldep,
+   ssldep,
+  ntlmdep,
+   threaddep,
+   lwresdep,
+ ]
+@@ -237,8 +239,12 @@ include_dir = include_directories('.')
+ subdir('login')
+ subdir('plain')
+ subdir('crammd5')
+-if ssldep.found()
+-  subdir('ntlm')
+if ntlmdep.found()
+  if cc.has_header('openssl/md4.h') and cc.has_function('MD4_Init', dependencies : ntlmdep)
+    subdir('ntlm')
+  else
+    error('MD4 is not supported in current openssl, unable to build NTLM plugin')
+  endif
+ endif
+ 
+ ################################################################################
+@@ -264,4 +270,5 @@ summary({'current:revision:age': libesmtp_cra,
+ 	 'STARTTLS': ssldep.found(),
+ 	 'CHUNKING': get_option('bdat'),
+ 	 'ETRN': get_option('etrn'),
+-	 'XUSR': get_option('xusr')})
+	 'XUSR': get_option('xusr'),
+	 'NTLM': ntlmdep.found()})
+diff --git a/meson_options.txt b/meson_options.txt
+index 8375e2c..158f38f 100644
+--- a/meson_options.txt
+++ b/meson_options.txt
+@@ -5,3 +5,4 @@ option('lwres', type : 'feature', value : 'disabled', description : 'use lwres l
+ option('bdat', type : 'boolean', value : 'true', description : 'enable SMTP BDAT extension')
+ option('etrn', type : 'boolean', value : 'true', description : 'enable SMTP ETRN extension')
+ option('xusr', type : 'boolean', value : 'true', description : 'enable sendmail XUSR extension')
+option('ntlm', type : 'feature', value : 'disabled', description : 'build with support for NTLM authentication')
+diff --git a/ntlm/meson.build b/ntlm/meson.build
+index e0eef58..11d7f58 100644
+--- a/ntlm/meson.build
+++ b/ntlm/meson.build
+@@ -5,7 +5,7 @@ sasl_ntlm_sources = [
+   'ntlmstruct.c',
+ ]
+ 
+-ntlm_deps = [ ssldep, ]
+ntlm_deps = [ ntlmdep, ]
+ 
+ sasl_ntlm = shared_module('ntlm', sasl_ntlm_sources,
+ 			  name_prefix : 'sasl-',
+
--- a/libesmtp-1.0.6-openssl-1.1.patch
+++ b/libesmtp-1.0.6-openssl-1.1.patch
@ -1,14 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 556f220..2c0693d 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -303,7 +303,7 @@ if test x$with_openssl != xno ; then
- 	)
- fi
- if test x$with_openssl != xno ; then
-	AC_CHECK_LIB(ssl, SSL_library_init, [
-+	AC_CHECK_LIB(ssl, SSL_new, [
- 				with_openssl=yes
- 				LIBS="-lssl -lcrypto $LIBS"
- 		     ], [
-
--- a/libesmtp-1.0.6.tar.bz2
+++ b/libesmtp-1.0.6.tar.bz2
--- a/libesmtp-1.1.0.tar.gz
+++ b/libesmtp-1.1.0.tar.gz
--- a/libesmtp.spec
+++ b/libesmtp.spec
@ -1,16 +1,15 @@
-%define plugindir %{_libdir}/esmtp-plugins
+%define so_ver 6.2.0

 Name:           libesmtp
-Version:        1.0.6
-Release:        20
+Version:        1.1.0
+Release:        1
 Summary:        A library for posting electronic mail
 License:        LGPLv2+

-URL:            https://www.stafford.uklinux.net/%{name}/
-Source:         https://pkgs.fedoraproject.org/repo/pkgs/libesmtp/libesmtp-1.0.6.tar.bz2/bf3915e627fd8f35524a8fdfeed979c8/libesmtp-1.0.6.tar.bz2
-Patch0:         libesmtp-1.0.6-openssl-1.1.patch
-Patch1:         CVE-2019-19977.patch
-BuildRequires:  gcc openssl-devel pkgconfig autoconf automake libtool
+URL:            https://libesmtp.github.io/
+Source:         https://github.com/libesmtp/libESMTP/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         backport-add_ntlm.patch
+BuildRequires:  gcc openssl-devel pkgconfig meson >= 0.50.0 libtool

 %description
 %{name} is an SMTP client which manages posting (or submission of) electronic
@ -30,35 +29,11 @@ applications that want to make use of %{name}.
 %package_help

 %prep
-%autosetup -n %{name}-%{version} -p1
-
-autoreconf -fi
-
-chmod a-x htable.c
+%autosetup -n libESMTP-%{version} -p1

 %build
-
-if pkg-config openssl ; then
-  export CFLAGS="$CFLAGS $RPM_OPT_FLAGS `pkg-config --cflags openssl`"
-  export LDFLAGS="$LDFLAGS `pkg-config --libs-only-L openssl`"
-fi
-%configure --with-auth-plugin-dir=%{plugindir} --enable-pthreads \
-  --enable-require-all-recipients --enable-debug \
-  --enable-etrn --disable-isoc --disable-more-warnings
-make %{?_smp_mflags}
-cat << "EOF" > %{name}.pc
-prefix=%{_prefix}
-exec_prefix=%{_prefix}
-libdir=%{_libdir}
-includedir=%{_includedir}
-
-Name:		 libESMTP
-Version: 	 %{version}
-Description:	 SMTP client library.
-Requires:	 openssl
-Libs:		 -pthread -L${libdir} -lesmtp
-Cflags:
-EOF
+%meson
+%meson_build

 cat << "EOF" > %{name}-config
 #! /bin/sh
@ -66,8 +41,8 @@ exec pkg-config "$@" libesmtp
 EOF

 %install
-%make_install
-install -p -m 644 -D %{name}.pc %{buildroot}%{_libdir}/pkgconfig/%{name}.pc
+%meson_install
+install -p -m 755 -D %{name}-config %{buildroot}%{_bindir}/%{name}-config

 %delete_la

@ -75,25 +50,29 @@ install -p -m 644 -D %{name}.pc %{buildroot}%{_libdir}/pkgconfig/%{name}.pc

 %files
 %defattr(-,root,root)
-%license COPYING COPYING.LIB
-%doc AUTHORS
-%{_libdir}/%{name}.so.*
-%{plugindir}
+%license LICENSE
+%{_libdir}/esmtp-plugins-%{so_ver}
+%{_libdir}/libesmtp.so.%{so_ver}

 %files devel
 %defattr(-,root,root)
 %doc examples
 %{_bindir}/%{name}-config
 %{_libdir}/%{name}.so
-%{_libdir}/pkgconfig/%{name}.pc
-%{_libdir}/%{name}.a
+%{_libdir}/pkgconfig/libesmtp-1.0.pc
 %{_prefix}/include/*.h

 %files help
 %defattr(-,root,root)
-%doc NEWS Notes README
+%doc README.md docs/*

 %changelog
+* Fri Aug 04 2023 xingwei <xingwei14@h-partners.com> - 1.1.0-1
+- Type:requirements
+- ID:NA
+- SUG:NA
+- DESC:update libesmtp to 1.1.0
+
 * Fri Sep 11 2020 lunankun <lunankun@huawei.com> - 1.0.6-20
 - Type:bugfix
 - ID:NA