diff --git a/CVE-2019-19977.patch b/CVE-2019-19977.patch deleted file mode 100644 index 90c8b97..0000000 --- a/CVE-2019-19977.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 9fc96e9f52b6b8ca67463289cde6d50b3d5911f9 Mon Sep 17 00:00:00 2001 -From: liaichun -Date: Mon, 20 Apr 2020 14:35:35 +0800 -Subject: [PATCH] remove ntlm_build_type_2 to fix CVE-2019-19977 - ---- - ntlm/ntlm.h | 2 -- - ntlm/ntlmstruct.c | 32 -------------------------------- - 2 files changed, 34 deletions(-) - -diff --git a/ntlm/ntlm.h b/ntlm/ntlm.h -index 50a49d6..d5dae83 100644 ---- a/ntlm/ntlm.h -+++ b/ntlm/ntlm.h -@@ -35,8 +35,6 @@ void ntlm_responses (unsigned char *lm_resp, unsigned char *nt_resp, - - size_t ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags, - const char *domain, const char *workstation); --size_t ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags, -- const unsigned char *nonce, const char *domain); - size_t ntlm_build_type_3 (char *buf, size_t buflen, - unsigned int flags, - const unsigned char *lm_resp, -diff --git a/ntlm/ntlmstruct.c b/ntlm/ntlmstruct.c -index dfb80de..3167da7 100644 ---- a/ntlm/ntlmstruct.c -+++ b/ntlm/ntlmstruct.c -@@ -218,38 +218,6 @@ ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags, - return offset; - } - --/* Build a NTLM type 2 structure in the buffer */ --size_t --ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags, -- const unsigned char *nonce, const char *domain) --{ -- size_t offset = T2SIZE; -- size_t len; -- char string[256]; -- unsigned char *up; -- -- if (buflen < offset) -- return 0; -- memcpy (buf, NTLMSSP, 8); -- write_uint32 (buf, MSGTYPE, 2); -- up = NULL; -- len = 0; -- if (domain != NULL) -- { -- len = strlen (domain); -- if (offset + 2 * len > buflen) -- return 0; -- up = nt_unicode (lm_uccpy (string, len, domain), 2 * len); -- } -- write_string (buf, T2AUTHTARGET, &offset, up, len); -- if (up != NULL) -- free (up); -- write_uint32 (buf, T2FLAGS, flags); -- memcpy (buf + T2NONCE, nonce, 8); -- memset (buf + T2RESERVED, 0, 8); -- return offset; --} -- - /* Build a NTLM type 3 structure in the buffer */ - size_t - ntlm_build_type_3 (char *buf, size_t buflen, unsigned int flags, --- -1.8.3.1 - diff --git a/backport-add_ntlm.patch b/backport-add_ntlm.patch new file mode 100644 index 0000000..d30f80c --- /dev/null +++ b/backport-add_ntlm.patch @@ -0,0 +1,89 @@ +From 1c304e7886a08fb56485e41614ff3f8685afb59d Mon Sep 17 00:00:00 2001 +From: Jiaqing Zhao +Date: Tue, 8 Mar 2022 15:05:32 +0000 +Subject: [PATCH] Add build option for NTLM support + +Currently, NTLM plugin is built by default when openssl is available +and STARTTLS is enabled. But in libesmtp 1.0.6, there is a separate +build option. This commits adds the 'ntlm' option back. It's also +disabled by default. + +Like 1.0.6, it will check openssl MD4 algorithm support as MD4 is +insecure and modern systems may drop MD4 support. + +Signed-off-by: Jiaqing Zhao + +Reference:https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d +Conflict:NA + +--- + meson.build | 13 ++++++++++--- + meson_options.txt | 1 + + ntlm/meson.build | 2 +- + 3 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/meson.build b/meson.build +index 11d6ed8..d2a0e06 100644 +--- a/meson.build ++++ b/meson.build +@@ -61,6 +61,7 @@ add_project_arguments(cc.get_supported_arguments(cflags), language: 'c') + ################################################################################ + dldep = cc.find_library('dl') + ssldep = dependency('openssl', version : '>=1.1.0', required : get_option('tls')) ++ntlmdep = dependency('openssl', version : '>=1.1.0', required : get_option('ntlm')) + threaddep = dependency('threads', required : get_option('pthreads')) + + #XXX add test for libbind9.so +@@ -69,6 +70,7 @@ lwresdep = cc.find_library('lwres', required : get_option('lwres')) + deps = [ + dldep, + ssldep, ++ ntlmdep, + threaddep, + lwresdep, + ] +@@ -237,8 +239,12 @@ include_dir = include_directories('.') + subdir('login') + subdir('plain') + subdir('crammd5') +-if ssldep.found() +- subdir('ntlm') ++if ntlmdep.found() ++ if cc.has_header('openssl/md4.h') and cc.has_function('MD4_Init', dependencies : ntlmdep) ++ subdir('ntlm') ++ else ++ error('MD4 is not supported in current openssl, unable to build NTLM plugin') ++ endif + endif + + ################################################################################ +@@ -264,4 +270,5 @@ summary({'current:revision:age': libesmtp_cra, + 'STARTTLS': ssldep.found(), + 'CHUNKING': get_option('bdat'), + 'ETRN': get_option('etrn'), +- 'XUSR': get_option('xusr')}) ++ 'XUSR': get_option('xusr'), ++ 'NTLM': ntlmdep.found()}) +diff --git a/meson_options.txt b/meson_options.txt +index 8375e2c..158f38f 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -5,3 +5,4 @@ option('lwres', type : 'feature', value : 'disabled', description : 'use lwres l + option('bdat', type : 'boolean', value : 'true', description : 'enable SMTP BDAT extension') + option('etrn', type : 'boolean', value : 'true', description : 'enable SMTP ETRN extension') + option('xusr', type : 'boolean', value : 'true', description : 'enable sendmail XUSR extension') ++option('ntlm', type : 'feature', value : 'disabled', description : 'build with support for NTLM authentication') +diff --git a/ntlm/meson.build b/ntlm/meson.build +index e0eef58..11d7f58 100644 +--- a/ntlm/meson.build ++++ b/ntlm/meson.build +@@ -5,7 +5,7 @@ sasl_ntlm_sources = [ + 'ntlmstruct.c', + ] + +-ntlm_deps = [ ssldep, ] ++ntlm_deps = [ ntlmdep, ] + + sasl_ntlm = shared_module('ntlm', sasl_ntlm_sources, + name_prefix : 'sasl-', + diff --git a/libesmtp-1.0.6-openssl-1.1.patch b/libesmtp-1.0.6-openssl-1.1.patch deleted file mode 100644 index 53e32c5..0000000 --- a/libesmtp-1.0.6-openssl-1.1.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 556f220..2c0693d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -303,7 +303,7 @@ if test x$with_openssl != xno ; then - ) - fi - if test x$with_openssl != xno ; then -- AC_CHECK_LIB(ssl, SSL_library_init, [ -+ AC_CHECK_LIB(ssl, SSL_new, [ - with_openssl=yes - LIBS="-lssl -lcrypto $LIBS" - ], [ - diff --git a/libesmtp-1.0.6.tar.bz2 b/libesmtp-1.0.6.tar.bz2 deleted file mode 100644 index a6fb659..0000000 Binary files a/libesmtp-1.0.6.tar.bz2 and /dev/null differ diff --git a/libesmtp-1.1.0.tar.gz b/libesmtp-1.1.0.tar.gz new file mode 100644 index 0000000..87882c1 Binary files /dev/null and b/libesmtp-1.1.0.tar.gz differ diff --git a/libesmtp.spec b/libesmtp.spec index 3129ac4..aed9957 100644 --- a/libesmtp.spec +++ b/libesmtp.spec @@ -1,16 +1,15 @@ -%define plugindir %{_libdir}/esmtp-plugins +%define so_ver 6.2.0 Name: libesmtp -Version: 1.0.6 -Release: 20 +Version: 1.1.0 +Release: 1 Summary: A library for posting electronic mail License: LGPLv2+ -URL: https://www.stafford.uklinux.net/%{name}/ -Source: https://pkgs.fedoraproject.org/repo/pkgs/libesmtp/libesmtp-1.0.6.tar.bz2/bf3915e627fd8f35524a8fdfeed979c8/libesmtp-1.0.6.tar.bz2 -Patch0: libesmtp-1.0.6-openssl-1.1.patch -Patch1: CVE-2019-19977.patch -BuildRequires: gcc openssl-devel pkgconfig autoconf automake libtool +URL: https://libesmtp.github.io/ +Source: https://github.com/libesmtp/libESMTP/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch0: backport-add_ntlm.patch +BuildRequires: gcc openssl-devel pkgconfig meson >= 0.50.0 libtool %description %{name} is an SMTP client which manages posting (or submission of) electronic @@ -30,35 +29,11 @@ applications that want to make use of %{name}. %package_help %prep -%autosetup -n %{name}-%{version} -p1 - -autoreconf -fi - -chmod a-x htable.c +%autosetup -n libESMTP-%{version} -p1 %build - -if pkg-config openssl ; then - export CFLAGS="$CFLAGS $RPM_OPT_FLAGS `pkg-config --cflags openssl`" - export LDFLAGS="$LDFLAGS `pkg-config --libs-only-L openssl`" -fi -%configure --with-auth-plugin-dir=%{plugindir} --enable-pthreads \ - --enable-require-all-recipients --enable-debug \ - --enable-etrn --disable-isoc --disable-more-warnings -make %{?_smp_mflags} -cat << "EOF" > %{name}.pc -prefix=%{_prefix} -exec_prefix=%{_prefix} -libdir=%{_libdir} -includedir=%{_includedir} - -Name: libESMTP -Version: %{version} -Description: SMTP client library. -Requires: openssl -Libs: -pthread -L${libdir} -lesmtp -Cflags: -EOF +%meson +%meson_build cat << "EOF" > %{name}-config #! /bin/sh @@ -66,8 +41,8 @@ exec pkg-config "$@" libesmtp EOF %install -%make_install -install -p -m 644 -D %{name}.pc %{buildroot}%{_libdir}/pkgconfig/%{name}.pc +%meson_install +install -p -m 755 -D %{name}-config %{buildroot}%{_bindir}/%{name}-config %delete_la @@ -75,25 +50,29 @@ install -p -m 644 -D %{name}.pc %{buildroot}%{_libdir}/pkgconfig/%{name}.pc %files %defattr(-,root,root) -%license COPYING COPYING.LIB -%doc AUTHORS -%{_libdir}/%{name}.so.* -%{plugindir} +%license LICENSE +%{_libdir}/esmtp-plugins-%{so_ver} +%{_libdir}/libesmtp.so.%{so_ver} %files devel %defattr(-,root,root) %doc examples %{_bindir}/%{name}-config %{_libdir}/%{name}.so -%{_libdir}/pkgconfig/%{name}.pc -%{_libdir}/%{name}.a +%{_libdir}/pkgconfig/libesmtp-1.0.pc %{_prefix}/include/*.h %files help %defattr(-,root,root) -%doc NEWS Notes README +%doc README.md docs/* %changelog +* Fri Aug 04 2023 xingwei - 1.1.0-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC:update libesmtp to 1.1.0 + * Fri Sep 11 2020 lunankun - 1.0.6-20 - Type:bugfix - ID:NA