update libesmtp to 1.1.0

2023-08-04 06:29:44 +00:00 · 2023-08-04 06:29:44 +00:00 · 9ce978f339
commit 9ce978f339
parent bafa1f3ff8
6 changed files with 112 additions and 127 deletions
--- a/CVE-2019-19977.patch
+++ b/CVE-2019-19977.patch
@ -1,69 +0,0 @@
 From 9fc96e9f52b6b8ca67463289cde6d50b3d5911f9 Mon Sep 17 00:00:00 2001
 From: liaichun <liaichun@huawei.com>
 Date: Mon, 20 Apr 2020 14:35:35 +0800
 Subject: [PATCH] remove ntlm_build_type_2 to fix CVE-2019-19977
 ---
 ntlm/ntlm.h       |  2 --
 ntlm/ntlmstruct.c | 32 --------------------------------
 2 files changed, 34 deletions(-)
 diff --git a/ntlm/ntlm.h b/ntlm/ntlm.h
 index 50a49d6..d5dae83 100644
 --- a/ntlm/ntlm.h
 +++ b/ntlm/ntlm.h
@@ -35,8 +35,6 @@ void ntlm_responses (unsigned char *lm_resp, unsigned char *nt_resp,
 size_t ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags,
 			  const char *domain, const char *workstation);
 -size_t ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags,
 -			  const unsigned char *nonce, const char *domain);
 size_t ntlm_build_type_3 (char *buf, size_t buflen,
 			  unsigned int flags,
 			  const unsigned char *lm_resp,
 diff --git a/ntlm/ntlmstruct.c b/ntlm/ntlmstruct.c
 index dfb80de..3167da7 100644
 --- a/ntlm/ntlmstruct.c
 +++ b/ntlm/ntlmstruct.c
@@ -218,38 +218,6 @@ ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags,
   return offset;
 }
 -/* Build a NTLM type 2 structure in the buffer */
 -size_t
 -ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags,
 -                   const unsigned char *nonce, const char *domain)
 -{
 -  size_t offset = T2SIZE;
 -  size_t len;
 -  char string[256];
 -  unsigned char *up;
 -
 -  if (buflen < offset)
 -    return 0;
 -  memcpy (buf, NTLMSSP, 8);
 -  write_uint32 (buf, MSGTYPE, 2);
 -  up = NULL;
 -  len = 0;
 -  if (domain != NULL)
 -    {
 -      len = strlen (domain);
 -      if (offset + 2 * len > buflen)
 -	return 0;
 -      up = nt_unicode (lm_uccpy (string, len, domain), 2 * len);
 -    }
 -  write_string (buf, T2AUTHTARGET, &offset, up, len);
 -  if (up != NULL)
 -    free (up);
 -  write_uint32 (buf, T2FLAGS, flags);
 -  memcpy (buf + T2NONCE, nonce, 8);
 -  memset (buf + T2RESERVED, 0, 8);
 -  return offset;
 -}
 -
 /* Build a NTLM type 3 structure in the buffer */
 size_t
 ntlm_build_type_3 (char *buf, size_t buflen, unsigned int flags,
 -- 
 1.8.3.1
--- a/backport-add_ntlm.patch
+++ b/backport-add_ntlm.patch
@ -0,0 +1,89 @@
 From 1c304e7886a08fb56485e41614ff3f8685afb59d Mon Sep 17 00:00:00 2001
 From: Jiaqing Zhao <jiaqing.zhao@intel.com>
 Date: Tue, 8 Mar 2022 15:05:32 +0000
 Subject: [PATCH] Add build option for NTLM support
 Currently, NTLM plugin is built by default when openssl is available
 and STARTTLS is enabled. But in libesmtp 1.0.6, there is a separate
 build option. This commits adds the 'ntlm' option back. It's also
 disabled by default.
 Like 1.0.6, it will check openssl MD4 algorithm support as MD4 is
 insecure and modern systems may drop MD4 support.
 Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
 Reference:https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d
 Conflict:NA
 ---
 meson.build       | 13 ++++++++++---
 meson_options.txt |  1 +
 ntlm/meson.build  |  2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)
 diff --git a/meson.build b/meson.build
 index 11d6ed8..d2a0e06 100644
 --- a/meson.build
 +++ b/meson.build
@@ -61,6 +61,7 @@ add_project_arguments(cc.get_supported_arguments(cflags), language: 'c')
 ################################################################################
 dldep = cc.find_library('dl')
 ssldep = dependency('openssl', version : '>=1.1.0', required : get_option('tls'))
 +ntlmdep = dependency('openssl', version : '>=1.1.0', required : get_option('ntlm'))
 threaddep = dependency('threads', required : get_option('pthreads'))
 #XXX add test for libbind9.so
@@ -69,6 +70,7 @@ lwresdep = cc.find_library('lwres', required : get_option('lwres'))
 deps = [
   dldep,
   ssldep,
 +  ntlmdep,
   threaddep,
   lwresdep,
 ]
@@ -237,8 +239,12 @@ include_dir = include_directories('.')
 subdir('login')
 subdir('plain')
 subdir('crammd5')
 -if ssldep.found()
 -  subdir('ntlm')
 +if ntlmdep.found()
 +  if cc.has_header('openssl/md4.h') and cc.has_function('MD4_Init', dependencies : ntlmdep)
 +    subdir('ntlm')
 +  else
 +    error('MD4 is not supported in current openssl, unable to build NTLM plugin')
 +  endif
 endif
 ################################################################################
@@ -264,4 +270,5 @@ summary({'current:revision:age': libesmtp_cra,
 	 'STARTTLS': ssldep.found(),
 	 'CHUNKING': get_option('bdat'),
 	 'ETRN': get_option('etrn'),
 -	 'XUSR': get_option('xusr')})
 +	 'XUSR': get_option('xusr'),
 +	 'NTLM': ntlmdep.found()})
 diff --git a/meson_options.txt b/meson_options.txt
 index 8375e2c..158f38f 100644
 --- a/meson_options.txt
 +++ b/meson_options.txt
@@ -5,3 +5,4 @@ option('lwres', type : 'feature', value : 'disabled', description : 'use lwres l
 option('bdat', type : 'boolean', value : 'true', description : 'enable SMTP BDAT extension')
 option('etrn', type : 'boolean', value : 'true', description : 'enable SMTP ETRN extension')
 option('xusr', type : 'boolean', value : 'true', description : 'enable sendmail XUSR extension')
 +option('ntlm', type : 'feature', value : 'disabled', description : 'build with support for NTLM authentication')
 diff --git a/ntlm/meson.build b/ntlm/meson.build
 index e0eef58..11d7f58 100644
 --- a/ntlm/meson.build
 +++ b/ntlm/meson.build
@@ -5,7 +5,7 @@ sasl_ntlm_sources = [
   'ntlmstruct.c',
 ]
 -ntlm_deps = [ ssldep, ]
 +ntlm_deps = [ ntlmdep, ]
 sasl_ntlm = shared_module('ntlm', sasl_ntlm_sources,
 			  name_prefix : 'sasl-',
--- a/libesmtp-1.0.6-openssl-1.1.patch
+++ b/libesmtp-1.0.6-openssl-1.1.patch
@ -1,14 +0,0 @@
 diff --git a/configure.ac b/configure.ac
 index 556f220..2c0693d 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -303,7 +303,7 @@ if test x$with_openssl != xno ; then
 	)
 fi
 if test x$with_openssl != xno ; then
 -	AC_CHECK_LIB(ssl, SSL_library_init, [
 +	AC_CHECK_LIB(ssl, SSL_new, [
 				with_openssl=yes
 				LIBS="-lssl -lcrypto $LIBS"
 		     ], [
--- a/libesmtp-1.0.6.tar.bz2
+++ b/libesmtp-1.0.6.tar.bz2
--- a/libesmtp-1.1.0.tar.gz
+++ b/libesmtp-1.1.0.tar.gz
--- a/libesmtp.spec
+++ b/libesmtp.spec
@ -1,16 +1,15 @@
-%define plugindir %{_libdir}/esmtp-plugins
+%define so_ver 6.2.0
 Name:           libesmtp
-Version:        1.0.6
+Version:        1.1.0
-Release:        20
+Release:        1
 Summary:        A library for posting electronic mail
 License:        LGPLv2+
-URL:            https://www.stafford.uklinux.net/%{name}/
+URL:            https://libesmtp.github.io/
-Source:         https://pkgs.fedoraproject.org/repo/pkgs/libesmtp/libesmtp-1.0.6.tar.bz2/bf3915e627fd8f35524a8fdfeed979c8/libesmtp-1.0.6.tar.bz2
+Source:         https://github.com/libesmtp/libESMTP/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Patch0:         libesmtp-1.0.6-openssl-1.1.patch
+Patch0:         backport-add_ntlm.patch
-Patch1:         CVE-2019-19977.patch
+BuildRequires:  gcc openssl-devel pkgconfig meson >= 0.50.0 libtool
 BuildRequires:  gcc openssl-devel pkgconfig autoconf automake libtool
 %description
 %{name} is an SMTP client which manages posting (or submission of) electronic
@ -30,35 +29,11 @@ applications that want to make use of %{name}.
 %package_help
 %prep
-%autosetup -n %{name}-%{version} -p1
+%autosetup -n libESMTP-%{version} -p1
 autoreconf -fi
 chmod a-x htable.c
 %build
-
+%meson
-if pkg-config openssl ; then
+%meson_build
  export CFLAGS="$CFLAGS $RPM_OPT_FLAGS `pkg-config --cflags openssl`"
  export LDFLAGS="$LDFLAGS `pkg-config --libs-only-L openssl`"
 fi
 %configure --with-auth-plugin-dir=%{plugindir} --enable-pthreads \
  --enable-require-all-recipients --enable-debug \
  --enable-etrn --disable-isoc --disable-more-warnings
 make %{?_smp_mflags}
 cat << "EOF" > %{name}.pc
 prefix=%{_prefix}
 exec_prefix=%{_prefix}
 libdir=%{_libdir}
 includedir=%{_includedir}
 Name:		 libESMTP
 Version: 	 %{version}
 Description:	 SMTP client library.
 Requires:	 openssl
 Libs:		 -pthread -L${libdir} -lesmtp
 Cflags:
 EOF
 cat << "EOF" > %{name}-config
 #! /bin/sh
@ -66,8 +41,8 @@ exec pkg-config "$@" libesmtp
 EOF
 %install
-%make_install
+%meson_install
-install -p -m 644 -D %{name}.pc %{buildroot}%{_libdir}/pkgconfig/%{name}.pc
+install -p -m 755 -D %{name}-config %{buildroot}%{_bindir}/%{name}-config
 %delete_la
@ -75,25 +50,29 @@ install -p -m 644 -D %{name}.pc %{buildroot}%{_libdir}/pkgconfig/%{name}.pc
 %files
 %defattr(-,root,root)
-%license COPYING COPYING.LIB
+%license LICENSE
-%doc AUTHORS
+%{_libdir}/esmtp-plugins-%{so_ver}
-%{_libdir}/%{name}.so.*
+%{_libdir}/libesmtp.so.%{so_ver}
 %{plugindir}
 %files devel
 %defattr(-,root,root)
 %doc examples
 %{_bindir}/%{name}-config
 %{_libdir}/%{name}.so
-%{_libdir}/pkgconfig/%{name}.pc
+%{_libdir}/pkgconfig/libesmtp-1.0.pc
 %{_libdir}/%{name}.a
 %{_prefix}/include/*.h
 %files help
 %defattr(-,root,root)
-%doc NEWS Notes README
+%doc README.md docs/*
 %changelog
 * Fri Aug 04 2023 xingwei <xingwei14@h-partners.com> - 1.1.0-1
 - Type:requirements
 - ID:NA
 - SUG:NA
 - DESC:update libesmtp to 1.1.0
 * Fri Sep 11 2020 lunankun <lunankun@huawei.com> - 1.0.6-20
 - Type:bugfix
 - ID:NA