aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2019-01-21 11:41:10 +0200
committerTimo Teräs <timo.teras@iki.fi>2019-01-21 11:42:29 +0200
commitf5abfc57426b171110f5401e9cefd11be9797915 (patch)
treea6662abfafa8cb38d3820eb19e4eff31fac641aa
parentf5e0e35eda9b34e970c9dc57aee930d9113d6f37 (diff)
downloadaports-f5abfc57426b171110f5401e9cefd11be9797915.tar.bz2
aports-f5abfc57426b171110f5401e9cefd11be9797915.tar.xz
main/libetpan: upgrade to 1.9.2
-rw-r--r--main/libetpan/0001-Fix-user-certificate-with-gnutls-3.0-api.patch27
-rw-r--r--main/libetpan/0002-Tls-server-name-indication-support.patch330
-rw-r--r--main/libetpan/APKBUILD10
3 files changed, 3 insertions, 364 deletions
diff --git a/main/libetpan/0001-Fix-user-certificate-with-gnutls-3.0-api.patch b/main/libetpan/0001-Fix-user-certificate-with-gnutls-3.0-api.patch
deleted file mode 100644
index c6bd73e2c4..0000000000
--- a/main/libetpan/0001-Fix-user-certificate-with-gnutls-3.0-api.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 98ecc14f0cb7130a4651ca4c7bd02af05d5a365a Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Mon, 27 Aug 2018 10:12:10 +0200
-Subject: [PATCH] Fix user certificate with gnutls 3.0 api
-
-fixes #288
----
- src/data-types/mailstream_ssl.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 248d392..cb0a17e 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -568,7 +568,8 @@ static int mailstream_gnutls_client_cert_cb(gnutls_session session,
- #if GNUTLS_VERSION_NUMBER <= 0x020c00
- st->type = type;
- #else
-- st->key_type = type;
-+ st->cert_type = type;
-+ st->key_type = GNUTLS_PRIVKEY_X509;
- #endif
- st->cert.x509 = &(ssl_context->client_x509);
- st->key.x509 = ssl_context->client_pkey;
---
-2.18.0
-
diff --git a/main/libetpan/0002-Tls-server-name-indication-support.patch b/main/libetpan/0002-Tls-server-name-indication-support.patch
deleted file mode 100644
index 7647aca55c..0000000000
--- a/main/libetpan/0002-Tls-server-name-indication-support.patch
+++ /dev/null
@@ -1,330 +0,0 @@
-From f16399777776966fb27e9c46e269f8e43a07b40a Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 18:03:59 +0100
-Subject: [PATCH 1/7] Added a mailstream_ssl_set_server_name() function
-
-This allows clients to enable Server Name Indication on a TLS session by
-supplying the server name to be used, via a call within the session open
-callback.
----
- src/data-types/mailstream_ssl.c | 21 +++++++++++++++++++++
- src/data-types/mailstream_ssl.h | 4 ++++
- 2 files changed, 25 insertions(+)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index cb0a17eb..ef87d063 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -1361,6 +1361,27 @@ int mailstream_ssl_set_server_certicate(struct mailstream_ssl_context * ssl_cont
- #endif /* USE_SSL */
- }
-
-+LIBETPAN_EXPORT
-+int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
-+ char * hostname)
-+{
-+ int r = -1;
-+
-+#ifdef USE_SSL
-+# ifdef USE_GNUTLS
-+ r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
-+# else /* !USE_GNUTLS */
-+# if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-+ if (SSL_set_tlsext_host_name(ssl_context->openssl_ssl_ctx, hostname)) {
-+ r = 0;
-+ }
-+# endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
-+# endif /* !USE_GNUTLS */
-+#endif /* USE_SSL */
-+
-+ return r;
-+}
-+
- #ifdef USE_SSL
- #ifndef USE_GNUTLS
- static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open_ssl_ctx, int fd)
-diff --git a/src/data-types/mailstream_ssl.h b/src/data-types/mailstream_ssl.h
-index 885dc7e7..fbf2642a 100644
---- a/src/data-types/mailstream_ssl.h
-+++ b/src/data-types/mailstream_ssl.h
-@@ -123,6 +123,10 @@ LIBETPAN_EXPORT
- int mailstream_ssl_set_server_certicate(struct mailstream_ssl_context * ssl_context,
- char * CAfile, char * CApath);
-
-+LIBETPAN_EXPORT
-+int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
-+ char * hostname);
-+
- LIBETPAN_EXPORT
- void * mailstream_ssl_get_openssl_ssl_ctx(struct mailstream_ssl_context * ssl_context);
-
-
-From abc0f2bce68913f8bffe1da0351c491e8d10c067 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 18:51:36 +0100
-Subject: [PATCH 2/7] Documented mailstream_ssl_set_server_name()
-
----
- doc/API.sgml | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/doc/API.sgml b/doc/API.sgml
-index d5c37a09..0f68d908 100644
---- a/doc/API.sgml
-+++ b/doc/API.sgml
-@@ -1213,6 +1213,22 @@ mailstream * mailstream_ssl_open(int fd);
- <command>mailstream_ssl_open()</command> will open a
- TLS/SSL socket.
- </para>
-+
-+ <programlisting role="C">
-+int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
-+ char * hostname)
-+ </programlisting>
-+
-+ <para>
-+ <command>mailstream_ssl_set_server_name()</command> allows the client
-+ to enable the use of the Server Name Indication TLS extension upon
-+ opening a TLS stream, by providing the domain name to be indicated
-+ to server as the desired destination. <command>ssl_context</command>
-+ is the context pointer passed to the client-supplied callback
-+ function by <command>mailstream_ssl_open_with_callback()</command>
-+ etc. Note that <command>hostname</command> must be a domain name, not
-+ a string representation of an IP address.
-+ </para>
- </sect2>
- </sect1>
-
-
-From 96bc195bbd00ae270cc8f1838dd1a238022b7d03 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 21:12:11 +0100
-Subject: [PATCH 3/7] Corrected the setting of SNI with openssl
-
-Made mailstream_ssl_set_server_name() just store the server name in the
-context structure when we're using openssl, since the openssl function
-to set the server name to send needs to be called on the full SSL
-session, which we don't open until after the callback returns, not the
-SSL context.
----
- src/data-types/mailstream_ssl.c | 24 ++++++++++++++++++++----
- 1 file changed, 20 insertions(+), 4 deletions(-)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index ef87d063..9f846389 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -113,6 +113,7 @@ struct mailstream_ssl_context
- SSL_CTX * openssl_ssl_ctx;
- X509* client_x509;
- EVP_PKEY *client_pkey;
-+ char * server_name;
- #else
- gnutls_session session;
- gnutls_x509_crt client_x509;
-@@ -463,7 +464,13 @@ static struct mailstream_ssl_data * ssl_data_new_full(int fd, time_t timeout,
-
- if (ssl_conn == NULL)
- goto free_ctx;
--
-+
-+ if (ssl_context->server_name != NULL) {
-+ SSL_set_tlsext_host_name(ssl_conn, ssl_context->server_name);
-+ free(ssl_context->server_name);
-+ ssl_context->server_name = NULL;
-+ }
-+
- if (SSL_set_fd(ssl_conn, fd) == 0)
- goto free_ssl_conn;
-
-@@ -1372,9 +1379,13 @@ int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
- r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
- # else /* !USE_GNUTLS */
- # if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-- if (SSL_set_tlsext_host_name(ssl_context->openssl_ssl_ctx, hostname)) {
-- r = 0;
-+ if (hostname != NULL) {
-+ ssl_context->server_name = strdup(hostname);
- }
-+ else {
-+ ssl_context->server_name[0] = '\0';
-+ }
-+ r = 0;
- # endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
- # endif /* !USE_GNUTLS */
- #endif /* USE_SSL */
-@@ -1395,6 +1406,7 @@ static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open
- ssl_ctx->openssl_ssl_ctx = open_ssl_ctx;
- ssl_ctx->client_x509 = NULL;
- ssl_ctx->client_pkey = NULL;
-+ ssl_ctx->server_name = NULL;
- ssl_ctx->fd = fd;
-
- return ssl_ctx;
-@@ -1402,8 +1414,12 @@ static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open
-
- static void mailstream_ssl_context_free(struct mailstream_ssl_context * ssl_ctx)
- {
-- if (ssl_ctx)
-+ if (ssl_ctx != NULL) {
-+ if (ssl_ctx->server_name != NULL) {
-+ free(ssl_ctx->server_name);
-+ }
- free(ssl_ctx);
-+ }
- }
- #else
- static struct mailstream_ssl_context * mailstream_ssl_context_new(gnutls_session session, int fd)
-
-From 073e83af0adf7d7edd4c4b058aee38dcc24aa4bc Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 21:18:43 +0100
-Subject: [PATCH 4/7] Minor mailstream_ssl_set_server_name() safety improvement
-
-Made mailstream_ssl_set_server_name() clear any previously set server
-name safely when given a NULL name pointer in the case that we're built
-against gnutls.
----
- src/data-types/mailstream_ssl.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 9f846389..96f0ddc6 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -1376,7 +1376,12 @@ int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
-
- #ifdef USE_SSL
- # ifdef USE_GNUTLS
-- r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
-+ if (hostname != NULL) {
-+ r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
-+ }
-+ else {
-+ r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, "", 0U);
-+ }
- # else /* !USE_GNUTLS */
- # if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
- if (hostname != NULL) {
-
-From ee715ddb12e1b953b8ea6e5cbbdc3cf64cc8eed4 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 23:07:28 +0100
-Subject: [PATCH 5/7] Fixed the NULL host name case when openssl is used
-
-Corrected the handling of a NULL host name pointer being handed to
-mailstream_ssl_set_server_name() when we're using openssl.
----
- src/data-types/mailstream_ssl.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 96f0ddc6..5a95692c 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -1388,7 +1388,10 @@ int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
- ssl_context->server_name = strdup(hostname);
- }
- else {
-- ssl_context->server_name[0] = '\0';
-+ if (ssl_context->server_name != NULL) {
-+ free(ssl_context->server_name);
-+ }
-+ ssl_context->server_name = NULL;
- }
- r = 0;
- # endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
-
-From 11183d5cf2749b7d2c6cfca03d038b20348d7452 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 23:15:26 +0100
-Subject: [PATCH 6/7] Commented the copy of the host name in the openssl case
-
-Added a comment explaining why mailstream_ssl_set_server_name() takes a
-copy of the pass host name when we are using openssl, holding on to it
-in our context structure, and noting where it is passed to openssl and
-our copy freed.
----
- src/data-types/mailstream_ssl.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 5a95692c..561e8aa9 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -1385,6 +1385,14 @@ int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
- # else /* !USE_GNUTLS */
- # if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
- if (hostname != NULL) {
-+ /* Unfortunately we can't set this in the openssl session yet since it
-+ * hasn't been created yet; we only have the openssl context at this point.
-+ * We will set it in the openssl session when we create it, soon after the
-+ * client callback that we expect to be calling us (since it is the way the
-+ * client gets our mailstream_ssl_context) returns (see
-+ * ssl_data_new_full()) but we cannot rely on the client persisting it. We
-+ * must therefore take a temporary copy here, which we free once we've set
-+ * it in the openssl session. */
- ssl_context->server_name = strdup(hostname);
- }
- else {
-
-From e3071d43c1db7b21c5fc53eaa7004b434156a518 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sun, 21 Oct 2018 13:02:56 +0100
-Subject: [PATCH 7/7] Guarded all the openssl SNI code with the necessary
- version check
-
----
- src/data-types/mailstream_ssl.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 561e8aa9..2c1a7441 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -113,7 +113,9 @@ struct mailstream_ssl_context
- SSL_CTX * openssl_ssl_ctx;
- X509* client_x509;
- EVP_PKEY *client_pkey;
-+# if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
- char * server_name;
-+# endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
- #else
- gnutls_session session;
- gnutls_x509_crt client_x509;
-@@ -465,11 +467,13 @@ static struct mailstream_ssl_data * ssl_data_new_full(int fd, time_t timeout,
- if (ssl_conn == NULL)
- goto free_ctx;
-
-+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
- if (ssl_context->server_name != NULL) {
- SSL_set_tlsext_host_name(ssl_conn, ssl_context->server_name);
- free(ssl_context->server_name);
- ssl_context->server_name = NULL;
- }
-+#endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
-
- if (SSL_set_fd(ssl_conn, fd) == 0)
- goto free_ssl_conn;
-@@ -1422,7 +1426,9 @@ static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open
- ssl_ctx->openssl_ssl_ctx = open_ssl_ctx;
- ssl_ctx->client_x509 = NULL;
- ssl_ctx->client_pkey = NULL;
-+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
- ssl_ctx->server_name = NULL;
-+#endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
- ssl_ctx->fd = fd;
-
- return ssl_ctx;
-@@ -1431,9 +1437,11 @@ static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open
- static void mailstream_ssl_context_free(struct mailstream_ssl_context * ssl_ctx)
- {
- if (ssl_ctx != NULL) {
-+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
- if (ssl_ctx->server_name != NULL) {
- free(ssl_ctx->server_name);
- }
-+#endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
- free(ssl_ctx);
- }
- }
diff --git a/main/libetpan/APKBUILD b/main/libetpan/APKBUILD
index 53c0a44b6d..7c243b4e66 100644
--- a/main/libetpan/APKBUILD
+++ b/main/libetpan/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libetpan
-pkgver=1.8
-pkgrel=2
+pkgver=1.9.2
+pkgrel=0
pkgdesc="a portable middleware for email access"
url="http://www.etpan.org/"
arch="all"
@@ -11,8 +11,6 @@ makedepends="db-dev cyrus-sasl-dev curl-dev expat-dev gnutls-dev libgcrypt-dev
libgpg-error-dev autoconf automake libtool zlib-dev"
depends_dev="cyrus-sasl-dev db-dev"
source="libetpan-$pkgver.tar.gz::https://github.com/dinhviethoa/libetpan/archive/$pkgver.tar.gz
- 0001-Fix-user-certificate-with-gnutls-3.0-api.patch
- 0002-Tls-server-name-indication-support.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -47,6 +45,4 @@ package() {
install -Dm644 COPYRIGHT "$pkgdir"/usr/share/licenses/$pkgname/license.txt
}
-sha512sums="a5e97998803cc56dbd54356153c8579b52a9675fe95fbf642c3158215428d9d2cb30c4e0060c5f4dd760634fff5b1c2a32ce4bb70a5f2bc6398a071ce95e1efd libetpan-1.8.tar.gz
-884f3c0bde7ba4a9128c6fb86bf6667f2388b6ca197051083c928cb36df7c909367a5cb0042826ce6199ce3d1e5161e36db6f3fc3ce3808eb431ddd8d8d530ef 0001-Fix-user-certificate-with-gnutls-3.0-api.patch
-c25fe5e660a3f8afe3399f602fd5a379806e2d2186a28431341432b2aacd44ecf01826020fcecf243338efc464f22219ba3a1889c92a970c739a28dd905a6da5 0002-Tls-server-name-indication-support.patch"
+sha512sums="3e2e1de77fae2212374e909d15ed8564eee90883c38fee0ca69f58785733b1ac2df848da1bda6f55577d647e0ad27bc3057199e70b6ef01f2a7e2823b24113ba libetpan-1.9.2.tar.gz"