main/libetpan: upgrade to 1.9.2

3 files changed, 3 insertions, 364 deletions

diff --git a/main/libetpan/0001-Fix-user-certificate-with-gnutls-3.0-api.patch b/main/libetpan/0001-Fix-user-certificate-with-gnutls-3.0-api.patch
deleted file mode 100644
index c6bd73e2c4..0000000000
--- a/main/libetpan/0001-Fix-user-certificate-with-gnutls-3.0-api.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 98ecc14f0cb7130a4651ca4c7bd02af05d5a365a Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Mon, 27 Aug 2018 10:12:10 +0200
-Subject: [PATCH] Fix user certificate with gnutls 3.0 api
-
-fixes #288
----
- src/data-types/mailstream_ssl.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 248d392..cb0a17e 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -568,7 +568,8 @@ static int mailstream_gnutls_client_cert_cb(gnutls_session session,
- #if GNUTLS_VERSION_NUMBER <= 0x020c00
- 		st->type = type;
- #else
--		st->key_type = type;
-+		st->cert_type = type;
-+		st->key_type = GNUTLS_PRIVKEY_X509;
- #endif
- 		st->cert.x509 = &(ssl_context->client_x509);
- 		st->key.x509 = ssl_context->client_pkey;
--- 
-2.18.0
-
diff --git a/main/libetpan/0002-Tls-server-name-indication-support.patch b/main/libetpan/0002-Tls-server-name-indication-support.patch
deleted file mode 100644
index 7647aca55c..0000000000
--- a/main/libetpan/0002-Tls-server-name-indication-support.patch
+++ /dev/null
@@ -1,330 +0,0 @@
-From f16399777776966fb27e9c46e269f8e43a07b40a Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 18:03:59 +0100
-Subject: [PATCH 1/7] Added a mailstream_ssl_set_server_name() function
-
-This allows clients to enable Server Name Indication on a TLS session by
-supplying the server name to be used, via a call within the session open
-callback.
----
- src/data-types/mailstream_ssl.c | 21 +++++++++++++++++++++
- src/data-types/mailstream_ssl.h |  4 ++++
- 2 files changed, 25 insertions(+)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index cb0a17eb..ef87d063 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -1361,6 +1361,27 @@ int mailstream_ssl_set_server_certicate(struct mailstream_ssl_context * ssl_cont
- #endif /* USE_SSL */
- }
- 
-+LIBETPAN_EXPORT
-+int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
-+    char * hostname)
-+{
-+  int r = -1;
-+
-+#ifdef USE_SSL
-+# ifdef USE_GNUTLS
-+  r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
-+# else /* !USE_GNUTLS */
-+#  if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-+  if (SSL_set_tlsext_host_name(ssl_context->openssl_ssl_ctx, hostname)) {
-+    r = 0;
-+  }
-+#  endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
-+# endif /* !USE_GNUTLS */
-+#endif /* USE_SSL */
-+
-+  return r;
-+}
-+
- #ifdef USE_SSL
- #ifndef USE_GNUTLS
- static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open_ssl_ctx, int fd)
-diff --git a/src/data-types/mailstream_ssl.h b/src/data-types/mailstream_ssl.h
-index 885dc7e7..fbf2642a 100644
---- a/src/data-types/mailstream_ssl.h
-+++ b/src/data-types/mailstream_ssl.h
-@@ -123,6 +123,10 @@ LIBETPAN_EXPORT
- int mailstream_ssl_set_server_certicate(struct mailstream_ssl_context * ssl_context, 
-     char * CAfile, char * CApath);
- 
-+LIBETPAN_EXPORT
-+int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
-+    char * hostname);
-+
- LIBETPAN_EXPORT
- void * mailstream_ssl_get_openssl_ssl_ctx(struct mailstream_ssl_context * ssl_context);
- 
-
-From abc0f2bce68913f8bffe1da0351c491e8d10c067 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 18:51:36 +0100
-Subject: [PATCH 2/7] Documented mailstream_ssl_set_server_name()
-
----
- doc/API.sgml | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/doc/API.sgml b/doc/API.sgml
-index d5c37a09..0f68d908 100644
---- a/doc/API.sgml
-+++ b/doc/API.sgml
-@@ -1213,6 +1213,22 @@ mailstream * mailstream_ssl_open(int fd);
-           <command>mailstream_ssl_open()</command> will open a
-           TLS/SSL socket.
-         </para>
-+
-+        <programlisting role="C">
-+int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
-+    char * hostname)
-+        </programlisting>
-+
-+        <para>
-+          <command>mailstream_ssl_set_server_name()</command> allows the client
-+          to enable the use of the Server Name Indication TLS extension upon
-+          opening a TLS stream, by providing the domain name to be indicated
-+          to server as the desired destination. <command>ssl_context</command>
-+          is the context pointer passed to the client-supplied callback
-+          function by <command>mailstream_ssl_open_with_callback()</command>
-+          etc. Note that <command>hostname</command> must be a domain name, not
-+          a string representation of an IP address.
-+        </para>
-       </sect2>  
-     </sect1>
- 
-
-From 96bc195bbd00ae270cc8f1838dd1a238022b7d03 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 21:12:11 +0100
-Subject: [PATCH 3/7] Corrected the setting of SNI with openssl
-
-Made mailstream_ssl_set_server_name() just store the server name in the
-context structure when we're using openssl, since the openssl function
-to set the server name to send needs to be called on the full SSL
-session, which we don't open until after the callback returns, not the
-SSL context.
----
- src/data-types/mailstream_ssl.c | 24 ++++++++++++++++++++----
- 1 file changed, 20 insertions(+), 4 deletions(-)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index ef87d063..9f846389 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -113,6 +113,7 @@ struct mailstream_ssl_context
-   SSL_CTX * openssl_ssl_ctx;
-   X509* client_x509;
-   EVP_PKEY *client_pkey;
-+  char * server_name;
- #else
-   gnutls_session session;
-   gnutls_x509_crt client_x509;
-@@ -463,7 +464,13 @@ static struct mailstream_ssl_data * ssl_data_new_full(int fd, time_t timeout,
-   
-   if (ssl_conn == NULL)
-     goto free_ctx;
--  
-+
-+  if (ssl_context->server_name != NULL) {
-+    SSL_set_tlsext_host_name(ssl_conn, ssl_context->server_name);
-+    free(ssl_context->server_name);
-+    ssl_context->server_name = NULL;
-+  }
-+
-   if (SSL_set_fd(ssl_conn, fd) == 0)
-     goto free_ssl_conn;
-   
-@@ -1372,9 +1379,13 @@ int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
-   r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
- # else /* !USE_GNUTLS */
- #  if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
--  if (SSL_set_tlsext_host_name(ssl_context->openssl_ssl_ctx, hostname)) {
--    r = 0;
-+  if (hostname != NULL) {
-+    ssl_context->server_name = strdup(hostname);
-   }
-+  else {
-+    ssl_context->server_name[0] = '\0';
-+  }
-+  r = 0;
- #  endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
- # endif /* !USE_GNUTLS */
- #endif /* USE_SSL */
-@@ -1395,6 +1406,7 @@ static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open
-   ssl_ctx->openssl_ssl_ctx = open_ssl_ctx;
-   ssl_ctx->client_x509 = NULL;
-   ssl_ctx->client_pkey = NULL;
-+  ssl_ctx->server_name = NULL;
-   ssl_ctx->fd = fd;
-   
-   return ssl_ctx;
-@@ -1402,8 +1414,12 @@ static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open
- 
- static void mailstream_ssl_context_free(struct mailstream_ssl_context * ssl_ctx)
- {
--  if (ssl_ctx)
-+  if (ssl_ctx != NULL) {
-+    if (ssl_ctx->server_name != NULL) {
-+      free(ssl_ctx->server_name);
-+    }
-     free(ssl_ctx);
-+  }
- }
- #else
- static struct mailstream_ssl_context * mailstream_ssl_context_new(gnutls_session session, int fd)
-
-From 073e83af0adf7d7edd4c4b058aee38dcc24aa4bc Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 21:18:43 +0100
-Subject: [PATCH 4/7] Minor mailstream_ssl_set_server_name() safety improvement
-
-Made mailstream_ssl_set_server_name() clear any previously set server
-name safely when given a NULL name pointer in the case that we're built
-against gnutls.
----
- src/data-types/mailstream_ssl.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 9f846389..96f0ddc6 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -1376,7 +1376,12 @@ int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
- 
- #ifdef USE_SSL
- # ifdef USE_GNUTLS
--  r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
-+  if (hostname != NULL) {
-+    r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
-+  }
-+  else {
-+    r = gnutls_server_name_set(ssl_context->session, GNUTLS_NAME_DNS, "", 0U);
-+  }
- # else /* !USE_GNUTLS */
- #  if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-   if (hostname != NULL) {
-
-From ee715ddb12e1b953b8ea6e5cbbdc3cf64cc8eed4 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 23:07:28 +0100
-Subject: [PATCH 5/7] Fixed the NULL host name case when openssl is used
-
-Corrected the handling of a NULL host name pointer being handed to
-mailstream_ssl_set_server_name() when we're using openssl.
----
- src/data-types/mailstream_ssl.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 96f0ddc6..5a95692c 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -1388,7 +1388,10 @@ int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
-     ssl_context->server_name = strdup(hostname);
-   }
-   else {
--    ssl_context->server_name[0] = '\0';
-+    if (ssl_context->server_name != NULL) {
-+      free(ssl_context->server_name);
-+    }
-+    ssl_context->server_name = NULL;
-   }
-   r = 0;
- #  endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
-
-From 11183d5cf2749b7d2c6cfca03d038b20348d7452 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sat, 20 Oct 2018 23:15:26 +0100
-Subject: [PATCH 6/7] Commented the copy of the host name in the openssl case
-
-Added a comment explaining why mailstream_ssl_set_server_name() takes a
-copy of the pass host name when we are using openssl, holding on to it
-in our context structure, and noting where it is passed to openssl and
-our copy freed.
----
- src/data-types/mailstream_ssl.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 5a95692c..561e8aa9 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -1385,6 +1385,14 @@ int mailstream_ssl_set_server_name(struct mailstream_ssl_context * ssl_context,
- # else /* !USE_GNUTLS */
- #  if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-   if (hostname != NULL) {
-+    /* Unfortunately we can't set this in the openssl session yet since it
-+     * hasn't been created yet; we only have the openssl context at this point.
-+     * We will set it in the openssl session when we create it, soon after the
-+     * client callback that we expect to be calling us (since it is the way the
-+     * client gets our mailstream_ssl_context) returns (see
-+     * ssl_data_new_full()) but we cannot rely on the client persisting it. We
-+     * must therefore take a temporary copy here, which we free once we've set
-+     * it in the openssl session. */
-     ssl_context->server_name = strdup(hostname);
-   }
-   else {
-
-From e3071d43c1db7b21c5fc53eaa7004b434156a518 Mon Sep 17 00:00:00 2001
-From: Alex Smith <44322503+MadAlexUK@users.noreply.github.com>
-Date: Sun, 21 Oct 2018 13:02:56 +0100
-Subject: [PATCH 7/7] Guarded all the openssl SNI code with the necessary
- version check
-
----
- src/data-types/mailstream_ssl.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/data-types/mailstream_ssl.c b/src/data-types/mailstream_ssl.c
-index 561e8aa9..2c1a7441 100644
---- a/src/data-types/mailstream_ssl.c
-+++ b/src/data-types/mailstream_ssl.c
-@@ -113,7 +113,9 @@ struct mailstream_ssl_context
-   SSL_CTX * openssl_ssl_ctx;
-   X509* client_x509;
-   EVP_PKEY *client_pkey;
-+# if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-   char * server_name;
-+# endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
- #else
-   gnutls_session session;
-   gnutls_x509_crt client_x509;
-@@ -465,11 +467,13 @@ static struct mailstream_ssl_data * ssl_data_new_full(int fd, time_t timeout,
-   if (ssl_conn == NULL)
-     goto free_ctx;
- 
-+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-   if (ssl_context->server_name != NULL) {
-     SSL_set_tlsext_host_name(ssl_conn, ssl_context->server_name);
-     free(ssl_context->server_name);
-     ssl_context->server_name = NULL;
-   }
-+#endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
- 
-   if (SSL_set_fd(ssl_conn, fd) == 0)
-     goto free_ssl_conn;
-@@ -1422,7 +1426,9 @@ static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open
-   ssl_ctx->openssl_ssl_ctx = open_ssl_ctx;
-   ssl_ctx->client_x509 = NULL;
-   ssl_ctx->client_pkey = NULL;
-+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-   ssl_ctx->server_name = NULL;
-+#endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
-   ssl_ctx->fd = fd;
-   
-   return ssl_ctx;
-@@ -1431,9 +1437,11 @@ static struct mailstream_ssl_context * mailstream_ssl_context_new(SSL_CTX * open
- static void mailstream_ssl_context_free(struct mailstream_ssl_context * ssl_ctx)
- {
-   if (ssl_ctx != NULL) {
-+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-     if (ssl_ctx->server_name != NULL) {
-       free(ssl_ctx->server_name);
-     }
-+#endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
-     free(ssl_ctx);
-   }
- }
diff --git a/main/libetpan/APKBUILD b/main/libetpan/APKBUILD
index 53c0a44b6d..7c243b4e66 100644
--- a/main/libetpan/APKBUILD
+++ b/main/libetpan/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libetpan
-pkgver=1.8
-pkgrel=2
+pkgver=1.9.2
+pkgrel=0
 pkgdesc="a portable middleware for email access"
 url="http://www.etpan.org/"
 arch="all"
@@ -11,8 +11,6 @@ makedepends="db-dev cyrus-sasl-dev curl-dev expat-dev gnutls-dev libgcrypt-dev
 	libgpg-error-dev autoconf automake libtool zlib-dev"
 depends_dev="cyrus-sasl-dev db-dev"
 source="libetpan-$pkgver.tar.gz::https://github.com/dinhviethoa/libetpan/archive/$pkgver.tar.gz
-	0001-Fix-user-certificate-with-gnutls-3.0-api.patch
-	0002-Tls-server-name-indication-support.patch
 	"
 
 builddir="$srcdir/$pkgname-$pkgver"
@@ -47,6 +45,4 @@ package() {
 	install -Dm644 COPYRIGHT "$pkgdir"/usr/share/licenses/$pkgname/license.txt
 }
 
-sha512sums="a5e97998803cc56dbd54356153c8579b52a9675fe95fbf642c3158215428d9d2cb30c4e0060c5f4dd760634fff5b1c2a32ce4bb70a5f2bc6398a071ce95e1efd  libetpan-1.8.tar.gz
-884f3c0bde7ba4a9128c6fb86bf6667f2388b6ca197051083c928cb36df7c909367a5cb0042826ce6199ce3d1e5161e36db6f3fc3ce3808eb431ddd8d8d530ef  0001-Fix-user-certificate-with-gnutls-3.0-api.patch
-c25fe5e660a3f8afe3399f602fd5a379806e2d2186a28431341432b2aacd44ecf01826020fcecf243338efc464f22219ba3a1889c92a970c739a28dd905a6da5  0002-Tls-server-name-indication-support.patch"
+sha512sums="3e2e1de77fae2212374e909d15ed8564eee90883c38fee0ca69f58785733b1ac2df848da1bda6f55577d647e0ad27bc3057199e70b6ef01f2a7e2823b24113ba  libetpan-1.9.2.tar.gz"