Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=9e075d3a1e9a37556680fa7bd23b46f043cb552c
commit 9e075d3a1e9a37556680fa7bd23b46f043cb552c Author: Miklos Vajna <vmik...@frugalware.org> Date: Tue Mar 16 20:35:19 2010 +0100 libesmtp-1.0.4-2-i686 - add CVE-2009-2408.patch - closes #4141 diff --git a/source/network-extra/libesmtp/CVE-2009-2408.patch b/source/network-extra/libesmtp/CVE-2009-2408.patch new file mode 100644 index 0000000..f9c6fcc --- /dev/null +++ b/source/network-extra/libesmtp/CVE-2009-2408.patch @@ -0,0 +1,42 @@ +--- smtp-tls.c-orig 2005-12-15 19:59:49.000000000 +0100 ++++ smtp-tls.c 2010-03-09 21:37:16.769301648 +0100 +@@ -439,16 +439,24 @@ + match_component (const char *dom, const char *edom, + const char *ref, const char *eref) + { ++ int wildcard = 0; ++ + while (dom < edom && ref < eref) + { + /* Accept a final '*' in the reference as a wildcard */ + if (*ref == '*' && ref + 1 == eref) +- break; ++ { ++ wildcard = 1; ++ break; ++ } + /* compare the domain name case insensitive */ + if (!(*dom == *ref || tolower (*dom) == tolower (*ref))) + return 0; + ref++, dom++; + } ++ if (!wildcard && (dom < edom || ref < eref)) ++ return 0; ++ + return 1; + } + +@@ -589,9 +597,10 @@ + if (!ok) + { + /* Matching by subjectAltName failed, try commonName */ +- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), +- NID_commonName, buf, sizeof buf); +- if (!match_domain (session->host, buf) != 0) ++ int l = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), ++ NID_commonName, buf, sizeof buf); ++ if (l != strlen(buf) || ++ !match_domain (session->host, buf) != 0) + { + if (session->event_cb != NULL) + (*session->event_cb) (session, SMTP_EV_WRONG_PEER_CERTIFICATE, diff --git a/source/network-extra/libesmtp/FrugalBuild b/source/network-extra/libesmtp/FrugalBuild index ca56082..3de9b0b 100644 --- a/source/network-extra/libesmtp/FrugalBuild +++ b/source/network-extra/libesmtp/FrugalBuild @@ -3,16 +3,18 @@ pkgname=libesmtp pkgver=1.0.4 -pkgrel=1 +pkgrel=2 pkgdesc="A library that implements the client side of the SMTP protocol" url="http://www.stafford.uklinux.net/libesmtp/" depends=('openssl') groups=('network-extra') archs=('i686' 'x86_64' 'ppc') up2date="Flasttar $url/download.html" -source=(http://www.stafford.uklinux.net/$pkgname/$pkgname-$pkgver.tar.bz2) +source=(http://www.stafford.uklinux.net/$pkgname/$pkgname-$pkgver.tar.bz2 \ + CVE-2009-2408.patch) Fconfopts="$Fconfopts --enable-all" -sha1sums=('cda45c437164ecfa4fd8cf24d0a056224fc29c6a') +sha1sums=('cda45c437164ecfa4fd8cf24d0a056224fc29c6a' \ + '0110b08b787a7023f5002413723a336edc0cc942') if [ "$CARCH" == "x86_64" ]; then export CFLAGS="$CFLAGS -fPIC" _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git