Date: Monday, May 26, 2014 @ 15:43:12
Author: andyrtr
Revision: 213598
upgpkg: claws-mail 3.10.0-1
upstream update 3.10.0
Modified:
claws-mail/trunk/PKGBUILD
Deleted:
claws-mail/trunk/claws-ssl-1.patch
claws-mail/trunk/claws-ssl-2.patch
claws-mail/trunk/claws-ssl-3.patch
-------------------+
PKGBUILD | 25 --
claws-ssl-1.patch | 494 ----------------------------------------------------
claws-ssl-2.patch | 139 --------------
claws-ssl-3.patch | 241 -------------------------
4 files changed, 5 insertions(+), 894 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-05-26 11:06:44 UTC (rev 213597)
+++ PKGBUILD 2014-05-26 13:43:12 UTC (rev 213598)
@@ -2,8 +2,8 @@
# Maintainer: Andreas Radke <andy...@archlinux.org>
pkgname=claws-mail
-pkgver=3.9.3
-pkgrel=4
+pkgver=3.10.0
+pkgrel=1
pkgdesc="A GTK+ based e-mail client."
arch=('i686' 'x86_64')
license=('GPL3')
@@ -34,25 +34,10 @@
conflicts=('claws-mail-extra-plugins')
provides=('claws')
install=claws-mail.install
-source=(http://downloads.sourceforge.net/sourceforge/sylpheed-claws/${pkgname}-${pkgver}.tar.bz2{,.asc}
- claws-ssl-1.patch
- claws-ssl-2.patch
- claws-ssl-3.patch)
-md5sums=('0158b5e6b6d6866f9a75fd288a4edf04'
- 'SKIP'
- '02e5fc5dba976208dfabf23d7666681d'
- 'dd53ff284cf802ef639bf92fac996d12'
- 'e8c2ce77c8df7a2c514a4547337304d8')
+source=(http://downloads.sourceforge.net/sourceforge/claws-mail/${pkgname}-${pkgver}.tar.xz{,.asc})
+sha1sums=('c5e8063ea922b1bd6825f5221347ec8ebfa0ae3b'
+ 'SKIP')
-prepare() {
- cd ${pkgname}-${pkgver}
- # fix ssl certificate verification with libetpan >= 1.4
- patch -Np1 < ${srcdir}/claws-ssl-1.patch
- patch -Np1 < ${srcdir}/claws-ssl-2.patch
- patch -Np1 < ${srcdir}/claws-ssl-3.patch
- autoreconf -vfi
-}
-
build() {
cd ${pkgname}-${pkgver}
Deleted: claws-ssl-1.patch
===================================================================
--- claws-ssl-1.patch 2014-05-26 11:06:44 UTC (rev 213597)
+++ claws-ssl-1.patch 2014-05-26 13:43:12 UTC (rev 213598)
@@ -1,494 +0,0 @@
-From 35da14ea91d4d32527fbe3293d2ffd26cd642710 Mon Sep 17 00:00:00 2001
-From: Nepu User <nepu@localhost.localdomain>
-Date: Sun, 27 Apr 2014 14:50:36 +0200
-Subject: [PATCH 1/3] upstream commit b0c17cd08e482dbda407dabdc952dfcf5d8fdb6e
-
----
- src/etpan/Makefile.am | 6 ++-
- src/etpan/etpan-ssl.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++
- src/etpan/etpan-ssl.h | 40 ++++++++++++++++
- src/etpan/imap-thread.c | 96 +++-----------------------------------
- src/etpan/nntp-thread.c | 83 ++-------------------------------
- 5 files changed, 175 insertions(+), 171 deletions(-)
- create mode 100644 src/etpan/etpan-ssl.c
- create mode 100644 src/etpan/etpan-ssl.h
-
-diff --git a/src/etpan/Makefile.am b/src/etpan/Makefile.am
-index b4bfe62..eb343b2 100644
---- a/src/etpan/Makefile.am
-+++ b/src/etpan/Makefile.am
-@@ -5,7 +5,8 @@ noinst_LTLIBRARIES = libclawsetpan.la
- libclawsetpan_la_SOURCES = \
- etpan-thread-manager.c \
- imap-thread.c \
-- nntp-thread.c
-+ nntp-thread.c \
-+ etpan-ssl.c
-
- clawsetpanincludedir = $(pkgincludedir)/etpan
- clawsetpaninclude_HEADERS = \
-@@ -13,7 +14,8 @@ clawsetpaninclude_HEADERS = \
- etpan-thread-manager.h \
- etpan-errors.h \
- imap-thread.h \
-- nntp-thread.h
-+ nntp-thread.h \
-+ etpan-ssl.h
-
- INCLUDES = \
- -I$(top_srcdir)/src \
-diff --git a/src/etpan/etpan-ssl.c b/src/etpan/etpan-ssl.c
-new file mode 100644
-index 0000000..6642e40
---- /dev/null
-+++ b/src/etpan/etpan-ssl.c
-@@ -0,0 +1,121 @@
-+/*
-+ * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
-+ * Copyright (C) 1999-2012 Colin Leroy <co...@colino.net>
-+ * and the Claws Mail team
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 3 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
-+ *
-+ */
-+
-+#ifdef HAVE_CONFIG_H
-+# include "config.h"
-+#include "claws-features.h"
-+#endif
-+
-+#ifdef USE_GNUTLS
-+#ifdef HAVE_LIBETPAN
-+#include <libetpan/libetpan.h>
-+#include <gnutls/gnutls.h>
-+#include <gnutls/x509.h>
-+#include <stdlib.h>
-+#include <glib.h>
-+#include <glib/gi18n.h>
-+#include <errno.h>
-+
-+#include "ssl_certificate.h"
-+#include "utils.h"
-+#include "log.h"
-+#include "prefs_account.h"
-+
-+gboolean etpan_certificate_check(mailstream *stream, const char *host, gint
port)
-+{
-+ unsigned char *cert_der = NULL;
-+ int len;
-+ gnutls_x509_crt_t cert = NULL;
-+ gnutls_datum_t tmp;
-+
-+ if (stream == NULL)
-+ return FALSE;
-+
-+ len = (int)mailstream_ssl_get_certificate(stream, &cert_der);
-+
-+ if (cert_der == NULL || len < 0) {
-+ g_warning("no cert presented.\n");
-+ return FALSE;
-+ }
-+
-+ tmp.data = malloc(len);
-+ memcpy(tmp.data, cert_der, len);
-+ tmp.size = len;
-+ gnutls_x509_crt_init(&cert);
-+
-+ free(cert_der);
-+
-+ if (gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER) < 0) {
-+ free(tmp.data);
-+ g_warning("IMAP: can't get cert\n");
-+ return FALSE;
-+ } else if (ssl_certificate_check(cert, (guint)-1, host, port) == TRUE) {
-+ free(tmp.data);
-+ gnutls_x509_crt_deinit(cert);
-+ return TRUE;
-+ } else {
-+ free(tmp.data);
-+ gnutls_x509_crt_deinit(cert);
-+ return FALSE;
-+ }
-+}
-+
-+void etpan_connect_ssl_context_cb(struct mailstream_ssl_context *
ssl_context, void * data)
-+{
-+ PrefsAccount *account = (PrefsAccount *)data;
-+ const gchar *cert_path = NULL;
-+ const gchar *password = NULL;
-+ gnutls_x509_crt_t x509 = NULL;
-+ gnutls_x509_privkey_t pkey = NULL;
-+
-+ if (account->in_ssl_client_cert_file &&
*account->in_ssl_client_cert_file)
-+ cert_path = account->in_ssl_client_cert_file;
-+ if (account->in_ssl_client_cert_pass &&
*account->in_ssl_client_cert_pass)
-+ password = account->in_ssl_client_cert_pass;
-+
-+ if (mailstream_ssl_set_client_certificate_data(ssl_context, NULL, 0) <
0 ||
-+ mailstream_ssl_set_client_private_key_data(ssl_context, NULL, 0) <
0)
-+ debug_print("Impossible to set the client certificate.\n");
-+ x509 = ssl_certificate_get_x509_from_pem_file(cert_path);
-+ pkey = ssl_certificate_get_pkey_from_pem_file(cert_path);
-+ if (!(x509 && pkey)) {
-+ /* try pkcs12 format */
-+ ssl_certificate_get_x509_and_pkey_from_p12_file(cert_path,
password, &x509, &pkey);
-+ }
-+ if (x509 && pkey) {
-+ unsigned char *x509_der = NULL, *pkey_der = NULL;
-+ size_t x509_len, pkey_len;
-+
-+ x509_len = (size_t)gnutls_i2d_X509(x509, &x509_der);
-+ pkey_len = (size_t)gnutls_i2d_PrivateKey(pkey, &pkey_der);
-+ if (x509_len > 0 && pkey_len > 0) {
-+ if
(mailstream_ssl_set_client_certificate_data(ssl_context, x509_der, x509_len) <
0 ||
-+
mailstream_ssl_set_client_private_key_data(ssl_context, pkey_der, pkey_len) <
0)
-+ log_error(LOG_PROTOCOL, _("Impossible to set
the client certificate.\n"));
-+ g_free(x509_der);
-+ g_free(pkey_der);
-+ }
-+ gnutls_x509_crt_deinit(x509);
-+ gnutls_x509_privkey_deinit(pkey);
-+ }
-+}
-+
-+#endif /* USE_GNUTLS */
-+#endif /* HAVE_LIBETPAN */
-diff --git a/src/etpan/etpan-ssl.h b/src/etpan/etpan-ssl.h
-new file mode 100644
-index 0000000..5607d1a
---- /dev/null
-+++ b/src/etpan/etpan-ssl.h
-@@ -0,0 +1,40 @@
-+/*
-+ * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
-+ * Copyright (C) 1999-2012 Colin Leroy <co...@colino.net>
-+ * and the Claws Mail team
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 3 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
-+ *
-+ */
-+
-+#ifndef __ETPAN_SSL_H__
-+#define __ETPAN_SSL_H__
-+
-+#ifdef HAVE_CONFIG_H
-+# include "config.h"
-+#include "claws-features.h"
-+#endif
-+
-+#ifdef USE_GNUTLS
-+#ifdef HAVE_LIBETPAN
-+
-+#include <libetpan/libetpan.h>
-+
-+gboolean etpan_certificate_check(mailstream *imap_stream, const char *host,
gint port);
-+void etpan_connect_ssl_context_cb(struct mailstream_ssl_context *
ssl_context, void * data);
-+
-+#endif /* USE_GNUTLS */
-+#endif /* HAVE_LIBETPAN */
-+
-+#endif /* __ETPAN_SSL_H__ */
-diff --git a/src/etpan/imap-thread.c b/src/etpan/imap-thread.c
-index b71e4d7..4332f59 100644
---- a/src/etpan/imap-thread.c
-+++ b/src/etpan/imap-thread.c
-@@ -41,6 +41,7 @@
- #include <gtk/gtk.h>
- #include <log.h>
- #include "etpan-thread-manager.h"
-+#include "etpan-ssl.h"
- #include "utils.h"
- #include "mainwindow.h"
- #include "ssl.h"
-@@ -519,79 +520,6 @@ int imap_threaded_connect(Folder * folder, const char *
server, int port)
- return result.error;
- }
-
--static int etpan_certificate_check(const unsigned char *certificate, int len,
void *data)
--{
--#ifdef USE_GNUTLS
-- struct connect_param *param = (struct connect_param *)data;
-- gnutls_x509_crt_t cert = NULL;
-- gnutls_datum_t tmp;
--
-- if (certificate == NULL || len < 0) {
-- g_warning("no cert presented.\n");
-- return 0;
-- }
--
-- tmp.data = malloc(len);
-- memcpy(tmp.data, certificate, len);
-- tmp.size = len;
-- gnutls_x509_crt_init(&cert);
-- if (gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER) < 0) {
-- g_warning("IMAP: can't get cert\n");
-- return 0;
-- } else if (ssl_certificate_check(cert, (guint)-1, (gchar
*)param->server,
-- (gushort)param->port) == TRUE) {
-- gnutls_x509_crt_deinit(cert);
-- return 0;
-- } else {
-- gnutls_x509_crt_deinit(cert);
-- return -1;
-- }
--#endif
-- return 0;
--}
--
--static void connect_ssl_context_cb(struct mailstream_ssl_context *
ssl_context, void * data)
--{
--#ifdef USE_GNUTLS
-- PrefsAccount *account = (PrefsAccount *)data;
-- const gchar *cert_path = NULL;
-- const gchar *password = NULL;
-- gnutls_x509_crt_t x509 = NULL;
-- gnutls_x509_privkey_t pkey = NULL;
--
-- if (account->in_ssl_client_cert_file &&
*account->in_ssl_client_cert_file)
-- cert_path = account->in_ssl_client_cert_file;
-- if (account->in_ssl_client_cert_pass &&
*account->in_ssl_client_cert_pass)
-- password = account->in_ssl_client_cert_pass;
--
-- if (mailstream_ssl_set_client_certificate_data(ssl_context, NULL, 0) <
0 ||
-- mailstream_ssl_set_client_private_key_data(ssl_context, NULL, 0) <
0)
-- debug_print("Impossible to set the client certificate.\n");
-- x509 = ssl_certificate_get_x509_from_pem_file(cert_path);
-- pkey = ssl_certificate_get_pkey_from_pem_file(cert_path);
-- if (!(x509 && pkey)) {
-- /* try pkcs12 format */
-- ssl_certificate_get_x509_and_pkey_from_p12_file(cert_path,
password, &x509, &pkey);
-- }
-- if (x509 && pkey) {
-- unsigned char *x509_der = NULL, *pkey_der = NULL;
-- size_t x509_len, pkey_len;
--
-- x509_len = (size_t)gnutls_i2d_X509(x509, &x509_der);
-- pkey_len = (size_t)gnutls_i2d_PrivateKey(pkey, &pkey_der);
-- if (x509_len > 0 && pkey_len > 0) {
-- if
(mailstream_ssl_set_client_certificate_data(ssl_context, x509_der, x509_len) <
0 ||
--
mailstream_ssl_set_client_private_key_data(ssl_context, pkey_der, pkey_len) <
0)
-- log_error(LOG_PROTOCOL, _("Impossible to set
the client certificate.\n"));
-- g_free(x509_der);
-- g_free(pkey_der);
-- }
-- gnutls_x509_crt_deinit(x509);
-- gnutls_x509_privkey_deinit(pkey);
-- }
--#endif
--}
--
- static void connect_ssl_run(struct etpan_thread_op * op)
- {
- int r;
-@@ -605,7 +533,7 @@ static void connect_ssl_run(struct etpan_thread_op * op)
-
- r = mailimap_ssl_connect_with_callback(param->imap,
- param->server, param->port,
-- connect_ssl_context_cb,
param->account);
-+ etpan_connect_ssl_context_cb,
param->account);
- result->error = r;
- }
-
-@@ -616,8 +544,6 @@ int imap_threaded_connect_ssl(Folder * folder, const char
* server, int port)
- chashdatum key;
- chashdatum value;
- mailimap * imap, * oldimap;
-- unsigned char *certificate = NULL;
-- int cert_len;
-
- oldimap = get_imap(folder);
-
-@@ -644,11 +570,8 @@ int imap_threaded_connect_ssl(Folder * folder, const char
* server, int port)
-
- if ((result.error == MAILIMAP_NO_ERROR_AUTHENTICATED ||
- result.error == MAILIMAP_NO_ERROR_NON_AUTHENTICATED) &&
!etpan_skip_ssl_cert_check) {
-- cert_len =
(int)mailstream_ssl_get_certificate(imap->imap_stream, &certificate);
-- if (etpan_certificate_check(certificate, cert_len, ¶m) < 0)
-- return -1;
-- if (certificate)
-- free(certificate);
-+ if (etpan_certificate_check(imap->imap_stream, server, port) <
0)
-+ result.error = MAILIMAP_ERROR_SSL;
- }
- debug_print("connect %d with imap %p\n", result.error, imap);
-
-@@ -1156,7 +1079,7 @@ static void starttls_run(struct etpan_thread_op * op)
- return;
- }
-
-- tls_low = mailstream_low_tls_open_with_callback(fd,
connect_ssl_context_cb, param->account);
-+ tls_low = mailstream_low_tls_open_with_callback(fd,
etpan_connect_ssl_context_cb, param->account);
- if (tls_low == NULL) {
- debug_print("imap starttls run - can't tls_open\n");
- result->error = MAILIMAP_ERROR_STREAM;
-@@ -1171,8 +1094,6 @@ int imap_threaded_starttls(Folder * folder, const gchar
*host, int port)
- {
- struct connect_param param;
- struct starttls_result result;
-- int cert_len;
-- unsigned char *certificate = NULL;
-
- debug_print("imap starttls - begin\n");
-
-@@ -1186,11 +1107,8 @@ int imap_threaded_starttls(Folder * folder, const gchar
*host, int port)
- debug_print("imap starttls - end\n");
-
- if (result.error == 0 && param.imap && !etpan_skip_ssl_cert_check) {
-- cert_len =
(int)mailstream_ssl_get_certificate(param.imap->imap_stream, &certificate);
-- if (etpan_certificate_check(certificate, cert_len, ¶m) < 0)
-- result.error = MAILIMAP_ERROR_STREAM;
-- if (certificate)
-- free(certificate);
-+ if (etpan_certificate_check(param.imap->imap_stream, host,
port) < 0)
-+ return MAILIMAP_ERROR_SSL;
- }
- return result.error;
- }
-diff --git a/src/etpan/nntp-thread.c b/src/etpan/nntp-thread.c
-index 6d76e7a..84a2f83 100644
---- a/src/etpan/nntp-thread.c
-+++ b/src/etpan/nntp-thread.c
-@@ -41,6 +41,7 @@
- #include <gtk/gtk.h>
- #include <log.h>
- #include "etpan-thread-manager.h"
-+#include "etpan-ssl.h"
- #include "utils.h"
- #include "mainwindow.h"
- #include "ssl_certificate.h"
-@@ -373,79 +374,6 @@ int nntp_threaded_connect(Folder * folder, const char *
server, int port)
- return result.error;
- }
-
--static int etpan_certificate_check(const unsigned char *certificate, int len,
void *data)
--{
--#ifdef USE_GNUTLS
-- struct connect_param *param = (struct connect_param *)data;
-- gnutls_x509_crt_t cert = NULL;
-- gnutls_datum_t tmp;
--
-- if (certificate == NULL || len < 0) {
-- g_warning("no cert presented.\n");
-- return 0;
-- }
--
-- tmp.data = malloc(len);
-- memcpy(tmp.data, certificate, len);
-- tmp.size = len;
-- gnutls_x509_crt_init(&cert);
-- if (gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER) < 0) {
-- g_warning("nntp: can't get cert\n");
-- return 0;
-- } else if (ssl_certificate_check(cert, (guint)-1,
-- (gchar *)param->server, (gushort)param->port) == TRUE) {
-- gnutls_x509_crt_deinit(cert);
-- return 0;
-- } else {
-- gnutls_x509_crt_deinit(cert);
-- return -1;
-- }
--#endif
-- return 0;
--}
--
--static void connect_ssl_context_cb(struct mailstream_ssl_context *
ssl_context, void * data)
--{
--#ifdef USE_GNUTLS
-- PrefsAccount *account = (PrefsAccount *)data;
-- const gchar *cert_path = NULL;
-- const gchar *password = NULL;
-- gnutls_x509_crt_t x509 = NULL;
-- gnutls_x509_privkey_t pkey = NULL;
--
-- if (account->in_ssl_client_cert_file &&
*account->in_ssl_client_cert_file)
-- cert_path = account->in_ssl_client_cert_file;
-- if (account->in_ssl_client_cert_pass &&
*account->in_ssl_client_cert_pass)
-- password = account->in_ssl_client_cert_pass;
--
-- if (mailstream_ssl_set_client_certificate_data(ssl_context, NULL, 0) <
0 ||
-- mailstream_ssl_set_client_private_key_data(ssl_context, NULL, 0) <
0)
-- debug_print("Impossible to set the client certificate.\n");
-- x509 = ssl_certificate_get_x509_from_pem_file(cert_path);
-- pkey = ssl_certificate_get_pkey_from_pem_file(cert_path);
-- if (!(x509 && pkey)) {
-- /* try pkcs12 format */
-- ssl_certificate_get_x509_and_pkey_from_p12_file(cert_path,
password, &x509, &pkey);
-- }
-- if (x509 && pkey) {
-- unsigned char *x509_der = NULL, *pkey_der = NULL;
-- size_t x509_len, pkey_len;
--
-- x509_len = (size_t)gnutls_i2d_X509(x509, &x509_der);
-- pkey_len = (size_t)gnutls_i2d_PrivateKey(pkey, &pkey_der);
-- if (x509_len > 0 && pkey_len > 0) {
-- if
(mailstream_ssl_set_client_certificate_data(ssl_context, x509_der, x509_len) <
0 ||
--
mailstream_ssl_set_client_private_key_data(ssl_context, pkey_der, pkey_len) <
0)
-- log_error(LOG_PROTOCOL, _("Impossible to set
the client certificate.\n"));
-- g_free(x509_der);
-- g_free(pkey_der);
-- }
-- gnutls_x509_crt_deinit(x509);
-- gnutls_x509_privkey_deinit(pkey);
-- }
--#endif
--}
--
- static void connect_ssl_run(struct etpan_thread_op * op)
- {
- int r;
-@@ -459,7 +387,7 @@ static void connect_ssl_run(struct etpan_thread_op * op)
-
- r = newsnntp_ssl_connect_with_callback(param->nntp,
- param->server, param->port,
-- connect_ssl_context_cb, param->account);
-+ etpan_connect_ssl_context_cb, param->account);
- result->error = r;
- }
-
-@@ -470,8 +398,6 @@ int nntp_threaded_connect_ssl(Folder * folder, const char
* server, int port)
- chashdatum key;
- chashdatum value;
- newsnntp * nntp, * oldnntp;
-- unsigned char *certificate = NULL;
-- int cert_len;
-
- oldnntp = get_nntp(folder);
-
-@@ -497,11 +423,8 @@ int nntp_threaded_connect_ssl(Folder * folder, const char
* server, int port)
- threaded_run(folder, ¶m, &result, connect_ssl_run);
-
- if (result.error == NEWSNNTP_NO_ERROR && !etpan_skip_ssl_cert_check) {
-- cert_len =
(int)mailstream_ssl_get_certificate(nntp->nntp_stream, &certificate);
-- if (etpan_certificate_check(certificate, cert_len, ¶m) < 0)
-+ if (etpan_certificate_check(nntp->nntp_stream, server, port) <
0)
- return -1;
-- if (certificate)
-- free(certificate);
- }
- debug_print("connect %d with nntp %p\n", result.error, nntp);
-
---
-1.9.2
-
Deleted: claws-ssl-2.patch
===================================================================
--- claws-ssl-2.patch 2014-05-26 11:06:44 UTC (rev 213597)
+++ claws-ssl-2.patch 2014-05-26 13:43:12 UTC (rev 213598)
@@ -1,139 +0,0 @@
-From fe50206b4385404c38ad0421bdfb707bb6994d80 Mon Sep 17 00:00:00 2001
-From: Nepu User <nepu@localhost.localdomain>
-Date: Sun, 27 Apr 2014 14:55:18 +0200
-Subject: [PATCH 2/3] upstream commit dda3675203030f329d527c697e14342c9c13a75c
-
----
- src/common/ssl_certificate.c | 17 ++++++++++++++
- src/common/ssl_certificate.h | 1 +
- src/etpan/etpan-ssl.c | 53 ++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 71 insertions(+)
-
-diff --git a/src/common/ssl_certificate.c b/src/common/ssl_certificate.c
-index 84e017e..72f73ac 100644
---- a/src/common/ssl_certificate.c
-+++ b/src/common/ssl_certificate.c
-@@ -647,6 +647,23 @@ gboolean ssl_certificate_check (gnutls_x509_crt_t
x509_cert, guint status, const
- return TRUE;
- }
-
-+gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint
chain_len, const gchar *host, gushort port)
-+{
-+ gboolean result = FALSE;
-+ gint status;
-+
-+ gnutls_x509_crt_list_verify (certs,
-+ chain_len,
-+ NULL, 0,
-+ NULL, 0,
-+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
-+ &status);
-+
-+ result = ssl_certificate_check(certs[0], status, host, port);
-+
-+ return result;
-+}
-+
- gnutls_x509_crt_t ssl_certificate_get_x509_from_pem_file(const gchar *file)
- {
- gnutls_x509_crt_t x509 = NULL;
-diff --git a/src/common/ssl_certificate.h b/src/common/ssl_certificate.h
-index 8bbe2ac..fd8822a 100644
---- a/src/common/ssl_certificate.h
-+++ b/src/common/ssl_certificate.h
-@@ -58,6 +58,7 @@ struct _SSLCertHookData
-
- SSLCertificate *ssl_certificate_find (const gchar *host, gushort port, const
gchar *fingerprint);
- gboolean ssl_certificate_check (gnutls_x509_crt_t x509_cert, guint status,
const gchar *host, gushort port);
-+gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint
chain_len, const gchar *host, gushort port);
- void ssl_certificate_destroy(SSLCertificate *cert);
- void ssl_certificate_delete_from_disk(SSLCertificate *cert);
- char * readable_fingerprint(unsigned char *src, int len);
-diff --git a/src/etpan/etpan-ssl.c b/src/etpan/etpan-ssl.c
-index 6642e40..c9dc9d8 100644
---- a/src/etpan/etpan-ssl.c
-+++ b/src/etpan/etpan-ssl.c
-@@ -26,6 +26,7 @@
- #ifdef USE_GNUTLS
- #ifdef HAVE_LIBETPAN
- #include <libetpan/libetpan.h>
-+#include <libetpan/libetpan_version.h>
- #include <gnutls/gnutls.h>
- #include <gnutls/x509.h>
- #include <stdlib.h>
-@@ -33,6 +34,7 @@
- #include <glib/gi18n.h>
- #include <errno.h>
-
-+#include "etpan-ssl.h"
- #include "ssl_certificate.h"
- #include "utils.h"
- #include "log.h"
-@@ -40,6 +42,7 @@
-
- gboolean etpan_certificate_check(mailstream *stream, const char *host, gint
port)
- {
-+#if (!defined LIBETPAN_API_CURRENT || LIBETPAN_API_CURRENT < 18)
- unsigned char *cert_der = NULL;
- int len;
- gnutls_x509_crt_t cert = NULL;
-@@ -75,6 +78,56 @@ gboolean etpan_certificate_check(mailstream *stream, const
char *host, gint port
- gnutls_x509_crt_deinit(cert);
- return FALSE;
- }
-+#else
-+ carray *certs_der = NULL;
-+ gint chain_len = 0, i;
-+ gnutls_x509_crt_t *certs = NULL;
-+ gboolean result;
-+
-+ if (stream == NULL)
-+ return FALSE;
-+
-+ certs_der = mailstream_get_certificate_chain(stream);
-+ if (!certs_der) {
-+ g_warning("could not get certs");
-+ return FALSE;
-+ }
-+ chain_len = carray_count(certs_der);
-+
-+ certs = malloc(sizeof(gnutls_x509_crt_t) * chain_len);
-+ if (certs == NULL) {
-+ g_warning("could not allocate certs");
-+ return FALSE;
-+ }
-+
-+ result = TRUE;
-+ for (i = 0; i < chain_len; i++) {
-+ MMAPString *cert_str = carray_get(certs_der, i);
-+ gnutls_datum_t tmp;
-+
-+ tmp.data = malloc(cert_str->len);
-+ memcpy(tmp.data, cert_str->str, cert_str->len);
-+ tmp.size = cert_str->len;
-+
-+ mmap_string_free(cert_str);
-+
-+ gnutls_x509_crt_init(&certs[i]);
-+ if (gnutls_x509_crt_import(certs[i], &tmp, GNUTLS_X509_FMT_DER)
< 0)
-+ result = FALSE;
-+
-+ free(tmp.data);
-+ }
-+
-+ carray_free(certs_der);
-+
-+ if (result == TRUE)
-+ result = ssl_certificate_check_chain(certs, chain_len, host,
port);
-+
-+ for (i = 0; i < chain_len; i++)
-+ gnutls_x509_crt_deinit(certs[i]);
-+
-+ return result;
-+#endif
- }
-
- void etpan_connect_ssl_context_cb(struct mailstream_ssl_context *
ssl_context, void * data)
---
-1.9.2
-
Deleted: claws-ssl-3.patch
===================================================================
--- claws-ssl-3.patch 2014-05-26 11:06:44 UTC (rev 213597)
+++ claws-ssl-3.patch 2014-05-26 13:43:12 UTC (rev 213598)
@@ -1,241 +0,0 @@
-From a74e15a5c7185b941a24b0b61bc134397c8d5737 Mon Sep 17 00:00:00 2001
-From: Nepu User <nepu@localhost.localdomain>
-Date: Sun, 27 Apr 2014 14:56:01 +0200
-Subject: [PATCH 3/3] upstream commit 4d0f2b9b14819b26fbaa72ad129ec0c03e41400f
-
----
- src/common/ssl_certificate.c | 114 +++++++++++++++++++++++++++++--------------
- src/etpan/etpan-ssl.c | 1 +
- src/etpan/imap-thread.c | 4 +-
- src/etpan/nntp-thread.c | 2 +-
- 4 files changed, 82 insertions(+), 39 deletions(-)
-
-diff --git a/src/common/ssl_certificate.c b/src/common/ssl_certificate.c
-index 72f73ac..48e55c9 100644
---- a/src/common/ssl_certificate.c
-+++ b/src/common/ssl_certificate.c
-@@ -207,33 +207,73 @@ size_t gnutls_i2d_PrivateKey(gnutls_x509_privkey_t pkey,
unsigned char **output)
- return key_size;
- }
-
--static gnutls_x509_crt_t gnutls_d2i_X509_fp(FILE *fp, int format)
-+static int gnutls_d2i_X509_list_fp(FILE *fp, int format, gnutls_x509_crt_t
**cert_list, gint *num_certs)
- {
-- gnutls_x509_crt_t cert = NULL;
-+ gnutls_x509_crt_t *crt_list;
-+ unsigned int max = 512;
-+ unsigned int flags = 0;
- gnutls_datum_t tmp;
- struct stat s;
- int r;
-+
-+ *cert_list = NULL;
-+ *num_certs = 0;
-+
-+ if (fp == NULL)
-+ return -ENOENT;
-+
- if (fstat(fileno(fp), &s) < 0) {
- perror("fstat");
-- return NULL;
-+ return -errno;
- }
-+
-+ crt_list=(gnutls_x509_crt_t*)malloc(max*sizeof(gnutls_x509_crt_t));
- tmp.data = malloc(s.st_size);
- memset(tmp.data, 0, s.st_size);
- tmp.size = s.st_size;
- if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
- perror("fread");
- free(tmp.data);
-- return NULL;
-+ free(crt_list);
-+ return -EIO;
- }
-
-- gnutls_x509_crt_init(&cert);
-- if ((r = gnutls_x509_crt_import(cert, &tmp, (format ==
0)?GNUTLS_X509_FMT_DER:GNUTLS_X509_FMT_PEM)) < 0) {
-+ if ((r = gnutls_x509_crt_list_import(crt_list, &max,
-+ &tmp, format, flags)) < 0) {
- debug_print("cert import failed: %s\n", gnutls_strerror(r));
-- gnutls_x509_crt_deinit(cert);
-- cert = NULL;
-+ free(tmp.data);
-+ free(crt_list);
-+ return r;
- }
- free(tmp.data);
-- debug_print("got cert! %p\n", cert);
-+ debug_print("got %d certs in crt_list! %p\n", max, &crt_list);
-+
-+ *cert_list = crt_list;
-+ *num_certs = max;
-+
-+ return r;
-+}
-+
-+/* return one certificate, read from file */
-+static gnutls_x509_crt_t gnutls_d2i_X509_fp(FILE *fp, int format)
-+{
-+ gnutls_x509_crt_t *certs = NULL;
-+ gnutls_x509_crt_t cert = NULL;
-+ int i, ncerts, r;
-+
-+ if ((r = gnutls_d2i_X509_list_fp(fp, format, &certs, &ncerts)) < 0) {
-+ return NULL;
-+ }
-+
-+ if (ncerts == 0)
-+ return NULL;
-+
-+ for (i = 1; i < ncerts; i++)
-+ gnutls_x509_crt_deinit(certs[i]);
-+
-+ cert = certs[0];
-+ free(certs);
-+
- return cert;
- }
-
-@@ -474,8 +514,6 @@ static guint check_cert(gnutls_x509_crt_t cert)
- gnutls_x509_crt_t *ca_list;
- unsigned int max = 512;
- unsigned int flags = 0;
-- gnutls_datum_t tmp;
-- struct stat s;
- int r, i;
- unsigned int status;
- FILE *fp;
-@@ -485,34 +523,12 @@ static guint check_cert(gnutls_x509_crt_t cert)
- else
- return (guint)-1;
-
-- if (fstat(fileno(fp), &s) < 0) {
-- perror("fstat");
-- fclose(fp);
-- return (guint)-1;
-- }
--
-- ca_list=(gnutls_x509_crt_t*)malloc(max*sizeof(gnutls_x509_crt_t));
-- tmp.data = malloc(s.st_size);
-- memset(tmp.data, 0, s.st_size);
-- tmp.size = s.st_size;
-- if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
-- perror("fread");
-- free(tmp.data);
-- free(ca_list);
-- fclose(fp);
-- return (guint)-1;
-- }
--
-- if ((r = gnutls_x509_crt_list_import(ca_list, &max,
-- &tmp, GNUTLS_X509_FMT_PEM, flags)) < 0) {
-+ if ((r = gnutls_d2i_X509_list_fp(fp, GNUTLS_X509_FMT_PEM, &ca_list,
&max)) < 0) {
- debug_print("cert import failed: %s\n", gnutls_strerror(r));
-- free(tmp.data);
-- free(ca_list);
- fclose(fp);
- return (guint)-1;
- }
-- free(tmp.data);
-- debug_print("got %d certs in ca_list! %p\n", max, &ca_list);
-+
- r = gnutls_x509_crt_verify(cert, ca_list, max, flags, &status);
- fclose(fp);
-
-@@ -649,18 +665,44 @@ gboolean ssl_certificate_check (gnutls_x509_crt_t
x509_cert, guint status, const
-
- gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint
chain_len, const gchar *host, gushort port)
- {
-+ int ncas = 0, ncrls = 0;
-+ gnutls_x509_crt_t *cas = NULL;
-+ gnutls_x509_crl_t *crls = NULL;
- gboolean result = FALSE;
-+ int i;
- gint status;
-
-+ if (claws_ssl_get_cert_file()) {
-+ FILE *fp = g_fopen(claws_ssl_get_cert_file(), "rb");
-+ int r = -errno;
-+
-+ if (fp) {
-+ r = gnutls_d2i_X509_list_fp(fp, GNUTLS_X509_FMT_PEM,
&cas, &ncas);
-+ fclose(fp);
-+ }
-+
-+ if (r < 0)
-+ g_warning("Can't read SSL_CERT_FILE %s: %s\n",
-+ claws_ssl_get_cert_file(),
-+ gnutls_strerror(r));
-+ } else {
-+ debug_print("Can't find SSL ca-certificates file\n");
-+ }
-+
-+
- gnutls_x509_crt_list_verify (certs,
- chain_len,
-- NULL, 0,
-+ cas, ncas,
- NULL, 0,
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
- &status);
-
- result = ssl_certificate_check(certs[0], status, host, port);
-
-+ for (i = 0; i < ncas; i++)
-+ gnutls_x509_crt_deinit(cas[i]);
-+ free(cas);
-+
- return result;
- }
-
-diff --git a/src/etpan/etpan-ssl.c b/src/etpan/etpan-ssl.c
-index c9dc9d8..f99955b 100644
---- a/src/etpan/etpan-ssl.c
-+++ b/src/etpan/etpan-ssl.c
-@@ -125,6 +125,7 @@ gboolean etpan_certificate_check(mailstream *stream, const
char *host, gint port
-
- for (i = 0; i < chain_len; i++)
- gnutls_x509_crt_deinit(certs[i]);
-+ free(certs);
-
- return result;
- #endif
-diff --git a/src/etpan/imap-thread.c b/src/etpan/imap-thread.c
-index 4332f59..f0b504e 100644
---- a/src/etpan/imap-thread.c
-+++ b/src/etpan/imap-thread.c
-@@ -570,7 +570,7 @@ int imap_threaded_connect_ssl(Folder * folder, const char
* server, int port)
-
- if ((result.error == MAILIMAP_NO_ERROR_AUTHENTICATED ||
- result.error == MAILIMAP_NO_ERROR_NON_AUTHENTICATED) &&
!etpan_skip_ssl_cert_check) {
-- if (etpan_certificate_check(imap->imap_stream, server, port) <
0)
-+ if (etpan_certificate_check(imap->imap_stream, server, port) !=
TRUE)
- result.error = MAILIMAP_ERROR_SSL;
- }
- debug_print("connect %d with imap %p\n", result.error, imap);
-@@ -1107,7 +1107,7 @@ int imap_threaded_starttls(Folder * folder, const gchar
*host, int port)
- debug_print("imap starttls - end\n");
-
- if (result.error == 0 && param.imap && !etpan_skip_ssl_cert_check) {
-- if (etpan_certificate_check(param.imap->imap_stream, host,
port) < 0)
-+ if (etpan_certificate_check(param.imap->imap_stream, host,
port) != TRUE)
- return MAILIMAP_ERROR_SSL;
- }
- return result.error;
-diff --git a/src/etpan/nntp-thread.c b/src/etpan/nntp-thread.c
-index 84a2f83..7708d31 100644
---- a/src/etpan/nntp-thread.c
-+++ b/src/etpan/nntp-thread.c
-@@ -423,7 +423,7 @@ int nntp_threaded_connect_ssl(Folder * folder, const char
* server, int port)
- threaded_run(folder, ¶m, &result, connect_ssl_run);
-
- if (result.error == NEWSNNTP_NO_ERROR && !etpan_skip_ssl_cert_check) {
-- if (etpan_certificate_check(nntp->nntp_stream, server, port) <
0)
-+ if (etpan_certificate_check(nntp->nntp_stream, server, port) !=
TRUE)
- return -1;
- }
- debug_print("connect %d with nntp %p\n", result.error, nntp);
---
-1.9.2
-
