libesmtp: Disable NTLM support by default

NTLM authentication uses MD4 algorithm which is considered to be insecure, and some modern systems may drop MD4 support. This patch adds an 'ntlm' option to this feature, which is disabled by default. Upstream-Status: Accepted [https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d] Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Jiaqing Zhao <jiaqing.zhao@linux.intel.com> 2022-04-28 18:18:03 +0800
committer: Khem Raj <raj.khem@gmail.com> 2022-04-28 09:11:11 -0700
commit: 2e43c121455455a33e64d9b1c030002794ca3d5d (patch)
tree: 94bff22c3f9509d4c9541671dbaa538cb4a23a99
parent: c7cd5c29438770399811681b13f53fcf4980b3f2 (diff)
download: meta-openembedded-2e43c121455455a33e64d9b1c030002794ca3d5d.tar.gz
2 files changed, 88 insertions, 1 deletions
diff --git a/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch b/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch
new file mode 100644
index 0000000000..64938a4820
--- /dev/null
+++ b/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch
@@ -0,0 +1,85 @@
+From 1c304e7886a08fb56485e41614ff3f8685afb59d Mon Sep 17 00:00:00 2001
+From: Jiaqing Zhao <jiaqing.zhao@intel.com>
+Date: Tue, 8 Mar 2022 15:05:32 +0000
+Subject: [PATCH] Add build option for NTLM support
+Currently, NTLM plugin is built by default when openssl is available
+and STARTTLS is enabled. But in libesmtp 1.0.6, there is a separate
+build option. This commits adds the 'ntlm' option back. It's also
+disabled by default.
+Like 1.0.6, it will check openssl MD4 algorithm support as MD4 is
+insecure and modern systems may drop MD4 support.
+Upstream-Status: Accepted [https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d]
+Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
+---
+ meson.build       | 13 ++++++++++---
+ meson_options.txt |  1 +
+ ntlm/meson.build  |  2 +-
+ 3 files changed, 12 insertions(+), 4 deletions(-)
+diff --git a/meson.build b/meson.build
+index 11d6ed8..d2a0e06 100644
+--- a/meson.build
+++ b/meson.build
+@@ -61,6 +61,7 @@ add_project_arguments(cc.get_supported_arguments(cflags), language: 'c')
+ ################################################################################
+ dldep = cc.find_library('dl')
+ ssldep = dependency('openssl', version : '>=1.1.0', required : get_option('tls'))
+ntlmdep = dependency('openssl', version : '>=1.1.0', required : get_option('ntlm'))
+ threaddep = dependency('threads', required : get_option('pthreads'))
+ 
+ #XXX add test for libbind9.so
+@@ -69,6 +70,7 @@ lwresdep = cc.find_library('lwres', required : get_option('lwres'))
+ deps = [
+   dldep,
+   ssldep,
+  ntlmdep,
+   threaddep,
+   lwresdep,
+ ]
+@@ -237,8 +239,12 @@ include_dir = include_directories('.')
+ subdir('login')
+ subdir('plain')
+ subdir('crammd5')
+-if ssldep.found()
+-  subdir('ntlm')
+if ntlmdep.found()
+  if cc.has_header('openssl/md4.h') and cc.has_function('MD4_Init', dependencies : ntlmdep)
+    subdir('ntlm')
+  else
+    error('MD4 is not supported in current openssl, unable to build NTLM plugin')
+  endif
+ endif
+ 
+ ################################################################################
+@@ -264,4 +270,5 @@ summary({'current:revision:age': libesmtp_cra,
+         'STARTTLS': ssldep.found(),
+         'CHUNKING': get_option('bdat'),
+         'ETRN': get_option('etrn'),
+-        'XUSR': get_option('xusr')})
+        'XUSR': get_option('xusr'),
+        'NTLM': ntlmdep.found()})
+diff --git a/meson_options.txt b/meson_options.txt
+index 8375e2c..158f38f 100644
+--- a/meson_options.txt
+++ b/meson_options.txt
+@@ -5,3 +5,4 @@ option('lwres', type : 'feature', value : 'disabled', description : 'use lwres l
+ option('bdat', type : 'boolean', value : 'true', description : 'enable SMTP BDAT extension')
+ option('etrn', type : 'boolean', value : 'true', description : 'enable SMTP ETRN extension')
+ option('xusr', type : 'boolean', value : 'true', description : 'enable sendmail XUSR extension')
+option('ntlm', type : 'feature', value : 'disabled', description : 'build with support for NTLM authentication')
+diff --git a/ntlm/meson.build b/ntlm/meson.build
+index e0eef58..11d7f58 100644
+--- a/ntlm/meson.build
+++ b/ntlm/meson.build
+@@ -5,7 +5,7 @@ sasl_ntlm_sources = [
+   'ntlmstruct.c',
+ ]
+ 
+-ntlm_deps = [ ssldep, ]
+ntlm_deps = [ ntlmdep, ]
+ 
+ sasl_ntlm = shared_module('ntlm', sasl_ntlm_sources,
+                          name_prefix : 'sasl-',
diff --git a/meta-networking/recipes-support/libesmtp/libesmtp_1.1.0.bb b/meta-networking/recipes-support/libesmtp/libesmtp_1.1.0.bb
index 231c57260e..bf1a12d48f 100644
--- a/meta-networking/recipes-support/libesmtp/libesmtp_1.1.0.bb
+++ b/meta-networking/recipes-support/libesmtp/libesmtp_1.1.0.bb
@@ -8,7 +8,8 @@ SECTION = "libs"
 DEPENDS = "openssl"
-SRC_URI = "git://github.com/libesmtp/libESMTP.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/libesmtp/libESMTP.git;branch=master;protocol=https \
+           file://0001-Add-build-option-for-NTLM-support.patch"
 SRCREV = "1d0af244310a66943ab400be56b15a9087f181eb"
 S = "${WORKDIR}/git"
@@ -26,6 +27,7 @@ EXTRA_OEMESON = " \
    -Dbdat=true \
    -Detrn=true \
    -Dxusr=true \
+    -Dntlm=disabled \
 "
 FILES:${PN} = "${libdir}/lib*${SOLIBS} \
author	Jiaqing Zhao <jiaqing.zhao@linux.intel.com>	2022-04-28 18:18:03 +0800
committer	Khem Raj <raj.khem@gmail.com>	2022-04-28 09:11:11 -0700
commit	2e43c121455455a33e64d9b1c030002794ca3d5d (patch)
tree	94bff22c3f9509d4c9541671dbaa538cb4a23a99
parent	c7cd5c29438770399811681b13f53fcf4980b3f2 (diff)
download	meta-openembedded-2e43c121455455a33e64d9b1c030002794ca3d5d.tar.gz

diff --git a/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch b/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch new file mode 100644 index 0000000000..64938a4820 --- /dev/null +++ b/meta-networking/recipes-support/libesmtp/libesmtp/0001-Add-build-option-for-NTLM-support.patch
@@ -0,0 +1,85 @@
		1	From 1c304e7886a08fb56485e41614ff3f8685afb59d Mon Sep 17 00:00:00 2001
		2	From: Jiaqing Zhao <jiaqing.zhao@intel.com>
		3	Date: Tue, 8 Mar 2022 15:05:32 +0000
		4	Subject: [PATCH] Add build option for NTLM support
		5
		6	Currently, NTLM plugin is built by default when openssl is available
		7	and STARTTLS is enabled. But in libesmtp 1.0.6, there is a separate
		8	build option. This commits adds the 'ntlm' option back. It's also
		9	disabled by default.
		10
		11	Like 1.0.6, it will check openssl MD4 algorithm support as MD4 is
		12	insecure and modern systems may drop MD4 support.
		13
		14	Upstream-Status: Accepted [https://github.com/libesmtp/libESMTP/commit/1c304e7886a08fb56485e41614ff3f8685afb59d]
		15	Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
		16	---
		17	meson.build \| 13 ++++++++++---
		18	meson_options.txt \| 1 +
		19	ntlm/meson.build \| 2 +-
		20	3 files changed, 12 insertions(+), 4 deletions(-)
		21
		22	diff --git a/meson.build b/meson.build
		23	index 11d6ed8..d2a0e06 100644
		24	--- a/meson.build
		25	+++ b/meson.build
		26	@@ -61,6 +61,7 @@ add_project_arguments(cc.get_supported_arguments(cflags), language: 'c')
		27	################################################################################
		28	dldep = cc.find_library('dl')
		29	ssldep = dependency('openssl', version : '>=1.1.0', required : get_option('tls'))
		30	+ntlmdep = dependency('openssl', version : '>=1.1.0', required : get_option('ntlm'))
		31	threaddep = dependency('threads', required : get_option('pthreads'))
		32
		33	#XXX add test for libbind9.so
		34	@@ -69,6 +70,7 @@ lwresdep = cc.find_library('lwres', required : get_option('lwres'))
		35	deps = [
		36	dldep,
		37	ssldep,
		38	+ ntlmdep,
		39	threaddep,
		40	lwresdep,
		41	]
		42	@@ -237,8 +239,12 @@ include_dir = include_directories('.')
		43	subdir('login')
		44	subdir('plain')
		45	subdir('crammd5')
		46	-if ssldep.found()
		47	- subdir('ntlm')
		48	+if ntlmdep.found()
		49	+ if cc.has_header('openssl/md4.h') and cc.has_function('MD4_Init', dependencies : ntlmdep)
		50	+ subdir('ntlm')
		51	+ else
		52	+ error('MD4 is not supported in current openssl, unable to build NTLM plugin')
		53	+ endif
		54	endif
		55
		56	################################################################################
		57	@@ -264,4 +270,5 @@ summary({'current:revision:age': libesmtp_cra,
		58	'STARTTLS': ssldep.found(),
		59	'CHUNKING': get_option('bdat'),
		60	'ETRN': get_option('etrn'),
		61	- 'XUSR': get_option('xusr')})
		62	+ 'XUSR': get_option('xusr'),
		63	+ 'NTLM': ntlmdep.found()})
		64	diff --git a/meson_options.txt b/meson_options.txt
		65	index 8375e2c..158f38f 100644
		66	--- a/meson_options.txt
		67	+++ b/meson_options.txt
		68	@@ -5,3 +5,4 @@ option('lwres', type : 'feature', value : 'disabled', description : 'use lwres l
		69	option('bdat', type : 'boolean', value : 'true', description : 'enable SMTP BDAT extension')
		70	option('etrn', type : 'boolean', value : 'true', description : 'enable SMTP ETRN extension')
		71	option('xusr', type : 'boolean', value : 'true', description : 'enable sendmail XUSR extension')
		72	+option('ntlm', type : 'feature', value : 'disabled', description : 'build with support for NTLM authentication')
		73	diff --git a/ntlm/meson.build b/ntlm/meson.build
		74	index e0eef58..11d7f58 100644
		75	--- a/ntlm/meson.build
		76	+++ b/ntlm/meson.build
		77	@@ -5,7 +5,7 @@ sasl_ntlm_sources = [
		78	'ntlmstruct.c',
		79	]
		80
		81	-ntlm_deps = [ ssldep, ]
		82	+ntlm_deps = [ ntlmdep, ]
		83
		84	sasl_ntlm = shared_module('ntlm', sasl_ntlm_sources,
		85	name_prefix : 'sasl-',


diff --git a/meta-networking/recipes-support/libesmtp/libesmtp_1.1.0.bb b/meta-networking/recipes-support/libesmtp/libesmtp_1.1.0.bb index 231c57260e..bf1a12d48f 100644 --- a/meta-networking/recipes-support/libesmtp/libesmtp_1.1.0.bb +++ b/meta-networking/recipes-support/libesmtp/libesmtp_1.1.0.bb
@@ -8,7 +8,8 @@ SECTION = "libs"
8		8
9	DEPENDS = "openssl"	9	DEPENDS = "openssl"
10		10
11	SRC_URI = "git://github.com/libesmtp/libESMTP.git;branch=master;protocol=https"	11	SRC_URI = "git://github.com/libesmtp/libESMTP.git;branch=master;protocol=https \
		12	file://0001-Add-build-option-for-NTLM-support.patch"
12	SRCREV = "1d0af244310a66943ab400be56b15a9087f181eb"	13	SRCREV = "1d0af244310a66943ab400be56b15a9087f181eb"
13		14
14	S = "${WORKDIR}/git"	15	S = "${WORKDIR}/git"
@@ -26,6 +27,7 @@ EXTRA_OEMESON = " \
26	-Dbdat=true \	27	-Dbdat=true \
27	-Detrn=true \	28	-Detrn=true \
28	-Dxusr=true \	29	-Dxusr=true \
		30	-Dntlm=disabled \
29	"	31	"
30		32
31	FILES:${PN} = "${libdir}/lib*${SOLIBS} \	33	FILES:${PN} = "${libdir}/lib*${SOLIBS} \