Fixed hostname verification of x.509 certificates.

(rhbz#688756, CVE-2011-1429)
2011-04-15 14:28:59 +02:00 · 2011-04-15 14:28:59 +02:00 · a5d2d9c94b
commit a5d2d9c94b
parent 8056a91e0a
2 changed files with 37 additions and 1 deletions
--- a/mutt-1.5.21-testcert.patch
+++ b/mutt-1.5.21-testcert.patch
@ -0,0 +1,30 @@
+diff -up mutt-1.5.21/mutt_ssl_gnutls.c.old mutt-1.5.21/mutt_ssl_gnutls.c
+--- mutt-1.5.21/mutt_ssl_gnutls.c.old	2011-03-23 11:46:28.760386765 +0100
+++ mutt-1.5.21/mutt_ssl_gnutls.c	2011-03-23 14:34:45.839456449 +0100
+@@ -978,6 +978,7 @@ static int tls_check_certificate (CONNEC
+   unsigned int cert_list_size = 0;
+   gnutls_certificate_status certstat;
+   int certerr, i, preauthrc, savedcert, rc = 0;
+  int rcpeer;
+ 
+   if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE)
+   {
+@@ -1003,6 +1004,9 @@ static int tls_check_certificate (CONNEC
+   for (i = 0; i < cert_list_size; i++) {
+     rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i,
+                            &certerr, &savedcert);
+    if (i == 0)
+      rcpeer = rc;
+
+     preauthrc += rc;
+ 
+     if (savedcert)
+@@ -1028,7 +1032,7 @@ static int tls_check_certificate (CONNEC
+         dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc));
+ 
+       certstat = tls_verify_peers (state);
+-      if (!certstat)
+      if (!certstat && !rcpeer)
+         return 1;
+     }
+   }
--- a/mutt.spec
+++ b/mutt.spec
@ -16,7 +16,7 @@
 Summary: A text mode mail user agent
 Name: mutt
 Version: 1.5.21
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 5
 # The entire source code is GPLv2+ except
 # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
@ -29,6 +29,7 @@ Patch3: mutt-1.5.18-muttrc.patch
 Patch4: mutt-1.5.18-manual.patch
 Patch5: mutt-1.5.21-updating.patch
 Patch6: mutt-1.5.21-hdrcnt.patch
+Patch7: mutt-1.5.21-testcert.patch
 Url: http://www.mutt.org/
 Requires: mailcap urlview
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -70,6 +71,7 @@ for selecting groups of messages.
 %patch4 -p1 -b .manual
 %patch5 -p1 -b .updating
 %patch6 -p1 -b .hdrcnt
+%patch7 -p1 -b .testcert

 sed -i.gpgerror 's/`$GPGME_CONFIG --libs`/"\0 -lgpg-error"/' configure

@ -152,6 +154,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man5/muttrc.*

 %changelog
+* Fri Apr 15 2011 Honza Horak <hhorak@redhat.com> - 5:1.5.21-5
+- Fixed hostname verification of x.509 certificates.
+  (rhbz#688756, CVE-2011-1429)
+
 * Tue Mar 29 2011 Honza Horak <hhorak@redhat.com> - 5:1.5.21-4
 - Fixed segmentation faults during reading message headers (rhbz#676074)