From a5d2d9c94b72559a9d3405b51bfec5e434c55b62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Honza=20Hor=C3=A1k?= <hhorak@redhat.com>
Date: Fri, 15 Apr 2011 14:28:59 +0200
Subject: [PATCH] Fixed hostname verification of x.509 certificates.
 (rhbz#688756, CVE-2011-1429)

---
 mutt-1.5.21-testcert.patch | 30 ++++++++++++++++++++++++++++++
 mutt.spec                  |  8 +++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 mutt-1.5.21-testcert.patch

diff --git a/mutt-1.5.21-testcert.patch b/mutt-1.5.21-testcert.patch
new file mode 100644
index 0000000..0d0c86d
--- /dev/null
+++ b/mutt-1.5.21-testcert.patch
@@ -0,0 +1,30 @@
+diff -up mutt-1.5.21/mutt_ssl_gnutls.c.old mutt-1.5.21/mutt_ssl_gnutls.c
+--- mutt-1.5.21/mutt_ssl_gnutls.c.old	2011-03-23 11:46:28.760386765 +0100
++++ mutt-1.5.21/mutt_ssl_gnutls.c	2011-03-23 14:34:45.839456449 +0100
+@@ -978,6 +978,7 @@ static int tls_check_certificate (CONNEC
+   unsigned int cert_list_size = 0;
+   gnutls_certificate_status certstat;
+   int certerr, i, preauthrc, savedcert, rc = 0;
++  int rcpeer;
+ 
+   if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE)
+   {
+@@ -1003,6 +1004,9 @@ static int tls_check_certificate (CONNEC
+   for (i = 0; i < cert_list_size; i++) {
+     rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i,
+                            &certerr, &savedcert);
++    if (i == 0)
++      rcpeer = rc;
++
+     preauthrc += rc;
+ 
+     if (savedcert)
+@@ -1028,7 +1032,7 @@ static int tls_check_certificate (CONNEC
+         dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc));
+ 
+       certstat = tls_verify_peers (state);
+-      if (!certstat)
++      if (!certstat && !rcpeer)
+         return 1;
+     }
+   }
diff --git a/mutt.spec b/mutt.spec
index 8fae0af..30d59ee 100644
--- a/mutt.spec
+++ b/mutt.spec
@@ -16,7 +16,7 @@
 Summary: A text mode mail user agent
 Name: mutt
 Version: 1.5.21
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 5
 # The entire source code is GPLv2+ except
 # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
@@ -29,6 +29,7 @@ Patch3: mutt-1.5.18-muttrc.patch
 Patch4: mutt-1.5.18-manual.patch
 Patch5: mutt-1.5.21-updating.patch
 Patch6: mutt-1.5.21-hdrcnt.patch
+Patch7: mutt-1.5.21-testcert.patch
 Url: http://www.mutt.org/
 Requires: mailcap urlview
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -70,6 +71,7 @@ for selecting groups of messages.
 %patch4 -p1 -b .manual
 %patch5 -p1 -b .updating
 %patch6 -p1 -b .hdrcnt
+%patch7 -p1 -b .testcert
 
 sed -i.gpgerror 's/`$GPGME_CONFIG --libs`/"\0 -lgpg-error"/' configure
 
@@ -152,6 +154,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man5/muttrc.*
 
 %changelog
+* Fri Apr 15 2011 Honza Horak <hhorak@redhat.com> - 5:1.5.21-5
+- Fixed hostname verification of x.509 certificates.
+  (rhbz#688756, CVE-2011-1429)
+
 * Tue Mar 29 2011 Honza Horak <hhorak@redhat.com> - 5:1.5.21-4
 - Fixed segmentation faults during reading message headers (rhbz#676074)