Browse Source

ssmtp: revoke gnutls support

Drop gnutls and use openssl instead, due to excessive memory consumption in embedded environment for an additonal ssl library.

Signed-off-by: Dirk Brenken <dibdot@gmail.com>
lilik-openwrt-22.03
Dirk Brenken 10 years ago
parent
commit
f267d2eaa6
3 changed files with 54 additions and 97 deletions
  1. +5
    -5
      mail/ssmtp/Makefile
  2. +0
    -60
      mail/ssmtp/patches/001-gnutls.patch
  3. +49
    -32
      mail/ssmtp/patches/002-fix_pointer.patch

+ 5
- 5
mail/ssmtp/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ssmtp
PKG_VERSION:=2.64
PKG_RELEASE:=1
PKG_RELEASE:=1.1
PKG_MAINTAINER:=Dirk Brenken <dibdot@gmail.com>
PKG_LICENSE:=GPL-2.0+
@ -24,8 +24,8 @@ TARGET_CFLAGS += $(TARGET_CPPFLAGS)
define Package/ssmtp
SECTION:=mail
CATEGORY:=Mail
DEPENDS:=+libgnutls-openssl
TITLE:=A minimal and secure mail sender with gnutls support
DEPENDS:=+libopenssl
TITLE:=A minimal and secure mail sender with ssl support
URL:=http://packages.debian.org/ssmtp
endef
@ -33,7 +33,7 @@ define Package/ssmtp/description
A secure, effective and simple way of getting mail off a system to your
mail hub. It contains no suid-binaries or other dangerous things - no
mail spool to poke around in, and no daemons running in the background.
mail is simply forwarded to the configured mailhost. Extremely easy
Mail is simply forwarded to the configured mailhost. Extremely easy
configuration.
endef
@ -43,7 +43,7 @@ define Package/ssmtp/conffiles
endef
CONFIGURE_VARS += \
LIBS="$(TARGET_LDFLAGS) -lgnutls-openssl"
LIBS="$(TARGET_LDFLAGS) -lcrypto -lssl"
CONFIGURE_ARGS += \
--enable-ssl


+ 0
- 60
mail/ssmtp/patches/001-gnutls.patch View File

@ -1,60 +0,0 @@
--- a/configure
+++ b/configure
@@ -1562,7 +1562,7 @@ if test x$enableval = xyes ; then
#define HAVE_SSL 1
EOF
- LIBS="$LIBS -lssl"
+ LIBS="$LIBS -lgnutls-openssl"
fi
enableval=""
--- a/configure.in
+++ b/configure.in
@@ -52,7 +52,7 @@ AC_ARG_ENABLE(ssl,
[ --enable-ssl support for secure connection to mail server])
if test x$enableval = xyes ; then
AC_DEFINE(HAVE_SSL)
- LIBS="$LIBS -lssl"
+ LIBS="$LIBS -lgnutls-openssl"
fi
enableval=""
--- a/ssmtp.c
+++ b/ssmtp.c
@@ -26,11 +26,7 @@
#include <ctype.h>
#include <netdb.h>
#ifdef HAVE_SSL
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
+#include <gnutls/openssl.h>
#endif
#ifdef MD5AUTH
#include "md5auth/hmac_md5.h"
@@ -1133,7 +1129,7 @@ int smtp_open(char *host, int port)
}
if(use_cert == True) {
- if(SSL_CTX_use_certificate_chain_file(ctx, tls_cert) <= 0) {
+ if(SSL_CTX_use_certificate_file(ctx, tls_cert, SSL_FILETYPE_PEM) <= 0) {
perror("Use certfile");
return(-1);
}
@@ -1143,10 +1139,13 @@ int smtp_open(char *host, int port)
return(-1);
}
+#ifdef NOT_USED
if(!SSL_CTX_check_private_key(ctx)) {
log_event(LOG_ERR, "Private key does not match the certificate public key\n");
return(-1);
}
+#endif
+
}
#endif

+ 49
- 32
mail/ssmtp/patches/002-fix_pointer.patch View File

@ -1,6 +1,6 @@
--- a/ssmtp.c
+++ b/ssmtp.c
@@ -51,21 +51,21 @@ bool_t use_oldauth = False; /* use old
@@ -55,21 +55,21 @@ bool_t use_oldauth = False; /* use old
#define ARPADATE_LENGTH 32 /* Current date in RFC format */
char arpadate[ARPADATE_LENGTH];
@ -32,7 +32,7 @@
headers_t headers, *ht;
@@ -257,7 +257,7 @@ char *strip_post_ws(char *str)
@@ -261,7 +261,7 @@ char *strip_post_ws(char *str)
p = (str + strlen(str));
while(isspace(*--p)) {
@ -41,7 +41,7 @@
}
return(p);
@@ -275,7 +275,7 @@ char *addr_parse(char *str)
@@ -279,7 +279,7 @@ char *addr_parse(char *str)
#endif
/* Simple case with email address enclosed in <> */
@ -50,7 +50,7 @@
die("addr_parse(): strdup()");
}
@@ -283,7 +283,7 @@ char *addr_parse(char *str)
@@ -287,7 +287,7 @@ char *addr_parse(char *str)
q++;
if((p = strchr(q, '>'))) {
@ -59,7 +59,7 @@
}
#if 0
@@ -306,7 +306,7 @@ char *addr_parse(char *str)
@@ -310,7 +310,7 @@ char *addr_parse(char *str)
q = strip_post_ws(p);
if(*q == ')') {
while((*--q != '('));
@ -68,7 +68,7 @@
}
(void)strip_post_ws(p);
@@ -359,7 +359,7 @@ bool_t standardise(char *str, bool_t *li
@@ -363,7 +363,7 @@ bool_t standardise(char *str, bool_t *li
*linestart = False;
if((p = strchr(str, '\n'))) {
@ -77,7 +77,7 @@
*linestart = True;
}
return(leadingdot);
@@ -380,7 +380,7 @@ void revaliases(struct passwd *pw)
@@ -384,7 +384,7 @@ void revaliases(struct passwd *pw)
while(fgets(buf, sizeof(buf), fp)) {
/* Make comments invisible */
if((p = strchr(buf, '#'))) {
@ -86,7 +86,7 @@
}
/* Ignore malformed lines and comments */
@@ -515,11 +515,11 @@ void rcpt_save(char *str)
@@ -519,11 +519,11 @@ void rcpt_save(char *str)
#endif
/* Ignore missing usernames */
@ -100,7 +100,7 @@
die("rcpt_save() -- strdup() failed");
}
@@ -544,7 +544,7 @@ void rcpt_parse(char *str)
@@ -548,7 +548,7 @@ void rcpt_parse(char *str)
(void)fprintf(stderr, "*** rcpt_parse(): str = [%s]\n", str);
#endif
@ -109,7 +109,7 @@
die("rcpt_parse(): strdup() failed");
}
q = p;
@@ -572,7 +572,7 @@ void rcpt_parse(char *str)
@@ -576,7 +576,7 @@ void rcpt_parse(char *str)
}
/* End of string? */
@ -118,7 +118,7 @@
got_addr = True;
}
@@ -580,7 +580,7 @@ void rcpt_parse(char *str)
@@ -584,7 +584,7 @@ void rcpt_parse(char *str)
if((*q == ',') && (in_quotes == False)) {
got_addr = True;
@ -127,7 +127,7 @@
}
if(got_addr) {
@@ -664,7 +664,7 @@ void header_save(char *str)
@@ -668,7 +668,7 @@ void header_save(char *str)
(void)fprintf(stderr, "header_save(): str = [%s]\n", str);
#endif
@ -136,7 +136,7 @@
die("header_save() -- strdup() failed");
}
ht->string = p;
@@ -672,7 +672,7 @@ void header_save(char *str)
@@ -676,7 +676,7 @@ void header_save(char *str)
if(strncasecmp(ht->string, "From:", 5) == 0) {
#if 1
/* Hack check for NULL From: line */
@ -145,7 +145,7 @@
return;
}
#endif
@@ -735,19 +735,19 @@ header_parse() -- Break headers into sep
@@ -739,19 +739,19 @@ header_parse() -- Break headers into sep
void header_parse(FILE *stream)
{
size_t size = BUF_SZ, len = 0;
@ -169,7 +169,7 @@
die("header_parse() -- realloc() failed");
}
q = (p + len);
@@ -772,9 +772,9 @@ void header_parse(FILE *stream)
@@ -776,9 +776,9 @@ void header_parse(FILE *stream)
in_header = False;
default:
@ -181,7 +181,7 @@
}
header_save(p);
@@ -805,9 +805,9 @@ void header_parse(FILE *stream)
@@ -809,9 +809,9 @@ void header_parse(FILE *stream)
in_header = False;
default:
@ -193,7 +193,7 @@
}
header_save(p);
@@ -872,11 +872,11 @@ bool_t read_config()
@@ -876,11 +876,11 @@ bool_t read_config()
char *rightside;
/* Make comments invisible */
if((p = strchr(buf, '#'))) {
@ -207,7 +207,7 @@
/* Parse out keywords */
p=firsttok(&begin, "= \t\n");
@@ -886,7 +886,7 @@ bool_t read_config()
@@ -890,7 +890,7 @@ bool_t read_config()
}
if(p && q) {
if(strcasecmp(p, "Root") == 0) {
@ -216,7 +216,7 @@
die("parse_config() -- strdup() failed");
}
@@ -900,7 +900,7 @@ bool_t read_config()
@@ -904,7 +904,7 @@ bool_t read_config()
port = atoi(r);
}
@ -225,7 +225,7 @@
die("parse_config() -- strdup() failed");
}
@@ -945,7 +945,7 @@ bool_t read_config()
@@ -949,7 +949,7 @@ bool_t read_config()
mail_domain = strdup(q);
}
@ -234,7 +234,7 @@
die("parse_config() -- strdup() failed");
}
rewrite_domain = True;
@@ -1021,7 +1021,7 @@ bool_t read_config()
@@ -1025,7 +1025,7 @@ bool_t read_config()
}
}
else if(strcasecmp(p, "TLSCert") == 0) {
@ -243,7 +243,7 @@
die("parse_config() -- strdup() failed");
}
@@ -1032,7 +1032,7 @@ bool_t read_config()
@@ -1036,7 +1036,7 @@ bool_t read_config()
#endif
/* Command-line overrides these */
else if(strcasecmp(p, "AuthUser") == 0 && !auth_user) {
@ -252,7 +252,7 @@
die("parse_config() -- strdup() failed");
}
@@ -1041,7 +1041,7 @@ bool_t read_config()
@@ -1045,7 +1045,7 @@ bool_t read_config()
}
}
else if(strcasecmp(p, "AuthPass") == 0 && !auth_pass) {
@ -261,7 +261,7 @@
die("parse_config() -- strdup() failed");
}
@@ -1050,7 +1050,7 @@ bool_t read_config()
@@ -1054,7 +1054,7 @@ bool_t read_config()
}
}
else if(strcasecmp(p, "AuthMethod") == 0 && !auth_method) {
@ -270,7 +270,24 @@
die("parse_config() -- strdup() failed");
}
@@ -1309,7 +1309,7 @@ char *fd_gets(char *buf, int size, int f
@@ -1119,14 +1119,11 @@ int smtp_open(char *host, int port)
char buf[(BUF_SZ + 1)];
/* Init SSL stuff */
- SSL_CTX *ctx;
- SSL_METHOD *meth;
+ SSL_CTX *ctx = NULL;
X509 *server_cert;
-
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
- meth=SSLv23_client_method();
- ctx = SSL_CTX_new(meth);
+ ctx = SSL_CTX_new(SSLv23_client_method());
if(!ctx) {
log_event(LOG_ERR, "No SSL support initiated\n");
return(-1);
@@ -1310,7 +1307,7 @@ char *fd_gets(char *buf, int size, int f
buf[i++] = c;
}
}
@ -279,7 +296,7 @@
return(buf);
}
@@ -1433,14 +1433,14 @@ int ssmtp(char *argv[])
@@ -1434,14 +1431,14 @@ int ssmtp(char *argv[])
}
if((p = strtok(pw->pw_gecos, ";,"))) {
@ -296,7 +313,7 @@
uad = append_domain(pw->pw_name);
}
@@ -1488,7 +1488,7 @@ int ssmtp(char *argv[])
@@ -1489,7 +1486,7 @@ int ssmtp(char *argv[])
/* Try to log in if username was supplied */
if(auth_user) {
#ifdef MD5AUTH
@ -305,7 +322,7 @@
auth_pass = strdup("");
}
@@ -1736,7 +1736,7 @@ char **parse_options(int argc, char *arg
@@ -1737,7 +1734,7 @@ char **parse_options(int argc, char *arg
j = 0;
add = 1;
@ -314,7 +331,7 @@
switch(argv[i][j]) {
#ifdef INET6
case '6':
@@ -1754,14 +1754,14 @@ char **parse_options(int argc, char *arg
@@ -1755,14 +1752,14 @@ char **parse_options(int argc, char *arg
if((!argv[i][(j + 1)])
&& argv[(i + 1)]) {
auth_user = strdup(argv[i+1]);
@ -331,7 +348,7 @@
die("parse_options() -- strdup() failed");
}
}
@@ -1771,14 +1771,14 @@ char **parse_options(int argc, char *arg
@@ -1772,14 +1769,14 @@ char **parse_options(int argc, char *arg
if((!argv[i][(j + 1)])
&& argv[(i + 1)]) {
auth_pass = strdup(argv[i+1]);
@ -348,7 +365,7 @@
die("parse_options() -- strdup() failed");
}
}
@@ -1869,14 +1869,14 @@ char **parse_options(int argc, char *arg
@@ -1870,14 +1867,14 @@ char **parse_options(int argc, char *arg
case 'F':
if((!argv[i][(j + 1)]) && argv[(i + 1)]) {
minus_F = strdup(argv[(i + 1)]);
@ -365,7 +382,7 @@
die("parse_options() -- strdup() failed");
}
}
@@ -1888,14 +1888,14 @@ char **parse_options(int argc, char *arg
@@ -1889,14 +1886,14 @@ char **parse_options(int argc, char *arg
case 'r':
if((!argv[i][(j + 1)]) && argv[(i + 1)]) {
minus_f = strdup(argv[(i + 1)]);


Loading…
Cancel
Save