diff -Nru libetpan-1.9.4/debian/changelog libetpan-1.9.4/debian/changelog --- libetpan-1.9.4/debian/changelog 2024-09-15 00:23:25.000000000 +0200 +++ libetpan-1.9.4/debian/changelog 2024-11-19 16:40:30.000000000 +0100 @@ -1,3 +1,11 @@ +libetpan (1.9.4-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * Replace Cyrus SASL MD5 with Colin Plumb's MD5 (Closes: #1087747) + - Drop the lep_hmac_md5* symbols that are not used in reverse dependencies + + -- Bastian Germann Tue, 19 Nov 2024 16:40:30 +0100 + libetpan (1.9.4-4) unstable; urgency=medium * Acknowledge NMUs: diff -Nru libetpan-1.9.4/debian/copyright libetpan-1.9.4/debian/copyright --- libetpan-1.9.4/debian/copyright 2024-09-15 00:23:25.000000000 +0200 +++ libetpan-1.9.4/debian/copyright 2024-11-19 16:40:30.000000000 +0100 @@ -42,6 +42,9 @@ 2001, 2005 - DINH Viet Hoa 1991-2, RSA Data Security, Inc. License: BSD-3-Clause and BSD-RSA +Comment: + BSD-RSA is only applicable for the source. + With patches applied, it does not end up in the binary. Files: src/low-level/feed/newsfeed.* src/low-level/feed/newsfeed_item.* src/low-level/feed/parser_atom03.* @@ -90,6 +93,16 @@ 2012-2019 Ricardo Mones License: Expat +Files: debian/patches/17-Replace-Cyrus-SASL-MD5-with-Colin-Plumb-s-MD5.patch +Copyright: + 1993 Colin Plumb + Ian Jackson +License: public-domain + This code implements the MD5 message-digest algorithm. + The algorithm is due to Ron Rivest. This code was + written by Colin Plumb in 1993, no copyright is claimed. + This code is in the public domain; do with it what you wish. + License: BSD-3-Clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions diff -Nru libetpan-1.9.4/debian/libetpan20t64.symbols libetpan-1.9.4/debian/libetpan20t64.symbols --- libetpan-1.9.4/debian/libetpan20t64.symbols 2024-09-15 00:23:25.000000000 +0200 +++ libetpan-1.9.4/debian/libetpan20t64.symbols 2024-11-19 16:40:30.000000000 +0100 @@ -84,11 +84,6 @@ lep_MD5Final@Base 1.8.0 lep_MD5Init@Base 1.8.0 lep_MD5Update@Base 1.8.0 - lep_hmac_md5@Base 1.8.0 - lep_hmac_md5_final@Base 1.8.0 - lep_hmac_md5_import@Base 1.8.0 - lep_hmac_md5_init@Base 1.8.0 - lep_hmac_md5_precalc@Base 1.8.0 libetpan_engine_debug@Base 1.0 libetpan_engine_free@Base 1.0 libetpan_engine_get_privacy@Base 1.0 diff -Nru libetpan-1.9.4/debian/patches/17-Replace-Cyrus-SASL-MD5-with-Colin-Plumb-s-MD5.patch libetpan-1.9.4/debian/patches/17-Replace-Cyrus-SASL-MD5-with-Colin-Plumb-s-MD5.patch --- libetpan-1.9.4/debian/patches/17-Replace-Cyrus-SASL-MD5-with-Colin-Plumb-s-MD5.patch 1970-01-01 01:00:00.000000000 +0100 +++ libetpan-1.9.4/debian/patches/17-Replace-Cyrus-SASL-MD5-with-Colin-Plumb-s-MD5.patch 2024-11-19 14:30:27.000000000 +0100 @@ -0,0 +1,1003 @@ +Origin: https://github.com/dinhvh/libetpan/pull/450 +From: Bastian Germann +Date: Mon, 18 Nov 2024 17:50:51 +0100 +Subject: Replace Cyrus SASL MD5 with Colin Plumb's MD5 + +HMAC-MD5 is not used anymore, so drop it without replacement. +Using Colin Plumb's MD5 gets rid of the RSA-MD license. + +Keep the C++ conditionals as well as the namespace include in +the md5.h header. + +Link: https://github.com/jeffboody/libmd5/tree/5b2f2eab1f5126933dd9560c1cfbcabf7e6a1722 +--- +diff --git a/doc/DOCUMENTATION b/doc/DOCUMENTATION +index 4f66519..4951686 100644 +--- a/doc/DOCUMENTATION ++++ b/doc/DOCUMENTATION +@@ -335,9 +335,7 @@ cinthash.[ch] -- a hash table which keys are integers + (should be removed and replaced with chash) + clist.[ch] -- a double-linked list + connect.[ch] -- easy interface to connect a TCP server +-hmac_md5.h +-md5.[ch] +-md5global.h -- MD5 calculation ++md5.[ch] -- MD5 calculation + mail.h -- some constants + maildb_helper.[ch] -- wrappers to DB 2.x 3.x or 4.x + maillock.[ch] -- safely lock a given file +diff --git a/src/data-types/Makefile.am b/src/data-types/Makefile.am +index d2f0030..09b1804 100644 +--- a/src/data-types/Makefile.am ++++ b/src/data-types/Makefile.am +@@ -42,8 +42,8 @@ AM_CPPFLAGS = -I$(top_builddir)/include + + noinst_LTLIBRARIES = libdata-types.la + +-libdata_types_la_SOURCES = connect.h connect.c base64.h hmac-md5.h \ +- md5global.h md5namespace.h md5.h md5.c mmapstring.c mailstream_helper.c \ ++libdata_types_la_SOURCES = connect.h connect.c base64.h \ ++ md5namespace.h md5.h md5.c mmapstring.c mailstream_helper.c \ + mailstream_low.c mailstream.c mailstream_socket.c \ + mailstream_ssl.c carray.c clist.c chash.c \ + charconv.c maillock.c base64.c mail_cache_db_types.h \ +diff --git a/src/data-types/md5.c b/src/data-types/md5.c +old mode 100644 +new mode 100755 +index 952b565..284dcf6 +--- a/src/data-types/md5.c ++++ b/src/data-types/md5.c +@@ -1,578 +1,247 @@ + /* +- * libEtPan! -- a mail stuff library ++ * This code implements the MD5 message-digest algorithm. ++ * The algorithm is due to Ron Rivest. This code was ++ * written by Colin Plumb in 1993, no copyright is claimed. ++ * This code is in the public domain; do with it what you wish. + * +- * Copyright (C) 2001, 2005 - DINH Viet Hoa +- * All rights reserved. ++ * Equivalent code is available from RSA Data Security, Inc. ++ * This code has been tested against that, and is equivalent, ++ * except that you don't need to include two pages of legalese ++ * with every copy. + * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. Neither the name of the libEtPan! project nor the names of its +- * contributors may be used to endorse or promote products derived +- * from this software without specific prior written permission. ++ * To compute the message digest of a chunk of bytes, declare an ++ * MD5Context structure, pass it to MD5Init, call MD5Update as ++ * needed on buffers full of bytes, and then call MD5Final, which ++ * will fill a supplied 16-byte array with the digest. + * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. ++ * Changed so as no longer to depend on Colin Plumb's `usual.h' header ++ * definitions; now uses stuff from dpkg's config.h. ++ * - Ian Jackson . ++ * Still in the public domain. + */ + +-#ifdef HAVE_CONFIG_H +-# include +-#endif +- +-/* +- * $Id: md5.c,v 1.11 2008/02/20 22:15:50 hoa Exp $ +- */ +- +-/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm +-*/ +- +-/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +-rights reserved. +- +-License to copy and use this software is granted provided that it +-is identified as the "RSA Data Security, Inc. MD5 Message-Digest +-Algorithm" in all material mentioning or referencing this software +-or this function. +- +-License is also granted to make and use derivative works provided +-that such works are identified as "derived from the RSA Data +-Security, Inc. MD5 Message-Digest Algorithm" in all material +-mentioning or referencing the derived work. ++#include /* for memcpy() */ ++#include /* for stupid systems */ + +-RSA Data Security, Inc. makes no representations concerning either +-the merchantability of this software or the suitability of this +-software for any particular purpose. It is provided "as is" +-without express or implied warranty of any kind. +- +-These notices must be retained in any copies of any part of this +-documentation and/or software. +-*/ +- +-/* do i need all of this just for htonl()? damn. */ +-#include +-#ifdef WIN32 +-# include +-#else +-# include +-# include +-# include +-#endif +- +-#include "md5global.h" + #include "md5.h" +-#include "hmac-md5.h" +- +-/* Constants for MD5Transform routine. +-*/ +- +-#define S11 7 +-#define S12 12 +-#define S13 17 +-#define S14 22 +-#define S21 5 +-#define S22 9 +-#define S23 14 +-#define S24 20 +-#define S31 4 +-#define S32 11 +-#define S33 16 +-#define S34 23 +-#define S41 6 +-#define S42 10 +-#define S43 15 +-#define S44 21 +- +-static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64])); +-static void Encode PROTO_LIST +- ((unsigned char *, UINT4 *, unsigned int)); +-static void Decode PROTO_LIST +- ((UINT4 *, const unsigned char *, unsigned int)); +-static void MD5_memcpy PROTO_LIST ((POINTER, CONST_POINTER, unsigned int)); +-static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); +- +-static unsigned char PADDING[64] = { +- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +-}; +- +-/* F, G, H and I are basic MD5 functions. +- +- */ +-#ifdef I +-/* This might be defined via NANA */ +-#undef I +-#endif +- +-#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +-#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) +-#define H(x, y, z) ((x) ^ (y) ^ (z)) +-#define I(x, y, z) ((y) ^ ((x) | (~z))) +- +-/* ROTATE_LEFT rotates x left n bits. +- +- */ +- +-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) +- +-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. +-Rotation is separate from addition to prevent recomputation. +-*/ +- +-#define FF(a, b, c, d, x, s, ac) { (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } +-#define GG(a, b, c, d, x, s, ac) { (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } +-#define HH(a, b, c, d, x, s, ac) { (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } +-#define II(a, b, c, d, x, s, ac) { (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } +- +-/* MD5 initialization. Begins an MD5 operation, writing a new context. +-*/ +- +-void MD5Init (context) +-MD5_CTX *context; /* context */ +-{ +- context->count[0] = context->count[1] = 0; +- +- /* Load magic initialization constants. +- +-*/ +- context->state[0] = 0x67452301; +- context->state[1] = 0xefcdab89; +- context->state[2] = 0x98badcfe; +- context->state[3] = 0x10325476; +-} +- +-/* MD5 block update operation. Continues an MD5 message-digest +- operation, processing another message block, and updating the context. +-*/ +- +-void MD5Update (context, input, inputLen) +-MD5_CTX *context; /* context */ +-const unsigned char *input; /* input block */ +-unsigned int inputLen; /* length of input block */ +-{ +- unsigned int i, indx, partLen; +- +- /* Compute number of bytes mod 64 */ +- indx = (unsigned int)((context->count[0] >> 3) & 0x3F); +- +- /* Update number of bits */ +- if ((context->count[0] += ((UINT4)inputLen << 3)) +- < ((UINT4)inputLen << 3)) +- context->count[1]++; +- context->count[1] += ((UINT4)inputLen >> 29); +- +- partLen = 64 - indx; +- +- /* Transform as many times as possible. +- +-*/ +- if (inputLen >= partLen) { +- MD5_memcpy +- ((POINTER)&context->buffer[indx], (POINTER)input, partLen); MD5Transform +- (context->state, context->buffer); +- +- for (i = partLen; i + 63 < inputLen; i += 64) +- MD5Transform (context->state, &input[i]); +- +- indx = 0; +- } +- else +- i = 0; +- +- /* Buffer remaining input */ +- MD5_memcpy +- ((POINTER)&context->buffer[indx], (POINTER)&input[i], +- inputLen-i); +- +-} +- +-/* MD5 finalization. Ends an MD5 message-digest operation, writing the +- the message digest and zeroizing the context. +- +- */ +- +-void MD5Final (digest, context) +-unsigned char digest[16]; /* message digest */ +-MD5_CTX *context; /* context */ +-{ +- unsigned char bits[8]; +- unsigned int indx, padLen; +- +- /* Save number of bits */ +- Encode (bits, context->count, 8); +- +- /* Pad out to 56 mod 64. +- +-*/ +- indx = (unsigned int)((context->count[0] >> 3) & 0x3f); +- padLen = (indx < 56) ? (56 - indx) : (120 - indx); +- MD5Update (context, PADDING, padLen); +- +- /* Append length (before padding) */ +- MD5Update (context, bits, 8); +- +- /* Store state in digest */ +- Encode (digest, context->state, 16); +- +- /* Zeroize sensitive information. +- +-*/ +- MD5_memset ((POINTER)context, 0, sizeof (*context)); +-} +- +-/* MD5 basic transformation. Transforms state based on block. +- +- */ + +-static void MD5Transform (state, block) +-UINT4 state[4]; +-const unsigned char block[64]; ++#ifdef WORDS_BIGENDIAN ++static void ++byteSwap(UWORD32 *buf, unsigned words) + { +- UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; ++ md5byte *p = (md5byte *)buf; + +- Decode (x, block, 64); +- +- /* Round 1 */ +- FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ +- FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ +- FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ +- FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ +- FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ +- FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ +- FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ +- FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ +- FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ +- FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ +- FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ +- FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ +- FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ +- FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ +- FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ +- FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ +- +- /* Round 2 */ +- GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ +- GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ +- GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ +- GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ +- GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ +- GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ +- GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ +- GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ +- GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ +- GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ +- GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ +- GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ +- GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ +- GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ +- GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ +- GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ +- +- /* Round 3 */ +- HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ +- HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ +- HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ +- HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ +- HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ +- HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ +- HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ +- HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ +- HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ +- HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ +- HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ +- HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ +- HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ +- HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ +- HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ +- HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ +- +- /* Round 4 */ +- II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ +- II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ +- II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ +- II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ +- II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ +- II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ +- II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ +- II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ +- II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ +- II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ +- II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ +- II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ +- II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ +- II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ +- II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ +- II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ +- +- state[0] += a; +- state[1] += b; +- state[2] += c; +- state[3] += d; +- +- /* Zeroize sensitive information. +- */ +- MD5_memset ((POINTER)x, 0, sizeof (x)); +-} +- +-/* Encodes input (UINT4) into output (unsigned char). Assumes len is +- a multiple of 4. +- +- */ +- +-static void Encode (output, input, len) +-unsigned char *output; +-UINT4 *input; +-unsigned int len; +-{ +- unsigned int i, j; +- +- for (i = 0, j = 0; j < len; i++, j += 4) { +- output[j] = (unsigned char)(input[i] & 0xff); +- output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); +- output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); +- output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); +- } +-} +- +-/* Decodes input (unsigned char) into output (UINT4). Assumes len is +- a multiple of 4. +- +- */ +- +-static void Decode (output, input, len) +-UINT4 *output; +-const unsigned char *input; +-unsigned int len; +-{ +- unsigned int i, j; +- +- for (i = 0, j = 0; j < len; i++, j += 4) +- output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | (((UINT4)input[j+2]) << 16) +- | (((UINT4)input[j+3]) << 24); ++ do { ++ *buf++ = (UWORD32)((unsigned)p[3] << 8 | p[2]) << 16 | ++ ((unsigned)p[1] << 8 | p[0]); ++ p += 4; ++ } while (--words); + } ++#else ++#define byteSwap(buf,words) ++#endif + +-/* Note: Replace "for loop" with standard memcpy if possible. +- +- */ ++static void MD5Transform(UWORD32 buf[4], UWORD32 const in[16]); + +-static void MD5_memcpy (output, input, len) +-POINTER output; +-CONST_POINTER input; +-unsigned int len; ++/* ++ * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious ++ * initialization constants. ++ */ ++void ++MD5Init(struct MD5Context *ctx) + { +- unsigned int i; ++ ctx->buf[0] = 0x67452301; ++ ctx->buf[1] = 0xefcdab89; ++ ctx->buf[2] = 0x98badcfe; ++ ctx->buf[3] = 0x10325476; + +- for (i = 0; i < len; i++) +- output[i] = input[i]; ++ ctx->bytes[0] = 0; ++ ctx->bytes[1] = 0; + } + +-/* Note: Replace "for loop" with standard memset if possible. +-*/ +- +-static void MD5_memset (output, value, len) +-POINTER output; +-int value; +-unsigned int len; ++/* ++ * Update context to reflect the concatenation of another buffer full ++ * of bytes. ++ */ ++void ++MD5Update(struct MD5Context *ctx, md5byte const *buf, unsigned len) + { +- unsigned int i; +- +- for (i = 0; i < len; i++) +- ((char *)output)[i] = (char)value; ++ UWORD32 t; ++ ++ /* Update byte count */ ++ ++ t = ctx->bytes[0]; ++ if ((ctx->bytes[0] = t + len) < t) ++ ctx->bytes[1]++; /* Carry from low to high */ ++ ++ t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */ ++ if (t > len) { ++ memcpy((md5byte *)ctx->in + 64 - t, buf, len); ++ return; ++ } ++ /* First chunk is an odd size */ ++ memcpy((md5byte *)ctx->in + 64 - t, buf, t); ++ byteSwap(ctx->in, 16); ++ MD5Transform(ctx->buf, ctx->in); ++ buf += t; ++ len -= t; ++ ++ /* Process data in 64-byte chunks */ ++ while (len >= 64) { ++ memcpy(ctx->in, buf, 64); ++ byteSwap(ctx->in, 16); ++ MD5Transform(ctx->buf, ctx->in); ++ buf += 64; ++ len -= 64; ++ } ++ ++ /* Handle any remaining bytes of data. */ ++ memcpy(ctx->in, buf, len); + } + +-void hmac_md5_init(HMAC_MD5_CTX *hmac, +- const unsigned char *key, +- int key_len) ++/* ++ * Final wrapup - pad to 64-byte boundary with the bit pattern ++ * 1 0* (64-bit count of bits processed, MSB-first) ++ */ ++void ++MD5Final(md5byte digest[16], struct MD5Context *ctx) + { +- unsigned char k_ipad[65]; /* inner padding - +- * key XORd with ipad +- */ +- unsigned char k_opad[65]; /* outer padding - +- * key XORd with opad +- */ +- unsigned char tk[16]; +- int i; +- /* if key is longer than 64 bytes reset it to key=MD5(key) */ +- if (key_len > 64) { +- +- MD5_CTX tctx; +- +- MD5Init(&tctx); +- MD5Update(&tctx, key, key_len); +- MD5Final(tk, &tctx); +- +- key = tk; +- key_len = 16; +- } +- +- /* +- * the HMAC_MD5 transform looks like: +- * +- * MD5(K XOR opad, MD5(K XOR ipad, text)) +- * +- * where K is an n byte key +- * ipad is the byte 0x36 repeated 64 times +- * opad is the byte 0x5c repeated 64 times +- * and text is the data being protected +- */ +- +- /* start out by storing key in pads */ +- MD5_memset(k_ipad, '\0', sizeof k_ipad); +- MD5_memset(k_opad, '\0', sizeof k_opad); +- MD5_memcpy( k_ipad, key, key_len); +- MD5_memcpy( k_opad, key, key_len); +- +- /* XOR key with ipad and opad values */ +- for (i=0; i<64; i++) { +- k_ipad[i] ^= 0x36; +- k_opad[i] ^= 0x5c; +- } +- +- MD5Init(&hmac->ictx); /* init inner context */ +- MD5Update(&hmac->ictx, k_ipad, 64); /* apply inner pad */ +- +- MD5Init(&hmac->octx); /* init outer context */ +- MD5Update(&hmac->octx, k_opad, 64); /* apply outer pad */ +- +- /* scrub the pads and key context (if used) */ +- MD5_memset(&k_ipad[0], 0, sizeof(k_ipad)); +- MD5_memset(&k_opad[0], 0, sizeof(k_opad)); +- MD5_memset(&tk[0], 0, sizeof(tk)); +- +- /* and we're done. */ ++ int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */ ++ md5byte *p = (md5byte *)ctx->in + count; ++ ++ /* Set the first char of padding to 0x80. There is always room. */ ++ *p++ = 0x80; ++ ++ /* Bytes of padding needed to make 56 bytes (-8..55) */ ++ count = 56 - 1 - count; ++ ++ if (count < 0) { /* Padding forces an extra block */ ++ memset(p, 0, count + 8); ++ byteSwap(ctx->in, 16); ++ MD5Transform(ctx->buf, ctx->in); ++ p = (md5byte *)ctx->in; ++ count = 56; ++ } ++ memset(p, 0, count); ++ byteSwap(ctx->in, 14); ++ ++ /* Append length in bits and transform */ ++ ctx->in[14] = ctx->bytes[0] << 3; ++ ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29; ++ MD5Transform(ctx->buf, ctx->in); ++ ++ byteSwap(ctx->buf, 4); ++ memcpy(digest, ctx->buf, 16); ++#if 0 ++ // compile warning on sizeof(ctx) ++ memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ ++#else ++ // a better way to reset ctx ++ MD5Init(ctx); ++#endif + } + +-/* The precalc and import routines here rely on the fact that we pad +- * the key out to 64 bytes and use that to initialize the md5 +- * contexts, and that updating an md5 context with 64 bytes of data +- * leaves nothing left over; all of the interesting state is contained +- * in the state field, and none of it is left over in the count and +- * buffer fields. So all we have to do is save the state field; we +- * can zero the others when we reload it. Which is why the decision +- * was made to pad the key out to 64 bytes in the first place. */ +-void hmac_md5_precalc(HMAC_MD5_STATE *state, +- const unsigned char *key, +- int key_len) +-{ +- HMAC_MD5_CTX hmac; +- unsigned lupe; ++#ifndef ASM_MD5 + +- hmac_md5_init(&hmac, key, key_len); +- for (lupe = 0; lupe < 4; lupe++) { +- state->istate[lupe] = htonl(hmac.ictx.state[lupe]); +- state->ostate[lupe] = htonl(hmac.octx.state[lupe]); +- } +- MD5_memset((POINTER) &hmac, 0, sizeof(hmac)); +-} ++/* The four core functions - F1 is optimized somewhat */ + ++/* #define F1(x, y, z) (x & y | ~x & z) */ ++#define F1(x, y, z) (z ^ (x & (y ^ z))) ++#define F2(x, y, z) F1(z, x, y) ++#define F3(x, y, z) (x ^ y ^ z) ++#define F4(x, y, z) (y ^ (x | ~z)) + +-void hmac_md5_import(HMAC_MD5_CTX *hmac, +- HMAC_MD5_STATE *state) +-{ +- unsigned lupe; +- MD5_memset((POINTER) hmac, 0, sizeof(HMAC_MD5_CTX)); +- for (lupe = 0; lupe < 4; lupe++) { +- hmac->ictx.state[lupe] = ntohl(state->istate[lupe]); +- hmac->octx.state[lupe] = ntohl(state->ostate[lupe]); +- } +- /* Init the counts to account for our having applied +- * 64 bytes of key; this works out to 0x200 (64 << 3; see +- * MD5Update above...) */ +- hmac->ictx.count[0] = hmac->octx.count[0] = 0x200; +-} ++/* This is the central step in the MD5 algorithm. */ ++#define MD5STEP(f,w,x,y,z,in,s) \ ++ (w += f(x,y,z) + in, w = (w<>(32-s)) + x) + +-void hmac_md5_final(unsigned char digest[HMAC_MD5_SIZE], +- HMAC_MD5_CTX *hmac) ++/* ++ * The core of the MD5 algorithm, this alters an existing MD5 hash to ++ * reflect the addition of 16 longwords of new data. MD5Update blocks ++ * the data and converts bytes into longwords for this routine. ++ */ ++static void ++MD5Transform(UWORD32 buf[4], UWORD32 const in[16]) + { +- MD5Final(digest, &hmac->ictx); /* Finalize inner md5 */ +- MD5Update(&hmac->octx, digest, 16); /* Update outer ctx */ +- MD5Final(digest, &hmac->octx); /* Finalize outer md5 */ ++ register UWORD32 a, b, c, d; ++ ++ a = buf[0]; ++ b = buf[1]; ++ c = buf[2]; ++ d = buf[3]; ++ ++ MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); ++ MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); ++ MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); ++ MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); ++ MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); ++ MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); ++ MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); ++ MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); ++ MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); ++ MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); ++ MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); ++ MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); ++ MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); ++ MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); ++ MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); ++ MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); ++ ++ MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); ++ MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); ++ MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); ++ MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); ++ MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); ++ MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); ++ MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); ++ MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); ++ MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); ++ MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); ++ MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); ++ MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); ++ MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); ++ MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); ++ MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); ++ MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); ++ ++ MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); ++ MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); ++ MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); ++ MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); ++ MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); ++ MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); ++ MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); ++ MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); ++ MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); ++ MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); ++ MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); ++ MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); ++ MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); ++ MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); ++ MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); ++ MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); ++ ++ MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); ++ MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); ++ MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); ++ MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); ++ MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); ++ MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); ++ MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); ++ MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); ++ MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); ++ MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); ++ MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); ++ MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); ++ MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); ++ MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); ++ MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); ++ MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); ++ ++ buf[0] += a; ++ buf[1] += b; ++ buf[2] += c; ++ buf[3] += d; + } + +- +-void hmac_md5(text, text_len, key, key_len, digest) +-const unsigned char* text; /* pointer to data stream */ +-int text_len; /* length of data stream */ +-const unsigned char* key; /* pointer to authentication key */ +-int key_len; /* length of authentication key */ +-unsigned char *digest; /* caller digest to be filled in */ +-{ +- MD5_CTX context; +- +- unsigned char k_ipad[65]; /* inner padding - +- * key XORd with ipad +- */ +- unsigned char k_opad[65]; /* outer padding - +- * key XORd with opad +- */ +- unsigned char tk[16]; +- int i; +- /* if key is longer than 64 bytes reset it to key=MD5(key) */ +- if (key_len > 64) { +- +- MD5_CTX tctx; +- +- MD5Init(&tctx); +- MD5Update(&tctx, key, key_len); +- MD5Final(tk, &tctx); +- +- key = tk; +- key_len = 16; +- } +- +- /* +- * the HMAC_MD5 transform looks like: +- * +- * MD5(K XOR opad, MD5(K XOR ipad, text)) +- * +- * where K is an n byte key +- * ipad is the byte 0x36 repeated 64 times +- * opad is the byte 0x5c repeated 64 times +- * and text is the data being protected +- */ +- +- /* start out by storing key in pads */ +- MD5_memset(k_ipad, '\0', sizeof k_ipad); +- MD5_memset(k_opad, '\0', sizeof k_opad); +- MD5_memcpy( k_ipad, key, key_len); +- MD5_memcpy( k_opad, key, key_len); +- +- /* XOR key with ipad and opad values */ +- for (i=0; i<64; i++) { +- k_ipad[i] ^= 0x36; +- k_opad[i] ^= 0x5c; +- } +- /* +- * perform inner MD5 +- */ +- +- MD5Init(&context); /* init context for 1st +- * pass */ +- MD5Update(&context, k_ipad, 64); /* start with inner pad */ +- MD5Update(&context, text, text_len); /* then text of datagram */ +- MD5Final(digest, &context); /* finish up 1st pass */ +- +- /* +- * perform outer MD5 +- */ +- MD5Init(&context); /* init context for 2nd +- * pass */ +- MD5Update(&context, k_opad, 64); /* start with outer pad */ +- MD5Update(&context, digest, 16); /* then results of 1st +- * hash */ +- MD5Final(digest, &context); /* finish up 2nd pass */ +- +-} ++#endif +diff --git a/src/data-types/md5.h b/src/data-types/md5.h +old mode 100644 +new mode 100755 +index 219b771..8652850 +--- a/src/data-types/md5.h ++++ b/src/data-types/md5.h +@@ -1,88 +1,56 @@ + /* +- * libEtPan! -- a mail stuff library ++ * This is the header file for the MD5 message-digest algorithm. ++ * The algorithm is due to Ron Rivest. This code was ++ * written by Colin Plumb in 1993, no copyright is claimed. ++ * This code is in the public domain; do with it what you wish. + * +- * Copyright (C) 2001, 2005 - DINH Viet Hoa +- * All rights reserved. ++ * Equivalent code is available from RSA Data Security, Inc. ++ * This code has been tested against that, and is equivalent, ++ * except that you don't need to include two pages of legalese ++ * with every copy. + * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. Neither the name of the libEtPan! project nor the names of its +- * contributors may be used to endorse or promote products derived +- * from this software without specific prior written permission. ++ * To compute the message digest of a chunk of bytes, declare an ++ * MD5Context structure, pass it to MD5Init, call MD5Update as ++ * needed on buffers full of bytes, and then call MD5Final, which ++ * will fill a supplied 16-byte array with the digest. + * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. ++ * Changed so as no longer to depend on Colin Plumb's `usual.h' ++ * header definitions; now uses stuff from dpkg's config.h ++ * - Ian Jackson . ++ * Still in the public domain. + */ + +-/* +- * $Id: md5.h,v 1.11 2006/06/02 15:44:29 smarinier Exp $ +- */ +- +-/* MD5.H - header file for MD5C.C +- */ +- +-/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +-rights reserved. +- +-License to copy and use this software is granted provided that it +-is identified as the "RSA Data Security, Inc. MD5 Message-Digest +-Algorithm" in all material mentioning or referencing this software +-or this function. +- +-License is also granted to make and use derivative works provided +-that such works are identified as "derived from the RSA Data +-Security, Inc. MD5 Message-Digest Algorithm" in all material +-mentioning or referencing the derived work. +- +-RSA Data Security, Inc. makes no representations concerning either +-the merchantability of this software or the suitability of this +-software for any particular purpose. It is provided "as is" +-without express or implied warranty of any kind. +-These notices must be retained in any copies of any part of this +-documentation and/or software. +- */ +- +-#include "md5global.h" +- + #ifndef MD5_H +- + #define MD5_H + ++#include "md5namespace.h" ++ + #ifdef __cplusplus + extern "C" { + #endif + +-/* MD5 context. */ +-typedef struct { +- UINT4 state[4]; /* state (ABCD) */ +- UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ +- unsigned char buffer[64]; /* input buffer */ +-} MD5_CTX; ++#ifdef _MSC_VER ++#define WIN32_LEAN_AND_MEAN ++#include ++#define UWORD32 DWORD ++#else ++#include ++#define UWORD32 uint32_t ++#endif ++#define md5byte unsigned char + +-void MD5Init PROTO_LIST ((MD5_CTX *)); +-void MD5Update PROTO_LIST +- ((MD5_CTX *, const unsigned char *, unsigned int)); +-void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); ++struct MD5Context { ++ UWORD32 buf[4]; ++ UWORD32 bytes[2]; ++ UWORD32 in[16]; ++}; + +-void hmac_md5 PROTO_LIST ((const unsigned char *, int, const unsigned char *, int, unsigned char *)); ++void MD5Init(struct MD5Context *context); ++void MD5Update(struct MD5Context *context, md5byte const *buf, unsigned len); ++void MD5Final(unsigned char digest[16], struct MD5Context *context); + + #ifdef __cplusplus + } + #endif + +-#endif ++#endif /* !MD5_H */ +diff --git a/src/data-types/md5namespace.h b/src/data-types/md5namespace.h +index 633fbdc..c2c02c9 100644 +--- a/src/data-types/md5namespace.h ++++ b/src/data-types/md5namespace.h +@@ -36,10 +36,5 @@ + #define MD5Init lep_MD5Init + #define MD5Update lep_MD5Update + #define MD5Final lep_MD5Final +-#define hmac_md5 lep_hmac_md5 +-#define hmac_md5_init lep_hmac_md5_init +-#define hmac_md5_precalc lep_hmac_md5_precalc +-#define hmac_md5_import lep_hmac_md5_import +-#define hmac_md5_final lep_hmac_md5_final + + #endif +diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c +index e2124bf..d5d66eb 100644 +--- a/src/low-level/pop3/mailpop3.c ++++ b/src/low-level/pop3/mailpop3.c +@@ -481,7 +481,7 @@ int mailpop3_apop(mailpop3 * f, + const char * user, const char * password) + { + char command[POP3_STRING_SIZE]; +- MD5_CTX md5context; ++ struct MD5Context md5context; + unsigned char md5digest[16]; + char md5string[33]; + char * cmd_ptr; diff -Nru libetpan-1.9.4/debian/patches/series libetpan-1.9.4/debian/patches/series --- libetpan-1.9.4/debian/patches/series 2024-09-15 00:23:25.000000000 +0200 +++ libetpan-1.9.4/debian/patches/series 2024-11-19 16:40:30.000000000 +0100 @@ -5,3 +5,4 @@ 14_fix_encoding.diff 15_Fixed-crash-when-st_info_list-is-NULL.-Fixes-420.-Fi.patch 16_fix_precedence_related_to_poll.patch +17-Replace-Cyrus-SASL-MD5-with-Colin-Plumb-s-MD5.patch