FreeBSD Bugzilla – Attachment 200631 Details for
Bug 233247
mail/fetchmail: Adapt patch to allow strict (>1.0) TLS version validation
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch adding Fedora's backported TLS handling
fm_tls.diff (text/plain), 4.25 KB, created by
Corey Halpin
on 2018-12-30 20:20:54 UTC
(
hide
)
Description:
Patch adding Fedora's backported TLS handling
Filename:
MIME Type:
Creator:
Corey Halpin
Created:
2018-12-30 20:20:54 UTC
Size:
4.25 KB
patch
obsolete
>diff -ru fetchmail.orig/Makefile fetchmail/Makefile >--- fetchmail.orig/Makefile 2018-12-30 10:08:20.237092000 -0600 >+++ fetchmail/Makefile 2018-12-30 14:07:53.766191000 -0600 >@@ -3,13 +3,16 @@ > > PORTNAME= fetchmail > PORTVERSION= 6.3.26 >-PORTREVISION= 8 >+PORTREVISION= 9 > CATEGORIES= mail ipv6 > MASTER_SITES= SF/${PORTNAME}/branch_6.3/ \ > http://mandree.home.pages.de/${PORTNAME}/ > >-PATCH_SITES= https://gitlab.com/fetchmail/fetchmail/commit/ >-PATCHFILES= 9b8b634.patch:-p1 >+PATCH_SITES= https://gitlab.com/fetchmail/fetchmail/commit/:gitlab >+PATCH_SITES+= https://src.fedoraproject.org/rpms/fetchmail/raw/master/f/:fedora >+PATCHFILES= 9b8b634.patch:-p1:gitlab # SNI fix >+PATCHFILES+= fetchmail-6.3.26-ssl-backport.patch:-p1:fedora >+ > > MAINTAINER= chalpin@cs.wisc.edu > COMMENT= Batch mail retrieval utility for IMAP/POP3/ETRN/ODMR >diff -ru fetchmail.orig/distinfo fetchmail/distinfo >--- fetchmail.orig/distinfo 2018-12-30 10:08:20.236994000 -0600 >+++ fetchmail/distinfo 2018-12-30 11:38:51.072183000 -0600 >@@ -1,5 +1,7 @@ >-TIMESTAMP = 1542709974 >+TIMESTAMP = 1546191531 > SHA256 (fetchmail-6.3.26.tar.xz) = 79b4c54cdbaf02c1a9a691d9948fcb1a77a1591a813e904283a8b614b757e850 > SIZE (fetchmail-6.3.26.tar.xz) = 1283816 > SHA256 (9b8b634.patch) = b0a9f7e28e7e6a5a16669832ad7a7a7dca47b435ce446ef10bd0421deea4a848 > SIZE (9b8b634.patch) = 1023 >+SHA256 (fetchmail-6.3.26-ssl-backport.patch) = a34b1a6becf731e2ef029a1c5ee3a82a7bbb1e2487b6f3be15bbb4e7dc8b500d >+SIZE (fetchmail-6.3.26-ssl-backport.patch) = 31596 >diff -ru fetchmail.orig/files/patch-fetchmail.c fetchmail/files/patch-fetchmail.c >--- fetchmail.orig/files/patch-fetchmail.c 2018-12-30 10:08:20.236675000 -0600 >+++ fetchmail/files/patch-fetchmail.c 2018-12-30 12:52:36.945178000 -0600 >@@ -1,5 +1,5 @@ >---- fetchmail.c.orig 2013-04-23 20:00:45 UTC >-+++ fetchmail.c >+--- fetchmail.c.orig 2018-12-30 11:43:19.032822000 -0600 >++++ fetchmail.c 2018-12-30 12:51:55.552234000 -0600 > @@ -50,6 +50,10 @@ > #include <arpa/nameser.h> > #include <resolv.h> >@@ -11,16 +11,16 @@ > #ifndef ENETUNREACH > #define ENETUNREACH 128 /* Interactive doesn't know this */ > #endif /* ENETUNREACH */ >-@@ -263,6 +267,12 @@ int main(int argc, char **argv) >+@@ -263,10 +267,10 @@ > #ifdef SSL_ENABLE > "+SSL" > #endif >-+#ifdef OPENSSL_NO_SSL2 >-+ "-SSLv2" >-+#endif >-+#ifdef OPENSSL_NO_SSL3_METHOD >-+ "-SSLv3" >-+#endif >+-#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0 >++#if (HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0) && !defined(OPENSSL_NO_SSL2) >+ "-SSLv2" >+ #endif >+-#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0 >++#if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0) && !defined(OPENSSL_NO_SSL3_METHOD) >+ "-SSLv3" >+ #endif > #ifdef OPIE_ENABLE >- "+OPIE" >- #endif /* OPIE_ENABLE */ >diff -ru fetchmail.orig/files/patch-socket.c fetchmail/files/patch-socket.c >--- fetchmail.orig/files/patch-socket.c 2018-12-30 10:08:20.236457000 -0600 >+++ fetchmail/files/patch-socket.c 2018-12-30 12:52:21.928236000 -0600 >@@ -1,6 +1,6 @@ >---- socket.c.orig 2013-04-23 20:00:45 UTC >-+++ socket.c >-@@ -907,14 +907,19 @@ int SSLOpen(int sock, char *mycert, char >+--- socket.c.orig 2018-12-30 11:43:19.042365000 -0600 >++++ socket.c 2018-12-30 12:46:39.062201000 -0600 >+@@ -910,7 +910,7 @@ > _ssl_context[sock] = NULL; > if(myproto) { > if(!strcasecmp("ssl2",myproto)) { >@@ -8,17 +8,13 @@ > +#if (HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0) && !defined(OPENSSL_NO_SSL2) > _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); > #else >-- report(stderr, GT_("Your operating system does not support SSLv2.\n")); >-+ report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n")); >- return -1; >+ report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n")); >+@@ -918,7 +918,7 @@ > #endif >+ avoid_ssl_versions &= ~SSL_OP_NO_SSLv2; > } else if(!strcasecmp("ssl3",myproto)) { >-+#ifndef OPENSSL_NO_SSL3_METHOD >+-#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0 >++#if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0) && !defined(OPENSSL_NO_SSL3_METHOD) > _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); >-+#else >-+ report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); >-+ return -1; >-+#endif >- } else if(!strcasecmp("tls1",myproto)) { >- _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); >- } else if (!strcasecmp("ssl23",myproto)) { >+ #else >+ report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=200631">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
chalpin
:
maintainer-approval+
koobs
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 233247
: 200631