commit imap for openSUSE:Factory
Hello community, here is the log from the commit of package imap for openSUSE:Factory checked in at 2016-03-01 09:38:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/imap (Old) and /work/SRC/openSUSE:Factory/.imap.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "imap" Changes: -------- --- /work/SRC/openSUSE:Factory/imap/imap.changes 2014-01-15 19:35:39.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.imap.new/imap.changes 2016-03-01 09:38:34.000000000 +0100 @@ -1,0 +2,5 @@ +Sat Feb 13 13:06:16 UTC 2016 - crrodriguez@opensuse.org + +- imap-openssl.patch: Support TLS 1.2 and ECDH ciphersuites. + +------------------------------------------------------------------- New: ---- imap-openssl.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imap.spec ++++++ --- /var/tmp/diff_new_pack.BPW6kg/_old 2016-03-01 09:38:35.000000000 +0100 +++ /var/tmp/diff_new_pack.BPW6kg/_new 2016-03-01 09:38:35.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package imap # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -43,6 +43,7 @@ Patch5: %{name}-2007e-c++.patch #Patch6: %{name}-2006c1.diff Patch6: %{name}-2007e.patch +Patch7: imap-openssl.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: bash /bin/echo /bin/mv BuildRequires: openssl-devel @@ -105,6 +106,7 @@ %patch4 %patch5 -p1 %patch6 -p1 +%patch7 -p1 %build export CFLAGS="$RPM_OPT_FLAGS -DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing -fstack-protector" ++++++ imap-openssl.patch ++++++ --- imap-2007e.orig/src/osdep/unix/ssl_unix.c +++ imap-2007e/src/osdep/unix/ssl_unix.c @@ -38,7 +38,7 @@ #undef crypt #define SSLBUFLEN 8192 -#define SSLCIPHERLIST "ALL:!LOW" +#define SSLCIPHERLIST "DEFAULT" /* SSL I/O stream */ @@ -219,11 +219,13 @@ static char *ssl_start_work (SSLSTREAM * (sslclientkey_t) mail_parameters (NIL,GET_SSLCLIENTKEY,NIL); if (ssl_last_error) fs_give ((void **) &ssl_last_error); ssl_last_host = host; - if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ? - TLSv1_client_method () : - SSLv23_client_method ()))) + if (!(stream->context = SSL_CTX_new (SSLv23_client_method ()))) return "SSL context failed"; - SSL_CTX_set_options (stream->context,0); +#ifdef SSL_CTX_set_min_proto_version + SSL_CTX_set_min_proto_version(stream->context, TLS1_VERSION); +#else + SSL_CTX_set_options (stream->context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); +#endif /* disable certificate validation? */ if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); @@ -702,13 +704,22 @@ void ssl_server_init (char *server) if (stat (key,&sbuf)) strcpy (key,cert); } /* create context */ - if (!(stream->context = SSL_CTX_new (start_tls ? - TLSv1_server_method () : - SSLv23_server_method ()))) + if (!(stream->context = SSL_CTX_new (SSLv23_server_method ()))) syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s", tcp_clienthost ()); else { /* set context options */ - SSL_CTX_set_options (stream->context,SSL_OP_ALL); + SSL_CTX_set_options (stream->context, SSL_OP_ALL); +#if defined(SSL_CTX_set_min_proto_version) + SSL_CTX_set_min_proto_version(stream->context, TLS1_VERSION); +#else + SSL_CTX_set_options (stream->context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); +#endif +#if defined(SSL_CTX_set_dh_auto) + SSL_CTX_set_dh_auto(stream->context, 1); +#endif +#if defined(SSL_CTX_set_ecdh_auto) + SSL_CTX_set_ecdh_auto(stream->context, 1); +#endif /* set cipher list */ if (!SSL_CTX_set_cipher_list (stream->context,SSLCIPHERLIST)) syslog (LOG_ALERT,"Unable to set cipher list %.80s, host=%.80s",
participants (1)
-
root@hilbert.suse.de