Hello community,
here is the log from the commit of package imap for openSUSE:Factory checked in
at 2016-03-01 09:38:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/imap (Old)
and /work/SRC/openSUSE:Factory/.imap.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "imap"
Changes:
--------
--- /work/SRC/openSUSE:Factory/imap/imap.changes 2014-01-15
19:35:39.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.imap.new/imap.changes 2016-03-01
09:38:34.000000000 +0100
@@ -1,0 +2,5 @@
+Sat Feb 13 13:06:16 UTC 2016 - crrodrig...@opensuse.org
+
+- imap-openssl.patch: Support TLS 1.2 and ECDH ciphersuites.
+
+-------------------------------------------------------------------
New:
----
imap-openssl.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ imap.spec ++++++
--- /var/tmp/diff_new_pack.BPW6kg/_old 2016-03-01 09:38:35.000000000 +0100
+++ /var/tmp/diff_new_pack.BPW6kg/_new 2016-03-01 09:38:35.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package imap
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -43,6 +43,7 @@
Patch5: %{name}-2007e-c++.patch
#Patch6: %{name}-2006c1.diff
Patch6: %{name}-2007e.patch
+Patch7: imap-openssl.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: bash /bin/echo /bin/mv
BuildRequires: openssl-devel
@@ -105,6 +106,7 @@
%patch4
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
export CFLAGS="$RPM_OPT_FLAGS -DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing
-fstack-protector"
++++++ imap-openssl.patch ++++++
--- imap-2007e.orig/src/osdep/unix/ssl_unix.c
+++ imap-2007e/src/osdep/unix/ssl_unix.c
@@ -38,7 +38,7 @@
#undef crypt
#define SSLBUFLEN 8192
-#define SSLCIPHERLIST "ALL:!LOW"
+#define SSLCIPHERLIST "DEFAULT"
/* SSL I/O stream */
@@ -219,11 +219,13 @@ static char *ssl_start_work (SSLSTREAM *
(sslclientkey_t) mail_parameters (NIL,GET_SSLCLIENTKEY,NIL);
if (ssl_last_error) fs_give ((void **) &ssl_last_error);
ssl_last_host = host;
- if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
- TLSv1_client_method () :
- SSLv23_client_method ())))
+ if (!(stream->context = SSL_CTX_new (SSLv23_client_method ())))
return "SSL context failed";
- SSL_CTX_set_options (stream->context,0);
+#ifdef SSL_CTX_set_min_proto_version
+ SSL_CTX_set_min_proto_version(stream->context, TLS1_VERSION);
+#else
+ SSL_CTX_set_options (stream->context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+#endif
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
@@ -702,13 +704,22 @@ void ssl_server_init (char *server)
if (stat (key,&sbuf)) strcpy (key,cert);
}
/* create context */
- if (!(stream->context = SSL_CTX_new (start_tls ?
- TLSv1_server_method () :
- SSLv23_server_method ())))
+ if (!(stream->context = SSL_CTX_new (SSLv23_server_method ())))
syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
tcp_clienthost ());
else { /* set context options */
- SSL_CTX_set_options (stream->context,SSL_OP_ALL);
+ SSL_CTX_set_options (stream->context, SSL_OP_ALL);
+#if defined(SSL_CTX_set_min_proto_version)
+ SSL_CTX_set_min_proto_version(stream->context, TLS1_VERSION);
+#else
+ SSL_CTX_set_options (stream->context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+#endif
+#if defined(SSL_CTX_set_dh_auto)
+ SSL_CTX_set_dh_auto(stream->context, 1);
+#endif
+#if defined(SSL_CTX_set_ecdh_auto)
+ SSL_CTX_set_ecdh_auto(stream->context, 1);
+#endif
/* set cipher list */
if (!SSL_CTX_set_cipher_list (stream->context,SSLCIPHERLIST))
syslog (LOG_ALERT,"Unable to set cipher list %.80s, host=%.80s",
