webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

fetchmail: Permit building without SSLv3

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2018-03-27 20:53:31 +01:00
parent 76f422025f
commit d3cd99830a
2 changed files with 65 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lfs/fetchmail
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = fetchmail
PAK_VER = 8
PAK_VER = 9
DEPS = ""
@@ -77,6 +77,8 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--with-ssl \

62
src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch Normal file
View File

@@ -0,0 +1,62 @@
From a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 16 Jan 2015 20:48:46 +0100
Subject: [PATCH] Permit build on SSLv3-disabled OpenSSL,
providing that these also omit the declaration of SSLv3_client_method().
Related to Debian Bug#775255.
Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method().
Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
diff --git a/configure.ac b/configure.ac
index bdcbb20..9248b26 100644
--- a/configure.ac
+++ b/configure.ac
@@ -803,6 +803,7 @@ fi
case "$LIBS" in *-lssl*)
AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
+ AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
;;
esac
diff --git a/fetchmail.c b/fetchmail.c
index 5f31d6e..be0e9ab 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -263,6 +263,12 @@ int main(int argc, char **argv)
#ifdef SSL_ENABLE
"+SSL"
#endif
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
+ "-SSLv2"
+#endif
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
+ "-SSLv3"
+#endif
#ifdef OPIE_ENABLE
"+OPIE"
#endif /* OPIE_ENABLE */
diff --git a/socket.c b/socket.c
index 58a8e15..91a21c2 100644
--- a/socket.c
+++ b/socket.c
@@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
#else
- report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+ report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
return -1;
#endif
} else if(!strcasecmp("ssl3",myproto)) {
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
+#else
+ report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
+ return -1;
+#endif
} else if(!strcasecmp("tls1",myproto)) {
_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
} else if (!strcasecmp("ssl23",myproto)) {