From: "Böszörményi Zoltán" <zboszor@gmail.com>
To: Khem Raj <raj.khem@gmail.com>
Cc: openembedded-devel@lists.openembedded.org
Subject: Re: [oe] [meta-oe][PATCH] uw-imap: Add a patch to support newer than TLSv1.0
Date: Thu, 9 May 2024 08:55:59 +0200 [thread overview]
Message-ID: <7606b07a-2501-4a4c-9c46-731d45fe081c@gmail.com> (raw)
In-Reply-To: <17CDBE76878542B7.5110@lists.openembedded.org>
2024. 05. 09. 8:34 keltezéssel, Zoltan Boszormenyi via lists.openembedded.org írta:
> 2024. 05. 09. 8:12 keltezéssel, Khem Raj írta:
>> On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via
>> lists.openembedded.org <zboszor=gmail.com@lists.openembedded.org>
>> wrote:
>>> The patch 0001-Support-OpenSSL-1.1.patch enabled building
>>> uw-imap against OpenSSL 1.1.0 or later.
>>>
>>> However, TLSv1_client_method() and TLSv1_server_method()
>>> restricts uw-imap to TLSv1.0.
>>>
>>> These APIs, along with explicitly versioned APIs like
>>> TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated
>>> in OpenSSL 1.1.0 or later. The replacements are unversioned
>>> API functions: TLS_client_method() and TLS_server_method()
>>> which support TLS version autonegotiation.
>>>
>>> This allows the PHP IMAP extension to work with IMAP servers
>>> that enforce TLSv1.2 or higher.
>>>
>>> Fixes: https://bugs.php.net/bug.php?id=76928
>>> Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
>>> ---
>>> .../uw-imap/uw-imap/uw-imap-newer-tls.patch | 29 +++++++++++++++++++
>>> .../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 +
>>> 2 files changed, 30 insertions(+)
>>> create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>>>
>>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>>> b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>>> new file mode 100644
>>> index 000000000..958abc90f
>>> --- /dev/null
>>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>>> @@ -0,0 +1,29 @@
>>> +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
>>> +Upstream-Status: Pending
>>> +
>> I think it will be good to submit this patch upstream to uw as well,
>
> Is upstream maintained?
>
> The complaints at https://bugs.php.net/bug.php?id=76928 indicate that it's not and the
> situation of forks is a mess. For one, the seemingly most uptodate fork at
> https://repo.or.cz/alpine.git contains changes that break building the PHP IMAP extension.
Not sure how "upstream" https://github.com/uw-imap/imap is
(https://en.wikipedia.org/wiki/UW_IMAP mentions it)
but the patch is now submitted there.
Thanks.
>>
>>> +--- imap-2007f/src/osdep/unix/ssl_unix.c.old 2024-05-08 09:41:06.183450584 +0200
>>> ++++ imap-2007f/src/osdep/unix/ssl_unix.c 2024-05-08 09:43:38.512931933 +0200
>>> +@@ -220,7 +220,11 @@
>>> + if (ssl_last_error) fs_give ((void **) &ssl_last_error);
>>> + ssl_last_host = host;
>>> + if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
>>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
>>> ++ TLS_client_method () :
>>> ++#else
>>> + TLSv1_client_method () :
>>> ++#endif
>>> + SSLv23_client_method ())))
>>> + return "SSL context failed";
>>> + SSL_CTX_set_options (stream->context,0);
>>> +@@ -703,7 +707,11 @@
>>> + }
>>> + /* create context */
>>> + if (!(stream->context = SSL_CTX_new (start_tls ?
>>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
>>> ++ TLS_server_method () :
>>> ++#else
>>> + TLSv1_server_method () :
>>> ++#endif
>>> + SSLv23_server_method ())))
>>> + syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
>>> + tcp_clienthost ());
>>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>>> b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>>> index dcb59f4ea..17faa3aa6 100644
>>> --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>>> @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
>>> file://0001-Do-not-build-mtest.patch \
>>> file://0002-tmail-Include-ctype.h-for-isdigit.patch \
>>> file://0001-Fix-Wincompatible-function-pointer-types.patch \
>>> + file://uw-imap-newer-tls.patch \
>>> "
>>>
>>> SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
>>> --
>>> 2.45.0
>>>
>>>
>>>
>>>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#110284): https://lists.openembedded.org/g/openembedded-devel/message/110284
> Mute This Topic: https://lists.openembedded.org/mt/105996685/3617728
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [zboszor@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
prev parent reply other threads:[~2024-05-09 6:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 6:07 [meta-oe][PATCH] uw-imap: Add a patch to support newer than TLSv1.0 Zoltán Böszörményi
2024-05-09 6:12 ` [oe] " Khem Raj
2024-05-09 6:34 ` Böszörményi Zoltán
[not found] ` <17CDBE76878542B7.5110@lists.openembedded.org>
2024-05-09 6:55 ` Böszörményi Zoltán [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7606b07a-2501-4a4c-9c46-731d45fe081c@gmail.com \
--to=zboszor@gmail.com \
--cc=openembedded-devel@lists.openembedded.org \
--cc=raj.khem@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).