From d3cd99830a8554e8f9b4df314210cef82ef69376 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 27 Mar 2018 20:53:31 +0100 Subject: [PATCH] fetchmail: Permit building without SSLv3 Signed-off-by: Michael Tremer --- lfs/fetchmail | 4 +- ...ail-6.3.26-permit-build-without-ssl3.patch | 62 +++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch diff --git a/lfs/fetchmail b/lfs/fetchmail index 33a46b6d37..7386e8feee 100644 --- a/lfs/fetchmail +++ b/lfs/fetchmail @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = fetchmail -PAK_VER = 8 +PAK_VER = 9 DEPS = "" @@ -77,6 +77,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch + cd $(DIR_APP) && ./configure \ --prefix=/usr \ --with-ssl \ diff --git a/src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch b/src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch new file mode 100644 index 0000000000..5f8b2772a8 --- /dev/null +++ b/src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch @@ -0,0 +1,62 @@ +From a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc Mon Sep 17 00:00:00 2001 +From: Matthias Andree +Date: Fri, 16 Jan 2015 20:48:46 +0100 +Subject: [PATCH] Permit build on SSLv3-disabled OpenSSL, + +providing that these also omit the declaration of SSLv3_client_method(). +Related to Debian Bug#775255. +Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method(). +Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method(). + +diff --git a/configure.ac b/configure.ac +index bdcbb20..9248b26 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -803,6 +803,7 @@ fi + + case "$LIBS" in *-lssl*) + AC_CHECK_DECLS([SSLv2_client_method],,,[#include ]) ++ AC_CHECK_DECLS([SSLv3_client_method],,,[#include ]) + ;; + esac + +diff --git a/fetchmail.c b/fetchmail.c +index 5f31d6e..be0e9ab 100644 +--- a/fetchmail.c ++++ b/fetchmail.c +@@ -263,6 +263,12 @@ int main(int argc, char **argv) + #ifdef SSL_ENABLE + "+SSL" + #endif ++#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0 ++ "-SSLv2" ++#endif ++#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0 ++ "-SSLv3" ++#endif + #ifdef OPIE_ENABLE + "+OPIE" + #endif /* OPIE_ENABLE */ + +diff --git a/socket.c b/socket.c +index 58a8e15..91a21c2 100644 +--- a/socket.c ++++ b/socket.c +@@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck + #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 + _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); + #else +- report(stderr, GT_("Your operating system does not support SSLv2.\n")); ++ report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n")); + return -1; + #endif + } else if(!strcasecmp("ssl3",myproto)) { ++#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0 + _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); ++#else ++ report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); ++ return -1; ++#endif + } else if(!strcasecmp("tls1",myproto)) { + _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); + } else if (!strcasecmp("ssl23",myproto)) { -- 2.39.2