fetchmail: Permit building without SSLv3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/fetchmail b/lfs/fetchmail
index 33a46b6d3720e4bd6ee7730caeaef4c0cd28cedb..7386e8feee64301d85c689e912cfa88375fbfcd0 100644 (file)
--- a/lfs/fetchmail
+++ b/lfs/fetchmail
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = fetchmail
-PAK_VER    = 8
+PAK_VER    = 9
 
 DEPS       = ""
 
@@ -77,6 +77,8 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch
+
        cd $(DIR_APP) && ./configure \
                --prefix=/usr \
                --with-ssl \

diff --git a/src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch b/src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch
new file mode 100644 (file)
index 0000000..5f8b277
--- /dev/null
+++ b/src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch
@@ -0,0 +1,62 @@
+From a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc Mon Sep 17 00:00:00 2001
+From: Matthias Andree <matthias.andree@gmx.de>
+Date: Fri, 16 Jan 2015 20:48:46 +0100
+Subject: [PATCH] Permit build on SSLv3-disabled OpenSSL,
+
+providing that these also omit the declaration of SSLv3_client_method().
+Related to Debian Bug#775255.
+Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method().
+Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
+
+diff --git a/configure.ac b/configure.ac
+index bdcbb20..9248b26 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -803,6 +803,7 @@ fi
+ 
+ case "$LIBS" in *-lssl*)
+       AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
++      AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
+       ;;
+ esac
+ 
+diff --git a/fetchmail.c b/fetchmail.c
+index 5f31d6e..be0e9ab 100644
+--- a/fetchmail.c
++++ b/fetchmail.c
+@@ -263,6 +263,12 @@ int main(int argc, char **argv)
+ #ifdef SSL_ENABLE
+       "+SSL"
+ #endif
++#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
++      "-SSLv2"
++#endif
++#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
++      "-SSLv3"
++#endif
+ #ifdef OPIE_ENABLE
+       "+OPIE"
+ #endif /* OPIE_ENABLE */
+
+diff --git a/socket.c b/socket.c
+index 58a8e15..91a21c2 100644
+--- a/socket.c
++++ b/socket.c
+@@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
+ #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
+                       _ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+ #else
+-                      report(stderr, GT_("Your operating system does not support SSLv2.\n"));
++                      report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
+                       return -1;
+ #endif
+               } else if(!strcasecmp("ssl3",myproto)) {
++#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
+                       _ctx[sock] = SSL_CTX_new(SSLv3_client_method());
++#else
++                      report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
++                      return -1;
++#endif
+               } else if(!strcasecmp("tls1",myproto)) {
+                       _ctx[sock] = SSL_CTX_new(TLSv1_client_method());
+               } else if (!strcasecmp("ssl23",myproto)) {