From: "Böszörményi Zoltán" <zboszor@gmail.com>
To: Khem Raj <raj.khem@gmail.com>
Cc: openembedded-devel@lists.openembedded.org
Subject: Re: [oe] [meta-oe][PATCH] uw-imap: Add a patch to support newer than TLSv1.0
Date: Thu, 9 May 2024 08:34:06 +0200 [thread overview]
Message-ID: <ec88ae58-e93e-4277-8e5f-78b2b00a39e7@gmail.com> (raw)
In-Reply-To: <CAMKF1soh_kJQe=_cVp3uDK0shNq49WBbbsXrf_FS8TUvcW54sQ@mail.gmail.com>
2024. 05. 09. 8:12 keltezéssel, Khem Raj írta:
> On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via
> lists.openembedded.org <zboszor=gmail.com@lists.openembedded.org>
> wrote:
>> The patch 0001-Support-OpenSSL-1.1.patch enabled building
>> uw-imap against OpenSSL 1.1.0 or later.
>>
>> However, TLSv1_client_method() and TLSv1_server_method()
>> restricts uw-imap to TLSv1.0.
>>
>> These APIs, along with explicitly versioned APIs like
>> TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated
>> in OpenSSL 1.1.0 or later. The replacements are unversioned
>> API functions: TLS_client_method() and TLS_server_method()
>> which support TLS version autonegotiation.
>>
>> This allows the PHP IMAP extension to work with IMAP servers
>> that enforce TLSv1.2 or higher.
>>
>> Fixes: https://bugs.php.net/bug.php?id=76928
>> Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
>> ---
>> .../uw-imap/uw-imap/uw-imap-newer-tls.patch | 29 +++++++++++++++++++
>> .../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 +
>> 2 files changed, 30 insertions(+)
>> create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>>
>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>> new file mode 100644
>> index 000000000..958abc90f
>> --- /dev/null
>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>> @@ -0,0 +1,29 @@
>> +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
>> +Upstream-Status: Pending
>> +
> I think it will be good to submit this patch upstream to uw as well,
Is upstream maintained?
The complaints at https://bugs.php.net/bug.php?id=76928 indicate that it's not and the
situation of forks is a mess. For one, the seemingly most uptodate fork at
https://repo.or.cz/alpine.git contains changes that break building the PHP IMAP extension.
>
>> +--- imap-2007f/src/osdep/unix/ssl_unix.c.old 2024-05-08 09:41:06.183450584 +0200
>> ++++ imap-2007f/src/osdep/unix/ssl_unix.c 2024-05-08 09:43:38.512931933 +0200
>> +@@ -220,7 +220,11 @@
>> + if (ssl_last_error) fs_give ((void **) &ssl_last_error);
>> + ssl_last_host = host;
>> + if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
>> ++ TLS_client_method () :
>> ++#else
>> + TLSv1_client_method () :
>> ++#endif
>> + SSLv23_client_method ())))
>> + return "SSL context failed";
>> + SSL_CTX_set_options (stream->context,0);
>> +@@ -703,7 +707,11 @@
>> + }
>> + /* create context */
>> + if (!(stream->context = SSL_CTX_new (start_tls ?
>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
>> ++ TLS_server_method () :
>> ++#else
>> + TLSv1_server_method () :
>> ++#endif
>> + SSLv23_server_method ())))
>> + syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
>> + tcp_clienthost ());
>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>> index dcb59f4ea..17faa3aa6 100644
>> --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>> @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
>> file://0001-Do-not-build-mtest.patch \
>> file://0002-tmail-Include-ctype.h-for-isdigit.patch \
>> file://0001-Fix-Wincompatible-function-pointer-types.patch \
>> + file://uw-imap-newer-tls.patch \
>> "
>>
>> SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
>> --
>> 2.45.0
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#110281): https://lists.openembedded.org/g/openembedded-devel/message/110281
>> Mute This Topic: https://lists.openembedded.org/mt/105996685/1997914
>> Group Owner: openembedded-devel+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
next prev parent reply other threads:[~2024-05-09 6:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 6:07 [meta-oe][PATCH] uw-imap: Add a patch to support newer than TLSv1.0 Zoltán Böszörményi
2024-05-09 6:12 ` [oe] " Khem Raj
2024-05-09 6:34 ` Böszörményi Zoltán [this message]
[not found] ` <17CDBE76878542B7.5110@lists.openembedded.org>
2024-05-09 6:55 ` Böszörményi Zoltán
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ec88ae58-e93e-4277-8e5f-78b2b00a39e7@gmail.com \
--to=zboszor@gmail.com \
--cc=openembedded-devel@lists.openembedded.org \
--cc=raj.khem@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.