[meta-oe][PATCH] uw-imap: Add a patch to support newer than TLSv1.0

[meta-oe][PATCH] uw-imap: Add a patch to support newer than TLSv1.0

[Zoltán Böszörményi]

The patch 0001-Support-OpenSSL-1.1.patch enabled building
uw-imap against OpenSSL 1.1.0 or later.

However, TLSv1_client_method() and TLSv1_server_method()
restricts uw-imap to TLSv1.0.

These APIs, along with explicitly versioned APIs like
TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated
in OpenSSL 1.1.0 or later. The replacements are unversioned
API functions: TLS_client_method() and TLS_server_method()
which support TLS version autonegotiation.

This allows the PHP IMAP extension to work with IMAP servers
that enforce TLSv1.2 or higher.

Fixes: https://bugs.php.net/bug.php?id=76928
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
---
 .../uw-imap/uw-imap/uw-imap-newer-tls.patch   | 29 +++++++++++++++++++
 .../recipes-devtools/uw-imap/uw-imap_2007f.bb |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch

diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
new file mode 100644
index 000000000..958abc90f
--- /dev/null
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
@@ -0,0 +1,29 @@
+Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
+Upstream-Status: Pending
+
+--- imap-2007f/src/osdep/unix/ssl_unix.c.old	2024-05-08 09:41:06.183450584 +0200
++++ imap-2007f/src/osdep/unix/ssl_unix.c	2024-05-08 09:43:38.512931933 +0200
+@@ -220,7 +220,11 @@
+   if (ssl_last_error) fs_give ((void **) &ssl_last_error);
+   ssl_last_host = host;
+   if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++				       TLS_client_method () :
++#else
+ 				       TLSv1_client_method () :
++#endif
+ 				       SSLv23_client_method ())))
+     return "SSL context failed";
+   SSL_CTX_set_options (stream->context,0);
+@@ -703,7 +707,11 @@
+   }
+ 				/* create context */
+   if (!(stream->context = SSL_CTX_new (start_tls ?
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++				       TLS_server_method () :
++#else
+ 				       TLSv1_server_method () :
++#endif
+ 				       SSLv23_server_method ())))
+     syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
+ 	    tcp_clienthost ());
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
index dcb59f4ea..17faa3aa6 100644
--- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
            file://0001-Do-not-build-mtest.patch \
            file://0002-tmail-Include-ctype.h-for-isdigit.patch \
            file://0001-Fix-Wincompatible-function-pointer-types.patch \
+           file://uw-imap-newer-tls.patch \
            "
 
 SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
-- 
2.45.0

Re: [oe] [meta-oe][PATCH] uw-imap: Add a patch to support newer than TLSv1.0

[Khem Raj]

On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via
lists.openembedded.org <zboszor=gmail.com@lists.openembedded.org>
wrote:
>
> The patch 0001-Support-OpenSSL-1.1.patch enabled building
> uw-imap against OpenSSL 1.1.0 or later.
>
> However, TLSv1_client_method() and TLSv1_server_method()
> restricts uw-imap to TLSv1.0.
>
> These APIs, along with explicitly versioned APIs like
> TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated
> in OpenSSL 1.1.0 or later. The replacements are unversioned
> API functions: TLS_client_method() and TLS_server_method()
> which support TLS version autonegotiation.
>
> This allows the PHP IMAP extension to work with IMAP servers
> that enforce TLSv1.2 or higher.
>
> Fixes: https://bugs.php.net/bug.php?id=76928
> Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
> ---
>  .../uw-imap/uw-imap/uw-imap-newer-tls.patch   | 29 +++++++++++++++++++
>  .../recipes-devtools/uw-imap/uw-imap_2007f.bb |  1 +
>  2 files changed, 30 insertions(+)
>  create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>
> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
> new file mode 100644
> index 000000000..958abc90f
> --- /dev/null
> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
> @@ -0,0 +1,29 @@
> +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
> +Upstream-Status: Pending
> +

I think it will be good to submit this patch upstream to uw as well,

> +--- imap-2007f/src/osdep/unix/ssl_unix.c.old   2024-05-08 09:41:06.183450584 +0200
> ++++ imap-2007f/src/osdep/unix/ssl_unix.c       2024-05-08 09:43:38.512931933 +0200
> +@@ -220,7 +220,11 @@
> +   if (ssl_last_error) fs_give ((void **) &ssl_last_error);
> +   ssl_last_host = host;
> +   if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
> ++                                     TLS_client_method () :
> ++#else
> +                                      TLSv1_client_method () :
> ++#endif
> +                                      SSLv23_client_method ())))
> +     return "SSL context failed";
> +   SSL_CTX_set_options (stream->context,0);
> +@@ -703,7 +707,11 @@
> +   }
> +                               /* create context */
> +   if (!(stream->context = SSL_CTX_new (start_tls ?
> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
> ++                                     TLS_server_method () :
> ++#else
> +                                      TLSv1_server_method () :
> ++#endif
> +                                      SSLv23_server_method ())))
> +     syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
> +           tcp_clienthost ());
> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
> index dcb59f4ea..17faa3aa6 100644
> --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
> @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
>             file://0001-Do-not-build-mtest.patch \
>             file://0002-tmail-Include-ctype.h-for-isdigit.patch \
>             file://0001-Fix-Wincompatible-function-pointer-types.patch \
> +           file://uw-imap-newer-tls.patch \
>             "
>
>  SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
> --
> 2.45.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#110281): https://lists.openembedded.org/g/openembedded-devel/message/110281
> Mute This Topic: https://lists.openembedded.org/mt/105996685/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [oe] [meta-oe][PATCH] uw-imap: Add a patch to support newer than TLSv1.0

[Böszörményi Zoltán]

2024. 05. 09. 8:12 keltezéssel, Khem Raj írta:
> On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via
> lists.openembedded.org <zboszor=gmail.com@lists.openembedded.org>
> wrote:
>> The patch 0001-Support-OpenSSL-1.1.patch enabled building
>> uw-imap against OpenSSL 1.1.0 or later.
>>
>> However, TLSv1_client_method() and TLSv1_server_method()
>> restricts uw-imap to TLSv1.0.
>>
>> These APIs, along with explicitly versioned APIs like
>> TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated
>> in OpenSSL 1.1.0 or later. The replacements are unversioned
>> API functions: TLS_client_method() and TLS_server_method()
>> which support TLS version autonegotiation.
>>
>> This allows the PHP IMAP extension to work with IMAP servers
>> that enforce TLSv1.2 or higher.
>>
>> Fixes: https://bugs.php.net/bug.php?id=76928
>> Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
>> ---
>>   .../uw-imap/uw-imap/uw-imap-newer-tls.patch   | 29 +++++++++++++++++++
>>   .../recipes-devtools/uw-imap/uw-imap_2007f.bb |  1 +
>>   2 files changed, 30 insertions(+)
>>   create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>>
>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>> new file mode 100644
>> index 000000000..958abc90f
>> --- /dev/null
>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>> @@ -0,0 +1,29 @@
>> +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
>> +Upstream-Status: Pending
>> +
> I think it will be good to submit this patch upstream to uw as well,

Is upstream maintained?

The complaints at https://bugs.php.net/bug.php?id=76928 indicate that it's not and the 
situation of forks is a mess. For one, the seemingly most uptodate fork at 
https://repo.or.cz/alpine.git contains changes that break building the PHP IMAP extension.
>
>> +--- imap-2007f/src/osdep/unix/ssl_unix.c.old   2024-05-08 09:41:06.183450584 +0200
>> ++++ imap-2007f/src/osdep/unix/ssl_unix.c       2024-05-08 09:43:38.512931933 +0200
>> +@@ -220,7 +220,11 @@
>> +   if (ssl_last_error) fs_give ((void **) &ssl_last_error);
>> +   ssl_last_host = host;
>> +   if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
>> ++                                     TLS_client_method () :
>> ++#else
>> +                                      TLSv1_client_method () :
>> ++#endif
>> +                                      SSLv23_client_method ())))
>> +     return "SSL context failed";
>> +   SSL_CTX_set_options (stream->context,0);
>> +@@ -703,7 +707,11 @@
>> +   }
>> +                               /* create context */
>> +   if (!(stream->context = SSL_CTX_new (start_tls ?
>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
>> ++                                     TLS_server_method () :
>> ++#else
>> +                                      TLSv1_server_method () :
>> ++#endif
>> +                                      SSLv23_server_method ())))
>> +     syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
>> +           tcp_clienthost ());
>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>> index dcb59f4ea..17faa3aa6 100644
>> --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>> @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
>>              file://0001-Do-not-build-mtest.patch \
>>              file://0002-tmail-Include-ctype.h-for-isdigit.patch \
>>              file://0001-Fix-Wincompatible-function-pointer-types.patch \
>> +           file://uw-imap-newer-tls.patch \
>>              "
>>
>>   SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
>> --
>> 2.45.0
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#110281): https://lists.openembedded.org/g/openembedded-devel/message/110281
>> Mute This Topic: https://lists.openembedded.org/mt/105996685/1997914
>> Group Owner: openembedded-devel+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>

Re: [oe] [meta-oe][PATCH] uw-imap: Add a patch to support newer than TLSv1.0

[Böszörményi Zoltán]

2024. 05. 09. 8:34 keltezéssel, Zoltan Boszormenyi via lists.openembedded.org írta:
> 2024. 05. 09. 8:12 keltezéssel, Khem Raj írta:
>> On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via
>> lists.openembedded.org <zboszor=gmail.com@lists.openembedded.org>
>> wrote:
>>> The patch 0001-Support-OpenSSL-1.1.patch enabled building
>>> uw-imap against OpenSSL 1.1.0 or later.
>>>
>>> However, TLSv1_client_method() and TLSv1_server_method()
>>> restricts uw-imap to TLSv1.0.
>>>
>>> These APIs, along with explicitly versioned APIs like
>>> TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated
>>> in OpenSSL 1.1.0 or later. The replacements are unversioned
>>> API functions: TLS_client_method() and TLS_server_method()
>>> which support TLS version autonegotiation.
>>>
>>> This allows the PHP IMAP extension to work with IMAP servers
>>> that enforce TLSv1.2 or higher.
>>>
>>> Fixes: https://bugs.php.net/bug.php?id=76928
>>> Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
>>> ---
>>>   .../uw-imap/uw-imap/uw-imap-newer-tls.patch   | 29 +++++++++++++++++++
>>>   .../recipes-devtools/uw-imap/uw-imap_2007f.bb |  1 +
>>>   2 files changed, 30 insertions(+)
>>>   create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>>>
>>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch 
>>> b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>>> new file mode 100644
>>> index 000000000..958abc90f
>>> --- /dev/null
>>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
>>> @@ -0,0 +1,29 @@
>>> +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
>>> +Upstream-Status: Pending
>>> +
>> I think it will be good to submit this patch upstream to uw as well,
>
> Is upstream maintained?
>
> The complaints at https://bugs.php.net/bug.php?id=76928 indicate that it's not and the 
> situation of forks is a mess. For one, the seemingly most uptodate fork at 
> https://repo.or.cz/alpine.git contains changes that break building the PHP IMAP extension.

Not sure how "upstream" https://github.com/uw-imap/imap is
(https://en.wikipedia.org/wiki/UW_IMAP mentions it)
but the patch is now submitted there.

Thanks.

>>
>>> +--- imap-2007f/src/osdep/unix/ssl_unix.c.old   2024-05-08 09:41:06.183450584 +0200
>>> ++++ imap-2007f/src/osdep/unix/ssl_unix.c       2024-05-08 09:43:38.512931933 +0200
>>> +@@ -220,7 +220,11 @@
>>> +   if (ssl_last_error) fs_give ((void **) &ssl_last_error);
>>> +   ssl_last_host = host;
>>> +   if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
>>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
>>> ++                                     TLS_client_method () :
>>> ++#else
>>> +                                      TLSv1_client_method () :
>>> ++#endif
>>> +                                      SSLv23_client_method ())))
>>> +     return "SSL context failed";
>>> +   SSL_CTX_set_options (stream->context,0);
>>> +@@ -703,7 +707,11 @@
>>> +   }
>>> +                               /* create context */
>>> +   if (!(stream->context = SSL_CTX_new (start_tls ?
>>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
>>> ++                                     TLS_server_method () :
>>> ++#else
>>> +                                      TLSv1_server_method () :
>>> ++#endif
>>> +                                      SSLv23_server_method ())))
>>> +     syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
>>> +           tcp_clienthost ());
>>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb 
>>> b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>>> index dcb59f4ea..17faa3aa6 100644
>>> --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
>>> @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
>>>              file://0001-Do-not-build-mtest.patch \
>>> file://0002-tmail-Include-ctype.h-for-isdigit.patch \
>>> file://0001-Fix-Wincompatible-function-pointer-types.patch \
>>> +           file://uw-imap-newer-tls.patch \
>>>              "
>>>
>>>   SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
>>> -- 
>>> 2.45.0
>>>
>>>
>>>
>>>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#110284): https://lists.openembedded.org/g/openembedded-devel/message/110284
> Mute This Topic: https://lists.openembedded.org/mt/105996685/3617728
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [zboszor@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>