From ea51a609d99a5dc7e49d4ddc16592282213a3a25 Mon Sep 17 00:00:00 2001 From: joerg Date: Sat, 26 Mar 2016 23:52:37 +0000 Subject: [PATCH] Drop support for SSLv2. Bump revision. --- mail/qpopper/Makefile | 4 +-- mail/qpopper/distinfo | 4 ++- .../patches/patch-popper_pop__config.c | 16 +++++++++++ .../patches/patch-popper_pop__tls__openssl.c | 27 +++++++++++++++++++ 4 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 mail/qpopper/patches/patch-popper_pop__config.c create mode 100644 mail/qpopper/patches/patch-popper_pop__tls__openssl.c diff --git a/mail/qpopper/Makefile b/mail/qpopper/Makefile index e2521ba1dcf6..3bafa670c6dc 100644 --- a/mail/qpopper/Makefile +++ b/mail/qpopper/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.68 2016/03/05 11:28:50 jperkin Exp $ +# $NetBSD: Makefile,v 1.69 2016/03/26 23:52:37 joerg Exp $ # DISTNAME= qpopper${VERSION} PKGNAME= qpopper-${VERSION} -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= mail MASTER_SITES= ${QPOPPER_MASTER_SITES} diff --git a/mail/qpopper/distinfo b/mail/qpopper/distinfo index 80f9208e048d..50b2e15ca87a 100644 --- a/mail/qpopper/distinfo +++ b/mail/qpopper/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.19 2015/11/03 23:27:18 agc Exp $ +$NetBSD: distinfo,v 1.20 2016/03/26 23:52:37 joerg Exp $ SHA1 (qpopper4.1.0.tar.gz) = 7806c230cb2b87d131c356de6ce85160650b5aea RMD160 (qpopper4.1.0.tar.gz) = 5254dd252739b2465795a0161bc2fed82adffbcc @@ -14,3 +14,5 @@ SHA1 (patch-ag) = 401408f7c6150ec41cecb85d166e7e338b9a9e5f SHA1 (patch-al) = 93d3c6cc3deee57c707abeb131febbd057a1ef57 SHA1 (patch-am) = 05cc53a56205d4db8bb7914437e788117d58b212 SHA1 (patch-ap) = 1a9df8496a0190fc56db04630b415b04ba125a21 +SHA1 (patch-popper_pop__config.c) = 504b98bf5d4ee93d8530f68a1f4ea813b46b5c92 +SHA1 (patch-popper_pop__tls__openssl.c) = 7de9032306df0993c3455bf3a64a9e4cc4da4058 diff --git a/mail/qpopper/patches/patch-popper_pop__config.c b/mail/qpopper/patches/patch-popper_pop__config.c new file mode 100644 index 000000000000..a07081e60eed --- /dev/null +++ b/mail/qpopper/patches/patch-popper_pop__config.c @@ -0,0 +1,16 @@ +$NetBSD: patch-popper_pop__config.c,v 1.1 2016/03/26 23:52:37 joerg Exp $ + +Remove SSLv2 support. + +--- popper/pop_config.c.orig 2016-03-26 21:49:03.159886179 +0000 ++++ popper/pop_config.c +@@ -433,7 +433,9 @@ static mnemonic_map mnem_map_tls_sup [] + static mnemonic_map mnem_map_tls_vers [] = + { + { "default" , QPOP_TLSvDEFAULT }, ++#if 0 + { "SSLv2" , QPOP_SSLv2 }, ++#endif + { "SSLv3" , QPOP_SSLv3 }, + { "TLSv1" , QPOP_TLSv1 }, + { "SSLv23" , QPOP_SSLv23 }, diff --git a/mail/qpopper/patches/patch-popper_pop__tls__openssl.c b/mail/qpopper/patches/patch-popper_pop__tls__openssl.c new file mode 100644 index 000000000000..5805b7513e97 --- /dev/null +++ b/mail/qpopper/patches/patch-popper_pop__tls__openssl.c @@ -0,0 +1,27 @@ +$NetBSD: patch-popper_pop__tls__openssl.c,v 1.1 2016/03/26 23:52:37 joerg Exp $ + +Disable SSLv2. + +--- popper/pop_tls_openssl.c.orig 2016-03-26 21:49:05.471963098 +0000 ++++ popper/pop_tls_openssl.c +@@ -318,10 +318,12 @@ openssl_init ( pop_tls *pTLS, POP *pPOP + pTLS->m_OpenSSLmeth = SSLv23_server_method(); + break; + ++#if 0 + case QPOP_SSLv2: /* SSL version 2 only */ + DEBUG_LOG0 ( pPOP, "...setting method to SSLv2_server_method" ); + pTLS->m_OpenSSLmeth = SSLv2_server_method(); + break; ++#endif + + case QPOP_SSLv3: /* SSL version 3 only */ + DEBUG_LOG0 ( pPOP, "...setting method to SSLv3_server_method" ); +@@ -350,6 +352,7 @@ openssl_init ( pop_tls *pTLS, POP *pPOP + log_openssl_err ( pPOP, HERE, "Unable to allocate SSL_CTX" ); + goto Done; + } ++ SSL_CTX_set_options(pTLS->m_OpenSSLctx, SSL_OP_NO_SSLv2); + + /* + * Set desired options