Message ID | 20240509060755.3072961-1-zboszor@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [meta-oe] uw-imap: Add a patch to support newer than TLSv1.0 | expand |
On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via lists.openembedded.org <zboszor=gmail.com@lists.openembedded.org> wrote: > > The patch 0001-Support-OpenSSL-1.1.patch enabled building > uw-imap against OpenSSL 1.1.0 or later. > > However, TLSv1_client_method() and TLSv1_server_method() > restricts uw-imap to TLSv1.0. > > These APIs, along with explicitly versioned APIs like > TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated > in OpenSSL 1.1.0 or later. The replacements are unversioned > API functions: TLS_client_method() and TLS_server_method() > which support TLS version autonegotiation. > > This allows the PHP IMAP extension to work with IMAP servers > that enforce TLSv1.2 or higher. > > Fixes: https://bugs.php.net/bug.php?id=76928 > Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> > --- > .../uw-imap/uw-imap/uw-imap-newer-tls.patch | 29 +++++++++++++++++++ > .../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 + > 2 files changed, 30 insertions(+) > create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch > > diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch > new file mode 100644 > index 000000000..958abc90f > --- /dev/null > +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch > @@ -0,0 +1,29 @@ > +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> > +Upstream-Status: Pending > + I think it will be good to submit this patch upstream to uw as well, > +--- imap-2007f/src/osdep/unix/ssl_unix.c.old 2024-05-08 09:41:06.183450584 +0200 > ++++ imap-2007f/src/osdep/unix/ssl_unix.c 2024-05-08 09:43:38.512931933 +0200 > +@@ -220,7 +220,11 @@ > + if (ssl_last_error) fs_give ((void **) &ssl_last_error); > + ssl_last_host = host; > + if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ? > ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 > ++ TLS_client_method () : > ++#else > + TLSv1_client_method () : > ++#endif > + SSLv23_client_method ()))) > + return "SSL context failed"; > + SSL_CTX_set_options (stream->context,0); > +@@ -703,7 +707,11 @@ > + } > + /* create context */ > + if (!(stream->context = SSL_CTX_new (start_tls ? > ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 > ++ TLS_server_method () : > ++#else > + TLSv1_server_method () : > ++#endif > + SSLv23_server_method ()))) > + syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s", > + tcp_clienthost ()); > diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb > index dcb59f4ea..17faa3aa6 100644 > --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb > +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb > @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \ > file://0001-Do-not-build-mtest.patch \ > file://0002-tmail-Include-ctype.h-for-isdigit.patch \ > file://0001-Fix-Wincompatible-function-pointer-types.patch \ > + file://uw-imap-newer-tls.patch \ > " > > SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369" > -- > 2.45.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#110281): https://lists.openembedded.org/g/openembedded-devel/message/110281 > Mute This Topic: https://lists.openembedded.org/mt/105996685/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
2024. 05. 09. 8:12 keltezéssel, Khem Raj írta: > On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via > lists.openembedded.org <zboszor=gmail.com@lists.openembedded.org> > wrote: >> The patch 0001-Support-OpenSSL-1.1.patch enabled building >> uw-imap against OpenSSL 1.1.0 or later. >> >> However, TLSv1_client_method() and TLSv1_server_method() >> restricts uw-imap to TLSv1.0. >> >> These APIs, along with explicitly versioned APIs like >> TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated >> in OpenSSL 1.1.0 or later. The replacements are unversioned >> API functions: TLS_client_method() and TLS_server_method() >> which support TLS version autonegotiation. >> >> This allows the PHP IMAP extension to work with IMAP servers >> that enforce TLSv1.2 or higher. >> >> Fixes: https://bugs.php.net/bug.php?id=76928 >> Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> >> --- >> .../uw-imap/uw-imap/uw-imap-newer-tls.patch | 29 +++++++++++++++++++ >> .../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 + >> 2 files changed, 30 insertions(+) >> create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch >> >> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch >> new file mode 100644 >> index 000000000..958abc90f >> --- /dev/null >> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch >> @@ -0,0 +1,29 @@ >> +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> >> +Upstream-Status: Pending >> + > I think it will be good to submit this patch upstream to uw as well, Is upstream maintained? The complaints at https://bugs.php.net/bug.php?id=76928 indicate that it's not and the situation of forks is a mess. For one, the seemingly most uptodate fork at https://repo.or.cz/alpine.git contains changes that break building the PHP IMAP extension. > >> +--- imap-2007f/src/osdep/unix/ssl_unix.c.old 2024-05-08 09:41:06.183450584 +0200 >> ++++ imap-2007f/src/osdep/unix/ssl_unix.c 2024-05-08 09:43:38.512931933 +0200 >> +@@ -220,7 +220,11 @@ >> + if (ssl_last_error) fs_give ((void **) &ssl_last_error); >> + ssl_last_host = host; >> + if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ? >> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 >> ++ TLS_client_method () : >> ++#else >> + TLSv1_client_method () : >> ++#endif >> + SSLv23_client_method ()))) >> + return "SSL context failed"; >> + SSL_CTX_set_options (stream->context,0); >> +@@ -703,7 +707,11 @@ >> + } >> + /* create context */ >> + if (!(stream->context = SSL_CTX_new (start_tls ? >> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 >> ++ TLS_server_method () : >> ++#else >> + TLSv1_server_method () : >> ++#endif >> + SSLv23_server_method ()))) >> + syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s", >> + tcp_clienthost ()); >> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb >> index dcb59f4ea..17faa3aa6 100644 >> --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb >> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb >> @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \ >> file://0001-Do-not-build-mtest.patch \ >> file://0002-tmail-Include-ctype.h-for-isdigit.patch \ >> file://0001-Fix-Wincompatible-function-pointer-types.patch \ >> + file://uw-imap-newer-tls.patch \ >> " >> >> SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369" >> -- >> 2.45.0 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#110281): https://lists.openembedded.org/g/openembedded-devel/message/110281 >> Mute This Topic: https://lists.openembedded.org/mt/105996685/1997914 >> Group Owner: openembedded-devel+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] >> -=-=-=-=-=-=-=-=-=-=-=- >>
2024. 05. 09. 8:34 keltezéssel, Zoltan Boszormenyi via lists.openembedded.org írta: > 2024. 05. 09. 8:12 keltezéssel, Khem Raj írta: >> On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via >> lists.openembedded.org <zboszor=gmail.com@lists.openembedded.org> >> wrote: >>> The patch 0001-Support-OpenSSL-1.1.patch enabled building >>> uw-imap against OpenSSL 1.1.0 or later. >>> >>> However, TLSv1_client_method() and TLSv1_server_method() >>> restricts uw-imap to TLSv1.0. >>> >>> These APIs, along with explicitly versioned APIs like >>> TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated >>> in OpenSSL 1.1.0 or later. The replacements are unversioned >>> API functions: TLS_client_method() and TLS_server_method() >>> which support TLS version autonegotiation. >>> >>> This allows the PHP IMAP extension to work with IMAP servers >>> that enforce TLSv1.2 or higher. >>> >>> Fixes: https://bugs.php.net/bug.php?id=76928 >>> Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> >>> --- >>> .../uw-imap/uw-imap/uw-imap-newer-tls.patch | 29 +++++++++++++++++++ >>> .../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 + >>> 2 files changed, 30 insertions(+) >>> create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch >>> >>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch >>> b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch >>> new file mode 100644 >>> index 000000000..958abc90f >>> --- /dev/null >>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch >>> @@ -0,0 +1,29 @@ >>> +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> >>> +Upstream-Status: Pending >>> + >> I think it will be good to submit this patch upstream to uw as well, > > Is upstream maintained? > > The complaints at https://bugs.php.net/bug.php?id=76928 indicate that it's not and the > situation of forks is a mess. For one, the seemingly most uptodate fork at > https://repo.or.cz/alpine.git contains changes that break building the PHP IMAP extension. Not sure how "upstream" https://github.com/uw-imap/imap is (https://en.wikipedia.org/wiki/UW_IMAP mentions it) but the patch is now submitted there. Thanks. >> >>> +--- imap-2007f/src/osdep/unix/ssl_unix.c.old 2024-05-08 09:41:06.183450584 +0200 >>> ++++ imap-2007f/src/osdep/unix/ssl_unix.c 2024-05-08 09:43:38.512931933 +0200 >>> +@@ -220,7 +220,11 @@ >>> + if (ssl_last_error) fs_give ((void **) &ssl_last_error); >>> + ssl_last_host = host; >>> + if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ? >>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 >>> ++ TLS_client_method () : >>> ++#else >>> + TLSv1_client_method () : >>> ++#endif >>> + SSLv23_client_method ()))) >>> + return "SSL context failed"; >>> + SSL_CTX_set_options (stream->context,0); >>> +@@ -703,7 +707,11 @@ >>> + } >>> + /* create context */ >>> + if (!(stream->context = SSL_CTX_new (start_tls ? >>> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 >>> ++ TLS_server_method () : >>> ++#else >>> + TLSv1_server_method () : >>> ++#endif >>> + SSLv23_server_method ()))) >>> + syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s", >>> + tcp_clienthost ()); >>> diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb >>> b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb >>> index dcb59f4ea..17faa3aa6 100644 >>> --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb >>> +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb >>> @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \ >>> file://0001-Do-not-build-mtest.patch \ >>> file://0002-tmail-Include-ctype.h-for-isdigit.patch \ >>> file://0001-Fix-Wincompatible-function-pointer-types.patch \ >>> + file://uw-imap-newer-tls.patch \ >>> " >>> >>> SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369" >>> -- >>> 2.45.0 >>> >>> >>> >>> > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#110284): https://lists.openembedded.org/g/openembedded-devel/message/110284 > Mute This Topic: https://lists.openembedded.org/mt/105996685/3617728 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [zboszor@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch new file mode 100644 index 000000000..958abc90f --- /dev/null +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch @@ -0,0 +1,29 @@ +Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> +Upstream-Status: Pending + +--- imap-2007f/src/osdep/unix/ssl_unix.c.old 2024-05-08 09:41:06.183450584 +0200 ++++ imap-2007f/src/osdep/unix/ssl_unix.c 2024-05-08 09:43:38.512931933 +0200 +@@ -220,7 +220,11 @@ + if (ssl_last_error) fs_give ((void **) &ssl_last_error); + ssl_last_host = host; + if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ? ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ TLS_client_method () : ++#else + TLSv1_client_method () : ++#endif + SSLv23_client_method ()))) + return "SSL context failed"; + SSL_CTX_set_options (stream->context,0); +@@ -703,7 +707,11 @@ + } + /* create context */ + if (!(stream->context = SSL_CTX_new (start_tls ? ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ TLS_server_method () : ++#else + TLSv1_server_method () : ++#endif + SSLv23_server_method ()))) + syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s", + tcp_clienthost ()); diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index dcb59f4ea..17faa3aa6 100644 --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \ file://0001-Do-not-build-mtest.patch \ file://0002-tmail-Include-ctype.h-for-isdigit.patch \ file://0001-Fix-Wincompatible-function-pointer-types.patch \ + file://uw-imap-newer-tls.patch \ " SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
The patch 0001-Support-OpenSSL-1.1.patch enabled building uw-imap against OpenSSL 1.1.0 or later. However, TLSv1_client_method() and TLSv1_server_method() restricts uw-imap to TLSv1.0. These APIs, along with explicitly versioned APIs like TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated in OpenSSL 1.1.0 or later. The replacements are unversioned API functions: TLS_client_method() and TLS_server_method() which support TLS version autonegotiation. This allows the PHP IMAP extension to work with IMAP servers that enforce TLSv1.2 or higher. Fixes: https://bugs.php.net/bug.php?id=76928 Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> --- .../uw-imap/uw-imap/uw-imap-newer-tls.patch | 29 +++++++++++++++++++ .../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch