Bug#802658: libesmtp: diff for NMU version 1.0.6-4.3

Fri, 11 Aug 2017 13:48:37 -0700 

Control: tags 802658 + pending

Dear maintainer,

I've prepared an NMU for libesmtp (versioned as 1.0.6-4.3) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

diff -Nru libesmtp-1.0.6/debian/changelog libesmtp-1.0.6/debian/changelog
--- libesmtp-1.0.6/debian/changelog	2017-01-31 23:51:33.000000000 +0100
+++ libesmtp-1.0.6/debian/changelog	2017-08-07 10:52:01.000000000 +0200
@@ -1,3 +1,11 @@
+libesmtp (1.0.6-4.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add add-TLSv1_1-TLSv1_2-support.patch patch.
+    Add support for TLSv1.1+. (Closes: #802658)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Mon, 07 Aug 2017 10:52:01 +0200
+
 libesmtp (1.0.6-4.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libesmtp-1.0.6/debian/patches/add-TLSv1_1-TLSv1_2-support.patch libesmtp-1.0.6/debian/patches/add-TLSv1_1-TLSv1_2-support.patch
--- libesmtp-1.0.6/debian/patches/add-TLSv1_1-TLSv1_2-support.patch	1970-01-01 01:00:00.000000000 +0100
+++ libesmtp-1.0.6/debian/patches/add-TLSv1_1-TLSv1_2-support.patch	2017-08-07 10:52:01.000000000 +0200
@@ -0,0 +1,36 @@
+Description: Add TLSv1.1 and TLSv1.2 support
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/802658
+Forwarded: yes
+Author: Salvatore Bonaccorso <car...@debian.org>
+Last-Update: 2015-11-07
+
+--- a/smtp-tls.c
++++ b/smtp-tls.c
+@@ -197,11 +197,24 @@ starttls_create_ctx (smtp_session_t sess
+   ckf_t status;
+ 
+   /* The decision not to support SSL v2 and v3 but instead to use only
+-     TLSv1 is deliberate.  This is in line with the intentions of RFC
++     TLSv1.X is deliberate.  This is in line with the intentions of RFC
+      3207.  Servers typically support SSL as well as TLS because some
+      versions of Netscape do not support TLS.  I am assuming that all
+      currently deployed servers correctly support TLS.  */
+-  ctx = SSL_CTX_new (TLSv1_client_method ());
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
++    !defined(LIBRESSL_VERSION_NUMBER)  && !defined(OPENSSL_IS_BORINGSSL)
++    ctx = SSL_CTX_new (TLS_client_method ());
++#else
++    ctx = SSL_CTX_new (SSLv23_client_method ());
++#endif
++
++#ifdef OPENSSL_NO_SSL3
++    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
++#endif
++
++#ifdef OPENSSL_NO_SSL2
++    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
++#endif
+ 
+   /* Load our keys and certificates.  To avoid messing with configuration
+      variables etc, use fixed paths for the certificate store.  These are
diff -Nru libesmtp-1.0.6/debian/patches/series libesmtp-1.0.6/debian/patches/series
--- libesmtp-1.0.6/debian/patches/series	2017-01-31 23:46:39.000000000 +0100
+++ libesmtp-1.0.6/debian/patches/series	2017-08-07 10:52:01.000000000 +0200
@@ -2,3 +2,4 @@
 sys-types-h
 openssl
 remove_ssl_libs_from_libs.patch
+add-TLSv1_1-TLSv1_2-support.patch

Reply via email to