Control: tags 802658 + pending Dear maintainer,
I've prepared an NMU for libesmtp (versioned as 1.0.6-4.3) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. Regards, Salvatore
diff -Nru libesmtp-1.0.6/debian/changelog libesmtp-1.0.6/debian/changelog --- libesmtp-1.0.6/debian/changelog 2017-01-31 23:51:33.000000000 +0100 +++ libesmtp-1.0.6/debian/changelog 2017-08-07 10:52:01.000000000 +0200 @@ -1,3 +1,11 @@ +libesmtp (1.0.6-4.3) unstable; urgency=medium + + * Non-maintainer upload. + * Add add-TLSv1_1-TLSv1_2-support.patch patch. + Add support for TLSv1.1+. (Closes: #802658) + + -- Salvatore Bonaccorso <car...@debian.org> Mon, 07 Aug 2017 10:52:01 +0200 + libesmtp (1.0.6-4.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru libesmtp-1.0.6/debian/patches/add-TLSv1_1-TLSv1_2-support.patch libesmtp-1.0.6/debian/patches/add-TLSv1_1-TLSv1_2-support.patch --- libesmtp-1.0.6/debian/patches/add-TLSv1_1-TLSv1_2-support.patch 1970-01-01 01:00:00.000000000 +0100 +++ libesmtp-1.0.6/debian/patches/add-TLSv1_1-TLSv1_2-support.patch 2017-08-07 10:52:01.000000000 +0200 @@ -0,0 +1,36 @@ +Description: Add TLSv1.1 and TLSv1.2 support +Origin: vendor +Bug-Debian: https://bugs.debian.org/802658 +Forwarded: yes +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2015-11-07 + +--- a/smtp-tls.c ++++ b/smtp-tls.c +@@ -197,11 +197,24 @@ starttls_create_ctx (smtp_session_t sess + ckf_t status; + + /* The decision not to support SSL v2 and v3 but instead to use only +- TLSv1 is deliberate. This is in line with the intentions of RFC ++ TLSv1.X is deliberate. This is in line with the intentions of RFC + 3207. Servers typically support SSL as well as TLS because some + versions of Netscape do not support TLS. I am assuming that all + currently deployed servers correctly support TLS. */ +- ctx = SSL_CTX_new (TLSv1_client_method ()); ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ ++ !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL) ++ ctx = SSL_CTX_new (TLS_client_method ()); ++#else ++ ctx = SSL_CTX_new (SSLv23_client_method ()); ++#endif ++ ++#ifdef OPENSSL_NO_SSL3 ++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); ++#endif ++ ++#ifdef OPENSSL_NO_SSL2 ++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); ++#endif + + /* Load our keys and certificates. To avoid messing with configuration + variables etc, use fixed paths for the certificate store. These are diff -Nru libesmtp-1.0.6/debian/patches/series libesmtp-1.0.6/debian/patches/series --- libesmtp-1.0.6/debian/patches/series 2017-01-31 23:46:39.000000000 +0100 +++ libesmtp-1.0.6/debian/patches/series 2017-08-07 10:52:01.000000000 +0200 @@ -2,3 +2,4 @@ sys-types-h openssl remove_ssl_libs_from_libs.patch +add-TLSv1_1-TLSv1_2-support.patch