2024. 05. 09. 8:12 keltezéssel, Khem Raj írta:
On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via
lists.openembedded.org <[email protected]>
wrote:
The patch 0001-Support-OpenSSL-1.1.patch enabled building
uw-imap against OpenSSL 1.1.0 or later.
However, TLSv1_client_method() and TLSv1_server_method()
restricts uw-imap to TLSv1.0.
These APIs, along with explicitly versioned APIs like
TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated
in OpenSSL 1.1.0 or later. The replacements are unversioned
API functions: TLS_client_method() and TLS_server_method()
which support TLS version autonegotiation.
This allows the PHP IMAP extension to work with IMAP servers
that enforce TLSv1.2 or higher.
Fixes: https://bugs.php.net/bug.php?id=76928
Signed-off-by: Zoltán Böszörményi <[email protected]>
---
.../uw-imap/uw-imap/uw-imap-newer-tls.patch | 29 +++++++++++++++++++
.../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 +
2 files changed, 30 insertions(+)
create mode 100644
meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
new file mode 100644
index 000000000..958abc90f
--- /dev/null
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch
@@ -0,0 +1,29 @@
+Signed-off-by: Zoltán Böszörményi <[email protected]>
+Upstream-Status: Pending
+
I think it will be good to submit this patch upstream to uw as well,
Is upstream maintained?
The complaints at https://bugs.php.net/bug.php?id=76928 indicate that it's not and the
situation of forks is a mess. For one, the seemingly most uptodate fork at
https://repo.or.cz/alpine.git contains changes that break building the PHP IMAP extension.
+--- imap-2007f/src/osdep/unix/ssl_unix.c.old 2024-05-08 09:41:06.183450584
+0200
++++ imap-2007f/src/osdep/unix/ssl_unix.c 2024-05-08 09:43:38.512931933
+0200
+@@ -220,7 +220,11 @@
+ if (ssl_last_error) fs_give ((void **) &ssl_last_error);
+ ssl_last_host = host;
+ if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++ TLS_client_method () :
++#else
+ TLSv1_client_method () :
++#endif
+ SSLv23_client_method ())))
+ return "SSL context failed";
+ SSL_CTX_set_options (stream->context,0);
+@@ -703,7 +707,11 @@
+ }
+ /* create context */
+ if (!(stream->context = SSL_CTX_new (start_tls ?
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++ TLS_server_method () :
++#else
+ TLSv1_server_method () :
++#endif
+ SSLv23_server_method ())))
+ syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
+ tcp_clienthost ());
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
index dcb59f4ea..17faa3aa6 100644
--- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -15,6 +15,7 @@ SRC_URI =
"https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
file://0001-Do-not-build-mtest.patch \
file://0002-tmail-Include-ctype.h-for-isdigit.patch \
file://0001-Fix-Wincompatible-function-pointer-types.patch \
+ file://uw-imap-newer-tls.patch \
"
SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
--
2.45.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#110284):
https://lists.openembedded.org/g/openembedded-devel/message/110284
Mute This Topic: https://lists.openembedded.org/mt/105996685/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
