Hello community, here is the log from the commit of package imapfilter for openSUSE:Factory checked in at 2017-03-03 17:44:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/imapfilter (Old) and /work/SRC/openSUSE:Factory/.imapfilter.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "imapfilter" Fri Mar 3 17:44:49 2017 rev:37 rq:461015 version:2.6.10 Changes: -------- --- /work/SRC/openSUSE:Factory/imapfilter/imapfilter.changes 2016-06-25 02:23:54.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.imapfilter.new/imapfilter.changes 2017-03-03 17:44:50.262563226 +0100 @@ -1,0 +2,15 @@ +Tue Feb 21 19:59:03 UTC 2017 - [email protected] + +- specfile: + * update copyright year + +- update to version 2.6.10: + * Bug fix; segmentation fault on some OpenSSL builds. + +- changes from version 2.6.9: + * Bug fix; possible problem during STARTTLS negotiation. + +- changes from version 2.6.8: + * Support building with OpenSSL 1.1.0. + +------------------------------------------------------------------- Old: ---- imapfilter-2.6.7.tar.gz New: ---- imapfilter-2.6.10.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imapfilter.spec ++++++ --- /var/tmp/diff_new_pack.TmKsPe/_old 2017-03-03 17:44:50.870477315 +0100 +++ /var/tmp/diff_new_pack.TmKsPe/_new 2017-03-03 17:44:50.870477315 +0100 @@ -1,7 +1,7 @@ # # spec file for package imapfilter # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ License: MIT Group: Productivity/Networking/Email/Utilities Url: https://github.com/lefcha/imapfilter -Version: 2.6.7 +Version: 2.6.10 Release: 0 Source: %{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ imapfilter-2.6.7.tar.gz -> imapfilter-2.6.10.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.7/NEWS new/imapfilter-2.6.10/NEWS --- old/imapfilter-2.6.7/NEWS 2016-06-06 23:37:30.000000000 +0200 +++ new/imapfilter-2.6.10/NEWS 2016-12-16 08:11:27.000000000 +0100 @@ -1,3 +1,12 @@ +IMAPFilter 2.6.10 - 16 Dec 2016 + - Bug fix; segmentation fault on some OpenSSL builds. + +IMAPFilter 2.6.9 - 6 Dec 2016 + - Bug fix; possible problem during STARTTLS negotiation. + +IMAPFilter 2.6.8 - 26 Nov 2016 + - Support building with OpenSSL 1.1.0. + IMAPFilter 2.6.7 - 7 Jun 2016 - A dry-run mode that disables all actions that modify data. - Bug fix; handle IDLE untagged responses that are received in pieces. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.7/doc/imapfilter_config.5 new/imapfilter-2.6.10/doc/imapfilter_config.5 --- old/imapfilter-2.6.7/doc/imapfilter_config.5 2016-06-06 23:37:30.000000000 +0200 +++ new/imapfilter-2.6.10/doc/imapfilter_config.5 2016-12-16 08:11:27.000000000 +0100 @@ -1,4 +1,4 @@ -.Dd Dec 6, 2015 +.Dd Nov 26, 2016 .Dt IMAPFILTER_CONFIG 5 .Os .Sh NAME @@ -241,7 +241,7 @@ server = 'imap.mail.server', username = 'me', password = 'secret', - ssl = 'ssl23' + ssl = 'auto' } .Ed .Pp @@ -300,11 +300,18 @@ used. It takes a .Vt string as a value, specifically one of: -.Dq ssl3 , -.Dq ssl23 , -.Dq tls1 , +.Dq auto , +.Dq tls1.2 , .Dq tls1.1 , -.Dq tls1.2 . +.Dq tls1 , +.Dq ssl3 . +.Pp +Note that the latest versions of the OpenSSL library have deprecated +version specific methods, and the actual protocol version used will be +negotiated to be the highest version mutually supported by the client +and the server. This is also what the +.Dq auto +value does. .El .Pp .Ss LISTING diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.7/src/auth.c new/imapfilter-2.6.10/src/auth.c --- old/imapfilter-2.6.7/src/auth.c 2016-06-06 23:37:30.000000000 +0200 +++ new/imapfilter-2.6.10/src/auth.c 2016-12-16 08:11:27.000000000 +0100 @@ -20,7 +20,11 @@ unsigned char *resp, *buf, *out; unsigned char md[EVP_MAX_MD_SIZE], mdhex[EVP_MAX_MD_SIZE * 2 + 1]; unsigned int mdlen; - HMAC_CTX hmac; +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL + HMAC_CTX *ctx; +#else + HMAC_CTX ctx; +#endif n = strlen((char *)(chal)) * 3 / 4 + 1; resp = (unsigned char *)xmalloc(n * sizeof(char)); @@ -28,9 +32,20 @@ EVP_DecodeBlock(resp, chal, strlen((char *)(chal))); - HMAC_Init(&hmac, (const unsigned char *)pass, strlen(pass), EVP_md5()); - HMAC_Update(&hmac, resp, strlen((char *)(resp))); - HMAC_Final(&hmac, md, &mdlen); +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL + ctx = HMAC_CTX_new(); + HMAC_Init_ex(ctx, (const unsigned char *)pass, strlen(pass), + EVP_md5(), NULL); + HMAC_Update(ctx, resp, strlen((char *)(resp))); + HMAC_Final(ctx, md, &mdlen); + HMAC_CTX_free(ctx); +#else + HMAC_CTX_init(&ctx); + HMAC_Init(&ctx, (const unsigned char *)pass, strlen(pass), EVP_md5()); + HMAC_Update(&ctx, resp, strlen((char *)(resp))); + HMAC_Final(&ctx, md, &mdlen); + HMAC_CTX_cleanup(&ctx); +#endif xfree(chal); xfree(resp); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.7/src/imapfilter.c new/imapfilter-2.6.10/src/imapfilter.c --- old/imapfilter-2.6.7/src/imapfilter.c 2016-06-06 23:37:30.000000000 +0200 +++ new/imapfilter-2.6.10/src/imapfilter.c 2016-12-16 08:11:27.000000000 +0100 @@ -21,12 +21,22 @@ extern buffer ibuf, obuf, nbuf, cbuf; extern regexp responses[]; -extern SSL_CTX *ssl23ctx, *tls1ctx; +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL +extern SSL_CTX *sslctx; +#else +extern SSL_CTX *ssl23ctx; #ifndef OPENSSL_NO_SSL3_METHOD extern SSL_CTX *ssl3ctx; #endif -#if OPENSSL_VERSION_NUMBER >= 0x01000100fL -extern SSL_CTX *tls11ctx, *tls12ctx; +#ifndef OPENSSL_NO_TLS1_METHOD +extern SSL_CTX *tls1ctx; +#endif +#ifndef OPENSSL_NO_TLS1_1_METHOD +extern SSL_CTX *tls11ctx; +#endif +#ifndef OPENSSL_NO_TLS1_2_METHOD +extern SSL_CTX *tls12ctx; +#endif #endif options opts; /* Program options. */ @@ -121,27 +131,49 @@ SSL_library_init(); SSL_load_error_strings(); +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL + sslctx = SSL_CTX_new(TLS_method()); +#else + ssl23ctx = SSL_CTX_new(SSLv23_client_method()); #ifndef OPENSSL_NO_SSL3_METHOD ssl3ctx = SSL_CTX_new(SSLv3_client_method()); #endif - ssl23ctx = SSL_CTX_new(SSLv23_client_method()); +#ifndef OPENSSL_NO_TLS1_METHOD tls1ctx = SSL_CTX_new(TLSv1_client_method()); -#if OPENSSL_VERSION_NUMBER >= 0x01000100fL +#endif +#ifndef OPENSSL_NO_TLS1_1_METHOD tls11ctx = SSL_CTX_new(TLSv1_1_client_method()); +#endif +#ifndef OPENSSL_NO_TLS1_2_METHOD tls12ctx = SSL_CTX_new(TLSv1_2_client_method()); #endif +#endif if (exists_dir(opts.truststore)) capath = opts.truststore; else if (exists_file(opts.truststore)) cafile = opts.truststore; +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL + if (sslctx) + SSL_CTX_load_verify_locations(sslctx, cafile, capath); +#else + if (ssl23ctx) + SSL_CTX_load_verify_locations(ssl23ctx, cafile, capath); #ifndef OPENSSL_NO_SSL3_METHOD - SSL_CTX_load_verify_locations(ssl3ctx, cafile, capath); + if (ssl3ctx) + SSL_CTX_load_verify_locations(ssl3ctx, cafile, capath); +#endif +#ifndef OPENSSL_NO_TLS1_METHOD + if (tls1ctx) + SSL_CTX_load_verify_locations(tls1ctx, cafile, capath); +#endif +#ifndef OPENSSL_NO_TLS1_1_METHOD + if (tls11ctx) + SSL_CTX_load_verify_locations(tls11ctx, cafile, capath); +#endif +#ifndef OPENSSL_NO_TLS1_2_METHOD + if (tls12ctx) + SSL_CTX_load_verify_locations(tls12ctx, cafile, capath); #endif - SSL_CTX_load_verify_locations(ssl23ctx, cafile, capath); - SSL_CTX_load_verify_locations(tls1ctx, cafile, capath); -#if OPENSSL_VERSION_NUMBER >= 0x01000100fL - SSL_CTX_load_verify_locations(tls11ctx, cafile, capath); - SSL_CTX_load_verify_locations(tls12ctx, cafile, capath); #endif start_lua(); @@ -161,14 +193,28 @@ #endif stop_lua(); +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL + if (sslctx) + SSL_CTX_free(sslctx); +#else + if (ssl23ctx) + SSL_CTX_free(ssl23ctx); #ifndef OPENSSL_NO_SSL3_METHOD - SSL_CTX_free(ssl3ctx); + if (ssl3ctx) + SSL_CTX_free(ssl3ctx); +#endif +#ifndef OPENSSL_NO_TLS1_METHOD + if (tls1ctx) + SSL_CTX_free(tls1ctx); +#endif +#ifndef OPENSSL_NO_TLS1_1_METHOD + if (tls11ctx) + SSL_CTX_free(tls11ctx); +#endif +#ifndef OPENSSL_NO_TLS1_2_METHOD + if (tls12ctx) + SSL_CTX_free(tls12ctx); #endif - SSL_CTX_free(ssl23ctx); - SSL_CTX_free(tls1ctx); -#if OPENSSL_VERSION_NUMBER >= 0x01000100fL - SSL_CTX_free(tls11ctx); - SSL_CTX_free(tls12ctx); #endif ERR_free_strings(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.7/src/socket.c new/imapfilter-2.6.10/src/socket.c --- old/imapfilter-2.6.7/src/socket.c 2016-06-06 23:37:30.000000000 +0200 +++ new/imapfilter-2.6.10/src/socket.c 2016-12-16 08:11:27.000000000 +0100 @@ -16,12 +16,23 @@ #include "imapfilter.h" #include "session.h" -SSL_CTX *ssl23ctx, *tls1ctx; + +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL +SSL_CTX *sslctx = NULL; +#else +SSL_CTX *ssl23ctx = NULL; #ifndef OPENSSL_NO_SSL3_METHOD -SSL_CTX *ssl3ctx; +SSL_CTX *ssl3ctx = NULL; +#endif +#ifndef OPENSSL_NO_TLS1_METHOD +SSL_CTX *tls1ctx = NULL; +#endif +#ifndef OPENSSL_NO_TLS1_1_METHOD +SSL_CTX *tls11ctx = NULL; +#endif +#ifndef OPENSSL_NO_TLS1_2_METHOD +SSL_CTX *tls12ctx = NULL; #endif -#if OPENSSL_VERSION_NUMBER >= 0x01000100fL -SSL_CTX *tls11ctx, *tls12ctx; #endif @@ -92,33 +103,39 @@ open_secure_connection(session *ssn) { int r, e; - SSL_CTX *ctx; + SSL_CTX *ctx = NULL; - if (!ssn->sslproto) { +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL + if (sslctx) + ctx = sslctx; +#else + if (ssl23ctx) ctx = ssl23ctx; - } else if (!strcasecmp(ssn->sslproto, "ssl3")) { + + if (ssn->sslproto) { #ifndef OPENSSL_NO_SSL3_METHOD - ctx = ssl3ctx; -#else - error("protocol SSLv3 not supported by current build\n"); - goto fail; + if (ssl3ctx && !strcasecmp(ssn->sslproto, "ssl3")) + ctx = ssl3ctx; #endif - } else if (!strcasecmp(ssn->sslproto, "tls1")) { - ctx = tls1ctx; - } else if (!strcasecmp(ssn->sslproto, "tls1.1")) { -#if OPENSSL_VERSION_NUMBER >= 0x01000100fL - ctx = tls11ctx; -#else - ctx = tls1ctx; +#ifndef OPENSSL_NO_TLS1_METHOD + if (tls1ctx && !strcasecmp(ssn->sslproto, "tls1")) + ctx = tls1ctx; #endif - } else if (!strcasecmp(ssn->sslproto, "tls1.2")) { -#if OPENSSL_VERSION_NUMBER >= 0x01000100fL - ctx = tls12ctx; -#else - ctx = tls1ctx; +#ifndef OPENSSL_NO_TLS1_1_METHOD + if (tls11ctx && !strcasecmp(ssn->sslproto, "tls1.1")) + ctx = tls11ctx; #endif - } else { - ctx = ssl23ctx; +#ifndef OPENSSL_NO_TLS1_2_METHOD + if (tls12ctx && !strcasecmp(ssn->sslproto, "tls1.2")) + ctx = tls12ctx; +#endif + } +#endif + + if (ctx == NULL) { + error("initiating SSL connection to %s; protocol version " + "not supported by current build", ssn->server); + goto fail; } if (!(ssn->sslconn = SSL_new(ctx))) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.7/src/version.h new/imapfilter-2.6.10/src/version.h --- old/imapfilter-2.6.7/src/version.h 2016-06-06 23:37:30.000000000 +0200 +++ new/imapfilter-2.6.10/src/version.h 2016-12-16 08:11:27.000000000 +0100 @@ -3,7 +3,7 @@ /* Program's version number. */ -#define VERSION "2.6.7" +#define VERSION "2.6.10" /* Program's copyright. */ #define COPYRIGHT "Copyright (c) 2001-2016 Eleftherios Chatzimparmpas"
