[pkgsrc/trunk]: pkgsrc/mail/qpopper Drop SSLv3-only support. Don't look into ...

[joerg <joerg%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9bb0a4d6ae59
branches:  trunk
changeset: 407846:9bb0a4d6ae59
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Fri Jan 10 21:16:03 2020 +0000

description:
Drop SSLv3-only support. Don't look into internals of SSL structures.

diffstat:

 mail/qpopper/distinfo                                 |  11 ++---
 mail/qpopper/patches/patch-popper_pop__tls__openssl.c |  34 +++++++++++++++---
 2 files changed, 32 insertions(+), 13 deletions(-)

diffs (84 lines):

diff -r 2a9ea213f641 -r 9bb0a4d6ae59 mail/qpopper/distinfo
--- a/mail/qpopper/distinfo     Fri Jan 10 21:15:21 2020 +0000
+++ b/mail/qpopper/distinfo     Fri Jan 10 21:16:03 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2017/09/16 15:30:11 tnn Exp $
+$NetBSD: distinfo,v 1.22 2020/01/10 21:16:03 joerg Exp $
 
 SHA1 (qpopper4.1.0.tar.gz) = 7806c230cb2b87d131c356de6ce85160650b5aea
 RMD160 (qpopper4.1.0.tar.gz) = 5254dd252739b2465795a0161bc2fed82adffbcc
@@ -8,12 +8,11 @@
 SHA1 (patch-ab) = e79751be12082f1d1a92c3e02d9a44a9db672152
 SHA1 (patch-ac) = 1593366df600fc52b84b1ca6e8a825142c9c7400
 SHA1 (patch-ad) = b07be058c29e35b67e2f3cce4e00c022be867c62
-SHA1 (patch-ae) = ddd042f2a428c3aa4d942851937a2f43e9a68f0b
+SHA1 (patch-ae) = 8666c6378263bbeb0d03c4160b31146d222145be
 SHA1 (patch-af) = a2100b026a0bab0be8c99c211ec0bd14d4405f32
-SHA1 (patch-ag) = 401408f7c6150ec41cecb85d166e7e338b9a9e5f
+SHA1 (patch-ag) = 01e2233cc5ffc722fb60ac2229783d777b497320
 SHA1 (patch-al) = 93d3c6cc3deee57c707abeb131febbd057a1ef57
 SHA1 (patch-am) = 05cc53a56205d4db8bb7914437e788117d58b212
-SHA1 (patch-ap) = a0c2cef62ce6ddbffdd6c19764ea54e8674dae34
-SHA1 (patch-popper_main.c) = a2e11c4d4350209e4de4c01a33b32d61a40350e0
+SHA1 (patch-ap) = a2e11c4d4350209e4de4c01a33b32d61a40350e0
 SHA1 (patch-popper_pop__config.c) = 504b98bf5d4ee93d8530f68a1f4ea813b46b5c92
-SHA1 (patch-popper_pop__tls__openssl.c) = 7de9032306df0993c3455bf3a64a9e4cc4da4058
+SHA1 (patch-popper_pop__tls__openssl.c) = 7e06d3c2e9d5d03d254a5f6fa01f5d9ceec1f6c1
diff -r 2a9ea213f641 -r 9bb0a4d6ae59 mail/qpopper/patches/patch-popper_pop__tls__openssl.c
--- a/mail/qpopper/patches/patch-popper_pop__tls__openssl.c     Fri Jan 10 21:15:21 2020 +0000
+++ b/mail/qpopper/patches/patch-popper_pop__tls__openssl.c     Fri Jan 10 21:16:03 2020 +0000
@@ -1,10 +1,18 @@
-$NetBSD: patch-popper_pop__tls__openssl.c,v 1.1 2016/03/26 23:52:37 joerg Exp $
+$NetBSD: patch-popper_pop__tls__openssl.c,v 1.2 2020/01/10 21:16:03 joerg Exp $
 
-Disable SSLv2.
+Disable SSLv2 and SSLv3. Don't look into the internals of SSL objects.
 
---- popper/pop_tls_openssl.c.orig      2016-03-26 21:49:05.471963098 +0000
+--- popper/pop_tls_openssl.c.orig      2011-05-30 19:13:40.000000000 +0000
 +++ popper/pop_tls_openssl.c
-@@ -318,10 +318,12 @@ openssl_init ( pop_tls *pTLS, POP *pPOP 
+@@ -51,6 +51,7 @@
+ #include <fcntl.h>
+ #include <setjmp.h>
+ #include <signal.h>
++#include <string.h>
+ 
+ #ifdef HAVE_UNISTD_H
+ #  include <unistd.h>
+@@ -318,6 +319,7 @@ openssl_init ( pop_tls *pTLS, POP *pPOP 
              pTLS->m_OpenSSLmeth = SSLv23_server_method();
              break;
  
@@ -12,12 +20,15 @@
          case QPOP_SSLv2:       /* SSL version 2 only */
              DEBUG_LOG0 ( pPOP, "...setting method to SSLv2_server_method" );
              pTLS->m_OpenSSLmeth = SSLv2_server_method();
+@@ -327,6 +329,7 @@ openssl_init ( pop_tls *pTLS, POP *pPOP 
+             DEBUG_LOG0 ( pPOP, "...setting method to SSLv3_server_method" );
+             pTLS->m_OpenSSLmeth = SSLv3_server_method();
              break;
 +#endif
  
-         case QPOP_SSLv3:       /* SSL version 3 only */
-             DEBUG_LOG0 ( pPOP, "...setting method to SSLv3_server_method" );
-@@ -350,6 +352,7 @@ openssl_init ( pop_tls *pTLS, POP *pPOP 
+         case QPOP_TLSv1:       /* TLS version 1 only */
+             DEBUG_LOG0 ( pPOP, "...setting method to TLSv1_server_method" );
+@@ -350,6 +353,7 @@ openssl_init ( pop_tls *pTLS, POP *pPOP 
          log_openssl_err ( pPOP, HERE, "Unable to allocate SSL_CTX" );
          goto Done;
      }
@@ -25,3 +36,12 @@
  
      /*
       * Set desired options
+@@ -537,7 +541,7 @@ openssl_handshake ( pop_tls *pTLS )
+                           "%s session-id; cipher: %s (%s), %d bits",
+                           VERSION, SSL_CIPHER_get_version(ciph),
+                           pTLS->m_pPOP->client, pTLS->m_pPOP->ipaddr,
+-                          ( pTLS->m_OpenSSLconn->hit ? "reused" : "new" ),
++                          ( SSL_session_reused(pTLS->m_OpenSSLconn) ? "reused" : "new" ),
+                           ( ciph_name != NULL ? ciph_name : "(none)" ),
+                           get_cipher_description ( ciph, buf, sizeof(buf) ),
+                           SSL_CIPHER_get_bits    ( ciph, &al_bits ) );