NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d6b70f009a
kumquat-buildroot/package/heirloom-mailx/0001-fix-libressl-support.patch
Thomas Petazzoni 15972770cf package/heirloom-mailx: security bump to version 12.5-5 from Debian 
Our current heirloom-mailx package is affected by CVE-2014-7844. It
has been fixed by a Debian patch
0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch, but it does rely
on other Debian patches as well.

Instead of bringing those patches locally, we just update the package
to use version 12.5-5 from Debian, including its patches.

The local patch
0001-Patched-out-SSL2-support-since-it-is-no-longer-suppo.patch is
removed as it is part of the Debian patches.

The remaining patch 0002-fix-libressl-support.patch is renumbered.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-09-24 15:55:04 +02:00

55 lines
1.5 KiB
Diff
Raw Blame History

From aad28d30af6c3a74c522dd61943788e908860c84 Mon Sep 17 00:00:00 2001
From: Adam Duskett <aduskett@gmail.com>
Date: Fri, 4 Aug 2017 07:22:47 -0400
Subject: [PATCH] fix libressl support
heirloom-mailx has two small issues when compiling against LibreSSL:
- RAND_egd is used (LibreSSL does not support RAND_egd)
Solution: "Guard" the code calling RAND_egd
- SSLv3_client_method function is used (LibreSSL does not support SSLv3)
Solution: "Guard" the code with #ifndef OPENSSL_NO_SSL3
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
openssl.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/openssl.c b/openssl.c
index 44fe4e5..c4a1bb7 100644
--- a/openssl.c
+++ b/openssl.c
@@ -137,11 +137,13 @@ ssl_rand_init(void)
if ((cp = value("ssl-rand-egd")) != NULL) {
cp = expand(cp);
+#ifndef OPENSSL_NO_EGD
if (RAND_egd(cp) == -1) {
fprintf(stderr, catgets(catd, CATSET, 245,
"entropy daemon at \"%s\" not available\n"),
cp);
} else
+#endif
state = 1;
} else if ((cp = value("ssl-rand-file")) != NULL) {
cp = expand(cp);
@@ -216,10 +218,15 @@ ssl_select_method(const char *uhp)
cp = ssl_method_string(uhp);
if (cp != NULL) {
+ #ifndef OPENSSL_NO_SSL3
if (equal(cp, "ssl3"))
method = SSLv3_client_method();
else if (equal(cp, "tls1"))
method = TLSv1_client_method();
+ #else
+ if (equal(cp, "tls1"))
+ method = TLSv1_client_method();
+ #endif
else {
fprintf(stderr, catgets(catd, CATSET, 244,
"Invalid SSL method \"%s\"\n"), cp);
--
2.13.3
Reference in New Issue View Git Blame Copy Permalink