2 files changed, 72 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch
new file mode 100644
index 0000000000..d5610bbcd5
--- /dev/null
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch
@@ -0,0 +1,71 @@
+From 4c684542816a08b95444b8e2515f24d084e6e3c3 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 4 Sep 2018 22:05:17 -0700
+Subject: [PATCH] Support OpenSSL 1.1
+When building with OpenSSL 1.1 and newer, use the new built-in
+ hostname verification instead of code that doesn't compile due to
+ structs having been made opaque.
+Bug-Debian: https://bugs.debian.org/828589
+Upstream-Status: Unknown
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/osdep/unix/ssl_unix.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
+index 3bfdff3..dec9467 100644
+--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
+@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
+                                /* disable certificate validation? */
+   if (flags & NET_NOVALIDATECERT)
+     SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
+-  else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+  else {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000      
+      X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
+      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+      X509_VERIFY_PARAM_set1_host(param, host, 0);
+#endif
+
+      SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+                                /* set default paths to CAs... */
+  }
+   SSL_CTX_set_default_verify_paths (stream->context);
+                                /* ...unless a non-standard path desired */
+   if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
+@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
+   if (SSL_write (stream->con,"",0) < 0)
+     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
+                                /* need to validate host names? */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+   if (!(flags & NET_NOVALIDATECERT) &&
+       (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
+                                host))) {
+@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
+     sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
+     return ssl_last_error = cpystr (tmp);
+   }
+#endif
+   return NIL;
+ }
+ 
+@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
+  * Returns: NIL if validated, else string of error message
+  */
+ 
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+ static char *ssl_validate_cert (X509 *cert,char *host)
+ {
+   int i,n;
+@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *cert,char *host)
+   else ret = "Unable to locate common name in certificate";
+   return ret;
+ }
+#endif
+ 
+ /* Case-independent wildcard pattern match
+  * Accepts: base string
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
index 4c055e54ca..0000f05ae4 100644
--- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -10,6 +10,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
           file://quote_cctype.patch \
           file://imap-2007e-shared.patch \
           file://imap-2007f-format-security.patch \
+           file://0001-Support-OpenSSL-1.1.patch \
           "
 SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"

diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch new file mode 100644 index 0000000000..d5610bbcd5 --- /dev/null +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch
@@ -0,0 +1,71 @@
		1	From 4c684542816a08b95444b8e2515f24d084e6e3c3 Mon Sep 17 00:00:00 2001
		2	From: Khem Raj <raj.khem@gmail.com>
		3	Date: Tue, 4 Sep 2018 22:05:17 -0700
		4	Subject: [PATCH] Support OpenSSL 1.1
		5
		6	When building with OpenSSL 1.1 and newer, use the new built-in
		7	hostname verification instead of code that doesn't compile due to
		8	structs having been made opaque.
		9	Bug-Debian: https://bugs.debian.org/828589
		10
		11	Upstream-Status: Unknown
		12
		13	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		14	---
		15	src/osdep/unix/ssl_unix.c \| 14 +++++++++++++-
		16	1 file changed, 13 insertions(+), 1 deletion(-)
		17
		18	diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
		19	index 3bfdff3..dec9467 100644
		20	--- a/src/osdep/unix/ssl_unix.c
		21	+++ b/src/osdep/unix/ssl_unix.c
		22	@@ -227,8 +227,16 @@ static char ssl_start_work (SSLSTREAM stream,char *host,unsigned long flags)
		23	/* disable certificate validation? */
		24	if (flags & NET_NOVALIDATECERT)
		25	SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
		26	- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
		27	+ else {
		28	+#if OPENSSL_VERSION_NUMBER >= 0x10100000
		29	+ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
		30	+ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
		31	+ X509_VERIFY_PARAM_set1_host(param, host, 0);
		32	+#endif
		33	+
		34	+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
		35	/* set default paths to CAs... */
		36	+ }
		37	SSL_CTX_set_default_verify_paths (stream->context);
		38	/* ...unless a non-standard path desired */
		39	if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
		40	@@ -266,6 +274,7 @@ static char ssl_start_work (SSLSTREAM stream,char *host,unsigned long flags)
		41	if (SSL_write (stream->con,"",0) < 0)
		42	return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
		43	/* need to validate host names? */
		44	+#if OPENSSL_VERSION_NUMBER < 0x10100000
		45	if (!(flags & NET_NOVALIDATECERT) &&
		46	(err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
		47	host))) {
		48	@@ -275,6 +284,7 @@ static char ssl_start_work (SSLSTREAM stream,char *host,unsigned long flags)
		49	sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
		50	return ssl_last_error = cpystr (tmp);
		51	}
		52	+#endif
		53	return NIL;
		54	}
		55
		56	@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
		57	* Returns: NIL if validated, else string of error message
		58	*/
		59
		60	+#if OPENSSL_VERSION_NUMBER < 0x10100000
		61	static char ssl_validate_cert (X509 cert,char *host)
		62	{
		63	int i,n;
		64	@@ -342,6 +353,7 @@ static char ssl_validate_cert (X509 cert,char *host)
		65	else ret = "Unable to locate common name in certificate";
		66	return ret;
		67	}
		68	+#endif
		69
		70	/* Case-independent wildcard pattern match
		71	* Accepts: base string


diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index 4c055e54ca..0000f05ae4 100644 --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -10,6 +10,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
10	file://quote_cctype.patch \	10	file://quote_cctype.patch \
11	file://imap-2007e-shared.patch \	11	file://imap-2007e-shared.patch \
12	file://imap-2007f-format-security.patch \	12	file://imap-2007f-format-security.patch \
		13	file://0001-Support-OpenSSL-1.1.patch \
13	"	14	"
14		15
15	SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"	16	SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"