r2641 - in /wheezy/evolution-data-server/debian: changelog patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch patches/series

laney at users.alioth.debian.org laney at users.alioth.debian.org
Sun Nov 2 18:51:20 UTC 2014 

Author: laney
Date: Sun Nov  2 18:51:20 2014
New Revision: 2641

URL: http://svn.debian.org/wsvn/pkg-evolution/?sc=1&rev=2641
Log:
debian/patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch:
Enable all SSL/TLS versions supported by NSS (Closes: #765838)

Added:
    wheezy/evolution-data-server/debian/patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch
Modified:
    wheezy/evolution-data-server/debian/changelog
    wheezy/evolution-data-server/debian/patches/series

Modified: wheezy/evolution-data-server/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-evolution/wheezy/evolution-data-server/debian/changelog?rev=2641&op=diff
==============================================================================
--- wheezy/evolution-data-server/debian/changelog	(original)
+++ wheezy/evolution-data-server/debian/changelog	Sun Nov  2 18:51:20 2014
@@ -1,3 +1,10 @@
+evolution-data-server (3.4.4-3+deb7u1) UNRELEASED; urgency=medium
+
+  * debian/patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch:
+    Enable all SSL/TLS versions supported by NSS (Closes: #765838)
+
+ -- Iain Lane <laney at debian.org>  Sun, 02 Nov 2014 16:48:55 +0000
+
 evolution-data-server (3.4.4-3) unstable; urgency=low
 
   * 04_mbox_index.patch: patch from upstream git. Correctly display 

Added: wheezy/evolution-data-server/debian/patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch
URL: http://svn.debian.org/wsvn/pkg-evolution/wheezy/evolution-data-server/debian/patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch?rev=2641&op=file
==============================================================================
--- wheezy/evolution-data-server/debian/patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch	(added)
+++ wheezy/evolution-data-server/debian/patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch	Sun Nov  2 18:51:20 2014
@@ -0,0 +1,107 @@
+Description: Enable all SSL/TLS versions supported by NSS
+Origin: vendor, http://pkgs.fedoraproject.org/cgit/evolution-data-server.git/tree/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch?h=f20
+Author: Milan Crha <mcrha at redhat.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/evolution-data-server/+bug/1382133
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765838
+
+--- a/camel/camel-network-service.c
++++ b/camel/camel-network-service.c
+@@ -87,7 +87,8 @@
+ 			stream = camel_tcp_stream_ssl_new (
+ 				session, host,
+ 				CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 |
+-				CAMEL_TCP_STREAM_SSL_ENABLE_SSL3);
++				CAMEL_TCP_STREAM_SSL_ENABLE_SSL3 |
++				CAMEL_TCP_STREAM_SSL_ENABLE_TLS);
+ 			break;
+ 
+ 		default:
+--- a/camel/camel-tcp-stream-ssl.c
++++ b/camel/camel-tcp-stream-ssl.c
+@@ -43,6 +43,8 @@
+ #include <sslerr.h>
+ #include "nss.h"    /* Don't use <> here or it will include the system nss.h instead */
+ #include <ssl.h>
++#include <sslt.h>
++#include <sslproto.h>
+ #include <cert.h>
+ #include <certdb.h>
+ #include <pk11func.h>
+@@ -662,6 +664,9 @@
+             PRFileDesc *fd)
+ {
+ 	PRFileDesc *ssl_fd;
++#if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 14)
++	SSLVersionRange versionStreamSup, versionStream;
++#endif
+ 
+ 	g_assert (fd != NULL);
+ 
+@@ -679,6 +684,7 @@
+ 		SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
+ 	}
+ 
++#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
+ 	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
+ 		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_TRUE);
+ 	else
+@@ -689,6 +695,29 @@
+ 	else
+ 		SSL_OptionSet (ssl_fd, SSL_ENABLE_TLS, PR_FALSE);
+ 
++#else
++	SSL_VersionRangeGetSupported (ssl_variant_stream, &versionStreamSup);
++
++	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
++		versionStream.min = SSL_LIBRARY_VERSION_3_0;
++	else
++		versionStream.min = SSL_LIBRARY_VERSION_TLS_1_0;
++
++	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
++		versionStream.max = versionStreamSup.max;
++	else
++		versionStream.max = SSL_LIBRARY_VERSION_3_0;
++
++	if (versionStream.max < versionStream.min) {
++		PRUint16 tmp;
++
++		tmp = versionStream.max;
++		versionStream.max = versionStream.min;
++		versionStream.min = tmp;
++	}
++
++	SSL_VersionRangeSet (ssl_fd, &versionStream);
++#endif
+ 	SSL_SetURL (ssl_fd, ssl->priv->expected_host);
+ 
+ 	/* NSS provides a default implementation for the SSL_GetClientAuthDataHook callback
+--- a/camel/camel.c
++++ b/camel/camel.c
+@@ -99,6 +99,9 @@
+ 		gchar *nss_sql_configdir = NULL;
+ 		SECStatus status = SECFailure;
+ 		PRUint16 indx;
++#if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 14)
++		SSLVersionRange versionStream;
++#endif
+ 
+ 		if (nss_initlock == NULL) {
+ 			PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
+@@ -189,9 +192,15 @@
+ 		}
+ 
+ 		SSL_OptionSetDefault (SSL_ENABLE_SSL2, PR_TRUE);
+-		SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
+-		SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
+ 		SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_TRUE /* maybe? */);
++#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
++ 		SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
++		SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE); /* Enable TLSv1.0 */
++#else
++		/* Enable all SSL/TLS versions supported by NSS (this API is for SSLv3 and newer). */
++		SSL_VersionRangeGetSupported (ssl_variant_stream, &versionStream);
++		SSL_VersionRangeSetDefault (ssl_variant_stream, &versionStream);
++#endif
+ 
+ 		g_free (nss_configdir);
+ 		g_free (nss_sql_configdir);

Modified: wheezy/evolution-data-server/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-evolution/wheezy/evolution-data-server/debian/patches/series?rev=2641&op=diff
==============================================================================
--- wheezy/evolution-data-server/debian/patches/series	(original)
+++ wheezy/evolution-data-server/debian/patches/series	Sun Nov  2 18:51:20 2014
@@ -3,3 +3,4 @@
 03_EBookBackendSqliteDB_Escape_SQL_strings.patch
 04_mbox_index.patch
 20_gettext_intltool.patch
+evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch

More information about the pkg-evolution-commits mailing list