rpms/mutt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

patches removed: verpeers, tlsv1v2; patch adjusted: manhelp

Browse Source
This commit is contained in:
Jan Pacner 2013-12-06 13:04:38 +01:00
parent 93464d2db3
commit 4243f47b39
4 changed files with 39 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
mutt-1.5.21-tlsv1v2.patch
View File

@ -1,146 +0,0 @@
Some servers have problem when connection uses TLS 1.0 or SSL 3.0.
Since openssl offers TLS 1.1 and 1.2, we would like to use these
when connecting to server, while having ability to disable these
protocols if needed.
https://bugzilla.redhat.com/show_bug.cgi?id=957840
Upstream related bug report:
http://dev.mutt.org/trac/ticket/3571
diff -up mutt-1.5.21/init.h.tlsv1v2 mutt-1.5.21/init.h
--- mutt-1.5.21/init.h.tlsv1v2 2013-06-27 12:46:14.120389035 +0200
+++ mutt-1.5.21/init.h 2013-06-27 12:47:28.020387743 +0200
@@ -2970,6 +2970,18 @@ struct option_t MuttVars[] = {
** This variable specifies whether to attempt to use TLSv1 in the
** SSL authentication process.
*/
+ { "ssl_use_tlsv1_1", DT_BOOL, R_NONE, OPTTLSV1_1, 1 },
+ /*
+ ** .pp
+ ** This variable specifies whether to attempt to use TLSv1.1 in the
+ ** SSL authentication process.
+ */
+ { "ssl_use_tlsv1_2", DT_BOOL, R_NONE, OPTTLSV1_2, 1 },
+ /*
+ ** .pp
+ ** This variable specifies whether to attempt to use TLSv1.2 in the
+ ** SSL authentication process.
+ */
#ifdef USE_SSL_OPENSSL
{ "ssl_usesystemcerts", DT_BOOL, R_NONE, OPTSSLSYSTEMCERTS, 1 },
/*
diff -up mutt-1.5.21/mutt.h.tlsv1v2 mutt-1.5.21/mutt.h
--- mutt-1.5.21/mutt.h.tlsv1v2 2010-09-13 19:19:55.000000000 +0200
+++ mutt-1.5.21/mutt.h 2013-06-27 12:47:28.020387743 +0200
@@ -376,6 +376,8 @@ enum
# endif /* USE_SSL_GNUTLS */
OPTSSLV3,
OPTTLSV1,
+ OPTTLSV1_1,
+ OPTTLSV1_2,
OPTSSLFORCETLS,
OPTSSLVERIFYDATES,
OPTSSLVERIFYHOST,
diff -up mutt-1.5.21/mutt_ssl.c.tlsv1v2 mutt-1.5.21/mutt_ssl.c
--- mutt-1.5.21/mutt_ssl.c.tlsv1v2 2010-08-25 18:31:40.000000000 +0200
+++ mutt-1.5.21/mutt_ssl.c 2013-06-27 12:47:28.021387743 +0200
@@ -106,6 +106,18 @@ int mutt_ssl_starttls (CONNECTION* conn)
dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL_CTX\n"));
goto bail_ssldata;
}
+#ifdef SSL_OP_NO_TLSv1_1
+ if (!option(OPTTLSV1_1))
+ {
+ SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_1);
+ }
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+ if (!option(OPTTLSV1_2))
+ {
+ SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_2);
+ }
+#endif
ssl_get_client_cert(ssldata, conn);
@@ -303,6 +315,21 @@ static int ssl_socket_open (CONNECTION *
{
SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1);
}
+ /* TLSv1.1/1.2 support was added in OpenSSL 1.0.1, but some OS distros such
+ * as Fedora 17 are on OpenSSL 1.0.0.
+ */
+#ifdef SSL_OP_NO_TLSv1_1
+ if (!option(OPTTLSV1_1))
+ {
+ SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1_1);
+ }
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+ if (!option(OPTTLSV1_2))
+ {
+ SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1_2);
+ }
+#endif
if (!option(OPTSSLV2))
{
SSL_CTX_set_options(data->ctx, SSL_OP_NO_SSLv2);
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.tlsv1v2 mutt-1.5.21/mutt_ssl_gnutls.c
--- mutt-1.5.21/mutt_ssl_gnutls.c.tlsv1v2 2013-06-27 12:46:14.123389035 +0200
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2013-06-27 12:47:28.018387743 +0200
@@ -238,7 +238,11 @@ err_crt:
gnutls_x509_crt_deinit (clientcrt);
}
-static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
+/* This array needs to be large enough to hold all the possible values support
+ * by Mutt. The initialized values are just placeholders--the array gets
+ * overwrriten in tls_negotiate() depending on the $ssl_use_* options.
+ */
+static int protocol_priority[] = {GNUTLS_TLS1_2, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3, 0};
/* tls_negotiate: After TLS state has been initialised, attempt to negotiate
* TLS over the wire, including certificate checks. */
@@ -246,6 +250,7 @@ static int tls_negotiate (CONNECTION * c
{
tlssockdata *data;
int err;
+ size_t nproto = 0; /* number of tls/ssl protocols */
data = (tlssockdata *) safe_calloc (1, sizeof (tlssockdata));
conn->sockdata = data;
@@ -286,22 +291,22 @@ static int tls_negotiate (CONNECTION * c
/* set socket */
gnutls_transport_set_ptr (data->state, (gnutls_transport_ptr)conn->fd);
+ if (option(OPTTLSV1_2))
+ protocol_priority[nproto++] = GNUTLS_TLS1_2;
+ if (option(OPTTLSV1_1))
+ protocol_priority[nproto++] = GNUTLS_TLS1_1;
+ if (option(OPTTLSV1))
+ protocol_priority[nproto++] = GNUTLS_TLS1;
+ if (option(OPTSSLV3))
+ protocol_priority[nproto++] = GNUTLS_SSL3;
+ protocol_priority[nproto] = 0;
+
/* disable TLS/SSL protocols as needed */
- if (!option(OPTTLSV1) && !option(OPTSSLV3))
+ if (nproto == 0)
{
mutt_error (_("All available protocols for TLS/SSL connection disabled"));
goto fail;
}
- else if (!option(OPTTLSV1))
- {
- protocol_priority[0] = GNUTLS_SSL3;
- protocol_priority[1] = 0;
- }
- else if (!option(OPTSSLV3))
- {
- protocol_priority[0] = GNUTLS_TLS1;
- protocol_priority[1] = 0;
- }
/*
else
use the list set above

48
mutt-1.5.21-verpeers.patch
View File

@ -1,48 +0,0 @@
Function gnutls_certificate_verify_peers is deprecated so we should
rather use gnutls_certificate_verify_peers2. This is a fix applied
by upstream.
Upstream bug report: http://dev.mutt.org/trac/ticket/3516
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.verpeers mutt-1.5.21/mutt_ssl_gnutls.c
--- mutt-1.5.21/mutt_ssl_gnutls.c.verpeers 2013-03-04 15:19:56.144838094 +0100
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2013-03-04 15:19:56.378838087 +0100
@@ -946,22 +946,23 @@ static int tls_check_one_certificate (co
/* sanity-checking wrapper for gnutls_certificate_verify_peers */
static gnutls_certificate_status tls_verify_peers (gnutls_session tlsstate)
{
- gnutls_certificate_status certstat;
+ int verify_ret;
+ unsigned int status;
- certstat = gnutls_certificate_verify_peers (tlsstate);
- if (!certstat)
- return certstat;
+ verify_ret = gnutls_certificate_verify_peers2 (tlsstate, &status);
+ if (!verify_ret)
+ return status;
- if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND)
+ if (status == GNUTLS_E_NO_CERTIFICATE_FOUND)
{
mutt_error (_("Unable to get certificate from peer"));
mutt_sleep (2);
return 0;
}
- if (certstat < 0)
+ if (verify_ret < 0)
{
mutt_error (_("Certificate verification error (%s)"),
- gnutls_strerror (certstat));
+ gnutls_strerror (status));
mutt_sleep (2);
return 0;
}
@@ -974,7 +975,7 @@ static gnutls_certificate_status tls_ver
return 0;
}
- return certstat;
+ return status;
}
static int tls_check_certificate (CONNECTION* conn)

36
mutt-1.5.22-manhelp.patch Normal file
View File

@ -0,0 +1,36 @@
diff -up mutt-1.5.21/doc/manual.html.manhelp mutt-1.5.21/doc/manual.html
--- mutt-1.5.21/doc/manual.html.manhelp 2013-05-20 17:01:07.570442214 +0200
+++ mutt-1.5.21/doc/manual.html 2013-05-20 17:01:13.082442117 +0200
@@ -4171,7 +4171,7 @@ case-insensitivity).
Running <code class="literal">mutt</code> with no arguments will make Mutt attempt
to read your spool mailbox. However, it is possible to read other
mailboxes and to send messages from the command line as well.
-</p><div class="table"><a id="tab-commandline-options"></a><p class="title"><b>Table 9.1. Command line options</b></p><div class="table-contents"><table summary="Command line options" border="1"><colgroup><col /><col /></colgroup><thead><tr><th>Option</th><th>Description</th></tr></thead><tbody><tr><td>-A</td><td>expand an alias</td></tr><tr><td>-a</td><td>attach a file to a message</td></tr><tr><td>-b</td><td>specify a blind carbon-copy (BCC) address</td></tr><tr><td>-c</td><td>specify a carbon-copy (Cc) address</td></tr><tr><td>-D</td><td>print the value of all Mutt variables to stdout</td></tr><tr><td>-e</td><td>specify a config command to be run after initialization files are read</td></tr><tr><td>-f</td><td>specify a mailbox to load</td></tr><tr><td>-F</td><td>specify an alternate file to read initialization commands</td></tr><tr><td>-h</td><td>print help on command line options</td></tr><tr><td>-H</td><td>specify a draft file from which to read a header and body</td></tr><tr><td>-i</td><td>specify a file to include in a message composition</td></tr><tr><td>-m</td><td>specify a default mailbox type</td></tr><tr><td>-n</td><td>do not read the system Muttrc</td></tr><tr><td>-p</td><td>recall a postponed message</td></tr><tr><td>-Q</td><td>query a configuration variable</td></tr><tr><td>-R</td><td>open mailbox in read-only mode</td></tr><tr><td>-s</td><td>specify a subject (enclose in quotes if it contains spaces)</td></tr><tr><td>-v</td><td>show version number and compile-time definitions</td></tr><tr><td>-x</td><td>simulate the mailx(1) compose mode</td></tr><tr><td>-y</td><td>show a menu containing the files specified by the <span class="command"><strong>mailboxes</strong></span> command</td></tr><tr><td>-z</td><td>exit immediately if there are no messages in the mailbox</td></tr><tr><td>-Z</td><td>open the first folder with new message, exit immediately if none</td></tr></tbody></table></div></div><br class="table-break" /><p>
+</p><div class="table"><a id="tab-commandline-options"></a><p class="title"><b>Table 9.1. Command line options</b></p><div class="table-contents"><table summary="Command line options" border="1"><colgroup><col /><col /></colgroup><thead><tr><th>Option</th><th>Description</th></tr></thead><tbody><tr><td>-A</td><td>expand an alias</td></tr><tr><td>-a</td><td>attach a file to a message</td></tr><tr><td>-b</td><td>specify a blind carbon-copy (BCC) address</td></tr><tr><td>-c</td><td>specify a carbon-copy (Cc) address</td></tr><tr><td>-D</td><td>print the value of all Mutt variables to stdout</td></tr><tr><td>-d</td><td>log debugging output to ~/.muttdebug0 if complied with +DEBUG (level can be 1-5)</td></tr><tr><td>-e</td><td>specify a config command to be run after initialization files are read</td></tr><tr><td>-f</td><td>specify a mailbox to load</td></tr><tr><td>-F</td><td>specify an alternate file to read initialization commands</td></tr><tr><td>-h</td><td>print help on command line options</td></tr><tr><td>-H</td><td>specify a draft file from which to read a header and body</td></tr><tr><td>-i</td><td>specify a file to include in a message composition</td></tr><tr><td>-m</td><td>specify a default mailbox type</td></tr><tr><td>-n</td><td>do not read the system Muttrc</td></tr><tr><td>-p</td><td>recall a postponed message</td></tr><tr><td>-Q</td><td>query a configuration variable</td></tr><tr><td>-R</td><td>open mailbox in read-only mode</td></tr><tr><td>-s</td><td>specify a subject (enclose in quotes if it contains spaces)</td></tr><tr><td>-v</td><td>show version number and compile-time definitions</td></tr><tr><td>-x</td><td>simulate the mailx(1) compose mode</td></tr><tr><td>-y</td><td>show a menu containing the files specified by the <span class="command"><strong>mailboxes</strong></span> command</td></tr><tr><td>-z</td><td>exit immediately if there are no messages in the mailbox</td></tr><tr><td>-Z</td><td>open the first folder with new message, exit immediately if none</td></tr></tbody></table></div></div><br class="table-break" /><p>
To read messages in a mailbox
</p><div class="cmdsynopsis"><p><code class="command">mutt</code> [<code class="option">-nz</code>] [<code class="option">-F</code>
<em class="replaceable"><code>muttrc</code></em>
diff -up mutt-1.5.21/doc/manual.txt.manhelp mutt-1.5.21/doc/manual.txt
--- mutt-1.5.21/doc/manual.txt.manhelp 2013-05-20 17:01:07.935442207 +0200
+++ mutt-1.5.21/doc/manual.txt 2013-05-20 17:01:13.622442108 +0200
@@ -6021,6 +6021,8 @@ Table 9.1. Command line options
|------+----------------------------------------------------------------------|
|-D |print the value of all Mutt variables to stdout |
|------+----------------------------------------------------------------------|
+|-d |log debugging output to ~/.muttdebug0 if complied with +DEBUG (1-5) |
+|------+----------------------------------------------------------------------|
|-e |specify a config command to be run after initialization files are read|
|------+----------------------------------------------------------------------|
|-f |specify a mailbox to load |
diff -up mutt-1.5.21/doc/reference.html.manhelp mutt-1.5.21/doc/reference.html
--- mutt-1.5.21/doc/reference.html.manhelp 2013-05-20 17:01:10.220442167 +0200
+++ mutt-1.5.21/doc/reference.html 2013-05-20 17:01:15.013442084 +0200
@@ -31,7 +31,7 @@ tr { vertical-align: top; }
Running <code class="literal">mutt</code> with no arguments will make Mutt attempt
to read your spool mailbox. However, it is possible to read other
mailboxes and to send messages from the command line as well.
-</p><div class="table"><a id="tab-commandline-options"></a><p class="title"><b>Table 9.1. Command line options</b></p><div class="table-contents"><table summary="Command line options" border="1"><colgroup><col /><col /></colgroup><thead><tr><th>Option</th><th>Description</th></tr></thead><tbody><tr><td>-A</td><td>expand an alias</td></tr><tr><td>-a</td><td>attach a file to a message</td></tr><tr><td>-b</td><td>specify a blind carbon-copy (BCC) address</td></tr><tr><td>-c</td><td>specify a carbon-copy (Cc) address</td></tr><tr><td>-D</td><td>print the value of all Mutt variables to stdout</td></tr><tr><td>-e</td><td>specify a config command to be run after initialization files are read</td></tr><tr><td>-f</td><td>specify a mailbox to load</td></tr><tr><td>-F</td><td>specify an alternate file to read initialization commands</td></tr><tr><td>-h</td><td>print help on command line options</td></tr><tr><td>-H</td><td>specify a draft file from which to read a header and body</td></tr><tr><td>-i</td><td>specify a file to include in a message composition</td></tr><tr><td>-m</td><td>specify a default mailbox type</td></tr><tr><td>-n</td><td>do not read the system Muttrc</td></tr><tr><td>-p</td><td>recall a postponed message</td></tr><tr><td>-Q</td><td>query a configuration variable</td></tr><tr><td>-R</td><td>open mailbox in read-only mode</td></tr><tr><td>-s</td><td>specify a subject (enclose in quotes if it contains spaces)</td></tr><tr><td>-v</td><td>show version number and compile-time definitions</td></tr><tr><td>-x</td><td>simulate the mailx(1) compose mode</td></tr><tr><td>-y</td><td>show a menu containing the files specified by the <span class="command"><strong>mailboxes</strong></span> command</td></tr><tr><td>-z</td><td>exit immediately if there are no messages in the mailbox</td></tr><tr><td>-Z</td><td>open the first folder with new message, exit immediately if none</td></tr></tbody></table></div></div><br class="table-break" /><p>
+</p><div class="table"><a id="tab-commandline-options"></a><p class="title"><b>Table 9.1. Command line options</b></p><div class="table-contents"><table summary="Command line options" border="1"><colgroup><col /><col /></colgroup><thead><tr><th>Option</th><th>Description</th></tr></thead><tbody><tr><td>-A</td><td>expand an alias</td></tr><tr><td>-a</td><td>attach a file to a message</td></tr><tr><td>-b</td><td>specify a blind carbon-copy (BCC) address</td></tr><tr><td>-c</td><td>specify a carbon-copy (Cc) address</td></tr><tr><td>-D</td><td>print the value of all Mutt variables to stdout</td></tr><tr><td>-d</td><td>log debugging output to ~/.muttdebug0 if complied with +DEBUG (level can be 1-5)</td></tr><tr><td>-e</td><td>specify a config command to be run after initialization files are read</td></tr><tr><td>-f</td><td>specify a mailbox to load</td></tr><tr><td>-F</td><td>specify an alternate file to read initialization commands</td></tr><tr><td>-h</td><td>print help on command line options</td></tr><tr><td>-H</td><td>specify a draft file from which to read a header and body</td></tr><tr><td>-i</td><td>specify a file to include in a message composition</td></tr><tr><td>-m</td><td>specify a default mailbox type</td></tr><tr><td>-n</td><td>do not read the system Muttrc</td></tr><tr><td>-p</td><td>recall a postponed message</td></tr><tr><td>-Q</td><td>query a configuration variable</td></tr><tr><td>-R</td><td>open mailbox in read-only mode</td></tr><tr><td>-s</td><td>specify a subject (enclose in quotes if it contains spaces)</td></tr><tr><td>-v</td><td>show version number and compile-time definitions</td></tr><tr><td>-x</td><td>simulate the mailx(1) compose mode</td></tr><tr><td>-y</td><td>show a menu containing the files specified by the <span class="command"><strong>mailboxes</strong></span> command</td></tr><tr><td>-z</td><td>exit immediately if there are no messages in the mailbox</td></tr><tr><td>-Z</td><td>open the first folder with new message, exit immediately if none</td></tr></tbody></table></div></div><br class="table-break" /><p>
To read messages in a mailbox
</p><div class="cmdsynopsis"><p><code class="command">mutt</code> [<code class="option">-nz</code>] [<code class="option">-F</code>
<em class="replaceable"><code>muttrc</code></em>

8
mutt.spec
View File

@ -31,9 +31,8 @@ Patch4: mutt-1.5.18-manual.patch
Patch8: mutt-1.5.21-cabundle.patch
Patch9: mutt-1.5.21-gpgme-1.2.0.patch
Patch13: mutt-1.5.21-syncdebug.patch
Patch16: mutt-1.5.21-verpeers.patch
# FIXME find in upstream +DEBUG0
Patch17: mutt-1.5.21-manhelp.patch
Patch18: mutt-1.5.21-tlsv1v2.patch
Url: http://www.mutt.org/
Requires: mailcap urlview
BuildRequires: ncurses-devel
@ -73,9 +72,7 @@ for selecting groups of messages.
%patch8 -p1 -b .cabundle
%patch9 -p1 -b .gpgme-1.2.0
%patch13 -p1 -b .syncdebug
%patch16 -p1 -b .verpeers
%patch17 -p1 -b .manhelp
%patch18 -p1 -b .tlsv1v2
sed -i -r 's/`$GPGME_CONFIG --libs`/"\0 -lgpg-error"/' configure
# disable dotlock program
@ -168,7 +165,8 @@ ln -sf ./muttrc.5 $RPM_BUILD_ROOT%{_mandir}/man5/muttrc.local.5
- new release (Resolves: #1034263)
- use inline sed instead of nodotlock patch
- patches removed: testcert, hdrcnt, certscomp, updating, pophash,
notation, writehead, tmpdir
notation, writehead, tmpdir, verpeers, tlsv1v2
- manhelp patch adjusted (only DEBUG logging capability was left)
* Mon Oct 21 2013 Honza Horak <hhorak@redhat.com> - 5:1.5.21-26
- Fixed patch for certificates comparison