diff --git a/.gitignore b/.gitignore index 7cd8a74..7004204 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ mutt-1.5.20-20100718hg1a35f0.tar.bz2 mutt-1.5.21.tar.gz mutt-1.5.22.tar.gz mutt-1.5.23.tar.gz +/mutt-1.5.23-20150609hg17a4f92e4a95.tar.gz +/mutt-1.5.24.tar.gz diff --git a/mutt-1.5.23-ssl_ciphers.patch b/mutt-1.5.23-ssl_ciphers.patch new file mode 100644 index 0000000..a70b70b --- /dev/null +++ b/mutt-1.5.23-ssl_ciphers.patch @@ -0,0 +1,74 @@ +diff -rup mutt-17a4f92e4a95-orig/init.h mutt-17a4f92e4a95/init.h +--- mutt-17a4f92e4a95-orig/init.h 2015-07-30 11:09:54.536930119 +0200 ++++ mutt-17a4f92e4a95/init.h 2015-07-30 11:11:17.383772131 +0200 +@@ -3092,7 +3092,7 @@ struct option_t MuttVars[] = { + ** URL. You should only unset this for particular known hosts, using + ** the \fC$\fP function. + */ +- { "ssl_ciphers", DT_STR, R_NONE, UL &SslCiphers, UL 0 }, ++ { "ssl_ciphers", DT_STR, R_NONE, UL &SslCiphers, UL "@SYSTEM" }, + /* + ** .pp + ** Contains a colon-seperated list of ciphers to use when using SSL. +--- mutt-17a4f92e4a95/mutt_ssl_gnutls.c.ssl_ciphers 2015-08-20 13:19:24.990481900 +0200 ++++ mutt-17a4f92e4a95/mutt_ssl_gnutls.c 2015-08-20 14:37:18.405928684 +0200 +@@ -286,32 +286,35 @@ + else + safe_strcat (priority, priority_size, "NORMAL"); + +- if (! option(OPTTLSV1_2)) ++ if (SslCiphers && strcmp(SslCiphers, "@SYSTEM")) + { +- nproto--; +- safe_strcat (priority, priority_size, ":-VERS-TLS1.2"); +- } +- if (! option(OPTTLSV1_1)) +- { +- nproto--; +- safe_strcat (priority, priority_size, ":-VERS-TLS1.1"); +- } +- if (! option(OPTTLSV1)) +- { +- nproto--; +- safe_strcat (priority, priority_size, ":-VERS-TLS1.0"); +- } +- if (! option(OPTSSLV3)) +- { +- nproto--; +- safe_strcat (priority, priority_size, ":-VERS-SSL3.0"); +- } ++ if (! option(OPTTLSV1_2)) ++ { ++ nproto--; ++ safe_strcat (priority, priority_size, ":-VERS-TLS1.2"); ++ } ++ if (! option(OPTTLSV1_1)) ++ { ++ nproto--; ++ safe_strcat (priority, priority_size, ":-VERS-TLS1.1"); ++ } ++ if (! option(OPTTLSV1)) ++ { ++ nproto--; ++ safe_strcat (priority, priority_size, ":-VERS-TLS1.0"); ++ } ++ if (! option(OPTSSLV3)) ++ { ++ nproto--; ++ safe_strcat (priority, priority_size, ":-VERS-SSL3.0"); ++ } + +- if (nproto == 0) +- { +- mutt_error (_("All available protocols for TLS/SSL connection disabled")); +- FREE (&priority); +- return -1; ++ if (nproto == 0) ++ { ++ mutt_error (_("All available protocols for TLS/SSL connection disabled")); ++ FREE (&priority); ++ return -1; ++ } + } + + if ((err = gnutls_priority_set_direct (data->state, priority, NULL)) < 0) diff --git a/mutt.spec b/mutt.spec index 5219f33..fe4c44c 100644 --- a/mutt.spec +++ b/mutt.spec @@ -17,14 +17,15 @@ Summary: A text mode mail user agent Name: mutt -Version: 1.5.23 -Release: 9%{?dist} +Version: 1.5.24 +Release: 1%{?dist} Epoch: 5 # The entire source code is GPLv2+ except # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain License: GPLv2+ and Public Domain Group: Applications/Internet -Source: ftp://ftp.mutt.org/mutt/devel/mutt-%{version}.tar.gz +# hg snapshot created from http://dev.mutt.org/hg/mutt +Source: %{name}-%{version}.tar.gz Source1: mutt_ldap_query Patch1: mutt-1.5.18-muttrc.patch Patch2: mutt-1.5.21-cabundle.patch @@ -32,9 +33,9 @@ Patch2: mutt-1.5.21-cabundle.patch Patch3: mutt-1.5.21-syncdebug.patch # FIXME make it to upstream Patch4: mutt-1.5.23-add_debug_option.patch -Patch5: mutt-1.5.23-sendlib.patch Patch7: mutt-1.5.23-domainname.patch Patch8: mutt-1.5.23-system_certs.patch +Patch9: mutt-1.5.23-ssl_ciphers.patch Url: http://www.mutt.org/ Requires: mailcap, urlview BuildRequires: ncurses-devel, gettext, automake @@ -82,10 +83,9 @@ autoreconf --install %patch2 -p1 -b .cabundle %patch3 -p1 -b .syncdebug %patch4 -p1 -b .add_debug_option -%patch5 -p1 -b .sendlib %patch7 -p1 -b .domainname -%patch8 -p1 -b .system_certs - +%patch8 -p1 -b .system_certs +%patch9 -p1 -b .ssl_ciphers sed -i -r 's/`$GPGME_CONFIG --libs`/"\0 -lgpg-error"/' configure # disable mutt_dotlock program - remove support from mutt binary @@ -99,6 +99,11 @@ if echo %{release} | grep -E -q '%{hgreldate}'; then echo %{release} | sed -r 's/.*%{hgreldate}.*/"\1-\2-\3";/' >> reldate.h fi +# remove mutt_ssl.c to be sure it won't be used because it violates +# Packaging:CryptoPolicies +# https://fedoraproject.org/wiki/Packaging:CryptoPolicies +rm -f mutt_ssl.c + %build %configure \ @@ -190,6 +195,10 @@ ln -sf ./muttrc.5 $RPM_BUILD_ROOT%{_mandir}/man5/muttrc.local.5 %changelog +* Thu Sep 04 2015 Matej Muzila - 5:1.5.24-1 +- Updated to 1.5.24 (Resolves: rhbz#1259332) +- Utilize system-wide crypto-policies (Resolves: rhbz#1179324) + * Thu Jun 25 2015 Matej Muzila - 5:1.5.23-9 - Make system CA bundle default in mutt - Resolves: #1069778 diff --git a/sources b/sources index 3b69a44..ff43ff6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -11f5b6a3eeba1afa1257fe93c9f26bff mutt-1.5.23.tar.gz +7f25d27f3c7c82285ac07aac35f5f0f2 mutt-1.5.24.tar.gz