[evolution-data-server/f20] Add patch for Red Hat bug #1153052 (Enable TLS for SSL Camel connections)
Milan Crha
mcrha at fedoraproject.org
Thu Oct 16 15:15:49 UTC 2014
commit 3208754c16c352f89e9ba0666665233317484ede
Author: Milan Crha <mcrha at redhat.com>
Date: Thu Oct 16 17:15:23 2014 +0200
Add patch for Red Hat bug #1153052 (Enable TLS for SSL Camel connections)
...a-server-3.10.4-poodle-enable-tls-for-ssl.patch | 89 ++++++++++++++++++++
evolution-data-server.spec | 9 ++-
2 files changed, 97 insertions(+), 1 deletions(-)
---
diff --git a/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch b/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch
new file mode 100644
index 0000000..79a4f97
--- /dev/null
+++ b/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch
@@ -0,0 +1,89 @@
+diff -up evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c.poodle-enable-tls-for-ssl evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c
+--- evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c.poodle-enable-tls-for-ssl 2013-12-08 19:42:50.000000000 +0100
++++ evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c 2014-10-16 17:11:27.980521481 +0200
+@@ -43,6 +43,8 @@
+ #include <sslerr.h>
+ #include "nss.h" /* Don't use <> here or it will include the system nss.h instead */
+ #include <ssl.h>
++#include <sslt.h>
++#include <sslproto.h>
+ #include <cert.h>
+ #include <certdb.h>
+ #include <pk11func.h>
+@@ -545,6 +547,9 @@ enable_ssl (CamelTcpStreamSSL *ssl,
+ {
+ PRFileDesc *ssl_fd;
+ static gchar v2_enabled = -1;
++#if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 14)
++ SSLVersionRange versionStreamSup, versionStream;
++#endif
+
+ g_assert (fd != NULL);
+
+@@ -575,6 +580,7 @@ enable_ssl (CamelTcpStreamSSL *ssl,
+ SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
+ }
+
++#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
+ if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
+ SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_TRUE);
+ else
+@@ -585,6 +591,29 @@ enable_ssl (CamelTcpStreamSSL *ssl,
+ else
+ SSL_OptionSet (ssl_fd, SSL_ENABLE_TLS, PR_FALSE);
+
++#else
++ SSL_VersionRangeGetSupported (ssl_variant_stream, &versionStreamSup);
++
++ if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
++ versionStream.min = SSL_LIBRARY_VERSION_3_0;
++ else
++ versionStream.min = SSL_LIBRARY_VERSION_TLS_1_0;
++
++ if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
++ versionStream.max = versionStreamSup.max;
++ else
++ versionStream.max = SSL_LIBRARY_VERSION_3_0;
++
++ if (versionStream.max < versionStream.min) {
++ PRUint16 tmp;
++
++ tmp = versionStream.max;
++ versionStream.max = versionStream.min;
++ versionStream.min = tmp;
++ }
++
++ SSL_VersionRangeSet (ssl_fd, &versionStream);
++#endif
+ SSL_SetURL (ssl_fd, ssl->priv->expected_host);
+
+ /* NSS provides a default implementation for the SSL_GetClientAuthDataHook callback
+diff -up evolution-data-server-3.10.4/camel/camel.c.poodle-enable-tls-for-ssl evolution-data-server-3.10.4/camel/camel.c
+--- evolution-data-server-3.10.4/camel/camel.c.poodle-enable-tls-for-ssl 2013-12-08 19:42:49.000000000 +0100
++++ evolution-data-server-3.10.4/camel/camel.c 2014-10-16 17:11:27.980521481 +0200
+@@ -100,6 +100,9 @@ camel_init (const gchar *configdir,
+ gchar *nss_configdir = NULL;
+ gchar *nss_sql_configdir = NULL;
+ SECStatus status = SECFailure;
++#if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 14)
++ SSLVersionRange versionStream;
++#endif
+
+ #if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
+ /* NSS pre-3.14 has most of the ciphers disabled, thus enable
+@@ -212,8 +215,14 @@ skip_nss_init:
+
+ SSL_OptionSetDefault (SSL_ENABLE_SSL2, v2_enabled ? PR_TRUE : PR_FALSE);
+ SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
++#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
+ SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
+- SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
++ SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE); /* Enable TLSv1.0 */
++#else
++ /* Enable all SSL/TLS versions supported by NSS (this API is for SSLv3 and newer). */
++ SSL_VersionRangeGetSupported (ssl_variant_stream, &versionStream);
++ SSL_VersionRangeSetDefault (ssl_variant_stream, &versionStream);
++#endif
+
+ PR_Unlock (nss_initlock);
+
diff --git a/evolution-data-server.spec b/evolution-data-server.spec
index d844579..a7f9cce 100644
--- a/evolution-data-server.spec
+++ b/evolution-data-server.spec
@@ -29,7 +29,7 @@
Name: evolution-data-server
Version: 3.10.4
-Release: 5%{?dist}
+Release: 6%{?dist}
Group: System Environment/Libraries
Summary: Backend data server for Evolution
License: LGPLv2+
@@ -57,6 +57,9 @@ Patch04: evolution-data-server-3.10.4-crash-ldap-stop-view.patch
# GNOME bug #735311/RH bug #1126153
Patch05: evolution-data-server-3.10.4-google-caldav-login.patch
+# RH bug #1153052
+Patch06: evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch
+
### Dependencies ###
Requires: dconf
@@ -140,6 +143,7 @@ This package contains developer documentation for %{name}.
%patch03 -p1 -b .calendar-get-timezone-check
%patch04 -p1 -b .crash-ldap-stop-view
%patch05 -p1 -b .google-caldav-login
+%patch06 -p1 -b .poodle-enable-tls-for-ssl
mkdir -p krb5-fakeprefix/include
mkdir -p krb5-fakeprefix/lib
@@ -388,6 +392,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
%{_datadir}/gtk-doc/html/libedataserver
%changelog
+* Thu Oct 16 2014 Milan Crha <mcrha at redhat.com> - 3.10.4-6
+- Add patch for Red Hat bug #1153052 (Enable TLS for SSL Camel connections)
+
* Thu Sep 11 2014 Milan Crha <mcrha at redhat.com> - 3.10.4-5
- Add patch for Red Hat bug #1126153 (Google CalDAV calendar login issues)
More information about the scm-commits
mailing list