X-Git-Url: https://git.tld-linux.org/?p=packages%2Fspamassassin.git;a=blobdiff_plain;f=disable_sslv3;fp=disable_sslv3;h=0000000000000000000000000000000000000000;hp=794f07f90ec7935b681fd4061756ba1936a34a74;hb=6df75f9a0363eb6cd04fb8482185460861d7fd47;hpb=31d299da7461e63fbed924ba5134550f1107eb7c diff --git a/disable_sslv3 b/disable_sslv3 deleted file mode 100644 index 794f07f..0000000 --- a/disable_sslv3 +++ /dev/null @@ -1,276 +0,0 @@ -Index: spamassassin-3.4.1/spamc/libspamc.c -=================================================================== ---- spamassassin-3.4.1.orig/spamc/libspamc.c -+++ spamassassin-3.4.1/spamc/libspamc.c -@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp, - unsigned int throwaway; - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; -- SSL_METHOD *meth; -+ const SSL_METHOD *meth; - char zlib_on = 0; - unsigned char *zlib_buf = NULL; - int zlib_bufsiz = 0; -@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp, - if (flags & SPAMC_USE_SSL) { - #ifdef SPAMC_SSL - SSLeay_add_ssl_algorithms(); -- if (flags & SPAMC_TLSV1) { -- meth = TLSv1_client_method(); -- } else { -- meth = SSLv3_client_method(); /* default */ -- } -+ meth = SSLv23_client_method(); - SSL_load_error_strings(); - ctx = SSL_CTX_new(meth); - #else -@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c - int failureval; - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; -- SSL_METHOD *meth; -+ const SSL_METHOD *meth; - - assert(tp != NULL); - assert(m != NULL); -@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c - if (flags & SPAMC_USE_SSL) { - #ifdef SPAMC_SSL - SSLeay_add_ssl_algorithms(); -- meth = SSLv3_client_method(); -+ meth = SSLv23_client_method(); - SSL_load_error_strings(); - ctx = SSL_CTX_new(meth); - #else -Index: spamassassin-3.4.1/spamc/spamc.c -=================================================================== ---- spamassassin-3.4.1.orig/spamc/spamc.c -+++ spamassassin-3.4.1/spamc/spamc.c -@@ -368,16 +368,11 @@ read_args(int argc, char **argv, - case 'S': - { - flags |= SPAMC_USE_SSL; -- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) { -- flags |= SPAMC_SSLV3; -- } -- else if (strcmp(spamc_optarg,"tlsv1") == 0) { -- flags |= SPAMC_TLSV1; -- } -- else { -- libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg); -- ret = EX_USAGE; -- } -+ if(spamc_optarg) { -+ libspamc_log(flags, LOG_ERR, -+ "Explicit specification of an SSL/TLS version no longer supported."); -+ ret = EX_USAGE; -+ } - break; - } - #endif -Index: spamassassin-3.4.1/spamd/spamd.raw -=================================================================== ---- spamassassin-3.4.1.orig/spamd/spamd.raw -+++ spamassassin-3.4.1/spamd/spamd.raw -@@ -409,7 +409,6 @@ GetOptions( - 'sql-config!' => \$opt{'sql-config'}, - 'ssl' => \$opt{'ssl'}, - 'ssl-port=s' => \$opt{'ssl-port'}, -- 'ssl-version=s' => \$opt{'ssl-version'}, - 'syslog-socket=s' => \$opt{'syslog-socket'}, - 'syslog|s=s' => \$opt{'syslog'}, - 'log-timestamp-fmt:s' => \$opt{'log-timestamp-fmt'}, -@@ -743,11 +742,6 @@ if ( defined $ENV{'HOME'} ) { - - # Do whitelist later in tmp dir. Side effect: this will be done as -u user. - --my $sslversion = $opt{'ssl-version'} || 'sslv3'; --if ($sslversion !~ /^(?:sslv3|tlsv1)$/) { -- die "spamd: invalid ssl-version: $opt{'ssl-version'}\n"; --} -- - $opt{'server-key'} ||= "$LOCAL_RULES_DIR/certs/server-key.pem"; - $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem"; - -@@ -898,9 +892,8 @@ sub compose_listen_info_string { - $socket_info->{ip_addr}, $socket_info->{port})); - - } elsif ($socket->isa('IO::Socket::SSL')) { -- push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s", -- $socket_info->{ip_addr}, $socket_info->{port}, -- $opt{'ssl-version'}||'sslv3')); -+ push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr}, -+ $socket_info->{port})); - } - } - -@@ -1071,7 +1064,6 @@ sub server_sock_setup_inet { - $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP' - && IO::Socket::IP->VERSION >= 0.09; - %sockopt = (%sockopt, ( -- SSL_version => $sslversion, - SSL_verify_mode => 0x00, - SSL_key_file => $opt{'server-key'}, - SSL_cert_file => $opt{'server-cert'}, -@@ -1092,7 +1084,8 @@ sub server_sock_setup_inet { - if (!$server_inet) { - $diag = sprintf("could not create %s socket on [%s]:%s: %s", - $ssl ? 'IO::Socket::SSL' : $io_socket_module_name, -- $adr, $port, $!); -+ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ? -+ "$!,$IO::Socket::SSL::SSL_ERROR" : $!); - push(@diag_fail, $diag); - } else { - $diag = sprintf("created %s socket on [%s]:%s", -@@ -3232,7 +3225,6 @@ Options: - -H [dir], --helper-home-dir[=dir] Specify a different HOME directory - --ssl Enable SSL on TCP connections - --ssl-port port Override --port setting for SSL connections -- --ssl-version sslversion Specify SSL protocol version to use - --server-key keyfile Specify an SSL keyfile - --server-cert certfile Specify an SSL certificate - --socketpath=path Listen on a given UNIX domain socket -@@ -3720,14 +3712,6 @@ Optionally specifies the port number for - SSL connections (default: whatever --port uses). See B<--ssl> for - more details. - --=item B<--ssl-version>=I -- --Specify the SSL protocol version to use, one of B or B. --The default, B, is the most flexible, accepting a SSLv3 or --higher hello handshake, then negotiating use of SSLv3 or TLSv1 --protocol if the client can accept it. Specifying B<--ssl-version> --implies B<--ssl>. -- - =item B<--server-key> I - - Specify the SSL key file to use for SSL connections. -Index: spamassassin-3.4.1/spamc/spamc.pod -=================================================================== ---- spamassassin-3.4.1.orig/spamc/spamc.pod -+++ spamassassin-3.4.1/spamc/spamc.pod -@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a - Sleep for I seconds between failed spamd filtering attempts. - The default is 1 second. - --=item B<-S>, B<--ssl>, B<--ssl>=I -+=item B<-S>, B<--ssl>, B<--ssl> - - If spamc was built with support for SSL, encrypt data to and from the - spamd process with SSL; spamd must support SSL as well. --I specifies the SSL protocol version to use, either --C, or C. The default, is C. - - =item B<-t> I, B<--timeout>=I - -Index: spamassassin-3.4.1/t/spamd_ssl_tls.t -=================================================================== ---- spamassassin-3.4.1.orig/t/spamd_ssl_tls.t -+++ /dev/null -@@ -1,28 +0,0 @@ --#!/usr/bin/perl -- --use lib '.'; use lib 't'; --use SATest; sa_t_init("spamd_ssl_tls"); --use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); -- --exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); -- --# --------------------------------------------------------------------------- -- --%patterns = ( -- --q{ Return-Path: sb55sb55@yahoo.com}, 'firstline', --q{ Subject: There yours for FREE!}, 'subj', --q{ X-Spam-Status: Yes, score=}, 'status', --q{ X-Spam-Flag: YES}, 'flag', --q{ X-Spam-Level: **********}, 'stars', --q{ TEST_ENDSNUMS}, 'endsinnums', --q{ TEST_NOREALNAME}, 'noreal', --q{ This must be the very last line}, 'lastline', -- -- --); -- --ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert", -- "--ssl=tlsv1 < data/spam/001", -- \&patterns_run_cb)); --ok_all_patterns(); -Index: spamassassin-3.4.1/t/spamd_ssl_v3.t -=================================================================== ---- spamassassin-3.4.1.orig/t/spamd_ssl_v3.t -+++ /dev/null -@@ -1,28 +0,0 @@ --#!/usr/bin/perl -- --use lib '.'; use lib 't'; --use SATest; sa_t_init("spamd_sslv3"); --use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); -- --exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); -- --# --------------------------------------------------------------------------- -- --%patterns = ( -- --q{ Return-Path: sb55sb55@yahoo.com}, 'firstline', --q{ Subject: There yours for FREE!}, 'subj', --q{ X-Spam-Status: Yes, score=}, 'status', --q{ X-Spam-Flag: YES}, 'flag', --q{ X-Spam-Level: **********}, 'stars', --q{ TEST_ENDSNUMS}, 'endsinnums', --q{ TEST_NOREALNAME}, 'noreal', --q{ This must be the very last line}, 'lastline', -- -- --); -- --ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert", -- "--ssl=sslv3 < data/spam/001", -- \&patterns_run_cb)); --ok_all_patterns(); -Index: spamassassin-3.4.1/t/spamd_ssl_accept_fail.t -=================================================================== ---- spamassassin-3.4.1.orig/t/spamd_ssl_accept_fail.t -+++ spamassassin-3.4.1/t/spamd_ssl_accept_fail.t -@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la - - ); - --ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert")); -+ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert")); - ok (spamcrun ("< data/spam/001", \&patterns_run_cb)); --ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb)); -+ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb)); - ok (stop_spamd ()); - - ok_all_patterns(); -Index: spamassassin-3.4.1/t/spamd_ssl.t -=================================================================== ---- spamassassin-3.4.1.orig/t/spamd_ssl.t -+++ spamassassin-3.4.1/t/spamd_ssl.t -@@ -2,10 +2,7 @@ - - use lib '.'; use lib 't'; - use SATest; sa_t_init("spamd_ssl"); --use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9), -- onfail => sub { -- warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms require that you" . -- "\nspecify a protocol in spamc --ssl option, and possibly in spamd --ssl-version.\n\n" }; -+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); - - exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); - -Index: spamassassin-3.4.1/MANIFEST -=================================================================== ---- spamassassin-3.4.1.orig/MANIFEST -+++ spamassassin-3.4.1/MANIFEST -@@ -511,8 +511,6 @@ t/spamd_report_ifspam.t - t/spamd_sql_prefs.t - t/spamd_ssl.t - t/spamd_ssl_accept_fail.t --t/spamd_ssl_tls.t --t/spamd_ssl_v3.t - t/spamd_stop.t - t/spamd_symbols.t - t/spamd_syslog.t