Merge ~ahasenack/ubuntu/+source/fetchmail:bionic-fetchmail-gmailssl-1798786 into ubuntu/+source/fetchmail:ubuntu/bionic-devel

Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 3ab0bf68d88e715abf16bc1c7585d277192e888b
Merged at revision: 3ab0bf68d88e715abf16bc1c7585d277192e888b
Proposed branch: ~ahasenack/ubuntu/+source/fetchmail:bionic-fetchmail-gmailssl-1798786
Merge into: ubuntu/+source/fetchmail:ubuntu/bionic-devel
Diff against target: 61 lines (+40/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/series (+1/-0)
debian/patches/sni-support.patch (+32/-0)
Reviewer Review Type Date Requested Status
Robie Basak ~ubuntu-sru Approve
Christian Ehrhardt  (community) Approve
Review via email: mp+368713@code.launchpad.net

Description of the change

The openssl 1.1.1 SRU (https://bugs.launchpad.net/bugs/1797386) made bionic become affected by bug #1798786. This MP is the same patch that was already applied for cosmic and later cherry-picked into bionic.

The same testing instructions from the SRU apply. I tested them myself and confirmed the issue and the fix.

PPA with test packages: https://launchpad.net/~ahasenack/+archive/ubuntu/fetchmail-sni-openssl-update/

sudo add-apt-repository ppa:ahasenack/fetchmail-sni-openssl-updates

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

ubuntu0.1 suggests you need update-maintainers I guess

review: Needs Fixing
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Other than that it LGTM

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hmm, this is in your branch - I wonder why LP doesn't show it
Maintainer: Ubuntu Developers <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Ha is was changed for the "build1" already.
ok, TL;DR +1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Had to update the version number because cosmic already has 6.3.26-3ubuntu0.1, with this fix even.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Yes, that version LGTM as well - thanks for catching that pre-upload

Revision history for this message
Robie Basak (racb) wrote :

+1

review: Approve (~ubuntu-sru)
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, tagged and uploaded:

$ git push pkg upload/6.3.26-3ubuntu0.1_18.04.1
Enumerating objects: 16, done.
Counting objects: 100% (16/16), done.
Delta compression using up to 2 threads
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.06 KiB | 421.00 KiB/s, done.
Total 11 (delta 5), reused 0 (delta 0)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/fetchmail
 * [new tag] upload/6.3.26-3ubuntu0.1_18.04.1 -> upload/6.3.26-3ubuntu0.1_18.04.1

$ dput ubuntu ../fetchmail_6.3.26-3ubuntu0.1~18.04.1_source.changes
Checking signature on .changes
gpg: ../fetchmail_6.3.26-3ubuntu0.1~18.04.1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../fetchmail_6.3.26-3ubuntu0.1~18.04.1.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading fetchmail_6.3.26-3ubuntu0.1~18.04.1.dsc: done.
  Uploading fetchmail_6.3.26-3ubuntu0.1~18.04.1.debian.tar.xz: done.
  Uploading fetchmail_6.3.26-3ubuntu0.1~18.04.1_source.buildinfo: done.
  Uploading fetchmail_6.3.26-3ubuntu0.1~18.04.1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index ab94753..237a349 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+fetchmail (6.3.26-3ubuntu0.1~18.04.1) bionic; urgency=medium
7+
8+ * d/p/sni-support.patch: TLS: set hostname for SNI. Thanks to Matthias
9+ Andree <matthias.andree@gmx.de> (LP: #1798786)
10+
11+ -- Andreas Hasenack <andreas@canonical.com> Wed, 12 Jun 2019 10:46:34 -0300
12+
13 fetchmail (6.3.26-3build1) bionic; urgency=high
14
15 * No change rebuild against openssl1.1.
16diff --git a/debian/patches/series b/debian/patches/series
17index 6739ab6..4df8704 100644
18--- a/debian/patches/series
19+++ b/debian/patches/series
20@@ -1,2 +1,3 @@
21 01_fetchmailconf.patch
22 02_remove_SSLv3.patch
23+sni-support.patch
24diff --git a/debian/patches/sni-support.patch b/debian/patches/sni-support.patch
25new file mode 100644
26index 0000000..b170947
27--- /dev/null
28+++ b/debian/patches/sni-support.patch
29@@ -0,0 +1,32 @@
30+Description: TLS: set hostname for SNI.
31+Author: Matthias Andree <matthias.andree@gmx.de>
32+Origin: upstream, https://gitlab.com/fetchmail/fetchmail/commit/9b8b634312f169fab872f3580c2febe5af031615
33+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/fetchmail/+bug/1798786
34+Last-Update: 2018-10-24
35+---
36+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
37+diff --git a/socket.c b/socket.c
38+index 58a8e15..6aef911 100644
39+--- a/socket.c
40++++ b/socket.c
41+@@ -986,6 +986,20 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
42+ _verify_ok = 1;
43+ _prev_err = -1;
44+
45++ /*
46++ * Support SNI, some servers (googlemail) appear to require it.
47++ */
48++ {
49++ long r;
50++ r = SSL_set_tlsext_host_name(_ssl_context[sock], servercname);
51++
52++ if (0 == r) {
53++ /* handle error */
54++ report(stderr, GT_("Warning: SSL_set_tlsext_host_name(%p, \"%s\") failed (code %#lx), trying to continue.\n"), _ssl_context[sock], servercname, r);
55++ ERR_print_errors_fp(stderr);
56++ }
57++ }
58++
59+ if( mycert || mykey ) {
60+
61+ /* Ok... He has a certificate file defined, so lets declare it. If

Subscribers

People subscribed via source and target branches