mailx/mailx-12.5-openssl-1.1.0f.patch

---
 mailx.1   |    5 +++++
 openssl.c |   29 ++++++++++++++++++++++++++---
 2 files changed, 31 insertions(+), 3 deletions(-)

--- mailx.1
+++ mailx.1	2017-06-13 10:10:21.024015088 +0000
@@ -2723,6 +2723,8 @@ Only applicable if SSL/TLS support is bu
 Accept SSLv2 connections.
 These are normally not allowed
 because this protocol version is insecure.
+.br
+.B WARNING: on modern systems SSLv2 as well as SSLv3 are deprecated!
 .TP
 .B stealthmua
 Inhibits the generation of
@@ -3609,6 +3611,9 @@ for a specific account.
 Gives the pathname to an entropy daemon socket,
 see
 .IR RAND_egd (3).
+.br
+.B WARNING: On Linux this API is ignored, use the string option
+.B ssl-rand-file.
 .TP
 .B ssl-rand-file
 Gives the pathname to a file with entropy data,
--- openssl.c
+++ openssl.c	2017-06-13 10:05:15.133697760 +0000
@@ -138,7 +138,12 @@ ssl_rand_init(void)
 
 	if ((cp = value("ssl-rand-egd")) != NULL) {
 		cp = expand(cp);
-		if (RAND_egd(cp) == -1) {
+#ifndef OPENSSL_NO_EGD
+		if (RAND_egd(cp) == -1)
+#else
+		if (1)
+#endif
+		{
 			fprintf(stderr, catgets(catd, CATSET, 245,
 				"entropy daemon at \"%s\" not available\n"),
 					cp);
@@ -221,12 +226,13 @@ ssl_select_method(const char *uhp)
 
 	cp = ssl_method_string(uhp);
 	if (cp != NULL) {
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010006fL
 #ifndef OPENSSL_NO_SSL2
 		if (equal(cp, "ssl2"))
 			method = SSLv2_client_method();
 		else
-#endif 
-            if (equal(cp, "ssl3"))
+#endif
+		if (equal(cp, "ssl3"))
 			method = SSLv3_client_method();
 		else if (equal(cp, "tls1"))
 			method = TLSv1_client_method();
@@ -235,8 +241,25 @@ ssl_select_method(const char *uhp)
 					"Invalid SSL method \"%s\"\n"), cp);
 			method = SSLv23_client_method();
 		}
+#else
+		method = NULL;
+		if (equal(cp, "tls"))
+			method = TLS_client_method();
+		else if (equal(cp, "dtls"))
+			method = DTLS_client_method();
+
+		if (!method) {
+			fprintf(stderr, catgets(catd, CATSET, 244,
+					"Invalid SSL method \"%s\"\n"), cp);
+			method = TLS_client_method();
+		}
+#endif
 	} else
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010006fL
 		method = SSLv23_client_method();
+#else
+		method = TLS_client_method();
+#endif
 	return method;
 }
boo #1042663 OBS-URL: https://build.opensuse.org/package/show/server:mail/mailx?expand=0&rev=50 2017-06-12 13:13:44 +02:00			`---`
. OBS-URL: https://build.opensuse.org/package/show/server:mail/mailx?expand=0&rev=54 2017-06-13 12:12:52 +02:00			`mailx.1 \| 5 +++++`
boo #1042663 OBS-URL: https://build.opensuse.org/package/show/server:mail/mailx?expand=0&rev=50 2017-06-12 13:13:44 +02:00			`openssl.c \| 29 ++++++++++++++++++++++++++---`
. OBS-URL: https://build.opensuse.org/package/show/server:mail/mailx?expand=0&rev=54 2017-06-13 12:12:52 +02:00			`2 files changed, 31 insertions(+), 3 deletions(-)`
boo #1042663 OBS-URL: https://build.opensuse.org/package/show/server:mail/mailx?expand=0&rev=50 2017-06-12 13:13:44 +02:00
. OBS-URL: https://build.opensuse.org/package/show/server:mail/mailx?expand=0&rev=54 2017-06-13 12:12:52 +02:00			`--- mailx.1`
			`+++ mailx.1 2017-06-13 10:10:21.024015088 +0000`
			`@@ -2723,6 +2723,8 @@ Only applicable if SSL/TLS support is bu`
			`Accept SSLv2 connections.`
			`These are normally not allowed`
			`because this protocol version is insecure.`
			`+.br`
			`+.B WARNING: on modern systems SSLv2 as well as SSLv3 are deprecated!`
			`.TP`
			`.B stealthmua`
			`Inhibits the generation of`
			`@@ -3609,6 +3611,9 @@ for a specific account.`
			`Gives the pathname to an entropy daemon socket,`
			`see`
			`.IR RAND_egd (3).`
			`+.br`
			`+.B WARNING: On Linux this API is ignored, use the string option`
			`+.B ssl-rand-file.`
			`.TP`
			`.B ssl-rand-file`
			`Gives the pathname to a file with entropy data,`
boo #1042663 OBS-URL: https://build.opensuse.org/package/show/server:mail/mailx?expand=0&rev=50 2017-06-12 13:13:44 +02:00			`--- openssl.c`
. OBS-URL: https://build.opensuse.org/package/show/server:mail/mailx?expand=0&rev=54 2017-06-13 12:12:52 +02:00			`+++ openssl.c 2017-06-13 10:05:15.133697760 +0000`
boo #1042663 OBS-URL: https://build.opensuse.org/package/show/server:mail/mailx?expand=0&rev=50 2017-06-12 13:13:44 +02:00			`@@ -138,7 +138,12 @@ ssl_rand_init(void)`

			`if ((cp = value("ssl-rand-egd")) != NULL) {`
			`cp = expand(cp);`
			`- if (RAND_egd(cp) == -1) {`
			`+#ifndef OPENSSL_NO_EGD`
			`+ if (RAND_egd(cp) == -1)`
			`+#else`
			`+ if (1)`
			`+#endif`
			`+ {`
			`fprintf(stderr, catgets(catd, CATSET, 245,`
			`"entropy daemon at \"%s\" not available\n"),`
			`cp);`
			`@@ -221,12 +226,13 @@ ssl_select_method(const char *uhp)`

			`cp = ssl_method_string(uhp);`
			`if (cp != NULL) {`
			`+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010006fL`
			`#ifndef OPENSSL_NO_SSL2`
			`if (equal(cp, "ssl2"))`
			`method = SSLv2_client_method();`
			`else`
			`-#endif`
			`- if (equal(cp, "ssl3"))`
			`+#endif`
			`+ if (equal(cp, "ssl3"))`
			`method = SSLv3_client_method();`
			`else if (equal(cp, "tls1"))`
			`method = TLSv1_client_method();`
			`@@ -235,8 +241,25 @@ ssl_select_method(const char *uhp)`
			`"Invalid SSL method \"%s\"\n"), cp);`
			`method = SSLv23_client_method();`
			`}`
			`+#else`
			`+ method = NULL;`
			`+ if (equal(cp, "tls"))`
			`+ method = TLS_client_method();`
			`+ else if (equal(cp, "dtls"))`
			`+ method = DTLS_client_method();`
			`+`
			`+ if (!method) {`
			`+ fprintf(stderr, catgets(catd, CATSET, 244,`
			`+ "Invalid SSL method \"%s\"\n"), cp);`
			`+ method = TLS_client_method();`
			`+ }`
			`+#endif`
			`} else`
			`+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010006fL`
			`method = SSLv23_client_method();`
			`+#else`
			`+ method = TLS_client_method();`
			`+#endif`
			`return method;`
			`}`