Your message dated Sat, 06 Jan 2018 15:04:47 +0000 with message-id <e1exq1f-000a6i...@fasolo.debian.org> and subject line Bug#871765: fixed in isync 1.3.0-1 has caused the Debian Bug report #871765, regarding isync: please allow the usage of TLS1.1+ by default to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 871765: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871765 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: isync Version: 1.2.1-2 Severity: important Tags: patch User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal The package uses TLS1.0 by default. The patched should allow using TLS1.0+ by default. Could someone please test this? SebastianFrom: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Fri, 11 Aug 2017 20:49:13 +0200 Subject: [PATCH] Use TLS1.1 and TLS1.2 by default The program uses by default TLSv1.0 at most and enables SSLv3. openssl does not allow SSLv3 so that is not a problem and as of 2017 TLS1.1 and TLS1.2 should not be a problemm as well. Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> --- src/compat/isync.h | 2 ++ src/compat/main.c | 4 ++-- src/drv_imap.c | 4 ++-- src/mbsync.1 | 3 +-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/compat/isync.h b/src/compat/isync.h index 04739005a9b2..baf7e7782df4 100644 --- a/src/compat/isync.h +++ b/src/compat/isync.h @@ -52,6 +52,8 @@ typedef struct config { unsigned int use_sslv2:1; unsigned int use_sslv3:1; unsigned int use_tlsv1:1; + unsigned int use_tlsv1_1:1; + unsigned int use_tlsv1_2:1; char *cert_file; const char *store_name; diff --git a/src/compat/main.c b/src/compat/main.c index 2ad6f07df6e6..b6bd83b8eb5a 100644 --- a/src/compat/main.c +++ b/src/compat/main.c @@ -178,6 +178,8 @@ main( int argc, char **argv ) global.use_namespace = 1; global.require_ssl = 1; global.use_tlsv1 = 1; + global.use_tlsv1_1 = 1; + global.use_tlsv1_2 = 1; folder = ""; maildir = "~"; xmaildir = Home; @@ -254,8 +256,6 @@ main( int argc, char **argv ) if (!strncasecmp( "imaps:", optarg, 6 )) { global.use_imaps = 1; global.port = 993; - global.use_sslv2 = 0; - global.use_sslv3 = 1; optarg += 6; } #endif diff --git a/src/drv_imap.c b/src/drv_imap.c index 5ec3783c1785..094cc95a604e 100644 --- a/src/drv_imap.c +++ b/src/drv_imap.c @@ -2711,7 +2711,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep ) arg += 6; server->ssl_type = SSL_IMAPS; if (server->sconf.ssl_versions == -1) - server->sconf.ssl_versions = SSLv2 | SSLv3 | TLSv1; + server->sconf.ssl_versions = TLSv1 | TLSv1_1 | TLSv1_2; } else #endif if (starts_with( arg, -1, "imap:", 5 )) @@ -2874,7 +2874,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep ) } } else { if (server->sconf.ssl_versions < 0) - server->sconf.ssl_versions = TLSv1; /* Most compatible and still reasonably secure. */ + server->sconf.ssl_versions = TLSv1 | TLSv1_1 | TLSv1_2; if (server->ssl_type < 0) server->ssl_type = server->sconf.tunnel ? SSL_None : SSL_STARTTLS; } diff --git a/src/mbsync.1 b/src/mbsync.1 index fc572b276261..8803bd2c235f 100644 --- a/src/mbsync.1 +++ b/src/mbsync.1 @@ -336,8 +336,7 @@ right after connecting the secure IMAP port 993. Select the acceptable SSL/TLS versions. Use of SSLv2 is strongly discouraged for security reasons, but might be the only option on some very old servers. -Generally, the newest TLS version is recommended, but as this confuses some -servers, \fBTLSv1\fR is the default. +Generally, the newest TLS version is recommended. .. .TP \fBSystemCertificates\fR \fByes\fR|\fBno\fR -- 2.13.3
--- End Message ---
--- Begin Message ---Source: isync Source-Version: 1.3.0-1 We believe that the bug you reported is fixed in the latest version of isync, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 871...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alessandro Ghedini <gh...@debian.org> (supplier of updated isync package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Jan 2018 14:29:45 +0000 Source: isync Binary: isync Architecture: source Version: 1.3.0-1 Distribution: unstable Urgency: medium Maintainer: Nicolas Boullis <nboul...@debian.org> Changed-By: Alessandro Ghedini <gh...@debian.org> Description: isync - IMAP and MailDir mailbox synchronizer Closes: 758172 782054 871765 872420 Changes: isync (1.3.0-1) unstable; urgency=medium . * New upstream release - Enable all TLS versions by default (Closes: #871765) - Support for proper Maildir++ and a Maildir sub-folder naming style (Closes: #758172, #782054) - Fix cross-building (Closes: #872420) * Drop patches merged upstream * Bump Standards-Version to 4.1.3 (no changes needed) * Don't try to rename get-cert * Fix file-contains-trailing-whitespace debian/changelog * Bump debhlper compat level to 11 * Fix useless-autoreconf-build-depends dh-autoreconf Checksums-Sha1: 1dfe48f4e1da67891cc45ed18943aa9383fb5ad2 1959 isync_1.3.0-1.dsc 07f6d7cfc39ed2678791f625de70cdeff3d3bfba 309459 isync_1.3.0.orig.tar.gz 4ba1bb6bdc76033acfe079febc311c8a2e140340 6840 isync_1.3.0-1.debian.tar.xz 00b8d0581306c9b5748a9be71aff964d51a5d8f5 5782 isync_1.3.0-1_amd64.buildinfo Checksums-Sha256: 83edeb64490eba0a7a91315b0fbe34bd21008132d5e5f867bc618c31581db019 1959 isync_1.3.0-1.dsc 8d5f583976e3119705bdba27fa4fc962e807ff5996f24f354957178ffa697c9c 309459 isync_1.3.0.orig.tar.gz d57af786ad590f1026456f4d10420575ed7908587ec40a54e95790b8c563d809 6840 isync_1.3.0-1.debian.tar.xz f99f800856c43f921b4aaef6ae0fbda6c4b2044cddfba6c76ce5cd81cb8b7eeb 5782 isync_1.3.0-1_amd64.buildinfo Files: 100462c46ca5eff4360b1bcf142467ae 1959 mail optional isync_1.3.0-1.dsc f64e8723ebbb081bc15510586bfa1f8f 309459 mail optional isync_1.3.0.orig.tar.gz 1b319d30e65b623a02adf8c769423533 6840 mail optional isync_1.3.0-1.debian.tar.xz 0f39750b085457292390b1b67f9fbd7b 5782 mail optional isync_1.3.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlpQ3YcACgkQbwzL4CFi RygEvg/9HQTbkPYeg+OPdKkOOl56/kURZUG8SIMyChylP4sQMaFJ595vxVOHGO4A t5pfJO11wCYPcMUKs6hH62PnsH9otiiG3aqmBPY1voR90CrrkM9TXpDXRzzlQotY IlZ4E3JCtb+miFhjVckhp21Cz+SIbLRqLcaq69NGl/WXVWyTUIY0+XqEifj5q2CP +lIGmKkRdwJPswrQhU6I83j6YDkHCZ6IynU8tdn/W3TXnO9gzI+6SkYXIH4OAu8C roLbGVHx94ydgf5PEfq0VXbRrVThH8pOTHSTGD/mZdALbHj4YPvxSHTodjeIppsC k0kJBwdYb5/Nw/M8A9AEMJqjUGj/2JNLHX2mJD+1L8jHoYP8D84C4sn/yXXCwygU Rr9A7mwvS6Rx2kkclByzfRR8MUV3C0u27Wcnd+ymkJRpB/bsmD0ZjuI/xopR+0xg 0ft67gO2vRAue+R2g6O1ykTHsyZ/k7ID5ck4L0uxqugUe7UtXpFV5qkEnyiskVnn fGozFaw57JeheeWNM+PeZLRZCUUzG6q8vTYznVUxBL8/LG3WbqM0mNXxnZJPDvjJ iPO0tTG7QwQaXywKlE2TCTfUvm/3ZovQXK4eUPgXGqTZLnP0FN2uZeSG+HmBzM1H o7faCPbw5V6YggbkL4wLAI1ztOBpLbO8KMUu1Bi5TXJHxk6UYF8= =alCW -----END PGP SIGNATURE-----
--- End Message ---
