On Sun, 22 Oct 2017 18:30:54 +0200 Andreas Metzler <ametz...@bebt.de> wrote: > Package: courier > Version: 0.78.0-2 > Severity: minor > Tags: upstream > User: ametz...@bebt.de > Usertags: deprecated-gnutls-3.6 > > Hello, > > libs/tcpd/libcouriergnutls.c contains this code ... > p->priority_list=safe_getenv(p, "TLS_PRIORITY", > "NORMAL:-CTYPE-OPENPGP"); > [...] > if (gnutls_priority_set_direct(ssl->session, ctx->priority_list, > > i.e. it explicitely disables gnutls support for openpgp certificates. > > GnuTLS stopped enabling OPENPGP certificates by default in 3.0.2 (Sept > 2011). OpenPGP support in gnutls was removed in 3.6.0. (Noop stub > functions are still shipped to avoid ABI breakage.) > > Therefore imho it makes sense to drop the pgp/gnutls code from courier. >
Attaching patch. Regards, Dimitri.
diff -Nru courier-0.78.0/debian/changelog courier-0.78.0/debian/changelog --- courier-0.78.0/debian/changelog 2018-02-02 14:24:05.000000000 +0000 +++ courier-0.78.0/debian/changelog 2018-10-14 21:33:38.000000000 +0100 @@ -1,3 +1,9 @@ +courier (0.78.0-2ubuntu3) cosmic; urgency=medium + + * Disable gnutls OPENPGP certificates. Closes: #879530. + + -- Dimitri John Ledkov <x...@ubuntu.com> Sun, 14 Oct 2018 21:33:38 +0100 + courier (0.78.0-2ubuntu2) bionic; urgency=medium * Rebuild against new libgdbm5. diff -Nru courier-0.78.0/debian/patches/0018-Fix-default-configuration-for-Debian.patch courier-0.78.0/debian/patches/0018-Fix-default-configuration-for-Debian.patch --- courier-0.78.0/debian/patches/0018-Fix-default-configuration-for-Debian.patch 2017-09-12 20:55:55.000000000 +0100 +++ courier-0.78.0/debian/patches/0018-Fix-default-configuration-for-Debian.patch 2018-10-14 21:33:00.000000000 +0100 @@ -35,6 +35,18 @@ ##NAME: COURIERTLS:0 # +@@ -146,9 +146,9 @@ + # + # Set TLS protocol priority settings (GnuTLS only) + # +-# DEFAULT: NORMAL:-CTYPE-OPENPGP ++# DEFAULT: NORMAL + # +-# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" ++# TLS_PRIORITY="NORMAL" + # + # This setting is also used to select the available ciphers. + # --- a/courier/module.esmtp/esmtpd.dist.in +++ b/courier/module.esmtp/esmtpd.dist.in @@ -36,7 +36,7 @@ @@ -62,6 +74,18 @@ ##NAME: TARPIT:1 # +@@ -135,9 +135,9 @@ + # + # Set TLS protocol priority settings (GnuTLS only) + # +-# DEFAULT: NORMAL:-CTYPE-OPENPGP ++# DEFAULT: NORMAL + # +-# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" ++# TLS_PRIORITY="NORMAL" + + ##NAME: TLS_PROTOCOL:0 + # @@ -211,7 +211,7 @@ # In all cases, $TLS_CERTFILE needs to be linked to one of the existing # certificate files. @@ -99,6 +123,15 @@ ##NAME: IMAPDSTARTTLS:0 # +@@ -110,7 +110,7 @@ + # + # Set TLS protocol priority settings (GnuTLS only) + # +-# DEFAULT: NORMAL:-CTYPE-OPENPGP ++# DEFAULT: NORMAL + # + # This setting is also used to select the available ciphers. + # --- a/libs/imap/imapd.dist.in +++ b/libs/imap/imapd.dist.in @@ -57,7 +57,7 @@ @@ -139,6 +172,18 @@ ##NAME: POP3_STARTTLS:0 # +@@ -93,9 +93,9 @@ + # + # Set TLS protocol priority settings (GnuTLS only) + # +-# DEFAULT: NORMAL:-CTYPE-OPENPGP ++# DEFAULT: NORMAL + # +-# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" ++# TLS_PRIORITY="NORMAL" + # + # This setting is also used to select the available ciphers. + # --- a/libs/imap/pop3d.dist.in +++ b/libs/imap/pop3d.dist.in @@ -146,7 +146,7 @@ @@ -150,3 +195,28 @@ ##NAME: POP3_LOG_DELETIONS:0 # +--- a/courier/courierd.dist.in ++++ b/courier/courierd.dist.in +@@ -280,9 +280,9 @@ + # + # Set TLS protocol priority settings (GnuTLS only) + # +-# DEFAULT: NORMAL:-CTYPE-OPENPGP ++# DEFAULT: NORMAL + # +-# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" ++# TLS_PRIORITY="NORMAL" + # + # This setting is also used to select the available ciphers. + # +--- a/libs/tcpd/libcouriergnutls.c ++++ b/libs/tcpd/libcouriergnutls.c +@@ -239,7 +239,7 @@ + } + + p->priority_list=safe_getenv(p, "TLS_PRIORITY", +- "NORMAL:-CTYPE-OPENPGP"); ++ "NORMAL"); + + if ((certfile=strdup(safe_getenv(p, "TLS_CERTFILE", ""))) == NULL || + (p->trustcerts=strdup(safe_getenv(p, "TLS_TRUSTCERTS", "")))
