Bug#932081: [PATCH] sogo/sope: Unable to connect to a remote IMAP server

Thu, 30 Apr 2020 16:06:15 -0700 

These two patches change sogo and sope to build with wolfSSL. I
successfully built the packages with the patches but did not test them yet.

>From 030619b756b03ef6a7284e1e98282baee5a02c7b Mon Sep 17 00:00:00 2001
From: Bastian Germann <bastiangerm...@fishpost.de>
Date: Thu, 30 Apr 2020 20:26:32 +0200
Subject: [PATCH] Link with wolfssl

Debian bug #932081 reports GnuTLS to cause problems with IMAP connections.
Address this by linking with wolfssl instead of OpenSSL because sogo does
not have a license exception for linking with OpenSSL.

wolfssl is a replacement for OpenSSL which has an API compatible layer.
Use that with a new patch.
---
 debian/control                              |  2 +-
 debian/patches/0005-Link-with-wolfssl.patch | 45 +++++++++++++++++++++
 debian/patches/series                       |  1 +
 debian/rules                                |  2 +-
 4 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 debian/patches/0005-Link-with-wolfssl.patch

diff --git a/debian/control b/debian/control
index addda7e..f30b41e 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends: debhelper-compat (= 12),
  libgnustep-base-dev,
  libxml2-dev,
  libldap2-dev,
- libgnutls28-dev,
+ libwolfssl-dev,
  libpq-dev,
  default-libmysqlclient-dev,
  zlib1g-dev
diff --git a/debian/patches/0005-Link-with-wolfssl.patch b/debian/patches/0005-Link-with-wolfssl.patch
new file mode 100644
index 0000000..b285488
--- /dev/null
+++ b/debian/patches/0005-Link-with-wolfssl.patch
@@ -0,0 +1,45 @@
+From: Bastian Germann <bastiangerm...@fishpost.de>
+Date: Thu, 30 Apr 2020 16:19:07 +0200
+Subject: Link with wolfssl
+
+Link with wolfssl instead of OpenSSL.
+OpenSSL linking would require a license exception for dependent GPL packages.
+---
+ configure                                | 2 +-
+ sope-core/NGStreams/GNUmakefile.preamble | 7 ++++---
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/configure b/configure
+index 9cefbe2..afdf6a3 100755
+--- a/configure
++++ b/configure
+@@ -509,7 +509,7 @@ checkDependencies() {
+           checkLinking "gnutls"  optional;
+       fi;
+   elif test "x$ARG_CFGSSL" = "xssl"; then
+-      checkLinking "ssl"     required;
++      checkLinking "wolfssl"     required;
+   elif test "x$ARG_CFGSSL" = "xgnutls"; then
+       checkLinking "gnutls"  required;
+   fi
+diff --git a/sope-core/NGStreams/GNUmakefile.preamble b/sope-core/NGStreams/GNUmakefile.preamble
+index 5f85e65..8efd3a7 100644
+--- a/sope-core/NGStreams/GNUmakefile.preamble
++++ b/sope-core/NGStreams/GNUmakefile.preamble
+@@ -51,12 +51,13 @@ ADDITIONAL_CPPFLAGS += -DHAVE_GNUTLS=1
+ libNGStreams_LIBRARIES_DEPEND_UPON += -lgnutls
+ NGStreams_LIBRARIES_DEPEND_UPON += -lgnutls
+ else
+-ifeq ($(HAS_LIBRARY_ssl),yes)
++ifeq ($(HAS_LIBRARY_wolfssl),yes)
+ libNGStreams_OBJC_FILES += NGActiveSSLSocket.m
+ NGStreams_OBJC_FILES += NGActiveSSLSocket.m
+ ADDITIONAL_CPPFLAGS += -DHAVE_OPENSSL=1 -DOPENSSL_NO_KRB5
+-libNGStreams_LIBRARIES_DEPEND_UPON += -lssl -lcrypto
+-NGStreams_LIBRARIES_DEPEND_UPON += -lssl -lcrypto
++ADDITIONAL_INCLUDE_DIRS += -I/usr/include/wolfssl
++libNGStreams_LIBRARIES_DEPEND_UPON += -lwolfssl
++NGStreams_LIBRARIES_DEPEND_UPON += -lwolfssl
+ endif
+ endif
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 1a5c500..1ddd70e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 0002-Do-not-build-xmlrpc-and-stxsaxdriver.patch
 0003-Unset-MAKEFLAGS-and-MFLAGS-in-configure.patch
 0004-Fix-FTBFS-on-sh4.patch
+0005-Link-with-wolfssl.patch
diff --git a/debian/rules b/debian/rules
index 3acaf35..e5c5075 100755
--- a/debian/rules
+++ b/debian/rules
@@ -14,7 +14,7 @@ override_dh_auto_clean:
 	dh_auto_clean
 
 override_dh_auto_configure:
-	./configure --disable-strip --with-gnustep --with-ssl=gnutls
+	./configure --disable-strip --with-gnustep --with-ssl=ssl
 
 override_dh_auto_build:
 	$(MAKE) all messages=yes OBJCFLAGS="$(CFLAGS)"
-- 
2.26.2


>From f8403e0152f3b61bb95aabdcaec4558d42e33667 Mon Sep 17 00:00:00 2001
From: Bastian Germann <bastiangerm...@fishpost.de>
Date: Thu, 30 Apr 2020 21:20:49 +0200
Subject: [PATCH] Link with wolfssl (Closes: #932081)

Debian bug #932081 reports GnuTLS to cause problems with IMAP connections.
Address this by linking with wolfssl instead of OpenSSL because sogo does
not have a license exception for linking with OpenSSL.

wolfssl is a replacement for OpenSSL which has an API compatible layer.
Use that with a new patch.
---
 debian/README.Debian                        |  7 -------
 debian/control                              |  2 +-
 debian/patches/0001-Link-with-wolfssl.patch | 23 +++++++++++++++++++++
 debian/patches/series                       |  1 +
 debian/rules                                |  4 +++-
 5 files changed, 28 insertions(+), 9 deletions(-)
 create mode 100644 debian/patches/0001-Link-with-wolfssl.patch

diff --git a/debian/README.Debian b/debian/README.Debian
index 3c7e7717e..9c6a767d2 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -12,13 +12,6 @@ used to run SOGo. This file is parsed as GNUstep defaults in the
 the configuration file (there shouldn't be a "sogod = {" in
 /etc/sogo/sogo.conf).
 
-S/MIME support
-..............
-
-This version of SOGO is linked with GnuTLS instead of OpenSSL. Because
-GnuTLS doesn't implement functions needed to validate S/MIME signatures,
-validation of S/MIME signatures is disabled in the web interface.
-
 Initial setup
 .............
 
diff --git a/debian/control b/debian/control
index 4df9978f4..ecaabee88 100644
--- a/debian/control
+++ b/debian/control
@@ -8,7 +8,7 @@ Build-Depends: debhelper-compat (= 12),
  gobjc,
  libcurl4-gnutls-dev,
  libgnustep-base-dev,
- libgnutls28-dev,
+ libwolfssl-dev,
  liblasso3-dev,
  libldap2-dev,
  libmemcached-dev,
diff --git a/debian/patches/0001-Link-with-wolfssl.patch b/debian/patches/0001-Link-with-wolfssl.patch
new file mode 100644
index 000000000..9d74a6f89
--- /dev/null
+++ b/debian/patches/0001-Link-with-wolfssl.patch
@@ -0,0 +1,23 @@
+From: Bastian Germann <bastiangerm...@fishpost.de>
+Date: Thu, 30 Apr 2020 21:43:38 +0200
+Subject: Link with wolfssl
+
+Link with wolfssl instead of OpenSSL.
+OpenSSL linking would require a license exception.
+---
+ configure | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure b/configure
+index 999dc8f29..4aaafa418 100755
+--- a/configure
++++ b/configure
+@@ -395,7 +395,7 @@ checkDependencies() {
+           checkLinking "gnutls"  optional;
+       fi;
+   elif test "x$ARG_CFGSSL" = "xssl"; then
+-      checkLinking "ssl"     required;
++      checkLinking "wolfssl" required;
+   elif test "x$ARG_CFGSSL" = "xgnutls"; then
+       checkLinking "gnutls"  required;
+   fi
diff --git a/debian/patches/series b/debian/patches/series
index ba21d2a80..855b89644 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+0001-Link-with-wolfssl.patch
 0002-Change-sogo-backup-location-and-update-cronjob.patch
 0003-Fix-may-be-used-uninitialized-in-this-function-warni.patch
 0005-Remove-build-date.patch
diff --git a/debian/rules b/debian/rules
index 83e9316ea..9f18b367c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,7 +15,9 @@ override_dh_auto_build:
 	dh_auto_build -- OBJCFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" messages=yes
 
 override_dh_auto_configure:
-	./configure --with-ssl=gnutls --enable-saml2
+	sed -i "s/HAS_LIBRARY_ssl/HAS_LIBRARY_wolfssl/g" */*/GNUmakefile.preamble
+	sed -i "s/ -lcrypto/ -lwolfssl/g" */*/GNUmakefile.preamble
+	./configure --with-ssl=ssl --enable-saml2
 
 override_dh_auto_install:
 	$(MAKE) DESTDIR=$(CURDIR)/debian/tmp GNUSTEP_INSTALLATION_DOMAIN=SYSTEM OBJCFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" messages=yes install
-- 
2.26.2

Reply via email to