mail/fetchmail: backport less-old TLS support from Fedora

Allows options like 'sslproto "TLS1.2+"', for example.

PR:		233247
Submitted by:	Corey Halpin <chalpin@cs.wisc.edu> (maintainer)
Approved by:	koobs

mail/fetchmail/Makefile

@@ -3,13 +3,16 @@
 
 PORTNAME=	fetchmail
 PORTVERSION=	6.3.26
-PORTREVISION=	8
+PORTREVISION=	9
 CATEGORIES=	mail ipv6
 MASTER_SITES=	SF/${PORTNAME}/branch_6.3/ \
 		http://mandree.home.pages.de/${PORTNAME}/
 
-PATCH_SITES=	https://gitlab.com/fetchmail/fetchmail/commit/
-PATCHFILES=	9b8b634.patch:-p1
+PATCH_SITES=	https://gitlab.com/fetchmail/fetchmail/commit/:gitlab
+PATCH_SITES+=   https://src.fedoraproject.org/rpms/fetchmail/raw/master/f/:fedora
+PATCHFILES=	9b8b634.patch:-p1:gitlab  # SNI fix
+PATCHFILES+=    fetchmail-6.3.26-ssl-backport.patch:-p1:fedora
+
 
 MAINTAINER=	chalpin@cs.wisc.edu
 COMMENT=	Batch mail retrieval utility for IMAP/POP3/ETRN/ODMR

mail/fetchmail/distinfo

@@ -1,5 +1,7 @@
-TIMESTAMP = 1542709974
+TIMESTAMP = 1546191531
 SHA256 (fetchmail-6.3.26.tar.xz) = 79b4c54cdbaf02c1a9a691d9948fcb1a77a1591a813e904283a8b614b757e850
 SIZE (fetchmail-6.3.26.tar.xz) = 1283816
 SHA256 (9b8b634.patch) = b0a9f7e28e7e6a5a16669832ad7a7a7dca47b435ce446ef10bd0421deea4a848
 SIZE (9b8b634.patch) = 1023
+SHA256 (fetchmail-6.3.26-ssl-backport.patch) = a34b1a6becf731e2ef029a1c5ee3a82a7bbb1e2487b6f3be15bbb4e7dc8b500d
+SIZE (fetchmail-6.3.26-ssl-backport.patch) = 31596

mail/fetchmail/files/patch-fetchmail.c

@@ -1,5 +1,5 @@
---- fetchmail.c.orig	2013-04-23 20:00:45 UTC
-+++ fetchmail.c
+--- fetchmail.c.orig	2018-12-30 11:43:19.032822000 -0600
++++ fetchmail.c	2018-12-30 12:51:55.552234000 -0600
 @@ -50,6 +50,10 @@
  #include <arpa/nameser.h>
  #include <resolv.h>
@@ -11,16 +11,16 @@
  #ifndef ENETUNREACH
  #define ENETUNREACH   128       /* Interactive doesn't know this */
  #endif /* ENETUNREACH */
-@@ -263,6 +267,12 @@ int main(int argc, char **argv)
+@@ -263,10 +267,10 @@
  #ifdef SSL_ENABLE
  	"+SSL"
  #endif
-+#ifdef OPENSSL_NO_SSL2
-+	"-SSLv2"
-+#endif
-+#ifdef OPENSSL_NO_SSL3_METHOD
-+	"-SSLv3"
-+#endif
+-#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
++#if (HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0) && !defined(OPENSSL_NO_SSL2)
+  	"-SSLv2"
+ #endif
+-#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
++#if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0) && !defined(OPENSSL_NO_SSL3_METHOD)
+  	"-SSLv3"
+ #endif
  #ifdef OPIE_ENABLE
- 	"+OPIE"
- #endif /* OPIE_ENABLE */

mail/fetchmail/files/patch-socket.c

@@ -1,6 +1,6 @@
---- socket.c.orig	2013-04-23 20:00:45 UTC
-+++ socket.c
-@@ -907,14 +907,19 @@ int SSLOpen(int sock, char *mycert, char
+--- socket.c.orig	2018-12-30 11:43:19.042365000 -0600
++++ socket.c	2018-12-30 12:46:39.062201000 -0600
+@@ -910,7 +910,7 @@
  	_ssl_context[sock] = NULL;
  	if(myproto) {
  		if(!strcasecmp("ssl2",myproto)) {
@@ -8,17 +8,13 @@
 +#if (HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0) && !defined(OPENSSL_NO_SSL2)
  			_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
  #else
--			report(stderr, GT_("Your operating system does not support SSLv2.\n"));
-+			report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
- 			return -1;
+ 			report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
+@@ -918,7 +918,7 @@
  #endif
+ 			avoid_ssl_versions &= ~SSL_OP_NO_SSLv2;
  		} else if(!strcasecmp("ssl3",myproto)) {
-+#ifndef OPENSSL_NO_SSL3_METHOD
+-#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
++#if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0) && !defined(OPENSSL_NO_SSL3_METHOD)
  			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
-+#else
-+			report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
-+			return -1;
-+#endif
- 		} else if(!strcasecmp("tls1",myproto)) {
- 			_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
- 		} else if (!strcasecmp("ssl23",myproto)) {
+ #else
+ 			report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));