Hello community,
here is the log from the commit of package imap.13178 for
openSUSE:Leap:15.2:Update checked in at 2020-07-17 18:29:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/imap.13178 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.imap.13178.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "imap.13178"
Fri Jul 17 18:29:29 2020 rev:1 rq:819148 version:2007e_suse
Changes:
--------
New Changes file:
--- /dev/null 2020-07-16 02:54:20.700682797 +0200
+++ /work/SRC/openSUSE:Leap:15.2:Update/.imap.13178.new.3592/imap.changes
2020-07-17 18:29:30.912226208 +0200
@@ -0,0 +1,358 @@
+-------------------------------------------------------------------
+Mon Nov 11 13:07:41 UTC 2019 - [email protected]
+
+- read certificates from /etc/imap/certs
+- modified patches
+ % imap-2002e-ssl.diff ([bsc#1156402])
+
+-------------------------------------------------------------------
+Mon Mar 26 12:15:18 UTC 2018 - [email protected]
+
+- Own %{_sysconfdir}/xinetd.d: filesystem won't own this directory
+ much longer (boo#1084457).
+
+-------------------------------------------------------------------
+Tue Jul 4 10:48:02 UTC 2017 - [email protected]
+
+- Rename README.SuSE to README.SUSE
+- Cleanup with spec-cleaner
+- Add patches from RH and Debian:
+ * imap-2007e-poll.patch
+ * imap-2007f-format-security.patch
+ * imap-openssl-1.1.patch
+
+-------------------------------------------------------------------
+Mon Mar 14 18:25:44 UTC 2016 - [email protected]
+
+- spec: most C sources need removal of old K&R extern int errno;
+ declaration, which does not actually work with glibc where
+ errno is a macro that expands to a function call.
+- spec: build with -DOPENSSL_NO_DEPRECATED and
+ -DOPENSSL_NO_SSL_INTERN to emulate as close as possible
+ API/ABI availability of upcoming openSSL releases.
+- imap-openssl.patch: remove ephemeral RSA keys support, it is
+ considered insecure.openSSL 1.1 no longer supports this feature
+ and package will fail to build.
+- imap-openssl.patch: remove code that uses insecure tmpnam()
+ function, it is not required on linux systems.
+- imap-implicit-decls.patch: fix implicit fortify/pointer
+ declaration rpmlint warnings.
+
+-------------------------------------------------------------------
+Sat Feb 13 13:06:16 UTC 2016 - [email protected]
+
+- imap-openssl.patch: Support TLS 1.2 and ECDH ciphersuites.
+
+-------------------------------------------------------------------
+Fri Dec 6 13:35:31 CET 2013 - [email protected]
+
+- link libc-client with -lpam (as we link other packages with
+ with --as-needed)
+
+-------------------------------------------------------------------
+Fri Dec 18 18:39:49 UTC 2009 - [email protected]
+
+- update to 2007e which
+ o fix bugs
+- cleanup spec
+ o sort tags
+ o {name} macro
+- rework patches
+ o imap-2002c-c++.diff > imap-2007e-c++.patch
+ o imap-2006c1.diff > imap-2007e.patch
+- rpmlint
+ o deprecated-use-of-%run_ldconfig
+ o shlib-policy-name-error
+ - renamed sub-pkg 'lib' to 'libc-client2007e_suse'
+ o files-duplicate {_includedir}
+ - added rpmlintrc
+
+-------------------------------------------------------------------
+Tue Nov 3 19:09:21 UTC 2009 - [email protected]
+
+- updated patches to apply with fuzz=0
+
+-------------------------------------------------------------------
+Mon Jan 7 11:42:25 CET 2008 - [email protected]
+
+- Bug 351197 - several packages use wrong dir for SuSEfirewall2
+ services files
+
+-------------------------------------------------------------------
+Fri Mar 16 08:08:11 CET 2007 - [email protected]
+
+- fix ports in firewall file
+
+-------------------------------------------------------------------
+Fri Mar 2 14:50:51 CET 2007 - [email protected]
+
+- imap : Support for FATE #300687: Ports for SuSEfirewall added
+ via packages (#250579)
+
+-------------------------------------------------------------------
+Thu Nov 16 10:11:37 CET 2006 - [email protected]
+
+- update to version 2006c1 which
+ o fix bugs
+ o fix bug( Bug 217287 - imap-2004g_suse-28: use of dangerous
+ "gets" function )
+ o fix bug( Bug 144598 - imap-2004g_suse-4: dodgy code )
+
+-------------------------------------------------------------------
+Thu Feb 2 11:26:25 CET 2006 - [email protected]
+
+- give libc-client.so a SONAME
+
+-------------------------------------------------------------------
+Wed Jan 25 21:36:35 CET 2006 - [email protected]
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Sat Jan 14 23:47:06 CET 2006 - [email protected]
+
+- Don't strip binaries.
+
+-------------------------------------------------------------------
+Wed Jan 11 20:16:30 CET 2006 - [email protected]
+
+- add -fstack-protector
+
+-------------------------------------------------------------------
+Mon Oct 10 16:21:14 CEST 2005 - [email protected]
+
+- version update to imap-2004g (includes fix for Bug #120608)
+
+-------------------------------------------------------------------
+Mon Aug 22 16:50:28 CEST 2005 - [email protected]
+
+- the FreeFork license used by UW says we have to make it clear in the version
+ number that we modified the sources; hinted by our license manager
+
+-------------------------------------------------------------------
+Fri Jan 21 14:59:10 CET 2005 - [email protected]
+
+- updated to version 2004c
+
+-------------------------------------------------------------------
+Tue Dec 14 12:25:34 CET 2004 - [email protected]
+
+- updated to version 2004b RC1
+
+-------------------------------------------------------------------
+Mon Nov 15 14:34:20 CET 2004 - [email protected]
+
+- Use common-* PAM config files in imap.pamd and pop.pamd
+
+-------------------------------------------------------------------
+Mon Sep 13 12:11:59 CEST 2004 - [email protected]
+
+- fixes for mailbox access over rsh and ssh (bug #43905)
+
+-------------------------------------------------------------------
+Fri Jul 16 10:39:58 CEST 2004 - [email protected]
+
+- updated to version 2004a (bugfix release)
+
+-------------------------------------------------------------------
+Tue May 11 10:06:36 CEST 2004 - [email protected]
+
+- updated to version 2004
+- enable IPv6 support
+
+-------------------------------------------------------------------
+Fri Feb 27 10:42:11 CET 2004 - [email protected]
+
+- add %run_ldconfig
+
+-------------------------------------------------------------------
+Fri Jan 16 13:28:37 CET 2004 - [email protected]
+
+- Add pam-devel to neededforbuild
+
+-------------------------------------------------------------------
+Fri Oct 31 16:31:37 CET 2003 - [email protected]
+
+- build rpms as non-root user
+
+-------------------------------------------------------------------
+Wed Sep 24 15:36:08 CEST 2003 - [email protected]
+
+- updated to version 2002e (minor release with primarily bugfixes)
+
+-------------------------------------------------------------------
+Thu Jun 12 11:22:36 CEST 2003 - [email protected]
+
+- fixed directory file list
+
+-------------------------------------------------------------------
+Fri Jun 06 21:21:02 CEST 2003 - [email protected]
+
+- updated to version 2002d (minor release with primarily bugfixes)
+
+-------------------------------------------------------------------
+Thu Apr 17 10:59:04 CEST 2003 - [email protected]
+
+- updated to version 2002c (minor release with primarily bugfixes)
+
++++ 161 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:Leap:15.2:Update/.imap.13178.new.3592/imap.changes
New:
----
README.SUSE
c-client.cf
imap-2001a-include.diff
imap-2001a-overflow.diff
imap-2002e-ssl.diff
imap-2004-cflags.diff
imap-2004a-doc.diff
imap-2007e-c++.patch
imap-2007e-poll.patch
imap-2007e.patch
imap-2007e.tar.bz2
imap-2007f-format-security.patch
imap-implicit-decls.patch
imap-openssl-1.1.patch
imap-openssl.patch
imap.changes
imap.firewall
imap.pamd
imap.rpmlintrc
imap.spec
imap.xinetd
pop.pamd
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ imap.spec ++++++
#
# spec file for package imap
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: imap
Version: 2007e_suse
Release: 0
Summary: IMAP4, POP2, and POP3 Mail Server
License: Apache-2.0
Group: Productivity/Networking/Email/Servers
Url: http://www.washington.edu/imap/
Source0: %{name}-2007e.tar.bz2
Source1: README.SUSE
# pam config
Source2: %{name}.pamd
Source3: pop.pamd
# xinetd config
Source4: %{name}.xinetd
# c-client config
Source5: c-client.cf
Source6: %{name}.firewall
Source100: %{name}.rpmlintrc
Patch0: %{name}-2001a-include.diff
Patch1: %{name}-2004a-doc.diff
Patch2: %{name}-2002e-ssl.diff
Patch3: %{name}-2004-cflags.diff
Patch4: %{name}-2001a-overflow.diff
Patch5: %{name}-2007e-c++.patch
Patch6: %{name}-2007e.patch
Patch7: imap-openssl.patch
Patch8: imap-implicit-decls.patch
Patch9: imap-2007e-poll.patch
Patch10: imap-2007f-format-security.patch
Patch11: imap-openssl-1.1.patch
BuildRequires: openssl-devel
BuildRequires: pam-devel
Requires: inet-daemon
Requires: pam
BuildRequires: fdupes
%description
This package contains IMAP4, POP2, and POP3 mail servers.
After installation, activate the servers in the file %{_sysconfdir}/inetd.conf.
%package -n libc-client2007e_suse
Summary: IMAP4rev1/c-client Development Environment
License: BSD-3-Clause
Group: Development/Libraries/C and C++
%description -n libc-client2007e_suse
This package contains the libraries for IMAP client programs.
%package devel
Summary: IMAP4rev1/c-client Development Environment
License: BSD-3-Clause
Group: Development/Libraries/C and C++
Provides: libc-client-devel = %{version}
Requires: libc-client2007e_suse = %{version}
%description devel
This package contains the libraries and header files for IMAP client
programs.
%prep
%setup -q -n %{name}-2007e
%patch0
%patch1
%patch2
%patch3
%patch4
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
#K & R declarations of errno won't work anymore..
#it a no longer an integer but a macro that expands to a function call
find -type f -name "*.[h,c]" -exec sed -i -e '/extern int errno;/d' {} +
%build
export CFLAGS="%{optflags} -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_SSL_INTERN
-DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing -fstack-protector"
make %{?_smp_mflags} lnp MYCFLAGS="$CFLAGS" SSLTYPE=nopwd IP=6
make %{?_smp_mflags} lnp c-client
gcc $CFLAGS -shared -Wl,-soname,libc-client.so.%{version} -o
libc-client.so.%{version} c-client/*.o -lpam
%install
mkdir -p %{buildroot}%{_prefix}/{sbin,share/man/man8,share/doc/packages/imap}
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
install -m 755 imapd/imapd ipopd/ipop2d ipopd/ipop3d mtest/mtest
%{buildroot}%{_sbindir}/
install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/pop
install -m 644 -D %{SOURCE4} %{buildroot}%{_sysconfdir}/xinetd.d/%{name}
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/c-client.cf
install -m 644 src/imapd/imapd.8 %{buildroot}%{_mandir}/man8/imapd.8
install -m 644 src/ipopd/ipopd.8 %{buildroot}%{_mandir}/man8/ipopd.8
install -m 644 %{SOURCE1} %{buildroot}%{_docdir}/%{name}/
install -m 644 CONTENTS README docs/RELNOTES %{buildroot}%{_docdir}/%{name}/
install -m 644 docs/{FAQ,bugs,imaprc,md5,naming,drivers}.txt
%{buildroot}%{_docdir}/%{name}/
mkdir -p %{buildroot}/%{_includedir}/%{name}
cp src/osdep/tops-20/*.h %{buildroot}/%{_includedir}/%{name}
cp src/osdep/unix/*.h %{buildroot}/%{_includedir}/%{name}
cp src/c-client/*.h %{buildroot}/%{_includedir}/%{name}
cp c-client/linkage.{h,c} %{buildroot}/%{_includedir}/%{name}
cp c-client/osdep.h %{buildroot}/%{_includedir}/%{name}
mkdir -p %{buildroot}/%{_libdir}
install -m 644 c-client/c-client.a %{buildroot}/%{_libdir}/libc-client.a
ln -sf libc-client.a %{buildroot}/%{_libdir}/c-client.a
install -m 755 libc-client.so.%{version} %{buildroot}/%{_libdir}/
ln -sf libc-client.so.%{version} %{buildroot}/%{_libdir}/libc-client.so
ln -sf ..%{_sbindir}/imapd %{buildroot}%{_sysconfdir}/rimapd
ln -sf ..%{_sbindir}/ipop3d %{buildroot}%{_sysconfdir}/rpop3d
ln -sf ..%{_sbindir}/ipop2d %{buildroot}%{_sysconfdir}/rpop2d
install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{SOURCE6}
%{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
mkdir -p %{buildroot}/%{_sysconfdir}/%{name}/certs
%fdupes %{buildroot}%{_includedir}
%post -n libc-client2007e_suse -p /sbin/ldconfig
%postun -n libc-client2007e_suse -p /sbin/ldconfig
%files
%{_sbindir}/*
%{_mandir}/man8/*
%config %{_sysconfdir}/pam.d/*
%dir %{_sysconfdir}/xinetd.d
%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
%{_sysconfdir}/%{name}
%{_sysconfdir}/rimapd
%{_sysconfdir}/rpop3d
%{_sysconfdir}/rpop2d
%doc %{_docdir}/%{name}
%files -n libc-client2007e_suse
%config(noreplace) %{_sysconfdir}/c-client.cf
%{_libdir}/*.so
%{_libdir}/*.so.*
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%files devel
%{_libdir}/*.a
%{_includedir}/%{name}
%changelog
++++++ README.SUSE ++++++
README.SuSE for imap
====================
Even when this package is installed the servers are not activated
automatically. If you are sure you want to have this IMAP or POP
server running, please refer to the documentation in this directory on
how to set up /etc/inetd.conf or /etc/xinetd.d/imap so they are used.
For TLS/SSL encrypted connections (you most likely want these as plain
password authentication is only allowed for those) you have to install
a certificate imapd.pem and/or ipop3d in /etc/imap/certs. If you don't
have a certificate you can generate a self-signed certificate with the
following commands:
cd /etc/imap/certs
openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem
openssl req -new -x509 -nodes -out ipop3d.pem -keyout ipop3d.pem
As the Common Name you must either enter the DNS name or IP address of
your mail server. Note that a certificate is only valid for a limited
time.
Have a lot of fun...
++++++ c-client.cf ++++++
set rshpath /usr/bin/rsh
set sshpath /usr/bin/ssh
++++++ imap-2001a-include.diff ++++++
Index: src/osdep/unix/mh.c
===================================================================
--- src/osdep/unix/mh.c.orig
+++ src/osdep/unix/mh.c
@@ -34,6 +34,7 @@ extern int errno; /* just in case */
#include "mail.h"
#include "osdep.h"
#include <pwd.h>
+#include <time.h>
#include <sys/stat.h>
#include <sys/time.h>
#include "misc.h"
Index: src/osdep/unix/mx.c
===================================================================
--- src/osdep/unix/mx.c.orig
+++ src/osdep/unix/mx.c
@@ -34,6 +34,7 @@ extern int errno; /* just in case */
#include "mail.h"
#include "osdep.h"
#include <pwd.h>
+#include <time.h>
#include <sys/stat.h>
#include <sys/time.h>
#include "misc.h"
Index: src/osdep/unix/news.c
===================================================================
--- src/osdep/unix/news.c.orig
+++ src/osdep/unix/news.c
@@ -33,6 +33,7 @@
extern int errno; /* just in case */
#include "mail.h"
#include "osdep.h"
+#include <time.h>
#include <sys/stat.h>
#include <sys/time.h>
#include "misc.h"
Index: src/osdep/unix/os_lnx.c
===================================================================
--- src/osdep/unix/os_lnx.c.orig
+++ src/osdep/unix/os_lnx.c
@@ -30,6 +30,7 @@
#include "mail.h"
#include "osdep.h"
#include <stdio.h>
+#include <time.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/socket.h>
Index: src/osdep/unix/phile.c
===================================================================
--- src/osdep/unix/phile.c.orig
+++ src/osdep/unix/phile.c
@@ -35,6 +35,7 @@ extern int errno; /* just in case */
#include "mail.h"
#include "osdep.h"
#include <pwd.h>
+#include <time.h>
#include <sys/stat.h>
#include <sys/time.h>
#include "rfc822.h"
++++++ imap-2001a-overflow.diff ++++++
Index: src/c-client/rfc822.c
===================================================================
--- src/c-client/rfc822.c.orig
+++ src/c-client/rfc822.c
@@ -381,6 +381,9 @@ void rfc822_parse_content (BODY *body,ST
if (CHR (bs) == '\012'){/* following LF? */
c = SNX (bs); i--; /* yes, slurp it */
}
+ if (!i) /* Make sure we don't get an overflow for */
+ break; /* messages ending on \015 (or the following */
+ /* i-- will cause i to be MAXINT. Not good.) */
case '\012': /* at start of a line, start with -- ? */
if (!(i && i-- && ((c = SNX (bs)) == '-') && i-- &&
((c = SNX (bs)) == '-'))) break;
++++++ imap-2002e-ssl.diff ++++++
--- src/osdep/unix/Makefile
+++ src/osdep/unix/Makefile
@@ -28,11 +28,10 @@
# Extended flags needed for SSL. You may need to modify.
-SSLDIR=/usr/local/ssl
-SSLCERTS=$(SSLDIR)/certs
-SSLKEYS=$(SSLCERTS)
-SSLINCLUDE=$(SSLDIR)/include
-SSLLIB=$(SSLDIR)/lib
+SSLCERTS=/etc/imap/certs
+SSLKEYS=/etc/imap/certs
+SSLINCLUDE=/usr/include/openssl
+SSLLIB=/usr/lib
SSLCRYPTO=-lcrypto
++++++ imap-2004-cflags.diff ++++++
--- src/osdep/unix/Makefile
+++ src/osdep/unix/Makefile
@@ -48,7 +48,8 @@
# Try to have some consistency in GCC builds. We want optimization, but we
# also want to be able to debug.
-GCCCFLAGS= -g $(GCCOPTLEVEL) -pipe -fno-omit-frame-pointer
+#GCCCFLAGS= -g $(GCCOPTLEVEL) -pipe -fno-omit-frame-pointer
+GCCCFLAGS=${MYCFLAGS}
GCC4CFLAGS= $(GCCCFLAGS) -Wno-pointer-sign
++++++ imap-2004a-doc.diff ++++++
Index: src/imapd/imapd.8
===================================================================
--- src/imapd/imapd.8.orig
+++ src/imapd/imapd.8
@@ -16,7 +16,7 @@
.SH NAME
IMAPd \- Internet Message Access Protocol server
.SH SYNOPSIS
-.B /usr/etc/imapd
+.B /usr/sbin/imapd
.SH DESCRIPTION
.I imapd
is a server which supports the
Index: src/ipopd/ipopd.8
===================================================================
--- src/ipopd/ipopd.8.orig
+++ src/ipopd/ipopd.8
@@ -16,9 +16,9 @@
.SH NAME
IPOPd \- Post Office Protocol server
.SH SYNOPSIS
-.B /usr/etc/ipop2d
+.B /usr/sbin/ipop2d
.PP
-.B /usr/etc/ipop3d
+.B /usr/sbin/ipop3d
.SH DESCRIPTION
.I ipop2d
and
++++++ imap-2007e-c++.patch ++++++
diff -ruN imap-2007e-orig/src/c-client/c-client.h
imap-2007e/src/c-client/c-client.h
--- imap-2007e-orig/src/c-client/c-client.h 2008-06-04 18:18:34.000000000
+0000
+++ imap-2007e/src/c-client/c-client.h 2009-12-18 18:33:08.672359365 +0000
@@ -31,11 +31,6 @@
#ifdef __cplusplus /* help out people who use C++ compilers */
extern "C" {
- /* If you use gcc, you may also have to use -fno-operator-names */
-#define private cclientPrivate /* private to c-client */
-#define and cclientAnd /* C99 doesn't realize that ISO 646 is dead */
-#define or cclientOr
-#define not cclientNot
#endif
#include "mail.h" /* primary interfaces */
@@ -48,7 +43,6 @@
#include "misc.h" /* miscellaneous utility routines */
#ifdef __cplusplus /* undo the C++ mischief */
-#undef private
}
#endif
diff -ruN imap-2007e-orig/src/c-client/mail.h imap-2007e/src/c-client/mail.h
--- imap-2007e-orig/src/c-client/mail.h 2008-12-16 23:21:34.000000000 +0000
+++ imap-2007e/src/c-client/mail.h 2009-12-18 18:36:50.946447125 +0000
@@ -826,7 +826,11 @@
unsigned int dirty : 1; /* driver internal use */
unsigned int filter : 1; /* driver internal use */
unsigned int ghost : 1; /* driver internal use */
+#ifndef __cplusplus
} private;
+#else
+ } cclientPrivate;
+#endif
/* internal date */
unsigned int day : 5; /* day of month (1-31) */
unsigned int month : 4; /* month of year (1-12) */
@@ -937,8 +941,13 @@
SEARCHPGM { /* search program */
SEARCHSET *msgno; /* message numbers */
SEARCHSET *uid; /* unique identifiers */
+#ifndef __cplusplus
SEARCHOR *or; /* or'ed in programs */
SEARCHPGMLIST *not; /* and'ed not program */
+#else
+ SEARCHOR *cclientOr; /* or'ed in programs */
+ SEARCHPGMLIST *cclientNot; /* and'ed not program */
+#endif
SEARCHHEADER *header; /* list of headers */
STRINGLIST *bcc; /* bcc recipients */
STRINGLIST *body; /* text in message body */
@@ -1123,8 +1132,12 @@
char *text; /* cache of fetched text */
} search;
STRING string; /* stringstruct return hack */
+#ifndef __cplusplus
} private;
- /* reserved for use by main program */
+#else
+ } cclientPrivate;
+#endif
+ /* RESERVed for use by main program */
void *sparep; /* spare pointer */
unsigned int spare : 1; /* first spare bit */
unsigned int spare2 : 1; /* second spare bit */
++++++ imap-2007e-poll.patch ++++++
http://anonscm.debian.org/cgit/collab-maint/uw-imap.git/plain/debian/patches/1005_poll.patch
Description: Use poll(2) instead of select(2) to support more than 1024 file
descriptors
Author: Ben Smithurst <[email protected]>
Bug-Debian: https://bugs.debian.org/478193
Index: imap-2007e/src/osdep/unix/os_lnx.c
===================================================================
--- imap-2007e.orig/src/osdep/unix/os_lnx.c
+++ imap-2007e/src/osdep/unix/os_lnx.c
@@ -42,6 +42,7 @@
extern int errno; /* just in case */
#include <pwd.h>
#include "misc.h"
+#include <poll.h>
#include "fs_unix.c"
Index: imap-2007e/src/osdep/unix/os_slx.c
===================================================================
--- imap-2007e.orig/src/osdep/unix/os_slx.c
+++ imap-2007e/src/osdep/unix/os_slx.c
@@ -42,6 +42,7 @@ extern int errno; /* just in case */
#include <pwd.h>
#include <shadow.h>
#include "misc.h"
+#include <poll.h>
#include "fs_unix.c"
Index: imap-2007e/src/osdep/unix/tcp_unix.c
===================================================================
--- imap-2007e.orig/src/osdep/unix/tcp_unix.c
+++ imap-2007e/src/osdep/unix/tcp_unix.c
@@ -235,12 +235,11 @@ TCPSTREAM *tcp_open (char *host,char *se
int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
char *tmp,int *ctr,char *hst)
{
- int i,ti,sock,flgs;
+ int i,ti,sock,flgs,tmo;
+ struct pollfd pfd;
size_t len;
time_t now;
struct protoent *pt = getprotobyname ("tcp");
- fd_set fds,efds;
- struct timeval tmo;
struct sockaddr *sadr = ip_sockaddr (family,adr,adrlen,port,&len);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
/* fetid Solaris */
@@ -252,14 +251,6 @@ int tcp_socket_open (int family,void *ad
sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
(*bn) (BLOCK_NONSENSITIVE,data);
}
- else if (sock >= FD_SETSIZE) {/* unselectable sockets are useless */
- sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
- sock,FD_SETSIZE);
- (*bn) (BLOCK_NONSENSITIVE,data);
- close (sock);
- sock = -1;
- errno = EMFILE;
- }
�
else { /* get current socket flags */
flgs = fcntl (sock,F_GETFL,0);
@@ -284,14 +275,11 @@ int tcp_socket_open (int family,void *ad
if ((sock >= 0) && ctr) { /* want open timeout? */
now = time (0); /* open timeout */
ti = ttmo_open ? now + ttmo_open : 0;
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- FD_SET (sock,&fds); /* block for error or readable */
- FD_SET (sock,&efds);
+ pfd.fd = sock;
+ pfd.events = POLLIN | POLLOUT;
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (sock+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@@ -543,9 +531,8 @@ long tcp_getbuffer (TCPSTREAM *stream,un
stream->ictr -=n;
}
if (size) {
- int i;
- fd_set fds,efds;
- struct timeval tmo;
+ int i, tmo;
+ struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn=(blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
(*bn) (BLOCK_TCPREAD,NIL);
@@ -554,16 +541,13 @@ long tcp_getbuffer (TCPSTREAM *stream,un
time_t now = tl;
time_t ti = ttmo_read ? now + ttmo_read : 0;
if (tcpdebug) mm_log ("Reading TCP buffer",TCPDEBUG);
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- /* set bit in selection vectors */
- FD_SET (stream->tcpsi,&fds);
- FD_SET (stream->tcpsi,&efds);
+
+ pfd.events = POLLIN;
+ pfd.fd = stream->tcpsi;
errno = NIL; /* initially no error */
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@@ -603,9 +587,8 @@ long tcp_getbuffer (TCPSTREAM *stream,un
long tcp_getdata (TCPSTREAM *stream)
{
- int i;
- fd_set fds,efds;
- struct timeval tmo;
+ int i, tmo;
+ struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
if (stream->tcpsi < 0) return NIL;
@@ -615,15 +598,12 @@ long tcp_getdata (TCPSTREAM *stream)
time_t now = tl;
time_t ti = ttmo_read ? now + ttmo_read : 0;
if (tcpdebug) mm_log ("Reading TCP data",TCPDEBUG);
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- FD_SET (stream->tcpsi,&fds);/* set bit in selection vectors */
- FD_SET (stream->tcpsi,&efds);
+ pfd.fd = stream->tcpsi;
+ pfd.events = POLLIN;
errno = NIL; /* initially no error */
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@@ -675,9 +655,8 @@ long tcp_soutr (TCPSTREAM *stream,char *
long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
{
- int i;
- fd_set fds,efds;
- struct timeval tmo;
+ int i, tmo;
+ struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
if (stream->tcpso < 0) return NIL;
@@ -687,15 +666,12 @@ long tcp_sout (TCPSTREAM *stream,char *s
time_t now = tl;
time_t ti = ttmo_write ? now + ttmo_write : 0;
if (tcpdebug) mm_log ("Writing to TCP",TCPDEBUG);
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- FD_SET (stream->tcpso,&fds);/* set bit in selection vector */
- FD_SET(stream->tcpso,&efds);/* set bit in error selection vector */
+ pfd.fd = stream->tcpso;
+ pfd.events = POLLOUT;
errno = NIL; /* block and write */
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (stream->tcpso+1,NIL,&fds,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
++++++ imap-2007e.patch ++++++
diff -ruN imap-2007e-2001a-include/Makefile imap-2007e/Makefile
--- imap-2007e-2001a-include/Makefile 2008-06-04 18:43:35.000000000 +0000
+++ imap-2007e/Makefile 2009-12-18 19:19:29.246393113 +0000
@@ -638,7 +638,8 @@
@echo +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@echo
@echo Do you want to build with IPv6 anyway? Type y or n please:
- @$(SH) -c 'read x; case "$$x" in y) exit 0;; *) (make noip6;exit 1);;
esac'
+ @$(SH) -c 'read x; case "$$x" in y) exit 0;; *) exit 0;; esac'
+# *) (make noip6;exit 1);; esac'
@echo OK, I will remember that you really want to build with IPv6.
@echo You will not see this message again.
@$(TOUCH) ip6
diff -ruN imap-2007e-2001a-include/src/c-client/mail.c
imap-2007e/src/c-client/mail.c
--- imap-2007e-2001a-include/src/c-client/mail.c 2008-06-04
18:39:54.000000000 +0000
+++ imap-2007e/src/c-client/mail.c 2009-12-18 19:05:31.284336262 +0000
@@ -2931,8 +2931,10 @@
/* parse time */
d = strtoul (s+1,(char **) &s,10);
if (*s != ':') return NIL;
- m = strtoul (++s,(char **) &s,10);
- y = (*s == ':') ? strtoul (++s,(char **) &s,10) : 0;
+ s++;
+ m = strtoul (s,(char **) &s,10);
+ s++;
+ y = (*s == ':') ? strtoul (s,(char **) &s,10) : 0;
/* validity check time */
if ((d > 23) || (m > 59) || (y > 60)) return NIL;
/* set values in elt */
diff -ruN imap-2007e-2001a-include/src/mlock/mlock.c
imap-2007e/src/mlock/mlock.c
--- imap-2007e-2001a-include/src/mlock/mlock.c 2008-06-04 18:18:34.000000000
+0000
+++ imap-2007e/src/mlock/mlock.c 2009-12-18 19:05:31.284336262 +0000
@@ -38,6 +38,7 @@
#include <sys/param.h>
#include <stdlib.h>
#include <netdb.h>
+#include <unistd.h>
#include <ctype.h>
#include <string.h>
diff -ruN imap-2007e-2001a-include/src/osdep/unix/mbx.c
imap-2007e/src/osdep/unix/mbx.c
--- imap-2007e-2001a-include/src/osdep/unix/mbx.c 2008-06-04
18:18:34.000000000 +0000
+++ imap-2007e/src/osdep/unix/mbx.c 2009-12-18 19:05:31.284336262 +0000
@@ -37,6 +37,7 @@
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
+#include <utime.h>
extern int errno; /* just in case */
#include "mail.h"
#include "osdep.h"
diff -ruN imap-2007e-2001a-include/src/osdep/unix/mh.c
imap-2007e/src/osdep/unix/mh.c
--- imap-2007e-2001a-include/src/osdep/unix/mh.c 2009-12-18
19:04:25.449346000 +0000
+++ imap-2007e/src/osdep/unix/mh.c 2009-12-18 19:06:12.366202134 +0000
@@ -35,6 +35,7 @@
#include "osdep.h"
#include <pwd.h>
#include <time.h>
+#include <utime.h>
#include <sys/stat.h>
#include <sys/time.h>
#include "misc.h"
diff -ruN imap-2007e-2001a-include/src/osdep/unix/mmdf.c
imap-2007e/src/osdep/unix/mmdf.c
--- imap-2007e-2001a-include/src/osdep/unix/mmdf.c 2008-06-04
18:39:54.000000000 +0000
+++ imap-2007e/src/osdep/unix/mmdf.c 2009-12-18 19:05:31.292336625 +0000
@@ -28,6 +28,7 @@
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
+#include <utime.h>
extern int errno; /* just in case */
#include <signal.h>
#include "mail.h"
diff -ruN imap-2007e-2001a-include/src/osdep/unix/mtx.c
imap-2007e/src/osdep/unix/mtx.c
--- imap-2007e-2001a-include/src/osdep/unix/mtx.c 2008-06-04
18:18:34.000000000 +0000
+++ imap-2007e/src/osdep/unix/mtx.c 2009-12-18 19:05:31.292336625 +0000
@@ -35,6 +35,7 @@
*/
#include <stdio.h>
+#include <utime.h>
#include <ctype.h>
#include <errno.h>
extern int errno; /* just in case */
diff -ruN imap-2007e-2001a-include/src/osdep/unix/mx.c
imap-2007e/src/osdep/unix/mx.c
--- imap-2007e-2001a-include/src/osdep/unix/mx.c 2009-12-18
19:04:25.449346000 +0000
+++ imap-2007e/src/osdep/unix/mx.c 2009-12-18 19:06:23.634713928 +0000
@@ -35,6 +35,7 @@
#include "osdep.h"
#include <pwd.h>
#include <time.h>
+#include <utime.h>
#include <sys/stat.h>
#include <sys/time.h>
#include "misc.h"
diff -ruN imap-2007e-2001a-include/src/osdep/unix/tenex.c
imap-2007e/src/osdep/unix/tenex.c
--- imap-2007e-2001a-include/src/osdep/unix/tenex.c 2008-06-04
18:18:34.000000000 +0000
+++ imap-2007e/src/osdep/unix/tenex.c 2009-12-18 19:05:31.292336625 +0000
@@ -41,6 +41,7 @@
#include <stdio.h>
#include <ctype.h>
+#include <utime.h>
#include <errno.h>
extern int errno; /* just in case */
#include "mail.h"
++++++ imap-2007f-format-security.patch ++++++
diff -Naur imap-2007f.orig/src/osdep/unix/flocklnx.c
imap-2007f/src/osdep/unix/flocklnx.c
--- imap-2007f.orig/src/osdep/unix/flocklnx.c 2011-07-23 02:20:11.000000000
+0200
+++ imap-2007f/src/osdep/unix/flocklnx.c 2014-04-14 19:17:46.429000000
+0200
@@ -57,7 +57,7 @@
case ENOLCK: /* lock table is full */
sprintf (tmp,"File locking failure: %s",strerror (errno));
mm_log (tmp,WARN); /* give the user a warning of what happened */
- if (!logged++) syslog (LOG_ERR,tmp);
+ if (!logged++) syslog (LOG_ERR, "%s", tmp);
/* return failure if non-blocking lock */
if (op & LOCK_NB) return -1;
sleep (5); /* slow down in case it loops */
++++++ imap-implicit-decls.patch ++++++
Index: imap-2007e/src/osdep/unix/env_unix.c
===================================================================
--- imap-2007e.orig/src/osdep/unix/env_unix.c
+++ imap-2007e/src/osdep/unix/env_unix.c
@@ -27,6 +27,7 @@
#include <grp.h>
#include <signal.h>
#include <sys/wait.h>
+#include <sys/file.h>
/* in case stat.h is ancient */
Index: imap-2007e/src/osdep/unix/unix.c
===================================================================
--- imap-2007e.orig/src/osdep/unix/unix.c
+++ imap-2007e/src/osdep/unix/unix.c
@@ -40,12 +40,12 @@
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
-extern int errno; /* just in case */
#include <signal.h>
#include "mail.h"
#include "osdep.h"
#include <time.h>
#include <sys/stat.h>
+#include <utime.h>
#include "unix.h"
#include "pseudo.h"
#include "fdstring.h"
Index: imap-2007e/src/imapd/imapd.c
===================================================================
--- imap-2007e.orig/src/imapd/imapd.c
+++ imap-2007e/src/imapd/imapd.c
@@ -29,7 +29,6 @@
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
-extern int errno; /* just in case */
#include <signal.h>
#include <setjmp.h>
#include <time.h>
Index: imap-2007e/src/mtest/mtest.c
===================================================================
--- imap-2007e.orig/src/mtest/mtest.c
+++ imap-2007e/src/mtest/mtest.c
@@ -58,7 +58,22 @@
# define MACOS 0
# endif
#endif
-�
+
+
+/* This is a local implementation of ISO9899:2011 K.3.5.4.1/4
+ * gets_s function. a quick and dirty hack */
+
+static char *mtest_gets(char *s, size_t n)
+{
+#ifdef __STDC_LIB_EXT1__
+ return gets_s(s, n);
+#else
+ char *ret = fgets(s, n, stdin);
+ if (ret && s[strlen(s)-1] == '\n') s[strlen(s)-1] = 0;
+ return ret;
+#endif
+}
+
char *curhst = NIL; /* currently connected host */
char *curusr = NIL; /* current login user */
char personalname[MAILTMPLEN]; /* user's personal name */
@@ -595,7 +610,9 @@ void status (MAILSTREAM *stream)
void prompt (char *msg,char *txt)
{
printf ("%s",msg);
- gets (txt);
+ mtest_gets(txt, sizeof txt);
+
+
}
�
/* Interfaces to C-client */
@@ -779,7 +796,7 @@ void smtptest (long debug)
puts (" Msg (end with a line with only a '.'):");
body->type = TYPETEXT;
*text = '\0';
- while (gets (line)) {
+ while (mtest_gets(line, sizeof line)) {
if (line[0] == '.') {
if (line[1] == '\0') break;
else strcat (text,".");
Index: imap-2007e/src/dmail/dmail.c
===================================================================
--- imap-2007e.orig/src/dmail/dmail.c
+++ imap-2007e/src/dmail/dmail.c
@@ -27,9 +27,10 @@
*/
�
#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
#include <pwd.h>
#include <errno.h>
-extern int errno; /* just in case */
#include <sysexits.h>
#include <sys/file.h>
#include <sys/stat.h>
Index: imap-2007e/src/mlock/mlock.c
===================================================================
--- imap-2007e.orig/src/mlock/mlock.c
+++ imap-2007e/src/mlock/mlock.c
@@ -41,6 +41,7 @@
#include <unistd.h>
#include <ctype.h>
#include <string.h>
+#include <time.h>
#define LOCKTIMEOUT 5 /* lock timeout in minutes */
#define LOCKPROTECTION 0664
Index: imap-2007e/src/tmail/tmail.c
===================================================================
--- imap-2007e.orig/src/tmail/tmail.c
+++ imap-2007e/src/tmail/tmail.c
@@ -29,7 +29,8 @@
#include <stdio.h>
#include <pwd.h>
#include <errno.h>
-extern int errno; /* just in case */
+#include <ctype.h>
+#include <stdlib.h>
#include <sysexits.h>
#include <sys/file.h>
#include <sys/stat.h>
++++++ imap-openssl-1.1.patch ++++++
Description: Support OpenSSL 1.1
When building with OpenSSL 1.1 and newer, use the new built-in
hostname verification instead of code that doesn't compile due to
structs having been made opaque.
Bug-Debian: https://bugs.debian.org/828589
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ else {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
+ X509_VERIFY_PARAM_set_hostflags(param,
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ X509_VERIFY_PARAM_set1_host(param, host, 0);
+#endif
+
+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
/* set default paths to CAs... */
+ }
SSL_CTX_set_default_verify_paths (stream->context);
/* ...unless a non-standard path desired */
if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
if (!(flags & NET_NOVALIDATECERT) &&
(err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
host))) {
@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
return ssl_last_error = cpystr (tmp);
}
+#endif
return NIL;
}
�
@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
* Returns: NIL if validated, else string of error message
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000
static char *ssl_validate_cert (X509 *cert,char *host)
{
int i,n;
@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
else ret = "Unable to locate common name in certificate";
return ret;
}
+#endif
�
/* Case-independent wildcard pattern match
* Accepts: base string
++++++ imap-openssl.patch ++++++
Index: imap-2007e/src/osdep/unix/ssl_unix.c
===================================================================
--- imap-2007e.orig/src/osdep/unix/ssl_unix.c
+++ imap-2007e/src/osdep/unix/ssl_unix.c
@@ -38,7 +38,7 @@
#undef crypt
#define SSLBUFLEN 8192
-#define SSLCIPHERLIST "ALL:!LOW"
+#define SSLCIPHERLIST "DEFAULT"
/* SSL I/O stream */
@@ -93,28 +93,13 @@ static int sslonceonly = 0;
void ssl_onceonlyinit (void)
{
if (!sslonceonly++) { /* only need to call it once */
- int fd;
- char tmp[MAILTMPLEN];
- struct stat sbuf;
- /* if system doesn't have /dev/urandom */
- if (stat ("/dev/urandom",&sbuf)) {
- while ((fd = open (tmpnam (tmp),O_WRONLY|O_CREAT|O_EXCL,0600)) < 0)
- sleep (1);
- unlink (tmp); /* don't need the file */
- fstat (fd,&sbuf); /* get information about the file */
- close (fd); /* flush descriptor */
- /* not great but it'll have to do */
- sprintf (tmp + strlen (tmp),"%.80s%lx%.80s%lx%lx%lx%lx%lx",
- tcp_serveraddr (),(unsigned long) tcp_serverport (),
- tcp_clientaddr (),(unsigned long) tcp_clientport (),
- (unsigned long) sbuf.st_ino,(unsigned long) time (0),
- (unsigned long) gethostid (),(unsigned long) getpid ());
- RAND_seed (tmp,strlen (tmp));
- }
- /* apply runtime linkage */
- mail_parameters (NIL,SET_SSLDRIVER,(void *) &ssldriver);
- mail_parameters (NIL,SET_SSLSTART,(void *) ssl_start);
- SSL_library_init (); /* add all algorithms */
+ mail_parameters (NIL,SET_SSLDRIVER,(void *) &ssldriver);
+ mail_parameters (NIL,SET_SSLSTART,(void *) ssl_start);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL_library_init();
+#else
+ OPENSSL_init_ssl(0, NULL);
+#endif
}
}
�
@@ -219,11 +204,13 @@ static char *ssl_start_work (SSLSTREAM *
(sslclientkey_t) mail_parameters (NIL,GET_SSLCLIENTKEY,NIL);
if (ssl_last_error) fs_give ((void **) &ssl_last_error);
ssl_last_host = host;
- if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
- TLSv1_client_method () :
- SSLv23_client_method ())))
+ if (!(stream->context = SSL_CTX_new (SSLv23_client_method ())))
return "SSL context failed";
- SSL_CTX_set_options (stream->context,0);
+#ifdef SSL_CTX_set_min_proto_version
+ SSL_CTX_set_min_proto_version(stream->context, TLS1_VERSION);
+#else
+ SSL_CTX_set_options (stream->context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+#endif
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
@@ -702,13 +689,22 @@ void ssl_server_init (char *server)
if (stat (key,&sbuf)) strcpy (key,cert);
}
/* create context */
- if (!(stream->context = SSL_CTX_new (start_tls ?
- TLSv1_server_method () :
- SSLv23_server_method ())))
+ if (!(stream->context = SSL_CTX_new (SSLv23_server_method ())))
syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
tcp_clienthost ());
else { /* set context options */
- SSL_CTX_set_options (stream->context,SSL_OP_ALL);
+ SSL_CTX_set_options (stream->context, SSL_OP_ALL);
+#if defined(SSL_CTX_set_min_proto_version)
+ SSL_CTX_set_min_proto_version(stream->context, TLS1_VERSION);
+#else
+ SSL_CTX_set_options (stream->context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+#endif
+#if defined(SSL_CTX_set_dh_auto)
+ SSL_CTX_set_dh_auto(stream->context, 1);
+#endif
+#if defined(SSL_CTX_set_ecdh_auto)
+ SSL_CTX_set_ecdh_auto(stream->context, 1);
+#endif
/* set cipher list */
if (!SSL_CTX_set_cipher_list (stream->context,SSLCIPHERLIST))
syslog (LOG_ALERT,"Unable to set cipher list %.80s, host=%.80s",
@@ -724,8 +720,6 @@ void ssl_server_init (char *server)
key,tcp_clienthost ());
�
else { /* generate key if needed */
- if (SSL_CTX_need_tmp_RSA (stream->context))
- SSL_CTX_set_tmp_rsa_callback (stream->context,ssl_genkey);
/* create new SSL connection */
if (!(stream->con = SSL_new (stream->context)))
syslog (LOG_ALERT,"Unable to create SSL connection, host=%.80s",
@@ -760,31 +754,7 @@ void ssl_server_init (char *server)
ssl_close (stream); /* punt stream */
exit (1); /* punt this program too */
}
-�
-/* Generate one-time key for server
- * Accepts: SSL connection
- * export flag
- * keylength
- * Returns: generated key, always
- */
-static RSA *ssl_genkey (SSL *con,int export,int keylength)
-{
- unsigned long i;
- static RSA *key = NIL;
- if (!key) { /* if don't have a key already */
- /* generate key */
- if (!(key = RSA_generate_key (export ? keylength : 1024,RSA_F4,NIL,NIL))) {
- syslog (LOG_ALERT,"Unable to generate temp key, host=%.80s",
- tcp_clienthost ());
- while (i = ERR_get_error ())
- syslog (LOG_ALERT,"SSL error status: %s",ERR_error_string (i,NIL));
- exit (1);
- }
- }
- return key;
-}
-�
/* Wait for stdin input
* Accepts: timeout in seconds
* Returns: T if have input on stdin, else NIL
++++++ imap.firewall ++++++
## Name: imap Server
## Description: Opens ports for imap Server.
# space separated list of allowed TCP ports
TCP="imaps imap pop3 pop3s"
# space separated list of allowed UDP ports
UDP="imaps imap pop3 pop3s"
# space separated list of allowed RPC services
RPC=""
# space separated list of allowed IP protocols
IP=""
# space separated list of allowed UDP broadcast ports
BROADCAST=""
++++++ imap.pamd ++++++
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session include common-session
++++++ imap.rpmlintrc ++++++
addFilter("files-duplicate */etc/pam.d/pop")
++++++ imap.xinetd ++++++
#
# imap - pop2 mail daemon
#
service pop2
{
disable = yes
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/ipop2d
flags = IPv4
}
#
# imap - pop3 mail daemon
#
service pop3
{
disable = yes
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/ipop3d
flags = IPv4
}
#
# imap - pop3 mail daemon over tls/ssl
#
service pop3s
{
disable = yes
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/ipop3d
flags = IPv4
}
#
# imap - imap mail daemon
#
service imap
{
disable = yes
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/imapd
flags = IPv4
}
#
# imap - imap mail daemon over tls/ssl
#
service imaps
{
disable = yes
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/imapd
flags = IPv4
}
++++++ pop.pamd ++++++
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session include common-session
