Hello community, here is the log from the commit of package courier-imap for openSUSE:Factory checked in at 2016-05-17 17:16:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/courier-imap (Old) and /work/SRC/openSUSE:Factory/.courier-imap.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "courier-imap" Changes: -------- --- /work/SRC/openSUSE:Factory/courier-imap/courier-imap.changes 2015-08-05 19:14:32.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.courier-imap.new/courier-imap.changes 2016-05-17 17:16:29.000000000 +0200 @@ -1,0 +2,12 @@ +Mon May 16 12:59:14 UTC 2016 - [email protected] + +- update to 4.17.1 + * Fix TLS SNI code. +- update to 4.17.0 + * Stop using SSL2 and SSL3 openssl configuration methods. + * libs/tcpd/libcouriertls.c: Add support for TLS SNI. + * imaplogin.c (starttls): flush stdin after negotiating STARTTLS. + * Fix Courier-IMAP rpm build on pre-systemd systems. +- rebase courier-imap-Makefile.patch + +------------------------------------------------------------------- Old: ---- courier-imap-4.16.2.tar.bz2 courier-imap-4.16.2.tar.bz2.sig New: ---- courier-imap-4.17.1.tar.bz2 courier-imap-4.17.1.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ courier-imap.spec ++++++ --- /var/tmp/diff_new_pack.cNBQHO/_old 2016-05-17 17:16:30.000000000 +0200 +++ /var/tmp/diff_new_pack.cNBQHO/_new 2016-05-17 17:16:30.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package courier-imap # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Summary: An IMAP and POP3 Server for Maildir MTAs License: GPL-3.0+ Group: Productivity/Networking/Email/Servers -Version: 4.16.2 +Version: 4.17.1 Release: 0 Url: http://www.courier-mta.org/imap/ Source0: %{name}-%{version}.tar.bz2 ++++++ courier-imap-4.16.2.tar.bz2 -> courier-imap-4.17.1.tar.bz2 ++++++ ++++ 184344 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/config.h.in new/courier-imap-4.17.1/config.h.in --- old/courier-imap-4.16.2/config.h.in 2015-06-27 19:52:40.000000000 +0200 +++ new/courier-imap-4.17.1/config.h.in 2016-04-30 17:31:59.000000000 +0200 @@ -30,8 +30,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Name of package */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/configure.ac new/courier-imap-4.17.1/configure.ac --- old/courier-imap-4.16.2/configure.ac 2015-06-27 19:30:47.000000000 +0200 +++ new/courier-imap-4.17.1/configure.ac 2016-04-30 17:30:39.000000000 +0200 @@ -1,10 +1,10 @@ dnl Process this file with autoconf to produce a configure script. dnl -dnl Copyright 1998 - 2015 Double Precision, Inc. See COPYING for +dnl Copyright 1998 - 2016 Double Precision, Inc. See COPYING for dnl distribution information. AC_PREREQ(2.59) -AC_INIT(courier-imap, 4.16.2, [[email protected]]) +AC_INIT(courier-imap, 4.17.1, [[email protected]]) AC_CONFIG_SRCDIR(libs/imap/imapd.c) AC_CONFIG_HEADERS(config.h) AM_INIT_AUTOMAKE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/courier-imap.spec new/courier-imap-4.17.1/courier-imap.spec --- old/courier-imap-4.16.2/courier-imap.spec 2015-06-29 04:36:56.000000000 +0200 +++ new/courier-imap-4.17.1/courier-imap.spec 2016-05-08 15:08:57.000000000 +0200 @@ -26,13 +26,13 @@ %define _missing_doc_files_terminate_build 1 %define _unpackaged_files_terminate_build 1 -Summary: Courier-IMAP 4.16.2 IMAP server +Summary: Courier-IMAP 4.17.1 IMAP server Name: courier-imap -Version: 4.16.2 -Release: 2%{courier_release} +Version: 4.17.1 +Release: 3%{courier_release} License: GPL Group: Applications/Mail -Source: %{name}-4.16.2.tar.bz2 +Source: %{name}-4.17.1.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot Requires: fileutils textutils sh-utils sed %if %suse_version @@ -47,6 +47,7 @@ %endif %endif Requires: courier-authlib >= 0.60.6.20080629 +BuildRequires: procps-ng BuildRequires: textutils fileutils perl BuildRequires: courier-authlib-devel >= 0.60.6.20080629 BuildRequires: libidn-devel @@ -62,6 +63,12 @@ Requires: /usr/bin/certtool %endif +%define need_perl_generators %(if rpm -q fedora-release >/dev/null 2>/dev/null; then echo "1"; exit 0; fi; echo "1"; exit 1) + +%if %need_perl_generators +BuildRequires: perl-generators +%endif + Obsoletes: %{name}-ldap Obsoletes: %{name}-mysql Obsoletes: %{name}-pgsql @@ -88,7 +95,7 @@ # SuSE specific settings %if %suse_version # some templates for SuSE distribs. -%define templdir ${RPM_BUILD_DIR}/%{name}-4.16.2/packaging/suse +%define templdir ${RPM_BUILD_DIR}/%{name}-4.17.1/packaging/suse %define _sysconfdir /etc/courier-imap %define _mandir /usr/share/man %define initlndir /usr/sbin @@ -330,6 +337,7 @@ %attr(755, bin, bin) %config /etc/profile.d/courier-imap.sh %if %using_systemd %attr(-, root, root) /lib/systemd/system/* +%{_datadir}/courier-imap.sysvinit %else %attr(755, bin, bin) %{initdir}/courier-imap %if %{suse_version} @@ -355,7 +363,6 @@ %{_mandir} %dir %{_datadir} %{_datadir}/configlist -%{_datadir}/courier-imap.sysvinit %{_datadir}/mk* %{_datadir}/sysconftool %attr(600, root, root) %{_datadir}/dhparams.pem.dist diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/courier-imap.spec.in new/courier-imap-4.17.1/courier-imap.spec.in --- old/courier-imap-4.16.2/courier-imap.spec.in 2015-02-24 04:15:11.000000000 +0100 +++ new/courier-imap-4.17.1/courier-imap.spec.in 2016-04-17 05:28:10.000000000 +0200 @@ -47,6 +47,7 @@ %endif %endif Requires: courier-authlib >= 0.60.6.20080629 +BuildRequires: procps-ng BuildRequires: textutils fileutils perl BuildRequires: courier-authlib-devel >= 0.60.6.20080629 BuildRequires: libidn-devel @@ -62,6 +63,12 @@ Requires: /usr/bin/certtool %endif +%define need_perl_generators %(if rpm -q fedora-release >/dev/null 2>/dev/null; then echo "1"; exit 0; fi; echo "1"; exit 1) + +%if %need_perl_generators +BuildRequires: perl-generators +%endif + Obsoletes: %{name}-ldap Obsoletes: %{name}-mysql Obsoletes: %{name}-pgsql @@ -330,6 +337,7 @@ %attr(755, bin, bin) %config /etc/profile.d/courier-imap.sh %if %using_systemd %attr(-, root, root) /lib/systemd/system/* +%{_datadir}/courier-imap.sysvinit %else %attr(755, bin, bin) %{initdir}/courier-imap %if %{suse_version} @@ -355,7 +363,6 @@ %{_mandir} %dir %{_datadir} %{_datadir}/configlist -%{_datadir}/courier-imap.sysvinit %{_datadir}/mk* %{_datadir}/sysconftool %attr(600, root, root) %{_datadir}/dhparams.pem.dist diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/bdbobj/config.h.in new/courier-imap-4.17.1/libs/bdbobj/config.h.in --- old/courier-imap-4.16.2/libs/bdbobj/config.h.in 2015-06-06 16:47:17.000000000 +0200 +++ new/courier-imap-4.17.1/libs/bdbobj/config.h.in 2015-11-04 18:41:46.000000000 +0100 @@ -36,8 +36,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/gdbmobj/config.h.in new/courier-imap-4.17.1/libs/gdbmobj/config.h.in --- old/courier-imap-4.16.2/libs/gdbmobj/config.h.in 2015-06-06 16:47:19.000000000 +0200 +++ new/courier-imap-4.17.1/libs/gdbmobj/config.h.in 2015-11-04 18:41:47.000000000 +0100 @@ -36,8 +36,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/imap/ChangeLog new/courier-imap-4.17.1/libs/imap/ChangeLog --- old/courier-imap-4.16.2/libs/imap/ChangeLog 2015-06-27 19:52:32.000000000 +0200 +++ new/courier-imap-4.17.1/libs/imap/ChangeLog 2016-04-30 17:31:13.000000000 +0200 @@ -1,3 +1,27 @@ +4.17.1 + +2016-04-30 Sam Varshavchik <[email protected]> + + * Fix TLS SNI code. + +4.17.0 + +2016-04-23 Sam Varshavchik <[email protected]> + + * Stop using SSL2 and SSL3 openssl configuration methods. + +2016-03-03 Sam Varshavchik <[email protected]> + + * libs/tcpd/libcouriertls.c: Add support for TLS SNI. + +2016-01-22 Sam Varshavchik <[email protected]> + + * imaplogin.c (starttls): flush stdin after negotiating STARTTLS. + +2016-01-17 Sam Varshavchik <[email protected]> + + * Fix Courier-IMAP rpm build on pre-systemd systems. + 4.16.2 2015-06-27 Sam Varshavchik <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/imap/config.h.in new/courier-imap-4.17.1/libs/imap/config.h.in --- old/courier-imap-4.16.2/libs/imap/config.h.in 2015-06-27 19:53:13.000000000 +0200 +++ new/courier-imap-4.17.1/libs/imap/config.h.in 2016-04-30 17:32:13.000000000 +0200 @@ -105,8 +105,7 @@ /* Whether to suppress untagged replies that confuse some clients */ #undef IMAP_CLIENT_BUGS -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/imap/configure.ac new/courier-imap-4.17.1/libs/imap/configure.ac --- old/courier-imap-4.16.2/libs/imap/configure.ac 2015-06-27 19:52:32.000000000 +0200 +++ new/courier-imap-4.17.1/libs/imap/configure.ac 2016-04-30 17:30:53.000000000 +0200 @@ -1,10 +1,10 @@ dnl Process this file with autoconf to produce a configure script. dnl dnl -dnl Copyright 1998 - 2015 Double Precision, Inc. See COPYING for +dnl Copyright 1998 - 2016 Double Precision, Inc. See COPYING for dnl distribution information. -AC_INIT(courier-imap, 4.16.2, [[email protected]]) +AC_INIT(courier-imap, 4.17.1, [[email protected]]) >confdefs.h # Kill PACKAGE_ macros diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/imap/imapd-ssl.dist.in new/courier-imap-4.17.1/libs/imap/imapd-ssl.dist.in --- old/courier-imap-4.16.2/libs/imap/imapd-ssl.dist.in 2015-06-10 02:08:31.000000000 +0200 +++ new/courier-imap-4.17.1/libs/imap/imapd-ssl.dist.in 2016-04-24 04:37:05.000000000 +0200 @@ -1,11 +1,11 @@ -##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ +##VERSION: $Id: 399549ea0300e1c8b95f0eb45ac224bdc984807e-20160423223705$ # # imapd-ssl created from imapd-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for +# Copyright 2000 - 2016 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -136,13 +136,11 @@ # # OpenSSL: # -# SSL3 - SSLv3 -# SSL23 - all protocols (including TLS 1.x protocols) # TLSv1 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # -# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all # higher protocols. # # The default value is TLSv1+ @@ -220,30 +218,29 @@ # treated as confidential, and must not be world-readable. Set TLS_CERTFILE # instead of TLS_DHCERTFILE if this is a garden-variety certificate # -# VIRTUAL HOSTS (servers only): +# VIRTUAL HOSTS ON THE SAME IP ADDRESS. # -# Due to technical limitations in the original SSL/TLS protocol, a dedicated -# IP address is required for each virtual host certificate. If you have -# multiple certificates, install each certificate file as +# Install each certificate $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.www.example.com, +# /etc/certificate.pem.www.domain.com and so on. Then, create a link from +# $TLS_CERTFILE to whichever certificate you consider to be the main one, +# for example: +# /etc/certificate.pem => /etc/certificate.pem.www.example.com +# +# IP-BASED VIRTUAL HOSTS: +# +# There may be a need to support older SSL/TLS client that don't support +# virtual hosts on the same IP address, and require a dedicated IP address +# for each SSL/TLS host. If so, install each certificate file as # $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address # for the certificate's domain name. So, if TLS_CERTFILE is set to # /etc/certificate.pem, then you'll need to install the actual certificate # files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 # and so on, for each IP address. # -# GnuTLS only (servers only): -# -# GnuTLS implements a new TLS extension that eliminates the need to have a -# dedicated IP address for each SSL/TLS domain name. Install each certificate -# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, -# then you'll need to install the actual certificate files as -# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com -# and so on. -# -# Note that this TLS extension also requires a corresponding support in the -# client. Older SSL/TLS clients may not support this feature. -# -# This is an experimental feature. +# In all cases, $TLS_CERTFILE needs to be linked to one of the existing +# certificate files. TLS_CERTFILE=@certsdir@/imapd.pem @@ -307,10 +304,6 @@ # that open multiple SSL sessions to the server. TLS_CACHEFILE will be # automatically created, TLS_CACHESIZE bytes long, and used as a cache # buffer. -# -# This is an experimental feature and should be disabled if it causes -# problems with SSL clients. Disable SSL caching by commenting out the -# following settings: TLS_CACHEFILE=@localstatedir@/couriersslcache TLS_CACHESIZE=524288 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/imap/imaplogin.c new/courier-imap-4.17.1/libs/imap/imaplogin.c --- old/courier-imap-4.16.2/libs/imap/imaplogin.c 2015-06-09 14:38:53.000000000 +0200 +++ new/courier-imap-4.17.1/libs/imap/imaplogin.c 2016-04-24 04:36:50.000000000 +0200 @@ -1,5 +1,5 @@ /* -** Copyright 1998 - 2014 Double Precision, Inc. +** Copyright 1998 - 2016 Double Precision, Inc. ** See COPYING for distribution information. */ @@ -129,6 +129,7 @@ perror("fcntl"); exit(1); } + fflush(stdin); return (0); } @@ -468,7 +469,7 @@ writes("* OK [CAPABILITY "); imapcapability(); writes("] Courier-IMAP ready. " - "Copyright 1998-2015 Double Precision, Inc. " + "Copyright 1998-2016 Double Precision, Inc. " "See COPYING for distribution information.\r\n"); fprintf(stderr, "DEBUG: Connection, ip=[%s]\n", ip); writeflush(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/imap/pop3d-ssl.dist.in new/courier-imap-4.17.1/libs/imap/pop3d-ssl.dist.in --- old/courier-imap-4.16.2/libs/imap/pop3d-ssl.dist.in 2015-06-10 02:08:31.000000000 +0200 +++ new/courier-imap-4.17.1/libs/imap/pop3d-ssl.dist.in 2016-04-24 04:37:05.000000000 +0200 @@ -1,11 +1,11 @@ -##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ +##VERSION: $Id: 399549ea0300e1c8b95f0eb45ac224bdc984807e-20160423223705$ # # pop3d-ssl created from pop3d-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000-2013 Double Precision, Inc. See COPYING for +# Copyright 2000-2016 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -121,13 +121,11 @@ # # OpenSSL: # -# SSL3 - SSLv3 -# SSL23 - all protocols (including TLS 1.x protocols) # TLSv11 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # -# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all # higher protocols. # # The default value is TLSv1+ @@ -186,30 +184,29 @@ # treated as confidential, and must not be world-readable. Set TLS_CERTFILE # instead of TLS_DHCERTFILE if this is a garden-variety certificate # -# VIRTUAL HOSTS (servers only): +# VIRTUAL HOSTS ON THE SAME IP ADDRESS. # -# Due to technical limitations in the original SSL/TLS protocol, a dedicated -# IP address is required for each virtual host certificate. If you have -# multiple certificates, install each certificate file as +# Install each certificate $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.www.example.com, +# /etc/certificate.pem.www.domain.com and so on. Then, create a link from +# $TLS_CERTFILE to whichever certificate you consider to be the main one, +# for example: +# /etc/certificate.pem => /etc/certificate.pem.www.example.com +# +# IP-BASED VIRTUAL HOSTS: +# +# There may be a need to support older SSL/TLS client that don't support +# virtual hosts on the same IP address, and require a dedicated IP address +# for each SSL/TLS host. If so, install each certificate file as # $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address # for the certificate's domain name. So, if TLS_CERTFILE is set to # /etc/certificate.pem, then you'll need to install the actual certificate # files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 # and so on, for each IP address. # -# GnuTLS only (servers only): -# -# GnuTLS implements a new TLS extension that eliminates the need to have a -# dedicated IP address for each SSL/TLS domain name. Install each certificate -# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, -# then you'll need to install the actual certificate files as -# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com -# and so on. -# -# Note that this TLS extension also requires a corresponding support in the -# client. Older SSL/TLS clients may not support this feature. -# -# This is an experimental feature. +# In all cases, $TLS_CERTFILE needs to be linked to one of the existing +# certificate files. TLS_CERTFILE=@certsdir@/pop3d.pem diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/libhmac/config.h.in new/courier-imap-4.17.1/libs/libhmac/config.h.in --- old/courier-imap-4.16.2/libs/libhmac/config.h.in 2015-06-06 16:47:44.000000000 +0200 +++ new/courier-imap-4.17.1/libs/libhmac/config.h.in 2015-11-04 18:42:13.000000000 +0100 @@ -33,8 +33,7 @@ /* Dynamically-generated list of installed HMAC hash functions */ #undef HMAC_LIST -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/liblock/config.h.in new/courier-imap-4.17.1/libs/liblock/config.h.in --- old/courier-imap-4.16.2/libs/liblock/config.h.in 2015-06-06 16:47:37.000000000 +0200 +++ new/courier-imap-4.17.1/libs/liblock/config.h.in 2015-11-04 18:42:05.000000000 +0100 @@ -75,8 +75,7 @@ /* Either off64_t or off_t */ #undef LL_OFFSET_TYPE -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/maildir/config.h.in new/courier-imap-4.17.1/libs/maildir/config.h.in --- old/courier-imap-4.16.2/libs/maildir/config.h.in 2015-06-06 16:47:38.000000000 +0200 +++ new/courier-imap-4.17.1/libs/maildir/config.h.in 2015-11-04 18:42:06.000000000 +0100 @@ -96,8 +96,7 @@ /* Define to 1 if you have the <vector.h> header file. */ #undef HAVE_VECTOR_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Maildir target separator */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/maildir/maildircreate.c new/courier-imap-4.17.1/libs/maildir/maildircreate.c --- old/courier-imap-4.16.2/libs/maildir/maildircreate.c 2013-08-25 20:52:10.000000000 +0200 +++ new/courier-imap-4.17.1/libs/maildir/maildircreate.c 2015-12-20 10:00:18.000000000 +0100 @@ -178,10 +178,26 @@ if (info->newname) free(info->newname); + info->newname=NULL; + + if (info->curname) + free(info->curname); + info->curname=NULL; info->newname=malloc(strlen(info->tmpname)+strlen(ino_buf)+ strlen(dev_buf)+3); + if (info->newname) + { + info->curname=malloc(strlen(info->tmpname)+strlen(ino_buf)+ + strlen(dev_buf)+3); + if (!info->curname) + { + free(info->newname); + info->newname=NULL; + } + } + if (!info->newname) { maildir_tmpcreate_free(info); @@ -209,6 +225,9 @@ strcat(info->newname, hostname); strcat(info->newname, len_buf); + strcpy(info->curname, info->newname); + memcpy(info->curname + strlen(maildir)+1, "cur", 3); + return fd; } @@ -221,6 +240,10 @@ if (info->newname) free(info->newname); info->newname=NULL; + + if (info->curname) + free(info->curname); + info->curname=NULL; } int maildir_movetmpnew(const char *tmpname, const char *newname) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/maildir/maildircreate.h new/courier-imap-4.17.1/libs/maildir/maildircreate.h --- old/courier-imap-4.16.2/libs/maildir/maildircreate.h 2013-08-25 20:52:10.000000000 +0200 +++ new/courier-imap-4.17.1/libs/maildir/maildircreate.h 2015-12-20 10:00:18.000000000 +0100 @@ -28,6 +28,7 @@ int doordie; /* Loop until we get it right. */ char *tmpname; /* On exit, filename in tmp */ char *newname; /* On exit, filename in new */ + char *curname; /* On exit, filename in cur */ }; #define maildir_tmpcreate_init(i) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/makedat/config.h.in new/courier-imap-4.17.1/libs/makedat/config.h.in --- old/courier-imap-4.16.2/libs/makedat/config.h.in 2015-06-06 16:47:44.000000000 +0200 +++ new/courier-imap-4.17.1/libs/makedat/config.h.in 2015-11-04 18:42:12.000000000 +0100 @@ -30,8 +30,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/md5/config.h.in new/courier-imap-4.17.1/libs/md5/config.h.in --- old/courier-imap-4.16.2/libs/md5/config.h.in 2015-06-06 16:47:29.000000000 +0200 +++ new/courier-imap-4.17.1/libs/md5/config.h.in 2015-11-04 18:41:57.000000000 +0100 @@ -30,8 +30,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* 32 bit data type */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/numlib/config.h.in new/courier-imap-4.17.1/libs/numlib/config.h.in --- old/courier-imap-4.16.2/libs/numlib/config.h.in 2015-06-06 16:47:15.000000000 +0200 +++ new/courier-imap-4.17.1/libs/numlib/config.h.in 2015-11-04 18:41:42.000000000 +0100 @@ -36,8 +36,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/random128/config.h.in new/courier-imap-4.17.1/libs/random128/config.h.in --- old/courier-imap-4.16.2/libs/random128/config.h.in 2015-06-06 16:47:33.000000000 +0200 +++ new/courier-imap-4.17.1/libs/random128/config.h.in 2015-11-04 18:42:01.000000000 +0100 @@ -36,8 +36,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/rfc1035/config.h.in new/courier-imap-4.17.1/libs/rfc1035/config.h.in --- old/courier-imap-4.16.2/libs/rfc1035/config.h.in 2015-06-06 16:47:34.000000000 +0200 +++ new/courier-imap-4.17.1/libs/rfc1035/config.h.in 2015-11-04 18:42:02.000000000 +0100 @@ -48,8 +48,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/rfc1035/spf.c new/courier-imap-4.17.1/libs/rfc1035/spf.c --- old/courier-imap-4.16.2/libs/rfc1035/spf.c 2014-11-06 10:00:12.000000000 +0100 +++ new/courier-imap-4.17.1/libs/rfc1035/spf.c 2016-03-07 10:00:12.000000000 +0100 @@ -1,5 +1,5 @@ /* -** Copyright 2004-2011 Double Precision, Inc. +** Copyright 2004-2016 Double Precision, Inc. ** See COPYING for distribution information. */ @@ -674,7 +674,7 @@ if (rfc1035_aton(info->tcpremoteip, &pinfo.addr) < 0) { set_err_msg(info->errmsg_buf, info->errmsg_buf_size, - "Invalid tcpremoteip.\n"); + "Invalid tcpremoteip."); return SPF_FAIL; } @@ -692,7 +692,7 @@ if (pinfo.error) { set_err_msg(info->errmsg_buf, info->errmsg_buf_size, - "ptr lookup failed.\n"); + "ptr lookup failed."); return SPF_UNKNOWN; } return SPF_FAIL; @@ -717,7 +717,7 @@ if (rfc1035_aton(info->tcpremoteip, &addr) < 0) { set_err_msg(info->errmsg_buf, info->errmsg_buf_size, - "Invalid tcpremoteip.\n"); + "Invalid tcpremoteip."); return SPF_FAIL; } @@ -845,7 +845,7 @@ { free(domain_spec); set_err_msg(info->errmsg_buf, info->errmsg_buf_size, - "Invalid tcpremoteip.\n"); + "Invalid tcpremoteip."); return SPF_FAIL; } @@ -859,7 +859,7 @@ if (rc != 0) { set_err_msg(info->errmsg_buf, info->errmsg_buf_size, - "IP address lookup failed.\n"); + "IP address lookup failed."); return SPF_UNKNOWN; } @@ -887,9 +887,9 @@ /* ** This mechanism matches if the <sending-host> is one of the ** MX hosts for a domain name. - + ** MX = "mx" [ ":" domain-spec ] [ dual-cidr-length ] - + ** SPF clients first perform an MX lookup on the <target-name>. ** SPF clients then perform an A lookup on each MX name ** returned, in order of MX priority. The <sending-host> is @@ -906,7 +906,7 @@ { free(domain_spec); set_err_msg(info->errmsg_buf, info->errmsg_buf_size, - "Invalid tcpremoteip.\n"); + "Invalid tcpremoteip."); return SPF_FAIL; } @@ -914,11 +914,12 @@ domain_spec, RFC1035_MX_QUERYALL, &mxlist); free(domain_spec); - if (rc) + + if (rc && rc != RFC1035_MX_HARDERR) { rfc1035_mxlist_free(mxlist); set_err_msg(info->errmsg_buf, info->errmsg_buf_size, - "DNS MX lookup failed.\n"); + "DNS MX lookup failed."); return SPF_ERROR; } @@ -1068,7 +1069,7 @@ char c; /* - ** + ** ** If a loop is detected, or if more than 20 subqueries are triggered, ** an SPF client MAY abort the lookup and return the result "unknown". */ @@ -1442,7 +1443,7 @@ } return cnt; -} +} static char *transform(char *macro, unsigned transformer_count, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/rfc2045/rfc2045.c new/courier-imap-4.17.1/libs/rfc2045/rfc2045.c --- old/courier-imap-4.16.2/libs/rfc2045/rfc2045.c 2015-04-25 10:00:13.000000000 +0200 +++ new/courier-imap-4.17.1/libs/rfc2045/rfc2045.c 2015-08-01 10:00:04.000000000 +0200 @@ -652,6 +652,12 @@ update_counts(p, p->endpos + cnt, p->endpos+n, 1); + /* + ** Until we see an official start of message body, the body starts + ** right after what we just read. + */ + p->startbody=p->endbody; + /* If this header line starts with a space, append one space ** to the saved contents of the previous line, and append this ** line to it. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/rfc2045/rfc2045_config.h.in new/courier-imap-4.17.1/libs/rfc2045/rfc2045_config.h.in --- old/courier-imap-4.16.2/libs/rfc2045/rfc2045_config.h.in 2015-06-06 16:47:24.000000000 +0200 +++ new/courier-imap-4.17.1/libs/rfc2045/rfc2045_config.h.in 2015-11-04 18:41:53.000000000 +0100 @@ -42,8 +42,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/rfc822/config.h.in new/courier-imap-4.17.1/libs/rfc822/config.h.in --- old/courier-imap-4.16.2/libs/rfc822/config.h.in 2015-06-06 16:47:21.000000000 +0200 +++ new/courier-imap-4.17.1/libs/rfc822/config.h.in 2015-11-04 18:41:49.000000000 +0100 @@ -45,8 +45,7 @@ /* Define to 1 if you want Libidn. */ #undef LIBIDN -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/sha1/config.h.in new/courier-imap-4.17.1/libs/sha1/config.h.in --- old/courier-imap-4.16.2/libs/sha1/config.h.in 2015-06-06 16:47:31.000000000 +0200 +++ new/courier-imap-4.17.1/libs/sha1/config.h.in 2015-11-04 18:41:58.000000000 +0100 @@ -30,8 +30,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/tcpd/config.h.in new/courier-imap-4.17.1/libs/tcpd/config.h.in --- old/courier-imap-4.16.2/libs/tcpd/config.h.in 2015-06-06 16:47:46.000000000 +0200 +++ new/courier-imap-4.17.1/libs/tcpd/config.h.in 2016-03-05 05:10:49.000000000 +0100 @@ -31,6 +31,9 @@ /* Whether OpenSSL 0.9.7 is installed */ #undef HAVE_OPENSSL097 +/* When OpenSSL supports SNI */ +#undef HAVE_OPENSSL_SNI + /* Define to 1 if you have the `setpgid' function. */ #undef HAVE_SETPGID @@ -93,8 +96,7 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the address where bug reports for this package should be sent. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/tcpd/configure.ac new/courier-imap-4.17.1/libs/tcpd/configure.ac --- old/courier-imap-4.16.2/libs/tcpd/configure.ac 2014-02-16 10:00:09.000000000 +0100 +++ new/courier-imap-4.17.1/libs/tcpd/configure.ac 2016-03-05 05:10:23.000000000 +0100 @@ -134,12 +134,12 @@ AC_CACHE_CHECK([for socklen_t], tcpd_cv_hassocklen_t, - + AC_COMPILE_IFELSE([ AC_LANG_SOURCE( [ #include <sys/types.h> #include <sys/socket.h> - + socklen_t sl_t; ],[ accept(0, 0, &sl_t); @@ -147,9 +147,9 @@ tcpd_cv_hassocklen_t=yes, tcpd_cv_hassocklen_t=no) ) - + socklen_t="int" - + if test $tcpd_cv_hassocklen_t = yes then : @@ -510,6 +510,15 @@ AC_CHECK_FUNCS(TLSv1_1_method TLSv1_2_method) LIBS="$save_LIBS" + AC_TRY_COMPILE( [ +#include <openssl/ssl.h> +], +[ +SSL_get_servername((SSL *)0, TLSEXT_NAMETYPE_host_name); +], [ + AC_DEFINE_UNQUOTED(HAVE_OPENSSL_SNI,1,[ When OpenSSL supports SNI ]) + ]) + TLSLIBRARY="$LIBCOURIERTLSOPENSSL" STARTTLS=couriertls$EXEEXT BUILDLIBCOURIERTLS=libcouriertls.la diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/tcpd/libcouriergnutls.c new/courier-imap-4.17.1/libs/tcpd/libcouriergnutls.c --- old/courier-imap-4.16.2/libs/tcpd/libcouriergnutls.c 2014-09-01 14:23:02.000000000 +0200 +++ new/courier-imap-4.17.1/libs/tcpd/libcouriergnutls.c 2016-03-05 05:10:23.000000000 +0100 @@ -718,7 +718,7 @@ !gnutls_openpgp_key_check_hostname(cert, ssl->info_cpy .peer_verify_domain)) - + { char *hostname; size_t hostnamesiz=0; @@ -784,7 +784,7 @@ { ssl->info_cpy.connect_interrupted=0; - + if (verify_client(ssl, fd)) return -1; @@ -1003,7 +1003,7 @@ for (p=vhost_buf; *p; p++) if (*p == '/') - *p='.'; + *p='.'; /* Script kiddie check */ if (ssl->ctx->certfile) certfilename=check_cert(ssl->ctx->certfile, @@ -1273,7 +1273,7 @@ } return 0; } - + static int db_remove_func(void *dummy, gnutls_datum_t key) { tls_cache_walk(((ssl_handle)dummy)->info_cpy.tlscache, @@ -1444,9 +1444,9 @@ gnutls_session_set_ptr(ssl->session, ssl); gnutls_handshake_set_private_extensions(ssl->session, 1); - gnutls_certificate_set_verify_flags(ssl->xcred, + gnutls_certificate_set_verify_flags(ssl->xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT | - + /* GNUTLS_VERIFY_DO_NOT_ALLOW_SAME | GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_C @@ -1567,7 +1567,7 @@ return 1; } - + t->shutdown_interrupted=0; t->shutdown= -1; return -1; @@ -1717,7 +1717,7 @@ free(oidname); return gnutls_strerror(rc); } - + vidx=0; while (bufsiz=0, @@ -1781,7 +1781,7 @@ ++vidx; } } - + free(oidval); free(oidname); return NULL; @@ -1870,7 +1870,7 @@ gnutls_compression_method_t comp; (*dump_func)(gnutls_kx_get_name(kx_algo), -1, dump_arg); - + (*dump_func)("-", 1, dump_arg); (*dump_func)(gnutls_certificate_type_get_name(gnutls_certificate_type_get(session)), -1, dump_arg); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/tcpd/libcouriertls.c new/courier-imap-4.17.1/libs/tcpd/libcouriertls.c --- old/courier-imap-4.16.2/libs/tcpd/libcouriertls.c 2015-06-10 02:08:23.000000000 +0200 +++ new/courier-imap-4.17.1/libs/tcpd/libcouriertls.c 2016-04-30 17:31:31.000000000 +0200 @@ -1,5 +1,5 @@ /* -** Copyright 2000-2014 Double Precision, Inc. +** Copyright 2000-2016 Double Precision, Inc. ** See COPYING for distribution information. */ #include "config.h" @@ -73,9 +73,6 @@ { "TLSv1+", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3 }, { "TLSv1", &TLSv1_method, SSL_OP_ALL }, { "TLS1", &TLSv1_method, SSL_OP_ALL }, - { "SSL3+", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2 }, - { "SSL3", &SSLv3_method, SSL_OP_ALL }, - { "SSL23", &SSLv23_method, SSL_OP_ALL }, { "", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3 }, { NULL, &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3 }, }; @@ -306,7 +303,24 @@ DH_free(dh); } else - sslerror(info, filename, -1); + { + /* + ** If the certificate file does not have DH parameters, + ** swallow the error. + */ + + int err=ERR_peek_last_error(); + + if (ERR_GET_LIB(err) == ERR_LIB_PEM + && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) + { + ERR_clear_error(); + } + else + { + sslerror(info, filename, -1); + } + } BIO_free(bio); } else @@ -474,8 +488,79 @@ return rc; } +static SSL_CTX *tls_create_int(int isserver, const struct tls_info *info, + int internal); + +static int server_cert_cb(ssl_handle ssl, int *ad, void *arg) +{ +#ifdef HAVE_OPENSSL_SNI + struct tls_info *info=(struct tls_info *)SSL_get_app_data(ssl); + const char *servername=SSL_get_servername(ssl, + TLSEXT_NAMETYPE_host_name); + const char *certfile=safe_getenv(info, "TLS_CERTFILE"); + int cert_file_flags=0; + char *buffer; + char *p; + + if (!servername || !certfile) + return SSL_TLSEXT_ERR_OK; + + buffer=malloc(strlen(certfile)+strlen(servername)+2); + if (!buffer) + { + nonsslerror(info, "malloc"); + exit(1); + } + + strcat(strcpy(buffer, certfile), "."); + + p=buffer + strlen(buffer); + + while ((*p=*servername) != 0) + { + if (*p == '/') + *p='.'; /* Script kiddie check */ + ++p; + ++servername; + } + + if (access(buffer, R_OK) == 0) + { + SSL_CTX *orig_ctx=SSL_get_SSL_CTX(ssl); + SSL_CTX *temp_ctx=tls_create_int(1, info, 1); + int rc; + + if (!temp_ctx) + { + (*info->tls_err_msg)("Cannot load certificate file", + info->app_data); + exit(1); + } + SSL_set_SSL_CTX(ssl, temp_ctx); + rc=read_certfile(orig_ctx, buffer, &cert_file_flags); + SSL_set_SSL_CTX(ssl, orig_ctx); + tls_destroy(temp_ctx); + if (!rc) + { + (*info->tls_err_msg)("Cannot load certificate file", + info->app_data); + exit(1); + } + } + free(buffer); + +#endif + return SSL_TLSEXT_ERR_OK; +} + SSL_CTX *tls_create(int isserver, const struct tls_info *info) { + return tls_create_int(isserver, info, 0); +} + +SSL_CTX *tls_create_int(int isserver, const struct tls_info *info, + int internal) +{ SSL_CTX *ctx; const char *protocol=safe_getenv(info, "TLS_PROTOCOL"); const char *ssl_cipher_list=safe_getenv(info, "TLS_CIPHER_LIST"); @@ -589,8 +674,15 @@ #endif #endif info_copy->tlscache=NULL; - init_session_cache(info_copy, ctx); + if (internal) + { + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + } + else + { + init_session_cache(info_copy, ctx); + } s = safe_getenv(info, "TCPLOCALIP"); @@ -607,8 +699,6 @@ return (NULL); } - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH); - n=atoi(safe_getenv(info, "TLS_INTCACHESIZE")); if (n > 0) @@ -689,8 +779,15 @@ } SSL_CTX_set_verify(ctx, get_peer_verify_level(info), ssl_verify_callback); - if (!isserver) + + if (isserver) + { + SSL_CTX_set_tlsext_servername_callback(ctx, server_cert_cb); + } + else + { SSL_CTX_set_client_cert_cb(ctx, client_cert_cb); + } return (ctx); } @@ -995,6 +1092,13 @@ { SSL_set_connect_state(ssl); +#ifdef HAVE_OPENSSL_SNI + if (info->peer_verify_domain) + { + SSL_set_tlsext_host_name(ssl, info->peer_verify_domain); + } +#endif + if ((rc=SSL_connect(ssl)) > 0) { if (!verifypeer(info, ssl)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/libs/tcpd/tcpd.c new/courier-imap-4.17.1/libs/tcpd/tcpd.c --- old/courier-imap-4.16.2/libs/tcpd/tcpd.c 2013-08-25 20:52:11.000000000 +0200 +++ new/courier-imap-4.17.1/libs/tcpd/tcpd.c 2016-04-17 05:39:43.000000000 +0200 @@ -568,6 +568,18 @@ return (0); } +static int dup_and_check(int orig) +{ + int fd=sox_dup(orig); + + if (fd < 0) + { + perror("dup"); + exit(1); + } + return fd; +} + static int init(int argc, char **argv) { int argn; @@ -578,7 +590,7 @@ const char *servname; int forced=0; int lockfd=-1; - + argn=argparse(argc, argv, arginfo); if ((stoparg || restartarg) && pidarg == 0) @@ -746,16 +758,17 @@ { signal(SIGHUP, SIG_IGN); sox_close(0); - sox_dup(pipefd[0]); + dup_and_check(pipefd[0]); sox_close(pipefd[0]); sox_close(pipefd[1]); sox_close(1); open("/dev/null", O_WRONLY); sox_close(2); - sox_dup(1); + dup_and_check(1); closeaccess(); while ((p=fork()) == -1) { + perror("fork"); sleep(5); } if (p == 0) @@ -776,7 +789,7 @@ _exit(0); } sox_close(2); - sox_dup(pipefd[1]); + dup_and_check(pipefd[1]); sox_close(pipefd[0]); sox_close(pipefd[1]); while (wait(&waitstat) != p) @@ -792,7 +805,7 @@ return (-1); } sox_close(2); - sox_dup(fd); + dup_and_check(fd); sox_close(fd); } @@ -1149,7 +1162,7 @@ if (pi->fd2 >= 0 && FD_ISSET(pi->fd2, &fdr) && ((n=getfreeslot(&pidptr)), - (sinl = sizeof(sin)), + (sinl = sizeof(sin)), (sockfd=sox_accept(pi->fd2, (struct sockaddr *)&sin, &sinl))) >= 0) @@ -1259,7 +1272,7 @@ RFC1035_ADDR laddr; int lport; socklen_t i=sizeof(lsin); - + if (sox_getsockname(sockfd, (struct sockaddr *)&lsin, &i) == 0 && rfc1035_sockaddrip(&lsin, i, &laddr) == 0 && rfc1035_sockaddrport(&lsin, i, &lport) == 0 && @@ -1903,13 +1916,13 @@ check_drop(fd); sox_close(0); sox_close(1); - sox_dup(fd); - sox_dup(fd); + dup_and_check(fd); + dup_and_check(fd); sox_close(fd); if (stderrarg && strcmp(stderrarg, "socket") == 0) { sox_close(2); - sox_dup(1); + dup_and_check(1); } proxy(); signal(SIGPIPE, SIG_DFL); @@ -2084,9 +2097,9 @@ sox_close(1); sox_close(2); errno=EINVAL; - if (sox_dup(pipefd0[0]) != 0 || - sox_dup(pipefd1[1]) != 1 || - sox_dup(pipefd2[1]) != 2) + if (dup_and_check(pipefd0[0]) != 0 || + dup_and_check(pipefd1[1]) != 1 || + dup_and_check(pipefd2[1]) != 2) { perror("dup(app)"); exit(1); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/courier-imap-4.16.2/rpm.release new/courier-imap-4.17.1/rpm.release --- old/courier-imap-4.16.2/rpm.release 2015-06-29 04:36:56.000000000 +0200 +++ new/courier-imap-4.17.1/rpm.release 2016-05-08 15:08:57.000000000 +0200 @@ -1,2 +1,2 @@ -VERSION=4.16.2 -RELEASE=2 +VERSION=4.17.1 +RELEASE=3 ++++++ courier-imap-Makefile.patch ++++++ --- /var/tmp/diff_new_pack.cNBQHO/_old 2016-05-17 17:16:32.000000000 +0200 +++ /var/tmp/diff_new_pack.cNBQHO/_new 2016-05-17 17:16:32.000000000 +0200 @@ -15,7 +15,7 @@ =================================================================== --- Makefile.in.orig +++ Makefile.in -@@ -1448,7 +1448,7 @@ install-exec-hook: +@@ -1449,7 +1449,7 @@ install-exec-hook: mkdir -p $(DESTDIR)$(sysconfdir)/shared.tmp chmod 755 $(DESTDIR)$(sysconfdir)/shared.tmp mkdir -p $(DESTDIR)$(sysconfdir)/imapaccess
