Date: Saturday, February 11, 2017 @ 18:41:12 Author: pierre Revision: 288684
archrelease: copy trunk to staging-i686, staging-x86_64 Added: imap/repos/staging-i686/ imap/repos/staging-i686/1006_openssl1.1_autoverify.patch (from rev 288683, imap/trunk/1006_openssl1.1_autoverify.patch) imap/repos/staging-i686/PKGBUILD (from rev 288683, imap/trunk/PKGBUILD) imap/repos/staging-i686/c-client-2006k_GENTOO_amd64-so-fix.patch (from rev 288683, imap/trunk/c-client-2006k_GENTOO_amd64-so-fix.patch) imap/repos/staging-i686/imap (from rev 288683, imap/trunk/imap) imap/repos/staging-i686/ipop2 (from rev 288683, imap/trunk/ipop2) imap/repos/staging-i686/ipop3 (from rev 288683, imap/trunk/ipop3) imap/repos/staging-x86_64/ imap/repos/staging-x86_64/1006_openssl1.1_autoverify.patch (from rev 288683, imap/trunk/1006_openssl1.1_autoverify.patch) imap/repos/staging-x86_64/PKGBUILD (from rev 288683, imap/trunk/PKGBUILD) imap/repos/staging-x86_64/c-client-2006k_GENTOO_amd64-so-fix.patch (from rev 288683, imap/trunk/c-client-2006k_GENTOO_amd64-so-fix.patch) imap/repos/staging-x86_64/imap (from rev 288683, imap/trunk/imap) imap/repos/staging-x86_64/ipop2 (from rev 288683, imap/trunk/ipop2) imap/repos/staging-x86_64/ipop3 (from rev 288683, imap/trunk/ipop3) ---------------------------------------------------------+ staging-i686/1006_openssl1.1_autoverify.patch | 58 +++++++ staging-i686/PKGBUILD | 103 ++++++++++++++ staging-i686/c-client-2006k_GENTOO_amd64-so-fix.patch | 13 + staging-i686/imap | 10 + staging-i686/ipop2 | 10 + staging-i686/ipop3 | 10 + staging-x86_64/1006_openssl1.1_autoverify.patch | 58 +++++++ staging-x86_64/PKGBUILD | 103 ++++++++++++++ staging-x86_64/c-client-2006k_GENTOO_amd64-so-fix.patch | 13 + staging-x86_64/imap | 10 + staging-x86_64/ipop2 | 10 + staging-x86_64/ipop3 | 10 + 12 files changed, 408 insertions(+) Copied: imap/repos/staging-i686/1006_openssl1.1_autoverify.patch (from rev 288683, imap/trunk/1006_openssl1.1_autoverify.patch) =================================================================== --- staging-i686/1006_openssl1.1_autoverify.patch (rev 0) +++ staging-i686/1006_openssl1.1_autoverify.patch 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,58 @@ +Description: Support OpenSSL 1.1 + When building with OpenSSL 1.1 and newer, use the new built-in + hostname verification instead of code that doesn't compile due to + structs having been made opaque. +Bug-Debian: https://bugs.debian.org/828589 + +--- a/src/osdep/unix/ssl_unix.c ++++ b/src/osdep/unix/ssl_unix.c +@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM * + /* disable certificate validation? */ + if (flags & NET_NOVALIDATECERT) + SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); +- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); ++ else { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); ++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ++ X509_VERIFY_PARAM_set1_host(param, host, 0); ++#endif ++ ++ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + /* set default paths to CAs... */ ++ } + SSL_CTX_set_default_verify_paths (stream->context); + /* ...unless a non-standard path desired */ + if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) +@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM * + if (SSL_write (stream->con,"",0) < 0) + return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; + /* need to validate host names? */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if (!(flags & NET_NOVALIDATECERT) && + (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), + host))) { +@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM * + sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); + return ssl_last_error = cpystr (tmp); + } ++#endif + return NIL; + } + +@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_ + * Returns: NIL if validated, else string of error message + */ + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + static char *ssl_validate_cert (X509 *cert,char *host) + { + int i,n; +@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce + else ret = "Unable to locate common name in certificate"; + return ret; + } ++#endif + + /* Case-independent wildcard pattern match + * Accepts: base string Copied: imap/repos/staging-i686/PKGBUILD (from rev 288683, imap/trunk/PKGBUILD) =================================================================== --- staging-i686/PKGBUILD (rev 0) +++ staging-i686/PKGBUILD 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,103 @@ +# $Id$ + +pkgbase=imap +pkgname=(imap c-client) +pkgver=2007f +pkgrel=7 +arch=('i686' 'x86_64') +license=('APACHE') +url="http://www.washington.edu/imap" +makedepends=('pam') +source=("ftp://ftp.cac.washington.edu/imap/${pkgname}-${pkgver}.tar.gz" + 'c-client-2006k_GENTOO_amd64-so-fix.patch' '1006_openssl1.1_autoverify.patch' + 'imap' 'ipop2' 'ipop3') +options=('staticlibs') +md5sums=('2126fd125ea26b73b20f01fcd5940369' + '7f3937a871edd54203fe51f91423e204' + 'cc8cc4df43f73bc144b9a41c55ef5991' + '3ae5b3b333bc8ea2da106f6a97d7bd8d' + '448f988dc5f9bdb2223dcea3abc4f5f1' + '1499b13015075f0aafba04324a6f523a') + +prepare() { + cd $srcdir/$pkgbase-$pkgver + + sed \ + -e "s:-g -fno-omit-frame-pointer -O6:\${CFLAGS}:" \ + -e "s:SSLDIR=/usr/local/ssl:SSLDIR=/usr:" \ + -e "s:SSLCERTS=\$(SSLDIR)/certs:SSLCERTS=/etc/ssl/certs:" \ + -i src/osdep/unix/Makefile + + patch -p1 -i $srcdir/c-client-2006k_GENTOO_amd64-so-fix.patch + patch -p1 -i $srcdir/1006_openssl1.1_autoverify.patch +} + +build() { + cd $srcdir/$pkgbase-$pkgver + # NOTE: if you wish to enforce SSL, use SSLTYPE=unix.nopwd + + yes "y" | make lnp EXTRAAUTHENTICATORS=gss PASSWDTYPE=pam SPECIALAUTHENTICATORS=ssl SSLTYPE=unix EXTRACFLAGS="${CFLAGS} -fPIC -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lpam" + + # create ssl certs for secure imap + for i in imapd ipop3d; do + PEM1=$srcdir/pem1 + PEM2=$srcdir/pem2 + /usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 \ + -nodes -x509 -days 365 -out $PEM2 << EOF +-- +SomeState +SomeCity +SomeOrganization +SomeOrganizationalUnit +localhost.localdomain +root@localhost.localdomain +EOF + + cat $PEM1 > ${i}.pem + echo "" >> ${i}.pem + cat $PEM2 >> ${i}.pem + rm $PEM1 $PEM2 + umask 022 + done +} + +package_imap() { + pkgdesc="An IMAP/POP server" + depends=('c-client') + provides=('imap-server' 'pop3-server') + conflicts=('courier-mta' 'courier-imap') + backup=(etc/xinetd.d/{imap,ipop2,ipop3} etc/ssl/certs/{imapd,ipop3d}.pem) + + cd $srcdir/$pkgbase-$pkgver + install -d $pkgdir/usr/bin + install -D -m755 imapd/imapd $pkgdir/usr/bin/imapd + install -D -m755 ipopd/ipop2d $pkgdir/usr/bin/ipop2d + install -D -m755 ipopd/ipop3d $pkgdir/usr/bin/ipop3d + + # install certs + install -D -m600 imapd.pem $pkgdir/etc/ssl/certs/imapd.pem + install -D -m600 ipop3d.pem $pkgdir/etc/ssl/certs/ipop3d.pem + + # install xinetd.d configs + install -D -m644 ../imap $pkgdir/etc/xinetd.d/imap + install -D -m644 ../ipop2 $pkgdir/etc/xinetd.d/ipop2 + install -D -m644 ../ipop3 $pkgdir/etc/xinetd.d/ipop3 +} + +package_c-client() { + pkgdesc="Imap client library" + depends=('pam') + + cd $srcdir/$pkgbase-$pkgver + + for i in c-client mail imap4r1 rfc822 linkage misc smtp nntp \ + osdep env_unix env fs ftl nl tcp sslio utf8 utf8aux; do + install -D -m644 c-client/${i}.h $pkgdir/usr/include/imap/${i}.h + done + install -D -m644 c-client/c-client.a $pkgdir/usr/lib/c-client.a + ln -sf c-client.a $pkgdir/usr/lib/libc-client.a + + install -D -m755 c-client/libc-client.so.1.0.0 $pkgdir/usr/lib/libc-client.so.1.0.0 + ln -sf /usr/lib/libc-client.so.1.0.0 $pkgdir/usr/lib/libc-client.so.1 + ln -sf /usr/lib/libc-client.so.1.0.0 $pkgdir/usr/lib/libc-client.so +} Copied: imap/repos/staging-i686/c-client-2006k_GENTOO_amd64-so-fix.patch (from rev 288683, imap/trunk/c-client-2006k_GENTOO_amd64-so-fix.patch) =================================================================== --- staging-i686/c-client-2006k_GENTOO_amd64-so-fix.patch (rev 0) +++ staging-i686/c-client-2006k_GENTOO_amd64-so-fix.patch 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,13 @@ +diff -r 7c3e6c6ef2ba src/osdep/unix/Makefile +--- a/src/osdep/unix/Makefile Thu Feb 21 18:51:32 2008 +0100 ++++ b/src/osdep/unix/Makefile Thu Feb 21 18:53:15 2008 +0100 +@@ -962,6 +962,9 @@ onceenv: + -DRSHPATH=\"$(RSHPATH)\" -DLOCKPGM=\"$(LOCKPGM)\" > OSCFLAGS + echo $(BASELDFLAGS) $(EXTRALDFLAGS) > LDFLAGS + echo "$(ARRC) $(ARCHIVE) $(BINARIES);$(RANLIB) $(ARCHIVE)" > ARCHIVE ++ echo "`$(CAT) CCTYPE` `$(CAT) CFLAGS` `$(CAT) OSFLAGS` -shared \ ++ -Wl,-soname,libc-client.so.1 -o libc-client.so.1.0.0 $(BINARIES)" \ ++ >> ARCHIVE + echo $(OS) > OSTYPE + ./drivers $(EXTRADRIVERS) $(DEFAULTDRIVERS) dummy + ./mkauths $(EXTRAAUTHENTICATORS) $(DEFAULTAUTHENTICATORS) Copied: imap/repos/staging-i686/imap (from rev 288683, imap/trunk/imap) =================================================================== --- staging-i686/imap (rev 0) +++ staging-i686/imap 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,10 @@ +service imap2 +{ + socket_type = stream + wait = no + user = root + server = /usr/bin/imapd + log_on_success += HOST DURATION + log_on_failure += HOST + disable = yes +} Copied: imap/repos/staging-i686/ipop2 (from rev 288683, imap/trunk/ipop2) =================================================================== --- staging-i686/ipop2 (rev 0) +++ staging-i686/ipop2 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,10 @@ +service pop2 +{ + socket_type = stream + wait = no + user = root + server = /usr/bin/ipop2d + log_on_success += HOST DURATION + log_on_failure += HOST + disable = yes +} Copied: imap/repos/staging-i686/ipop3 (from rev 288683, imap/trunk/ipop3) =================================================================== --- staging-i686/ipop3 (rev 0) +++ staging-i686/ipop3 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,10 @@ +service pop3 +{ + socket_type = stream + wait = no + user = root + server = /usr/bin/ipop3d + log_on_success += HOST DURATION + log_on_failure += HOST + disable = yes +} Copied: imap/repos/staging-x86_64/1006_openssl1.1_autoverify.patch (from rev 288683, imap/trunk/1006_openssl1.1_autoverify.patch) =================================================================== --- staging-x86_64/1006_openssl1.1_autoverify.patch (rev 0) +++ staging-x86_64/1006_openssl1.1_autoverify.patch 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,58 @@ +Description: Support OpenSSL 1.1 + When building with OpenSSL 1.1 and newer, use the new built-in + hostname verification instead of code that doesn't compile due to + structs having been made opaque. +Bug-Debian: https://bugs.debian.org/828589 + +--- a/src/osdep/unix/ssl_unix.c ++++ b/src/osdep/unix/ssl_unix.c +@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM * + /* disable certificate validation? */ + if (flags & NET_NOVALIDATECERT) + SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); +- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); ++ else { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); ++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ++ X509_VERIFY_PARAM_set1_host(param, host, 0); ++#endif ++ ++ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + /* set default paths to CAs... */ ++ } + SSL_CTX_set_default_verify_paths (stream->context); + /* ...unless a non-standard path desired */ + if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) +@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM * + if (SSL_write (stream->con,"",0) < 0) + return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; + /* need to validate host names? */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if (!(flags & NET_NOVALIDATECERT) && + (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), + host))) { +@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM * + sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); + return ssl_last_error = cpystr (tmp); + } ++#endif + return NIL; + } + +@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_ + * Returns: NIL if validated, else string of error message + */ + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + static char *ssl_validate_cert (X509 *cert,char *host) + { + int i,n; +@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce + else ret = "Unable to locate common name in certificate"; + return ret; + } ++#endif + + /* Case-independent wildcard pattern match + * Accepts: base string Copied: imap/repos/staging-x86_64/PKGBUILD (from rev 288683, imap/trunk/PKGBUILD) =================================================================== --- staging-x86_64/PKGBUILD (rev 0) +++ staging-x86_64/PKGBUILD 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,103 @@ +# $Id$ + +pkgbase=imap +pkgname=(imap c-client) +pkgver=2007f +pkgrel=7 +arch=('i686' 'x86_64') +license=('APACHE') +url="http://www.washington.edu/imap" +makedepends=('pam') +source=("ftp://ftp.cac.washington.edu/imap/${pkgname}-${pkgver}.tar.gz" + 'c-client-2006k_GENTOO_amd64-so-fix.patch' '1006_openssl1.1_autoverify.patch' + 'imap' 'ipop2' 'ipop3') +options=('staticlibs') +md5sums=('2126fd125ea26b73b20f01fcd5940369' + '7f3937a871edd54203fe51f91423e204' + 'cc8cc4df43f73bc144b9a41c55ef5991' + '3ae5b3b333bc8ea2da106f6a97d7bd8d' + '448f988dc5f9bdb2223dcea3abc4f5f1' + '1499b13015075f0aafba04324a6f523a') + +prepare() { + cd $srcdir/$pkgbase-$pkgver + + sed \ + -e "s:-g -fno-omit-frame-pointer -O6:\${CFLAGS}:" \ + -e "s:SSLDIR=/usr/local/ssl:SSLDIR=/usr:" \ + -e "s:SSLCERTS=\$(SSLDIR)/certs:SSLCERTS=/etc/ssl/certs:" \ + -i src/osdep/unix/Makefile + + patch -p1 -i $srcdir/c-client-2006k_GENTOO_amd64-so-fix.patch + patch -p1 -i $srcdir/1006_openssl1.1_autoverify.patch +} + +build() { + cd $srcdir/$pkgbase-$pkgver + # NOTE: if you wish to enforce SSL, use SSLTYPE=unix.nopwd + + yes "y" | make lnp EXTRAAUTHENTICATORS=gss PASSWDTYPE=pam SPECIALAUTHENTICATORS=ssl SSLTYPE=unix EXTRACFLAGS="${CFLAGS} -fPIC -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lpam" + + # create ssl certs for secure imap + for i in imapd ipop3d; do + PEM1=$srcdir/pem1 + PEM2=$srcdir/pem2 + /usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 \ + -nodes -x509 -days 365 -out $PEM2 << EOF +-- +SomeState +SomeCity +SomeOrganization +SomeOrganizationalUnit +localhost.localdomain +root@localhost.localdomain +EOF + + cat $PEM1 > ${i}.pem + echo "" >> ${i}.pem + cat $PEM2 >> ${i}.pem + rm $PEM1 $PEM2 + umask 022 + done +} + +package_imap() { + pkgdesc="An IMAP/POP server" + depends=('c-client') + provides=('imap-server' 'pop3-server') + conflicts=('courier-mta' 'courier-imap') + backup=(etc/xinetd.d/{imap,ipop2,ipop3} etc/ssl/certs/{imapd,ipop3d}.pem) + + cd $srcdir/$pkgbase-$pkgver + install -d $pkgdir/usr/bin + install -D -m755 imapd/imapd $pkgdir/usr/bin/imapd + install -D -m755 ipopd/ipop2d $pkgdir/usr/bin/ipop2d + install -D -m755 ipopd/ipop3d $pkgdir/usr/bin/ipop3d + + # install certs + install -D -m600 imapd.pem $pkgdir/etc/ssl/certs/imapd.pem + install -D -m600 ipop3d.pem $pkgdir/etc/ssl/certs/ipop3d.pem + + # install xinetd.d configs + install -D -m644 ../imap $pkgdir/etc/xinetd.d/imap + install -D -m644 ../ipop2 $pkgdir/etc/xinetd.d/ipop2 + install -D -m644 ../ipop3 $pkgdir/etc/xinetd.d/ipop3 +} + +package_c-client() { + pkgdesc="Imap client library" + depends=('pam') + + cd $srcdir/$pkgbase-$pkgver + + for i in c-client mail imap4r1 rfc822 linkage misc smtp nntp \ + osdep env_unix env fs ftl nl tcp sslio utf8 utf8aux; do + install -D -m644 c-client/${i}.h $pkgdir/usr/include/imap/${i}.h + done + install -D -m644 c-client/c-client.a $pkgdir/usr/lib/c-client.a + ln -sf c-client.a $pkgdir/usr/lib/libc-client.a + + install -D -m755 c-client/libc-client.so.1.0.0 $pkgdir/usr/lib/libc-client.so.1.0.0 + ln -sf /usr/lib/libc-client.so.1.0.0 $pkgdir/usr/lib/libc-client.so.1 + ln -sf /usr/lib/libc-client.so.1.0.0 $pkgdir/usr/lib/libc-client.so +} Copied: imap/repos/staging-x86_64/c-client-2006k_GENTOO_amd64-so-fix.patch (from rev 288683, imap/trunk/c-client-2006k_GENTOO_amd64-so-fix.patch) =================================================================== --- staging-x86_64/c-client-2006k_GENTOO_amd64-so-fix.patch (rev 0) +++ staging-x86_64/c-client-2006k_GENTOO_amd64-so-fix.patch 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,13 @@ +diff -r 7c3e6c6ef2ba src/osdep/unix/Makefile +--- a/src/osdep/unix/Makefile Thu Feb 21 18:51:32 2008 +0100 ++++ b/src/osdep/unix/Makefile Thu Feb 21 18:53:15 2008 +0100 +@@ -962,6 +962,9 @@ onceenv: + -DRSHPATH=\"$(RSHPATH)\" -DLOCKPGM=\"$(LOCKPGM)\" > OSCFLAGS + echo $(BASELDFLAGS) $(EXTRALDFLAGS) > LDFLAGS + echo "$(ARRC) $(ARCHIVE) $(BINARIES);$(RANLIB) $(ARCHIVE)" > ARCHIVE ++ echo "`$(CAT) CCTYPE` `$(CAT) CFLAGS` `$(CAT) OSFLAGS` -shared \ ++ -Wl,-soname,libc-client.so.1 -o libc-client.so.1.0.0 $(BINARIES)" \ ++ >> ARCHIVE + echo $(OS) > OSTYPE + ./drivers $(EXTRADRIVERS) $(DEFAULTDRIVERS) dummy + ./mkauths $(EXTRAAUTHENTICATORS) $(DEFAULTAUTHENTICATORS) Copied: imap/repos/staging-x86_64/imap (from rev 288683, imap/trunk/imap) =================================================================== --- staging-x86_64/imap (rev 0) +++ staging-x86_64/imap 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,10 @@ +service imap2 +{ + socket_type = stream + wait = no + user = root + server = /usr/bin/imapd + log_on_success += HOST DURATION + log_on_failure += HOST + disable = yes +} Copied: imap/repos/staging-x86_64/ipop2 (from rev 288683, imap/trunk/ipop2) =================================================================== --- staging-x86_64/ipop2 (rev 0) +++ staging-x86_64/ipop2 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,10 @@ +service pop2 +{ + socket_type = stream + wait = no + user = root + server = /usr/bin/ipop2d + log_on_success += HOST DURATION + log_on_failure += HOST + disable = yes +} Copied: imap/repos/staging-x86_64/ipop3 (from rev 288683, imap/trunk/ipop3) =================================================================== --- staging-x86_64/ipop3 (rev 0) +++ staging-x86_64/ipop3 2017-02-11 18:41:12 UTC (rev 288684) @@ -0,0 +1,10 @@ +service pop3 +{ + socket_type = stream + wait = no + user = root + server = /usr/bin/ipop3d + log_on_success += HOST DURATION + log_on_failure += HOST + disable = yes +}