Hello community, here is the log from the commit of package imap for openSUSE:Factory checked in at 2017-07-07 10:16:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/imap (Old) and /work/SRC/openSUSE:Factory/.imap.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "imap" Fri Jul 7 10:16:07 2017 rev:20 rq:508335 version:2007e_suse Changes: -------- --- /work/SRC/openSUSE:Factory/imap/imap.changes 2016-03-29 09:56:08.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.imap.new/imap.changes 2017-07-07 10:16:07.805687480 +0200 @@ -1,0 +2,10 @@ +Tue Jul 4 10:48:02 UTC 2017 - tchva...@suse.com + +- Rename README.SuSE to README.SUSE +- Cleanup with spec-cleaner +- Add patches from RH and Debian: + * imap-2007e-poll.patch + * imap-2007f-format-security.patch + * imap-openssl-1.1.patch + +------------------------------------------------------------------- Old: ---- README.SuSE New: ---- README.SUSE imap-2007e-poll.patch imap-2007f-format-security.patch imap-openssl-1.1.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imap.spec ++++++ --- /var/tmp/diff_new_pack.5fZDD6/_old 2017-07-07 10:16:08.949525630 +0200 +++ /var/tmp/diff_new_pack.5fZDD6/_new 2017-07-07 10:16:08.957524498 +0200 @@ -1,7 +1,7 @@ # # spec file for package imap # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,14 +17,14 @@ Name: imap +Version: 2007e_suse +Release: 0 Summary: IMAP4, POP2, and POP3 Mail Server License: Apache-2.0 Group: Productivity/Networking/Email/Servers -Version: 2007e_suse -Release: 0 Url: http://www.washington.edu/imap/ Source0: %{name}-2007e.tar.bz2 -Source1: README.SuSE +Source1: README.SUSE # pam config Source2: %{name}.pamd Source3: pop.pamd @@ -32,74 +32,52 @@ Source4: %{name}.xinetd # c-client config Source5: c-client.cf -Source6: %name.firewall +Source6: %{name}.firewall Source100: %{name}.rpmlintrc Patch0: %{name}-2001a-include.diff Patch1: %{name}-2004a-doc.diff Patch2: %{name}-2002e-ssl.diff Patch3: %{name}-2004-cflags.diff Patch4: %{name}-2001a-overflow.diff -#Patch5: %{name}-2002c-c++.patch Patch5: %{name}-2007e-c++.patch -#Patch6: %{name}-2006c1.diff Patch6: %{name}-2007e.patch Patch7: imap-openssl.patch Patch8: imap-implicit-decls.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build -PreReq: bash /bin/echo /bin/mv +Patch9: imap-2007e-poll.patch +Patch10: imap-2007f-format-security.patch +Patch11: imap-openssl-1.1.patch BuildRequires: openssl-devel BuildRequires: pam-devel -%if 0%{?suse_version} >= 1100 -BuildRequires: fdupes -%endif Requires: inet-daemon Requires: pam +BuildRequires: fdupes %description This package contains IMAP4, POP2, and POP3 mail servers. -After installation, activate the servers in the file /etc/inetd.conf. - - - -Authors: --------- - Mark Crispin <m...@cac.washington.edu> +After installation, activate the servers in the file %{_sysconfdir}/inetd.conf. %package -n libc-client2007e_suse Summary: IMAP4rev1/c-client Development Environment License: BSD-3-Clause Group: Development/Libraries/C and C++ -Provides: %{name}-devel:/usr/lib/libc-client.so %description -n libc-client2007e_suse This package contains the libraries for IMAP client programs. - - -Authors: --------- - Mark Crispin <m...@cac.washington.edu> - %package devel Summary: IMAP4rev1/c-client Development Environment License: BSD-3-Clause Group: Development/Libraries/C and C++ -#Requires: %{name}-lib = %version +Provides: libc-client-devel = %{version} Requires: libc-client2007e_suse = %{version} %description devel This package contains the libraries and header files for IMAP client programs. - - -Authors: --------- - Mark Crispin <m...@cac.washington.edu> - %prep -%setup -n %{name}-2007e +%setup -q -n %{name}-2007e %patch0 %patch1 %patch2 @@ -109,92 +87,85 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 #K & R declarations of errno won't work anymore.. #it a no longer an integer but a macro that expands to a function call find -type f -name "*.[h,c]" -exec sed -i -e '/extern int errno;/d' {} + %build -export CFLAGS="$RPM_OPT_FLAGS -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_SSL_INTERN -DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing -fstack-protector" -make lnp MYCFLAGS="$CFLAGS" SSLTYPE=nopwd IP=6 -make lnp c-client +export CFLAGS="%{optflags} -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_SSL_INTERN -DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing -fstack-protector" +make %{?_smp_mflags} lnp MYCFLAGS="$CFLAGS" SSLTYPE=nopwd IP=6 +make %{?_smp_mflags} lnp c-client gcc $CFLAGS -shared -Wl,-soname,libc-client.so.%{version} -o libc-client.so.%{version} c-client/*.o -lpam %install -mkdir -p $RPM_BUILD_ROOT/usr/{sbin,share/man/man8,share/doc/packages/imap} -mkdir -p $RPM_BUILD_ROOT/etc/pam.d -install -m 755 imapd/imapd ipopd/ipop2d ipopd/ipop3d mtest/mtest $RPM_BUILD_ROOT/usr/sbin/ -install -m 644 $RPM_SOURCE_DIR/%{name}.pamd ${RPM_BUILD_ROOT}/etc/pam.d/%{name} -install -m 644 $RPM_SOURCE_DIR/pop.pamd ${RPM_BUILD_ROOT}/etc/pam.d/pop -install -m 644 -D $RPM_SOURCE_DIR/%{name}.xinetd $RPM_BUILD_ROOT/etc/xinetd.d/%{name} -install -m 644 $RPM_SOURCE_DIR/c-client.cf ${RPM_BUILD_ROOT}/etc/c-client.cf -install -m 644 src/imapd/imapd.8 $RPM_BUILD_ROOT/usr/share/man/man8/imapd.8 -install -m 644 src/ipopd/ipopd.8 $RPM_BUILD_ROOT/usr/share/man/man8/ipopd.8 -install -m 644 $RPM_SOURCE_DIR/README.SuSE $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/ -install -m 644 CONTENTS README docs/RELNOTES $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/ -install -m 644 docs/{FAQ,bugs,imaprc,md5,naming,drivers}.txt $RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/ -mkdir -p $RPM_BUILD_ROOT/%{_includedir}/%{name} -cp src/osdep/tops-20/*.h $RPM_BUILD_ROOT/%{_includedir}/%{name} -cp src/osdep/unix/*.h $RPM_BUILD_ROOT/%{_includedir}/%{name} -cp src/c-client/*.h $RPM_BUILD_ROOT/%{_includedir}/%{name} -cp c-client/linkage.{h,c} $RPM_BUILD_ROOT/%{_includedir}/%{name} -cp c-client/osdep.h $RPM_BUILD_ROOT/%{_includedir}/%{name} -mkdir -p $RPM_BUILD_ROOT/%{_libdir} -install -m 644 c-client/c-client.a $RPM_BUILD_ROOT/%{_libdir}/libc-client.a -ln -sf libc-client.a $RPM_BUILD_ROOT/%{_libdir}/c-client.a -install -m 755 libc-client.so.%{version} $RPM_BUILD_ROOT/%{_libdir}/ -ln -sf libc-client.so.%{version} $RPM_BUILD_ROOT/%{_libdir}/libc-client.so -ln -sf ../usr/sbin/imapd $RPM_BUILD_ROOT/etc/rimapd -ln -sf ../usr/sbin/ipop3d $RPM_BUILD_ROOT/etc/rpop3d -ln -sf ../usr/sbin/ipop2d $RPM_BUILD_ROOT/etc/rpop2d -install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ -install -m 644 %{S:6} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} -# rpmlint -%if 0%{?suse_version} >= 1100 -%fdupes $RPM_BUILD_ROOT%{_includedir} -%endif +mkdir -p %{buildroot}%{_prefix}/{sbin,share/man/man8,share/doc/packages/imap} +mkdir -p %{buildroot}%{_sysconfdir}/pam.d +install -m 755 imapd/imapd ipopd/ipop2d ipopd/ipop3d mtest/mtest %{buildroot}%{_sbindir}/ +install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/%{name} +install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/pop +install -m 644 -D %{SOURCE4} %{buildroot}%{_sysconfdir}/xinetd.d/%{name} +install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/c-client.cf +install -m 644 src/imapd/imapd.8 %{buildroot}%{_mandir}/man8/imapd.8 +install -m 644 src/ipopd/ipopd.8 %{buildroot}%{_mandir}/man8/ipopd.8 +install -m 644 %{SOURCE1} %{buildroot}%{_docdir}/%{name}/ +install -m 644 CONTENTS README docs/RELNOTES %{buildroot}%{_docdir}/%{name}/ +install -m 644 docs/{FAQ,bugs,imaprc,md5,naming,drivers}.txt %{buildroot}%{_docdir}/%{name}/ +mkdir -p %{buildroot}/%{_includedir}/%{name} +cp src/osdep/tops-20/*.h %{buildroot}/%{_includedir}/%{name} +cp src/osdep/unix/*.h %{buildroot}/%{_includedir}/%{name} +cp src/c-client/*.h %{buildroot}/%{_includedir}/%{name} +cp c-client/linkage.{h,c} %{buildroot}/%{_includedir}/%{name} +cp c-client/osdep.h %{buildroot}/%{_includedir}/%{name} +mkdir -p %{buildroot}/%{_libdir} +install -m 644 c-client/c-client.a %{buildroot}/%{_libdir}/libc-client.a +ln -sf libc-client.a %{buildroot}/%{_libdir}/c-client.a +install -m 755 libc-client.so.%{version} %{buildroot}/%{_libdir}/ +ln -sf libc-client.so.%{version} %{buildroot}/%{_libdir}/libc-client.so +ln -sf ..%{_sbindir}/imapd %{buildroot}%{_sysconfdir}/rimapd +ln -sf ..%{_sbindir}/ipop3d %{buildroot}%{_sysconfdir}/rpop3d +ln -sf ..%{_sbindir}/ipop2d %{buildroot}%{_sysconfdir}/rpop2d +install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ +install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} +%fdupes %{buildroot}%{_includedir} %post -if [ -f /usr/share/ssl/certs/imapd.pem ] ; then - if [ ! -f /etc/ssl/certs/imapd.pem ] ; then - echo "moving imapd certificate to /etc/ssl/certs" - mv /usr/share/ssl/certs/imapd.pem /etc/ssl/certs/ +if [ -f %{_datadir}/ssl/certs/imapd.pem ] ; then + if [ ! -f %{_sysconfdir}/ssl/certs/imapd.pem ] ; then + echo "moving imapd certificate to %{_sysconfdir}/ssl/certs" + mv %{_datadir}/ssl/certs/imapd.pem %{_sysconfdir}/ssl/certs/ fi fi -if [ -f /usr/share/ssl/certs/ipop3d.pem ] ; then - if [ ! -f /etc/ssl/certs/ipop3d.pem ] ; then - echo "moving ipop3d certificate to /etc/ssl/certs" - mv /usr/share/ssl/certs/ipop3d.pem /etc/ssl/certs/ +if [ -f %{_datadir}/ssl/certs/ipop3d.pem ] ; then + if [ ! -f %{_sysconfdir}/ssl/certs/ipop3d.pem ] ; then + echo "moving ipop3d certificate to %{_sysconfdir}/ssl/certs" + mv %{_datadir}/ssl/certs/ipop3d.pem %{_sysconfdir}/ssl/certs/ fi fi %post -n libc-client2007e_suse -p /sbin/ldconfig - %postun -n libc-client2007e_suse -p /sbin/ldconfig -%clean -rm -rf $RPM_BUILD_ROOT - %files -%defattr (-,root,root) -/usr/sbin/* -/usr/share/man/man8/* -%config /etc/pam.d/* -%config(noreplace) /etc/xinetd.d/%{name} -/etc/rimapd -/etc/rpop3d -/etc/rpop2d -%doc /usr/share/doc/packages/%{name} +%{_sbindir}/* +%{_mandir}/man8/* +%config %{_sysconfdir}/pam.d/* +%config(noreplace) %{_sysconfdir}/xinetd.d/%{name} +%{_sysconfdir}/rimapd +%{_sysconfdir}/rpop3d +%{_sysconfdir}/rpop2d +%doc %{_docdir}/%{name} %files -n libc-client2007e_suse -%defattr (-,root,root) -%config(noreplace) /etc/c-client.cf +%config(noreplace) %{_sysconfdir}/c-client.cf %{_libdir}/*.so %{_libdir}/*.so.* %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} %files devel -%defattr (-,root,root) %{_libdir}/*.a %{_includedir}/%{name} ++++++ README.SUSE ++++++ README.SuSE for imap ==================== Even when this package is installed the servers are not activated automatically. If you are sure you want to have this IMAP or POP server running, please refer to the documentation in this directory on how to set up /etc/inetd.conf or /etc/xinetd.d/imap so they are used. For TLS/SSL encrypted connections (you most likely want these as plain password authentication is only allowed for those) you have to install a certificate imapd.pem and/or ipop3d in /etc/ssl/certs. If you don't have a certificate you can generate a self-signed certificate with the following commands: cd /etc/ssl/certs openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem openssl req -new -x509 -nodes -out ipop3d.pem -keyout ipop3d.pem As the Common Name you must either enter the DNS name or IP address of your mail server. Note that a certificate is only valid for a limited time. Have a lot of fun... ++++++ imap-2007e-poll.patch ++++++ http://anonscm.debian.org/cgit/collab-maint/uw-imap.git/plain/debian/patches/1005_poll.patch Description: Use poll(2) instead of select(2) to support more than 1024 file descriptors Author: Ben Smithurst <ben.smithu...@gradwell.com> Bug-Debian: https://bugs.debian.org/478193 Index: imap-2007e/src/osdep/unix/os_lnx.c =================================================================== --- imap-2007e.orig/src/osdep/unix/os_lnx.c +++ imap-2007e/src/osdep/unix/os_lnx.c @@ -42,6 +42,7 @@ extern int errno; /* just in case */ #include <pwd.h> #include "misc.h" +#include <poll.h> #include "fs_unix.c" Index: imap-2007e/src/osdep/unix/os_slx.c =================================================================== --- imap-2007e.orig/src/osdep/unix/os_slx.c +++ imap-2007e/src/osdep/unix/os_slx.c @@ -42,6 +42,7 @@ extern int errno; /* just in case */ #include <pwd.h> #include <shadow.h> #include "misc.h" +#include <poll.h> #include "fs_unix.c" Index: imap-2007e/src/osdep/unix/tcp_unix.c =================================================================== --- imap-2007e.orig/src/osdep/unix/tcp_unix.c +++ imap-2007e/src/osdep/unix/tcp_unix.c @@ -235,12 +235,11 @@ TCPSTREAM *tcp_open (char *host,char *se int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port, char *tmp,int *ctr,char *hst) { - int i,ti,sock,flgs; + int i,ti,sock,flgs,tmo; + struct pollfd pfd; size_t len; time_t now; struct protoent *pt = getprotobyname ("tcp"); - fd_set fds,efds; - struct timeval tmo; struct sockaddr *sadr = ip_sockaddr (family,adr,adrlen,port,&len); blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL); /* fetid Solaris */ @@ -252,14 +251,6 @@ int tcp_socket_open (int family,void *ad sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno)); (*bn) (BLOCK_NONSENSITIVE,data); } - else if (sock >= FD_SETSIZE) {/* unselectable sockets are useless */ - sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)", - sock,FD_SETSIZE); - (*bn) (BLOCK_NONSENSITIVE,data); - close (sock); - sock = -1; - errno = EMFILE; - } else { /* get current socket flags */ flgs = fcntl (sock,F_GETFL,0); @@ -284,14 +275,11 @@ int tcp_socket_open (int family,void *ad if ((sock >= 0) && ctr) { /* want open timeout? */ now = time (0); /* open timeout */ ti = ttmo_open ? now + ttmo_open : 0; - tmo.tv_usec = 0; - FD_ZERO (&fds); /* initialize selection vector */ - FD_ZERO (&efds); /* handle errors too */ - FD_SET (sock,&fds); /* block for error or readable */ - FD_SET (sock,&efds); + pfd.fd = sock; + pfd.events = POLLIN | POLLOUT; do { /* block under timeout */ - tmo.tv_sec = ti ? ti - now : 0; - i = select (sock+1,&fds,NIL,&efds,ti ? &tmo : NIL); + tmo = ti ? ti - now : 0; + i = poll (&pfd, 1, ti ? tmo * 1000 : -1); now = time (0); /* fake timeout if interrupt & time expired */ if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0; } while ((i < 0) && (errno == EINTR)); @@ -543,9 +531,8 @@ long tcp_getbuffer (TCPSTREAM *stream,un stream->ictr -=n; } if (size) { - int i; - fd_set fds,efds; - struct timeval tmo; + int i, tmo; + struct pollfd pfd; time_t t = time (0); blocknotify_t bn=(blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL); (*bn) (BLOCK_TCPREAD,NIL); @@ -554,16 +541,13 @@ long tcp_getbuffer (TCPSTREAM *stream,un time_t now = tl; time_t ti = ttmo_read ? now + ttmo_read : 0; if (tcpdebug) mm_log ("Reading TCP buffer",TCPDEBUG); - tmo.tv_usec = 0; - FD_ZERO (&fds); /* initialize selection vector */ - FD_ZERO (&efds); /* handle errors too */ - /* set bit in selection vectors */ - FD_SET (stream->tcpsi,&fds); - FD_SET (stream->tcpsi,&efds); + + pfd.events = POLLIN; + pfd.fd = stream->tcpsi; errno = NIL; /* initially no error */ do { /* block under timeout */ - tmo.tv_sec = ti ? ti - now : 0; - i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL); + tmo = ti ? ti - now : 0; + i = poll (&pfd, 1, ti ? tmo * 1000 : -1); now = time (0); /* fake timeout if interrupt & time expired */ if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0; } while ((i < 0) && (errno == EINTR)); @@ -603,9 +587,8 @@ long tcp_getbuffer (TCPSTREAM *stream,un long tcp_getdata (TCPSTREAM *stream) { - int i; - fd_set fds,efds; - struct timeval tmo; + int i, tmo; + struct pollfd pfd; time_t t = time (0); blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL); if (stream->tcpsi < 0) return NIL; @@ -615,15 +598,12 @@ long tcp_getdata (TCPSTREAM *stream) time_t now = tl; time_t ti = ttmo_read ? now + ttmo_read : 0; if (tcpdebug) mm_log ("Reading TCP data",TCPDEBUG); - tmo.tv_usec = 0; - FD_ZERO (&fds); /* initialize selection vector */ - FD_ZERO (&efds); /* handle errors too */ - FD_SET (stream->tcpsi,&fds);/* set bit in selection vectors */ - FD_SET (stream->tcpsi,&efds); + pfd.fd = stream->tcpsi; + pfd.events = POLLIN; errno = NIL; /* initially no error */ do { /* block under timeout */ - tmo.tv_sec = ti ? ti - now : 0; - i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL); + tmo = ti ? ti - now : 0; + i = poll (&pfd, 1, ti ? tmo * 1000 : -1); now = time (0); /* fake timeout if interrupt & time expired */ if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0; } while ((i < 0) && (errno == EINTR)); @@ -675,9 +655,8 @@ long tcp_soutr (TCPSTREAM *stream,char * long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size) { - int i; - fd_set fds,efds; - struct timeval tmo; + int i, tmo; + struct pollfd pfd; time_t t = time (0); blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL); if (stream->tcpso < 0) return NIL; @@ -687,15 +666,12 @@ long tcp_sout (TCPSTREAM *stream,char *s time_t now = tl; time_t ti = ttmo_write ? now + ttmo_write : 0; if (tcpdebug) mm_log ("Writing to TCP",TCPDEBUG); - tmo.tv_usec = 0; - FD_ZERO (&fds); /* initialize selection vector */ - FD_ZERO (&efds); /* handle errors too */ - FD_SET (stream->tcpso,&fds);/* set bit in selection vector */ - FD_SET(stream->tcpso,&efds);/* set bit in error selection vector */ + pfd.fd = stream->tcpso; + pfd.events = POLLOUT; errno = NIL; /* block and write */ do { /* block under timeout */ - tmo.tv_sec = ti ? ti - now : 0; - i = select (stream->tcpso+1,NIL,&fds,&efds,ti ? &tmo : NIL); + tmo = ti ? ti - now : 0; + i = poll (&pfd, 1, ti ? tmo * 1000 : -1); now = time (0); /* fake timeout if interrupt & time expired */ if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0; } while ((i < 0) && (errno == EINTR)); ++++++ imap-2007f-format-security.patch ++++++ diff -Naur imap-2007f.orig/src/osdep/unix/flocklnx.c imap-2007f/src/osdep/unix/flocklnx.c --- imap-2007f.orig/src/osdep/unix/flocklnx.c 2011-07-23 02:20:11.000000000 +0200 +++ imap-2007f/src/osdep/unix/flocklnx.c 2014-04-14 19:17:46.429000000 +0200 @@ -57,7 +57,7 @@ case ENOLCK: /* lock table is full */ sprintf (tmp,"File locking failure: %s",strerror (errno)); mm_log (tmp,WARN); /* give the user a warning of what happened */ - if (!logged++) syslog (LOG_ERR,tmp); + if (!logged++) syslog (LOG_ERR, "%s", tmp); /* return failure if non-blocking lock */ if (op & LOCK_NB) return -1; sleep (5); /* slow down in case it loops */ ++++++ imap-openssl-1.1.patch ++++++ Description: Support OpenSSL 1.1 When building with OpenSSL 1.1 and newer, use the new built-in hostname verification instead of code that doesn't compile due to structs having been made opaque. Bug-Debian: https://bugs.debian.org/828589 --- a/src/osdep/unix/ssl_unix.c +++ b/src/osdep/unix/ssl_unix.c @@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM * /* disable certificate validation? */ if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); - else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + else { +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); + X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + X509_VERIFY_PARAM_set1_host(param, host, 0); +#endif + + SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); /* set default paths to CAs... */ + } SSL_CTX_set_default_verify_paths (stream->context); /* ...unless a non-standard path desired */ if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) @@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM * if (SSL_write (stream->con,"",0) < 0) return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; /* need to validate host names? */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 if (!(flags & NET_NOVALIDATECERT) && (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), host))) { @@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM * sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); return ssl_last_error = cpystr (tmp); } +#endif return NIL; } @@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_ * Returns: NIL if validated, else string of error message */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 static char *ssl_validate_cert (X509 *cert,char *host) { int i,n; @@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce else ret = "Unable to locate common name in certificate"; return ret; } +#endif /* Case-independent wildcard pattern match * Accepts: base string