Hello community,
here is the log from the commit of package imap for openSUSE:Factory checked in
at 2017-07-07 10:16:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/imap (Old)
and /work/SRC/openSUSE:Factory/.imap.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "imap"
Fri Jul 7 10:16:07 2017 rev:20 rq:508335 version:2007e_suse
Changes:
--------
--- /work/SRC/openSUSE:Factory/imap/imap.changes 2016-03-29
09:56:08.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.imap.new/imap.changes 2017-07-07
10:16:07.805687480 +0200
@@ -1,0 +2,10 @@
+Tue Jul 4 10:48:02 UTC 2017 - tchva...@suse.com
+
+- Rename README.SuSE to README.SUSE
+- Cleanup with spec-cleaner
+- Add patches from RH and Debian:
+ * imap-2007e-poll.patch
+ * imap-2007f-format-security.patch
+ * imap-openssl-1.1.patch
+
+-------------------------------------------------------------------
Old:
----
README.SuSE
New:
----
README.SUSE
imap-2007e-poll.patch
imap-2007f-format-security.patch
imap-openssl-1.1.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ imap.spec ++++++
--- /var/tmp/diff_new_pack.5fZDD6/_old 2017-07-07 10:16:08.949525630 +0200
+++ /var/tmp/diff_new_pack.5fZDD6/_new 2017-07-07 10:16:08.957524498 +0200
@@ -1,7 +1,7 @@
#
# spec file for package imap
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,14 +17,14 @@
Name: imap
+Version: 2007e_suse
+Release: 0
Summary: IMAP4, POP2, and POP3 Mail Server
License: Apache-2.0
Group: Productivity/Networking/Email/Servers
-Version: 2007e_suse
-Release: 0
Url: http://www.washington.edu/imap/
Source0: %{name}-2007e.tar.bz2
-Source1: README.SuSE
+Source1: README.SUSE
# pam config
Source2: %{name}.pamd
Source3: pop.pamd
@@ -32,74 +32,52 @@
Source4: %{name}.xinetd
# c-client config
Source5: c-client.cf
-Source6: %name.firewall
+Source6: %{name}.firewall
Source100: %{name}.rpmlintrc
Patch0: %{name}-2001a-include.diff
Patch1: %{name}-2004a-doc.diff
Patch2: %{name}-2002e-ssl.diff
Patch3: %{name}-2004-cflags.diff
Patch4: %{name}-2001a-overflow.diff
-#Patch5: %{name}-2002c-c++.patch
Patch5: %{name}-2007e-c++.patch
-#Patch6: %{name}-2006c1.diff
Patch6: %{name}-2007e.patch
Patch7: imap-openssl.patch
Patch8: imap-implicit-decls.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-PreReq: bash /bin/echo /bin/mv
+Patch9: imap-2007e-poll.patch
+Patch10: imap-2007f-format-security.patch
+Patch11: imap-openssl-1.1.patch
BuildRequires: openssl-devel
BuildRequires: pam-devel
-%if 0%{?suse_version} >= 1100
-BuildRequires: fdupes
-%endif
Requires: inet-daemon
Requires: pam
+BuildRequires: fdupes
%description
This package contains IMAP4, POP2, and POP3 mail servers.
-After installation, activate the servers in the file /etc/inetd.conf.
-
-
-
-Authors:
---------
- Mark Crispin <m...@cac.washington.edu>
+After installation, activate the servers in the file %{_sysconfdir}/inetd.conf.
%package -n libc-client2007e_suse
Summary: IMAP4rev1/c-client Development Environment
License: BSD-3-Clause
Group: Development/Libraries/C and C++
-Provides: %{name}-devel:/usr/lib/libc-client.so
%description -n libc-client2007e_suse
This package contains the libraries for IMAP client programs.
-
-
-Authors:
---------
- Mark Crispin <m...@cac.washington.edu>
-
%package devel
Summary: IMAP4rev1/c-client Development Environment
License: BSD-3-Clause
Group: Development/Libraries/C and C++
-#Requires: %{name}-lib = %version
+Provides: libc-client-devel = %{version}
Requires: libc-client2007e_suse = %{version}
%description devel
This package contains the libraries and header files for IMAP client
programs.
-
-
-Authors:
---------
- Mark Crispin <m...@cac.washington.edu>
-
%prep
-%setup -n %{name}-2007e
+%setup -q -n %{name}-2007e
%patch0
%patch1
%patch2
@@ -109,92 +87,85 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
#K & R declarations of errno won't work anymore..
#it a no longer an integer but a macro that expands to a function call
find -type f -name "*.[h,c]" -exec sed -i -e '/extern int errno;/d' {} +
%build
-export CFLAGS="$RPM_OPT_FLAGS -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_SSL_INTERN
-DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing -fstack-protector"
-make lnp MYCFLAGS="$CFLAGS" SSLTYPE=nopwd IP=6
-make lnp c-client
+export CFLAGS="%{optflags} -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_SSL_INTERN
-DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing -fstack-protector"
+make %{?_smp_mflags} lnp MYCFLAGS="$CFLAGS" SSLTYPE=nopwd IP=6
+make %{?_smp_mflags} lnp c-client
gcc $CFLAGS -shared -Wl,-soname,libc-client.so.%{version} -o
libc-client.so.%{version} c-client/*.o -lpam
%install
-mkdir -p $RPM_BUILD_ROOT/usr/{sbin,share/man/man8,share/doc/packages/imap}
-mkdir -p $RPM_BUILD_ROOT/etc/pam.d
-install -m 755 imapd/imapd ipopd/ipop2d ipopd/ipop3d mtest/mtest
$RPM_BUILD_ROOT/usr/sbin/
-install -m 644 $RPM_SOURCE_DIR/%{name}.pamd ${RPM_BUILD_ROOT}/etc/pam.d/%{name}
-install -m 644 $RPM_SOURCE_DIR/pop.pamd ${RPM_BUILD_ROOT}/etc/pam.d/pop
-install -m 644 -D $RPM_SOURCE_DIR/%{name}.xinetd
$RPM_BUILD_ROOT/etc/xinetd.d/%{name}
-install -m 644 $RPM_SOURCE_DIR/c-client.cf ${RPM_BUILD_ROOT}/etc/c-client.cf
-install -m 644 src/imapd/imapd.8 $RPM_BUILD_ROOT/usr/share/man/man8/imapd.8
-install -m 644 src/ipopd/ipopd.8 $RPM_BUILD_ROOT/usr/share/man/man8/ipopd.8
-install -m 644 $RPM_SOURCE_DIR/README.SuSE
$RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/
-install -m 644 CONTENTS README docs/RELNOTES
$RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/
-install -m 644 docs/{FAQ,bugs,imaprc,md5,naming,drivers}.txt
$RPM_BUILD_ROOT/usr/share/doc/packages/%{name}/
-mkdir -p $RPM_BUILD_ROOT/%{_includedir}/%{name}
-cp src/osdep/tops-20/*.h $RPM_BUILD_ROOT/%{_includedir}/%{name}
-cp src/osdep/unix/*.h $RPM_BUILD_ROOT/%{_includedir}/%{name}
-cp src/c-client/*.h $RPM_BUILD_ROOT/%{_includedir}/%{name}
-cp c-client/linkage.{h,c} $RPM_BUILD_ROOT/%{_includedir}/%{name}
-cp c-client/osdep.h $RPM_BUILD_ROOT/%{_includedir}/%{name}
-mkdir -p $RPM_BUILD_ROOT/%{_libdir}
-install -m 644 c-client/c-client.a $RPM_BUILD_ROOT/%{_libdir}/libc-client.a
-ln -sf libc-client.a $RPM_BUILD_ROOT/%{_libdir}/c-client.a
-install -m 755 libc-client.so.%{version} $RPM_BUILD_ROOT/%{_libdir}/
-ln -sf libc-client.so.%{version} $RPM_BUILD_ROOT/%{_libdir}/libc-client.so
-ln -sf ../usr/sbin/imapd $RPM_BUILD_ROOT/etc/rimapd
-ln -sf ../usr/sbin/ipop3d $RPM_BUILD_ROOT/etc/rpop3d
-ln -sf ../usr/sbin/ipop2d $RPM_BUILD_ROOT/etc/rpop2d
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
-install -m 644 %{S:6}
$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
-# rpmlint
-%if 0%{?suse_version} >= 1100
-%fdupes $RPM_BUILD_ROOT%{_includedir}
-%endif
+mkdir -p %{buildroot}%{_prefix}/{sbin,share/man/man8,share/doc/packages/imap}
+mkdir -p %{buildroot}%{_sysconfdir}/pam.d
+install -m 755 imapd/imapd ipopd/ipop2d ipopd/ipop3d mtest/mtest
%{buildroot}%{_sbindir}/
+install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/%{name}
+install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/pop
+install -m 644 -D %{SOURCE4} %{buildroot}%{_sysconfdir}/xinetd.d/%{name}
+install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/c-client.cf
+install -m 644 src/imapd/imapd.8 %{buildroot}%{_mandir}/man8/imapd.8
+install -m 644 src/ipopd/ipopd.8 %{buildroot}%{_mandir}/man8/ipopd.8
+install -m 644 %{SOURCE1} %{buildroot}%{_docdir}/%{name}/
+install -m 644 CONTENTS README docs/RELNOTES %{buildroot}%{_docdir}/%{name}/
+install -m 644 docs/{FAQ,bugs,imaprc,md5,naming,drivers}.txt
%{buildroot}%{_docdir}/%{name}/
+mkdir -p %{buildroot}/%{_includedir}/%{name}
+cp src/osdep/tops-20/*.h %{buildroot}/%{_includedir}/%{name}
+cp src/osdep/unix/*.h %{buildroot}/%{_includedir}/%{name}
+cp src/c-client/*.h %{buildroot}/%{_includedir}/%{name}
+cp c-client/linkage.{h,c} %{buildroot}/%{_includedir}/%{name}
+cp c-client/osdep.h %{buildroot}/%{_includedir}/%{name}
+mkdir -p %{buildroot}/%{_libdir}
+install -m 644 c-client/c-client.a %{buildroot}/%{_libdir}/libc-client.a
+ln -sf libc-client.a %{buildroot}/%{_libdir}/c-client.a
+install -m 755 libc-client.so.%{version} %{buildroot}/%{_libdir}/
+ln -sf libc-client.so.%{version} %{buildroot}/%{_libdir}/libc-client.so
+ln -sf ..%{_sbindir}/imapd %{buildroot}%{_sysconfdir}/rimapd
+ln -sf ..%{_sbindir}/ipop3d %{buildroot}%{_sysconfdir}/rpop3d
+ln -sf ..%{_sbindir}/ipop2d %{buildroot}%{_sysconfdir}/rpop2d
+install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
+install -m 644 %{SOURCE6}
%{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
+%fdupes %{buildroot}%{_includedir}
%post
-if [ -f /usr/share/ssl/certs/imapd.pem ] ; then
- if [ ! -f /etc/ssl/certs/imapd.pem ] ; then
- echo "moving imapd certificate to /etc/ssl/certs"
- mv /usr/share/ssl/certs/imapd.pem /etc/ssl/certs/
+if [ -f %{_datadir}/ssl/certs/imapd.pem ] ; then
+ if [ ! -f %{_sysconfdir}/ssl/certs/imapd.pem ] ; then
+ echo "moving imapd certificate to %{_sysconfdir}/ssl/certs"
+ mv %{_datadir}/ssl/certs/imapd.pem %{_sysconfdir}/ssl/certs/
fi
fi
-if [ -f /usr/share/ssl/certs/ipop3d.pem ] ; then
- if [ ! -f /etc/ssl/certs/ipop3d.pem ] ; then
- echo "moving ipop3d certificate to /etc/ssl/certs"
- mv /usr/share/ssl/certs/ipop3d.pem /etc/ssl/certs/
+if [ -f %{_datadir}/ssl/certs/ipop3d.pem ] ; then
+ if [ ! -f %{_sysconfdir}/ssl/certs/ipop3d.pem ] ; then
+ echo "moving ipop3d certificate to %{_sysconfdir}/ssl/certs"
+ mv %{_datadir}/ssl/certs/ipop3d.pem %{_sysconfdir}/ssl/certs/
fi
fi
%post -n libc-client2007e_suse -p /sbin/ldconfig
-
%postun -n libc-client2007e_suse -p /sbin/ldconfig
-%clean
-rm -rf $RPM_BUILD_ROOT
-
%files
-%defattr (-,root,root)
-/usr/sbin/*
-/usr/share/man/man8/*
-%config /etc/pam.d/*
-%config(noreplace) /etc/xinetd.d/%{name}
-/etc/rimapd
-/etc/rpop3d
-/etc/rpop2d
-%doc /usr/share/doc/packages/%{name}
+%{_sbindir}/*
+%{_mandir}/man8/*
+%config %{_sysconfdir}/pam.d/*
+%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
+%{_sysconfdir}/rimapd
+%{_sysconfdir}/rpop3d
+%{_sysconfdir}/rpop2d
+%doc %{_docdir}/%{name}
%files -n libc-client2007e_suse
-%defattr (-,root,root)
-%config(noreplace) /etc/c-client.cf
+%config(noreplace) %{_sysconfdir}/c-client.cf
%{_libdir}/*.so
%{_libdir}/*.so.*
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%files devel
-%defattr (-,root,root)
%{_libdir}/*.a
%{_includedir}/%{name}
++++++ README.SUSE ++++++
README.SuSE for imap
====================
Even when this package is installed the servers are not activated
automatically. If you are sure you want to have this IMAP or POP
server running, please refer to the documentation in this directory on
how to set up /etc/inetd.conf or /etc/xinetd.d/imap so they are used.
For TLS/SSL encrypted connections (you most likely want these as plain
password authentication is only allowed for those) you have to install
a certificate imapd.pem and/or ipop3d in /etc/ssl/certs. If you don't
have a certificate you can generate a self-signed certificate with the
following commands:
cd /etc/ssl/certs
openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem
openssl req -new -x509 -nodes -out ipop3d.pem -keyout ipop3d.pem
As the Common Name you must either enter the DNS name or IP address of
your mail server. Note that a certificate is only valid for a limited
time.
Have a lot of fun...
++++++ imap-2007e-poll.patch ++++++
http://anonscm.debian.org/cgit/collab-maint/uw-imap.git/plain/debian/patches/1005_poll.patch
Description: Use poll(2) instead of select(2) to support more than 1024 file
descriptors
Author: Ben Smithurst <ben.smithu...@gradwell.com>
Bug-Debian: https://bugs.debian.org/478193
Index: imap-2007e/src/osdep/unix/os_lnx.c
===================================================================
--- imap-2007e.orig/src/osdep/unix/os_lnx.c
+++ imap-2007e/src/osdep/unix/os_lnx.c
@@ -42,6 +42,7 @@
extern int errno; /* just in case */
#include <pwd.h>
#include "misc.h"
+#include <poll.h>
#include "fs_unix.c"
Index: imap-2007e/src/osdep/unix/os_slx.c
===================================================================
--- imap-2007e.orig/src/osdep/unix/os_slx.c
+++ imap-2007e/src/osdep/unix/os_slx.c
@@ -42,6 +42,7 @@ extern int errno; /* just in case */
#include <pwd.h>
#include <shadow.h>
#include "misc.h"
+#include <poll.h>
#include "fs_unix.c"
Index: imap-2007e/src/osdep/unix/tcp_unix.c
===================================================================
--- imap-2007e.orig/src/osdep/unix/tcp_unix.c
+++ imap-2007e/src/osdep/unix/tcp_unix.c
@@ -235,12 +235,11 @@ TCPSTREAM *tcp_open (char *host,char *se
int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
char *tmp,int *ctr,char *hst)
{
- int i,ti,sock,flgs;
+ int i,ti,sock,flgs,tmo;
+ struct pollfd pfd;
size_t len;
time_t now;
struct protoent *pt = getprotobyname ("tcp");
- fd_set fds,efds;
- struct timeval tmo;
struct sockaddr *sadr = ip_sockaddr (family,adr,adrlen,port,&len);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
/* fetid Solaris */
@@ -252,14 +251,6 @@ int tcp_socket_open (int family,void *ad
sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
(*bn) (BLOCK_NONSENSITIVE,data);
}
- else if (sock >= FD_SETSIZE) {/* unselectable sockets are useless */
- sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
- sock,FD_SETSIZE);
- (*bn) (BLOCK_NONSENSITIVE,data);
- close (sock);
- sock = -1;
- errno = EMFILE;
- }
�
else { /* get current socket flags */
flgs = fcntl (sock,F_GETFL,0);
@@ -284,14 +275,11 @@ int tcp_socket_open (int family,void *ad
if ((sock >= 0) && ctr) { /* want open timeout? */
now = time (0); /* open timeout */
ti = ttmo_open ? now + ttmo_open : 0;
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- FD_SET (sock,&fds); /* block for error or readable */
- FD_SET (sock,&efds);
+ pfd.fd = sock;
+ pfd.events = POLLIN | POLLOUT;
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (sock+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@@ -543,9 +531,8 @@ long tcp_getbuffer (TCPSTREAM *stream,un
stream->ictr -=n;
}
if (size) {
- int i;
- fd_set fds,efds;
- struct timeval tmo;
+ int i, tmo;
+ struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn=(blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
(*bn) (BLOCK_TCPREAD,NIL);
@@ -554,16 +541,13 @@ long tcp_getbuffer (TCPSTREAM *stream,un
time_t now = tl;
time_t ti = ttmo_read ? now + ttmo_read : 0;
if (tcpdebug) mm_log ("Reading TCP buffer",TCPDEBUG);
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- /* set bit in selection vectors */
- FD_SET (stream->tcpsi,&fds);
- FD_SET (stream->tcpsi,&efds);
+
+ pfd.events = POLLIN;
+ pfd.fd = stream->tcpsi;
errno = NIL; /* initially no error */
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@@ -603,9 +587,8 @@ long tcp_getbuffer (TCPSTREAM *stream,un
long tcp_getdata (TCPSTREAM *stream)
{
- int i;
- fd_set fds,efds;
- struct timeval tmo;
+ int i, tmo;
+ struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
if (stream->tcpsi < 0) return NIL;
@@ -615,15 +598,12 @@ long tcp_getdata (TCPSTREAM *stream)
time_t now = tl;
time_t ti = ttmo_read ? now + ttmo_read : 0;
if (tcpdebug) mm_log ("Reading TCP data",TCPDEBUG);
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- FD_SET (stream->tcpsi,&fds);/* set bit in selection vectors */
- FD_SET (stream->tcpsi,&efds);
+ pfd.fd = stream->tcpsi;
+ pfd.events = POLLIN;
errno = NIL; /* initially no error */
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@@ -675,9 +655,8 @@ long tcp_soutr (TCPSTREAM *stream,char *
long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
{
- int i;
- fd_set fds,efds;
- struct timeval tmo;
+ int i, tmo;
+ struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
if (stream->tcpso < 0) return NIL;
@@ -687,15 +666,12 @@ long tcp_sout (TCPSTREAM *stream,char *s
time_t now = tl;
time_t ti = ttmo_write ? now + ttmo_write : 0;
if (tcpdebug) mm_log ("Writing to TCP",TCPDEBUG);
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- FD_SET (stream->tcpso,&fds);/* set bit in selection vector */
- FD_SET(stream->tcpso,&efds);/* set bit in error selection vector */
+ pfd.fd = stream->tcpso;
+ pfd.events = POLLOUT;
errno = NIL; /* block and write */
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (stream->tcpso+1,NIL,&fds,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
++++++ imap-2007f-format-security.patch ++++++
diff -Naur imap-2007f.orig/src/osdep/unix/flocklnx.c
imap-2007f/src/osdep/unix/flocklnx.c
--- imap-2007f.orig/src/osdep/unix/flocklnx.c 2011-07-23 02:20:11.000000000
+0200
+++ imap-2007f/src/osdep/unix/flocklnx.c 2014-04-14 19:17:46.429000000
+0200
@@ -57,7 +57,7 @@
case ENOLCK: /* lock table is full */
sprintf (tmp,"File locking failure: %s",strerror (errno));
mm_log (tmp,WARN); /* give the user a warning of what happened */
- if (!logged++) syslog (LOG_ERR,tmp);
+ if (!logged++) syslog (LOG_ERR, "%s", tmp);
/* return failure if non-blocking lock */
if (op & LOCK_NB) return -1;
sleep (5); /* slow down in case it loops */
++++++ imap-openssl-1.1.patch ++++++
Description: Support OpenSSL 1.1
When building with OpenSSL 1.1 and newer, use the new built-in
hostname verification instead of code that doesn't compile due to
structs having been made opaque.
Bug-Debian: https://bugs.debian.org/828589
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ else {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
+ X509_VERIFY_PARAM_set_hostflags(param,
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ X509_VERIFY_PARAM_set1_host(param, host, 0);
+#endif
+
+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
/* set default paths to CAs... */
+ }
SSL_CTX_set_default_verify_paths (stream->context);
/* ...unless a non-standard path desired */
if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
if (!(flags & NET_NOVALIDATECERT) &&
(err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
host))) {
@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
return ssl_last_error = cpystr (tmp);
}
+#endif
return NIL;
}
�
@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
* Returns: NIL if validated, else string of error message
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000
static char *ssl_validate_cert (X509 *cert,char *host)
{
int i,n;
@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
else ret = "Unable to locate common name in certificate";
return ret;
}
+#endif
�
/* Case-independent wildcard pattern match
* Accepts: base string
