Hello community, here is the log from the commit of package imap for openSUSE:Factory checked in at 2016-03-29 09:56:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/imap (Old) and /work/SRC/openSUSE:Factory/.imap.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "imap" Changes: -------- --- /work/SRC/openSUSE:Factory/imap/imap.changes 2016-03-01 09:38:34.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.imap.new/imap.changes 2016-03-29 09:56:08.000000000 +0200 @@ -1,0 +2,17 @@ +Mon Mar 14 18:25:44 UTC 2016 - crrodrig...@opensuse.org + +- spec: most C sources need removal of old K&R extern int errno; + declaration, which does not actually work with glibc where + errno is a macro that expands to a function call. +- spec: build with -DOPENSSL_NO_DEPRECATED and + -DOPENSSL_NO_SSL_INTERN to emulate as close as possible + API/ABI availability of upcoming openSSL releases. +- imap-openssl.patch: remove ephemeral RSA keys support, it is + considered insecure.openSSL 1.1 no longer supports this feature + and package will fail to build. +- imap-openssl.patch: remove code that uses insecure tmpnam() + function, it is not required on linux systems. +- imap-implicit-decls.patch: fix implicit fortify/pointer + declaration rpmlint warnings. + +------------------------------------------------------------------- New: ---- imap-implicit-decls.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imap.spec ++++++ --- /var/tmp/diff_new_pack.Zq1Lq2/_old 2016-03-29 09:56:09.000000000 +0200 +++ /var/tmp/diff_new_pack.Zq1Lq2/_new 2016-03-29 09:56:09.000000000 +0200 @@ -44,6 +44,7 @@ #Patch6: %{name}-2006c1.diff Patch6: %{name}-2007e.patch Patch7: imap-openssl.patch +Patch8: imap-implicit-decls.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: bash /bin/echo /bin/mv BuildRequires: openssl-devel @@ -107,12 +108,17 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 + +#K & R declarations of errno won't work anymore.. +#it a no longer an integer but a macro that expands to a function call +find -type f -name "*.[h,c]" -exec sed -i -e '/extern int errno;/d' {} + %build -export CFLAGS="$RPM_OPT_FLAGS -DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing -fstack-protector" +export CFLAGS="$RPM_OPT_FLAGS -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_SSL_INTERN -DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing -fstack-protector" make lnp MYCFLAGS="$CFLAGS" SSLTYPE=nopwd IP=6 make lnp c-client -gcc -shared -Wl,-soname,libc-client.so.%{version} -o libc-client.so.%{version} c-client/*.o -lpam +gcc $CFLAGS -shared -Wl,-soname,libc-client.so.%{version} -o libc-client.so.%{version} c-client/*.o -lpam %install mkdir -p $RPM_BUILD_ROOT/usr/{sbin,share/man/man8,share/doc/packages/imap} ++++++ imap-implicit-decls.patch ++++++ Index: imap-2007e/src/osdep/unix/env_unix.c =================================================================== --- imap-2007e.orig/src/osdep/unix/env_unix.c +++ imap-2007e/src/osdep/unix/env_unix.c @@ -27,6 +27,7 @@ #include <grp.h> #include <signal.h> #include <sys/wait.h> +#include <sys/file.h> /* in case stat.h is ancient */ Index: imap-2007e/src/osdep/unix/unix.c =================================================================== --- imap-2007e.orig/src/osdep/unix/unix.c +++ imap-2007e/src/osdep/unix/unix.c @@ -40,12 +40,12 @@ #include <stdio.h> #include <ctype.h> #include <errno.h> -extern int errno; /* just in case */ #include <signal.h> #include "mail.h" #include "osdep.h" #include <time.h> #include <sys/stat.h> +#include <utime.h> #include "unix.h" #include "pseudo.h" #include "fdstring.h" Index: imap-2007e/src/imapd/imapd.c =================================================================== --- imap-2007e.orig/src/imapd/imapd.c +++ imap-2007e/src/imapd/imapd.c @@ -29,7 +29,6 @@ #include <stdio.h> #include <ctype.h> #include <errno.h> -extern int errno; /* just in case */ #include <signal.h> #include <setjmp.h> #include <time.h> Index: imap-2007e/src/mtest/mtest.c =================================================================== --- imap-2007e.orig/src/mtest/mtest.c +++ imap-2007e/src/mtest/mtest.c @@ -58,7 +58,22 @@ # define MACOS 0 # endif #endif - + + +/* This is a local implementation of ISO9899:2011 K.3.5.4.1/4 + * gets_s function. a quick and dirty hack */ + +static char *mtest_gets(char *s, size_t n) +{ +#ifdef __STDC_LIB_EXT1__ + return gets_s(s, n); +#else + char *ret = fgets(s, n, stdin); + if (ret && s[strlen(s)-1] == '\n') s[strlen(s)-1] = 0; + return ret; +#endif +} + char *curhst = NIL; /* currently connected host */ char *curusr = NIL; /* current login user */ char personalname[MAILTMPLEN]; /* user's personal name */ @@ -595,7 +610,9 @@ void status (MAILSTREAM *stream) void prompt (char *msg,char *txt) { printf ("%s",msg); - gets (txt); + mtest_gets(txt, sizeof txt); + + } /* Interfaces to C-client */ @@ -779,7 +796,7 @@ void smtptest (long debug) puts (" Msg (end with a line with only a '.'):"); body->type = TYPETEXT; *text = '\0'; - while (gets (line)) { + while (mtest_gets(line, sizeof line)) { if (line[0] == '.') { if (line[1] == '\0') break; else strcat (text,"."); Index: imap-2007e/src/dmail/dmail.c =================================================================== --- imap-2007e.orig/src/dmail/dmail.c +++ imap-2007e/src/dmail/dmail.c @@ -27,9 +27,10 @@ */ #include <stdio.h> +#include <ctype.h> +#include <stdlib.h> #include <pwd.h> #include <errno.h> -extern int errno; /* just in case */ #include <sysexits.h> #include <sys/file.h> #include <sys/stat.h> Index: imap-2007e/src/mlock/mlock.c =================================================================== --- imap-2007e.orig/src/mlock/mlock.c +++ imap-2007e/src/mlock/mlock.c @@ -41,6 +41,7 @@ #include <unistd.h> #include <ctype.h> #include <string.h> +#include <time.h> #define LOCKTIMEOUT 5 /* lock timeout in minutes */ #define LOCKPROTECTION 0664 Index: imap-2007e/src/tmail/tmail.c =================================================================== --- imap-2007e.orig/src/tmail/tmail.c +++ imap-2007e/src/tmail/tmail.c @@ -29,7 +29,8 @@ #include <stdio.h> #include <pwd.h> #include <errno.h> -extern int errno; /* just in case */ +#include <ctype.h> +#include <stdlib.h> #include <sysexits.h> #include <sys/file.h> #include <sys/stat.h> ++++++ imap-openssl.patch ++++++ --- /var/tmp/diff_new_pack.Zq1Lq2/_old 2016-03-29 09:56:10.000000000 +0200 +++ /var/tmp/diff_new_pack.Zq1Lq2/_new 2016-03-29 09:56:10.000000000 +0200 @@ -1,3 +1,5 @@ +Index: imap-2007e/src/osdep/unix/ssl_unix.c +=================================================================== --- imap-2007e.orig/src/osdep/unix/ssl_unix.c +++ imap-2007e/src/osdep/unix/ssl_unix.c @@ -38,7 +38,7 @@ @@ -9,7 +11,43 @@ /* SSL I/O stream */ -@@ -219,11 +219,13 @@ static char *ssl_start_work (SSLSTREAM * +@@ -93,28 +93,13 @@ static int sslonceonly = 0; + void ssl_onceonlyinit (void) + { + if (!sslonceonly++) { /* only need to call it once */ +- int fd; +- char tmp[MAILTMPLEN]; +- struct stat sbuf; +- /* if system doesn't have /dev/urandom */ +- if (stat ("/dev/urandom",&sbuf)) { +- while ((fd = open (tmpnam (tmp),O_WRONLY|O_CREAT|O_EXCL,0600)) < 0) +- sleep (1); +- unlink (tmp); /* don't need the file */ +- fstat (fd,&sbuf); /* get information about the file */ +- close (fd); /* flush descriptor */ +- /* not great but it'll have to do */ +- sprintf (tmp + strlen (tmp),"%.80s%lx%.80s%lx%lx%lx%lx%lx", +- tcp_serveraddr (),(unsigned long) tcp_serverport (), +- tcp_clientaddr (),(unsigned long) tcp_clientport (), +- (unsigned long) sbuf.st_ino,(unsigned long) time (0), +- (unsigned long) gethostid (),(unsigned long) getpid ()); +- RAND_seed (tmp,strlen (tmp)); +- } +- /* apply runtime linkage */ +- mail_parameters (NIL,SET_SSLDRIVER,(void *) &ssldriver); +- mail_parameters (NIL,SET_SSLSTART,(void *) ssl_start); +- SSL_library_init (); /* add all algorithms */ ++ mail_parameters (NIL,SET_SSLDRIVER,(void *) &ssldriver); ++ mail_parameters (NIL,SET_SSLSTART,(void *) ssl_start); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ SSL_library_init(); ++#else ++ OPENSSL_init_ssl(0, NULL); ++#endif + } + } + +@@ -219,11 +204,13 @@ static char *ssl_start_work (SSLSTREAM * (sslclientkey_t) mail_parameters (NIL,GET_SSLCLIENTKEY,NIL); if (ssl_last_error) fs_give ((void **) &ssl_last_error); ssl_last_host = host; @@ -27,7 +65,7 @@ /* disable certificate validation? */ if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); -@@ -702,13 +704,22 @@ void ssl_server_init (char *server) +@@ -702,13 +689,22 @@ void ssl_server_init (char *server) if (stat (key,&sbuf)) strcpy (key,cert); } /* create context */ @@ -54,3 +92,44 @@ /* set cipher list */ if (!SSL_CTX_set_cipher_list (stream->context,SSLCIPHERLIST)) syslog (LOG_ALERT,"Unable to set cipher list %.80s, host=%.80s", +@@ -724,8 +720,6 @@ void ssl_server_init (char *server) + key,tcp_clienthost ()); + + else { /* generate key if needed */ +- if (SSL_CTX_need_tmp_RSA (stream->context)) +- SSL_CTX_set_tmp_rsa_callback (stream->context,ssl_genkey); + /* create new SSL connection */ + if (!(stream->con = SSL_new (stream->context))) + syslog (LOG_ALERT,"Unable to create SSL connection, host=%.80s", +@@ -760,31 +754,7 @@ void ssl_server_init (char *server) + ssl_close (stream); /* punt stream */ + exit (1); /* punt this program too */ + } +- +-/* Generate one-time key for server +- * Accepts: SSL connection +- * export flag +- * keylength +- * Returns: generated key, always +- */ + +-static RSA *ssl_genkey (SSL *con,int export,int keylength) +-{ +- unsigned long i; +- static RSA *key = NIL; +- if (!key) { /* if don't have a key already */ +- /* generate key */ +- if (!(key = RSA_generate_key (export ? keylength : 1024,RSA_F4,NIL,NIL))) { +- syslog (LOG_ALERT,"Unable to generate temp key, host=%.80s", +- tcp_clienthost ()); +- while (i = ERR_get_error ()) +- syslog (LOG_ALERT,"SSL error status: %s",ERR_error_string (i,NIL)); +- exit (1); +- } +- } +- return key; +-} +- + /* Wait for stdin input + * Accepts: timeout in seconds + * Returns: T if have input on stdin, else NIL