diff --git a/README.md b/README.md index b851f10..8a75f5e 100644 --- a/README.md +++ b/README.md @@ -1 +1,98 @@ -# uw-imap \ No newline at end of file +# University of Washington IMAP toolkit +This repository is a copy of the University of Washington IMAP toolkit _(imap-2007f.tar.gz/MD5:2126fd125ea26b73b20f01fcd5940369)_ which has become unavailable from the documented FTP and mirror sites. Posted here for both posterity and because a number of packages require the library and source/headers which may not always be suitable from the OS package manager. + +_In my case it was to compile PHP7 with IMAP support and utilizing an alternative (newer) OpenSSL version. It was very difficult to find trustworthy already-patched sources for this purpose._ This seems to be a common problem for many in the same situation. + +## imap tools and server, c-client/libc-client/uw-imap-devel +The sources have been incrementally patched with the following from the Fedora Package Sources for uw-imap[[1]]. +See the [_patches_](supplemental/patches) directory in this repository for the contents. + +- 1006_openssl1.1_autoverify.patch +- imap-2004a-doc.patch +- imap-2007e-authmd5.patch +- imap-2007e-overflow.patch +- imap-2007e-poll.patch +- imap-2007e-shared.patch +- imap-2007e-system_c_client.patch +- imap-2007f-format-security.patch +- imap-2007f-ldflags.patch + +Additional information is available at https://www.washington.edu/imap/ + +[1]: https://src.fedoraproject.org/rpms/uw-imap/tree/f29 + +## ORIGINAL [README](./README) + /* ======================================================================== + * Copyright 1988-2007 University of Washington + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * + * ======================================================================== + */ + + IMAP Toolkit Environment + 4 April 2007 + Mark Crispin + + + UNIX QUICK BUILD NOTES + + These quick build notes assume that you have installed OpenSSL before + attempting to build this software, and that you do not have any non-default + configuration parameters. + + If you need additional information in building this software with OpenSSL, + please refer to the docs/SSLBUILD file for more information. + + If you intend to build this software with a non-default configuration + (including building a non-compliant server without SSL support), please + refer to the docs/BUILD file for more information. + + 1) Look in the top-level Makefile and find your system type code. For example, + modern versions of Linux will use either "slx", "lnp", or one of the + lnp-variants (such as "lrh"). + + 2) Type "make" followed by the system type, e.g. "make slx". + + 3) Install the POP2 daemon (ipopd/ipop2d), the POP3 daemon (ipopd/ipop3d), and + the IMAP daemon (imapd/imapd) on a system directory of your choosing. + + 4) Update /etc/services to register the pop2 service on TCP port 109, the + pop3 service on TCP port 110, and the imap service on TCP port 143. Also + update Yellow Pages/NIS/NetInfo/etc. if appropriate on your system. + + 5) Update /etc/inetd.conf (or install files on /etc/xinetd.d) to invoke the + POP2, POP3, and IMAP daemons on their associated services. + + 6) If your system uses PAM authentication, be sure to set up /etc/pam.d/imap + (*not* /etc/pam.d/imapd) and /etc/pam.d/pop (*not* /etc/pam.d/ipop3d or + /etc/pam.d/pop3d or /etc/pam.d/popd or /etc/pam.d/pop3). + + 7) Unless you built your system without SSL support, you will need to set + up SSL server certificates as described in docs/SSLBUILD. + + 6) That's all! + + Read the file docs/BUILD and docs/SSLBUILD if you need more detailed + information and/or you don't understand these quick build instructions. + + MISCELLANEOUS NOTES + + mtest has been run under UNIX, DOS, Windows, NT, Macintosh, TOPS-20, and + VMS. It is a very primitive interface, however, and is suited mainly as a + model of how to write a main program for c-client. You should take a look at + the source to figure out how to use it. Briefly, it first asks for a mailbox + name (either a local file path or an IMAP mailbox in the form + "{hostname}mailbox") and then puts you in a command mode where "?" will give + you a list of commands. + + Pine is available separately on the FTP.CAC.Washington.EDU archives. + + The focus of development and support is for UNIX and Win32 (including + Windows 95/98/Millenium, Windows NT, and Windows 2000). The other ports are + not frequently used or tested, and may be incomplete. diff --git a/supplemental/patches/1006_openssl1.1_autoverify.patch b/supplemental/patches/1006_openssl1.1_autoverify.patch new file mode 100644 index 0000000..087e747 --- /dev/null +++ b/supplemental/patches/1006_openssl1.1_autoverify.patch @@ -0,0 +1,58 @@ +Description: Support OpenSSL 1.1 + When building with OpenSSL 1.1 and newer, use the new built-in + hostname verification instead of code that doesn't compile due to + structs having been made opaque. +Bug-Debian: https://bugs.debian.org/828589 + +--- a/src/osdep/unix/ssl_unix.c ++++ b/src/osdep/unix/ssl_unix.c +@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM * + /* disable certificate validation? */ + if (flags & NET_NOVALIDATECERT) + SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); +- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); ++ else { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); ++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ++ X509_VERIFY_PARAM_set1_host(param, host, 0); ++#endif ++ ++ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + /* set default paths to CAs... */ ++ } + SSL_CTX_set_default_verify_paths (stream->context); + /* ...unless a non-standard path desired */ + if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) +@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM * + if (SSL_write (stream->con,"",0) < 0) + return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; + /* need to validate host names? */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if (!(flags & NET_NOVALIDATECERT) && + (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), + host))) { +@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM * + sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); + return ssl_last_error = cpystr (tmp); + } ++#endif + return NIL; + } + +@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_ + * Returns: NIL if validated, else string of error message + */ + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + static char *ssl_validate_cert (X509 *cert,char *host) + { + int i,n; +@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce + else ret = "Unable to locate common name in certificate"; + return ret; + } ++#endif + + /* Case-independent wildcard pattern match + * Accepts: base string diff --git a/supplemental/patches/README.md b/supplemental/patches/README.md new file mode 100644 index 0000000..cfabb16 --- /dev/null +++ b/supplemental/patches/README.md @@ -0,0 +1,5 @@ +#Patches + +The patches contained here are sourced from the [Fedora Package Sources rpms repository](https://src.fedoraproject.org/rpms/uw-imap/tree/f29). + +All but the imap-2007e-system_c_client.patch have been applied (see https://github.com/uw-imap/imap/commit/9eb7bb9d595b0b56b5f7b751fad58059b888a0fa#commitcomment-31836821) \ No newline at end of file diff --git a/supplemental/patches/imap-2004a-doc.patch b/supplemental/patches/imap-2004a-doc.patch new file mode 100644 index 0000000..dcae4ab --- /dev/null +++ b/supplemental/patches/imap-2004a-doc.patch @@ -0,0 +1,30 @@ +Patch by Robert Scheck for uw-imap >= 2004a, which corrects +paths to imapd, ipop2d and ipop3d in the man pages. + +This patch is based on Red Hat Bugzilla ID #127271 and solves ID #229781. + +--- imap-2004a/src/imapd/imapd.8 2004-05-18 19:46:54.000000000 +0200 ++++ imap-2004a/src/imapd/imapd.8.doc 2004-07-23 15:24:17.000000000 +0200 +@@ -3,7 +3,7 @@ + .SH NAME + IMAPd \- Internet Message Access Protocol server + .SH SYNOPSIS +-.B /usr/etc/imapd ++.B /usr/sbin/imapd + .SH DESCRIPTION + .I imapd + is a server which supports the +--- imap-2004a/src/ipopd/ipopd.8 2004-05-18 19:50:05.000000000 +0200 ++++ imap-2004a/src/ipopd/ipopd.8.doc 2004-07-23 15:23:38.000000000 +0200 +@@ -3,9 +3,9 @@ + .SH NAME + IPOPd \- Post Office Protocol server + .SH SYNOPSIS +-.B /usr/etc/ipop2d ++.B /usr/sbin/ipop2d + .PP +-.B /usr/etc/ipop3d ++.B /usr/sbin/ipop3d + .SH DESCRIPTION + .I ipop2d + and diff --git a/supplemental/patches/imap-2007-paths.patch b/supplemental/patches/imap-2007-paths.patch new file mode 100644 index 0000000..a2784d9 --- /dev/null +++ b/supplemental/patches/imap-2007-paths.patch @@ -0,0 +1,18 @@ +diff -up imap-2007/src/osdep/unix/Makefile.paths imap-2007/src/osdep/unix/Makefile +--- imap-2007/src/osdep/unix/Makefile.paths 2007-12-17 16:10:24.000000000 -0600 ++++ imap-2007/src/osdep/unix/Makefile 2007-12-21 09:30:04.000000000 -0600 +@@ -96,11 +96,11 @@ CHECKPW=std + LOGINPW=std + SIGTYPE=bsd + CRXTYPE=std +-ACTIVEFILE=/usr/lib/news/active +-SPOOLDIR=/usr/spool ++ACTIVEFILE=/var/lib/news/active ++SPOOLDIR=/var/spool + MAILSPOOL=$(SPOOLDIR)/mail + NEWSSPOOL=$(SPOOLDIR)/news +-RSHPATH=/usr/ucb/rsh ++RSHPATH=/usr/bin/rsh + MD5PWD=/etc/cram-md5.pwd + # Tries one of the test alternatives below if not specified. + LOCKPGM= diff --git a/supplemental/patches/imap-2007e-authmd5.patch b/supplemental/patches/imap-2007e-authmd5.patch new file mode 100644 index 0000000..66883a1 --- /dev/null +++ b/supplemental/patches/imap-2007e-authmd5.patch @@ -0,0 +1,29 @@ +diff -up imap-2007e/src/c-client/auth_md5.c.authmd5 imap-2007e/src/c-client/auth_md5.c +--- imap-2007e/src/c-client/auth_md5.c.authmd5 2008-06-04 13:18:34.000000000 -0500 ++++ imap-2007e/src/c-client/auth_md5.c 2009-07-07 19:24:12.348005485 -0500 +@@ -42,17 +42,17 @@ typedef struct { + + /* Prototypes */ + +-long auth_md5_valid (void); +-long auth_md5_client (authchallenge_t challenger,authrespond_t responder, ++static long auth_md5_valid (void); ++static long auth_md5_client (authchallenge_t challenger,authrespond_t responder, + char *service,NETMBX *mb,void *stream, + unsigned long *trial,char *user); +-char *auth_md5_server (authresponse_t responder,int argc,char *argv[]); +-char *auth_md5_pwd (char *user); ++static char *auth_md5_server (authresponse_t responder,int argc,char *argv[]); ++static char *auth_md5_pwd (char *user); + char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]); +-char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl); +-void md5_init (MD5CONTEXT *ctx); +-void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len); +-void md5_final (unsigned char *digest,MD5CONTEXT *ctx); ++static char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl); ++static void md5_init (MD5CONTEXT *ctx); ++static void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len); ++static void md5_final (unsigned char *digest,MD5CONTEXT *ctx); + static void md5_transform (unsigned long *state,unsigned char *block); + static void md5_encode (unsigned char *dst,unsigned long *src,int len); + static void md5_decode (unsigned long *dst,unsigned char *src,int len); diff --git a/supplemental/patches/imap-2007e-overflow.patch b/supplemental/patches/imap-2007e-overflow.patch new file mode 100644 index 0000000..86512b2 --- /dev/null +++ b/supplemental/patches/imap-2007e-overflow.patch @@ -0,0 +1,13 @@ +diff -up imap-2007e/src/c-client/rfc822.c.overflow imap-2007e/src/c-client/rfc822.c +--- imap-2007e/src/c-client/rfc822.c.overflow 2008-12-12 11:08:26.000000000 -0600 ++++ imap-2007e/src/c-client/rfc822.c 2009-07-07 19:27:20.057772757 -0500 +@@ -384,6 +384,9 @@ void rfc822_parse_content (BODY *body,ST + if (CHR (bs) == '\012'){/* following LF? */ + c = SNX (bs); i--; /* yes, slurp it */ + } ++ if (!i) /* Make sure we don't get an overflow for */ ++ break; /* messages ending on \015 (or the following */ ++ /* i-- will cause i to be MAXINT. Not good.) */ + case '\012': /* at start of a line, start with -- ? */ + if (!(i && i-- && ((c = SNX (bs)) == '-') && i-- && + ((c = SNX (bs)) == '-'))) break; diff --git a/supplemental/patches/imap-2007e-poll.patch b/supplemental/patches/imap-2007e-poll.patch new file mode 100644 index 0000000..e25f1b6 --- /dev/null +++ b/supplemental/patches/imap-2007e-poll.patch @@ -0,0 +1,192 @@ +http://anonscm.debian.org/cgit/collab-maint/uw-imap.git/plain/debian/patches/1005_poll.patch + +Description: Use poll(2) instead of select(2) to support more than 1024 file descriptors +Author: Ben Smithurst +Bug-Debian: https://bugs.debian.org/478193 + +diff --git a/src/osdep/unix/os_lnx.c b/src/osdep/unix/os_lnx.c +index 03fd17d..671bbd6 100644 +--- a/src/osdep/unix/os_lnx.c ++++ b/src/osdep/unix/os_lnx.c +@@ -41,6 +41,7 @@ + extern int errno; /* just in case */ + #include + #include "misc.h" ++#include + + + #include "fs_unix.c" +diff --git a/src/osdep/unix/os_slx.c b/src/osdep/unix/os_slx.c +index c94d632..f6bf27d 100644 +--- a/src/osdep/unix/os_slx.c ++++ b/src/osdep/unix/os_slx.c +@@ -42,6 +42,7 @@ extern int errno; /* just in case */ + #include + #include + #include "misc.h" ++#include + + + #include "fs_unix.c" +diff --git a/src/osdep/unix/tcp_unix.c b/src/osdep/unix/tcp_unix.c +index 795fb4f..c69eaec 100644 +--- a/src/osdep/unix/tcp_unix.c ++++ b/src/osdep/unix/tcp_unix.c +@@ -235,12 +235,11 @@ TCPSTREAM *tcp_open (char *host,char *service,unsigned long port) + int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port, + char *tmp,int *ctr,char *hst) + { +- int i,ti,sock,flgs; ++ int i,ti,sock,flgs,tmo; ++ struct pollfd pfd; + size_t len; + time_t now; + struct protoent *pt = getprotobyname ("tcp"); +- fd_set rfds,wfds,efds; +- struct timeval tmo; + struct sockaddr *sadr = ip_sockaddr (family,adr,adrlen,port,&len); + blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL); + /* fetid Solaris */ +@@ -252,14 +251,6 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port, + sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno)); + (*bn) (BLOCK_NONSENSITIVE,data); + } +- else if (sock >= FD_SETSIZE) {/* unselectable sockets are useless */ +- sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)", +- sock,FD_SETSIZE); +- (*bn) (BLOCK_NONSENSITIVE,data); +- close (sock); +- sock = -1; +- errno = EMFILE; +- } + + else { /* get current socket flags */ + flgs = fcntl (sock,F_GETFL,0); +@@ -284,16 +275,11 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port, + if ((sock >= 0) && ctr) { /* want open timeout? */ + now = time (0); /* open timeout */ + ti = ttmo_open ? now + ttmo_open : 0; +- tmo.tv_usec = 0; +- FD_ZERO (&rfds); /* initialize selection vector */ +- FD_ZERO (&wfds); /* initialize selection vector */ +- FD_ZERO (&efds); /* handle errors too */ +- FD_SET (sock,&rfds); /* block for error or readable or writable */ +- FD_SET (sock,&wfds); +- FD_SET (sock,&efds); ++ pfd.fd = sock; ++ pfd.events = POLLIN | POLLOUT; + do { /* block under timeout */ +- tmo.tv_sec = ti ? ti - now : 0; +- i = select (sock+1,&rfds,&wfds,&efds,ti ? &tmo : NIL); ++ tmo = ti ? ti - now : 0; ++ i = poll (&pfd, 1, ti ? tmo * 1000 : -1); + now = time (0); /* fake timeout if interrupt & time expired */ + if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0; + } while ((i < 0) && (errno == EINTR)); +@@ -302,7 +288,7 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port, + fcntl (sock,F_SETFL,flgs); + /* This used to be a zero-byte read(), but that crashes Solaris */ + /* get socket status */ +- if(FD_ISSET(sock, &rfds)) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR)); ++ if(pfd.revents & POLLIN) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR)); + } + if (i <= 0) { /* timeout or error? */ + i = i ? errno : ETIMEDOUT;/* determine error code */ +@@ -545,9 +531,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s) + stream->ictr -=n; + } + if (size) { +- int i; +- fd_set fds,efds; +- struct timeval tmo; ++ int i, tmo; ++ struct pollfd pfd; + time_t t = time (0); + blocknotify_t bn=(blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL); + (*bn) (BLOCK_TCPREAD,NIL); +@@ -556,16 +541,13 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s) + time_t now = tl; + time_t ti = ttmo_read ? now + ttmo_read : 0; + if (tcpdebug) mm_log ("Reading TCP buffer",TCPDEBUG); +- tmo.tv_usec = 0; +- FD_ZERO (&fds); /* initialize selection vector */ +- FD_ZERO (&efds); /* handle errors too */ +- /* set bit in selection vectors */ +- FD_SET (stream->tcpsi,&fds); +- FD_SET (stream->tcpsi,&efds); ++ ++ pfd.events = POLLIN; ++ pfd.fd = stream->tcpsi; + errno = NIL; /* initially no error */ + do { /* block under timeout */ +- tmo.tv_sec = ti ? ti - now : 0; +- i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL); ++ tmo = ti ? ti - now : 0; ++ i = poll (&pfd, 1, ti ? tmo * 1000 : -1); + now = time (0); /* fake timeout if interrupt & time expired */ + if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0; + } while ((i < 0) && (errno == EINTR)); +@@ -605,9 +587,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s) + + long tcp_getdata (TCPSTREAM *stream) + { +- int i; +- fd_set fds,efds; +- struct timeval tmo; ++ int i, tmo; ++ struct pollfd pfd; + time_t t = time (0); + blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL); + if (stream->tcpsi < 0) return NIL; +@@ -617,15 +598,12 @@ long tcp_getdata (TCPSTREAM *stream) + time_t now = tl; + time_t ti = ttmo_read ? now + ttmo_read : 0; + if (tcpdebug) mm_log ("Reading TCP data",TCPDEBUG); +- tmo.tv_usec = 0; +- FD_ZERO (&fds); /* initialize selection vector */ +- FD_ZERO (&efds); /* handle errors too */ +- FD_SET (stream->tcpsi,&fds);/* set bit in selection vectors */ +- FD_SET (stream->tcpsi,&efds); ++ pfd.fd = stream->tcpsi; ++ pfd.events = POLLIN; + errno = NIL; /* initially no error */ + do { /* block under timeout */ +- tmo.tv_sec = ti ? ti - now : 0; +- i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL); ++ tmo = ti ? ti - now : 0; ++ i = poll (&pfd, 1, ti ? tmo * 1000 : -1); + now = time (0); /* fake timeout if interrupt & time expired */ + if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0; + } while ((i < 0) && (errno == EINTR)); +@@ -677,9 +655,8 @@ long tcp_soutr (TCPSTREAM *stream,char *string) + + long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size) + { +- int i; +- fd_set fds,efds; +- struct timeval tmo; ++ int i, tmo; ++ struct pollfd pfd; + time_t t = time (0); + blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL); + if (stream->tcpso < 0) return NIL; +@@ -689,15 +666,12 @@ long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size) + time_t now = tl; + time_t ti = ttmo_write ? now + ttmo_write : 0; + if (tcpdebug) mm_log ("Writing to TCP",TCPDEBUG); +- tmo.tv_usec = 0; +- FD_ZERO (&fds); /* initialize selection vector */ +- FD_ZERO (&efds); /* handle errors too */ +- FD_SET (stream->tcpso,&fds);/* set bit in selection vector */ +- FD_SET(stream->tcpso,&efds);/* set bit in error selection vector */ ++ pfd.fd = stream->tcpso; ++ pfd.events = POLLOUT; + errno = NIL; /* block and write */ + do { /* block under timeout */ +- tmo.tv_sec = ti ? ti - now : 0; +- i = select (stream->tcpso+1,NIL,&fds,&efds,ti ? &tmo : NIL); ++ tmo = ti ? ti - now : 0; ++ i = poll (&pfd, 1, ti ? tmo * 1000 : -1); + now = time (0); /* fake timeout if interrupt & time expired */ + if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0; + } while ((i < 0) && (errno == EINTR)); diff --git a/supplemental/patches/imap-2007e-shared.patch b/supplemental/patches/imap-2007e-shared.patch new file mode 100644 index 0000000..92dcdc1 --- /dev/null +++ b/supplemental/patches/imap-2007e-shared.patch @@ -0,0 +1,74 @@ +diff -up imap-2007e/src/osdep/unix/Makefile.shared imap-2007e/src/osdep/unix/Makefile +--- imap-2007e/src/osdep/unix/Makefile.shared 2009-07-07 19:28:02.909755512 -0500 ++++ imap-2007e/src/osdep/unix/Makefile 2009-07-07 19:29:35.870006799 -0500 +@@ -170,6 +170,10 @@ BUILD=$(MAKE) build EXTRACFLAGS='$(EXTRA + EXTRADRIVERS='$(EXTRADRIVERS)' EXTRAAUTHENTICATORS='$(EXTRAAUTHENTICATORS)'\ + PASSWDTYPE=$(PASSWDTYPE) SSLTYPE=$(SSLTYPE) IP=$(IP) + ++# Need this for the shared library rule to work correctly ++.SUFFIXES: .o .so ++SOFILES=${BINARIES:.o=.so} ++ + + # Here if no make argument established + +@@ -845,18 +849,24 @@ vu2: # VAX Ultrix 2.3, etc. + + # Build it! + +-build: clean once $(ARCHIVE) ++build: clean once $(ARCHIVE) $(SHLIBNAME) + +-all: $(ARCHIVE) ++all: $(ARCHIVE) $(SHLIBNAME) + + $(ARCHIVE): $(BINARIES) + sh -c '$(RM) $(ARCHIVE) || true' + @$(CAT) ARCHIVE + @$(SH) ARCHIVE + +-.c.o: +- `$(CAT) CCTYPE` -c `$(CAT) CFLAGS` $*.c ++$(SHLIBNAME): $(SOFILES) ++ gcc -shared -Wl,-soname,$(SHLIBNAME) -o $(SHLIBNAME) $(SOFILES) `cat LDFLAGS` ++ ln -s $(SHLIBNAME) lib$(SHLIBBASE).so + ++.c.so: osdep.h ++ $(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` ${@:.so=.c} -o $@ ++ ++.c.o: ++ $(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` $*.c + + # Cleanup + +@@ -895,8 +905,7 @@ utf8aux.o: mail.h misc.h osdep.h utf8.h + + + # OS-dependent +- +-osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \ ++OSDEPS= mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \ + osdep.h env_unix.h tcp_unix.h \ + osdep.c env_unix.c fs_unix.c ftl_unix.c nl_unix.c tcp_unix.c ip_unix.c\ + auths.c crexcl.c flockcyg.c flocklnx.c flocksim.c fsync.c \ +@@ -910,12 +919,19 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h n + write.c sslstdio.c \ + strerror.c strpbrk.c strstr.c strtok.c strtoul.c \ + OSCFLAGS ++ ++osdep.o: $(OSDEPS) ++ $(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c ++ @echo ======================================================================== + @echo Building OS-dependent module + @echo If you get No such file error messages for files x509.h, ssl.h, + @echo pem.h, buffer.h, bio.h, and crypto.h, that means that OpenSSL + @echo is not installed on your system. Either install OpenSSL first + @echo or build with command: make `$(CAT) OSTYPE` SSLTYPE=none +- `$(CAT) CCTYPE` -c `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c ++ @echo ======================================================================== ++ ++osdep.so: $(OSDEPS) ++ $(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `cat OSCFLAGS` -c osdep.c -o $@ + + osdep.c: osdepbas.c osdepckp.c osdeplog.c osdepssl.c + $(CAT) osdepbas.c osdepckp.c osdeplog.c osdepssl.c > osdep.c diff --git a/supplemental/patches/imap-2007e-system_c_client.patch b/supplemental/patches/imap-2007e-system_c_client.patch new file mode 100644 index 0000000..823af50 --- /dev/null +++ b/supplemental/patches/imap-2007e-system_c_client.patch @@ -0,0 +1,17 @@ +diff -up imap-2007e/Makefile.system_c_client imap-2007e/Makefile +--- imap-2007e/Makefile.system_c_client 2008-06-04 13:43:35.000000000 -0500 ++++ imap-2007e/Makefile 2011-06-13 14:13:04.467014334 -0500 +@@ -665,9 +665,11 @@ an ua: + @$(MAKE) ssl$(SSLTYPE) + @echo Applying $@ process to sources... + $(TOOLS)/$@ "$(LN)" src/c-client c-client +- $(TOOLS)/$@ "$(LN)" src/ansilib c-client +- $(TOOLS)/$@ "$(LN)" src/charset c-client ++ $(TOOLS)/$@ "$(LN)" src/ansilib c-client ++ $(TOOLS)/$@ "$(LN)" src/charset c-client + $(TOOLS)/$@ "$(LN)" src/osdep/$(SYSTEM) c-client ++ cp -alf /usr/include/imap/* c-client/ ++ #sleep 5 + $(TOOLS)/$@ "$(LN)" src/mtest mtest + $(TOOLS)/$@ "$(LN)" src/ipopd ipopd + $(TOOLS)/$@ "$(LN)" src/imapd imapd diff --git a/supplemental/patches/imap-2007f-format-security.patch b/supplemental/patches/imap-2007f-format-security.patch new file mode 100644 index 0000000..244153e --- /dev/null +++ b/supplemental/patches/imap-2007f-format-security.patch @@ -0,0 +1,12 @@ +diff -Naur imap-2007f.orig/src/osdep/unix/flocklnx.c imap-2007f/src/osdep/unix/flocklnx.c +--- imap-2007f.orig/src/osdep/unix/flocklnx.c 2011-07-23 02:20:11.000000000 +0200 ++++ imap-2007f/src/osdep/unix/flocklnx.c 2014-04-14 19:17:46.429000000 +0200 +@@ -57,7 +57,7 @@ + case ENOLCK: /* lock table is full */ + sprintf (tmp,"File locking failure: %s",strerror (errno)); + mm_log (tmp,WARN); /* give the user a warning of what happened */ +- if (!logged++) syslog (LOG_ERR,tmp); ++ if (!logged++) syslog (LOG_ERR, "%s", tmp); + /* return failure if non-blocking lock */ + if (op & LOCK_NB) return -1; + sleep (5); /* slow down in case it loops */ diff --git a/supplemental/patches/imap-2007f-ldflags.patch b/supplemental/patches/imap-2007f-ldflags.patch new file mode 100644 index 0000000..82c6afc --- /dev/null +++ b/supplemental/patches/imap-2007f-ldflags.patch @@ -0,0 +1,21 @@ +diff -up imap-2007f/src/osdep/unix/Makefile.ldflags imap-2007f/src/osdep/unix/Makefile +--- imap-2007f/src/osdep/unix/Makefile.ldflags 2018-04-24 13:18:45.333043626 +0200 ++++ imap-2007f/src/osdep/unix/Makefile 2018-04-24 13:29:09.262125281 +0200 +@@ -73,7 +73,7 @@ SSLRSA= # -lRSAglue -lrsaref + + SSLCFLAGS= -I$(SSLINCLUDE) -I$(SSLINCLUDE)/openssl\ + -DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" -DSSL_KEY_DIRECTORY=\"$(SSLKEYS)\" +-SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA) ++SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA) $(EXTRALDFLAGS) + + + # Extended flags needed for non-standard passwd types. You may need to modify. +@@ -502,7 +502,7 @@ lnp: # Linux Pluggable Authentication mo + ACTIVEFILE=/var/lib/news/active \ + RSHPATH=/usr/bin/rsh \ + BASECFLAGS="$(GCCCFLAGS)" \ +- BASELDFLAGS="$(PAMLDFLAGS)" ++ BASELDFLAGS="$(EXTRALDFLAGS) $(PAMLDFLAGS)" + + lnx: # Linux non-shadow passwords + @echo You are building for traditional Linux *without* shadow