From b4cecc531513cbb7506668f02f2144eae6e03511 Mon Sep 17 00:00:00 2001
From: Chris <chris@chrisnovoa.com>
Date: Fri, 4 Jan 2019 00:01:25 -0600
Subject: [PATCH] Update Readme and added patch files

---
 README.md                                     |  99 ++++++++-
 .../patches/1006_openssl1.1_autoverify.patch  |  58 ++++++
 supplemental/patches/README.md                |   5 +
 supplemental/patches/imap-2004a-doc.patch     |  30 +++
 supplemental/patches/imap-2007-paths.patch    |  18 ++
 supplemental/patches/imap-2007e-authmd5.patch |  29 +++
 .../patches/imap-2007e-overflow.patch         |  13 ++
 supplemental/patches/imap-2007e-poll.patch    | 192 ++++++++++++++++++
 supplemental/patches/imap-2007e-shared.patch  |  74 +++++++
 .../patches/imap-2007e-system_c_client.patch  |  17 ++
 .../patches/imap-2007f-format-security.patch  |  12 ++
 supplemental/patches/imap-2007f-ldflags.patch |  21 ++
 12 files changed, 567 insertions(+), 1 deletion(-)
 create mode 100644 supplemental/patches/1006_openssl1.1_autoverify.patch
 create mode 100644 supplemental/patches/README.md
 create mode 100644 supplemental/patches/imap-2004a-doc.patch
 create mode 100644 supplemental/patches/imap-2007-paths.patch
 create mode 100644 supplemental/patches/imap-2007e-authmd5.patch
 create mode 100644 supplemental/patches/imap-2007e-overflow.patch
 create mode 100644 supplemental/patches/imap-2007e-poll.patch
 create mode 100644 supplemental/patches/imap-2007e-shared.patch
 create mode 100644 supplemental/patches/imap-2007e-system_c_client.patch
 create mode 100644 supplemental/patches/imap-2007f-format-security.patch
 create mode 100644 supplemental/patches/imap-2007f-ldflags.patch

diff --git a/README.md b/README.md
index b851f10..8a75f5e 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,98 @@
-# uw-imap
\ No newline at end of file
+# University of Washington IMAP toolkit
+This repository is a copy of the University of Washington IMAP toolkit _(imap-2007f.tar.gz/MD5:2126fd125ea26b73b20f01fcd5940369)_ which has become unavailable from the documented FTP and mirror sites. Posted here for both posterity and because a number of packages require the library and source/headers which may not always be suitable from the OS package manager.
+
+_In my case it was to compile PHP7 with IMAP support and utilizing an alternative (newer) OpenSSL version. It was very difficult to find trustworthy already-patched sources for this purpose._ This seems to be a common problem for many in the same situation.
+
+## imap tools and server, c-client/libc-client/uw-imap-devel
+The sources have been incrementally patched with the following from the Fedora Package Sources for uw-imap[[1]]. 
+See the [_patches_](supplemental/patches) directory in this repository for the contents.
+
+- 1006_openssl1.1_autoverify.patch
+- imap-2004a-doc.patch
+- imap-2007e-authmd5.patch
+- imap-2007e-overflow.patch
+- imap-2007e-poll.patch
+- imap-2007e-shared.patch
+- imap-2007e-system_c_client.patch
+- imap-2007f-format-security.patch
+- imap-2007f-ldflags.patch
+
+Additional information is available at https://www.washington.edu/imap/
+
+[1]: https://src.fedoraproject.org/rpms/uw-imap/tree/f29
+
+## ORIGINAL [README](./README)
+    /* ========================================================================
+     * Copyright 1988-2007 University of Washington
+     *
+     * Licensed under the Apache License, Version 2.0 (the "License");
+     * you may not use this file except in compliance with the License.
+     * You may obtain a copy of the License at
+     *
+     *     http://www.apache.org/licenses/LICENSE-2.0
+     *
+     * 
+     * ========================================================================
+     */
+
+                   IMAP Toolkit Environment
+                         4 April 2007
+                     Mark Crispin
+
+
+                    UNIX QUICK BUILD NOTES
+
+    These quick build notes assume that you have installed OpenSSL before
+    attempting to build this software, and that you do not have any non-default
+    configuration parameters.
+
+    If you need additional information in building this software with OpenSSL,
+    please refer to the docs/SSLBUILD file for more information.
+
+    If you intend to build this software with a non-default configuration
+    (including building a non-compliant server without SSL support), please
+    refer to the docs/BUILD file for more information.
+
+    1) Look in the top-level Makefile and find your system type code.  For example,
+       modern versions of Linux will use either "slx", "lnp", or one of the
+       lnp-variants (such as "lrh").
+
+    2) Type "make" followed by the system type, e.g. "make slx".
+
+    3) Install the POP2 daemon (ipopd/ipop2d), the POP3 daemon (ipopd/ipop3d), and
+       the IMAP daemon (imapd/imapd) on a system directory of your choosing.
+
+    4) Update /etc/services to register the pop2 service on TCP port 109, the
+       pop3 service on TCP port 110, and the imap service on TCP port 143.  Also
+       update Yellow Pages/NIS/NetInfo/etc. if appropriate on your system.
+
+    5) Update /etc/inetd.conf (or install files on /etc/xinetd.d) to invoke the
+       POP2, POP3, and IMAP daemons on their associated services.
+
+    6) If your system uses PAM authentication, be sure to set up /etc/pam.d/imap
+       (*not* /etc/pam.d/imapd) and /etc/pam.d/pop (*not* /etc/pam.d/ipop3d or
+       /etc/pam.d/pop3d or /etc/pam.d/popd or /etc/pam.d/pop3).
+
+    7) Unless you built your system without SSL support, you will need to set
+       up SSL server certificates as described in docs/SSLBUILD.
+
+    6) That's all!
+
+    Read the file docs/BUILD and docs/SSLBUILD if you need more detailed
+    information and/or you don't understand these quick build instructions.
+    
+                     MISCELLANEOUS NOTES
+
+         mtest has been run under UNIX, DOS, Windows, NT, Macintosh, TOPS-20, and
+    VMS.  It is a very primitive interface, however, and is suited mainly as a
+    model of how to write a main program for c-client.  You should take a look at
+    the source to figure out how to use it.  Briefly, it first asks for a mailbox
+    name (either a local file path or an IMAP mailbox in the form
+    "{hostname}mailbox") and then puts you in a command mode where "?" will give
+    you a list of commands.
+
+         Pine is available separately on the FTP.CAC.Washington.EDU archives.
+
+         The focus of development and support is for UNIX and Win32 (including
+    Windows 95/98/Millenium, Windows NT, and Windows 2000).  The other ports are
+    not frequently used or tested, and may be incomplete.
diff --git a/supplemental/patches/1006_openssl1.1_autoverify.patch b/supplemental/patches/1006_openssl1.1_autoverify.patch
new file mode 100644
index 0000000..087e747
--- /dev/null
+++ b/supplemental/patches/1006_openssl1.1_autoverify.patch
@@ -0,0 +1,58 @@
+Description: Support OpenSSL 1.1
+ When building with OpenSSL 1.1 and newer, use the new built-in
+ hostname verification instead of code that doesn't compile due to
+ structs having been made opaque.
+Bug-Debian: https://bugs.debian.org/828589
+
+--- a/src/osdep/unix/ssl_unix.c
++++ b/src/osdep/unix/ssl_unix.c
+@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
+ 				/* disable certificate validation? */
+   if (flags & NET_NOVALIDATECERT)
+     SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
+-  else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
++  else {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000      
++      X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
++      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++      X509_VERIFY_PARAM_set1_host(param, host, 0);
++#endif
++
++      SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ 				/* set default paths to CAs... */
++  }
+   SSL_CTX_set_default_verify_paths (stream->context);
+ 				/* ...unless a non-standard path desired */
+   if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
+@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
+   if (SSL_write (stream->con,"",0) < 0)
+     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
+ 				/* need to validate host names? */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+   if (!(flags & NET_NOVALIDATECERT) &&
+       (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
+ 				host))) {
+@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
+     sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
+     return ssl_last_error = cpystr (tmp);
+   }
++#endif
+   return NIL;
+ }
+ 
+@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
+  * Returns: NIL if validated, else string of error message
+  */
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ static char *ssl_validate_cert (X509 *cert,char *host)
+ {
+   int i,n;
+@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
+   else ret = "Unable to locate common name in certificate";
+   return ret;
+ }
++#endif
+ 
+ /* Case-independent wildcard pattern match
+  * Accepts: base string
diff --git a/supplemental/patches/README.md b/supplemental/patches/README.md
new file mode 100644
index 0000000..cfabb16
--- /dev/null
+++ b/supplemental/patches/README.md
@@ -0,0 +1,5 @@
+#Patches
+
+The patches contained here are sourced from the [Fedora Package Sources rpms repository](https://src.fedoraproject.org/rpms/uw-imap/tree/f29).
+
+All but the imap-2007e-system_c_client.patch have been applied (see https://github.com/uw-imap/imap/commit/9eb7bb9d595b0b56b5f7b751fad58059b888a0fa#commitcomment-31836821)
\ No newline at end of file
diff --git a/supplemental/patches/imap-2004a-doc.patch b/supplemental/patches/imap-2004a-doc.patch
new file mode 100644
index 0000000..dcae4ab
--- /dev/null
+++ b/supplemental/patches/imap-2004a-doc.patch
@@ -0,0 +1,30 @@
+Patch by Robert Scheck <redhat@linuxnetz.de> for uw-imap >= 2004a, which corrects
+paths to imapd, ipop2d and ipop3d in the man pages. 
+
+This patch is based on Red Hat Bugzilla ID #127271 and solves ID #229781.
+
+--- imap-2004a/src/imapd/imapd.8		2004-05-18 19:46:54.000000000 +0200
++++ imap-2004a/src/imapd/imapd.8.doc		2004-07-23 15:24:17.000000000 +0200
+@@ -3,7 +3,7 @@
+ .SH NAME
+ IMAPd \- Internet Message Access Protocol server
+ .SH SYNOPSIS
+-.B /usr/etc/imapd
++.B /usr/sbin/imapd
+ .SH DESCRIPTION
+ .I imapd
+ is a server which supports the
+--- imap-2004a/src/ipopd/ipopd.8		2004-05-18 19:50:05.000000000 +0200
++++ imap-2004a/src/ipopd/ipopd.8.doc		2004-07-23 15:23:38.000000000 +0200
+@@ -3,9 +3,9 @@
+ .SH NAME
+ IPOPd \- Post Office Protocol server
+ .SH SYNOPSIS
+-.B /usr/etc/ipop2d
++.B /usr/sbin/ipop2d
+ .PP
+-.B /usr/etc/ipop3d
++.B /usr/sbin/ipop3d
+ .SH DESCRIPTION
+ .I ipop2d
+ and
diff --git a/supplemental/patches/imap-2007-paths.patch b/supplemental/patches/imap-2007-paths.patch
new file mode 100644
index 0000000..a2784d9
--- /dev/null
+++ b/supplemental/patches/imap-2007-paths.patch
@@ -0,0 +1,18 @@
+diff -up imap-2007/src/osdep/unix/Makefile.paths imap-2007/src/osdep/unix/Makefile
+--- imap-2007/src/osdep/unix/Makefile.paths	2007-12-17 16:10:24.000000000 -0600
++++ imap-2007/src/osdep/unix/Makefile	2007-12-21 09:30:04.000000000 -0600
+@@ -96,11 +96,11 @@ CHECKPW=std
+ LOGINPW=std
+ SIGTYPE=bsd
+ CRXTYPE=std
+-ACTIVEFILE=/usr/lib/news/active
+-SPOOLDIR=/usr/spool
++ACTIVEFILE=/var/lib/news/active
++SPOOLDIR=/var/spool
+ MAILSPOOL=$(SPOOLDIR)/mail
+ NEWSSPOOL=$(SPOOLDIR)/news
+-RSHPATH=/usr/ucb/rsh
++RSHPATH=/usr/bin/rsh
+ MD5PWD=/etc/cram-md5.pwd
+ # Tries one of the test alternatives below if not specified.
+ LOCKPGM=
diff --git a/supplemental/patches/imap-2007e-authmd5.patch b/supplemental/patches/imap-2007e-authmd5.patch
new file mode 100644
index 0000000..66883a1
--- /dev/null
+++ b/supplemental/patches/imap-2007e-authmd5.patch
@@ -0,0 +1,29 @@
+diff -up imap-2007e/src/c-client/auth_md5.c.authmd5 imap-2007e/src/c-client/auth_md5.c
+--- imap-2007e/src/c-client/auth_md5.c.authmd5	2008-06-04 13:18:34.000000000 -0500
++++ imap-2007e/src/c-client/auth_md5.c	2009-07-07 19:24:12.348005485 -0500
+@@ -42,17 +42,17 @@ typedef struct {
+ 
+ /* Prototypes */
+ 
+-long auth_md5_valid (void);
+-long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
++static long auth_md5_valid (void);
++static long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
+ 		      char *service,NETMBX *mb,void *stream,
+ 		      unsigned long *trial,char *user);
+-char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
+-char *auth_md5_pwd (char *user);
++static char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
++static char *auth_md5_pwd (char *user);
+ char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]);
+-char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
+-void md5_init (MD5CONTEXT *ctx);
+-void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
+-void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
++static char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
++static void md5_init (MD5CONTEXT *ctx);
++static void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
++static void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
+ static void md5_transform (unsigned long *state,unsigned char *block);
+ static void md5_encode (unsigned char *dst,unsigned long *src,int len);
+ static void md5_decode (unsigned long *dst,unsigned char *src,int len);
diff --git a/supplemental/patches/imap-2007e-overflow.patch b/supplemental/patches/imap-2007e-overflow.patch
new file mode 100644
index 0000000..86512b2
--- /dev/null
+++ b/supplemental/patches/imap-2007e-overflow.patch
@@ -0,0 +1,13 @@
+diff -up imap-2007e/src/c-client/rfc822.c.overflow imap-2007e/src/c-client/rfc822.c
+--- imap-2007e/src/c-client/rfc822.c.overflow	2008-12-12 11:08:26.000000000 -0600
++++ imap-2007e/src/c-client/rfc822.c	2009-07-07 19:27:20.057772757 -0500
+@@ -384,6 +384,9 @@ void rfc822_parse_content (BODY *body,ST
+ 	if (CHR (bs) == '\012'){/* following LF? */
+ 	  c = SNX (bs); i--;	/* yes, slurp it */
+ 	}
++	if (!i)			/* Make sure we don't get an overflow for */
++	  break;		/* messages ending on \015 (or the following */
++				/* i-- will cause i to be MAXINT. Not good.) */
+       case '\012':		/* at start of a line, start with -- ? */
+ 	if (!(i && i-- && ((c = SNX (bs)) == '-') && i-- &&
+ 	      ((c = SNX (bs)) == '-'))) break;
diff --git a/supplemental/patches/imap-2007e-poll.patch b/supplemental/patches/imap-2007e-poll.patch
new file mode 100644
index 0000000..e25f1b6
--- /dev/null
+++ b/supplemental/patches/imap-2007e-poll.patch
@@ -0,0 +1,192 @@
+http://anonscm.debian.org/cgit/collab-maint/uw-imap.git/plain/debian/patches/1005_poll.patch
+
+Description: Use poll(2) instead of select(2) to support more than 1024 file descriptors
+Author: Ben Smithurst <ben.smithurst@gradwell.com>
+Bug-Debian: https://bugs.debian.org/478193
+
+diff --git a/src/osdep/unix/os_lnx.c b/src/osdep/unix/os_lnx.c
+index 03fd17d..671bbd6 100644
+--- a/src/osdep/unix/os_lnx.c
++++ b/src/osdep/unix/os_lnx.c
+@@ -41,6 +41,7 @@
+ extern int errno;		/* just in case */
+ #include <pwd.h>
+ #include "misc.h"
++#include <poll.h>
+ 
+ 
+ #include "fs_unix.c"
+diff --git a/src/osdep/unix/os_slx.c b/src/osdep/unix/os_slx.c
+index c94d632..f6bf27d 100644
+--- a/src/osdep/unix/os_slx.c
++++ b/src/osdep/unix/os_slx.c
+@@ -42,6 +42,7 @@ extern int errno;		/* just in case */
+ #include <pwd.h>
+ #include <shadow.h>
+ #include "misc.h"
++#include <poll.h>
+ 
+ 
+ #include "fs_unix.c"
+diff --git a/src/osdep/unix/tcp_unix.c b/src/osdep/unix/tcp_unix.c
+index 795fb4f..c69eaec 100644
+--- a/src/osdep/unix/tcp_unix.c
++++ b/src/osdep/unix/tcp_unix.c
+@@ -235,12 +235,11 @@ TCPSTREAM *tcp_open (char *host,char *service,unsigned long port)
+ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
+ 		     char *tmp,int *ctr,char *hst)
+ {
+-  int i,ti,sock,flgs;
++  int i,ti,sock,flgs,tmo;
++  struct pollfd pfd;
+   size_t len;
+   time_t now;
+   struct protoent *pt = getprotobyname ("tcp");
+-  fd_set rfds,wfds,efds;
+-  struct timeval tmo;
+   struct sockaddr *sadr = ip_sockaddr (family,adr,adrlen,port,&len);
+   blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
+ 				/* fetid Solaris */
+@@ -252,14 +251,6 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
+     sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
+     (*bn) (BLOCK_NONSENSITIVE,data);
+   }
+-  else if (sock >= FD_SETSIZE) {/* unselectable sockets are useless */
+-    sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
+-	     sock,FD_SETSIZE);
+-    (*bn) (BLOCK_NONSENSITIVE,data);
+-    close (sock);
+-    sock = -1;
+-    errno = EMFILE;
+-  }
+ 
+   else {			/* get current socket flags */
+     flgs = fcntl (sock,F_GETFL,0);
+@@ -284,16 +275,11 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
+     if ((sock >= 0) && ctr) {	/* want open timeout? */
+       now = time (0);		/* open timeout */
+       ti = ttmo_open ? now + ttmo_open : 0;
+-      tmo.tv_usec = 0;
+-      FD_ZERO (&rfds);		/* initialize selection vector */
+-      FD_ZERO (&wfds);		/* initialize selection vector */
+-      FD_ZERO (&efds);		/* handle errors too */
+-      FD_SET (sock,&rfds);	/* block for error or readable or writable */
+-      FD_SET (sock,&wfds);
+-      FD_SET (sock,&efds);
++      pfd.fd = sock;
++      pfd.events = POLLIN | POLLOUT;
+       do {			/* block under timeout */
+-	tmo.tv_sec = ti ? ti - now : 0;
+-	i = select (sock+1,&rfds,&wfds,&efds,ti ? &tmo : NIL);
++	tmo = ti ? ti - now : 0;
++	i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
+ 	now = time (0);		/* fake timeout if interrupt & time expired */
+ 	if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
+       } while ((i < 0) && (errno == EINTR));
+@@ -302,7 +288,7 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
+ 	fcntl (sock,F_SETFL,flgs);
+ 	/* This used to be a zero-byte read(), but that crashes Solaris */
+ 				/* get socket status */
+-	if(FD_ISSET(sock, &rfds)) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
++	if(pfd.revents & POLLIN) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
+       }	
+       if (i <= 0) {		/* timeout or error? */
+ 	i = i ? errno : ETIMEDOUT;/* determine error code */
+@@ -545,9 +531,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
+     stream->ictr -=n;
+   }
+   if (size) {
+-    int i;
+-    fd_set fds,efds;
+-    struct timeval tmo;
++    int i, tmo;
++    struct pollfd pfd;
+     time_t t = time (0);
+     blocknotify_t bn=(blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
+     (*bn) (BLOCK_TCPREAD,NIL);
+@@ -556,16 +541,13 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
+       time_t now = tl;
+       time_t ti = ttmo_read ? now + ttmo_read : 0;
+       if (tcpdebug) mm_log ("Reading TCP buffer",TCPDEBUG);
+-      tmo.tv_usec = 0;
+-      FD_ZERO (&fds);		/* initialize selection vector */
+-      FD_ZERO (&efds);		/* handle errors too */
+-				/* set bit in selection vectors */
+-      FD_SET (stream->tcpsi,&fds);
+-      FD_SET (stream->tcpsi,&efds);
++
++      pfd.events = POLLIN;
++      pfd.fd = stream->tcpsi;
+       errno = NIL;		/* initially no error */
+       do {			/* block under timeout */
+-	tmo.tv_sec = ti ? ti - now : 0;
+-	i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
++	tmo = ti ? ti - now : 0;
++	i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
+ 	now = time (0);		/* fake timeout if interrupt & time expired */
+ 	if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
+       } while ((i < 0) && (errno == EINTR));
+@@ -605,9 +587,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
+ 
+ long tcp_getdata (TCPSTREAM *stream)
+ {
+-  int i;
+-  fd_set fds,efds;
+-  struct timeval tmo;
++  int i, tmo;
++  struct pollfd pfd;
+   time_t t = time (0);
+   blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
+   if (stream->tcpsi < 0) return NIL;
+@@ -617,15 +598,12 @@ long tcp_getdata (TCPSTREAM *stream)
+     time_t now = tl;
+     time_t ti = ttmo_read ? now + ttmo_read : 0;
+     if (tcpdebug) mm_log ("Reading TCP data",TCPDEBUG);
+-    tmo.tv_usec = 0;
+-    FD_ZERO (&fds);		/* initialize selection vector */
+-    FD_ZERO (&efds);		/* handle errors too */
+-    FD_SET (stream->tcpsi,&fds);/* set bit in selection vectors */
+-    FD_SET (stream->tcpsi,&efds);
++    pfd.fd = stream->tcpsi;
++    pfd.events = POLLIN;
+     errno = NIL;		/* initially no error */
+     do {			/* block under timeout */
+-      tmo.tv_sec = ti ? ti - now : 0;
+-      i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
++      tmo = ti ? ti - now : 0;
++      i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
+       now = time (0);		/* fake timeout if interrupt & time expired */
+       if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
+     } while ((i < 0) && (errno == EINTR));
+@@ -677,9 +655,8 @@ long tcp_soutr (TCPSTREAM *stream,char *string)
+ 
+ long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
+ {
+-  int i;
+-  fd_set fds,efds;
+-  struct timeval tmo;
++  int i, tmo;
++  struct pollfd pfd;
+   time_t t = time (0);
+   blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
+   if (stream->tcpso < 0) return NIL;
+@@ -689,15 +666,12 @@ long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
+     time_t now = tl;
+     time_t ti = ttmo_write ? now + ttmo_write : 0;
+     if (tcpdebug) mm_log ("Writing to TCP",TCPDEBUG);
+-    tmo.tv_usec = 0;
+-    FD_ZERO (&fds);		/* initialize selection vector */
+-    FD_ZERO (&efds);		/* handle errors too */
+-    FD_SET (stream->tcpso,&fds);/* set bit in selection vector */
+-    FD_SET(stream->tcpso,&efds);/* set bit in error selection vector */
++    pfd.fd = stream->tcpso;
++    pfd.events = POLLOUT;
+     errno = NIL;		/* block and write */
+     do {			/* block under timeout */
+-      tmo.tv_sec = ti ? ti - now : 0;
+-      i = select (stream->tcpso+1,NIL,&fds,&efds,ti ? &tmo : NIL);
++      tmo = ti ? ti - now : 0;
++      i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
+       now = time (0);		/* fake timeout if interrupt & time expired */
+       if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
+     } while ((i < 0) && (errno == EINTR));
diff --git a/supplemental/patches/imap-2007e-shared.patch b/supplemental/patches/imap-2007e-shared.patch
new file mode 100644
index 0000000..92dcdc1
--- /dev/null
+++ b/supplemental/patches/imap-2007e-shared.patch
@@ -0,0 +1,74 @@
+diff -up imap-2007e/src/osdep/unix/Makefile.shared imap-2007e/src/osdep/unix/Makefile
+--- imap-2007e/src/osdep/unix/Makefile.shared	2009-07-07 19:28:02.909755512 -0500
++++ imap-2007e/src/osdep/unix/Makefile	2009-07-07 19:29:35.870006799 -0500
+@@ -170,6 +170,10 @@ BUILD=$(MAKE) build EXTRACFLAGS='$(EXTRA
+  EXTRADRIVERS='$(EXTRADRIVERS)' EXTRAAUTHENTICATORS='$(EXTRAAUTHENTICATORS)'\
+  PASSWDTYPE=$(PASSWDTYPE) SSLTYPE=$(SSLTYPE) IP=$(IP)
+ 
++# Need this for the shared library rule to work correctly
++.SUFFIXES: .o .so
++SOFILES=${BINARIES:.o=.so}
++
+ 
+ # Here if no make argument established
+ 
+@@ -845,18 +849,24 @@ vu2:	# VAX Ultrix 2.3, etc.
+ 
+ # Build it!
+ 
+-build:	clean once $(ARCHIVE)
++build:	clean once $(ARCHIVE) $(SHLIBNAME)
+ 
+-all:	$(ARCHIVE)
++all:	$(ARCHIVE) $(SHLIBNAME)
+ 
+ $(ARCHIVE): $(BINARIES)
+ 	sh -c '$(RM) $(ARCHIVE) || true'
+ 	@$(CAT) ARCHIVE
+ 	@$(SH) ARCHIVE
+ 
+-.c.o:
+-	`$(CAT) CCTYPE` -c `$(CAT) CFLAGS` $*.c
++$(SHLIBNAME):	$(SOFILES)
++	gcc -shared -Wl,-soname,$(SHLIBNAME) -o $(SHLIBNAME) $(SOFILES) `cat LDFLAGS`
++	ln -s $(SHLIBNAME) lib$(SHLIBBASE).so
+ 
++.c.so:	osdep.h
++	$(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` ${@:.so=.c} -o $@
++
++.c.o:
++	$(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` $*.c
+ 
+ # Cleanup
+ 
+@@ -895,8 +905,7 @@ utf8aux.o: mail.h misc.h osdep.h utf8.h
+ 
+ 
+ # OS-dependent
+-
+-osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
++OSDEPS= mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
+ 	osdep.h env_unix.h tcp_unix.h \
+ 	osdep.c env_unix.c fs_unix.c ftl_unix.c nl_unix.c tcp_unix.c ip_unix.c\
+ 	auths.c crexcl.c flockcyg.c flocklnx.c flocksim.c fsync.c \
+@@ -910,12 +919,19 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h n
+ 	write.c sslstdio.c \
+ 	strerror.c strpbrk.c strstr.c strtok.c strtoul.c \
+ 	OSCFLAGS
++
++osdep.o:	$(OSDEPS)
++	$(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
++	@echo ========================================================================
+ 	@echo Building OS-dependent module
+ 	@echo If you get No such file error messages for files x509.h, ssl.h,
+ 	@echo pem.h, buffer.h, bio.h, and crypto.h, that means that OpenSSL
+ 	@echo is not installed on your system.  Either install OpenSSL first
+ 	@echo or build with command: make `$(CAT) OSTYPE` SSLTYPE=none
+-	`$(CAT) CCTYPE` -c `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
++	@echo ========================================================================
++
++osdep.so:	$(OSDEPS)
++	$(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `cat OSCFLAGS` -c osdep.c -o $@
+ 
+ osdep.c: osdepbas.c osdepckp.c osdeplog.c osdepssl.c
+ 	$(CAT) osdepbas.c osdepckp.c osdeplog.c osdepssl.c > osdep.c
diff --git a/supplemental/patches/imap-2007e-system_c_client.patch b/supplemental/patches/imap-2007e-system_c_client.patch
new file mode 100644
index 0000000..823af50
--- /dev/null
+++ b/supplemental/patches/imap-2007e-system_c_client.patch
@@ -0,0 +1,17 @@
+diff -up imap-2007e/Makefile.system_c_client imap-2007e/Makefile
+--- imap-2007e/Makefile.system_c_client	2008-06-04 13:43:35.000000000 -0500
++++ imap-2007e/Makefile	2011-06-13 14:13:04.467014334 -0500
+@@ -665,9 +665,11 @@ an ua:
+ 	@$(MAKE) ssl$(SSLTYPE)
+ 	@echo Applying $@ process to sources...
+ 	$(TOOLS)/$@ "$(LN)" src/c-client c-client
+-	$(TOOLS)/$@ "$(LN)" src/ansilib c-client
+-	$(TOOLS)/$@ "$(LN)" src/charset c-client
++	$(TOOLS)/$@ "$(LN)" src/ansilib c-client
++	$(TOOLS)/$@ "$(LN)" src/charset c-client
+ 	$(TOOLS)/$@ "$(LN)" src/osdep/$(SYSTEM) c-client
++	cp -alf /usr/include/imap/* c-client/
++	#sleep 5
+ 	$(TOOLS)/$@ "$(LN)" src/mtest mtest
+ 	$(TOOLS)/$@ "$(LN)" src/ipopd ipopd
+ 	$(TOOLS)/$@ "$(LN)" src/imapd imapd
diff --git a/supplemental/patches/imap-2007f-format-security.patch b/supplemental/patches/imap-2007f-format-security.patch
new file mode 100644
index 0000000..244153e
--- /dev/null
+++ b/supplemental/patches/imap-2007f-format-security.patch
@@ -0,0 +1,12 @@
+diff -Naur imap-2007f.orig/src/osdep/unix/flocklnx.c imap-2007f/src/osdep/unix/flocklnx.c
+--- imap-2007f.orig/src/osdep/unix/flocklnx.c	2011-07-23 02:20:11.000000000 +0200
++++ imap-2007f/src/osdep/unix/flocklnx.c	2014-04-14 19:17:46.429000000 +0200
+@@ -57,7 +57,7 @@
+     case ENOLCK:		/* lock table is full */
+       sprintf (tmp,"File locking failure: %s",strerror (errno));
+       mm_log (tmp,WARN);	/* give the user a warning of what happened */
+-      if (!logged++) syslog (LOG_ERR,tmp);
++      if (!logged++) syslog (LOG_ERR, "%s", tmp);
+ 				/* return failure if non-blocking lock */
+       if (op & LOCK_NB) return -1;
+       sleep (5);		/* slow down in case it loops */
diff --git a/supplemental/patches/imap-2007f-ldflags.patch b/supplemental/patches/imap-2007f-ldflags.patch
new file mode 100644
index 0000000..82c6afc
--- /dev/null
+++ b/supplemental/patches/imap-2007f-ldflags.patch
@@ -0,0 +1,21 @@
+diff -up imap-2007f/src/osdep/unix/Makefile.ldflags imap-2007f/src/osdep/unix/Makefile
+--- imap-2007f/src/osdep/unix/Makefile.ldflags	2018-04-24 13:18:45.333043626 +0200
++++ imap-2007f/src/osdep/unix/Makefile	2018-04-24 13:29:09.262125281 +0200
+@@ -73,7 +73,7 @@ SSLRSA= # -lRSAglue -lrsaref
+ 
+ SSLCFLAGS= -I$(SSLINCLUDE) -I$(SSLINCLUDE)/openssl\
+  -DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" -DSSL_KEY_DIRECTORY=\"$(SSLKEYS)\"
+-SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA)
++SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA) $(EXTRALDFLAGS)
+ 
+ 
+ # Extended flags needed for non-standard passwd types.  You may need to modify.
+@@ -502,7 +502,7 @@ lnp:	# Linux Pluggable Authentication mo
+ 	 ACTIVEFILE=/var/lib/news/active \
+ 	 RSHPATH=/usr/bin/rsh \
+ 	 BASECFLAGS="$(GCCCFLAGS)" \
+-	 BASELDFLAGS="$(PAMLDFLAGS)"
++	 BASELDFLAGS="$(EXTRALDFLAGS) $(PAMLDFLAGS)"
+ 
+ lnx:	# Linux non-shadow passwords
+ 	@echo You are building for traditional Linux *without* shadow