Merge pull request #1 from uw-imap/patches

Patches
2024-11-16 10:28:23 +01:00 · 2019-01-04 00:09:03 -06:00 · 2019-01-04 00:09:03 -06:00 · cab1094665
commit cab1094665
parent 22f316e36d b4cecc5315
23 changed files with 654 additions and 78 deletions
--- a/.gitignore
+++ b/.gitignore
@ -40,3 +40,6 @@ m4/ltsugar.m4
 m4/ltversion.m4
 m4/lt~obsolete.m4
 autom4te.cache
 *.orig
 sources
--- a/README.md
+++ b/README.md
@ -1 +1,98 @@
-# uw-imap
+# University of Washington IMAP toolkit
 This repository is a copy of the University of Washington IMAP toolkit _(imap-2007f.tar.gz/MD5:2126fd125ea26b73b20f01fcd5940369)_ which has become unavailable from the documented FTP and mirror sites. Posted here for both posterity and because a number of packages require the library and source/headers which may not always be suitable from the OS package manager.
 _In my case it was to compile PHP7 with IMAP support and utilizing an alternative (newer) OpenSSL version. It was very difficult to find trustworthy already-patched sources for this purpose._ This seems to be a common problem for many in the same situation.
 ## imap tools and server, c-client/libc-client/uw-imap-devel
 The sources have been incrementally patched with the following from the Fedora Package Sources for uw-imap[[1]]. 
 See the [_patches_](supplemental/patches) directory in this repository for the contents.
 - 1006_openssl1.1_autoverify.patch
 - imap-2004a-doc.patch
 - imap-2007e-authmd5.patch
 - imap-2007e-overflow.patch
 - imap-2007e-poll.patch
 - imap-2007e-shared.patch
 - imap-2007e-system_c_client.patch
 - imap-2007f-format-security.patch
 - imap-2007f-ldflags.patch
 Additional information is available at https://www.washington.edu/imap/
 [1]: https://src.fedoraproject.org/rpms/uw-imap/tree/f29
 ## ORIGINAL [README](./README)
    /* ========================================================================
     * Copyright 1988-2007 University of Washington
     *
     * Licensed under the Apache License, Version 2.0 (the "License");
     * you may not use this file except in compliance with the License.
     * You may obtain a copy of the License at
     *
     *     http://www.apache.org/licenses/LICENSE-2.0
     *
     * 
     * ========================================================================
     */
                   IMAP Toolkit Environment
                         4 April 2007
                     Mark Crispin
                    UNIX QUICK BUILD NOTES
    These quick build notes assume that you have installed OpenSSL before
    attempting to build this software, and that you do not have any non-default
    configuration parameters.
    If you need additional information in building this software with OpenSSL,
    please refer to the docs/SSLBUILD file for more information.
    If you intend to build this software with a non-default configuration
    (including building a non-compliant server without SSL support), please
    refer to the docs/BUILD file for more information.
    1) Look in the top-level Makefile and find your system type code.  For example,
       modern versions of Linux will use either "slx", "lnp", or one of the
       lnp-variants (such as "lrh").
    2) Type "make" followed by the system type, e.g. "make slx".
    3) Install the POP2 daemon (ipopd/ipop2d), the POP3 daemon (ipopd/ipop3d), and
       the IMAP daemon (imapd/imapd) on a system directory of your choosing.
    4) Update /etc/services to register the pop2 service on TCP port 109, the
       pop3 service on TCP port 110, and the imap service on TCP port 143.  Also
       update Yellow Pages/NIS/NetInfo/etc. if appropriate on your system.
    5) Update /etc/inetd.conf (or install files on /etc/xinetd.d) to invoke the
       POP2, POP3, and IMAP daemons on their associated services.
    6) If your system uses PAM authentication, be sure to set up /etc/pam.d/imap
       (*not* /etc/pam.d/imapd) and /etc/pam.d/pop (*not* /etc/pam.d/ipop3d or
       /etc/pam.d/pop3d or /etc/pam.d/popd or /etc/pam.d/pop3).
    7) Unless you built your system without SSL support, you will need to set
       up SSL server certificates as described in docs/SSLBUILD.
    6) That's all!
    Read the file docs/BUILD and docs/SSLBUILD if you need more detailed
    information and/or you don't understand these quick build instructions.
                     MISCELLANEOUS NOTES
         mtest has been run under UNIX, DOS, Windows, NT, Macintosh, TOPS-20, and
    VMS.  It is a very primitive interface, however, and is suited mainly as a
    model of how to write a main program for c-client.  You should take a look at
    the source to figure out how to use it.  Briefly, it first asks for a mailbox
    name (either a local file path or an IMAP mailbox in the form
    "{hostname}mailbox") and then puts you in a command mode where "?" will give
    you a list of commands.
         Pine is available separately on the FTP.CAC.Washington.EDU archives.
         The focus of development and support is for UNIX and Win32 (including
    Windows 95/98/Millenium, Windows NT, and Windows 2000).  The other ports are
    not frequently used or tested, and may be incomplete.
--- a/src/c-client/auth_md5.c
+++ b/src/c-client/auth_md5.c
@ -42,17 +42,17 @@ typedef struct {
 /* Prototypes */
-long auth_md5_valid (void);
+static long auth_md5_valid (void);
-long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
+static long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
 		      char *service,NETMBX *mb,void *stream,
 		      unsigned long *trial,char *user);
-char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
+static char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
-char *auth_md5_pwd (char *user);
+static char *auth_md5_pwd (char *user);
 char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]);
-char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
+static char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
-void md5_init (MD5CONTEXT *ctx);
+static void md5_init (MD5CONTEXT *ctx);
-void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
+static void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
-void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
+static void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
 static void md5_transform (unsigned long *state,unsigned char *block);
 static void md5_encode (unsigned char *dst,unsigned long *src,int len);
 static void md5_decode (unsigned long *dst,unsigned char *src,int len);
--- a/src/c-client/rfc822.c
+++ b/src/c-client/rfc822.c
@ -384,6 +384,9 @@ void rfc822_parse_content (BODY *body,STRING *bs,char *h,unsigned long depth,
 	if (CHR (bs) == '\012'){/* following LF? */
 	  c = SNX (bs); i--;	/* yes, slurp it */
 	}
 	if (!i)			/* Make sure we don't get an overflow for */
 	  break;		/* messages ending on \015 (or the following */
 				/* i-- will cause i to be MAXINT. Not good.) */
      case '\012':		/* at start of a line, start with -- ? */
 	if (!(i && i-- && ((c = SNX (bs)) == '-') && i-- &&
 	      ((c = SNX (bs)) == '-'))) break;
--- a/src/imapd/imapd.8
+++ b/src/imapd/imapd.8
@ -16,7 +16,7 @@
 .SH NAME
 IMAPd \- Internet Message Access Protocol server
 .SH SYNOPSIS
-.B /usr/etc/imapd
+.B /usr/sbin/imapd
 .SH DESCRIPTION
 .I imapd
 is a server which supports the
--- a/src/ipopd/ipopd.8
+++ b/src/ipopd/ipopd.8
@ -16,9 +16,9 @@
 .SH NAME
 IPOPd \- Post Office Protocol server
 .SH SYNOPSIS
-.B /usr/etc/ipop2d
+.B /usr/sbin/ipop2d
 .PP
-.B /usr/etc/ipop3d
+.B /usr/sbin/ipop3d
 .SH DESCRIPTION
 .I ipop2d
 and
--- a/src/osdep/unix/Makefile
+++ b/src/osdep/unix/Makefile
@ -73,7 +73,7 @@ SSLRSA= # -lRSAglue -lrsaref
 SSLCFLAGS= -I$(SSLINCLUDE) -I$(SSLINCLUDE)/openssl\
 -DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" -DSSL_KEY_DIRECTORY=\"$(SSLKEYS)\"
-SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA)
+SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA) $(EXTRALDFLAGS)
 # Extended flags needed for non-standard passwd types.  You may need to modify.
@ -96,11 +96,11 @@ CHECKPW=std
 LOGINPW=std
 SIGTYPE=bsd
 CRXTYPE=std
-ACTIVEFILE=/usr/lib/news/active
+ACTIVEFILE=/var/lib/news/active
-SPOOLDIR=/usr/spool
+SPOOLDIR=/var/spool
 MAILSPOOL=$(SPOOLDIR)/mail
 NEWSSPOOL=$(SPOOLDIR)/news
-RSHPATH=/usr/ucb/rsh
+RSHPATH=/usr/bin/rsh
 MD5PWD=/etc/cram-md5.pwd
 # Tries one of the test alternatives below if not specified.
 LOCKPGM=
@ -170,6 +170,10 @@ BUILD=$(MAKE) build EXTRACFLAGS='$(EXTRACFLAGS)'\
 EXTRADRIVERS='$(EXTRADRIVERS)' EXTRAAUTHENTICATORS='$(EXTRAAUTHENTICATORS)'\
 PASSWDTYPE=$(PASSWDTYPE) SSLTYPE=$(SSLTYPE) IP=$(IP)
 # Need this for the shared library rule to work correctly
 .SUFFIXES: .o .so
 SOFILES=${BINARIES:.o=.so}
 # Here if no make argument established
@ -498,7 +502,7 @@ lnp:	# Linux Pluggable Authentication modules
 	 ACTIVEFILE=/var/lib/news/active \
 	 RSHPATH=/usr/bin/rsh \
 	 BASECFLAGS="$(GCCCFLAGS)" \
-	 BASELDFLAGS="$(PAMLDFLAGS)"
+	 BASELDFLAGS="$(EXTRALDFLAGS) $(PAMLDFLAGS)"
 lnx:	# Linux non-shadow passwords
 	@echo You are building for traditional Linux *without* shadow
@ -853,18 +857,24 @@ vu2:	# VAX Ultrix 2.3, etc.
 # Build it!
-build:	clean once $(ARCHIVE)
+build:	clean once $(ARCHIVE) $(SHLIBNAME)
-all:	$(ARCHIVE)
+all:	$(ARCHIVE) $(SHLIBNAME)
 $(ARCHIVE): $(BINARIES)
 	sh -c '$(RM) $(ARCHIVE) || true'
 	@$(CAT) ARCHIVE
 	@$(SH) ARCHIVE
-.c.o:
+$(SHLIBNAME):	$(SOFILES)
-	`$(CAT) CCTYPE` -c `$(CAT) CFLAGS` $*.c
+	gcc -shared -Wl,-soname,$(SHLIBNAME) -o $(SHLIBNAME) $(SOFILES) `cat LDFLAGS`
 	ln -s $(SHLIBNAME) lib$(SHLIBBASE).so
 .c.so:	osdep.h
 	$(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` ${@:.so=.c} -o $@
 .c.o:
 	$(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` $*.c
 # Cleanup
@ -903,8 +913,7 @@ utf8aux.o: mail.h misc.h osdep.h utf8.h
 # OS-dependent
-
+OSDEPS= mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
 osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
 	osdep.h env_unix.h tcp_unix.h \
 	osdep.c env_unix.c fs_unix.c ftl_unix.c nl_unix.c tcp_unix.c ip_unix.c\
 	auths.c crexcl.c flockcyg.c flocklnx.c flocksim.c fsync.c \
@ -918,12 +927,19 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
 	write.c sslstdio.c \
 	strerror.c strpbrk.c strstr.c strtok.c strtoul.c \
 	OSCFLAGS
 osdep.o:	$(OSDEPS)
 	$(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
 	@echo ========================================================================
 	@echo Building OS-dependent module
 	@echo If you get No such file error messages for files x509.h, ssl.h,
 	@echo pem.h, buffer.h, bio.h, and crypto.h, that means that OpenSSL
 	@echo is not installed on your system.  Either install OpenSSL first
 	@echo or build with command: make `$(CAT) OSTYPE` SSLTYPE=none
-	`$(CAT) CCTYPE` -c `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
+	@echo ========================================================================
 osdep.so:	$(OSDEPS)
 	$(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `cat OSCFLAGS` -c osdep.c -o $@
 osdep.c: osdepbas.c osdepckp.c osdeplog.c osdepssl.c
 	$(CAT) osdepbas.c osdepckp.c osdeplog.c osdepssl.c > osdep.c
--- a/src/osdep/unix/flocklnx.c
+++ b/src/osdep/unix/flocklnx.c
@ -57,7 +57,7 @@ int safe_flock (int fd,int op)
    case ENOLCK:		/* lock table is full */
      sprintf (tmp,"File locking failure: %s",strerror (errno));
      mm_log (tmp,WARN);	/* give the user a warning of what happened */
-      if (!logged++) syslog (LOG_ERR,tmp);
+      if (!logged++) syslog (LOG_ERR, "%s", tmp);
 				/* return failure if non-blocking lock */
      if (op & LOCK_NB) return -1;
      sleep (5);		/* slow down in case it loops */
--- a/src/osdep/unix/os_lnx.c
+++ b/src/osdep/unix/os_lnx.c
@ -41,6 +41,7 @@
 extern int errno;		/* just in case */
 #include <pwd.h>
 #include "misc.h"
 #include <poll.h>
 #include "fs_unix.c"
--- a/src/osdep/unix/os_slx.c
+++ b/src/osdep/unix/os_slx.c
@ -42,6 +42,7 @@ extern int errno;		/* just in case */
 #include <pwd.h>
 #include <shadow.h>
 #include "misc.h"
 #include <poll.h>
 #include "fs_unix.c"
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
 				/* disable certificate validation? */
  if (flags & NET_NOVALIDATECERT)
    SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
-  else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+  else {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000      
      X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
      X509_VERIFY_PARAM_set1_host(param, host, 0);
 #endif
      SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
 				/* set default paths to CAs... */
  }
  SSL_CTX_set_default_verify_paths (stream->context);
 				/* ...unless a non-standard path desired */
  if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
  if (SSL_write (stream->con,"",0) < 0)
    return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
 				/* need to validate host names? */
 #if OPENSSL_VERSION_NUMBER < 0x10100000
  if (!(flags & NET_NOVALIDATECERT) &&
      (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
 				host))) {
@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
    sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
    return ssl_last_error = cpystr (tmp);
  }
 #endif
  return NIL;
 }
@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
 * Returns: NIL if validated, else string of error message
 */
 #if OPENSSL_VERSION_NUMBER < 0x10100000
 static char *ssl_validate_cert (X509 *cert,char *host)
 {
  int i,n;
@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *cert,char *host)
  else ret = "Unable to locate common name in certificate";
  return ret;
 }
 #endif
 /* Case-independent wildcard pattern match
 * Accepts: base string
--- a/src/osdep/unix/tcp_unix.c
+++ b/src/osdep/unix/tcp_unix.c
@ -235,12 +235,11 @@ TCPSTREAM *tcp_open (char *host,char *service,unsigned long port)
 int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
 		     char *tmp,int *ctr,char *hst)
 {
-  int i,ti,sock,flgs;
+  int i,ti,sock,flgs,tmo;
  struct pollfd pfd;
  size_t len;
  time_t now;
  struct protoent *pt = getprotobyname ("tcp");
  fd_set rfds,wfds,efds;
  struct timeval tmo;
  struct sockaddr *sadr = ip_sockaddr (family,adr,adrlen,port,&len);
  blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
 				/* fetid Solaris */
@ -252,14 +251,6 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
    sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
    (*bn) (BLOCK_NONSENSITIVE,data);
  }
  else if (sock >= FD_SETSIZE) {/* unselectable sockets are useless */
    sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
 	     sock,FD_SETSIZE);
    (*bn) (BLOCK_NONSENSITIVE,data);
    close (sock);
    sock = -1;
    errno = EMFILE;
  }
  else {			/* get current socket flags */
    flgs = fcntl (sock,F_GETFL,0);
@ -284,16 +275,11 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
    if ((sock >= 0) && ctr) {	/* want open timeout? */
      now = time (0);		/* open timeout */
      ti = ttmo_open ? now + ttmo_open : 0;
-      tmo.tv_usec = 0;
+      pfd.fd = sock;
-      FD_ZERO (&rfds);		/* initialize selection vector */
+      pfd.events = POLLIN | POLLOUT;
      FD_ZERO (&wfds);		/* initialize selection vector */
      FD_ZERO (&efds);		/* handle errors too */
      FD_SET (sock,&rfds);	/* block for error or readable or writable */
      FD_SET (sock,&wfds);
      FD_SET (sock,&efds);
      do {			/* block under timeout */
-	tmo.tv_sec = ti ? ti - now : 0;
+	tmo = ti ? ti - now : 0;
-	i = select (sock+1,&rfds,&wfds,&efds,ti ? &tmo : NIL);
+	i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
 	now = time (0);		/* fake timeout if interrupt & time expired */
 	if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
      } while ((i < 0) && (errno == EINTR));
@ -302,7 +288,7 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
 	fcntl (sock,F_SETFL,flgs);
 	/* This used to be a zero-byte read(), but that crashes Solaris */
 				/* get socket status */
-	if(FD_ISSET(sock, &rfds)) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
+	if(pfd.revents & POLLIN) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
      }	
      if (i <= 0) {		/* timeout or error? */
 	i = i ? errno : ETIMEDOUT;/* determine error code */
@ -545,9 +531,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
    stream->ictr -=n;
  }
  if (size) {
-    int i;
+    int i, tmo;
-    fd_set fds,efds;
+    struct pollfd pfd;
    struct timeval tmo;
    time_t t = time (0);
    blocknotify_t bn=(blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
    (*bn) (BLOCK_TCPREAD,NIL);
@ -556,16 +541,13 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
      time_t now = tl;
      time_t ti = ttmo_read ? now + ttmo_read : 0;
      if (tcpdebug) mm_log ("Reading TCP buffer",TCPDEBUG);
-      tmo.tv_usec = 0;
+
-      FD_ZERO (&fds);		/* initialize selection vector */
+      pfd.events = POLLIN;
-      FD_ZERO (&efds);		/* handle errors too */
+      pfd.fd = stream->tcpsi;
 				/* set bit in selection vectors */
      FD_SET (stream->tcpsi,&fds);
      FD_SET (stream->tcpsi,&efds);
      errno = NIL;		/* initially no error */
      do {			/* block under timeout */
-	tmo.tv_sec = ti ? ti - now : 0;
+	tmo = ti ? ti - now : 0;
-	i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+	i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
 	now = time (0);		/* fake timeout if interrupt & time expired */
 	if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
      } while ((i < 0) && (errno == EINTR));
@ -605,9 +587,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
 long tcp_getdata (TCPSTREAM *stream)
 {
-  int i;
+  int i, tmo;
-  fd_set fds,efds;
+  struct pollfd pfd;
  struct timeval tmo;
  time_t t = time (0);
  blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
  if (stream->tcpsi < 0) return NIL;
@ -617,15 +598,12 @@ long tcp_getdata (TCPSTREAM *stream)
    time_t now = tl;
    time_t ti = ttmo_read ? now + ttmo_read : 0;
    if (tcpdebug) mm_log ("Reading TCP data",TCPDEBUG);
-    tmo.tv_usec = 0;
+    pfd.fd = stream->tcpsi;
-    FD_ZERO (&fds);		/* initialize selection vector */
+    pfd.events = POLLIN;
    FD_ZERO (&efds);		/* handle errors too */
    FD_SET (stream->tcpsi,&fds);/* set bit in selection vectors */
    FD_SET (stream->tcpsi,&efds);
    errno = NIL;		/* initially no error */
    do {			/* block under timeout */
-      tmo.tv_sec = ti ? ti - now : 0;
+      tmo = ti ? ti - now : 0;
-      i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+      i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
      now = time (0);		/* fake timeout if interrupt & time expired */
      if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
    } while ((i < 0) && (errno == EINTR));
@ -677,9 +655,8 @@ long tcp_soutr (TCPSTREAM *stream,char *string)
 long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
 {
-  int i;
+  int i, tmo;
-  fd_set fds,efds;
+  struct pollfd pfd;
  struct timeval tmo;
  time_t t = time (0);
  blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
  if (stream->tcpso < 0) return NIL;
@ -689,15 +666,12 @@ long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
    time_t now = tl;
    time_t ti = ttmo_write ? now + ttmo_write : 0;
    if (tcpdebug) mm_log ("Writing to TCP",TCPDEBUG);
-    tmo.tv_usec = 0;
+    pfd.fd = stream->tcpso;
-    FD_ZERO (&fds);		/* initialize selection vector */
+    pfd.events = POLLOUT;
    FD_ZERO (&efds);		/* handle errors too */
    FD_SET (stream->tcpso,&fds);/* set bit in selection vector */
    FD_SET(stream->tcpso,&efds);/* set bit in error selection vector */
    errno = NIL;		/* block and write */
    do {			/* block under timeout */
-      tmo.tv_sec = ti ? ti - now : 0;
+      tmo = ti ? ti - now : 0;
-      i = select (stream->tcpso+1,NIL,&fds,&efds,ti ? &tmo : NIL);
+      i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
      now = time (0);		/* fake timeout if interrupt & time expired */
      if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
    } while ((i < 0) && (errno == EINTR));
--- a/supplemental/patches/1006_openssl1.1_autoverify.patch
+++ b/supplemental/patches/1006_openssl1.1_autoverify.patch
@ -0,0 +1,58 @@
 Description: Support OpenSSL 1.1
 When building with OpenSSL 1.1 and newer, use the new built-in
 hostname verification instead of code that doesn't compile due to
 structs having been made opaque.
 Bug-Debian: https://bugs.debian.org/828589
 --- a/src/osdep/unix/ssl_unix.c
 +++ b/src/osdep/unix/ssl_unix.c
@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
 				/* disable certificate validation? */
   if (flags & NET_NOVALIDATECERT)
     SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
 -  else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
 +  else {
 +#if OPENSSL_VERSION_NUMBER >= 0x10100000      
 +      X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
 +      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
 +      X509_VERIFY_PARAM_set1_host(param, host, 0);
 +#endif
 +
 +      SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
 				/* set default paths to CAs... */
 +  }
   SSL_CTX_set_default_verify_paths (stream->context);
 				/* ...unless a non-standard path desired */
   if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
   if (SSL_write (stream->con,"",0) < 0)
     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
 				/* need to validate host names? */
 +#if OPENSSL_VERSION_NUMBER < 0x10100000
   if (!(flags & NET_NOVALIDATECERT) &&
       (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
 				host))) {
@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
     sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
     return ssl_last_error = cpystr (tmp);
   }
 +#endif
   return NIL;
 }
@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
  * Returns: NIL if validated, else string of error message
  */
 +#if OPENSSL_VERSION_NUMBER < 0x10100000
 static char *ssl_validate_cert (X509 *cert,char *host)
 {
   int i,n;
@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
   else ret = "Unable to locate common name in certificate";
   return ret;
 }
 +#endif
 /* Case-independent wildcard pattern match
  * Accepts: base string
--- a/supplemental/patches/README.md
+++ b/supplemental/patches/README.md
@ -0,0 +1,5 @@
 #Patches
 The patches contained here are sourced from the [Fedora Package Sources rpms repository](https://src.fedoraproject.org/rpms/uw-imap/tree/f29).
 All but the imap-2007e-system_c_client.patch have been applied (see https://github.com/uw-imap/imap/commit/9eb7bb9d595b0b56b5f7b751fad58059b888a0fa#commitcomment-31836821)
--- a/supplemental/patches/imap-2004a-doc.patch
+++ b/supplemental/patches/imap-2004a-doc.patch
@ -0,0 +1,30 @@
 Patch by Robert Scheck <redhat@linuxnetz.de> for uw-imap >= 2004a, which corrects
 paths to imapd, ipop2d and ipop3d in the man pages. 
 This patch is based on Red Hat Bugzilla ID #127271 and solves ID #229781.
 --- imap-2004a/src/imapd/imapd.8		2004-05-18 19:46:54.000000000 +0200
 +++ imap-2004a/src/imapd/imapd.8.doc		2004-07-23 15:24:17.000000000 +0200
@@ -3,7 +3,7 @@
 .SH NAME
 IMAPd \- Internet Message Access Protocol server
 .SH SYNOPSIS
 -.B /usr/etc/imapd
 +.B /usr/sbin/imapd
 .SH DESCRIPTION
 .I imapd
 is a server which supports the
 --- imap-2004a/src/ipopd/ipopd.8		2004-05-18 19:50:05.000000000 +0200
 +++ imap-2004a/src/ipopd/ipopd.8.doc		2004-07-23 15:23:38.000000000 +0200
@@ -3,9 +3,9 @@
 .SH NAME
 IPOPd \- Post Office Protocol server
 .SH SYNOPSIS
 -.B /usr/etc/ipop2d
 +.B /usr/sbin/ipop2d
 .PP
 -.B /usr/etc/ipop3d
 +.B /usr/sbin/ipop3d
 .SH DESCRIPTION
 .I ipop2d
 and
--- a/supplemental/patches/imap-2007-paths.patch
+++ b/supplemental/patches/imap-2007-paths.patch
@ -0,0 +1,18 @@
 diff -up imap-2007/src/osdep/unix/Makefile.paths imap-2007/src/osdep/unix/Makefile
 --- imap-2007/src/osdep/unix/Makefile.paths	2007-12-17 16:10:24.000000000 -0600
 +++ imap-2007/src/osdep/unix/Makefile	2007-12-21 09:30:04.000000000 -0600
@@ -96,11 +96,11 @@ CHECKPW=std
 LOGINPW=std
 SIGTYPE=bsd
 CRXTYPE=std
 -ACTIVEFILE=/usr/lib/news/active
 -SPOOLDIR=/usr/spool
 +ACTIVEFILE=/var/lib/news/active
 +SPOOLDIR=/var/spool
 MAILSPOOL=$(SPOOLDIR)/mail
 NEWSSPOOL=$(SPOOLDIR)/news
 -RSHPATH=/usr/ucb/rsh
 +RSHPATH=/usr/bin/rsh
 MD5PWD=/etc/cram-md5.pwd
 # Tries one of the test alternatives below if not specified.
 LOCKPGM=
--- a/supplemental/patches/imap-2007e-authmd5.patch
+++ b/supplemental/patches/imap-2007e-authmd5.patch
@ -0,0 +1,29 @@
 diff -up imap-2007e/src/c-client/auth_md5.c.authmd5 imap-2007e/src/c-client/auth_md5.c
 --- imap-2007e/src/c-client/auth_md5.c.authmd5	2008-06-04 13:18:34.000000000 -0500
 +++ imap-2007e/src/c-client/auth_md5.c	2009-07-07 19:24:12.348005485 -0500
@@ -42,17 +42,17 @@ typedef struct {
 /* Prototypes */
 -long auth_md5_valid (void);
 -long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
 +static long auth_md5_valid (void);
 +static long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
 		      char *service,NETMBX *mb,void *stream,
 		      unsigned long *trial,char *user);
 -char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
 -char *auth_md5_pwd (char *user);
 +static char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
 +static char *auth_md5_pwd (char *user);
 char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]);
 -char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
 -void md5_init (MD5CONTEXT *ctx);
 -void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
 -void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
 +static char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
 +static void md5_init (MD5CONTEXT *ctx);
 +static void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
 +static void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
 static void md5_transform (unsigned long *state,unsigned char *block);
 static void md5_encode (unsigned char *dst,unsigned long *src,int len);
 static void md5_decode (unsigned long *dst,unsigned char *src,int len);
--- a/supplemental/patches/imap-2007e-overflow.patch
+++ b/supplemental/patches/imap-2007e-overflow.patch
@ -0,0 +1,13 @@
 diff -up imap-2007e/src/c-client/rfc822.c.overflow imap-2007e/src/c-client/rfc822.c
 --- imap-2007e/src/c-client/rfc822.c.overflow	2008-12-12 11:08:26.000000000 -0600
 +++ imap-2007e/src/c-client/rfc822.c	2009-07-07 19:27:20.057772757 -0500
@@ -384,6 +384,9 @@ void rfc822_parse_content (BODY *body,ST
 	if (CHR (bs) == '\012'){/* following LF? */
 	  c = SNX (bs); i--;	/* yes, slurp it */
 	}
 +	if (!i)			/* Make sure we don't get an overflow for */
 +	  break;		/* messages ending on \015 (or the following */
 +				/* i-- will cause i to be MAXINT. Not good.) */
       case '\012':		/* at start of a line, start with -- ? */
 	if (!(i && i-- && ((c = SNX (bs)) == '-') && i-- &&
 	      ((c = SNX (bs)) == '-'))) break;
--- a/supplemental/patches/imap-2007e-poll.patch
+++ b/supplemental/patches/imap-2007e-poll.patch
@ -0,0 +1,192 @@
 http://anonscm.debian.org/cgit/collab-maint/uw-imap.git/plain/debian/patches/1005_poll.patch
 Description: Use poll(2) instead of select(2) to support more than 1024 file descriptors
 Author: Ben Smithurst <ben.smithurst@gradwell.com>
 Bug-Debian: https://bugs.debian.org/478193
 diff --git a/src/osdep/unix/os_lnx.c b/src/osdep/unix/os_lnx.c
 index 03fd17d..671bbd6 100644
 --- a/src/osdep/unix/os_lnx.c
 +++ b/src/osdep/unix/os_lnx.c
@@ -41,6 +41,7 @@
 extern int errno;		/* just in case */
 #include <pwd.h>
 #include "misc.h"
 +#include <poll.h>
 #include "fs_unix.c"
 diff --git a/src/osdep/unix/os_slx.c b/src/osdep/unix/os_slx.c
 index c94d632..f6bf27d 100644
 --- a/src/osdep/unix/os_slx.c
 +++ b/src/osdep/unix/os_slx.c
@@ -42,6 +42,7 @@ extern int errno;		/* just in case */
 #include <pwd.h>
 #include <shadow.h>
 #include "misc.h"
 +#include <poll.h>
 #include "fs_unix.c"
 diff --git a/src/osdep/unix/tcp_unix.c b/src/osdep/unix/tcp_unix.c
 index 795fb4f..c69eaec 100644
 --- a/src/osdep/unix/tcp_unix.c
 +++ b/src/osdep/unix/tcp_unix.c
@@ -235,12 +235,11 @@ TCPSTREAM *tcp_open (char *host,char *service,unsigned long port)
 int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
 		     char *tmp,int *ctr,char *hst)
 {
 -  int i,ti,sock,flgs;
 +  int i,ti,sock,flgs,tmo;
 +  struct pollfd pfd;
   size_t len;
   time_t now;
   struct protoent *pt = getprotobyname ("tcp");
 -  fd_set rfds,wfds,efds;
 -  struct timeval tmo;
   struct sockaddr *sadr = ip_sockaddr (family,adr,adrlen,port,&len);
   blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
 				/* fetid Solaris */
@@ -252,14 +251,6 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
     sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
     (*bn) (BLOCK_NONSENSITIVE,data);
   }
 -  else if (sock >= FD_SETSIZE) {/* unselectable sockets are useless */
 -    sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
 -	     sock,FD_SETSIZE);
 -    (*bn) (BLOCK_NONSENSITIVE,data);
 -    close (sock);
 -    sock = -1;
 -    errno = EMFILE;
 -  }
   else {			/* get current socket flags */
     flgs = fcntl (sock,F_GETFL,0);
@@ -284,16 +275,11 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
     if ((sock >= 0) && ctr) {	/* want open timeout? */
       now = time (0);		/* open timeout */
       ti = ttmo_open ? now + ttmo_open : 0;
 -      tmo.tv_usec = 0;
 -      FD_ZERO (&rfds);		/* initialize selection vector */
 -      FD_ZERO (&wfds);		/* initialize selection vector */
 -      FD_ZERO (&efds);		/* handle errors too */
 -      FD_SET (sock,&rfds);	/* block for error or readable or writable */
 -      FD_SET (sock,&wfds);
 -      FD_SET (sock,&efds);
 +      pfd.fd = sock;
 +      pfd.events = POLLIN | POLLOUT;
       do {			/* block under timeout */
 -	tmo.tv_sec = ti ? ti - now : 0;
 -	i = select (sock+1,&rfds,&wfds,&efds,ti ? &tmo : NIL);
 +	tmo = ti ? ti - now : 0;
 +	i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
 	now = time (0);		/* fake timeout if interrupt & time expired */
 	if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
       } while ((i < 0) && (errno == EINTR));
@@ -302,7 +288,7 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
 	fcntl (sock,F_SETFL,flgs);
 	/* This used to be a zero-byte read(), but that crashes Solaris */
 				/* get socket status */
 -	if(FD_ISSET(sock, &rfds)) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
 +	if(pfd.revents & POLLIN) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
       }	
       if (i <= 0) {		/* timeout or error? */
 	i = i ? errno : ETIMEDOUT;/* determine error code */
@@ -545,9 +531,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
     stream->ictr -=n;
   }
   if (size) {
 -    int i;
 -    fd_set fds,efds;
 -    struct timeval tmo;
 +    int i, tmo;
 +    struct pollfd pfd;
     time_t t = time (0);
     blocknotify_t bn=(blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
     (*bn) (BLOCK_TCPREAD,NIL);
@@ -556,16 +541,13 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
       time_t now = tl;
       time_t ti = ttmo_read ? now + ttmo_read : 0;
       if (tcpdebug) mm_log ("Reading TCP buffer",TCPDEBUG);
 -      tmo.tv_usec = 0;
 -      FD_ZERO (&fds);		/* initialize selection vector */
 -      FD_ZERO (&efds);		/* handle errors too */
 -				/* set bit in selection vectors */
 -      FD_SET (stream->tcpsi,&fds);
 -      FD_SET (stream->tcpsi,&efds);
 +
 +      pfd.events = POLLIN;
 +      pfd.fd = stream->tcpsi;
       errno = NIL;		/* initially no error */
       do {			/* block under timeout */
 -	tmo.tv_sec = ti ? ti - now : 0;
 -	i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
 +	tmo = ti ? ti - now : 0;
 +	i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
 	now = time (0);		/* fake timeout if interrupt & time expired */
 	if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
       } while ((i < 0) && (errno == EINTR));
@@ -605,9 +587,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
 long tcp_getdata (TCPSTREAM *stream)
 {
 -  int i;
 -  fd_set fds,efds;
 -  struct timeval tmo;
 +  int i, tmo;
 +  struct pollfd pfd;
   time_t t = time (0);
   blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
   if (stream->tcpsi < 0) return NIL;
@@ -617,15 +598,12 @@ long tcp_getdata (TCPSTREAM *stream)
     time_t now = tl;
     time_t ti = ttmo_read ? now + ttmo_read : 0;
     if (tcpdebug) mm_log ("Reading TCP data",TCPDEBUG);
 -    tmo.tv_usec = 0;
 -    FD_ZERO (&fds);		/* initialize selection vector */
 -    FD_ZERO (&efds);		/* handle errors too */
 -    FD_SET (stream->tcpsi,&fds);/* set bit in selection vectors */
 -    FD_SET (stream->tcpsi,&efds);
 +    pfd.fd = stream->tcpsi;
 +    pfd.events = POLLIN;
     errno = NIL;		/* initially no error */
     do {			/* block under timeout */
 -      tmo.tv_sec = ti ? ti - now : 0;
 -      i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
 +      tmo = ti ? ti - now : 0;
 +      i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
       now = time (0);		/* fake timeout if interrupt & time expired */
       if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
     } while ((i < 0) && (errno == EINTR));
@@ -677,9 +655,8 @@ long tcp_soutr (TCPSTREAM *stream,char *string)
 long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
 {
 -  int i;
 -  fd_set fds,efds;
 -  struct timeval tmo;
 +  int i, tmo;
 +  struct pollfd pfd;
   time_t t = time (0);
   blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
   if (stream->tcpso < 0) return NIL;
@@ -689,15 +666,12 @@ long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
     time_t now = tl;
     time_t ti = ttmo_write ? now + ttmo_write : 0;
     if (tcpdebug) mm_log ("Writing to TCP",TCPDEBUG);
 -    tmo.tv_usec = 0;
 -    FD_ZERO (&fds);		/* initialize selection vector */
 -    FD_ZERO (&efds);		/* handle errors too */
 -    FD_SET (stream->tcpso,&fds);/* set bit in selection vector */
 -    FD_SET(stream->tcpso,&efds);/* set bit in error selection vector */
 +    pfd.fd = stream->tcpso;
 +    pfd.events = POLLOUT;
     errno = NIL;		/* block and write */
     do {			/* block under timeout */
 -      tmo.tv_sec = ti ? ti - now : 0;
 -      i = select (stream->tcpso+1,NIL,&fds,&efds,ti ? &tmo : NIL);
 +      tmo = ti ? ti - now : 0;
 +      i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
       now = time (0);		/* fake timeout if interrupt & time expired */
       if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
     } while ((i < 0) && (errno == EINTR));
--- a/supplemental/patches/imap-2007e-shared.patch
+++ b/supplemental/patches/imap-2007e-shared.patch
@ -0,0 +1,74 @@
 diff -up imap-2007e/src/osdep/unix/Makefile.shared imap-2007e/src/osdep/unix/Makefile
 --- imap-2007e/src/osdep/unix/Makefile.shared	2009-07-07 19:28:02.909755512 -0500
 +++ imap-2007e/src/osdep/unix/Makefile	2009-07-07 19:29:35.870006799 -0500
@@ -170,6 +170,10 @@ BUILD=$(MAKE) build EXTRACFLAGS='$(EXTRA
  EXTRADRIVERS='$(EXTRADRIVERS)' EXTRAAUTHENTICATORS='$(EXTRAAUTHENTICATORS)'\
  PASSWDTYPE=$(PASSWDTYPE) SSLTYPE=$(SSLTYPE) IP=$(IP)
 +# Need this for the shared library rule to work correctly
 +.SUFFIXES: .o .so
 +SOFILES=${BINARIES:.o=.so}
 +
 # Here if no make argument established
@@ -845,18 +849,24 @@ vu2:	# VAX Ultrix 2.3, etc.
 # Build it!
 -build:	clean once $(ARCHIVE)
 +build:	clean once $(ARCHIVE) $(SHLIBNAME)
 -all:	$(ARCHIVE)
 +all:	$(ARCHIVE) $(SHLIBNAME)
 $(ARCHIVE): $(BINARIES)
 	sh -c '$(RM) $(ARCHIVE) || true'
 	@$(CAT) ARCHIVE
 	@$(SH) ARCHIVE
 -.c.o:
 -	`$(CAT) CCTYPE` -c `$(CAT) CFLAGS` $*.c
 +$(SHLIBNAME):	$(SOFILES)
 +	gcc -shared -Wl,-soname,$(SHLIBNAME) -o $(SHLIBNAME) $(SOFILES) `cat LDFLAGS`
 +	ln -s $(SHLIBNAME) lib$(SHLIBBASE).so
 +.c.so:	osdep.h
 +	$(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` ${@:.so=.c} -o $@
 +
 +.c.o:
 +	$(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` $*.c
 # Cleanup
@@ -895,8 +905,7 @@ utf8aux.o: mail.h misc.h osdep.h utf8.h
 # OS-dependent
 -
 -osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
 +OSDEPS= mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
 	osdep.h env_unix.h tcp_unix.h \
 	osdep.c env_unix.c fs_unix.c ftl_unix.c nl_unix.c tcp_unix.c ip_unix.c\
 	auths.c crexcl.c flockcyg.c flocklnx.c flocksim.c fsync.c \
@@ -910,12 +919,19 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h n
 	write.c sslstdio.c \
 	strerror.c strpbrk.c strstr.c strtok.c strtoul.c \
 	OSCFLAGS
 +
 +osdep.o:	$(OSDEPS)
 +	$(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
 +	@echo ========================================================================
 	@echo Building OS-dependent module
 	@echo If you get No such file error messages for files x509.h, ssl.h,
 	@echo pem.h, buffer.h, bio.h, and crypto.h, that means that OpenSSL
 	@echo is not installed on your system.  Either install OpenSSL first
 	@echo or build with command: make `$(CAT) OSTYPE` SSLTYPE=none
 -	`$(CAT) CCTYPE` -c `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
 +	@echo ========================================================================
 +
 +osdep.so:	$(OSDEPS)
 +	$(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `cat OSCFLAGS` -c osdep.c -o $@
 osdep.c: osdepbas.c osdepckp.c osdeplog.c osdepssl.c
 	$(CAT) osdepbas.c osdepckp.c osdeplog.c osdepssl.c > osdep.c
--- a/supplemental/patches/imap-2007e-system_c_client.patch
+++ b/supplemental/patches/imap-2007e-system_c_client.patch
@ -0,0 +1,17 @@
 diff -up imap-2007e/Makefile.system_c_client imap-2007e/Makefile
 --- imap-2007e/Makefile.system_c_client	2008-06-04 13:43:35.000000000 -0500
 +++ imap-2007e/Makefile	2011-06-13 14:13:04.467014334 -0500
@@ -665,9 +665,11 @@ an ua:
 	@$(MAKE) ssl$(SSLTYPE)
 	@echo Applying $@ process to sources...
 	$(TOOLS)/$@ "$(LN)" src/c-client c-client
 -	$(TOOLS)/$@ "$(LN)" src/ansilib c-client
 -	$(TOOLS)/$@ "$(LN)" src/charset c-client
 +	$(TOOLS)/$@ "$(LN)" src/ansilib c-client
 +	$(TOOLS)/$@ "$(LN)" src/charset c-client
 	$(TOOLS)/$@ "$(LN)" src/osdep/$(SYSTEM) c-client
 +	cp -alf /usr/include/imap/* c-client/
 +	#sleep 5
 	$(TOOLS)/$@ "$(LN)" src/mtest mtest
 	$(TOOLS)/$@ "$(LN)" src/ipopd ipopd
 	$(TOOLS)/$@ "$(LN)" src/imapd imapd
--- a/supplemental/patches/imap-2007f-format-security.patch
+++ b/supplemental/patches/imap-2007f-format-security.patch
@ -0,0 +1,12 @@
 diff -Naur imap-2007f.orig/src/osdep/unix/flocklnx.c imap-2007f/src/osdep/unix/flocklnx.c
 --- imap-2007f.orig/src/osdep/unix/flocklnx.c	2011-07-23 02:20:11.000000000 +0200
 +++ imap-2007f/src/osdep/unix/flocklnx.c	2014-04-14 19:17:46.429000000 +0200
@@ -57,7 +57,7 @@
     case ENOLCK:		/* lock table is full */
       sprintf (tmp,"File locking failure: %s",strerror (errno));
       mm_log (tmp,WARN);	/* give the user a warning of what happened */
 -      if (!logged++) syslog (LOG_ERR,tmp);
 +      if (!logged++) syslog (LOG_ERR, "%s", tmp);
 				/* return failure if non-blocking lock */
       if (op & LOCK_NB) return -1;
       sleep (5);		/* slow down in case it loops */
--- a/supplemental/patches/imap-2007f-ldflags.patch
+++ b/supplemental/patches/imap-2007f-ldflags.patch
@ -0,0 +1,21 @@
 diff -up imap-2007f/src/osdep/unix/Makefile.ldflags imap-2007f/src/osdep/unix/Makefile
 --- imap-2007f/src/osdep/unix/Makefile.ldflags	2018-04-24 13:18:45.333043626 +0200
 +++ imap-2007f/src/osdep/unix/Makefile	2018-04-24 13:29:09.262125281 +0200
@@ -73,7 +73,7 @@ SSLRSA= # -lRSAglue -lrsaref
 SSLCFLAGS= -I$(SSLINCLUDE) -I$(SSLINCLUDE)/openssl\
  -DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" -DSSL_KEY_DIRECTORY=\"$(SSLKEYS)\"
 -SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA)
 +SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA) $(EXTRALDFLAGS)
 # Extended flags needed for non-standard passwd types.  You may need to modify.
@@ -502,7 +502,7 @@ lnp:	# Linux Pluggable Authentication mo
 	 ACTIVEFILE=/var/lib/news/active \
 	 RSHPATH=/usr/bin/rsh \
 	 BASECFLAGS="$(GCCCFLAGS)" \
 -	 BASELDFLAGS="$(PAMLDFLAGS)"
 +	 BASELDFLAGS="$(EXTRALDFLAGS) $(PAMLDFLAGS)"
 lnx:	# Linux non-shadow passwords
 	@echo You are building for traditional Linux *without* shadow