dany/imap
1
0
Fork 0
mirror of https://github.com/uw-imap/imap.git synced 2024-11-16 02:18:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from uw-imap/patches

Browse Source 
Patches
This commit is contained in:
Chris N 2019-01-04 00:09:03 -06:00 committed by GitHub
commit cab1094665
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 654 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -40,3 +40,6 @@ m4/ltsugar.m4
m4/ltversion.m4
m4/lt~obsolete.m4
autom4te.cache
*.orig
sources

99
README.md
View File

@ -1 +1,98 @@
# uw-imap
# University of Washington IMAP toolkit
This repository is a copy of the University of Washington IMAP toolkit _(imap-2007f.tar.gz/MD5:2126fd125ea26b73b20f01fcd5940369)_ which has become unavailable from the documented FTP and mirror sites. Posted here for both posterity and because a number of packages require the library and source/headers which may not always be suitable from the OS package manager.
_In my case it was to compile PHP7 with IMAP support and utilizing an alternative (newer) OpenSSL version. It was very difficult to find trustworthy already-patched sources for this purpose._ This seems to be a common problem for many in the same situation.
## imap tools and server, c-client/libc-client/uw-imap-devel
The sources have been incrementally patched with the following from the Fedora Package Sources for uw-imap[[1]].
See the [_patches_](supplemental/patches) directory in this repository for the contents.
- 1006_openssl1.1_autoverify.patch
- imap-2004a-doc.patch
- imap-2007e-authmd5.patch
- imap-2007e-overflow.patch
- imap-2007e-poll.patch
- imap-2007e-shared.patch
- imap-2007e-system_c_client.patch
- imap-2007f-format-security.patch
- imap-2007f-ldflags.patch
Additional information is available at https://www.washington.edu/imap/
[1]: https://src.fedoraproject.org/rpms/uw-imap/tree/f29
## ORIGINAL [README](./README)
/* ========================================================================
* Copyright 1988-2007 University of Washington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
*
* ========================================================================
*/
IMAP Toolkit Environment
4 April 2007
Mark Crispin
UNIX QUICK BUILD NOTES
These quick build notes assume that you have installed OpenSSL before
attempting to build this software, and that you do not have any non-default
configuration parameters.
If you need additional information in building this software with OpenSSL,
please refer to the docs/SSLBUILD file for more information.
If you intend to build this software with a non-default configuration
(including building a non-compliant server without SSL support), please
refer to the docs/BUILD file for more information.
1) Look in the top-level Makefile and find your system type code. For example,
modern versions of Linux will use either "slx", "lnp", or one of the
lnp-variants (such as "lrh").
2) Type "make" followed by the system type, e.g. "make slx".
3) Install the POP2 daemon (ipopd/ipop2d), the POP3 daemon (ipopd/ipop3d), and
the IMAP daemon (imapd/imapd) on a system directory of your choosing.
4) Update /etc/services to register the pop2 service on TCP port 109, the
pop3 service on TCP port 110, and the imap service on TCP port 143. Also
update Yellow Pages/NIS/NetInfo/etc. if appropriate on your system.
5) Update /etc/inetd.conf (or install files on /etc/xinetd.d) to invoke the
POP2, POP3, and IMAP daemons on their associated services.
6) If your system uses PAM authentication, be sure to set up /etc/pam.d/imap
(*not* /etc/pam.d/imapd) and /etc/pam.d/pop (*not* /etc/pam.d/ipop3d or
/etc/pam.d/pop3d or /etc/pam.d/popd or /etc/pam.d/pop3).
7) Unless you built your system without SSL support, you will need to set
up SSL server certificates as described in docs/SSLBUILD.
6) That's all!
Read the file docs/BUILD and docs/SSLBUILD if you need more detailed
information and/or you don't understand these quick build instructions.
MISCELLANEOUS NOTES
mtest has been run under UNIX, DOS, Windows, NT, Macintosh, TOPS-20, and
VMS. It is a very primitive interface, however, and is suited mainly as a
model of how to write a main program for c-client. You should take a look at
the source to figure out how to use it. Briefly, it first asks for a mailbox
name (either a local file path or an IMAP mailbox in the form
"{hostname}mailbox") and then puts you in a command mode where "?" will give
you a list of commands.
Pine is available separately on the FTP.CAC.Washington.EDU archives.
The focus of development and support is for UNIX and Win32 (including
Windows 95/98/Millenium, Windows NT, and Windows 2000). The other ports are
not frequently used or tested, and may be incomplete.

16
src/c-client/auth_md5.c
View File

@ -42,17 +42,17 @@ typedef struct {
/* Prototypes */
long auth_md5_valid (void);
long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
static long auth_md5_valid (void);
static long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
char *service,NETMBX *mb,void *stream,
unsigned long *trial,char *user);
char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
char *auth_md5_pwd (char *user);
static char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
static char *auth_md5_pwd (char *user);
char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]);
char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
void md5_init (MD5CONTEXT *ctx);
void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
static char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
static void md5_init (MD5CONTEXT *ctx);
static void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
static void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
static void md5_transform (unsigned long *state,unsigned char *block);
static void md5_encode (unsigned char *dst,unsigned long *src,int len);
static void md5_decode (unsigned long *dst,unsigned char *src,int len);

3
src/c-client/rfc822.c
View File

@ -384,6 +384,9 @@ void rfc822_parse_content (BODY *body,STRING *bs,char *h,unsigned long depth,
if (CHR (bs) == '\012'){/* following LF? */
c = SNX (bs); i--; /* yes, slurp it */
}
if (!i) /* Make sure we don't get an overflow for */
break; /* messages ending on \015 (or the following */
/* i-- will cause i to be MAXINT. Not good.) */
case '\012': /* at start of a line, start with -- ? */
if (!(i && i-- && ((c = SNX (bs)) == '-') && i-- &&
((c = SNX (bs)) == '-'))) break;

2
src/imapd/imapd.8
View File

@ -16,7 +16,7 @@
.SH NAME
IMAPd \- Internet Message Access Protocol server
.SH SYNOPSIS
.B /usr/etc/imapd
.B /usr/sbin/imapd
.SH DESCRIPTION
.I imapd
is a server which supports the

4
src/ipopd/ipopd.8
View File

@ -16,9 +16,9 @@
.SH NAME
IPOPd \- Post Office Protocol server
.SH SYNOPSIS
.B /usr/etc/ipop2d
.B /usr/sbin/ipop2d
.PP
.B /usr/etc/ipop3d
.B /usr/sbin/ipop3d
.SH DESCRIPTION
.I ipop2d
and

40
src/osdep/unix/Makefile
View File

@ -73,7 +73,7 @@ SSLRSA= # -lRSAglue -lrsaref
SSLCFLAGS= -I$(SSLINCLUDE) -I$(SSLINCLUDE)/openssl\
-DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" -DSSL_KEY_DIRECTORY=\"$(SSLKEYS)\"
SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA)
SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA) $(EXTRALDFLAGS)
# Extended flags needed for non-standard passwd types. You may need to modify.
@ -96,11 +96,11 @@ CHECKPW=std
LOGINPW=std
SIGTYPE=bsd
CRXTYPE=std
ACTIVEFILE=/usr/lib/news/active
SPOOLDIR=/usr/spool
ACTIVEFILE=/var/lib/news/active
SPOOLDIR=/var/spool
MAILSPOOL=$(SPOOLDIR)/mail
NEWSSPOOL=$(SPOOLDIR)/news
RSHPATH=/usr/ucb/rsh
RSHPATH=/usr/bin/rsh
MD5PWD=/etc/cram-md5.pwd
# Tries one of the test alternatives below if not specified.
LOCKPGM=
@ -170,6 +170,10 @@ BUILD=$(MAKE) build EXTRACFLAGS='$(EXTRACFLAGS)'\
EXTRADRIVERS='$(EXTRADRIVERS)' EXTRAAUTHENTICATORS='$(EXTRAAUTHENTICATORS)'\
PASSWDTYPE=$(PASSWDTYPE) SSLTYPE=$(SSLTYPE) IP=$(IP)
# Need this for the shared library rule to work correctly
.SUFFIXES: .o .so
SOFILES=${BINARIES:.o=.so}
# Here if no make argument established
@ -498,7 +502,7 @@ lnp: # Linux Pluggable Authentication modules
ACTIVEFILE=/var/lib/news/active \
RSHPATH=/usr/bin/rsh \
BASECFLAGS="$(GCCCFLAGS)" \
BASELDFLAGS="$(PAMLDFLAGS)"
BASELDFLAGS="$(EXTRALDFLAGS) $(PAMLDFLAGS)"
lnx: # Linux non-shadow passwords
@echo You are building for traditional Linux *without* shadow
@ -853,18 +857,24 @@ vu2: # VAX Ultrix 2.3, etc.
# Build it!
build: clean once $(ARCHIVE)
build: clean once $(ARCHIVE) $(SHLIBNAME)
all: $(ARCHIVE)
all: $(ARCHIVE) $(SHLIBNAME)
$(ARCHIVE): $(BINARIES)
sh -c '$(RM) $(ARCHIVE) || true'
@$(CAT) ARCHIVE
@$(SH) ARCHIVE
.c.o:
`$(CAT) CCTYPE` -c `$(CAT) CFLAGS` $*.c
$(SHLIBNAME): $(SOFILES)
gcc -shared -Wl,-soname,$(SHLIBNAME) -o $(SHLIBNAME) $(SOFILES) `cat LDFLAGS`
ln -s $(SHLIBNAME) lib$(SHLIBBASE).so
.c.so: osdep.h
$(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` ${@:.so=.c} -o $@
.c.o:
$(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` $*.c
# Cleanup
@ -903,8 +913,7 @@ utf8aux.o: mail.h misc.h osdep.h utf8.h
# OS-dependent
osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
OSDEPS= mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
osdep.h env_unix.h tcp_unix.h \
osdep.c env_unix.c fs_unix.c ftl_unix.c nl_unix.c tcp_unix.c ip_unix.c\
auths.c crexcl.c flockcyg.c flocklnx.c flocksim.c fsync.c \
@ -918,12 +927,19 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
write.c sslstdio.c \
strerror.c strpbrk.c strstr.c strtok.c strtoul.c \
OSCFLAGS
osdep.o: $(OSDEPS)
$(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
@echo ========================================================================
@echo Building OS-dependent module
@echo If you get No such file error messages for files x509.h, ssl.h,
@echo pem.h, buffer.h, bio.h, and crypto.h, that means that OpenSSL
@echo is not installed on your system. Either install OpenSSL first
@echo or build with command: make `$(CAT) OSTYPE` SSLTYPE=none
`$(CAT) CCTYPE` -c `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
@echo ========================================================================
osdep.so: $(OSDEPS)
$(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `cat OSCFLAGS` -c osdep.c -o $@
osdep.c: osdepbas.c osdepckp.c osdeplog.c osdepssl.c
$(CAT) osdepbas.c osdepckp.c osdeplog.c osdepssl.c > osdep.c

2
src/osdep/unix/flocklnx.c
View File

@ -57,7 +57,7 @@ int safe_flock (int fd,int op)
case ENOLCK: /* lock table is full */
sprintf (tmp,"File locking failure: %s",strerror (errno));
mm_log (tmp,WARN); /* give the user a warning of what happened */
if (!logged++) syslog (LOG_ERR,tmp);
if (!logged++) syslog (LOG_ERR, "%s", tmp);
/* return failure if non-blocking lock */
if (op & LOCK_NB) return -1;
sleep (5); /* slow down in case it loops */

1
src/osdep/unix/os_lnx.c
View File

@ -41,6 +41,7 @@
extern int errno; /* just in case */
#include <pwd.h>
#include "misc.h"
#include <poll.h>
#include "fs_unix.c"

1
src/osdep/unix/os_slx.c
View File

@ -42,6 +42,7 @@ extern int errno; /* just in case */
#include <pwd.h>
#include <shadow.h>
#include "misc.h"
#include <poll.h>
#include "fs_unix.c"

14
src/osdep/unix/ssl_unix.c
View File

@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
else {
#if OPENSSL_VERSION_NUMBER >= 0x10100000
X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
X509_VERIFY_PARAM_set1_host(param, host, 0);
#endif
SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
/* set default paths to CAs... */
}
SSL_CTX_set_default_verify_paths (stream->context);
/* ...unless a non-standard path desired */
if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
#if OPENSSL_VERSION_NUMBER < 0x10100000
if (!(flags & NET_NOVALIDATECERT) &&
(err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
host))) {
@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
return ssl_last_error = cpystr (tmp);
}
#endif
return NIL;
}
@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
* Returns: NIL if validated, else string of error message
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000
static char *ssl_validate_cert (X509 *cert,char *host)
{
int i,n;
@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *cert,char *host)
else ret = "Unable to locate common name in certificate";
return ret;
}
#endif
/* Case-independent wildcard pattern match
* Accepts: base string

78
src/osdep/unix/tcp_unix.c
View File

@ -235,12 +235,11 @@ TCPSTREAM *tcp_open (char *host,char *service,unsigned long port)
int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
char *tmp,int *ctr,char *hst)
{
int i,ti,sock,flgs;
int i,ti,sock,flgs,tmo;
struct pollfd pfd;
size_t len;
time_t now;
struct protoent *pt = getprotobyname ("tcp");
fd_set rfds,wfds,efds;
struct timeval tmo;
struct sockaddr *sadr = ip_sockaddr (family,adr,adrlen,port,&len);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
/* fetid Solaris */
@ -252,14 +251,6 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
(*bn) (BLOCK_NONSENSITIVE,data);
}
else if (sock >= FD_SETSIZE) {/* unselectable sockets are useless */
sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
sock,FD_SETSIZE);
(*bn) (BLOCK_NONSENSITIVE,data);
close (sock);
sock = -1;
errno = EMFILE;
}
else { /* get current socket flags */
flgs = fcntl (sock,F_GETFL,0);
@ -284,16 +275,11 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
if ((sock >= 0) && ctr) { /* want open timeout? */
now = time (0); /* open timeout */
ti = ttmo_open ? now + ttmo_open : 0;
tmo.tv_usec = 0;
FD_ZERO (&rfds); /* initialize selection vector */
FD_ZERO (&wfds); /* initialize selection vector */
FD_ZERO (&efds); /* handle errors too */
FD_SET (sock,&rfds); /* block for error or readable or writable */
FD_SET (sock,&wfds);
FD_SET (sock,&efds);
pfd.fd = sock;
pfd.events = POLLIN | POLLOUT;
do { /* block under timeout */
tmo.tv_sec = ti ? ti - now : 0;
i = select (sock+1,&rfds,&wfds,&efds,ti ? &tmo : NIL);
tmo = ti ? ti - now : 0;
i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@ -302,7 +288,7 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
fcntl (sock,F_SETFL,flgs);
/* This used to be a zero-byte read(), but that crashes Solaris */
/* get socket status */
if(FD_ISSET(sock, &rfds)) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
if(pfd.revents & POLLIN) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
}
if (i <= 0) { /* timeout or error? */
i = i ? errno : ETIMEDOUT;/* determine error code */
@ -545,9 +531,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
stream->ictr -=n;
}
if (size) {
int i;
fd_set fds,efds;
struct timeval tmo;
int i, tmo;
struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn=(blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
(*bn) (BLOCK_TCPREAD,NIL);
@ -556,16 +541,13 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
time_t now = tl;
time_t ti = ttmo_read ? now + ttmo_read : 0;
if (tcpdebug) mm_log ("Reading TCP buffer",TCPDEBUG);
tmo.tv_usec = 0;
FD_ZERO (&fds); /* initialize selection vector */
FD_ZERO (&efds); /* handle errors too */
/* set bit in selection vectors */
FD_SET (stream->tcpsi,&fds);
FD_SET (stream->tcpsi,&efds);
pfd.events = POLLIN;
pfd.fd = stream->tcpsi;
errno = NIL; /* initially no error */
do { /* block under timeout */
tmo.tv_sec = ti ? ti - now : 0;
i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
tmo = ti ? ti - now : 0;
i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@ -605,9 +587,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
long tcp_getdata (TCPSTREAM *stream)
{
int i;
fd_set fds,efds;
struct timeval tmo;
int i, tmo;
struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
if (stream->tcpsi < 0) return NIL;
@ -617,15 +598,12 @@ long tcp_getdata (TCPSTREAM *stream)
time_t now = tl;
time_t ti = ttmo_read ? now + ttmo_read : 0;
if (tcpdebug) mm_log ("Reading TCP data",TCPDEBUG);
tmo.tv_usec = 0;
FD_ZERO (&fds); /* initialize selection vector */
FD_ZERO (&efds); /* handle errors too */
FD_SET (stream->tcpsi,&fds);/* set bit in selection vectors */
FD_SET (stream->tcpsi,&efds);
pfd.fd = stream->tcpsi;
pfd.events = POLLIN;
errno = NIL; /* initially no error */
do { /* block under timeout */
tmo.tv_sec = ti ? ti - now : 0;
i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
tmo = ti ? ti - now : 0;
i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@ -677,9 +655,8 @@ long tcp_soutr (TCPSTREAM *stream,char *string)
long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
{
int i;
fd_set fds,efds;
struct timeval tmo;
int i, tmo;
struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
if (stream->tcpso < 0) return NIL;
@ -689,15 +666,12 @@ long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
time_t now = tl;
time_t ti = ttmo_write ? now + ttmo_write : 0;
if (tcpdebug) mm_log ("Writing to TCP",TCPDEBUG);
tmo.tv_usec = 0;
FD_ZERO (&fds); /* initialize selection vector */
FD_ZERO (&efds); /* handle errors too */
FD_SET (stream->tcpso,&fds);/* set bit in selection vector */
FD_SET(stream->tcpso,&efds);/* set bit in error selection vector */
pfd.fd = stream->tcpso;
pfd.events = POLLOUT;
errno = NIL; /* block and write */
do { /* block under timeout */
tmo.tv_sec = ti ? ti - now : 0;
i = select (stream->tcpso+1,NIL,&fds,&efds,ti ? &tmo : NIL);
tmo = ti ? ti - now : 0;
i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));

58
supplemental/patches/1006_openssl1.1_autoverify.patch Normal file
View File

@ -0,0 +1,58 @@
Description: Support OpenSSL 1.1
When building with OpenSSL 1.1 and newer, use the new built-in
hostname verification instead of code that doesn't compile due to
structs having been made opaque.
Bug-Debian: https://bugs.debian.org/828589
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ else {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
+ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ X509_VERIFY_PARAM_set1_host(param, host, 0);
+#endif
+
+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
/* set default paths to CAs... */
+ }
SSL_CTX_set_default_verify_paths (stream->context);
/* ...unless a non-standard path desired */
if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
if (!(flags & NET_NOVALIDATECERT) &&
(err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
host))) {
@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
return ssl_last_error = cpystr (tmp);
}
+#endif
return NIL;
}
@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
* Returns: NIL if validated, else string of error message
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000
static char *ssl_validate_cert (X509 *cert,char *host)
{
int i,n;
@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
else ret = "Unable to locate common name in certificate";
return ret;
}
+#endif
/* Case-independent wildcard pattern match
* Accepts: base string

5
supplemental/patches/README.md Normal file
View File

@ -0,0 +1,5 @@
#Patches
The patches contained here are sourced from the [Fedora Package Sources rpms repository](https://src.fedoraproject.org/rpms/uw-imap/tree/f29).
All but the imap-2007e-system_c_client.patch have been applied (see https://github.com/uw-imap/imap/commit/9eb7bb9d595b0b56b5f7b751fad58059b888a0fa#commitcomment-31836821)

30
supplemental/patches/imap-2004a-doc.patch Normal file
View File

@ -0,0 +1,30 @@
Patch by Robert Scheck <redhat@linuxnetz.de> for uw-imap >= 2004a, which corrects
paths to imapd, ipop2d and ipop3d in the man pages.
This patch is based on Red Hat Bugzilla ID #127271 and solves ID #229781.
--- imap-2004a/src/imapd/imapd.8 2004-05-18 19:46:54.000000000 +0200
+++ imap-2004a/src/imapd/imapd.8.doc 2004-07-23 15:24:17.000000000 +0200
@@ -3,7 +3,7 @@
.SH NAME
IMAPd \- Internet Message Access Protocol server
.SH SYNOPSIS
-.B /usr/etc/imapd
+.B /usr/sbin/imapd
.SH DESCRIPTION
.I imapd
is a server which supports the
--- imap-2004a/src/ipopd/ipopd.8 2004-05-18 19:50:05.000000000 +0200
+++ imap-2004a/src/ipopd/ipopd.8.doc 2004-07-23 15:23:38.000000000 +0200
@@ -3,9 +3,9 @@
.SH NAME
IPOPd \- Post Office Protocol server
.SH SYNOPSIS
-.B /usr/etc/ipop2d
+.B /usr/sbin/ipop2d
.PP
-.B /usr/etc/ipop3d
+.B /usr/sbin/ipop3d
.SH DESCRIPTION
.I ipop2d
and

18
supplemental/patches/imap-2007-paths.patch Normal file
View File

@ -0,0 +1,18 @@
diff -up imap-2007/src/osdep/unix/Makefile.paths imap-2007/src/osdep/unix/Makefile
--- imap-2007/src/osdep/unix/Makefile.paths 2007-12-17 16:10:24.000000000 -0600
+++ imap-2007/src/osdep/unix/Makefile 2007-12-21 09:30:04.000000000 -0600
@@ -96,11 +96,11 @@ CHECKPW=std
LOGINPW=std
SIGTYPE=bsd
CRXTYPE=std
-ACTIVEFILE=/usr/lib/news/active
-SPOOLDIR=/usr/spool
+ACTIVEFILE=/var/lib/news/active
+SPOOLDIR=/var/spool
MAILSPOOL=$(SPOOLDIR)/mail
NEWSSPOOL=$(SPOOLDIR)/news
-RSHPATH=/usr/ucb/rsh
+RSHPATH=/usr/bin/rsh
MD5PWD=/etc/cram-md5.pwd
# Tries one of the test alternatives below if not specified.
LOCKPGM=

29
supplemental/patches/imap-2007e-authmd5.patch Normal file
View File

@ -0,0 +1,29 @@
diff -up imap-2007e/src/c-client/auth_md5.c.authmd5 imap-2007e/src/c-client/auth_md5.c
--- imap-2007e/src/c-client/auth_md5.c.authmd5 2008-06-04 13:18:34.000000000 -0500
+++ imap-2007e/src/c-client/auth_md5.c 2009-07-07 19:24:12.348005485 -0500
@@ -42,17 +42,17 @@ typedef struct {
/* Prototypes */
-long auth_md5_valid (void);
-long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
+static long auth_md5_valid (void);
+static long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
char *service,NETMBX *mb,void *stream,
unsigned long *trial,char *user);
-char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
-char *auth_md5_pwd (char *user);
+static char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
+static char *auth_md5_pwd (char *user);
char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]);
-char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
-void md5_init (MD5CONTEXT *ctx);
-void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
-void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
+static char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
+static void md5_init (MD5CONTEXT *ctx);
+static void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
+static void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
static void md5_transform (unsigned long *state,unsigned char *block);
static void md5_encode (unsigned char *dst,unsigned long *src,int len);
static void md5_decode (unsigned long *dst,unsigned char *src,int len);

13
supplemental/patches/imap-2007e-overflow.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up imap-2007e/src/c-client/rfc822.c.overflow imap-2007e/src/c-client/rfc822.c
--- imap-2007e/src/c-client/rfc822.c.overflow 2008-12-12 11:08:26.000000000 -0600
+++ imap-2007e/src/c-client/rfc822.c 2009-07-07 19:27:20.057772757 -0500
@@ -384,6 +384,9 @@ void rfc822_parse_content (BODY *body,ST
if (CHR (bs) == '\012'){/* following LF? */
c = SNX (bs); i--; /* yes, slurp it */
}
+ if (!i) /* Make sure we don't get an overflow for */
+ break; /* messages ending on \015 (or the following */
+ /* i-- will cause i to be MAXINT. Not good.) */
case '\012': /* at start of a line, start with -- ? */
if (!(i && i-- && ((c = SNX (bs)) == '-') && i-- &&
((c = SNX (bs)) == '-'))) break;

192
supplemental/patches/imap-2007e-poll.patch Normal file
View File

@ -0,0 +1,192 @@
http://anonscm.debian.org/cgit/collab-maint/uw-imap.git/plain/debian/patches/1005_poll.patch
Description: Use poll(2) instead of select(2) to support more than 1024 file descriptors
Author: Ben Smithurst <ben.smithurst@gradwell.com>
Bug-Debian: https://bugs.debian.org/478193
diff --git a/src/osdep/unix/os_lnx.c b/src/osdep/unix/os_lnx.c
index 03fd17d..671bbd6 100644
--- a/src/osdep/unix/os_lnx.c
+++ b/src/osdep/unix/os_lnx.c
@@ -41,6 +41,7 @@
extern int errno; /* just in case */
#include <pwd.h>
#include "misc.h"
+#include <poll.h>
#include "fs_unix.c"
diff --git a/src/osdep/unix/os_slx.c b/src/osdep/unix/os_slx.c
index c94d632..f6bf27d 100644
--- a/src/osdep/unix/os_slx.c
+++ b/src/osdep/unix/os_slx.c
@@ -42,6 +42,7 @@ extern int errno; /* just in case */
#include <pwd.h>
#include <shadow.h>
#include "misc.h"
+#include <poll.h>
#include "fs_unix.c"
diff --git a/src/osdep/unix/tcp_unix.c b/src/osdep/unix/tcp_unix.c
index 795fb4f..c69eaec 100644
--- a/src/osdep/unix/tcp_unix.c
+++ b/src/osdep/unix/tcp_unix.c
@@ -235,12 +235,11 @@ TCPSTREAM *tcp_open (char *host,char *service,unsigned long port)
int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
char *tmp,int *ctr,char *hst)
{
- int i,ti,sock,flgs;
+ int i,ti,sock,flgs,tmo;
+ struct pollfd pfd;
size_t len;
time_t now;
struct protoent *pt = getprotobyname ("tcp");
- fd_set rfds,wfds,efds;
- struct timeval tmo;
struct sockaddr *sadr = ip_sockaddr (family,adr,adrlen,port,&len);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
/* fetid Solaris */
@@ -252,14 +251,6 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
(*bn) (BLOCK_NONSENSITIVE,data);
}
- else if (sock >= FD_SETSIZE) {/* unselectable sockets are useless */
- sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
- sock,FD_SETSIZE);
- (*bn) (BLOCK_NONSENSITIVE,data);
- close (sock);
- sock = -1;
- errno = EMFILE;
- }
else { /* get current socket flags */
flgs = fcntl (sock,F_GETFL,0);
@@ -284,16 +275,11 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
if ((sock >= 0) && ctr) { /* want open timeout? */
now = time (0); /* open timeout */
ti = ttmo_open ? now + ttmo_open : 0;
- tmo.tv_usec = 0;
- FD_ZERO (&rfds); /* initialize selection vector */
- FD_ZERO (&wfds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- FD_SET (sock,&rfds); /* block for error or readable or writable */
- FD_SET (sock,&wfds);
- FD_SET (sock,&efds);
+ pfd.fd = sock;
+ pfd.events = POLLIN | POLLOUT;
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (sock+1,&rfds,&wfds,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@@ -302,7 +288,7 @@ int tcp_socket_open (int family,void *adr,size_t adrlen,unsigned short port,
fcntl (sock,F_SETFL,flgs);
/* This used to be a zero-byte read(), but that crashes Solaris */
/* get socket status */
- if(FD_ISSET(sock, &rfds)) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
+ if(pfd.revents & POLLIN) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
}
if (i <= 0) { /* timeout or error? */
i = i ? errno : ETIMEDOUT;/* determine error code */
@@ -545,9 +531,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
stream->ictr -=n;
}
if (size) {
- int i;
- fd_set fds,efds;
- struct timeval tmo;
+ int i, tmo;
+ struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn=(blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
(*bn) (BLOCK_TCPREAD,NIL);
@@ -556,16 +541,13 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
time_t now = tl;
time_t ti = ttmo_read ? now + ttmo_read : 0;
if (tcpdebug) mm_log ("Reading TCP buffer",TCPDEBUG);
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- /* set bit in selection vectors */
- FD_SET (stream->tcpsi,&fds);
- FD_SET (stream->tcpsi,&efds);
+
+ pfd.events = POLLIN;
+ pfd.fd = stream->tcpsi;
errno = NIL; /* initially no error */
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@@ -605,9 +587,8 @@ long tcp_getbuffer (TCPSTREAM *stream,unsigned long size,char *s)
long tcp_getdata (TCPSTREAM *stream)
{
- int i;
- fd_set fds,efds;
- struct timeval tmo;
+ int i, tmo;
+ struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
if (stream->tcpsi < 0) return NIL;
@@ -617,15 +598,12 @@ long tcp_getdata (TCPSTREAM *stream)
time_t now = tl;
time_t ti = ttmo_read ? now + ttmo_read : 0;
if (tcpdebug) mm_log ("Reading TCP data",TCPDEBUG);
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- FD_SET (stream->tcpsi,&fds);/* set bit in selection vectors */
- FD_SET (stream->tcpsi,&efds);
+ pfd.fd = stream->tcpsi;
+ pfd.events = POLLIN;
errno = NIL; /* initially no error */
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (stream->tcpsi+1,&fds,NIL,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));
@@ -677,9 +655,8 @@ long tcp_soutr (TCPSTREAM *stream,char *string)
long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
{
- int i;
- fd_set fds,efds;
- struct timeval tmo;
+ int i, tmo;
+ struct pollfd pfd;
time_t t = time (0);
blocknotify_t bn = (blocknotify_t) mail_parameters (NIL,GET_BLOCKNOTIFY,NIL);
if (stream->tcpso < 0) return NIL;
@@ -689,15 +666,12 @@ long tcp_sout (TCPSTREAM *stream,char *string,unsigned long size)
time_t now = tl;
time_t ti = ttmo_write ? now + ttmo_write : 0;
if (tcpdebug) mm_log ("Writing to TCP",TCPDEBUG);
- tmo.tv_usec = 0;
- FD_ZERO (&fds); /* initialize selection vector */
- FD_ZERO (&efds); /* handle errors too */
- FD_SET (stream->tcpso,&fds);/* set bit in selection vector */
- FD_SET(stream->tcpso,&efds);/* set bit in error selection vector */
+ pfd.fd = stream->tcpso;
+ pfd.events = POLLOUT;
errno = NIL; /* block and write */
do { /* block under timeout */
- tmo.tv_sec = ti ? ti - now : 0;
- i = select (stream->tcpso+1,NIL,&fds,&efds,ti ? &tmo : NIL);
+ tmo = ti ? ti - now : 0;
+ i = poll (&pfd, 1, ti ? tmo * 1000 : -1);
now = time (0); /* fake timeout if interrupt & time expired */
if ((i < 0) && (errno == EINTR) && ti && (ti <= now)) i = 0;
} while ((i < 0) && (errno == EINTR));

74
supplemental/patches/imap-2007e-shared.patch Normal file
View File

@ -0,0 +1,74 @@
diff -up imap-2007e/src/osdep/unix/Makefile.shared imap-2007e/src/osdep/unix/Makefile
--- imap-2007e/src/osdep/unix/Makefile.shared 2009-07-07 19:28:02.909755512 -0500
+++ imap-2007e/src/osdep/unix/Makefile 2009-07-07 19:29:35.870006799 -0500
@@ -170,6 +170,10 @@ BUILD=$(MAKE) build EXTRACFLAGS='$(EXTRA
EXTRADRIVERS='$(EXTRADRIVERS)' EXTRAAUTHENTICATORS='$(EXTRAAUTHENTICATORS)'\
PASSWDTYPE=$(PASSWDTYPE) SSLTYPE=$(SSLTYPE) IP=$(IP)
+# Need this for the shared library rule to work correctly
+.SUFFIXES: .o .so
+SOFILES=${BINARIES:.o=.so}
+
# Here if no make argument established
@@ -845,18 +849,24 @@ vu2: # VAX Ultrix 2.3, etc.
# Build it!
-build: clean once $(ARCHIVE)
+build: clean once $(ARCHIVE) $(SHLIBNAME)
-all: $(ARCHIVE)
+all: $(ARCHIVE) $(SHLIBNAME)
$(ARCHIVE): $(BINARIES)
sh -c '$(RM) $(ARCHIVE) || true'
@$(CAT) ARCHIVE
@$(SH) ARCHIVE
-.c.o:
- `$(CAT) CCTYPE` -c `$(CAT) CFLAGS` $*.c
+$(SHLIBNAME): $(SOFILES)
+ gcc -shared -Wl,-soname,$(SHLIBNAME) -o $(SHLIBNAME) $(SOFILES) `cat LDFLAGS`
+ ln -s $(SHLIBNAME) lib$(SHLIBBASE).so
+.c.so: osdep.h
+ $(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` ${@:.so=.c} -o $@
+
+.c.o:
+ $(CC) -fPIC -DPIC -D_REENTRANT -c `$(CAT) CFLAGS` $*.c
# Cleanup
@@ -895,8 +905,7 @@ utf8aux.o: mail.h misc.h osdep.h utf8.h
# OS-dependent
-
-osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
+OSDEPS= mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
osdep.h env_unix.h tcp_unix.h \
osdep.c env_unix.c fs_unix.c ftl_unix.c nl_unix.c tcp_unix.c ip_unix.c\
auths.c crexcl.c flockcyg.c flocklnx.c flocksim.c fsync.c \
@@ -910,12 +919,19 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h n
write.c sslstdio.c \
strerror.c strpbrk.c strstr.c strtok.c strtoul.c \
OSCFLAGS
+
+osdep.o: $(OSDEPS)
+ $(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
+ @echo ========================================================================
@echo Building OS-dependent module
@echo If you get No such file error messages for files x509.h, ssl.h,
@echo pem.h, buffer.h, bio.h, and crypto.h, that means that OpenSSL
@echo is not installed on your system. Either install OpenSSL first
@echo or build with command: make `$(CAT) OSTYPE` SSLTYPE=none
- `$(CAT) CCTYPE` -c `$(CAT) CFLAGS` `$(CAT) OSCFLAGS` -c osdep.c
+ @echo ========================================================================
+
+osdep.so: $(OSDEPS)
+ $(CC) -fPIC -DPIC -D_REENTRANT `$(CAT) CFLAGS` `cat OSCFLAGS` -c osdep.c -o $@
osdep.c: osdepbas.c osdepckp.c osdeplog.c osdepssl.c
$(CAT) osdepbas.c osdepckp.c osdeplog.c osdepssl.c > osdep.c

17
supplemental/patches/imap-2007e-system_c_client.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up imap-2007e/Makefile.system_c_client imap-2007e/Makefile
--- imap-2007e/Makefile.system_c_client 2008-06-04 13:43:35.000000000 -0500
+++ imap-2007e/Makefile 2011-06-13 14:13:04.467014334 -0500
@@ -665,9 +665,11 @@ an ua:
@$(MAKE) ssl$(SSLTYPE)
@echo Applying $@ process to sources...
$(TOOLS)/$@ "$(LN)" src/c-client c-client
- $(TOOLS)/$@ "$(LN)" src/ansilib c-client
- $(TOOLS)/$@ "$(LN)" src/charset c-client
+ $(TOOLS)/$@ "$(LN)" src/ansilib c-client
+ $(TOOLS)/$@ "$(LN)" src/charset c-client
$(TOOLS)/$@ "$(LN)" src/osdep/$(SYSTEM) c-client
+ cp -alf /usr/include/imap/* c-client/
+ #sleep 5
$(TOOLS)/$@ "$(LN)" src/mtest mtest
$(TOOLS)/$@ "$(LN)" src/ipopd ipopd
$(TOOLS)/$@ "$(LN)" src/imapd imapd

12
supplemental/patches/imap-2007f-format-security.patch Normal file
View File

@ -0,0 +1,12 @@
diff -Naur imap-2007f.orig/src/osdep/unix/flocklnx.c imap-2007f/src/osdep/unix/flocklnx.c
--- imap-2007f.orig/src/osdep/unix/flocklnx.c 2011-07-23 02:20:11.000000000 +0200
+++ imap-2007f/src/osdep/unix/flocklnx.c 2014-04-14 19:17:46.429000000 +0200
@@ -57,7 +57,7 @@
case ENOLCK: /* lock table is full */
sprintf (tmp,"File locking failure: %s",strerror (errno));
mm_log (tmp,WARN); /* give the user a warning of what happened */
- if (!logged++) syslog (LOG_ERR,tmp);
+ if (!logged++) syslog (LOG_ERR, "%s", tmp);
/* return failure if non-blocking lock */
if (op & LOCK_NB) return -1;
sleep (5); /* slow down in case it loops */

21
supplemental/patches/imap-2007f-ldflags.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up imap-2007f/src/osdep/unix/Makefile.ldflags imap-2007f/src/osdep/unix/Makefile
--- imap-2007f/src/osdep/unix/Makefile.ldflags 2018-04-24 13:18:45.333043626 +0200
+++ imap-2007f/src/osdep/unix/Makefile 2018-04-24 13:29:09.262125281 +0200
@@ -73,7 +73,7 @@ SSLRSA= # -lRSAglue -lrsaref
SSLCFLAGS= -I$(SSLINCLUDE) -I$(SSLINCLUDE)/openssl\
-DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" -DSSL_KEY_DIRECTORY=\"$(SSLKEYS)\"
-SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA)
+SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA) $(EXTRALDFLAGS)
# Extended flags needed for non-standard passwd types. You may need to modify.
@@ -502,7 +502,7 @@ lnp: # Linux Pluggable Authentication mo
ACTIVEFILE=/var/lib/news/active \
RSHPATH=/usr/bin/rsh \
BASECFLAGS="$(GCCCFLAGS)" \
- BASELDFLAGS="$(PAMLDFLAGS)"
+ BASELDFLAGS="$(EXTRALDFLAGS) $(PAMLDFLAGS)"
lnx: # Linux non-shadow passwords
@echo You are building for traditional Linux *without* shadow