1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

Update imap-uw and cclient to 0106191041

Add SSL support to both
Add pkg-req.rev to detect version
Add pkg-req.ssl to keep track of ssl versions

PR:		28289
Submitted by:	maintainer
This commit is contained in:
David W. Chapman Jr. 2001-06-25 02:40:49 +00:00
parent c56260ec48
commit bd84b72bdf
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=44406
11 changed files with 217 additions and 94 deletions

View File

@ -6,13 +6,13 @@
#
PORTNAME= cclient
PORTVERSION= 0104241750
PORTVERSION= 0106191041
CATEGORIES= mail devel
MASTER_SITES= ftp://ftp.cac.washington.edu/imap/%SUBDIR%/ \
ftp://ftp.nuug.no/pub/anders/distfiles/%SUBDIR%/ \
http://www.freenix.no/~anders/%SUBDIR%/ \
ftp://ftp.funet.fi/pub/mirrors/ftp.cac.washington.edu/imap/%SUBDIR%/ \
http://mirror.nucba.ac.jp/mirror/%SUBDIR%/
MASTER_SITES= ftp://ftp.cac.washington.edu/imap/ \
http://www.freenix.no/~anders/ \
ftp://ftp.funet.fi/pub/mirrors/ftp.cac.washington.edu/imap/ \
http://mirror.nucba.ac.jp/mirror/ \
ftp://ftp.nuug.no/pub/anders/distfiles/
MASTER_SITE_SUBDIR= . old
DISTNAME= imap-2001.BETA.SNAP-${PORTVERSION}
EXTRACT_SUFX= .tar.Z
@ -52,6 +52,7 @@ post-configure:
HEADERS= dummy.h env.h env_unix.h fdstring.h flstring.h fs.h ftl.h \
imap4r1.h linkage.c linkage.h mail.h misc.h nl.h nntp.h \
osdep.h pop3.h rfc822.h smtp.h tcp.h utf8.h c-client.h
PORTREV_H= ${PREFIX}/include/c-client/portrevision.h
do-install:
${MKDIR} ${PREFIX}/include/c-client
@ -64,13 +65,17 @@ do-install:
${INSTALL_DATA} ${WRKSRC}/c-client/c-client.a \
${PREFIX}/lib/lib${SHLIBBASE}.a
.if defined(WITH_SSL)
post-install:
@${ECHO} "#define CCLIENT_PORTVERSION \"${PORTVERSION}\"" >${PORTREV_H}
.if defined(WITH_SSL)
@${ECHO} "================================================================================"
@${ECHO} "Warning: You have chosen to include SSL support. Applications/ports that use"
@${ECHO} "the cclient library but do not support SSL may stop working or have problems
@${ECHO} "linking. Linking explicitly with ssl (-lssl -lcrypto) may or may not help."
@${ECHO} "================================================================================"
@${ECHO} "#define CCLIENT_SSLENABLED \"yes\"" >>${PORTREV_H}
.else
@${ECHO} "#define CCLIENT_SSLENABLED \"no\"" >>${PORTREV_H}
.endif
.include <bsd.port.post.mk>

View File

@ -1 +1 @@
MD5 (imap-2001.BETA.SNAP-0104241750.tar.Z) = b28ed6662344d7552078f53fbc20362b
MD5 (imap-2001.BETA.SNAP-0106191041.tar.Z) = 119117c9ba437b6de64c68326fe5ddc8

View File

@ -19,6 +19,7 @@ include/c-client/rfc822.h
include/c-client/smtp.h
include/c-client/tcp.h
include/c-client/utf8.h
include/c-client/portrevision.h
lib/%%SHLIBNAME%%
lib/libc-client4.a
lib/libc-client4.so

View File

@ -6,7 +6,7 @@
#
PORTNAME= imap
PORTVERSION= 0104241750
PORTVERSION= 0106191041
CATEGORIES= mail
MASTER_SITES= ftp://ftp.cac.washington.edu/imap/%SUBDIR%/ \
ftp://ftp.nuug.no/pub/anders/distfiles/%SUBDIR%/ \
@ -38,15 +38,55 @@ MAKE_ARGS+= SSLTYPE=unix
USE_OPENSSL= yes
.endif
# RFC 1730 (IMAP4 as opposed to IMAP4rev1) support
.if defined(WITH_RFC1730)
MAKE_ARGS+= RFC1730="-DRFC1730"
.endif
# Define this to get somewhat better interoperability with Netscape.
.if defined(WITH_NETSCAPE_BRAIN_DAMAGE)
MAKE_ARGS+= WITH_NETSCAPE_BRAIN_DAMAGE=yes
.endif
# Define this to get somewhat better interoperability with Microsoft
# Outlook and Outlook Express.
.if defined(WITH_MICROSOFT_BRAIN_DAMAGE)
MAKE_ARGS+= MSBD="-DMICROSOFT_BRAIN_DAMAGE"
.endif
# See src/imapd/Makefile for more information about these three options.
SOURCEDIRS_IMAPUTILS= chkmail dmail icat ifrom imapcopy imapxfer mbxcopy \
mbxcreat mbxcvt tmail
.if defined(WITH_ALL_IMAPUTILS)
MAN1= chkmail.1 dmail.1 icat.1 ifrom.1 imapcopy.1 imapxfer.1 mbxcopy.1 \
mbxcreat.1 mbxcvt.1 tmail.1
PLIST_SUB+= IMAPUTILS=''
.else
PLIST_SUB+= IMAPUTILS='@comment '
.endif
.include <bsd.port.pre.mk>
pre-extract:
@${SH} ${PKGREQ}.rev ${LOCALBASE}/include/c-client/portrevision.h ${PORTVERSION}
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
@${SH} ${PKGINSTALL} foo PRE-INSTALL || ${FALSE}
.endif
pre-build:
.if defined(WITH_SSL)
@${SH} ${PKGREQ}.ssl ${LOCALBASE}/include/c-client/portrevision.h yes
.else
@${SH} ${PKGREQ}.ssl ${LOCALBASE}/include/c-client/portrevision.h no
.endif
post-build:
@(cd ${WRKDIR}/mlock; ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} all)
.if defined(WITH_ALL_IMAPUTILS)
.for d in ${SOURCEDIRS_IMAPUTILS}
@${ECHO} "Building ${d}."
(cd ${WRKDIR}/${d}; ${CC} ${CFLAGS} -I${LOCALBASE}/include/c-client \
-o ${d} ${d}.c -L${LOCALBASE}/lib -lc-client4 -lssl -lcrypto)
.endfor
.endif
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/imapd/imapd ${PREFIX}/libexec
@ -59,6 +99,15 @@ do-install:
${WRKSRC}/src/imapd/imapd.8c ${PREFIX}/man/man8/imapd.8
${INSTALL_MAN} \
${WRKSRC}/src/ipopd/ipopd.8c ${PREFIX}/man/man8/ipopd.8
.if defined(WITH_ALL_IMAPUTILS)
.for d in ${SOURCEDIRS_IMAPUTILS}
@${ECHO} "Installing ${d}."
${INSTALL_PROGRAM} ${WRKDIR}/${d}/${d} ${PREFIX}/bin
${INSTALL_MAN} ${WRKDIR}/${d}/${d}.1 ${PREFIX}/man/man1
.endfor
(cd ${PREFIX}/bin; ${LN} -s imapcopy imapmove)
(cd ${PREFIX}/bin; ${LN} -s mbxcopy mbxmove)
.endif
post-install:
@${CAT} ${PKGMESSAGE}

View File

@ -1,2 +1,2 @@
MD5 (imap-2001.BETA.SNAP-0104241750.tar.Z) = b28ed6662344d7552078f53fbc20362b
MD5 (imap-2001.BETA.SNAP-0106191041.tar.Z) = 119117c9ba437b6de64c68326fe5ddc8
MD5 (imap-utils.tar.Z) = a6453029f201b32e9ed761e662c47b0f

View File

@ -1,5 +1,5 @@
--- src/imapd/Makefile.orig Tue Apr 24 01:23:43 2001
+++ src/imapd/Makefile Tue Apr 24 01:30:06 2001
--- src/imapd/Makefile.orig Thu May 10 07:31:46 2001
+++ src/imapd/Makefile Wed Jun 20 02:29:42 2001
@@ -18,10 +18,10 @@
# CPYRIGHT, included with this Distribution.
@ -13,14 +13,25 @@
SHELL= /bin/sh
@@ -49,22 +49,24 @@
@@ -37,7 +37,9 @@
# NULs in the message text are technically a violation of both the message
# format and the IMAP specification, they can happen. Fortunately, most
# IMAP clients don't care. Netscape hangs.
-#NSBD= -DNETSCAPE_BRAIN_DAMAGE=\"http://www.washington.edu/pine\"
+.if defined(WITH_NETSCAPE_BRAIN_DAMAGE)
+NSBD= -DNETSCAPE_BRAIN_DAMAGE=\"http://www.washington.edu/pine\"
+.endif
# Un-comment this to get somewhat better interoperability with Microsoft
@@ -52,22 +54,25 @@
# Get local definitions from c-client directory
C = ../c-client
-CCLIENTLIB = $C/c-client.a
+#CCLIENTLIB = $C/c-client.a
CC = `cat $C/CCTYPE`
-CFLAGS = -I$C `cat $C/CFLAGS` $(NSBD) $(MSBD) -DANOFILE=\"$(ANO)\" \
-CFLAGS = -I$C `cat $C/CFLAGS` $(RFC1730) $(NSBD) $(MSBD) -DANOFILE=\"$(ANO)\" \
+.if defined(WITH_DRAC)
+CFLAGS = `cat $C/CFLAGS` -DANOFILE=\"$(ANO)\" -DETC_DIR=\"$(PREFIX)/etc\" \
+ -DALERTFILE=\"$(ALERT)\" -DUSERALERTFILE=\"$(USERALERT)\" -DDRAC_AUTH \
@ -33,6 +44,7 @@
-LDFLAGS = $(CCLIENTLIB) `cat $C/LDFLAGS`
+LDFLAGS = $(EXTRALDFLAGS) `cat $C/LDFLAGS`
+.endif
+CFLAGS+= $(RFC1730) $(NSBD) $(MSBD)
all: imapd

View File

@ -1,79 +1,73 @@
*** src/imapd/imapd.c.orig Mon Apr 23 16:45:41 2001
--- src/imapd/imapd.c Tue Apr 24 22:14:38 2001
***************
*** 29,34 ****
--- 29,39 ----
#include "c-client.h"
#include <sys/stat.h>
+ #ifdef DRAC_AUTH
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+ #include <stdlib.h>
+ #endif /* DRAC_AUTH */
#define CRLF PSOUT ("\015\012") /* primary output terpri */
***************
*** 173,178 ****
--- 178,189 ----
/* Global storage */
+ #ifdef DRAC_AUTH
+ #define DRACTIMEOUT 10*60 /* check every 10 minutes */
+ time_t lastdrac = 0; /* time of last drac check */
+ extern char *getenv ();
+ #endif /* DRAC_AUTH */
+
char *version = "2001.303"; /* version number of this server */
time_t alerttime = 0; /* time of last alert */
time_t sysalerttime = 0; /* time of last system alert */
***************
*** 1167,1172 ****
--- 1178,1222 ----
lasterror ());
return;
}
+
+ #ifdef DRAC_AUTH
+ if (time (0) > lastdrac + DRACTIMEOUT)
+ {
+ FILE *dracconf;
+ char host[100];
+ char *drachost;
+ char *err;
+ char *p;
+
+ if ( (dracconf = fopen(ETC_DIR "/dracd.host", "r")) == NULL)
+ {
+ syslog (LOG_INFO, "dracd: error opening %s/dracd.host config file",ETC_DIR);
+ exit(1);
+ }
+
+ fgets(host, 100, dracconf);
+ p = strchr(host, '\n');
+ if(p != NULL)
+ *p = '\0';
+ fclose(dracconf);
+
+ if( drachost = (host) )
+ {
+ struct sockaddr_in sin;
+ int sinlen = sizeof (struct sockaddr_in);
+ char *client = getpeername (0,(struct sockaddr *) &sin,(void *) &sinlen) ?
+ "UNKNOWN" : inet_ntoa (sin.sin_addr);
+
+ lastdrac = time(0);
+
+ if (dracauth(drachost, inet_addr(client), &err) != 0)
+ syslog (LOG_INFO, err);
+ else
+ syslog (LOG_INFO, "dracd: authorized ip %s", client);
+ }
+ }
+ #endif /* DRAC_AUTH */
+
/* change in number of messages? */
if (existsquelled || (nmsgs != stream->nmsgs)) {
PSOUT ("* ");
--- src/imapd/imapd.c.orig Wed Jun 20 01:57:16 2001
+++ src/imapd/imapd.c Wed Jun 20 02:01:00 2001
@@ -29,6 +29,11 @@
#include "c-client.h"
#include <sys/stat.h>
+#ifdef DRAC_AUTH
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdlib.h>
+#endif /* DRAC_AUTH */
#define CRLF PSOUT ("\015\012") /* primary output terpri */
@@ -173,6 +178,12 @@
/* Global storage */
+#ifdef DRAC_AUTH
+#define DRACTIMEOUT 10*60 /* check every 10 minutes */
+time_t lastdrac = 0; /* time of last drac check */
+extern char *getenv ();
+#endif /* DRAC_AUTH */
+
char *version = "2001.307"; /* version number of this server */
time_t alerttime = 0; /* time of last alert */
time_t sysalerttime = 0; /* time of last system alert */
@@ -1169,6 +1180,45 @@
lasterror ());
return;
}
+
+#ifdef DRAC_AUTH
+ if (time (0) > lastdrac + DRACTIMEOUT)
+ {
+ FILE *dracconf;
+ char host[100];
+ char *drachost;
+ char *err;
+ char *p;
+
+ if ( (dracconf = fopen(ETC_DIR "/dracd.host", "r")) == NULL)
+ {
+ syslog (LOG_INFO, "dracd: error opening %s/dracd.host config file",ETC_DIR);
+ exit(1);
+ }
+
+ fgets(host, 100, dracconf);
+ p = strchr(host, '\n');
+ if(p != NULL)
+ *p = '\0';
+ fclose(dracconf);
+
+ if( drachost = (host) )
+ {
+ struct sockaddr_in sin;
+ int sinlen = sizeof (struct sockaddr_in);
+ char *client = getpeername (0,(struct sockaddr *) &sin,(void *) &sinlen) ?
+ "UNKNOWN" : inet_ntoa (sin.sin_addr);
+
+ lastdrac = time(0);
+
+ if (dracauth(drachost, inet_addr(client), &err) != 0)
+ syslog (LOG_INFO, err);
+ else
+ syslog (LOG_INFO, "dracd: authorized ip %s", client);
+ }
+ }
+#endif /* DRAC_AUTH */
+
/* change in number of messages? */
if (existsquelled || (nmsgs != stream->nmsgs)) {
PSOUT ("* ");

View File

@ -9,7 +9,7 @@ case $2 in
POST-INSTALL)
;;
PRE-INSTALL)
if dialog --yesno "This port is not safe to use on a system which does not\nprovide shell access to users who can retrieve mail via IMAP.\nimapd contains buffer overflows which a user can exploit\nafter they have logged into imap to get access to their\naccount on the machine. If your imap users have shell access\nanyway, this is not a significant vulnerability.\n\nThere is also a vulnerability wherein local users can prevent\narbitrary POP2/3 mailboxes from being opened, and force IMAP\nmailboxes to only open read-only.\n\nDo you wish to proceed with the build?" 16 65 < ${TTY} >${TTY} 2>&1; then
if dialog --yesno "This port has been proven exploitable at several occasions (read up\non CERT advisories), leaving systems subject to remote root access.\nBefore installing this package, please consider:\n\na) Whether you really want to use this software. The integrity of\nyour system may be at risk.\n\nb) Using TCP Wrappers to protect your UW imap/pop daemons from being\npublicly available. Adding this to /etc/hosts.allow will make your\nimap and pop3 daemons accessible only from 192.168.0.0/24:\n\nimapd : 192.168.0.0/24 : allow\nimapd : ALL : deny\nipop3d : 192.168.0.0/24 : allow\nipop3d : ALL : deny\n\nFor more information about the hosts.allow file, read\nhosts_access(5). Please test that this setup works as expected.\n\nDo you wish to proceed with the build?" 24 72 < ${TTY} >${TTY} 2>&1; then
exit 0
else
exit 1

View File

@ -3,3 +3,15 @@ libexec/imapd
libexec/ipop2d
libexec/ipop3d
libexec/mlock
%%IMAPUTILS%%bin/chkmail
%%IMAPUTILS%%bin/dmail
%%IMAPUTILS%%bin/icat
%%IMAPUTILS%%bin/ifrom
%%IMAPUTILS%%bin/imapcopy
%%IMAPUTILS%%bin/imapmove
%%IMAPUTILS%%bin/imapxfer
%%IMAPUTILS%%bin/mbxcopy
%%IMAPUTILS%%bin/mbxmove
%%IMAPUTILS%%bin/mbxcreat
%%IMAPUTILS%%bin/mbxcvt
%%IMAPUTILS%%bin/tmail

23
mail/imap-uw/pkg-req.rev Normal file
View File

@ -0,0 +1,23 @@
#! /bin/sh
# anders@fix.no, 2001-06-19
if [ ! -f "$1" ]
then
echo "Your installation of the cclient port is outdated. Please delete it before"
echo "continuing."
exit 1
fi
portver=`grep "^#define CCLIENT_PORTVERSION" $1 | awk '{print $3}' \
| sed s/\"//g`
if [ "$portver" = "$2" ]
then
echo "Your imap-uw port matches the version of your cclient port. Fine."
exit 0
else
echo "Your cclient port (PORTVERSION $portver) does not match the version of imap-uw"
echo "(PORTVERSION $2) you are trying to install. Please delete your"
echo "installation of the cclient port before continuing."
exit 1
fi

27
mail/imap-uw/pkg-req.ssl Normal file
View File

@ -0,0 +1,27 @@
#! /bin/sh
# anders@fix.no, 2001-06-19
sslenabled=`grep "^#define CCLIENT_SSLENABLED" $1 | awk '{print $3}' \
| sed s/\"//g`
case $2 in
yes)
if [ "$sslenabled" = "yes" ]
then
echo "SSL check passed. We want SSL support, and cclient has it. Good."
exit 0
else
echo "SSL check failed. Wa want SSL support, but cclient doesn't have it."
echo "Please recompile and reinstall the cclient port with WITH_SSL=yes set."
exit 1
fi
;;
*)
if [ "$sslenabled" = "yes" ]
then
echo "You did not want SSL (by not defining WANT_SSL). Funny thing is, your cclient"
echo "port has SSL support installed."
exit 0
fi
;;
esac