diff options
| author |   Andrej Kacian <ticho@gentoo.org> | 2005-03-03 02:39:53 +0000 |
|---|---|---|
| committer | Andrej Kacian <ticho@gentoo.org> | 2005-03-03 02:39:53 +0000 |
| commit | 5947da2a89d077c23f1054decdafaf94c7d9dbd9 (patch) | |
| tree | 77254c46e4384c880c9757b540b30c626663e647 /net-mail/uw-imap | |
| parent | Added net-mail/uw-imap:clearpasswd (diff) | |
| download | gentoo-2-5947da2a89d077c23f1054decdafaf94c7d9dbd9.tar.gz gentoo-2-5947da2a89d077c23f1054decdafaf94c7d9dbd9.tar.bz2 gentoo-2-5947da2a89d077c23f1054decdafaf94c7d9dbd9.zip | |
Disable cleartext logins outside of SSL sessions by default. Add USEflag to toggle this behavior. Closes #83797. 2004c-r1 stable on x86.
(Portage version: 2.0.51.17)
Diffstat (limited to 'net-mail/uw-imap')
| -rw-r--r-- | net-mail/uw-imap/ChangeLog | 18 | ||||
| -rw-r--r-- | net-mail/uw-imap/Manifest | 32 | ||||
| -rw-r--r-- | net-mail/uw-imap/files/digest-uw-imap-2004c-r3 | 1 | ||||
| -rw-r--r-- | net-mail/uw-imap/uw-imap-2004c-r1.ebuild | 4 | ||||
| -rw-r--r-- | net-mail/uw-imap/uw-imap-2004c-r3.ebuild | 190 |
5 files changed, 218 insertions, 27 deletions
diff --git a/net-mail/uw-imap/ChangeLog b/net-mail/uw-imap/ChangeLog index 0390b0de6b4e..3ad38fb80703 100644 --- a/net-mail/uw-imap/ChangeLog +++ b/net-mail/uw-imap/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-mail/uw-imap # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-mail/uw-imap/ChangeLog,v 1.58 2005/02/18 22:08:57 ferdy Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-mail/uw-imap/ChangeLog,v 1.59 2005/03/03 02:39:53 ticho Exp $ + +*uw-imap-2004c-r3 (03 Mar 2005) + + 03 Mar 2005; Andrej Kacian <ticho@gentoo.org> uw-imap-2004c-r1.ebuild, + +uw-imap-2004c-r3.ebuild: + Revision bump to restrict cleartext LOGIN to SSL/TLS sessions by default. + Introduced "clearpasswd" USE flag to toggle this restriction. Suggested by + Tero Pelander <tpeland@tkukoulu.fi> in bug #83797. 2004c-r1 stable on x86. 18 Feb 2005; Fernando J. Pereda <ferdy@gentoo.org> uw-imap-2004c-r2.ebuild: @@ -12,10 +20,10 @@ +uw-imap-2004c-r2.ebuild: Don't install pam.d files. #79240. Depend on mailbase-0.00-r8 at least - 01 Feb 2005; Olivier Crête <tester@gentoo.org> : + 01 Feb 2005; Olivier CrĂŞte <tester@gentoo.org> : Stable on x86 per security bug #79874 - 30 Jan 2005; Bryan Østergaard <kloeri@gentoo.org> uw-imap-2004c.ebuild: + 30 Jan 2005; Bryan Ăstergaard <kloeri@gentoo.org> uw-imap-2004c.ebuild: Stable on alpha, bug 79874. *uw-imap-2004c-r1 (01 Feb 2005) @@ -59,7 +67,7 @@ 16 Dec 2004; Dylan Carlson <absinthe@gentoo.org> uw-imap-2004a.ebuild: Stable on amd64. - 05 Dec 2004; Bryan Østergaard <kloeri@gentoo.org> uw-imap-2004a.ebuild: + 05 Dec 2004; Bryan Ăstergaard <kloeri@gentoo.org> uw-imap-2004a.ebuild: Stable on alpha, bug 72323. 24 Nov 2004; Christian Birchinger <joker@gentoo.org> uw-imap-2004a.ebuild: @@ -73,7 +81,7 @@ Removed mbox USE flag from 2002e-r4 and 2004a, as it is not used at all. Inherit flag-o-matic. - 31 Oct 2004; Bryan Østergaard <kloeri@gentoo.org> + 31 Oct 2004; Bryan Ăstergaard <kloeri@gentoo.org> uw-imap-2002e-r4.ebuild: Stable on alpha. diff --git a/net-mail/uw-imap/Manifest b/net-mail/uw-imap/Manifest index 458fa50354e5..2a4b137480bd 100644 --- a/net-mail/uw-imap/Manifest +++ b/net-mail/uw-imap/Manifest @@ -1,28 +1,20 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 e9a05288ecb9fada22fff84bf0c5962c uw-imap-2004a.ebuild 3292 -MD5 b7bf09a15452b48545f154a464fdf731 uw-imap-2004c-r1.ebuild 4128 -MD5 f8341ad011ccea95c157f34f869a0a69 uw-imap-2004c.ebuild 3296 MD5 caa84cdc8056babb00b09991da0e6764 ChangeLog 8650 MD5 5721b86fd871bdfab77231abc6e02f68 metadata.xml 161 -MD5 2a95a847286c5b23cb291f923f75c6e0 uw-imap-2004c-r2.ebuild 4648 +MD5 61bf38fc860f8fa85c53c909e983f4ae uw-imap-2004c-r3.ebuild 5065 +MD5 1f442bf407be0b281ae7a2dd95a09a2d uw-imap-2004c-r2.ebuild 5166 +MD5 257d57d8af8005dbbb20843547822e40 uw-imap-2004c-r1.ebuild 4127 +MD5 f8341ad011ccea95c157f34f869a0a69 uw-imap-2004c.ebuild 3296 +MD5 e9a05288ecb9fada22fff84bf0c5962c uw-imap-2004a.ebuild 3292 +MD5 464e6baf7e9bdb0bebb80f0810515962 files/digest-uw-imap-2004c-r3 63 MD5 506e7347cac698714cf5cd60eca761ba files/uw-ipop2.xinetd 563 -MD5 7fe0f2231e5e0d8b491a8c9780048ac3 files/uw-ipop3s.xinetd 469 -MD5 a0d3f290ad8a98968896a5315628d473 files/uw-imap.xinetd 491 -MD5 86da98c03bc68723a437d2cf135b0775 files/digest-uw-imap-2004a 62 MD5 464e6baf7e9bdb0bebb80f0810515962 files/digest-uw-imap-2004c 63 -MD5 113b8cca9a203707f69bd0f6632ded57 files/uw-imap.pam-system-auth 343 +MD5 86da98c03bc68723a437d2cf135b0775 files/digest-uw-imap-2004a 62 +MD5 f9441b5a20dd2477f12e0b0f04e2748d files/uw-imap.pam 243 MD5 dfcbb9b410d2d513c15520e713043769 files/uw-ipop3.xinetd 472 -MD5 f93adbc027c40ed405bbde4bb1330f2d files/uw-imaps.xinetd 486 +MD5 7fe0f2231e5e0d8b491a8c9780048ac3 files/uw-ipop3s.xinetd 469 MD5 cde23dc2375a8c33998202c8f0c9ae0e files/uw-imap-2004c-amd64-so-fix.patch 675 -MD5 f9441b5a20dd2477f12e0b0f04e2748d files/uw-imap.pam 243 MD5 464e6baf7e9bdb0bebb80f0810515962 files/digest-uw-imap-2004c-r1 63 +MD5 113b8cca9a203707f69bd0f6632ded57 files/uw-imap.pam-system-auth 343 +MD5 a0d3f290ad8a98968896a5315628d473 files/uw-imap.xinetd 491 +MD5 f93adbc027c40ed405bbde4bb1330f2d files/uw-imaps.xinetd 486 MD5 464e6baf7e9bdb0bebb80f0810515962 files/digest-uw-imap-2004c-r2 63 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.0 (GNU/Linux) - -iD8DBQFCFmeIViELBEf1JB0RAnOiAJ4merNTvFA4Kzatls7FjyOwfOsDwQCfU6na -OeAnU+W+jX8BE+EVyan7IH0= -=lyOc ------END PGP SIGNATURE----- diff --git a/net-mail/uw-imap/files/digest-uw-imap-2004c-r3 b/net-mail/uw-imap/files/digest-uw-imap-2004c-r3 new file mode 100644 index 000000000000..3e0d89c32ffc --- /dev/null +++ b/net-mail/uw-imap/files/digest-uw-imap-2004c-r3 @@ -0,0 +1 @@ +MD5 f0a1a2abfa4b1ed8074ce023724416f3 imap-2004c1.tar.Z 2227092 diff --git a/net-mail/uw-imap/uw-imap-2004c-r1.ebuild b/net-mail/uw-imap/uw-imap-2004c-r1.ebuild index 49beb1da2816..7ce35b46e603 100644 --- a/net-mail/uw-imap/uw-imap-2004c-r1.ebuild +++ b/net-mail/uw-imap/uw-imap-2004c-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-mail/uw-imap/uw-imap-2004c-r1.ebuild,v 1.1 2005/02/01 15:43:45 cryos Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-mail/uw-imap/uw-imap-2004c-r1.ebuild,v 1.2 2005/03/03 02:39:53 ticho Exp $ inherit flag-o-matic @@ -13,7 +13,7 @@ HOMEPAGE="http://www.washington.edu/imap/" LICENSE="as-is" SLOT="0" -KEYWORDS="~x86 ~sparc ~ppc ~hppa ~alpha ~amd64" +KEYWORDS="x86 ~sparc ~ppc ~hppa ~alpha ~amd64" IUSE="ipv6 ssl pic kerberos" PROVIDE="virtual/imapd" diff --git a/net-mail/uw-imap/uw-imap-2004c-r3.ebuild b/net-mail/uw-imap/uw-imap-2004c-r3.ebuild new file mode 100644 index 000000000000..eda6bba506b7 --- /dev/null +++ b/net-mail/uw-imap/uw-imap-2004c-r3.ebuild @@ -0,0 +1,190 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-mail/uw-imap/uw-imap-2004c-r3.ebuild,v 1.1 2005/03/03 02:39:53 ticho Exp $ + +inherit eutils flag-o-matic + +MY_P="imap-${PV}1" +S=${WORKDIR}/${MY_P} + +DESCRIPTION="UW server daemons for IMAP and POP network mail protocols." +SRC_URI="ftp://ftp.cac.washington.edu/imap/${MY_P}.tar.Z" +HOMEPAGE="http://www.washington.edu/imap/" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~x86 ~sparc ~ppc ~hppa ~alpha ~amd64" +IUSE="ipv6 ssl pic kerberos clearpasswd" + +PROVIDE="virtual/imapd" +PROVIDE="${PROVIDE} virtual/imap-c-client" +DEPEND="!net-mail/vimap + !virtual/imap-c-client + virtual/libc + >=sys-libs/pam-0.72 + >=net-mail/mailbase-0.00-r8 + ssl? ( dev-libs/openssl ) + kerberos? ( virtual/krb5 )" + +pkg_setup() { + if use clearpasswd; then + echo + ewarn "Building uw-imap with cleartext LOGIN allowed. Disable \"clearpasswd\" USE" + ewarn "flag to restrict cleartext LOGIN to SSL/TLS sessions only." + echo + else + echo + ewarn "Building uw-imap with cleartext LOGIN restricted to SSL/TLS sessions only." + ewarn "Enable \"clearpasswd\" flag to allow unrestricted cleartext LOGIN." + echo + fi + # ewarn people not using pam with this file + if ! built_with_use net-mail/mailbase pam; + then + echo + ewarn "It is recommended to have the net-mail/mailbase package" + ewarn " built with the pam use flag activated. Please rebuild" + ewarn " net-mail/mailbase with pam activated." + echo + epause 3 + fi +} + +src_unpack() { + unpack ${A} + # Tarball packed with bad file perms + chmod -R ug+w ${S} + + cd ${S} + + if use amd64; then + # Now we must make all the individual Makefiles use different CFLAGS, + # otherwise they would all use -fPIC + sed -i -e "s|\`cat \$C/CFLAGS\`|${CFLAGS}|g" src/dmail/Makefile \ + src/imapd/Makefile src/ipopd/Makefile src/mailutil/Makefile \ + src/mlock/Makefile src/mtest/Makefile src/tmail/Makefile \ + || die "sed failed patching Makefile CFLAGS." + # Now there is only c-client left, which should be built with -fPIC + append-flags -fPIC + # Apply our patch to actually build the shared library for PHP5 + epatch ${FILESDIR}/${P}-amd64-so-fix.patch + fi + + use pic || use alpha && append-flags -fPIC + + cd ${S}/src/osdep/unix/ + cp Makefile Makefile.orig + sed \ + -e "s:BASECFLAGS=\".*\":BASECFLAGS=:g" \ + -e 's,SSLDIR=/usr/local/ssl,SSLDIR=/usr,g' \ + -e 's,SSLCERTS=$(SSLDIR)/certs,SSLCERTS=/etc/ssl/certs,g' \ + < Makefile.orig > Makefile + + # Uncomment this for MBX support + #cp Makefile Makefile.orig2 + #sed \ + # -e "s:CREATEPROTO=unixproto:CREATEPROTO=mbxproto:" \ + # -e "s:EMPTYPROTO=unixproto:EMPTYPROTO=mbxproto:" \ + # < Makefile.orig2 > Makefile +} + +src_compile() { + local mymake + local ipver + ipver="IP=4" + + use ipv6 && echo ipv6 + use kerberos && echo kerberos + use ssl && echo ssl + use ipv6 && ipver="IP=6" + use kerberos \ + && mymake="EXTRAAUTHENTICATORS=gss" + if use ssl; then + cd ${S} + echo ${mymake} + if use clearpasswd; then + yes | make lnp ${mymake} ${ipver} SSLTYPE=unix EXTRACFLAGS="${CFLAGS}" || die + else + yes | make lnp ${mymake} ${ipver} SSLTYPE=unix.nopwd EXTRACFLAGS="${CFLAGS}" || die + fi + + + local i + for i in imapd ipop3d; do + umask 077 + PEM1=`/bin/mktemp ${T}/openssl.XXXXXX` + PEM2=`/bin/mktemp ${T}/openssl.XXXXXX` + /usr/bin/openssl req -newkey rsa:1024 -keyout $$PEM1 \ + -nodes -x509 -days 365 -out $$PEM2 << EOF +-- +SomeState +SomeCity +SomeOrganization +SomeOrganizationalUnit +localhost.localdomain +root@localhost.localdomain +EOF + + cat $$PEM1 > ${i}.pem + echo "" >> ${i}.pem + cat $$PEM2 >> ${i}.pem + rm $$PEM1 $$PEM2 + umask 022 + done + else + yes | make lnp ${mymake} ${ipver} SSLTYPE=none EXTRACFLAGS="${CFLAGS}" || die + fi +} + +src_install() { + into /usr + dosbin imapd/imapd ipopd/ipop?d dmail/dmail tmail/tmail + dobin mailutil/mailutil mlock/mlock mtest/mtest + + if use ssl; then + dodir /etc/ssl/certs + mv imapd.pem ${D}/etc/ssl/certs + mv ipop3d.pem ${D}/etc/ssl/certs + fi + + if use amd64; then + dolib.so c-client/libc-client.so* + cd ${D}/usr/$(get_libdir) + ln -s libc-client.so.1.0.0 libc-client.so.1 + ln -s libc-client.so.1 libc-client.so + fi + + cd ${S} + + insinto /usr/include/imap + doins c-client/{c-client,mail,imap4r1,rfc822,linkage,misc,smtp,nntp}.h + doins c-client/{osdep,env_unix,env,fs,ftl,nl,tcp}.h + dolib.a c-client/c-client.a + dosym /usr/$(get_libdir)/c-client.a /usr/$(get_libdir)/libc-client.a + + doman src/ipopd/ipopd.8 src/imapd/imapd.8 + doman src/dmail/dmail.1 src/tmail/tmail.1 src/mailutil/mailutil.1 + + dodoc CPYRIGHT README docs/*.txt docs/CONFIG docs/RELNOTES + + docinto rfc + dodoc docs/rfc/*.txt + + # gentoo config stuff + + ## Those are now provided by mailbase + # but if mailbase didn't provide them, install needed files + if ! built_with_use net-mail/mailbase pam; + then + insinto /etc/pam.d + newins ${FILESDIR}/uw-imap.pam-system-auth imap + newins ${FILESDIR}/uw-imap.pam-system-auth pop + fi + + insinto /etc/xinetd.d + newins ${FILESDIR}/uw-imap.xinetd imap + newins ${FILESDIR}/uw-ipop2.xinetd ipop2 + newins ${FILESDIR}/uw-ipop3.xinetd ipop3 + newins ${FILESDIR}/uw-ipop3s.xinetd ipop3s + newins ${FILESDIR}/uw-imaps.xinetd imaps +} |