From 2373ab3b260684db3d74032d724a68c2ab8d8d33 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Tue, 31 Oct 2023 13:09:01 +0100 Subject: [PATCH 1/9] add imap support --- config/ext.json | 8 ++- config/lib.json | 9 +++ config/source.json | 9 +++ src/SPC/builder/extension/imap.php | 28 ++++++++ src/SPC/builder/linux/library/imap.php | 68 +++++++++++++++++++ src/SPC/builder/unix/library/postgresql.php | 3 +- .../patch/1006_openssl1.1_autoverify.patch | 58 ++++++++++++++++ src/globals/patch/2014_openssl1.1.1_sni.patch | 42 ++++++++++++ 8 files changed, 220 insertions(+), 5 deletions(-) create mode 100644 src/SPC/builder/extension/imap.php create mode 100644 src/SPC/builder/linux/library/imap.php create mode 100644 src/globals/patch/1006_openssl1.1_autoverify.patch create mode 100644 src/globals/patch/2014_openssl1.1.1_sni.patch diff --git a/config/ext.json b/config/ext.json index b18c8eb93..176c4633a 100644 --- a/config/ext.json +++ b/config/ext.json @@ -132,12 +132,13 @@ }, "imap": { "type": "builtin", - "arg-type": "with", + "arg-type": "custom", "lib-depends": [ "imap" ], "lib-suggests": [ - "kerberos" + "kerberos", + "openssl" ] }, "inotify": { @@ -234,7 +235,8 @@ "type": "builtin", "arg-type": "custom", "lib-depends": [ - "openssl" + "openssl", + "zlib" ], "ext-depends": [ "zlib" diff --git a/config/lib.json b/config/lib.json index 6a602d16b..5e6189e6a 100644 --- a/config/lib.json +++ b/config/lib.json @@ -141,6 +141,15 @@ "libxml2" ] }, + "imap": { + "source": "imap", + "static-libs-unix": [ + "libc-client.a" + ], + "lib-suggests": [ + "openssl" + ] + }, "ldap": { "source": "ldap", "static-libs-unix": [ diff --git a/config/source.json b/config/source.json index b3557941d..c56e25fbd 100644 --- a/config/source.json +++ b/config/source.json @@ -144,6 +144,15 @@ "path": "LICENSE" } }, + "imap": { + "type": "git", + "url": "https://github.com/uw-imap/imap.git", + "rev": "master", + "license": { + "type": "file", + "path": "LICENSE" + } + }, "inotify": { "type": "url", "url": "https://pecl.php.net/get/inotify", diff --git a/src/SPC/builder/extension/imap.php b/src/SPC/builder/extension/imap.php new file mode 100644 index 000000000..389223ec1 --- /dev/null +++ b/src/SPC/builder/extension/imap.php @@ -0,0 +1,28 @@ +builder->getOption('enable-zts')) { + throw new WrongUsageException('ext-imap is not thread safe, do not build it with ZTS builds'); + } + $arg = '--with-imap=' . BUILD_ROOT_PATH; + if ($this->builder->getLib('openssl') !== null) { + $arg .= ' --with-imap-ssl=' . BUILD_ROOT_PATH; + } + return $arg; + } +} diff --git a/src/SPC/builder/linux/library/imap.php b/src/SPC/builder/linux/library/imap.php new file mode 100644 index 000000000..594a75bde --- /dev/null +++ b/src/SPC/builder/linux/library/imap.php @@ -0,0 +1,68 @@ +source_dir . '/Makefile', '-DMAC_OSX_KLUDGE=1', ''); + FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', 'CC=cc', "CC={$cc}"); + FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', '-lcrypto -lz', '-lcrypto'); + FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', '-lcrypto', '-lcrypto -lz'); + FileSystem::replaceFileStr( + $this->source_dir . '/src/osdep/unix/ssl_unix.c', + "#include \n#include ", + "#include \n#include " + ); + SourcePatcher::patchFile('1007_openssl1.1_autoverify.patch', $this->source_dir); + SourcePatcher::patchFile('2014_openssl1.1.1_sni.patch', $this->source_dir); + FileSystem::replaceFileStr($this->source_dir . '/Makefile', 'SSLINCLUDE=/usr/include/openssl', 'SSLINCLUDE=' . BUILD_INCLUDE_PATH); + FileSystem::replaceFileStr($this->source_dir . '/Makefile', 'SSLLIB=/usr/lib', 'SSLLIB=' . BUILD_LIB_PATH); + return true; + } + + /** + * @throws FileSystemException + * @throws RuntimeException + * @throws WrongUsageException + */ + protected function build(): void + { + if ($this->builder->getLib('openssl')) { + $ssl_options = 'SPECIALAUTHENTICATORS=ssl SSLTYPE=unix.nopwd SSLINCLUDE=' . BUILD_INCLUDE_PATH . ' SSLLIB=' . BUILD_LIB_PATH; + } else { + $ssl_options = 'SSLTYPE=none'; + } + shell()->cd($this->source_dir) + ->exec('make clean') + ->exec('touch ip6') + ->exec( + "yes | make slx {$ssl_options}" + ); + try { + shell() + ->exec("cp -rf {$this->source_dir}/c-client/c-client.a " . BUILD_LIB_PATH . '/libc-client.a') + ->exec("cp -rf {$this->source_dir}/c-client/*.c " . BUILD_LIB_PATH . '/') + ->exec("cp -rf {$this->source_dir}/c-client/*.h " . BUILD_INCLUDE_PATH . '/') + ->exec("cp -rf {$this->source_dir}/src/osdep/unix/*.h " . BUILD_INCLUDE_PATH . '/'); + } catch (\Throwable) { + // last command throws an exception, no idea why since it works + } + } +} diff --git a/src/SPC/builder/unix/library/postgresql.php b/src/SPC/builder/unix/library/postgresql.php index 38be1bf21..5769c106f 100644 --- a/src/SPC/builder/unix/library/postgresql.php +++ b/src/SPC/builder/unix/library/postgresql.php @@ -24,7 +24,6 @@ protected function build(): void $optional_packages = [ 'zstd' => 'libzstd', 'ldap' => 'ldap', - 'libpam' => 'libpam', 'libxslt' => 'libxslt', 'icu' => 'icu-i18n', ]; @@ -74,12 +73,12 @@ protected function build(): void '--with-libxml ' . ($this->builder->getLib('icu') ? '--with-icu ' : '--without-icu ') . ($this->builder->getLib('ldap') ? '--with-ldap ' : '--without-ldap ') . - ($this->builder->getLib('libpam') ? '--with-pam ' : '--without-pam ') . ($this->builder->getLib('libxslt') ? '--with-libxslt ' : '--without-libxslt ') . ($this->builder->getLib('zstd') ? '--with-zstd ' : '--without-zstd ') . '--without-lz4 ' . '--without-perl ' . '--without-python ' . + '--without-pam ' . '--without-bonjour ' . '--without-tcl ' ); diff --git a/src/globals/patch/1006_openssl1.1_autoverify.patch b/src/globals/patch/1006_openssl1.1_autoverify.patch new file mode 100644 index 000000000..f8629f2fb --- /dev/null +++ b/src/globals/patch/1006_openssl1.1_autoverify.patch @@ -0,0 +1,58 @@ +Description: Support OpenSSL 1.1 + When building with OpenSSL 1.1 and newer, use the new built-in + hostname verification instead of code that doesn't compile due to + structs having been made opaque. +Bug-Debian: https://bugs.debian.org/828589 + +--- a/src/osdep/unix/ssl_unix.c ++++ b/src/osdep/unix/ssl_unix.c +@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM * + /* disable certificate validation? */ + if (flags & NET_NOVALIDATECERT) + SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); +- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); ++ else { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); ++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ++ X509_VERIFY_PARAM_set1_host(param, host, 0); ++#endif ++ ++ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + /* set default paths to CAs... */ ++ } + SSL_CTX_set_default_verify_paths (stream->context); + /* ...unless a non-standard path desired */ + if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) +@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM * + if (SSL_write (stream->con,"",0) < 0) + return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; + /* need to validate host names? */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if (!(flags & NET_NOVALIDATECERT) && + (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), + host))) { +@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM * + sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); + return ssl_last_error = cpystr (tmp); + } ++#endif + return NIL; + } + +@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_ + * Returns: NIL if validated, else string of error message + */ + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + static char *ssl_validate_cert (X509 *cert,char *host) + { + int i,n; +@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce + else ret = "Unable to locate common name in certificate"; + return ret; + } ++#endif + + /* Case-independent wildcard pattern match + * Accepts: base string diff --git a/src/globals/patch/2014_openssl1.1.1_sni.patch b/src/globals/patch/2014_openssl1.1.1_sni.patch new file mode 100644 index 000000000..256d7d6d0 --- /dev/null +++ b/src/globals/patch/2014_openssl1.1.1_sni.patch @@ -0,0 +1,42 @@ +Bug-Debian: https://bugs.debian.org/916041 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1834340 +Description: + Google IMAP servers require SNI if TLSv1.3 is used, + otherwise it sends a self-signed certificate which + fails validation. + + OpenSSL support/versions: + - TLSv1.3 on 1.1.1, + - a2i_IPADDRESS() on 0.9.8'ish, + - SSL_set_tlsext_host_name() on 0.9.8'ish/1.0.0; + per 'git blame/describe' and the CHANGES file. + + So check for TLSv1.3 support / OpenSSL 1.1.1 + not to incur behavior changes on pre-TLSv1.3, + and set host_name to 'host' (ssl_open_verify() + validates this, via 'ssl_last_host' variable) + + This patch just combines these two patches: + - BTS#916041 (message #5) by Ed Spiridonov, + - LP#1834340 (comment #6) by David Zuelke. +Author: Mauricio Faria de Oliveira + +Index: uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c +=================================================================== +--- uw-imap-2007f~dfsg.orig/src/osdep/unix/ssl_unix.c ++++ uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c +@@ -266,6 +266,14 @@ static char *ssl_start_work (SSLSTREAM * + /* create connection */ + if (!(stream->con = (SSL *) SSL_new (stream->context))) + return "SSL connection failed"; ++#if OPENSSL_VERSION_NUMBER >= 0x10101000 ++ /* Use SNI in case server requires it with TLSv1.3. ++ * Literal IP addresses not permitted per RFC 6066. */ ++ if (!a2i_IPADDRESS(host)) { ++ ERR_clear_error(); ++ SSL_set_tlsext_host_name(stream->con,host); ++ } ++#endif + bio = BIO_new_socket (stream->tcpstream->tcpsi,BIO_NOCLOSE); + SSL_set_bio (stream->con,bio,bio); + SSL_set_connect_state (stream->con); From fe4e8e4f9caca97be3b9c51978890fada55cf0c6 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Tue, 31 Oct 2023 14:56:43 +0100 Subject: [PATCH 2/9] fix redhat os detection --- src/SPC/doctor/item/LinuxToolCheckList.php | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/src/SPC/doctor/item/LinuxToolCheckList.php b/src/SPC/doctor/item/LinuxToolCheckList.php index ee9394f3d..40d179565 100644 --- a/src/SPC/doctor/item/LinuxToolCheckList.php +++ b/src/SPC/doctor/item/LinuxToolCheckList.php @@ -36,7 +36,7 @@ class LinuxToolCheckList 'git', 'autoconf', 'automake', 'tar', 'unzip', 'gzip', 'gcc', 'bzip2', 'cmake', 'patch', - 'xz', 'wget', // to get musl + 'xz', ]; /** @noinspection PhpUnused */ @@ -47,8 +47,7 @@ public function checkCliTools(): ?CheckResult $required = match ($distro['dist']) { 'alpine' => self::TOOLS_ALPINE, - 'almalinux' => self::TOOLS_RHEL, - 'rhel' => self::TOOLS_RHEL, + 'redhat' => self::TOOLS_RHEL, default => self::TOOLS_DEBIAN, }; $missing = []; @@ -61,8 +60,7 @@ public function checkCliTools(): ?CheckResult return match ($distro['dist']) { 'ubuntu', 'alpine', - 'rhel', - 'almalinux', + 'redhat', 'debian' => CheckResult::fail(implode(', ', $missing) . ' not installed on your system', 'install-linux-tools', [$distro, $missing]), default => CheckResult::fail(implode(', ', $missing) . ' not installed on your system'), }; @@ -74,11 +72,10 @@ public function checkCliTools(): ?CheckResult #[AsCheckItem('if necessary packages are installed', limit_os: 'Linux')] public function checkSystemOSPackages(): ?CheckResult { - $distro = SystemUtil::getOSRelease(); - if ($distro['dist'] === 'alpine') { + if (SystemUtil::isMuslDist()) { // check linux-headers installation if (!file_exists('/usr/include/linux/mman.h')) { - return CheckResult::fail('linux-headers not installed on your system', 'install-linux-tools', [$distro, ['linux-headers']]); + return CheckResult::fail('linux-headers not installed on your system', 'install-linux-tools', [SystemUtil::getOSRelease(), ['linux-headers']]); } } return CheckResult::ok(); @@ -94,8 +91,7 @@ public function fixBuildTools(array $distro, array $missing): bool $install_cmd = match ($distro['dist']) { 'ubuntu', 'debian' => 'apt-get install -y', 'alpine' => 'apk add', - 'rhel' => 'dnf install -y', - 'almalinux' => 'dnf install -y', + 'redhat' => 'dnf install -y', default => throw new RuntimeException('Current linux distro does not have an auto-install script for musl packages yet.'), }; $prefix = ''; @@ -104,8 +100,8 @@ public function fixBuildTools(array $distro, array $missing): bool logger()->warning('Current user is not root, using sudo for running command'); } try { - $is_rhel = in_array($distro['dist'], ['rhel', 'almalinux']); - $to_install = $is_rhel ? $missing : str_replace('xz', 'xz-utils', $missing); + $is_debian = in_array($distro['dist'], ['debian', 'ubuntu']); + $to_install = $is_debian ? str_replace('xz', 'xz-utils', $missing) : $missing; shell(true)->exec($prefix . $install_cmd . ' ' . implode(' ', $to_install)); } catch (RuntimeException) { return false; From 203a3101d8345138c5712da863a71c79231e5f8d Mon Sep 17 00:00:00 2001 From: crazywhalecc Date: Sun, 12 Nov 2023 16:59:16 +0800 Subject: [PATCH 3/9] remove kerberos temporarily --for-extensions is not working with it --- config/ext.json | 1 - 1 file changed, 1 deletion(-) diff --git a/config/ext.json b/config/ext.json index e3081154a..cb313ff55 100644 --- a/config/ext.json +++ b/config/ext.json @@ -137,7 +137,6 @@ "imap" ], "lib-suggests": [ - "kerberos", "openssl" ] }, From 852652a11b610168f588eb1038d648b5f506b0a0 Mon Sep 17 00:00:00 2001 From: crazywhalecc Date: Sun, 12 Nov 2023 17:00:27 +0800 Subject: [PATCH 4/9] use WrongUsageException for not supported libs --- src/SPC/builder/BuilderBase.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/SPC/builder/BuilderBase.php b/src/SPC/builder/BuilderBase.php index 6e46886f9..d214b859c 100644 --- a/src/SPC/builder/BuilderBase.php +++ b/src/SPC/builder/BuilderBase.php @@ -69,7 +69,7 @@ public function buildLibs(array $libraries): void foreach ($libraries as $library) { // if some libs are not supported (but in config "lib.json", throw exception) if (!isset($support_lib_list[$library])) { - throw new RuntimeException('library [' . $library . '] is in the lib.json list but not supported to compile, but in the future I will support it!'); + throw new WrongUsageException('library [' . $library . '] is in the lib.json list but not supported to compile, but in the future I will support it!'); } $lib = new ($support_lib_list[$library])($this); $this->addLib($lib); From 45049a91fe747e1014fc2a94cd8021294877d3f2 Mon Sep 17 00:00:00 2001 From: crazywhalecc Date: Mon, 13 Nov 2023 00:09:52 +0800 Subject: [PATCH 5/9] use static-php/imap --- config/source.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/source.json b/config/source.json index 7e1de0289..a94236c3b 100644 --- a/config/source.json +++ b/config/source.json @@ -146,7 +146,7 @@ }, "imap": { "type": "git", - "url": "https://github.com/uw-imap/imap.git", + "url": "https://github.com/static-php/imap.git", "rev": "master", "license": { "type": "file", From 72954812e1b7561291fc6a867233a922385a37ae Mon Sep 17 00:00:00 2001 From: crazywhalecc Date: Mon, 13 Nov 2023 00:10:23 +0800 Subject: [PATCH 6/9] separate linux and macos patches --- src/SPC/builder/linux/library/imap.php | 12 ++--- src/SPC/builder/macos/library/imap.php | 66 ++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 8 deletions(-) create mode 100644 src/SPC/builder/macos/library/imap.php diff --git a/src/SPC/builder/linux/library/imap.php b/src/SPC/builder/linux/library/imap.php index 594a75bde..6a36c4add 100644 --- a/src/SPC/builder/linux/library/imap.php +++ b/src/SPC/builder/linux/library/imap.php @@ -6,7 +6,6 @@ use SPC\exception\FileSystemException; use SPC\exception\RuntimeException; -use SPC\exception\WrongUsageException; use SPC\store\FileSystem; use SPC\store\SourcePatcher; @@ -16,31 +15,28 @@ class imap extends LinuxLibraryBase /** * @throws FileSystemException - * @throws RuntimeException */ public function patchBeforeBuild(): bool { $cc = getenv('CC') ?: 'gcc'; - FileSystem::replaceFileStr($this->source_dir . '/Makefile', '-DMAC_OSX_KLUDGE=1', ''); + // FileSystem::replaceFileStr($this->source_dir . '/Makefile', '-DMAC_OSX_KLUDGE=1', ''); FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', 'CC=cc', "CC={$cc}"); - FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', '-lcrypto -lz', '-lcrypto'); + /* FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', '-lcrypto -lz', '-lcrypto'); FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', '-lcrypto', '-lcrypto -lz'); FileSystem::replaceFileStr( $this->source_dir . '/src/osdep/unix/ssl_unix.c', "#include \n#include ", "#include \n#include " ); - SourcePatcher::patchFile('1007_openssl1.1_autoverify.patch', $this->source_dir); - SourcePatcher::patchFile('2014_openssl1.1.1_sni.patch', $this->source_dir); + // SourcePatcher::patchFile('1006_openssl1.1_autoverify.patch', $this->source_dir); + SourcePatcher::patchFile('2014_openssl1.1.1_sni.patch', $this->source_dir); */ FileSystem::replaceFileStr($this->source_dir . '/Makefile', 'SSLINCLUDE=/usr/include/openssl', 'SSLINCLUDE=' . BUILD_INCLUDE_PATH); FileSystem::replaceFileStr($this->source_dir . '/Makefile', 'SSLLIB=/usr/lib', 'SSLLIB=' . BUILD_LIB_PATH); return true; } /** - * @throws FileSystemException * @throws RuntimeException - * @throws WrongUsageException */ protected function build(): void { diff --git a/src/SPC/builder/macos/library/imap.php b/src/SPC/builder/macos/library/imap.php new file mode 100644 index 000000000..ab489ee69 --- /dev/null +++ b/src/SPC/builder/macos/library/imap.php @@ -0,0 +1,66 @@ +source_dir); + // FileSystem::replaceFileStr($this->source_dir . '/Makefile', '-DMAC_OSX_KLUDGE=1', ''); + FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', 'CC=cc', "CC={$cc}"); + /* FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', '-lcrypto -lz', '-lcrypto'); + FileSystem::replaceFileStr($this->source_dir . '/src/osdep/unix/Makefile', '-lcrypto', '-lcrypto -lz'); + FileSystem::replaceFileStr( + $this->source_dir . '/src/osdep/unix/ssl_unix.c', + "#include \n#include ", + "#include \n#include " + ); + // SourcePatcher::patchFile('1006_openssl1.1_autoverify.patch', $this->source_dir); + SourcePatcher::patchFile('2014_openssl1.1.1_sni.patch', $this->source_dir); */ + FileSystem::replaceFileStr($this->source_dir . '/Makefile', 'SSLINCLUDE=/usr/include/openssl', 'SSLINCLUDE=' . BUILD_INCLUDE_PATH); + FileSystem::replaceFileStr($this->source_dir . '/Makefile', 'SSLLIB=/usr/lib', 'SSLLIB=' . BUILD_LIB_PATH); + return true; + } + + /** + * @throws RuntimeException + */ + protected function build(): void + { + if ($this->builder->getLib('openssl')) { + $ssl_options = 'SPECIALAUTHENTICATORS=ssl SSLTYPE=unix.nopwd SSLINCLUDE=' . BUILD_INCLUDE_PATH . ' SSLLIB=' . BUILD_LIB_PATH; + } else { + $ssl_options = 'SSLTYPE=none'; + } + shell()->cd($this->source_dir) + ->exec('make clean') + ->exec('touch ip6') + ->exec( + "yes | EXTRACFLAGS='-Wimplicit-function-declaration -include $(xcrun --show-sdk-path)/usr/include/poll.h -include $(xcrun --show-sdk-path)/usr/include/time.h -include $(xcrun --show-sdk-path)/usr/include/utime.h' make osx {$ssl_options}" + ); + try { + shell() + ->exec("cp -rf {$this->source_dir}/c-client/c-client.a " . BUILD_LIB_PATH . '/libc-client.a') + ->exec("cp -rf {$this->source_dir}/c-client/*.c " . BUILD_LIB_PATH . '/') + ->exec("cp -rf {$this->source_dir}/c-client/*.h " . BUILD_INCLUDE_PATH . '/') + ->exec("cp -rf {$this->source_dir}/src/osdep/unix/*.h " . BUILD_INCLUDE_PATH . '/'); + } catch (\Throwable) { + // last command throws an exception, no idea why since it works + } + } +} From ae4e567828ed1d8199e7fbeab953576f8e956062 Mon Sep 17 00:00:00 2001 From: crazywhalecc Date: Mon, 13 Nov 2023 00:10:32 +0800 Subject: [PATCH 7/9] apply new patches --- src/globals/patch/0001_imap_macos.patch | 220 ++++++++++++++++++ .../patch/1006_openssl1.1_autoverify.patch | 58 ----- src/globals/patch/2014_openssl1.1.1_sni.patch | 42 ---- 3 files changed, 220 insertions(+), 100 deletions(-) create mode 100644 src/globals/patch/0001_imap_macos.patch delete mode 100644 src/globals/patch/1006_openssl1.1_autoverify.patch delete mode 100644 src/globals/patch/2014_openssl1.1.1_sni.patch diff --git a/src/globals/patch/0001_imap_macos.patch b/src/globals/patch/0001_imap_macos.patch new file mode 100644 index 000000000..c977de6a8 --- /dev/null +++ b/src/globals/patch/0001_imap_macos.patch @@ -0,0 +1,220 @@ +From 5ab3bd7fa858eec0626a9dd0117ca3b050ef4660 Mon Sep 17 00:00:00 2001 +From: crazywhalecc +Date: Mon, 13 Nov 2023 00:00:52 +0800 +Subject: [PATCH] make macOS static compile happy + +--- + src/c-client/netmsg.c | 1 + + src/c-client/nntp.c | 1 + + src/osdep/amiga/dummy.c | 1 + + src/osdep/amiga/mbx.c | 1 + + src/osdep/amiga/mh.c | 1 + + src/osdep/amiga/mtx.c | 1 + + src/osdep/amiga/unix.c | 1 + + src/osdep/unix/dummy.c | 1 + + src/osdep/unix/mbx.c | 1 + + src/osdep/unix/mh.c | 1 + + src/osdep/unix/mmdf.c | 1 + + src/osdep/unix/mtx.c | 1 + + src/osdep/unix/mx.c | 1 + + src/osdep/unix/tcp_unix.c | 1 + + src/osdep/unix/tenex.c | 2 ++ + src/osdep/unix/unix.c | 1 + + 16 files changed, 17 insertions(+) + +diff --git a/src/c-client/netmsg.c b/src/c-client/netmsg.c +index 187e4eb..f316d0b 100644 +--- a/src/c-client/netmsg.c ++++ b/src/c-client/netmsg.c +@@ -29,6 +29,7 @@ + + #include + #include ++#include + extern int errno; /* just in case */ + #include "c-client.h" + #include "netmsg.h" +diff --git a/src/c-client/nntp.c b/src/c-client/nntp.c +index fe90edb..b2f7536 100644 +--- a/src/c-client/nntp.c ++++ b/src/c-client/nntp.c +@@ -29,6 +29,7 @@ + + #include + #include ++#include + #include "c-client.h" + #include "newsrc.h" + #include "netmsg.h" +diff --git a/src/osdep/amiga/dummy.c b/src/osdep/amiga/dummy.c +index b003a0b..2c65824 100644 +--- a/src/osdep/amiga/dummy.c ++++ b/src/osdep/amiga/dummy.c +@@ -35,6 +35,7 @@ extern int errno; /* just in case */ + #include "osdep.h" + #include + #include ++#include + #include "dummy.h" + #include "misc.h" + +diff --git a/src/osdep/amiga/mbx.c b/src/osdep/amiga/mbx.c +index 1ece5d8..2495965 100644 +--- a/src/osdep/amiga/mbx.c ++++ b/src/osdep/amiga/mbx.c +@@ -43,6 +43,7 @@ extern int errno; /* just in case */ + #include + #include + #include ++#include + #include "misc.h" + #include "dummy.h" + #include "fdstring.h" +diff --git a/src/osdep/amiga/mh.c b/src/osdep/amiga/mh.c +index 0226b7a..e7c907a 100644 +--- a/src/osdep/amiga/mh.c ++++ b/src/osdep/amiga/mh.c +@@ -36,6 +36,7 @@ extern int errno; /* just in case */ + #include + #include + #include ++#include + #include "misc.h" + #include "dummy.h" + #include "fdstring.h" +diff --git a/src/osdep/amiga/mtx.c b/src/osdep/amiga/mtx.c +index 8e6f76e..ca7b368 100644 +--- a/src/osdep/amiga/mtx.c ++++ b/src/osdep/amiga/mtx.c +@@ -43,6 +43,7 @@ extern int errno; /* just in case */ + #include + #include + #include ++#include + #include "misc.h" + #include "dummy.h" + #include "fdstring.h" +diff --git a/src/osdep/amiga/unix.c b/src/osdep/amiga/unix.c +index be3c437..c755fe7 100644 +--- a/src/osdep/amiga/unix.c ++++ b/src/osdep/amiga/unix.c +@@ -46,6 +46,7 @@ extern int errno; /* just in case */ + #include "osdep.h" + #include + #include ++#include + #include "unix.h" + #include "pseudo.h" + #include "fdstring.h" +diff --git a/src/osdep/unix/dummy.c b/src/osdep/unix/dummy.c +index b003a0b..2c65824 100644 +--- a/src/osdep/unix/dummy.c ++++ b/src/osdep/unix/dummy.c +@@ -35,6 +35,7 @@ extern int errno; /* just in case */ + #include "osdep.h" + #include + #include ++#include + #include "dummy.h" + #include "misc.h" + +diff --git a/src/osdep/unix/mbx.c b/src/osdep/unix/mbx.c +index 1ece5d8..2495965 100644 +--- a/src/osdep/unix/mbx.c ++++ b/src/osdep/unix/mbx.c +@@ -43,6 +43,7 @@ extern int errno; /* just in case */ + #include + #include + #include ++#include + #include "misc.h" + #include "dummy.h" + #include "fdstring.h" +diff --git a/src/osdep/unix/mh.c b/src/osdep/unix/mh.c +index 0226b7a..e7c907a 100644 +--- a/src/osdep/unix/mh.c ++++ b/src/osdep/unix/mh.c +@@ -36,6 +36,7 @@ extern int errno; /* just in case */ + #include + #include + #include ++#include + #include "misc.h" + #include "dummy.h" + #include "fdstring.h" +diff --git a/src/osdep/unix/mmdf.c b/src/osdep/unix/mmdf.c +index e962434..8cc9fae 100644 +--- a/src/osdep/unix/mmdf.c ++++ b/src/osdep/unix/mmdf.c +@@ -34,6 +34,7 @@ extern int errno; /* just in case */ + #include "osdep.h" + #include + #include ++#include + #include "pseudo.h" + #include "fdstring.h" + #include "misc.h" +diff --git a/src/osdep/unix/mtx.c b/src/osdep/unix/mtx.c +index 8e6f76e..ca7b368 100644 +--- a/src/osdep/unix/mtx.c ++++ b/src/osdep/unix/mtx.c +@@ -43,6 +43,7 @@ extern int errno; /* just in case */ + #include + #include + #include ++#include + #include "misc.h" + #include "dummy.h" + #include "fdstring.h" +diff --git a/src/osdep/unix/mx.c b/src/osdep/unix/mx.c +index 4549527..9d444c9 100644 +--- a/src/osdep/unix/mx.c ++++ b/src/osdep/unix/mx.c +@@ -36,6 +36,7 @@ extern int errno; /* just in case */ + #include + #include + #include ++#include + #include "misc.h" + #include "dummy.h" + #include "fdstring.h" +diff --git a/src/osdep/unix/tcp_unix.c b/src/osdep/unix/tcp_unix.c +index 5bad706..5d6cd03 100644 +--- a/src/osdep/unix/tcp_unix.c ++++ b/src/osdep/unix/tcp_unix.c +@@ -27,6 +27,7 @@ + */ + + #include "ip_unix.c" ++#include + + #undef write /* don't use redefined write() */ + +diff --git a/src/osdep/unix/tenex.c b/src/osdep/unix/tenex.c +index eee61fb..61760f0 100644 +--- a/src/osdep/unix/tenex.c ++++ b/src/osdep/unix/tenex.c +@@ -46,6 +46,8 @@ extern int errno; /* just in case */ + #include "mail.h" + #include "osdep.h" + #include ++#include ++#include + #include "misc.h" + #include "dummy.h" + +diff --git a/src/osdep/unix/unix.c b/src/osdep/unix/unix.c +index be3c437..c755fe7 100644 +--- a/src/osdep/unix/unix.c ++++ b/src/osdep/unix/unix.c +@@ -46,6 +46,7 @@ extern int errno; /* just in case */ + #include "osdep.h" + #include + #include ++#include + #include "unix.h" + #include "pseudo.h" + #include "fdstring.h" +-- +2.39.3 (Apple Git-145) + diff --git a/src/globals/patch/1006_openssl1.1_autoverify.patch b/src/globals/patch/1006_openssl1.1_autoverify.patch deleted file mode 100644 index f8629f2fb..000000000 --- a/src/globals/patch/1006_openssl1.1_autoverify.patch +++ /dev/null @@ -1,58 +0,0 @@ -Description: Support OpenSSL 1.1 - When building with OpenSSL 1.1 and newer, use the new built-in - hostname verification instead of code that doesn't compile due to - structs having been made opaque. -Bug-Debian: https://bugs.debian.org/828589 - ---- a/src/osdep/unix/ssl_unix.c -+++ b/src/osdep/unix/ssl_unix.c -@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM * - /* disable certificate validation? */ - if (flags & NET_NOVALIDATECERT) - SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); -- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); -+ else { -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); -+ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); -+ X509_VERIFY_PARAM_set1_host(param, host, 0); -+#endif -+ -+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); - /* set default paths to CAs... */ -+ } - SSL_CTX_set_default_verify_paths (stream->context); - /* ...unless a non-standard path desired */ - if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) -@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM * - if (SSL_write (stream->con,"",0) < 0) - return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; - /* need to validate host names? */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000 - if (!(flags & NET_NOVALIDATECERT) && - (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), - host))) { -@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM * - sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); - return ssl_last_error = cpystr (tmp); - } -+#endif - return NIL; - } - -@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_ - * Returns: NIL if validated, else string of error message - */ - -+#if OPENSSL_VERSION_NUMBER < 0x10100000 - static char *ssl_validate_cert (X509 *cert,char *host) - { - int i,n; -@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce - else ret = "Unable to locate common name in certificate"; - return ret; - } -+#endif - - /* Case-independent wildcard pattern match - * Accepts: base string diff --git a/src/globals/patch/2014_openssl1.1.1_sni.patch b/src/globals/patch/2014_openssl1.1.1_sni.patch deleted file mode 100644 index 256d7d6d0..000000000 --- a/src/globals/patch/2014_openssl1.1.1_sni.patch +++ /dev/null @@ -1,42 +0,0 @@ -Bug-Debian: https://bugs.debian.org/916041 -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1834340 -Description: - Google IMAP servers require SNI if TLSv1.3 is used, - otherwise it sends a self-signed certificate which - fails validation. - - OpenSSL support/versions: - - TLSv1.3 on 1.1.1, - - a2i_IPADDRESS() on 0.9.8'ish, - - SSL_set_tlsext_host_name() on 0.9.8'ish/1.0.0; - per 'git blame/describe' and the CHANGES file. - - So check for TLSv1.3 support / OpenSSL 1.1.1 - not to incur behavior changes on pre-TLSv1.3, - and set host_name to 'host' (ssl_open_verify() - validates this, via 'ssl_last_host' variable) - - This patch just combines these two patches: - - BTS#916041 (message #5) by Ed Spiridonov, - - LP#1834340 (comment #6) by David Zuelke. -Author: Mauricio Faria de Oliveira - -Index: uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c -=================================================================== ---- uw-imap-2007f~dfsg.orig/src/osdep/unix/ssl_unix.c -+++ uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c -@@ -266,6 +266,14 @@ static char *ssl_start_work (SSLSTREAM * - /* create connection */ - if (!(stream->con = (SSL *) SSL_new (stream->context))) - return "SSL connection failed"; -+#if OPENSSL_VERSION_NUMBER >= 0x10101000 -+ /* Use SNI in case server requires it with TLSv1.3. -+ * Literal IP addresses not permitted per RFC 6066. */ -+ if (!a2i_IPADDRESS(host)) { -+ ERR_clear_error(); -+ SSL_set_tlsext_host_name(stream->con,host); -+ } -+#endif - bio = BIO_new_socket (stream->tcpstream->tcpsi,BIO_NOCLOSE); - SSL_set_bio (stream->con,bio,bio); - SSL_set_connect_state (stream->con); From d60c83bd8af20642e6edd1b2b9f38cab1946dd15 Mon Sep 17 00:00:00 2001 From: crazywhalecc Date: Mon, 13 Nov 2023 00:17:46 +0800 Subject: [PATCH 8/9] replace libpng to github --- config/source.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/source.json b/config/source.json index a94236c3b..d0e8e3b32 100644 --- a/config/source.json +++ b/config/source.json @@ -234,7 +234,7 @@ }, "libpng": { "type": "git", - "url": "https://git.code.sf.net/p/libpng/code", + "url": "https://github.com/glennrp/libpng.git", "rev": "libpng16", "license": { "type": "file", From 6d31e42717f8cabcd8c79d9ac1e90227048e962d Mon Sep 17 00:00:00 2001 From: crazywhalecc Date: Mon, 13 Nov 2023 00:32:59 +0800 Subject: [PATCH 9/9] cs fix --- src/SPC/builder/linux/library/imap.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/SPC/builder/linux/library/imap.php b/src/SPC/builder/linux/library/imap.php index 6a36c4add..60b022034 100644 --- a/src/SPC/builder/linux/library/imap.php +++ b/src/SPC/builder/linux/library/imap.php @@ -7,7 +7,6 @@ use SPC\exception\FileSystemException; use SPC\exception\RuntimeException; use SPC\store\FileSystem; -use SPC\store\SourcePatcher; class imap extends LinuxLibraryBase {