From 9d830ac67a6c080260cc09e678e3043621f6eca8 Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@gmail.com>
Date: Mon, 4 Aug 2014 19:26:22 +0200
Subject: [PATCH] dovecot: enable lzma/lucene support and switch to libressl.

- lzma has been enabled by default
- lucene support is provided by the -plugin-lucene subpkg.
- switch to libressl with some patches from OpenBSD
---
 srcpkgs/dovecot-plugin-lucene                 |  1 +
 ...ib-ssl-iostream_iostream-openssl-context_c | 33 +++++++++++
 ...ch-src_lib-ssl-iostream_iostream-openssl_c | 24 ++++++++
 ...patch-src_login-common_ssl-proxy-openssl_c | 58 +++++++++++++++++++
 srcpkgs/dovecot/template                      | 28 +++++----
 5 files changed, 133 insertions(+), 11 deletions(-)
 create mode 120000 srcpkgs/dovecot-plugin-lucene
 create mode 100644 srcpkgs/dovecot/patches/patch-src_lib-ssl-iostream_iostream-openssl-context_c
 create mode 100644 srcpkgs/dovecot/patches/patch-src_lib-ssl-iostream_iostream-openssl_c
 create mode 100644 srcpkgs/dovecot/patches/patch-src_login-common_ssl-proxy-openssl_c

diff --git a/srcpkgs/dovecot-plugin-lucene b/srcpkgs/dovecot-plugin-lucene
new file mode 120000
index 00000000000..abeb1d0499b
--- /dev/null
+++ b/srcpkgs/dovecot-plugin-lucene
@@ -0,0 +1 @@
+dovecot
\ No newline at end of file
diff --git a/srcpkgs/dovecot/patches/patch-src_lib-ssl-iostream_iostream-openssl-context_c b/srcpkgs/dovecot/patches/patch-src_lib-ssl-iostream_iostream-openssl-context_c
new file mode 100644
index 00000000000..a9276f15ae5
--- /dev/null
+++ b/srcpkgs/dovecot/patches/patch-src_lib-ssl-iostream_iostream-openssl-context_c
@@ -0,0 +1,33 @@
+$OpenBSD: patch-src_lib-ssl-iostream_iostream-openssl-context_c,v 1.1 2014/07/30 14:28:24 naddy Exp $
+
+Check for SSL_CTRL_SET_ECDH_AUTO macro instead of OpenSSL version number.
+
+--- src/lib-ssl-iostream/iostream-openssl-context.c.orig	Tue Nov 19 15:36:30 2013
++++ src/lib-ssl-iostream/iostream-openssl-context.c	Tue Jul 29 15:51:04 2014
+@@ -416,7 +416,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *
+ 	return 0;
+ }
+ 
+-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
++#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+ static int
+ ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set,
+ 				     int *nid_r, const char **error_r)
+@@ -446,7 +446,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
+ 				const struct ssl_iostream_settings *set ATTR_UNUSED,
+ 				const char **error_r ATTR_UNUSED)
+ {
+-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
++#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+ 	EC_KEY *ecdh;
+ 	int nid;
+ 	const char *curve_name;
+@@ -459,7 +459,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
+ 	   used instead of ECDHE, do not reuse the same ECDH key pair for
+ 	   different sessions. This option improves forward secrecy. */
+ 	SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++#ifdef SSL_CTRL_SET_ECDH_AUTO
+ 	/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
+ 	   selection. */
+ 	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
diff --git a/srcpkgs/dovecot/patches/patch-src_lib-ssl-iostream_iostream-openssl_c b/srcpkgs/dovecot/patches/patch-src_lib-ssl-iostream_iostream-openssl_c
new file mode 100644
index 00000000000..387e93da4d8
--- /dev/null
+++ b/srcpkgs/dovecot/patches/patch-src_lib-ssl-iostream_iostream-openssl_c
@@ -0,0 +1,24 @@
+$OpenBSD: patch-src_lib-ssl-iostream_iostream-openssl_c,v 1.1 2014/07/30 14:28:24 naddy Exp $
+
+Fixed compiling with SSL compression disabled.
+
+--- src/lib-ssl-iostream/iostream-openssl.c.orig	Tue Jul 29 15:35:56 2014
++++ src/lib-ssl-iostream/iostream-openssl.c	Tue Jul 29 15:36:29 2014
+@@ -675,7 +675,7 @@ static const char *
+ openssl_iostream_get_security_string(struct ssl_iostream *ssl_io)
+ {
+ 	const SSL_CIPHER *cipher;
+-#ifdef HAVE_SSL_COMPRESSION
++#if defined(HAVE_SSL_COMPRESSION) && !defined(OPENSSL_NO_COMP)
+ 	const COMP_METHOD *comp;
+ #endif
+ 	const char *comp_str;
+@@ -686,7 +686,7 @@ openssl_iostream_get_security_string(struct ssl_iostre
+ 
+ 	cipher = SSL_get_current_cipher(ssl_io->ssl);
+ 	bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
+-#ifdef HAVE_SSL_COMPRESSION
++#if defined(HAVE_SSL_COMPRESSION) && !defined(OPENSSL_NO_COMP)
+ 	comp = SSL_get_current_compression(ssl_io->ssl);
+ 	comp_str = comp == NULL ? "" :
+ 		t_strconcat(" ", SSL_COMP_get_name(comp), NULL);
diff --git a/srcpkgs/dovecot/patches/patch-src_login-common_ssl-proxy-openssl_c b/srcpkgs/dovecot/patches/patch-src_login-common_ssl-proxy-openssl_c
new file mode 100644
index 00000000000..915b6dcd5fd
--- /dev/null
+++ b/srcpkgs/dovecot/patches/patch-src_login-common_ssl-proxy-openssl_c
@@ -0,0 +1,58 @@
+Check for SSL_CTRL_SET_ECDH_AUTO macro instead of OpenSSL version number.
+Fixed compiling with SSL compression disabled.
+
+Based on the existing OpenBSD patch, but updated for 2.2.13.
+
+--- src/login-common/ssl-proxy-openssl.c.orig	2014-08-04 19:00:05.463014161 +0200
++++ src/login-common/ssl-proxy-openssl.c	2014-08-04 19:02:39.069231713 +0200
+@@ -125,7 +125,7 @@ static void ssl_server_context_deinit(st
+ 
+ static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
+                                             const struct master_service_ssl_settings *set);
+-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
++#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+ static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
+ #endif
+ 
+@@ -769,7 +769,7 @@ const char *ssl_proxy_get_security_strin
+ 
+ const char *ssl_proxy_get_compression(struct ssl_proxy *proxy ATTR_UNUSED)
+ {
+-#ifdef HAVE_SSL_COMPRESSION
++#if defined(HAVE_SSL_COMPRESSION) && !defined(OPENSSL_NO_COMP)
+ 	const COMP_METHOD *comp;
+ 
+ 	comp = SSL_get_current_compression(proxy->ssl);
+@@ -1024,7 +1024,7 @@ static void
+ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
+ 	const struct master_service_ssl_settings *set ATTR_UNUSED)
+ {
+-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
++#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+ 	EC_KEY *ecdh;
+ 	int nid;
+ 	const char *curve_name;
+@@ -1032,12 +1032,12 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX
+ 	if (SSL_CTX_need_tmp_RSA(ssl_ctx))
+ 		SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
+ 	SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback);
+-#ifdef HAVE_ECDH
++#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+ 	/* In the non-recommended situation where ECDH cipher suites are being
+ 	   used instead of ECDHE, do not reuse the same ECDH key pair for
+ 	   different sessions. This option improves forward secrecy. */
+ 	SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++#ifdef SSL_CTRL_SET_ECDH_AUTO
+ 	/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
+ 	   selection. */
+ 	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
+@@ -1152,7 +1152,7 @@ ssl_proxy_ctx_use_key(SSL_CTX *ctx,
+ 	EVP_PKEY_free(pkey);
+ }
+ 
+-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
++#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+ static int
+ ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set)
+ {
diff --git a/srcpkgs/dovecot/template b/srcpkgs/dovecot/template
index 3a75ade100e..7669307538b 100644
--- a/srcpkgs/dovecot/template
+++ b/srcpkgs/dovecot/template
@@ -1,13 +1,14 @@
 # Template file for 'dovecot'
 pkgname=dovecot
 version=2.2.13
-revision=3
+revision=4
 build_style=gnu-configure
 configure_args="--with-moduledir=/usr/lib/dovecot/modules --with-sql=plugin
  --disable-static --with-nss --with-pam --with-mysql --with-pgsql
  --with-sqlite --with-ssl=openssl --with-ssldir=/etc/dovecot/ssl
- --with-gssapi --with-ldap=plugin --with-zlib --with-bzlib --with-libcap
- --with-solr --with-docs --with-systemdsystemunitdir=/usr/lib/systemd/system"
+ --with-gssapi --with-ldap=plugin --with-zlib --with-bzlib --with-lzma
+ --with-libcap --with-solr --with-lucene --with-docs
+ --with-systemdsystemunitdir=/usr/lib/systemd/system"
 short_desc="IMAP and POP3 server written with security primarily in mind"
 maintainer="Juan RP <xtraeme@gmail.com>"
 license="LGPL-2.1"
@@ -32,10 +33,11 @@ if [ "$CROSS_BUILD" ]; then
 		lib_cv_va_val_copy=yes"
 fi
 
-lib32disabled=yes
-makedepends="zlib-devel bzip2-devel openssl-devel mit-krb5-devel
+makedepends="
+ zlib-devel bzip2-devel liblzma-devel libressl-devel mit-krb5-devel
  libmysqlclient-devel>=5.5.27 postgresql-libs-devel sqlite-devel
- libldap-devel libcap-devel pam-devel libcurl-devel expat-devel"
+ libldap-devel libcap-devel pam-devel libcurl-devel expat-devel
+ clucene-devel>=2.3.3.4_4"
 # For SSL support.
 depends="openssl>=0"
 systemd_services="dovecot.service true"
@@ -66,7 +68,6 @@ conf_files="
 	/etc/dovecot/conf.d/auth-vpopmail.conf.ext
 	/etc/dovecot/dovecot.conf
 	/etc/ssl/dovecot-openssl.cnf"
-lib32disabled=yes
 
 post_install() {
 	local econfdir=usr/share/doc/dovecot/example-config
@@ -89,7 +90,6 @@ post_install() {
 }
 
 dovecot-plugin-ldap_package() {
-	lib32disabled=yes
 	depends="dovecot>=${version}"
 	short_desc+=" - LDAP plugin"
 	conf_files="/etc/dovecot/conf.d/auth-ldap.conf.ext"
@@ -100,8 +100,16 @@ dovecot-plugin-ldap_package() {
 	}
 }
 
+dovecot-plugin-lucene_package() {
+	depends="dovecot>=${version}"
+	short_desc+=" - Full Text Search plugin (Lucene)"
+	pkg_install() {
+		vmove usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so
+		vmove usr/lib/dovecot/modules/lib21_fts_lucene_plugin.so
+	}
+}
+
 dovecot-plugin-mysql_package() {
-	lib32disabled=yes
 	depends="dovecot>=${version}"
 	short_desc+=" - MySQL plugin"
 	pkg_install() {
@@ -112,7 +120,6 @@ dovecot-plugin-mysql_package() {
 }
 
 dovecot-plugin-pgsql_package() {
-	lib32disabled=yes
 	depends="dovecot>=${version}"
 	short_desc+=" - PostgreSQL plugin"
 	pkg_install() {
@@ -123,7 +130,6 @@ dovecot-plugin-pgsql_package() {
 }
 
 dovecot-plugin-sqlite_package() {
-	lib32disabled=yes
 	depends="dovecot>=${version}"
 	short_desc+=" - SQLite plugin"
 	pkg_install() {