Remove clean and smudge filters from the git repo that are used to

stamp sysconftool-processed configuration file.

Rename all sysconftool-processed configuration files to *.git, and use
a build rule to create a stamped sysconftool file.

Fix a couple of compilation warnings.

1 files changed, 322 insertions, 0 deletions

diff --git a/imap/imapd-ssl.dist.in.git b/imap/imapd-ssl.dist.in.git
new file mode 100644
index 0000000..b0d68bc
--- /dev/null
+++ b/imap/imapd-ssl.dist.in.git
@@ -0,0 +1,322 @@
+##VERSION: $Id:$
+#
+# imapd-ssl created from imapd-ssl.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+#  Copyright 2000 - 2013 Double Precision, Inc.  See COPYING for
+#  distribution information.
+#
+#  This configuration file sets various options for the Courier-IMAP server
+#  when used to handle SSL IMAP connections.
+#
+#  SSL and non-SSL connections are handled by a dedicated instance of the
+#  couriertcpd daemon.  If you are accepting both SSL and non-SSL IMAP
+#  connections, you will start two instances of couriertcpd, one on the
+#  IMAP port 143, and another one on the IMAP-SSL port 993.
+#
+#  Download OpenSSL from http://www.openssl.org/
+#
+##NAME: SSLPORT:1
+#
+#  Options in the imapd-ssl configuration file AUGMENT the options in the
+#  imapd configuration file.  First the imapd configuration file is read,
+#  then the imapd-ssl configuration file, so we do not have to redefine
+#  anything.
+#
+#  However, some things do have to be redefined.  The port number is
+#  specified by SSLPORT, instead of PORT.  The default port is port 993.
+#
+#  Multiple port numbers can be separated by commas.  When multiple port
+#  numbers are used it is possibly to select a specific IP address for a
+#  given port as "ip.port".  For example, "127.0.0.1.900,192.168.0.1.900"
+#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1
+#  The SSLADDRESS setting is a default for ports that do not have
+#  a specified IP address.
+
+SSLPORT=993
+
+##NAME: SSLADDRESS:0
+#
+#  Address to listen on, can be set to a single IP address.
+#
+# SSLADDRESS=127.0.0.1
+
+SSLADDRESS=0
+
+##NAME: SSLPIDFILE:0
+#
+# That's the SSL IMAP port we'll listen on.
+# Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP.
+
+SSLPIDFILE=@piddir@/imapd-ssl.pid
+
+##NAME: SSLLOGGEROPTS:0
+#
+# courierlogger(1) options.
+#
+
+SSLLOGGEROPTS="-name=imapd-ssl"
+
+##NAME: IMAPDSSLSTART:0
+#
+# Different pid files, so that both instances of couriertcpd can coexist
+# happily.
+#
+# You can also redefine IMAP_CAPABILITY, although I can't
+# think of why you'd want to do that.
+#
+#
+# Ok, the following settings are new to imapd-ssl:
+#
+#  Whether or not to start IMAP over SSL on simap port:
+
+IMAPDSSLSTART=NO
+
+##NAME: IMAPDSTARTTLS:0
+#
+#  Whether or not to implement IMAP STARTTLS extension instead:
+
+IMAPDSTARTTLS=YES
+
+##NAME: IMAP_TLS_REQUIRED:1
+#
+# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
+# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
+# is issued).
+
+IMAP_TLS_REQUIRED=0
+
+
+#########################################################################
+#
+# The following variables configure IMAP over SSL.  If OpenSSL or GnuTLS
+# is available during configuration, the couriertls helper gets compiled, and
+# upon installation a dummy TLS_CERTFILE gets generated.
+#
+# WARNING: Peer certificate verification has NOT yet been tested.  Proceed
+# at your own risk.  Only the basic SSL/TLS functionality is known to be
+# working. Keep this in mind as you play with the following variables.
+#
+##NAME: COURIERTLS:0
+#
+
+COURIERTLS=@bindir@/couriertls
+
+##NAME: TLS_PRIORITY:0
+#
+# GnuTLS setting only
+#
+# Set TLS protocol priority settings (GnuTLS only)
+#
+# DEFAULT: NORMAL:-CTYPE-OPENPGP
+#
+# This setting is also used to select the available ciphers.
+#
+# The actual list of available ciphers depend on the options GnuTLS was
+# compiled against. The possible ciphers are:
+#
+# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
+#
+# Also, the following aliases:
+#
+# HIGH -- all ciphers that use more than a 128 bit key size
+# MEDIUM -- all ciphers that use a 128 bit key size
+# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
+#        is not included
+# ALL -- all ciphers except the NULL cipher
+#
+# See GnuTLS documentation, gnutls_priority_init(3) for additional
+# documentation.
+
+##NAME: TLS_PROTOCOL:0
+#
+# TLS_PROTOCOL sets the protocol version.  The possible versions are:
+#
+# OpenSSL:
+#
+# SSL3 - SSLv3
+# SSL23 - all protocols (including TLS 1.x protocols)
+# TLSv1 - TLS1
+# TLSv1.1 - TLS1.1
+# TLSv1.2 - TLS1.2
+#
+# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all
+# higher protocols.
+#
+# The default value is TLSv1+
+
+##NAME: TLS_CIPHER_LIST:0
+#
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+# OpenSSL:
+#
+# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
+#
+# GnuTLS:
+#
+# TLS_CIPHER_LIST="HIGH:MEDIUM"
+#
+# The actual list of available ciphers depend on the options GnuTLS was
+# compiled against. The possible ciphers are:
+#
+# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
+#
+# Also, the following aliases:
+#
+# HIGH -- all ciphers that use more than a 128 bit key size
+# MEDIUM -- all ciphers that use a 128 bit key size
+# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
+#        is not included
+# ALL -- all ciphers except the NULL cipher
+#
+# See GnuTLS documentation, gnutls_priority_init(3) for additional
+# documentation.
+
+##NAME: TLS_STARTTLS_PROTOCOL:0
+#
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
+# extension, as opposed to IMAP over SSL on port 993.
+#
+# It takes the same values for OpenSSL as TLS_PROTOCOL
+
+##NAME: TLS_CIPHER_LIST:0
+#
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+# OpenSSL:
+#
+# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
+#
+#
+
+##NAME: TLS_MIN_DH_BITS:0
+#
+# TLS_MIN_DH_BITS=n
+#
+# GnuTLS only:
+#
+# Set the minimum number of acceptable bits for a DH key exchange.
+#
+# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
+# have been encountered that offer 512 bit keys. You may have to set
+# TLS_MIN_DH_BITS=512 here, if necessary.
+
+##NAME: TLS_TIMEOUT:0
+# TLS_TIMEOUT is currently not implemented, and reserved for future use.
+# This is supposed to be an inactivity timeout, but its not yet implemented.
+#
+
+##NAME: TLS_CERTFILE:0
+#
+# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable. Set TLS_CERTFILE
+# instead of TLS_DHCERTFILE if this is a garden-variety certificate
+#
+# VIRTUAL HOSTS (servers only):
+#
+# Due to technical limitations in the original SSL/TLS protocol, a dedicated
+# IP address is required for each virtual host certificate. If you have
+# multiple certificates, install each certificate file as
+# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address
+# for the certificate's domain name. So, if TLS_CERTFILE is set to
+# /etc/certificate.pem, then you'll need to install the actual certificate
+# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3
+# and so on, for each IP address.
+#
+# GnuTLS only (servers only):
+#
+# GnuTLS implements a new TLS extension that eliminates the need to have a
+# dedicated IP address for each SSL/TLS domain name. Install each certificate
+# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem,
+# then you'll need to install the actual certificate files as
+# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com
+# and so on.
+#
+# Note that this TLS extension also requires a corresponding support in the
+# client. Older SSL/TLS clients may not support this feature.
+#
+# This is an experimental feature.
+
+TLS_CERTFILE=@certsdir@/imapd.pem
+
+##NAME: TLS_DHPARAMS:0
+#
+# TLS_DHPARAMS - DH parameter file.
+#
+TLS_DHPARAMS=@certsdir@/dhparams.pem
+
+##NAME: TLS_TRUSTCERTS:0
+#
+# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+# pathname can be a file or a directory. If a file, the file should
+# contain a list of trusted certificates, in PEM format. If a
+# directory, the directory should contain the trusted certificates,
+# in PEM format, one per file and hashed using OpenSSL's c_rehash
+# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
+# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
+# to PEER or REQUIREPEER).
+#
+
+TLS_TRUSTCERTS=@cacerts@
+
+##NAME: TLS_VERIFYPEER:0
+#
+# TLS_VERIFYPEER - how to verify client certificates.  The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the client certificate, if one's presented
+#
+# REQUIREPEER - require a client certificate, fail if one's not presented
+#
+#
+TLS_VERIFYPEER=NONE
+
+##NAME: TLS_EXTERNAL:0
+#
+# To enable SSL certificate-based authentication:
+#
+# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate
+#    authority's SSL certificate
+#
+# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings
+#    requires all SSL clients to present a certificate, and rejects
+#    SSL/TLS connections without a valid cert).
+#
+# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID.
+#    Example:
+#
+#  TLS_EXTERNAL=emailaddress
+#
+# The above example retrieves the login ID from the "emailaddress" subject
+# field. The certificate's emailaddress subject must match exactly the login
+# ID in the courier-authlib database.
+
+##NAME: TLS_CACHE:0
+#
+# A TLS/SSL session cache may slightly improve response for IMAP clients
+# that open multiple SSL sessions to the server.  TLS_CACHEFILE will be
+# automatically created, TLS_CACHESIZE bytes long, and used as a cache
+# buffer.
+#
+# This is an experimental feature and should be disabled if it causes
+# problems with SSL clients.  Disable SSL caching by commenting out the
+# following settings:
+
+TLS_CACHEFILE=@localstatedir@/couriersslcache
+TLS_CACHESIZE=524288
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir