In uw-mailutils-2004g.ebuild the option SSLTYPE=none is passed for the compilation. This is the resultant emerge uw-mailutils-2004g output (i.e., warning message from compilation setup): +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Building in NON-COMPLIANCE with RFC 3501 security requirements: + Non-compliant: ++ TLS/SSL encryption is NOT supported ++ Unencrypted plaintext passwords are permitted + + In order to rectify this problem, you MUST build with: ++ SSLTYPE=nopwd + You must also have OpenSSL or equivalent installed. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ To make a backup of your an imaps (=imap over ssl) account, the command mailutil transfer "{www.example.com/ssl/novalidate-cert/user=login}" . is all that is necessary. However, with the current ebuild, mailutil is compiled without ssl support, thus giving the following error: Can't open mailbox {www.example.com/ssl/novalidate-cert/user=login}: invalid remote specification Justification of 'major' severity: As the majority of imap servers are imaps, this lack of ssl support could be considered a major bug. Suggestion for correction: let the ebuild respond appropriately to the ssl use-flag by setting SSLTYPE=nopwd. Related usenet post with reply from mailutil author: http://groups.google.be/group/comp.mail.pine/browse_thread/thread/a92c36fd748d7e9f/0970c5ee5e46a4fd?tvc=2
Created attachment 85382 [details] An untested modification of the ebuild to resolve the problem In the hope of getting this bug moving, I've created a modified ebuild. I've taken the old ebuild, and added ssl to the IUSE list and modified the src_compile procedure to add a conditional on use ssl. If use sll then modified SSLTYPE=nopwd and removed the now useless invokation of yes; else do the old make command (with SSLTYPE=none). I did not modify the header. This ebuild is untested (I am a total noob wrt ebuilds/overlays and such matters). I am willing to test it (possibly further modified) if it is in portage hard-masked (amd64 here, but that doesn't matter much).
There are also patches to handle SSL and PAM in http://bugs.gentoo.org/show_bug.cgi?id=276401. Should we merge these 2 bugs?
+*uw-mailutils-2007e-r1 (06 May 2011) + + 06 May 2011; Eray Aslan <eras@gentoo.org> +uw-mailutils-2007e-r1.ebuild, + +files/uw-mailutils-ssl.patch: + add pam and ssl USE flags - bugs 129729 276401 +