3 files changed, 91 insertions, 21 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 23dbf70abd20..9534adee165f 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,13 +1,16 @@
 pkgbase = ssmtp
 	pkgdesc = Extremely simple MTA to get mail off the system to a mailhub (with Fedora patches)
 	pkgver = 2.64
-	pkgrel = 15
+	pkgrel = 18
 	url = https://packages.debian.org/stable/mail/ssmtp
 	arch = i686
 	arch = x86_64
 	arch = armv7
 	arch = aarch64
+	arch = armv6h
+	arch = armv7h
 	license = GPL
+	makedepends = systemd
 	depends = openssl
 	depends = inetutils
 	provides = smtp-forwarder
@@ -25,14 +28,15 @@ pkgbase = ssmtp
 	source = remote-addr.patch
 	source = validate-TLS-server-cert.patch
 	source = openssl_crypto.patch
-	md5sums = 65b4e0df4934a6cd08c506cabcbe584f
-	md5sums = 15d3b21c64b83aba4ad2283318ac0680
-	md5sums = d2b946bd299453eb2df7bcc1d6186592
-	md5sums = 9de4e3a78799492a4fa8238e13e88d06
-	md5sums = 69c2bd9a00189a4c110d420b23d69258
-	md5sums = 3473db24c65bbe6fdeb51e99427e8ee2
-	md5sums = 237a6fad4d367b566ada3a900d1f1bc0
-	md5sums = aeb4ed09a26eefea9a5f6ac755c4dff0
+	source = xoauth2.patch
+	sha256sums = 22c37dc90c871e8e052b2cab0ad219d010fa938608cd66b21c8f3c759046fa36
+	sha256sums = b0203e2bed2a3c053b47fc7e36b48decf1157ec2fc3eae130b9a1bc46bd2d357
+	sha256sums = eaa35ea5cee7ba471791555e5017c4565de4d527d15d9d3c86f36b985373f325
+	sha256sums = 108d1a04dac1d99bb5bc67829f64cab5dc95c44611ebe4f535d0a5b5e8f3a49f
+	sha256sums = d0c05b24ff27c781a3e0379769f4af3ad1f0244c8899344928805a95a6ded8b3
+	sha256sums = 3f9f21f6363cee92c1e5763b9bd491e262258d39b401dccc8efc2b40c8e0dd0a
+	sha256sums = 280ac74257ad89029f91dc47b78ce3c1f9f4a96696b31f82b66d64bb3b2bcc47
+	sha256sums = 6cfcc8660968c97ff95e1df0b0725076838b4d35ffaa17c65afcf09ebca3170d
+	sha256sums = fc8d166a97329755cff25a1f444b3892071ff5618ef698e27de5bfb004373937
 
 pkgname = ssmtp
-
diff --git a/PKGBUILD b/PKGBUILD
index 1bca155dabe5..4c2c85810010 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,11 +1,32 @@
+# Maintainer: D. Can Celasun <can[at]dcc[dot]im>
+
+# To use, put `AuthMethod=XOAUTH2` and `AuthPass=<your obtained OAuth2 access token>` in `/etc/ssmtp/ssmtp.conf`.
+#
+# Remember that your OAuth2 access token is often short-lived and will expire in small intervals. (for example, Gmail access tokens expire in 1 hour) You will need a script to refresh it using a long-term refresh token.
+#
+# For Gmail, oauth2l (https://github.com/google/oauth2l, https://aur.archlinux.org/packages/oauth2l) can be used to obtain and refresh the access token using your own registered client secret with Google. Example script:
+#
+# #!/bin/bash
+# ACCESS_TOKEN=$(oauth2l fetch --scope=https://mail.google.com/ \
+#     --credentials=/etc/oauth2l.json --cache=/etc/ssmtp/oauth2l.cache --refresh)
+# sed -i "s/^AuthPass=.*$/AuthPass=$ACCESS_TOKEN/" /etc/ssmtp/ssmtp.conf
+#
+# To refresh the access token every time before sending an email from the command line:
+#
+# /etc/oauth2l.json is your client ID info
+# /etc/ssmtp/oauth2l.cache is the oauth2l cache location for storing the refresh token.
+
+
+
 pkgname=ssmtp
 pkgver=2.64
-pkgrel=15
+pkgrel=18
 pkgdesc="Extremely simple MTA to get mail off the system to a mailhub (with Fedora patches)"
-arch=('i686' 'x86_64' 'armv7' 'aarch64')
+arch=('i686' 'x86_64' 'armv7' 'aarch64' 'armv6h' 'armv7h')
 license=('GPL')
 url="https://packages.debian.org/stable/mail/ssmtp"
 depends=('openssl' 'inetutils')
+makedepends=('systemd') # Needed for sysusers.d to create the 'mail' group
 conflicts=('exim' 'smtp-forwarder')
 provides=('smtp-forwarder')
 backup=('etc/ssmtp/ssmtp.conf' 'etc/ssmtp/revaliases')
@@ -18,15 +39,17 @@ source=("http://ftp.debian.org/debian/pool/main/s/ssmtp/${pkgname}_${pkgver}.ori
         'remote-addr.patch'
         'validate-TLS-server-cert.patch'
         'openssl_crypto.patch'
+        'xoauth2.patch'
 )
-md5sums=('65b4e0df4934a6cd08c506cabcbe584f'
-         '15d3b21c64b83aba4ad2283318ac0680'
-         'd2b946bd299453eb2df7bcc1d6186592'
-         '9de4e3a78799492a4fa8238e13e88d06'
-         '69c2bd9a00189a4c110d420b23d69258'
-         '3473db24c65bbe6fdeb51e99427e8ee2'
-         '237a6fad4d367b566ada3a900d1f1bc0'
-         'aeb4ed09a26eefea9a5f6ac755c4dff0')
+sha256sums=('22c37dc90c871e8e052b2cab0ad219d010fa938608cd66b21c8f3c759046fa36'
+            'b0203e2bed2a3c053b47fc7e36b48decf1157ec2fc3eae130b9a1bc46bd2d357'
+            'eaa35ea5cee7ba471791555e5017c4565de4d527d15d9d3c86f36b985373f325'
+            '108d1a04dac1d99bb5bc67829f64cab5dc95c44611ebe4f535d0a5b5e8f3a49f'
+            'd0c05b24ff27c781a3e0379769f4af3ad1f0244c8899344928805a95a6ded8b3'
+            '3f9f21f6363cee92c1e5763b9bd491e262258d39b401dccc8efc2b40c8e0dd0a'
+            '280ac74257ad89029f91dc47b78ce3c1f9f4a96696b31f82b66d64bb3b2bcc47'
+            '6cfcc8660968c97ff95e1df0b0725076838b4d35ffaa17c65afcf09ebca3170d'
+            'fc8d166a97329755cff25a1f444b3892071ff5618ef698e27de5bfb004373937')
 
 prepare() {
   cd "${srcdir}/${pkgname}-${pkgver}"
@@ -39,6 +62,7 @@ prepare() {
   patch -p1 -i "${srcdir}/garbage_writes.patch"
   patch -p1 -i "${srcdir}/remote-addr.patch"
   patch -p1 -i "${srcdir}/validate-TLS-server-cert.patch"
+  patch -p1 -i "${srcdir}/xoauth2.patch"
 }
 
 build() {
@@ -68,7 +92,6 @@ package() {
   ln -s ssmtp "${pkgdir}/usr/sbin/sendmail"
   ln -s ssmtp "${pkgdir}/usr/sbin/newaliases"
   ln -s ssmtp "${pkgdir}/usr/sbin/mailq"
-  # usrmove
   cd "$pkgdir"
   mv usr/sbin usr/bin
 
diff --git a/xoauth2.patch b/xoauth2.patch
new file mode 100644
index 000000000000..bfc0782b2fdf
--- /dev/null
+++ b/xoauth2.patch
@@ -0,0 +1,43 @@
+Adds XOAUTH2 functionality for safer authentication.
+Still needs a separate script/service to obtain and refresh OAUTH2
+access token for most mail providers.
+
+Patch by Moriyoshi Koizumi <mozo@mozo.jp>
+Modified by Kangjing Huang <huangkangjing@gmail.com>
+
+
+diff --color -u ssmtp-2.64.orig/ssmtp.c ssmtp-2.64/ssmtp.c
+--- ssmtp-2.64.orig/ssmtp.c	2023-10-21 00:39:18.895976193 -0400
++++ ssmtp-2.64/ssmtp.c	2023-10-21 00:40:59.993918590 -0400
+@@ -1604,6 +1604,7 @@
+ 		}
+ 		else {
+ #endif
++		if(auth_method && strcasecmp(auth_method, "login") == 0) {
+ 		memset(buf, 0, bufsize);
+ 		to64frombits(buf, auth_user, strlen(auth_user));
+ 		if (use_oldauth) {
+@@ -1628,6 +1629,22 @@
+ 		memset(buf, 0, bufsize);
+ 
+ 		to64frombits(buf, auth_pass, strlen(auth_pass));
++		} else if(auth_method && strcasecmp(auth_method, "xoauth2") == 0) {
++			int authbuflen;
++			char *authbuf = malloc(5 + strlen(auth_user) + 1 + 5 + 6 + 1 + strlen(auth_pass) + 2 + 1);
++			if(!authbuf) {
++				die("Out of memory");
++			}
++			outbytes += smtp_write(sock, "AUTH XOAUTH2");
++			alarm((unsigned) MEDWAIT);
++			if(smtp_read(sock, buf) != 3) {
++				die("Server didn't accept AUTH XOAUTH2");
++			}
++			memset(buf, 0, bufsize);
++			authbuflen = sprintf(authbuf, "user=%s\1auth=Bearer %s\1\1", auth_user, auth_pass);
++			to64frombits(buf, (unsigned char*)authbuf, authbuflen);
++			free(authbuf);
++		}
+ #ifdef MD5AUTH
+ 		}
+ #endif
+