diff --git a/dovecot-2.0-defaultconfig.patch b/dovecot-2.0-defaultconfig.patch index c9d0eb4..c7e145e 100644 --- a/dovecot-2.0-defaultconfig.patch +++ b/dovecot-2.0-defaultconfig.patch @@ -1,9 +1,9 @@ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in ---- dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-settings 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in 2025-10-15 12:05:14.570388273 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in +--- dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in 2025-11-30 09:24:17.130246956 +0100 @@ -16,24 +16,19 @@ dovecot_storage_version = @DOVECOT_CONFI # The configuration below is a minimal configuration file using system user authentication. - # See https://@DOVECOT_ASSET_URL@/configuration_manual/quick_configuration/ + # See https://@DOVECOT_ASSET_URL@/latest/core/config/quick.html -!include_try conf.d/*.conf - @@ -48,9 +48,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-setting } + +!include_try conf.d/*.conf -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf ---- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings 2025-03-28 12:33:46.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf 2025-10-15 12:00:16.233557725 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf +--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings 2025-10-29 08:00:30.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf 2025-11-30 09:18:17.667869864 +0100 @@ -21,7 +21,6 @@ # file or directory. Refer to Pigeonhole wiki or INSTALL file for more # information. @@ -76,9 +76,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-conf # the source line numbers. #sieve_trace_addresses = no -} -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf ---- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings 2025-03-28 12:33:46.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf 2025-10-15 12:00:16.234048364 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf +--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings 2025-10-29 08:00:30.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf 2025-11-30 09:18:17.668131795 +0100 @@ -6,7 +6,6 @@ # sieve_extensions or sieve_global_extensions settings. Restricting these # extensions to a global context using sieve_global_extensions is recommended. diff --git a/dovecot-2.4.1-cve-2025-30189.patch b/dovecot-2.4.1-cve-2025-30189.patch deleted file mode 100644 index 5b9deae..0000000 --- a/dovecot-2.4.1-cve-2025-30189.patch +++ /dev/null @@ -1,463 +0,0 @@ -From a70ce7d3e2f983979e971414c5892c4e30197231 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 08:16:52 +0300 -Subject: [PATCH 1/7] auth: Use AUTH_CACHE_KEY_USER instead of per-database - constants - -Fixes cache key issue where users would end up overwriting -each other in cache due to cache key being essentially static -string because we no longer support %u. - -Forgotten in 2e298e7ee98b6df61cf85117f000290d60a473b8 ---- - src/auth/auth-settings.h | 2 ++ - src/auth/passdb-bsdauth.c | 4 +--- - src/auth/passdb-oauth2.c | 2 +- - src/auth/passdb-pam.c | 3 ++- - src/auth/passdb-passwd.c | 3 +-- - src/auth/userdb-passwd.c | 3 +-- - 6 files changed, 8 insertions(+), 9 deletions(-) - -diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h -index 1d420eceaaf..90aba17ec38 100644 ---- a/src/auth/auth-settings.h -+++ b/src/auth/auth-settings.h -@@ -1,6 +1,8 @@ - #ifndef AUTH_SETTINGS_H - #define AUTH_SETTINGS_H - -+#define AUTH_CACHE_KEY_USER "%{user}" -+ - struct master_service; - struct master_service_settings_output; - -diff --git a/src/auth/passdb-bsdauth.c b/src/auth/passdb-bsdauth.c -index 68292679b7f..1b86da4053c 100644 ---- a/src/auth/passdb-bsdauth.c -+++ b/src/auth/passdb-bsdauth.c -@@ -14,8 +14,6 @@ - #include - #include - --#define BSDAUTH_CACHE_KEY "%u" -- - struct passdb_bsdauth_settings { - pool_t pool; - }; -@@ -104,7 +102,7 @@ bsdauth_preinit(pool_t pool, struct event *event, - &post_set, error_r) < 0) - return -1; - module->default_cache_key = auth_cache_parse_key_and_fields( -- pool, BSDAUTH_CACHE_KEY, &post_set->fields, "bsdauth"); -+ pool, AUTH_CACHE_KEY_USER, &post_set->fields, "bsdauth"); - - settings_free(post_set); - *module_r = module; -diff --git a/src/auth/passdb-oauth2.c b/src/auth/passdb-oauth2.c -index 96d902d323d..91fed060183 100644 ---- a/src/auth/passdb-oauth2.c -+++ b/src/auth/passdb-oauth2.c -@@ -53,7 +53,7 @@ oauth2_preinit(pool_t pool, struct event *event, struct passdb_module **module_r - if (db_oauth2_init(event, TRUE, &module->db, error_r) < 0) - return -1; - module->module.default_pass_scheme = "PLAIN"; -- module->module.default_cache_key = "%u"; -+ module->module.default_cache_key = AUTH_CACHE_KEY_USER; - *module_r = &module->module; - return 0; - } -diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c -index 2acbceb80a3..fdf0f573ef4 100644 ---- a/src/auth/passdb-pam.c -+++ b/src/auth/passdb-pam.c -@@ -415,7 +415,8 @@ static int pam_preinit(pool_t pool, struct event *event, - module = p_new(pool, struct pam_passdb_module, 1); - module->module.default_cache_key = - auth_cache_parse_key_and_fields(pool, -- t_strdup_printf("%%u/%s", set->service_name), -+ t_strdup_printf("%"AUTH_CACHE_KEY_USER"\t%s", -+ set->service_name), - &post_set->fields, "pam"); - module->requests_left = set->max_requests; - module->pam_setcred = set->setcred; -diff --git a/src/auth/passdb-passwd.c b/src/auth/passdb-passwd.c -index 13003151f9c..22e2eae7fa3 100644 ---- a/src/auth/passdb-passwd.c -+++ b/src/auth/passdb-passwd.c -@@ -10,7 +10,6 @@ - #include "safe-memset.h" - #include "ipwd.h" - --#define PASSWD_CACHE_KEY "%u" - #define PASSWD_PASS_SCHEME "CRYPT" - - #undef DEF -@@ -142,7 +141,7 @@ static int passwd_preinit(pool_t pool, struct event *event, - &post_set, error_r) < 0) - return -1; - module->default_cache_key = auth_cache_parse_key_and_fields(pool, -- PASSWD_CACHE_KEY, -+ AUTH_CACHE_KEY_USER, - &post_set->fields, - "passwd"); - settings_free(post_set); -diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c -index 5241129a0cc..14cf90a6d65 100644 ---- a/src/auth/userdb-passwd.c -+++ b/src/auth/userdb-passwd.c -@@ -9,7 +9,6 @@ - #include "ipwd.h" - #include "time-util.h" - --#define USER_CACHE_KEY "%u" - #define PASSWD_SLOW_WARN_MSECS (10*1000) - #define PASSWD_SLOW_MASTER_WARN_MSECS 50 - #define PASSDB_SLOW_MASTER_WARN_COUNT_INTERVAL 100 -@@ -225,7 +224,7 @@ static int passwd_preinit(pool_t pool, struct event *event ATTR_UNUSED, - struct passwd_userdb_module *module = - p_new(pool, struct passwd_userdb_module, 1); - -- module->module.default_cache_key = USER_CACHE_KEY; -+ module->module.default_cache_key = AUTH_CACHE_KEY_USER; - *module_r = &module->module; - return 0; - } - -From c45ce2c073c9439a9d6366016cb4d41059d737f0 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Wed, 30 Jul 2025 09:42:20 +0300 -Subject: [PATCH 2/7] auth: auth-cache - Refactor - auth_cache_parse_key_and_fields() - -Call auth_cache_parse_key_exclude() at the function end, -simplifies next commit. ---- - src/auth/auth-cache.c | 24 +++++++++++------------- - 1 file changed, 11 insertions(+), 13 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index 360ad8b3f62..3ccd45ff4b9 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -129,20 +129,18 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - const ARRAY_TYPE(const_string) *fields, - const char *exclude_driver) - { -- if (array_is_empty(fields)) -- return auth_cache_parse_key_exclude(pool, query, exclude_driver); -- -- string_t *full_query = t_str_new(128); -- str_append(full_query, query); -- -- unsigned int i, count; -- const char *const *str = array_get(fields, &count); -- for (i = 0; i < count; i += 2) { -- str_append_c(full_query, '\t'); -- str_append(full_query, str[i + 1]); -+ if (!array_is_empty(fields)) { -+ unsigned int i, count; -+ const char *const *str = array_get(fields, &count); -+ string_t *full_query = t_str_new(128); -+ str_append(full_query, query); -+ for (i = 0; i < count; i += 2) { -+ str_append_c(full_query, '\t'); -+ str_append(full_query, str[i + 1]); -+ } -+ query = str_c(full_query); - } -- return auth_cache_parse_key_exclude(pool, str_c(full_query), -- exclude_driver); -+ return auth_cache_parse_key_exclude(pool, query, exclude_driver); - } - - static void - -From 759ee1af848480987d012de2f7135160156724b6 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 11:48:43 +0300 -Subject: [PATCH 3/7] auth: auth-cache - Deduplicate auth_cache_parse_key() to - use auth_cache_parse_key_and_fields() - -Simplifies following commit ---- - src/auth/auth-cache.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index 3ccd45ff4b9..ad8cbe50784 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -122,14 +122,14 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, - - char *auth_cache_parse_key(pool_t pool, const char *query) - { -- return auth_cache_parse_key_exclude(pool, query, NULL); -+ return auth_cache_parse_key_and_fields(pool, query, NULL, NULL); - } - - char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - const ARRAY_TYPE(const_string) *fields, - const char *exclude_driver) - { -- if (!array_is_empty(fields)) { -+ if (fields != NULL && !array_is_empty(fields)) { - unsigned int i, count; - const char *const *str = array_get(fields, &count); - string_t *full_query = t_str_new(128); - -From d12bb78b5a235f31c9d5a655bd223c28d44bcadb Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 11:51:16 +0300 -Subject: [PATCH 4/7] auth: auth-cache - Change auth_cache_parse_key_exclude() - to return error - -Simplifies following commit ---- - src/auth/auth-cache.c | 25 ++++++++++++++++++------- - 1 file changed, 18 insertions(+), 7 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index ad8cbe50784..407e5d4aa0e 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -64,8 +64,10 @@ static void auth_cache_key_add_tab_idx(string_t *str, unsigned int i) - str_append_c(str, '}'); - } - --static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, -- const char *exclude_driver) -+static int auth_cache_parse_key_exclude(pool_t pool, const char *query, -+ const char *exclude_driver, -+ char **cache_key_r, -+ const char **error_r) - { - string_t *str; - bool key_seen[AUTH_REQUEST_VAR_TAB_COUNT]; -@@ -76,9 +78,9 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, - - struct var_expand_program *prog; - if (var_expand_program_create(query, &prog, &error) < 0) { -- e_debug(auth_event, "auth-cache: var_expand_program_create('%s') failed: %s", -- query, error); -- return p_strdup(pool, ""); -+ *error_r = t_strdup_printf("var_expand_program_create(%s) failed: %s", -+ query, error); -+ return -1; - } - - const char *const *vars = var_expand_program_variables(prog); -@@ -117,7 +119,8 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, - - var_expand_program_free(&prog); - -- return p_strdup(pool, str_c(str)); -+ *cache_key_r = p_strdup(pool, str_c(str)); -+ return 0; - } - - char *auth_cache_parse_key(pool_t pool, const char *query) -@@ -140,7 +143,15 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - } - query = str_c(full_query); - } -- return auth_cache_parse_key_exclude(pool, query, exclude_driver); -+ -+ char *cache_key; -+ const char *error; -+ if (auth_cache_parse_key_exclude(pool, query, exclude_driver, -+ &cache_key, &error) < 0) { -+ e_debug(auth_event, "auth-cache: %s", error); -+ cache_key = p_strdup(pool, ""); -+ } -+ return cache_key; - } - - static void - -From 20d15baa071747f91176eb3115235aa8c78a3d11 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 11:52:36 +0300 -Subject: [PATCH 5/7] auth: auth-cache - Treat cache key parsing errors as - fatals - -Avoids accidentically turning off caching ---- - src/auth/auth-cache.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index 407e5d4aa0e..be569349182 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -147,10 +147,8 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - char *cache_key; - const char *error; - if (auth_cache_parse_key_exclude(pool, query, exclude_driver, -- &cache_key, &error) < 0) { -- e_debug(auth_event, "auth-cache: %s", error); -- cache_key = p_strdup(pool, ""); -- } -+ &cache_key, &error) < 0) -+ i_fatal("auth-cache: %s", error); - return cache_key; - } - - -From 0172f8e8c55aff42c688633b2891cf157641366b Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 11:41:03 +0300 -Subject: [PATCH 6/7] auth: auth-cache - Require cache key to contain at least - one variable - ---- - src/auth/auth-cache.c | 7 +++++++ - src/auth/test-auth-cache.c | 37 ++++++++++++++++++++++++++++++++++++- - 2 files changed, 43 insertions(+), 1 deletion(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index be569349182..32959f5d0f4 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -86,6 +86,13 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query, - const char *const *vars = var_expand_program_variables(prog); - str = t_str_new(32); - -+ if (*vars == NULL && *query != '\0') { -+ var_expand_program_free(&prog); -+ *error_r = t_strdup_printf("%s: Cache key must contain at least one variable", -+ query); -+ return -1; -+ } -+ - for (; *vars != NULL; vars++) { - /* ignore any providers */ - if (strchr(*vars, ':') != NULL && -diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c -index 46836defc6d..b36d83ec022 100644 ---- a/src/auth/test-auth-cache.c -+++ b/src/auth/test-auth-cache.c -@@ -97,7 +97,35 @@ static void test_auth_cache_parse_key(void) - tests[i].in); - test_assert_strcmp_idx(cache_key, tests[i].out, i); - } -+ -+ test_end(); -+} -+ -+static enum fatal_test_state test_cache_key_missing_variable(unsigned int i) -+{ -+ if (i == 0) -+ test_begin("auth cache missing variable"); -+ -+ /* ensure that we do not accept static string */ -+ static const struct { -+ const char *in, *out; -+ } tests_bad[] = { -+ { "%u", "auth-cache: %u: Cache key must contain at least one variable" }, -+ { "foobar", "auth-cache: foobar: Cache key must contain at least one variable" }, -+ { "%{test", "auth-cache: var_expand_program_create(%{test) " \ -+ "failed: syntax error, unexpected end of file, " \ -+ "expecting CCBRACE or PIPE" }, -+ }; -+ -+ if (i < N_ELEMENTS(tests_bad)) { -+ test_expect_fatal_string(tests_bad[i].out); -+ (void)auth_cache_parse_key(pool_datastack_create(), -+ tests_bad[i].in); -+ return FATAL_TEST_FAILURE; -+ } -+ - test_end(); -+ return FATAL_TEST_FINISHED; - } - - int main(void) -@@ -108,7 +136,14 @@ int main(void) - test_auth_cache_parse_key, - NULL - }; -- int ret = test_run(test_functions); -+ -+ static test_fatal_func_t *const fatal_functions[] = { -+ test_cache_key_missing_variable, -+ NULL, -+ }; -+ -+ int ret = test_run_with_fatals(test_functions, fatal_functions); -+ - event_unref(&auth_event); - return ret; - } - -From 34caed79b76a7b82a2a9c94cf35371bec6c2b826 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 12:00:57 +0300 -Subject: [PATCH 7/7] auth: auth-cache - Drop auth_cache_parse_key() - -It's only used by tests and can now just call -auth_cache_parse_key_and_fields(). ---- - src/auth/auth-cache.c | 5 ----- - src/auth/auth-cache.h | 6 ++---- - src/auth/test-auth-cache.c | 8 ++++---- - 3 files changed, 6 insertions(+), 13 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index 32959f5d0f4..82cc0d526eb 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -130,11 +130,6 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query, - return 0; - } - --char *auth_cache_parse_key(pool_t pool, const char *query) --{ -- return auth_cache_parse_key_and_fields(pool, query, NULL, NULL); --} -- - char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - const ARRAY_TYPE(const_string) *fields, - const char *exclude_driver) -diff --git a/src/auth/auth-cache.h b/src/auth/auth-cache.h -index 9bdb9185170..d63621b1a4c 100644 ---- a/src/auth/auth-cache.h -+++ b/src/auth/auth-cache.h -@@ -16,10 +16,8 @@ struct auth_cache_node { - struct auth_cache; - struct auth_request; - --/* Parses all %x variables from query and compresses them into tab-separated -- list, so it can be used as a cache key. */ --char *auth_cache_parse_key(pool_t pool, const char *query); --/* Same as auth_cache_parse_key(), but add also variables from "fields", -+/* Parses all %variables from query and compresses them into tab-separated -+ list, so it can be used as a cache key. Adds also variables from "fields", - except variables prefixed with ":" */ - char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - const ARRAY_TYPE(const_string) *fields, -diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c -index b36d83ec022..f58c21f7afb 100644 ---- a/src/auth/test-auth-cache.c -+++ b/src/auth/test-auth-cache.c -@@ -93,8 +93,8 @@ static void test_auth_cache_parse_key(void) - test_begin("auth cache parse key"); - - for (i = 0; i < N_ELEMENTS(tests); i++) { -- cache_key = auth_cache_parse_key(pool_datastack_create(), -- tests[i].in); -+ cache_key = auth_cache_parse_key_and_fields(pool_datastack_create(), -+ tests[i].in, NULL, NULL); - test_assert_strcmp_idx(cache_key, tests[i].out, i); - } - -@@ -119,8 +119,8 @@ static enum fatal_test_state test_cache_key_missing_variable(unsigned int i) - - if (i < N_ELEMENTS(tests_bad)) { - test_expect_fatal_string(tests_bad[i].out); -- (void)auth_cache_parse_key(pool_datastack_create(), -- tests_bad[i].in); -+ (void)auth_cache_parse_key_and_fields(pool_datastack_create(), -+ tests_bad[i].in, NULL, NULL); - return FATAL_TEST_FAILURE; - } - diff --git a/dovecot-2.4.1-gssapi.patch b/dovecot-2.4.1-gssapi.patch deleted file mode 100644 index 9765eb9..0000000 --- a/dovecot-2.4.1-gssapi.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dovecot-2.4.1-4/src/auth/mech-gssapi.c.gssapi dovecot-2.4.1-4/src/auth/mech-gssapi.c ---- dovecot-2.4.1-4/src/auth/mech-gssapi.c.gssapi 2025-06-24 00:07:54.720275640 +0200 -+++ dovecot-2.4.1-4/src/auth/mech-gssapi.c 2025-06-24 00:10:04.541651871 +0200 -@@ -672,7 +672,7 @@ mech_gssapi_auth_initial(struct auth_req - - if (data_size == 0) { - /* The client should go first */ -- auth_request_handler_reply_continue(request, NULL, 0); -+ auth_request_handler_reply_continue(request, uchar_empty_ptr, 0); - } else { - mech_gssapi_auth_continue(request, data, data_size); - } diff --git a/dovecot-2.4.1-nolibotp.patch b/dovecot-2.4.1-nolibotp.patch index 6c8dad5..aea6ada 100644 --- a/dovecot-2.4.1-nolibotp.patch +++ b/dovecot-2.4.1-nolibotp.patch @@ -1,134 +1,80 @@ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c 2025-06-05 22:36:50.148155427 +0200 -@@ -20,8 +20,6 @@ - #include "password-scheme.h" - #include "passdb-cache.h" - #include "mech.h" --#include "otp.h" --#include "mech-otp-common.h" - #include "auth.h" - #include "auth-penalty.h" - #include "auth-token.h" -@@ -272,7 +270,6 @@ static void main_deinit(void) - - auth_policy_deinit(); - mech_register_deinit(&mech_reg); -- mech_otp_deinit(); - db_oauth2_deinit(); - mech_deinit(global_auth_settings); - settings_free(global_auth_settings); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c 2025-06-05 22:36:50.148435422 +0200 -@@ -71,7 +71,6 @@ extern const struct mech_module mech_apo - extern const struct mech_module mech_cram_md5; - extern const struct mech_module mech_digest_md5; - extern const struct mech_module mech_external; --extern const struct mech_module mech_otp; - extern const struct mech_module mech_scram_sha1; - extern const struct mech_module mech_scram_sha1_plus; - extern const struct mech_module mech_scram_sha256; -@@ -217,7 +216,6 @@ void mech_init(const struct auth_setting - mech_register_module(&mech_gssapi_spnego); - #endif - } -- mech_register_module(&mech_otp); - mech_register_module(&mech_scram_sha1); - mech_register_module(&mech_scram_sha1_plus); - mech_register_module(&mech_scram_sha256); -@@ -247,7 +245,6 @@ void mech_deinit(const struct auth_setti - mech_unregister_module(&mech_gssapi_spnego); - #endif - } -- mech_unregister_module(&mech_otp); - mech_unregister_module(&mech_scram_sha1); - mech_unregister_module(&mech_scram_sha1_plus); - mech_unregister_module(&mech_scram_sha256); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c.nolibotp 2025-06-05 23:11:23.428522162 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c 2025-06-05 23:11:23.443511259 +0200 -@@ -72,7 +72,6 @@ void test_auth_init(void) - void test_auth_deinit(void) - { - auth_penalty_deinit(&auth_penalty); -- mech_otp_deinit(); - db_oauth2_deinit(); - auths_deinit(); - auth_token_deinit(); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c 2025-06-05 22:36:50.148639214 +0200 -@@ -24,7 +24,6 @@ extern const struct mech_module mech_dig - extern const struct mech_module mech_external; - extern const struct mech_module mech_login; - extern const struct mech_module mech_oauthbearer; --extern const struct mech_module mech_otp; - extern const struct mech_module mech_plain; - extern const struct mech_module mech_scram_sha1; - extern const struct mech_module mech_scram_sha256; -@@ -60,10 +59,7 @@ request_handler_reply_mock_callback(stru +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c 2025-11-30 13:38:50.100927373 +0100 +@@ -16,7 +16,7 @@ + static const char *const settings[] = { + "base_dir", ".", + "auth_mechanisms", +- "ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN OTP " ++ "ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN " + "OAUTHBEARER SCRAM-SHA-1 SCRAM-SHA-256 XOAUTH2", + "auth_username_chars", "", + "auth_username_format", "", +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c 2025-11-30 13:38:50.101130654 +0100 +@@ -46,10 +46,7 @@ request_handler_reply_mock_callback(stru if (request->passdb_result == PASSDB_RESULT_OK) request->failed = FALSE; -- else if (request->mech == &mech_otp) { +- else if (strcmp(request->fields.mech_name, SASL_MECH_NAME_OTP) == 0) { - if (null_strcmp(request->fields.user, "otp_phase_2") == 0) - request->failed = FALSE; -- } else if (request->mech == &mech_oauthbearer) { -+ else if (request->mech == &mech_oauthbearer) { +- } else if (strcmp(request->fields.mech_name, ++ else if (strcmp(request->fields.mech_name, + SASL_MECH_NAME_OAUTHBEARER) == 0) { } }; +@@ -190,10 +187,6 @@ static void test_mechs(void) + {"PLAIN", UCHAR_LEN("\0testuser\0testpass"), "testuser", TRUE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", TRUE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", TRUE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", TRUE, TRUE, FALSE}, +- {"OTP", UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", TRUE, TRUE, FALSE}, +- {"OTP", UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", TRUE, TRUE, FALSE}, +- {"OTP", UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", TRUE, TRUE, FALSE}, + {"OAUTHBEARER", UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", FALSE, TRUE, FALSE}, + {"SCRAM-SHA-1", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE}, + {"SCRAM-SHA-256", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE}, +@@ -208,8 +201,6 @@ static void test_mechs(void) + {"EXTERNAL", UCHAR_LEN(""), "testuser", FALSE, TRUE, FALSE}, + {"EXTERNAL", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, + {"LOGIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN(""), "testuser", FALSE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, + {"OAUTHBEARER", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, + {"XOAUTH2", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, +@@ -221,7 +212,6 @@ static void test_mechs(void) + {"APOP", UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, FALSE, FALSE, FALSE}, + {"APOP", UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, FALSE, FALSE, FALSE}, + {"APOP", UCHAR_LEN("1.1.1"), NULL, FALSE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN("somebody\0testuser"), "testuser", FALSE, TRUE, FALSE}, + {"CRAM-MD5", UCHAR_LEN("testuser\0response"), "testuser", FALSE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("testuser\0"), "testuser", FALSE, FALSE, FALSE}, -@@ -181,10 +177,6 @@ static void test_mechs(void) - {&mech_plain, UCHAR_LEN("\0testuser\0testpass"), "testuser", NULL, TRUE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", NULL, TRUE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", NULL, TRUE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, -- {&mech_otp, UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, -- {&mech_otp, UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, -- {&mech_otp, UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", NULL , TRUE, TRUE, FALSE}, - {&mech_oauthbearer, UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", NULL, FALSE, TRUE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, - {&mech_scram_sha256, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, -@@ -199,8 +191,6 @@ static void test_mechs(void) - {&mech_external, UCHAR_LEN(""), "testuser", NULL, FALSE, TRUE, FALSE}, - {&mech_external, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_login, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN(""), NULL, "invalid input", FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN(""), "testuser", "invalid input", FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_oauthbearer, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_xoauth2, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, -@@ -212,7 +202,6 @@ static void test_mechs(void) - {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_apop, UCHAR_LEN("1.1.1"), NULL, NULL, FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN("somebody\0testuser"), "testuser", "unsupported response type", FALSE, TRUE, FALSE}, - {&mech_cram_md5, UCHAR_LEN("testuser\0response"), "testuser", NULL, FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("testuser\0"), "testuser", NULL, FALSE, FALSE, FALSE}, - -@@ -254,9 +243,7 @@ static void test_mechs(void) - {&mech_plain, UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("failingwiththis"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("failing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), NULL, "invalid input", FALSE, FALSE, FALSE}, +@@ -264,9 +254,7 @@ static void test_mechs(void) + {"PLAIN", UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, FALSE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("failingwiththis"), NULL, FALSE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("failing\0withthis"), NULL, FALSE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN("someb\0ody\0testuser"), NULL, FALSE, FALSE, FALSE}, /* phase 2 */ -- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), "testuser", "unsupported response type", FALSE, TRUE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("n,a=masteruser,,"), NULL, NULL, FALSE, FALSE, FALSE}, -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.nolibotp 2025-06-05 22:36:50.142606171 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-06-05 22:36:50.148822418 +0200 +- {"OTP", UCHAR_LEN("someb\0ody\0testuser"), "testuser", FALSE, TRUE, FALSE}, + {"SCRAM-SHA-1", UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, FALSE, FALSE, FALSE}, + {"SCRAM-SHA-1", UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, FALSE, FALSE, FALSE}, + {"SCRAM-SHA-1", UCHAR_LEN("n,a=masteruser,,"), NULL, FALSE, FALSE, FALSE}, +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp 2025-11-30 13:38:50.093609901 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c 2025-11-30 13:38:50.101359374 +0100 @@ -13,7 +13,6 @@ #include "randgen.h" #include "sha1.h" #include "sha2.h" -#include "otp.h" #include "str.h" + #include "auth-digest.h" #include "password-scheme.h" - #include "password-scheme-private.h" -@@ -701,33 +700,6 @@ plain_md5_generate(const char *plaintext +@@ -704,33 +703,6 @@ plain_md5_generate(const char *plaintext *size_r = MD5_RESULTLEN; } @@ -162,7 +108,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.noli static const struct password_scheme builtin_schemes[] = { { .name = "MD5", -@@ -891,13 +863,6 @@ static const struct password_scheme buil +@@ -894,13 +866,6 @@ static const struct password_scheme buil .password_generate = plain_md5_generate, }, { @@ -176,9 +122,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.noli .name = "PBKDF2", .default_encoding = PW_ENCODING_NONE, .raw_password_len = 0, -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h 2025-06-05 22:36:50.148942954 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h 2025-11-30 13:38:50.101549260 +0100 @@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi /* INTERNAL: */ const char *password_generate_salt(size_t len); @@ -187,11 +133,11 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.noli - unsigned int algo, const char **result_r) - ATTR_NULL(2); - int scram_scheme_parse(const struct hash_method *hmethod, const char *name, - const unsigned char *credentials, size_t size, -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c 2025-06-05 22:36:50.149077275 +0200 + int scram_verify(const struct hash_method *hmethod, const char *scheme_name, + const char *plaintext, const unsigned char *raw_password, +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c 2025-11-30 13:38:50.101711124 +0100 @@ -107,7 +107,6 @@ static void test_password_schemes(void) test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test"); test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test"); @@ -200,3 +146,140 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test"); test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test"); test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test"); +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp 2025-11-30 13:39:54.210043386 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c 2025-11-30 13:39:54.217205256 +0100 +@@ -175,7 +175,6 @@ void dsasl_clients_init(void) + dsasl_client_mech_register(&dsasl_client_mech_digest_md5); + dsasl_client_mech_register(&dsasl_client_mech_cram_md5); + dsasl_client_mech_register(&dsasl_client_mech_oauthbearer); +- dsasl_client_mech_register(&dsasl_client_mech_otp); + dsasl_client_mech_register(&dsasl_client_mech_xoauth2); + dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1); + dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1_plus); +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp 2025-11-30 13:40:22.269119732 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h 2025-11-30 13:40:22.275363043 +0100 +@@ -50,7 +50,6 @@ extern const struct dsasl_client_mech ds + extern const struct dsasl_client_mech dsasl_client_mech_external; + extern const struct dsasl_client_mech dsasl_client_mech_login; + extern const struct dsasl_client_mech dsasl_client_mech_oauthbearer; +-extern const struct dsasl_client_mech dsasl_client_mech_otp; + extern const struct dsasl_client_mech dsasl_client_mech_xoauth2; + extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1; + extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1_plus; +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp 2025-11-30 13:40:56.823727053 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c 2025-11-30 13:40:56.837864792 +0100 +@@ -635,7 +635,6 @@ static void fuzz_sasl_run(struct istream + sasl_server_mech_register_cram_md5(server_inst); + sasl_server_mech_register_digest_md5(server_inst); + sasl_server_mech_register_login(server_inst); +- sasl_server_mech_register_otp(server_inst); + sasl_server_mech_register_plain(server_inst); + sasl_server_mech_register_scram_sha1(server_inst); + sasl_server_mech_register_scram_sha1_plus(server_inst); +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp 2025-11-30 13:41:24.035316421 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h 2025-11-30 13:41:24.050796571 +0100 +@@ -193,8 +193,6 @@ void sasl_server_mech_register_scram_sha + void sasl_server_mech_register_scram_sha256_plus( + struct sasl_server_instance *sinst); + +-void sasl_server_mech_register_otp(struct sasl_server_instance *sinst); +- + /* Winbind */ + + struct sasl_server_winbind_settings { +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp 2025-11-30 13:42:08.741524883 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c 2025-11-30 13:42:08.757334395 +0100 +@@ -507,7 +507,6 @@ test_sasl_run(const struct test_sasl *te + sasl_server_mech_register_digest_md5(server_inst); + sasl_server_mech_register_external(server_inst); + sasl_server_mech_register_login(server_inst); +- sasl_server_mech_register_otp(server_inst); + sasl_server_mech_register_plain(server_inst); + sasl_server_mech_register_scram_sha1(server_inst); + sasl_server_mech_register_scram_sha1_plus(server_inst); +@@ -722,16 +721,6 @@ static const struct test_sasl success_te + .password = "tokentokentoken", + }, + }, +- /* OTP */ +- { +- .mech = "OTP", +- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME, +- .server = { +- .authid = "user", +- .password = "pass", +- }, +- .repeat = 1050, +- }, + /* EXTERNAL */ + { + .mech = "EXTERNAL", +@@ -1457,31 +1446,6 @@ static const struct test_sasl bad_creds_ + }, + .failure = TRUE, + }, +- /* OTP */ +- { +- .mech = "OTP", +- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME, +- .server = { +- .authid = "user", +- .password = "pass", +- }, +- .client = { +- .authid = "userb", +- }, +- .failure = TRUE, +- }, +- { +- .mech = "OTP", +- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME, +- .server = { +- .authid = "user", +- .password = "pass", +- }, +- .client = { +- .password = "florp", +- }, +- .failure = TRUE, +- }, + /* EXTERNAL */ + { + .mech = "EXTERNAL", +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 2025-11-30 13:56:23.124460140 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c 2025-11-30 13:56:39.521935947 +0100 +@@ -472,7 +472,6 @@ MECH_SIMPLE_REGISTER__TEMPLATE(cram_md5) + MECH_SIMPLE_REGISTER__TEMPLATE(digest_md5) + MECH_SIMPLE_REGISTER__TEMPLATE(external) + MECH_SIMPLE_REGISTER__TEMPLATE(login) +-MECH_SIMPLE_REGISTER__TEMPLATE(otp) + MECH_SIMPLE_REGISTER__TEMPLATE(plain) + MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1) + MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1_plus) +@@ -539,12 +538,6 @@ static const struct auth_sasl_mech_modul + .mech_register = mech_login_register, + }; + +-static const struct auth_sasl_mech_module mech_otp = { +- .mech_name = SASL_MECH_NAME_OTP, +- +- .mech_register = mech_otp_register, +-}; +- + static const struct auth_sasl_mech_module mech_plain = { + .mech_name = SASL_MECH_NAME_PLAIN, + +@@ -612,7 +605,6 @@ static void auth_sasl_mechs_init(const s + if (set->use_winbind) + auth_sasl_mech_register_module(&mech_winbind_ntlm); + auth_sasl_mech_oauth2_register(); +- auth_sasl_mech_register_module(&mech_otp); + auth_sasl_mech_register_module(&mech_plain); + auth_sasl_mech_register_module(&mech_scram_sha1); + auth_sasl_mech_register_module(&mech_scram_sha1_plus); diff --git a/dovecot-2.4.1-opensslhmac3.patch b/dovecot-2.4.1-opensslhmac3.patch index d5e8a92..1947856 100644 --- a/dovecot-2.4.1-opensslhmac3.patch +++ b/dovecot-2.4.1-opensslhmac3.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c 2025-07-30 11:45:19.801515296 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c 2025-11-30 09:57:55.178213106 +0100 @@ -162,17 +162,17 @@ void auth_token_deinit(void) const char *auth_token_get(const char *service, const char *session_pid, const char *username, const char *session_id) @@ -26,10 +26,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 return binary_to_hex(result, sizeof(result)); } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am 2025-07-30 11:45:19.803705887 +0200 -@@ -66,6 +66,7 @@ auth_LDFLAGS = -export-dynamic +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am 2025-11-30 09:57:55.178490134 +0100 +@@ -71,6 +71,7 @@ auth_LDFLAGS = -export-dynamic auth_libs = \ ../lib-auth/libauth-crypt.la \ $(AUTH_LUA_LIBS) \ @@ -37,35 +37,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 d $(LIBDOVECOT_SQL) auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS) -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c 2025-07-30 11:45:19.801656370 +0200 -@@ -50,7 +50,7 @@ static bool verify_credentials(struct cr - const unsigned char *credentials, size_t size) - { - unsigned char digest[MD5_RESULTLEN]; -- struct hmac_context ctx; -+ struct orig_hmac_context ctx; - const char *response_hex; - - if (size != CRAM_MD5_CONTEXTLEN) { -@@ -59,10 +59,10 @@ static bool verify_credentials(struct cr - return FALSE; - } - -- hmac_init(&ctx, NULL, 0, &hash_method_md5); -+ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5); - hmac_md5_set_cram_context(&ctx, credentials); -- hmac_update(&ctx, request->challenge, strlen(request->challenge)); -- hmac_final(&ctx, digest); -+ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge)); -+ orig_hmac_final(&ctx, digest); - - response_hex = binary_to_hex(digest, sizeof(digest)); - -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am 2025-07-30 11:45:19.803805844 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am 2025-11-30 09:57:55.179136544 +0100 @@ -21,11 +21,13 @@ AM_CPPFLAGS = \ $(BINARY_CFLAGS) @@ -80,10 +54,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 d $(LIBDOVECOT_STORAGE) \ $(LIBDOVECOT) imap_DEPENDENCIES = \ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am 2025-07-30 11:45:19.803904279 +0200 -@@ -22,6 +22,7 @@ imap_urlauth_CPPFLAGS = \ +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am 2025-11-30 09:57:55.179268682 +0100 +@@ -23,6 +23,7 @@ imap_urlauth_CPPFLAGS = \ imap_urlauth_LDFLAGS = -export-dynamic imap_urlauth_LDADD = $(LIBDOVECOT) \ @@ -91,7 +65,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.openss $(BINARY_LDFLAGS) imap_urlauth_DEPENDENCIES = $(LIBDOVECOT_DEPS) -@@ -52,7 +53,7 @@ imap_urlauth_worker_LDFLAGS = -export-dy +@@ -53,7 +54,7 @@ imap_urlauth_worker_LDFLAGS = -export-dy urlauth_libs = \ $(top_builddir)/src/lib-imap-urlauth/libimap-urlauth.la @@ -100,10 +74,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.openss imap_urlauth_worker_DEPENDENCIES = $(urlauth_libs) $(LIBDOVECOT_STORAGE_DEPS) $(LIBDOVECOT_DEPS) imap_urlauth_worker_SOURCES = \ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c 2025-07-30 11:45:19.801788468 +0200 -@@ -248,7 +248,7 @@ static string_t *auth_scram_get_client_f +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c 2025-11-30 09:57:55.179413002 +0100 +@@ -222,7 +222,7 @@ static string_t *auth_scram_get_client_f unsigned char client_signature[hmethod->digest_size]; unsigned char client_proof[hmethod->digest_size]; unsigned char server_key[hmethod->digest_size]; @@ -112,7 +86,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.op const void *cbind_input; size_t cbind_input_size; string_t *auth_message, *str; -@@ -307,9 +307,9 @@ static string_t *auth_scram_get_client_f +@@ -281,9 +281,9 @@ static string_t *auth_scram_get_client_f client->iter, salted_password); /* ClientKey := HMAC(SaltedPassword, "Client Key") */ @@ -125,7 +99,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.op /* StoredKey := H(ClientKey) */ hash_method_get_digest(hmethod, client_key, sizeof(client_key), -@@ -327,9 +327,9 @@ static string_t *auth_scram_get_client_f +@@ -301,9 +301,9 @@ static string_t *auth_scram_get_client_f str_append_str(auth_message, str); /* ClientSignature := HMAC(StoredKey, AuthMessage) */ @@ -138,7 +112,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.op /* ClientProof := ClientKey XOR ClientSignature */ for (k = 0; k < hmethod->digest_size; k++) -@@ -340,16 +340,16 @@ static string_t *auth_scram_get_client_f +@@ -314,16 +314,16 @@ static string_t *auth_scram_get_client_f safe_memset(client_signature, 0, sizeof(client_signature)); /* ServerKey := HMAC(SaltedPassword, "Server Key") */ @@ -161,9 +135,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.op safe_memset(salted_password, 0, sizeof(salted_password)); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c 2025-07-30 11:45:19.801918022 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c 2025-11-30 09:57:55.179729815 +0100 @@ -31,7 +31,7 @@ void auth_scram_hi(const struct hash_met const unsigned char *salt, size_t salt_size, unsigned int i, unsigned char *result) @@ -233,10 +207,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhm safe_memset(salted_password, 0, sizeof(salted_password)); safe_memset(client_key, 0, sizeof(client_key)); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c 2025-07-30 11:45:19.802027357 +0200 -@@ -342,7 +342,7 @@ auth_scram_server_verify_credentials(str +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c 2025-11-30 09:57:55.179862473 +0100 +@@ -288,7 +288,7 @@ auth_scram_server_verify_credentials(str { const struct hash_method *hmethod = server->set.hash_method; struct auth_scram_key_data *kdata = &server->key_data; @@ -245,7 +219,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.op const char *auth_message; unsigned char client_key[hmethod->digest_size]; unsigned char client_signature[hmethod->digest_size]; -@@ -363,9 +363,9 @@ auth_scram_server_verify_credentials(str +@@ -309,9 +309,9 @@ auth_scram_server_verify_credentials(str server->server_first_message, ",", server->client_final_message_without_proof, NULL); @@ -258,7 +232,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.op /* ClientProof := ClientKey XOR ClientSignature */ const unsigned char *proof_data = server->proof->data; -@@ -494,7 +494,7 @@ auth_scram_get_server_final(struct auth_ +@@ -440,7 +440,7 @@ auth_scram_get_server_final(struct auth_ { const struct hash_method *hmethod = server->set.hash_method; struct auth_scram_key_data *kdata = &server->key_data; @@ -267,7 +241,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.op const char *auth_message; unsigned char server_signature[hmethod->digest_size]; string_t *str; -@@ -510,9 +510,9 @@ auth_scram_get_server_final(struct auth_ +@@ -456,9 +456,9 @@ auth_scram_get_server_final(struct auth_ server->server_first_message, ",", server->client_final_message_without_proof, NULL); @@ -280,10 +254,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.op /* RFC 5802, Section 7: -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-07-30 11:45:19.802166177 +0200 -@@ -631,11 +631,11 @@ static void +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c 2025-11-30 09:57:55.180035106 +0100 +@@ -633,11 +633,11 @@ static void cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) { @@ -297,10 +271,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.open strlen(plaintext), &hash_method_md5); hmac_md5_get_cram_context(&ctx, context_digest); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c 2025-07-30 11:45:19.802285591 +0200 -@@ -69,7 +69,7 @@ int scram_verify(const struct hash_metho +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c 2025-11-30 09:57:55.180182392 +0100 +@@ -23,7 +23,7 @@ int scram_verify(const struct hash_metho const char *plaintext, const unsigned char *raw_password, size_t size, const char **error_r) { @@ -309,7 +283,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram. const char *salt_base64; unsigned int iter_count; const unsigned char *salt; -@@ -94,9 +94,9 @@ int scram_verify(const struct hash_metho +@@ -49,9 +49,9 @@ int scram_verify(const struct hash_metho salt, salt_len, iter_count, salted_password); /* Calculate ClientKey */ @@ -322,9 +296,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram. /* Calculate StoredKey */ hash_method_get_digest(hmethod, client_key, sizeof(client_key), -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c 2025-07-30 11:46:43.346310291 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c 2025-11-30 09:57:55.180318937 +0100 @@ -7,6 +7,10 @@ * This software is released under the MIT license. */ @@ -598,9 +572,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot - safe_memset(prk, 0, sizeof(prk)); - safe_memset(okm, 0, sizeof(okm)); } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c 2025-07-30 11:45:19.802547733 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c 2025-11-30 09:57:55.180461985 +0100 @@ -9,10 +9,10 @@ #include "md5.h" #include "hmac-cram-md5.h" @@ -627,9 +601,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac const unsigned char *cdp; struct md5_context *ctx = (void*)hmac_ctx->ctx; -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h 2025-07-30 11:45:19.802643613 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h 2025-11-30 09:57:55.180563796 +0100 @@ -5,9 +5,9 @@ #define CRAM_MD5_CONTEXTLEN 32 @@ -642,9 +616,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h 2025-07-30 11:45:19.802751766 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h 2025-11-30 09:57:55.180723505 +0100 @@ -4,60 +4,108 @@ #include "hash-method.h" #include "sha1.h" @@ -654,7 +628,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 dovecot +#include +#include - #define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx) + #define HMAC_MAX_CONTEXT_SIZE HASH_METHOD_MAX_CONTEXT_SIZE -struct hmac_context_priv { + @@ -767,9 +741,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 dovecot okm_buffer, okm_len); return okm_buffer; } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c 2025-07-30 11:45:19.802862354 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c 2025-11-30 09:57:55.180863807 +0100 @@ -87,15 +87,15 @@ imap_urlauth_internal_generate( const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN], size_t *token_len_r) @@ -790,10 +764,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c *token_len_r = SHA1_RESULTLEN + 1; return token; -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am 2025-07-30 11:45:19.802976508 +0200 -@@ -359,6 +359,9 @@ headers = \ +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am 2025-11-30 09:57:55.180990124 +0100 +@@ -414,6 +414,9 @@ headers = \ wildcard-match.h \ write-full.h @@ -803,9 +777,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 do test_programs = test-lib noinst_PROGRAMS = $(test_programs) -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c 2025-07-30 11:45:19.803097425 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c 2025-11-30 09:57:55.181135306 +0100 @@ -210,14 +210,14 @@ oauth2_validate_hmac(const struct oauth2 if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0) return -1; @@ -827,9 +801,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.openssl buffer_t *their_digest = t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c 2025-07-30 11:45:19.803224443 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c 2025-11-30 09:57:55.181290025 +0100 @@ -250,7 +250,7 @@ static void save_key_azp_to(const char * static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key) { @@ -857,9 +831,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.op tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c 2025-07-30 11:45:19.803357132 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c 2025-11-30 09:57:55.181492013 +0100 @@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */ unsigned char dk[l * hash->digest_size]; @@ -894,9 +868,35 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 doveco for(i = 0; i < hash->digest_size; i++) block[i] ^= U_c[i]; } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c 2025-07-30 11:45:19.803460807 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c 2025-11-30 10:00:28.967795725 +0100 +@@ -53,7 +53,7 @@ verify_credentials(struct sasl_server_me + container_of(auth_request, struct cram_auth_request, + auth_request); + unsigned char digest[MD5_RESULTLEN]; +- struct hmac_context ctx; ++ struct orig_hmac_context ctx; + const char *response_hex; + + if (size != CRAM_MD5_CONTEXTLEN) { +@@ -62,10 +62,10 @@ verify_credentials(struct sasl_server_me + return; + } + +- hmac_init(&ctx, NULL, 0, &hash_method_md5); ++ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5); + hmac_md5_set_cram_context(&ctx, credentials); +- hmac_update(&ctx, request->challenge, strlen(request->challenge)); +- hmac_final(&ctx, digest); ++ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge)); ++ orig_hmac_final(&ctx, digest); + + response_hex = binary_to_hex(digest, sizeof(digest)); + +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c 2025-11-30 09:57:55.181656401 +0100 @@ -206,11 +206,11 @@ static void test_hmac_rfc(void) test_begin("hmac sha256 rfc4231 vectors"); for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) { @@ -972,10 +972,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 do vec->ikm_len, vec->info, vec->info_len, vec->okm_len); test_assert(tmp->used == vec->okm_len && -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am 2025-07-30 11:45:19.803606280 +0200 -@@ -30,13 +30,13 @@ test_libs = \ +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am 2025-11-30 09:58:11.669117030 +0100 +@@ -34,13 +34,13 @@ test_libs = \ $(DLLIB) test_var_expand_crypt_SOURCES = test-var-expand-crypt.c @@ -986,14 +986,14 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.a test_var_expand_crypt_LDFLAGS = -export-dynamic -Wl,$(LD_WHOLE_ARCHIVE),../lib/.libs/liblib.a,../lib-json/.libs/libjson.a,../lib-ssl-iostream/.libs/libssl_iostream.a,$(LD_NO_WHOLE_ARCHIVE) endif --test_var_expand_crypt_CFLAGS = $(AM_CPPFLAGS) \ -+test_var_expand_crypt_CFLAGS = $(AM_CPPFLAGS) $(SSL_CFLAGS) \ +-test_var_expand_crypt_CFLAGS = $(AM_CFLAGS) \ ++test_var_expand_crypt_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) \ -DDCRYPT_BUILD_DIR=\"$(top_builddir)/src/lib-dcrypt\" check-local: -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am 2025-07-30 11:45:19.804003916 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am 2025-11-30 09:57:55.182137562 +0100 @@ -29,6 +29,7 @@ submission_LDADD = \ $(urlauth_libs) \ $(LIBDOVECOT_STORAGE) \ @@ -1002,3 +1002,24 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslh $(MODULE_LIBS) submission_DEPENDENCIES = \ $(urlauth_libs) \ +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c.fixbuild2 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c.fixbuild2 2025-11-30 13:11:06.583413762 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c 2025-11-30 13:22:04.883307427 +0100 +@@ -81,13 +81,13 @@ mech_cram_md5_output(struct dsasl_client + return DSASL_CLIENT_RESULT_OK; + } + +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + unsigned char digest[MD5_RESULTLEN]; + +- hmac_init(&ctx, (const unsigned char *)client->password, ++ openssl_hmac_init(&ctx, (const unsigned char *)client->password, + strlen(client->password), &hash_method_md5); +- hmac_update(&ctx, cclient->challenge, strlen(cclient->challenge)); +- hmac_final(&ctx, digest); ++ openssl_hmac_update(&ctx, cclient->challenge, strlen(cclient->challenge)); ++ openssl_hmac_final(&ctx, digest); + + str = str_new(client->pool, 256); + str_append(str, client->set.authid); diff --git a/dovecot-2.4.2-fixbuild.patch b/dovecot-2.4.2-fixbuild.patch new file mode 100644 index 0000000..ad5530b --- /dev/null +++ b/dovecot-2.4.2-fixbuild.patch @@ -0,0 +1,135 @@ +diff -up dovecot-2.4.2/src/lib/istream.c.fixbuild dovecot-2.4.2/src/lib/istream.c +--- dovecot-2.4.2/src/lib/istream.c.fixbuild 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2/src/lib/istream.c 2025-11-30 11:40:37.739536137 +0100 +@@ -85,7 +85,7 @@ void i_stream_add_destroy_callback(struc + } + + void i_stream_remove_destroy_callback(struct istream *stream, +- void (*callback)()) ++ istream_callback_t *callback) + { + io_stream_remove_destroy_callback(&stream->real_stream->iostream, + callback); +diff -up dovecot-2.4.2/src/lib/istream.h.fixbuild dovecot-2.4.2/src/lib/istream.h +--- dovecot-2.4.2/src/lib/istream.h.fixbuild 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2/src/lib/istream.h 2025-11-30 11:40:37.739798710 +0100 +@@ -100,7 +100,7 @@ void i_stream_add_destroy_callback(struc + (istream_callback_t *)callback, context) + /* Remove the destroy callback. */ + void i_stream_remove_destroy_callback(struct istream *stream, +- void (*callback)()); ++ istream_callback_t *callback); + + /* Return file descriptor for stream, or -1 if none is available. */ + int i_stream_get_fd(struct istream *stream); +diff -up dovecot-2.4.2/src/lib/ostream.c.fixbuild dovecot-2.4.2/src/lib/ostream.c +--- dovecot-2.4.2/src/lib/ostream.c.fixbuild 2025-11-30 11:42:21.434063550 +0100 ++++ dovecot-2.4.2/src/lib/ostream.c 2025-11-30 11:42:55.814100259 +0100 +@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc + } + + void o_stream_remove_destroy_callback(struct ostream *stream, +- void (*callback)()) ++ ostream_callback_t *callback) + { + io_stream_remove_destroy_callback(&stream->real_stream->iostream, + callback); +diff -up dovecot-2.4.2/src/lib/ostream.h.fixbuild dovecot-2.4.2/src/lib/ostream.h +--- dovecot-2.4.2/src/lib/ostream.h.fixbuild 2025-11-30 11:42:29.639009602 +0100 ++++ dovecot-2.4.2/src/lib/ostream.h 2025-11-30 11:43:20.101652841 +0100 +@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc + (ostream_callback_t *)callback, context) + /* Remove the destroy callback. */ + void o_stream_remove_destroy_callback(struct ostream *stream, +- void (*callback)()); ++ ostream_callback_t *callback); + + /* Mark the stream and all of its parent streams closed. Nothing will be + sent after this call. When using ostreams that require writing a trailer, +diff -up dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild dovecot-2.4.2/src/lib-json/json-istream.c +--- dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2/src/lib-json/json-istream.c 2025-11-30 12:52:15.970430672 +0100 +@@ -706,7 +706,7 @@ static void json_istream_drop_value_stre + if (stream->seekable_stream != NULL) { + i_stream_remove_destroy_callback( + stream->seekable_stream, +- json_istream_drop_seekable_stream); ++ (istream_callback_t *)json_istream_drop_seekable_stream); + i_stream_unref(&stream->seekable_stream); + } + } +@@ -720,12 +720,12 @@ static void json_istream_consumed_value_ + if (stream->seekable_stream != NULL) { + i_stream_remove_destroy_callback( + stream->seekable_stream, +- json_istream_drop_seekable_stream); ++ (istream_callback_t *)json_istream_drop_seekable_stream); + } + if (stream->value_stream != NULL) { + i_stream_remove_destroy_callback( + stream->value_stream, +- json_istream_drop_value_stream); ++ (istream_callback_t *)json_istream_drop_value_stream); + } + stream->value_stream = NULL; + stream->seekable_stream = NULL; + i_stream_remove_destroy_callback(conn->incoming_payload, +- http_client_payload_destroyed); ++ (istream_callback_t *)http_client_payload_destroyed); + conn->incoming_payload = NULL; + } + +diff -up dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-server-connection.c +--- dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild 2025-11-30 13:02:24.337384848 +0100 ++++ dovecot-2.4.2/src/lib-http/http-server-connection.c 2025-11-30 13:03:14.477064608 +0100 +@@ -1066,7 +1066,7 @@ http_server_connection_disconnect(struct + if (conn->incoming_payload != NULL) { + /* The stream is still accessed by lib-http caller. */ + i_stream_remove_destroy_callback(conn->incoming_payload, +- http_server_payload_destroyed); ++ (istream_callback_t *)http_server_payload_destroyed); + conn->incoming_payload = NULL; + } + if (conn->payload_handler != NULL) +diff -up dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-client-connection.c +--- dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild 2025-11-30 12:57:42.670247695 +0100 ++++ dovecot-2.4.2/src/lib-http/http-client-connection.c 2025-11-30 13:00:54.862436490 +0100 +@@ -832,7 +832,7 @@ void http_client_connection_request_dest + is closed and we don't care about it anymore, so act as though it is + destroyed. */ + i_stream_remove_destroy_callback(payload, +- http_client_payload_destroyed); ++ (istream_callback_t *)http_client_payload_destroyed); + http_client_payload_destroyed(req); + } + +@@ -888,7 +888,7 @@ http_client_connection_return_response(s + if (response->payload != NULL) { + i_stream_remove_destroy_callback( + conn->incoming_payload, +- http_client_payload_destroyed); ++ (istream_callback_t *)http_client_payload_destroyed); + i_stream_unref(&conn->incoming_payload); + connection_input_resume(&conn->conn); + } +@@ -1731,7 +1731,7 @@ http_client_connection_disconnect(struct + if (conn->incoming_payload != NULL) { + /* The stream is still accessed by lib-http caller. */ + i_stream_remove_destroy_callback(conn->incoming_payload, +- http_client_payload_destroyed); ++ (istream_callback_t *)http_client_payload_destroyed); + conn->incoming_payload = NULL; + } + +diff -up dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 dovecot-2.4.2/src/lib-storage/index/index-mail.c +--- dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 2025-11-30 13:48:46.658539149 +0100 ++++ dovecot-2.4.2/src/lib-storage/index/index-mail.c 2025-11-30 13:49:47.178158024 +0100 +@@ -1840,7 +1840,7 @@ static void index_mail_close_streams_ful + allowed to have references until the mail is closed + (but we can't really check that) */ + i_stream_remove_destroy_callback(data->stream, +- index_mail_stream_destroy_callback); ++ (istream_callback_t *)index_mail_stream_destroy_callback); + } + i_stream_unref(&data->stream); + /* there must be no references to the mail when the diff --git a/dovecot.spec b/dovecot.spec index 9937b17..11efa4b 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,9 +4,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.4.1 -%global prever -4 -Release: 8%{?dist} +Version: 2.4.2 +%global prever %{nil} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -47,10 +47,7 @@ Patch18: dovecot-2.3.15-valbasherr.patch # Fedora/RHEL specific, drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes Patch23: dovecot-2.4.1-nolibotp.patch -Patch24: dovecot-2.4.1-gssapi.patch -#from upstream, for <= 2.4.1, rhbz#2402122 -#https://github.com/dovecot/core/compare/a70ce7d3e2f983979e971414c5892c4e30197231%5E...34caed79b76a7b82a2a9c94cf35371bec6c2b826.patch -Patch25: dovecot-2.4.1-cve-2025-30189.patch +Patch24: dovecot-2.4.2-fixbuild.patch BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig @@ -156,8 +153,7 @@ mv dovecot-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 17 -p2 -b .fixvalcond %patch -P 18 -p1 -b .valbasherr %patch -P 23 -p2 -b .nolibotp -%patch -P 24 -p1 -b .gssapi -%patch -P 25 -p1 -b .cve-2025-30189 +%patch -P 24 -p1 -b .fixbuild cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude @@ -168,6 +164,8 @@ echo >src/auth/mech-otp-common.c echo >src/auth/mech-otp-common.h echo >src/auth/mech-otp.c echo >src/lib-auth/password-scheme-otp.c +echo >src/lib-sasl/sasl-server-mech-otp.c +echo >src/lib-sasl/dsasl-client-mech-otp.c pushd src/lib-otp for f in *.c *.h do @@ -360,7 +358,8 @@ fi # some aarch64 tests timeout, skip for now make check cd dovecot-pigeonhole -make check +# FIXME: make check will fail as it requires doveconf to be already installed at /usr/bin/doveconf +make check ||: %endif %files @@ -404,6 +403,7 @@ make check %{_libdir}/dovecot/auth/libauthdb_lua.so %endif %{_libdir}/dovecot/auth/libmech_gssapi.so +%{_libdir}/dovecot/auth/libmech_gss_spnego.so %{_libdir}/dovecot/auth/libdriver_sqlite.so %{_libdir}/dovecot/dict/libdriver_sqlite.so %{_libdir}/dovecot/dict/libdict_ldap.so @@ -479,6 +479,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Sun Nov 30 2025 Michal Hlavinka - 1:2.4.2-1 +- updated to 2.4.2 (#2411846) + * Wed Nov 05 2025 Michal Hlavinka - 1:2.4.1-8 - update patch for CVE-2025-30189 diff --git a/sources b/sources index 490e720..54fc50d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.4.1-4.tar.gz) = 4915e9282898a4bce4dc3c9781f9aa849e8a2d5bb89dffc2222b417560eaa0135d66342ef342098a86dd5e9b4e76d41145381b7264144411cf45a6f88ca36698 -SHA512 (dovecot-pigeonhole-2.4.1-4.tar.gz) = 47b9cc62b13d710123389c47d13c104e70b815d683dc6b957e86b57b2f175101d07f462d0fdb0488d6dcdcfbbc137c926825ba9a0d798551576aa7f3c9082100 +SHA512 (dovecot-2.4.2.tar.gz) = 0524695341abe711d3a811c56156889d6fef7a09becc684c6f1dc1e5add605969ca8794eb7d44bfbc49f70515f22e8640b5828443addecfe4798fb8b174670ae +SHA512 (dovecot-pigeonhole-2.4.2.tar.gz) = 82c46c7ac2792aa5c211c8b66309f9f21c05ecd2fa8ab3abf98fb4e05831fd37aaa3edffcfbe1b3defbb9ac8ef9df1c33ece83cf7524e8b226c4deab8c250134