From 2d992c6f39ee058c55905a7ae3989bda08c490c1 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 25 Aug 2017 09:50:33 +0200 Subject: [PATCH 001/146] dovecot updated to 2.2.32 Modseq tracking didn't always work correctly. This could have caused imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to not work perfectly. mdbox: "Inconsistency in map index" wasn't fixed automatically dict-ldap: %variable values used in the LDAP filter weren't escaped. quota=count: quota_warning = -storage=.. was never executed (try #2). imapc: >= 32 kB mail bodies were supposed to be cached for subsequent FETCHes, but weren't. quota-status service didn't support recipient_delimiter acl: Don't access dovecot-acl-list files with acl_globals_only=yes mail_location: If INDEX dir is set, mailbox deletion deletes its childrens' indexes. director: v2.2.31 caused rapid reconnection loops to directors that were down. --- .gitignore | 1 + dovecot-2.2.31-notifyrevert.patch | 28 ---------------------------- dovecot.spec | 23 +++++++++++++++++++---- sources | 2 +- 4 files changed, 21 insertions(+), 33 deletions(-) delete mode 100644 dovecot-2.2.31-notifyrevert.patch diff --git a/.gitignore b/.gitignore index e659068..c9f1ee9 100644 --- a/.gitignore +++ b/.gitignore @@ -115,3 +115,4 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.30.2.tar.gz /dovecot-2.2.31.tar.gz /dovecot-2.2-pigeonhole-0.4.19.tar.gz +/dovecot-2.2.32.tar.gz diff --git a/dovecot-2.2.31-notifyrevert.patch b/dovecot-2.2.31-notifyrevert.patch deleted file mode 100644 index a0fa251..0000000 --- a/dovecot-2.2.31-notifyrevert.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 64d2efdc4b0bdf92249840e9db89b91c8dc0f3a3 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Sat, 17 Jun 2017 14:38:22 +0300 -Subject: [PATCH] imap: Fix NOTIFY to parse more than just the first - event-group - ---- - src/imap/cmd-notify.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/imap/cmd-notify.c b/src/imap/cmd-notify.c -index 4c6aad975..94cf103b8 100644 ---- a/src/imap/cmd-notify.c -+++ b/src/imap/cmd-notify.c -@@ -292,10 +292,10 @@ cmd_notify_set(struct imap_notify_context *ctx, const struct imap_arg *args) - ctx->send_immediate_status = TRUE; - args++; - } -+ for (; args->type != IMAP_ARG_EOL; args++) { -+ if (!imap_arg_get_list(args, &event_group)) -+ return -1; - -- if (!imap_arg_get_list(args, &event_group)) -- return -1; -- for (; event_group->type != IMAP_ARG_EOL; event_group++) { - /* filter-mailboxes */ - if (!imap_arg_get_atom(event_group, &filter_mailboxes)) - return -1; diff --git a/dovecot.spec b/dovecot.spec index 51cc853..dd85a9d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.31 +Version: 2.2.32 %global prever %{nil} -Release: 5%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -33,7 +33,6 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch -Patch10: dovecot-2.2.31-notifyrevert.patch Source15: prestartscript @@ -131,7 +130,6 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem -%patch10 -p1 -b .notifyrevert #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd @@ -492,6 +490,23 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Fri Aug 25 2017 Michal Hlavinka - 1:2.2.32-1 +- dovecot updated to 2.2.32 +- Modseq tracking didn't always work correctly. This could have caused + imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to + not work perfectly. +- mdbox: "Inconsistency in map index" wasn't fixed automatically +- dict-ldap: %variable values used in the LDAP filter weren't escaped. +- quota=count: quota_warning = -storage=.. was never executed (try #2). +- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent + FETCHes, but weren't. +- quota-status service didn't support recipient_delimiter +- acl: Don't access dovecot-acl-list files with acl_globals_only=yes +- mail_location: If INDEX dir is set, mailbox deletion deletes its + childrens' indexes. +- director: v2.2.31 caused rapid reconnection loops to directors + that were down. + * Wed Aug 02 2017 Fedora Release Engineering - 1:2.2.31-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild diff --git a/sources b/sources index ebcda8b..714e103 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.31.tar.gz) = 071797e260a75de9117b03c0fa9d903de82b1f1c039c2aece2d7313587e6673c49174bfce17b80fe3f3725fcbc42ed3a1bd1f1c22efef5bc016752277eff3266 +SHA512 (dovecot-2.2.32.tar.gz) = a26ce763fdea7d72ff9801d3b7d57a1f0d00278e4a1aa60d1be070fe5a6d2c6a15f266a519119492bee7a3e7a6b7d0732e9879e5c5841adbab8c0952cd1b7c7c SHA512 (dovecot-2.2-pigeonhole-0.4.19.tar.gz) = c1211a3c65b25995770309c427ec5cd888ddb962f2f64884640163b492a11ffa8937aac1eb66d25e48f0e00131da1cc98c1cb307781576780de47b8816333ff1 From e0034abe1a1ed95351bf708ddaa2e20ea3e61e37 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 28 Aug 2017 14:26:57 +0200 Subject: [PATCH 002/146] pigeonhole updated to 0.4.20 Made the retention period for redirect duplicate identifiers configurable. Changed the default retention period from 24 to 12 hours. sieve-filter: Fixed memory leak: forgot to clean up script binary at end of execution managesieve-login: Fixed handling of AUTHENTICATE command. A second authenticate command would be parsed wrong. --- .gitignore | 1 + dovecot.spec | 13 +++++++++++-- sources | 2 +- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c9f1ee9..fcc1ff0 100644 --- a/.gitignore +++ b/.gitignore @@ -116,3 +116,4 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.31.tar.gz /dovecot-2.2-pigeonhole-0.4.19.tar.gz /dovecot-2.2.32.tar.gz +/dovecot-2.2-pigeonhole-0.4.20.tar.gz diff --git a/dovecot.spec b/dovecot.spec index dd85a9d..a0e0e31 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.32 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.19 +%global pigeonholever 0.4.20 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -490,6 +490,15 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Aug 28 2017 Michal Hlavinka - 1:2.2.32-2 +- pigeonhole updated to 0.4.20 +- Made the retention period for redirect duplicate identifiers + configurable. Changed the default retention period from 24 to 12 hours. +- sieve-filter: Fixed memory leak: forgot to clean up script binary at + end of execution +- managesieve-login: Fixed handling of AUTHENTICATE command. A second + authenticate command would be parsed wrong. + * Fri Aug 25 2017 Michal Hlavinka - 1:2.2.32-1 - dovecot updated to 2.2.32 - Modseq tracking didn't always work correctly. This could have caused diff --git a/sources b/sources index 714e103..3825a8c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (dovecot-2.2.32.tar.gz) = a26ce763fdea7d72ff9801d3b7d57a1f0d00278e4a1aa60d1be070fe5a6d2c6a15f266a519119492bee7a3e7a6b7d0732e9879e5c5841adbab8c0952cd1b7c7c -SHA512 (dovecot-2.2-pigeonhole-0.4.19.tar.gz) = c1211a3c65b25995770309c427ec5cd888ddb962f2f64884640163b492a11ffa8937aac1eb66d25e48f0e00131da1cc98c1cb307781576780de47b8816333ff1 +SHA512 (dovecot-2.2-pigeonhole-0.4.20.tar.gz) = 84a28842be206e05cb96c07cf1c1b62c9c378ba4c952caa47cf79a44b9428e076f4182eadd9c4fb8f45d3605b881f91e8e520c41705017ac4039240d4bcace39 From 184d8e3feb5288073ce89a316f56f49b154d9291 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 18 Oct 2017 14:41:24 +0200 Subject: [PATCH 003/146] dovecot updated to 2.2.33.1, pigeonhole updated to Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals sdbox: Mails were always opened when expunging, unless mail_attachment_fs was explicitly set to empty. lmtp/doveadm proxy: hostip passdb field was ignored, which caused unnecessary DNS lookups if host field wasn't an IP lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO quota_clone: Update also when quota is unlimited (broken in v2.2.31) mbox, zlib: Fix assert-crash when accessing compressed mbox doveadm director kick -f parameter didn't work doveadm director flush resulted flushing all hosts, if wasn't an IP address. director: Various fixes to handling backend/director changes at abnormal times, especially while ring was unsynced. director: Use less CPU in imap-login processes when moving/kicking many users. lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs when lmtp_rcpt_check_quota=yes LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A missing LDAP-based script could cause the script sequence to exit earlier. sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name conversion. This caused problems with mailbox names containing UTF-8 characters. --- .gitignore | 2 ++ dovecot.spec | 31 ++++++++++++++++++++++++++++--- sources | 4 ++-- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index fcc1ff0..dc37e27 100644 --- a/.gitignore +++ b/.gitignore @@ -117,3 +117,5 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2-pigeonhole-0.4.19.tar.gz /dovecot-2.2.32.tar.gz /dovecot-2.2-pigeonhole-0.4.20.tar.gz +/dovecot-2.2.33.1.tar.gz +/dovecot-2.2-pigeonhole-0.4.21.tar.gz diff --git a/dovecot.spec b/dovecot.spec index a0e0e31..90a60f1 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.32 +Version: 2.2.33.1 %global prever %{nil} -Release: 2%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.20 +%global pigeonholever 0.4.21 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -490,6 +490,31 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Oct 18 2017 Michal Hlavinka - 1:2.2.33.1-1 +- dovecot updated to 2.2.33.1, pigeonhole updated to +- Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals +- sdbox: Mails were always opened when expunging, unless + mail_attachment_fs was explicitly set to empty. +- lmtp/doveadm proxy: hostip passdb field was ignored, which caused + unnecessary DNS lookups if host field wasn't an IP +- lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO +- quota_clone: Update also when quota is unlimited (broken in v2.2.31) +- mbox, zlib: Fix assert-crash when accessing compressed mbox +- doveadm director kick -f parameter didn't work +- doveadm director flush resulted flushing all hosts, if + wasn't an IP address. +- director: Various fixes to handling backend/director changes at + abnormal times, especially while ring was unsynced. +- director: Use less CPU in imap-login processes when moving/kicking + many users. +- lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs + when lmtp_rcpt_check_quota=yes +- LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A + missing LDAP-based script could cause the script sequence to exit earlier. +- sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name + conversion. This caused problems with mailbox names containing UTF-8 + characters. + * Mon Aug 28 2017 Michal Hlavinka - 1:2.2.32-2 - pigeonhole updated to 0.4.20 - Made the retention period for redirect duplicate identifiers diff --git a/sources b/sources index 3825a8c..f18be0c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.32.tar.gz) = a26ce763fdea7d72ff9801d3b7d57a1f0d00278e4a1aa60d1be070fe5a6d2c6a15f266a519119492bee7a3e7a6b7d0732e9879e5c5841adbab8c0952cd1b7c7c -SHA512 (dovecot-2.2-pigeonhole-0.4.20.tar.gz) = 84a28842be206e05cb96c07cf1c1b62c9c378ba4c952caa47cf79a44b9428e076f4182eadd9c4fb8f45d3605b881f91e8e520c41705017ac4039240d4bcace39 +SHA512 (dovecot-2.2.33.1.tar.gz) = 46760a1d52f8d64c36bd4f589f7f240a13d66500c93e47ce479551647e8e4ef7322fc0c325c418c3e0495910292abae105ca5680cd4b0fcd78746723f1549b71 +SHA512 (dovecot-2.2-pigeonhole-0.4.21.tar.gz) = 4751f449ede1b05173c706b414ebf9f7f670ff78589ce6f0b687c32c9abe6dae8b3064ed1b20e893d9ec0147b0139ce479e1d74ebe94747c33f2d8ca177912de From a061dc525c1220b6a340e23c62852e9d47429a11 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 24 Oct 2017 10:51:09 +0200 Subject: [PATCH 004/146] dovecot updated to 2.2.33.2 doveadm: Fix crash in proxying (or dsync replication) if remote is running older than v2.2.33 auth: Fix memory leak in %{ldap_dn} dict-sql: Fix data types to work correctly with Cassandra --- .gitignore | 1 + dovecot.spec | 9 ++++++++- sources | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index dc37e27..2472335 100644 --- a/.gitignore +++ b/.gitignore @@ -119,3 +119,4 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2-pigeonhole-0.4.20.tar.gz /dovecot-2.2.33.1.tar.gz /dovecot-2.2-pigeonhole-0.4.21.tar.gz +/dovecot-2.2.33.2.tar.gz diff --git a/dovecot.spec b/dovecot.spec index 90a60f1..6f11de1 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.33.1 +Version: 2.2.33.2 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -490,6 +490,13 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Oct 24 2017 Michal Hlavinka - 1:2.2.33.2-1 +- dovecot updated to 2.2.33.2 +- doveadm: Fix crash in proxying (or dsync replication) if remote is + running older than v2.2.33 +- auth: Fix memory leak in %%{ldap_dn} +- dict-sql: Fix data types to work correctly with Cassandra + * Wed Oct 18 2017 Michal Hlavinka - 1:2.2.33.1-1 - dovecot updated to 2.2.33.1, pigeonhole updated to - Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals diff --git a/sources b/sources index f18be0c..7e35512 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.33.1.tar.gz) = 46760a1d52f8d64c36bd4f589f7f240a13d66500c93e47ce479551647e8e4ef7322fc0c325c418c3e0495910292abae105ca5680cd4b0fcd78746723f1549b71 +SHA512 (dovecot-2.2.33.2.tar.gz) = 028910a4d02b1630f1ada4d1c45fcc3ea2057969db7078a78d46e2a578b4dceaf8be0ac8de4a613b4890019e721871f2d366ec651db658da4cc72977d3e09931 SHA512 (dovecot-2.2-pigeonhole-0.4.21.tar.gz) = 4751f449ede1b05173c706b414ebf9f7f670ff78589ce6f0b687c32c9abe6dae8b3064ed1b20e893d9ec0147b0139ce479e1d74ebe94747c33f2d8ca177912de From 70e36f28d3cdb4b6ca91acb82236b7eafb9445f7 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 8 Jan 2018 13:40:19 +0100 Subject: [PATCH 005/146] remove tcp_wrappers on Fedora 28 and later (#1518761) use use mariadb-connector-c-devel instead of mysql-devel on Fedora 28 and later (#1493624) --- dovecot.spec | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 6f11de1..93fd84c 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.33.2 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -40,12 +40,16 @@ BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel BuildRequires: postgresql-devel +%if %{?fedora}0 < 280 BuildRequires: mysql-devel +BuildRequires: tcp_wrappers-devel +%else +BuildRequires: mariadb-connector-c-devel +%endif BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: quota-devel BuildRequires: xz-devel -BuildRequires: tcp_wrappers-devel # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -161,7 +165,9 @@ autoreconf -I . -fiv #required for aarch64 support --with-sqlite \ --with-zlib \ --with-libcap \ +%if %{?fedora}0 < 280 --with-libwrap \ +%endif %if %{?fedora}0 > 150 || %{?rhel}0 >60 --with-lucene \ %endif @@ -490,6 +496,10 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jan 08 2018 Michal Hlavinka - 1:2.2.33.2-2 +- remove tcp_wrappers on Fedora 28 and later (#1518761) +- use use mariadb-connector-c-devel instead of mysql-devel on Fedora 28 and later (#1493624) + * Tue Oct 24 2017 Michal Hlavinka - 1:2.2.33.2-1 - dovecot updated to 2.2.33.2 - doveadm: Fix crash in proxying (or dsync replication) if remote is From 2cb29a2a448cced57a78eb47d1262d8c4a7db685 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 20 Jan 2018 23:06:40 +0100 Subject: [PATCH 006/146] Rebuilt for switch to libxcrypt --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 93fd84c..57a2226 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.33.2 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -496,6 +496,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Sat Jan 20 2018 Björn Esser - 1:2.2.33.2-3 +- Rebuilt for switch to libxcrypt + * Mon Jan 08 2018 Michal Hlavinka - 1:2.2.33.2-2 - remove tcp_wrappers on Fedora 28 and later (#1518761) - use use mariadb-connector-c-devel instead of mysql-devel on Fedora 28 and later (#1493624) From 971df4330277542bc8528e5ec255d6ef943f9e27 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 7 Feb 2018 07:14:22 +0000 Subject: [PATCH 007/146] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 57a2226..345dc45 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.33.2 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -496,6 +496,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Feb 07 2018 Fedora Release Engineering - 1:2.2.33.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Sat Jan 20 2018 Björn Esser - 1:2.2.33.2-3 - Rebuilt for switch to libxcrypt From 203deaf4c3547178a7ae11c816377953a771cd39 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Fri, 9 Feb 2018 09:04:23 +0100 Subject: [PATCH 008/146] Escape macros in %changelog Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/ Signed-off-by: Igor Gnatenko --- dovecot.spec | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 345dc45..d822dc3 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.33.2 %global prever %{nil} -Release: 4%{?dist} +Release: 5%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -496,6 +496,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Fri Feb 09 2018 Igor Gnatenko - 1:2.2.33.2-5 +- Escape macros in %%changelog + * Wed Feb 07 2018 Fedora Release Engineering - 1:2.2.33.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild @@ -515,7 +518,7 @@ make check * Wed Oct 18 2017 Michal Hlavinka - 1:2.2.33.1-1 - dovecot updated to 2.2.33.1, pigeonhole updated to -- Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals +- Added %%{if}, see https://wiki2.dovecot.org/Variables#Conditionals - sdbox: Mails were always opened when expunging, unless mail_attachment_fs was explicitly set to empty. - lmtp/doveadm proxy: hostip passdb field was ignored, which caused @@ -553,7 +556,7 @@ make check imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to not work perfectly. - mdbox: "Inconsistency in map index" wasn't fixed automatically -- dict-ldap: %variable values used in the LDAP filter weren't escaped. +- dict-ldap: %%variable values used in the LDAP filter weren't escaped. - quota=count: quota_warning = -storage=.. was never executed (try #2). - imapc: >= 32 kB mail bodies were supposed to be cached for subsequent FETCHes, but weren't. @@ -646,7 +649,7 @@ make check - dsync: Large Sieve scripts (or other large metadata) weren't always synced. - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent -- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix +- imap-hibernate: %%{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing autocreated mailboxes. @@ -668,7 +671,7 @@ make check for multiple requests (service_count != 1) - sdbox: Fix assert-crash on mailbox create race - lda/lmtp: deliver_log_format values weren't entirely correct if Sieve - was used. especially %{storage_id} was broken. + was used. especially %%{storage_id} was broken. - imapsieve plugin: Fixed assert failure occurring when used with virtual mailboxes. - doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's @@ -713,10 +716,10 @@ make check This might have allowed untrusted processes to capture and prevent "doveadm service stop" comands from working. - login proxy: Fixed crash when outgoing SSL connections were hanging. -- auth: userdb fields weren't passed to auth-workers, so %{userdb:*} +- auth: userdb fields weren't passed to auth-workers, so %%{userdb:*} from previous userdbs didn't work there. - auth: Fixed auth_bind=yes + sasl_bind=yes to work together -- lmtp: %{userdb:*} variables didn't work in mail_log_prefix +- lmtp: %%{userdb:*} variables didn't work in mail_log_prefix - Fixed writing >2GB to iostream-temp files (used by fs-compress, fs-metawrap, doveadm-http) - fts-solr: Fixed searching multiple mailboxes @@ -769,7 +772,7 @@ make check * Wed Mar 16 2016 Michal Hlavinka - 1:2.2.22-1 - dovecot updated to 2.2.22 -- auth: Auth caching was done too aggressively when %variables were +- auth: Auth caching was done too aggressively when %%variables were used in default_fields, override_fields or LDAP pass/user_attrs. userdb result_* were also ignored when user was found from cache. - imap: Fixed various assert-crashes caused v2.2.20+. Some of them @@ -830,7 +833,7 @@ make check allocation in the sieve command implementations. * Tue Dec 08 2015 Michal Hlavinka - 1:2.2.20-2 -- move ssl initialization from %post to dovecot-init.service +- move ssl initialization from %%post to dovecot-init.service * Tue Dec 08 2015 Michal Hlavinka - 1:2.2.20-1 - dovecot updated to 2.2.20 @@ -1339,7 +1342,7 @@ make check - updated to 2.1.rc1 - major changes since 2.0.x: - plugins now use UTF-8 mailbox names rather than mUTF-7 -- auth_username_format default changed to %Lu +- auth_username_format default changed to %%Lu - solr full text search backend changed to use mailbox GUIDs instead of mailbox names, requiring reindexing everything From 88a20bf4a4274dfe249e6f9dc8fbbb5ade016008 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 1 Mar 2018 14:04:22 +0100 Subject: [PATCH 009/146] dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1 --- .gitignore | 2 ++ dovecot-2.0-defaultconfig.patch | 28 ++++++++++---------- dovecot-2.1.10-waitonline.patch | 12 ++++----- dovecot-2.2.13-online.patch | 12 --------- dovecot-2.2.20-initbysystemd.patch | 24 ++++++++--------- dovecot-2.2.22-systemd_w_protectsystem.patch | 19 ++++++------- dovecot.spec | 26 +++++++++--------- sources | 4 +-- 8 files changed, 56 insertions(+), 71 deletions(-) delete mode 100644 dovecot-2.2.13-online.patch diff --git a/.gitignore b/.gitignore index 2472335..84688a6 100644 --- a/.gitignore +++ b/.gitignore @@ -120,3 +120,5 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.33.1.tar.gz /dovecot-2.2-pigeonhole-0.4.21.tar.gz /dovecot-2.2.33.2.tar.gz +/dovecot-2.3.0.1.tar.gz +/dovecot-2.3-pigeonhole-0.5.0.1.tar.gz diff --git a/dovecot-2.0-defaultconfig.patch b/dovecot-2.0-defaultconfig.patch index 1f537f7..3f7173f 100644 --- a/dovecot-2.0-defaultconfig.patch +++ b/dovecot-2.0-defaultconfig.patch @@ -1,7 +1,7 @@ -diff -up dovecot-2.2.18/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.2.18/doc/example-config/conf.d/10-mail.conf ---- dovecot-2.2.18/doc/example-config/conf.d/10-mail.conf.default-settings 2014-06-02 13:50:10.000000000 +0200 -+++ dovecot-2.2.18/doc/example-config/conf.d/10-mail.conf 2015-08-24 17:09:03.866648631 +0200 -@@ -283,6 +283,7 @@ namespace inbox { +diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf +--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings 2018-02-28 15:28:57.000000000 +0100 ++++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf 2018-03-01 10:29:38.208368555 +0100 +@@ -322,6 +322,7 @@ protocol !indexer-worker { # them simultaneously. #mbox_read_locks = fcntl #mbox_write_locks = dotlock fcntl @@ -9,9 +9,9 @@ diff -up dovecot-2.2.18/doc/example-config/conf.d/10-mail.conf.default-settings # Maximum time to wait for lock (all of them) before aborting. #mbox_lock_timeout = 5 mins -diff -up dovecot-2.2.18/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.2.18/doc/example-config/conf.d/10-ssl.conf ---- dovecot-2.2.18/doc/example-config/conf.d/10-ssl.conf.default-settings 2014-10-03 16:36:00.000000000 +0200 -+++ dovecot-2.2.18/doc/example-config/conf.d/10-ssl.conf 2015-08-24 17:10:49.536071649 +0200 +diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf +--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings 2018-02-28 15:28:57.000000000 +0100 ++++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf 2018-03-01 10:33:54.779499044 +0100 @@ -3,7 +3,9 @@ ## @@ -23,11 +23,11 @@ diff -up dovecot-2.2.18/doc/example-config/conf.d/10-ssl.conf.default-settings d # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but -@@ -50,6 +52,7 @@ ssl_key = /dev/null 2>&1; \ +fi' + -diff -up dovecot-2.2.22/dovecot.service.in.initbysystemd dovecot-2.2.22/dovecot.service.in ---- dovecot-2.2.22/dovecot.service.in.initbysystemd 2016-03-16 13:48:25.996297203 +0100 -+++ dovecot-2.2.22/dovecot.service.in 2016-03-16 13:49:17.619039641 +0100 -@@ -20,7 +20,8 @@ +diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in +--- dovecot-2.3.0.1/dovecot.service.in.initbysystemd 2018-03-01 10:38:22.060716016 +0100 ++++ dovecot-2.3.0.1/dovecot.service.in 2018-03-01 10:40:45.524901319 +0100 +@@ -8,7 +8,8 @@ Description=Dovecot IMAP/POP3 email server Documentation=man:dovecot(1) Documentation=http://wiki2.dovecot.org/ @@ -32,11 +32,11 @@ diff -up dovecot-2.2.22/dovecot.service.in.initbysystemd dovecot-2.2.22/dovecot. +Requires=dovecot-init.service [Service] - Type=forking -diff -up dovecot-2.2.22/Makefile.am.initbysystemd dovecot-2.2.22/Makefile.am ---- dovecot-2.2.22/Makefile.am.initbysystemd 2016-03-04 12:04:33.000000000 +0100 -+++ dovecot-2.2.22/Makefile.am 2016-03-16 13:48:25.996297203 +0100 -@@ -51,9 +51,10 @@ if HAVE_SYSTEMD + Type=simple +diff -up dovecot-2.3.0.1/Makefile.am.initbysystemd dovecot-2.3.0.1/Makefile.am +--- dovecot-2.3.0.1/Makefile.am.initbysystemd 2018-02-28 15:28:57.000000000 +0100 ++++ dovecot-2.3.0.1/Makefile.am 2018-03-01 10:38:22.060716016 +0100 +@@ -63,9 +63,10 @@ if HAVE_SYSTEMD systemdsystemunit_DATA = \ dovecot.socket \ diff --git a/dovecot-2.2.22-systemd_w_protectsystem.patch b/dovecot-2.2.22-systemd_w_protectsystem.patch index 6fcddac..0ffb043 100644 --- a/dovecot-2.2.22-systemd_w_protectsystem.patch +++ b/dovecot-2.2.22-systemd_w_protectsystem.patch @@ -1,14 +1,11 @@ -diff -up dovecot-2.2.28/dovecot.service.in.systemd_w_protectsystem dovecot-2.2.28/dovecot.service.in ---- dovecot-2.2.28/dovecot.service.in.systemd_w_protectsystem 2017-02-27 10:00:14.647423500 +0100 -+++ dovecot-2.2.28/dovecot.service.in 2017-02-27 10:02:18.051377067 +0100 -@@ -20,8 +20,8 @@ ExecReload=@bindir@/doveadm reload +diff -up dovecot-2.3.0.1/dovecot.service.in.systemd_w_protectsystem dovecot-2.3.0.1/dovecot.service.in +--- dovecot-2.3.0.1/dovecot.service.in.systemd_w_protectsystem 2018-03-01 10:41:05.591067106 +0100 ++++ dovecot-2.3.0.1/dovecot.service.in 2018-03-01 10:42:52.859959021 +0100 +@@ -20,6 +20,7 @@ ExecReload=@bindir@/doveadm reload ExecStop=@bindir@/doveadm stop PrivateTmp=true NonBlocking=yes --# Enable this if your systemd is new enough to support it: --#ProtectSystem=full -+# Enable this if your systemd is new enough to support it: (it will make /usr /boot /etc read only for dovecot) -+ProtectSystem=full - - # You can add environment variables with e.g.: - #Environment='CORE_OUTOFMEM=1' ++# this will make /usr /boot /etc read only for dovecot + ProtectSystem=full + PrivateDevices=true + # disable this if you want to use apparmor plugin diff --git a/dovecot.spec b/dovecot.spec index d822dc3..43c8158 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,19 +3,19 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.33.2 +Version: 2.3.0.1 %global prever %{nil} -Release: 5%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons URL: http://www.dovecot.org/ -Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz +Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.21 -Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz +%global pigeonholever 0.5.0.1 +Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -29,7 +29,6 @@ Patch3: dovecot-1.0.rc7-mkcert-paths.patch #wait for network Patch6: dovecot-2.1.10-waitonline.patch -Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch @@ -131,11 +130,10 @@ This package provides the development files for dovecot. %patch2 -p1 -b .mkcert-permissions %patch3 -p1 -b .mkcert-paths %patch6 -p1 -b .waitonline -%patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem -#pushd dovecot-2*2-pigeonhole-%{pigeonholever} +#pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in @@ -184,7 +182,7 @@ sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10 make %{?_smp_mflags} #pigeonhole -pushd dovecot-2*2-pigeonhole-%{pigeonholever} +pushd dovecot-2*3-pigeonhole-%{pigeonholever} # required for snapshot [ -f configure ] || autoreconf -fiv @@ -208,7 +206,7 @@ make install DESTDIR=$RPM_BUILD_ROOT mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall -pushd dovecot-2*2-pigeonhole-%{pigeonholever} +pushd dovecot-2*3-pigeonhole-%{pigeonholever} make install DESTDIR=$RPM_BUILD_ROOT mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole @@ -347,7 +345,7 @@ fi %check make check -cd dovecot-2*2-pigeonhole-%{pigeonholever} +cd dovecot-2*3-pigeonhole-%{pigeonholever} make check %files @@ -410,7 +408,6 @@ make check %dir %{_libdir}/dovecot %dir %{_libdir}/dovecot/auth %dir %{_libdir}/dovecot/dict -%dir %{_libdir}/dovecot/stats %{_libdir}/dovecot/doveadm %exclude %{_libdir}/dovecot/doveadm/*sieve* %{_libdir}/dovecot/*.so.* @@ -424,8 +421,6 @@ make check %{_libdir}/dovecot/auth/libdriver_sqlite.so %{_libdir}/dovecot/dict/libdriver_sqlite.so %{_libdir}/dovecot/dict/libdict_ldap.so -%{_libdir}/dovecot/stats/libstats_auth.so -%{_libdir}/dovecot/stats/libstats_mail.so %{_libdir}/dovecot/libdriver_sqlite.so %{_libdir}/dovecot/libssl_iostream_openssl.so %{_libdir}/dovecot/libfs_compress.so @@ -496,6 +491,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Mar 01 2018 Michal Hlavinka - 1:2.3.0.1-1 +- dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1 + * Fri Feb 09 2018 Igor Gnatenko - 1:2.2.33.2-5 - Escape macros in %%changelog diff --git a/sources b/sources index 7e35512..c5c7083 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.33.2.tar.gz) = 028910a4d02b1630f1ada4d1c45fcc3ea2057969db7078a78d46e2a578b4dceaf8be0ac8de4a613b4890019e721871f2d366ec651db658da4cc72977d3e09931 -SHA512 (dovecot-2.2-pigeonhole-0.4.21.tar.gz) = 4751f449ede1b05173c706b414ebf9f7f670ff78589ce6f0b687c32c9abe6dae8b3064ed1b20e893d9ec0147b0139ce479e1d74ebe94747c33f2d8ca177912de +SHA512 (dovecot-2.3.0.1.tar.gz) = 2b30c46c1660f425f6303a15cf638388439fd7a8065c91d28caf41d9a6403a4fccb530df3f69037a634bc3b0b9e498037da6b0b93c176f5e3b5808907d3f759d +SHA512 (dovecot-2.3-pigeonhole-0.5.0.1.tar.gz) = 60016145caa444eeba13b49735f87ab2ebe7f178f104ad57283b5aa7e5119920d9f579032b775547e0866e86045a4ab653fd084068187d0cbe2e088cc15fc288 From 8a2b51c871ce6d7020b9072a473e74579954b4e1 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Sun, 4 Mar 2018 16:30:54 +0000 Subject: [PATCH 010/146] use wildcards in source file names --- .gitignore | 126 +---------------------------------------------------- 1 file changed, 2 insertions(+), 124 deletions(-) diff --git a/.gitignore b/.gitignore index 84688a6..0628189 100644 --- a/.gitignore +++ b/.gitignore @@ -1,124 +1,2 @@ -dovecot-2.0.rc3.tar.gz -pigeonhole-snap01ee63b788c9.tar.bz2 -dovecot-2.0.rc4.tar.gz -pigeonhole-snapcac6acdc4d0e.tar.bz2 -dovecot-2.0.rc5.tar.gz -pigeonhole-snap0592366457df.tar.bz2 -/dovecot-2.0.0.tar.gz -/pigeonhole-snap1ae9569b0383.tar.bz2 -/dovecot-2.0.1.tar.gz -/pigeonhole-snapd51650c8af85.tar.bz2 -/dovecot-2.0.2.tar.gz -/pigeonhole-snapfbcb05e7eda1.tar.bz2 -/dovecot-2.0.3.tar.gz -/pigeonhole-snapcb4c1ebecff3.tar.bz2 -/dovecot-2.0.4.tar.gz -/pigeonhole-snap824454514f08.tar.bz2 -/dovecot-2.0.5.tar.gz -/pigeonhole-snapa50464354f5a.tar.bz2 -/dovecot-2.0.6.tar.gz -/pigeonhole-snap2023f8c74250.tar.bz2 -/dovecot-2.0.7.tar.gz -/pigeonhole-snapa8cc6294071e.tar.bz2 -/dovecot-2.0.8.tar.gz -/pigeonhole-snap67d2240966ec.tar.bz2 -/dovecot-2.0-pigeonhole-0.2.2.tar.gz -/dovecot-2.0.9.tar.gz -/dovecot-2.0.11.tar.gz -/dovecot-2.0.12.tar.gz -/dovecot-2.0-pigeonhole-0.2.3.tar.gz -/dovecot-2.0.13.tar.gz -/dovecot-2.0.14.tar.gz -/dovecot-2.0.15.tar.gz -/dovecot-2.0.16.tar.gz -/dovecot-2.1.rc1.tar.gz -/dovecot-2.1-pigeonhole-b3bff60a18da.tar.bz2 -/dovecot-2.1.rc3.tar.gz -/dovecot-2.1.rc5.tar.gz -/dovecot-2.1-pigeonhole-a130a50f82e1.tar.bz2 -/dovecot-2.1.rc6.tar.gz -/dovecot-2.1-pigeonhole-b2a456e15ed5.tar.bz2 -/dovecot-2.1.0.tar.gz -/dovecot-2.1-pigeonhole-0.3.0.tar.gz -/dovecot-2.1.1.tar.gz -/pigeonhole-snap67950c9d3675.tar.bz2 -/dovecot-2.1.2.tar.gz -/pigeonhole-snap08a2d2718a65.tar.bz2 -/dovecot-2.1.3.tar.gz -/dovecot-2.1.4.tar.gz -/dovecot-2.1.5.tar.gz -/dovecot-2.1.6.tar.gz -/dovecot-2.1.7.tar.gz -/dovecot-2.1-pigeonhole-0.3.1.tar.gz -/dovecot-2.1.8.tar.gz -/dovecot-2.1.9.tar.gz -/dovecot-2.1.10.tar.gz -/dovecot-2.1-pigeonhole-0.3.3.tar.gz -/dovecot-2.1.12.tar.gz -/dovecot-2.1.13.tar.gz -/dovecot-2.1.14.tar.gz -/dovecot-2.1.15.tar.gz -/dovecot-2.2.rc2.tar.gz -/pigeonhole-99eec511aa2c.tar.bz2 -/dovecot-2.2.rc3.tar.gz -/dovecot-2.2.rc4.tar.gz -/dovecot-2.2.0.tar.gz -/dovecot-2.2.1.tar.gz -/pigeonhole-snape42a38f02d28.tar.bz2 -/dovecot-2.2-pigeonhole-0.4.0.tar.gz -/dovecot-2.2.2.tar.gz -/dovecot-2.2.3.tar.gz -/dovecot-2.2.4.tar.gz -/dovecot-2.2-pigeonhole-0.4.1.tar.gz -/dovecot-2.2.5.tar.gz -/dovecot-2.2.6.tar.gz -/dovecot-2.2-pigeonhole-0.4.2.tar.gz -/dovecot-2.2.7.tar.gz -/dovecot-2.2.8.tar.gz -/dovecot-2.2.9.tar.gz -/dovecot-2.2.10.tar.gz -/dovecot-2.2.11.tar.gz -/dovecot-2.2.12.tar.gz -/dovecot-2.2.13.tar.gz -/dovecot-2.2.14.tar.gz -/dovecot-2.2-pigeonhole-0.4.3.tar.gz -/dovecot-2.2.15.tar.gz -/pigeonhole-snapded0c5a467aa.tar.bz2 -/dovecot-2.2-pigeonhole-0.4.6.tar.gz -/dovecot-2.2.16.tar.gz -/dovecot-2.2.17.tar.gz -/dovecot-2.2.18.tar.gz -/dovecot-2.2-pigeonhole-0.4.7.tar.gz -/dovecot-2.2-pigeonhole-0.4.8.tar.gz -/dovecot-2.2.19.tar.gz -/dovecot-2.2-pigeonhole-0.4.9.tar.gz -/dovecot-2.2.20.tar.gz -/dovecot-2.2.21.tar.gz -/dovecot-2.2-pigeonhole-0.4.10.tar.gz -/dovecot-2.2-pigeonhole-0.4.11.tar.gz -/dovecot-2.2-pigeonhole-0.4.12.tar.gz -/dovecot-2.2.22.tar.gz -/dovecot-2.2.23.tar.gz -/dovecot-2.2-pigeonhole-0.4.13.tar.gz -/dovecot-2.2.24.tar.gz -/dovecot-2.2-pigeonhole-0.4.14.tar.gz -/dovecot-2.2.25.tar.gz -/dovecot-2.2.26.0.tar.gz -/dovecot-2.2-pigeonhole-0.4.16.tar.gz -/dovecot-2.2.27.tar.gz -/dovecot-2.2.28.tar.gz -/dovecot-2.2-pigeonhole-0.4.17.tar.gz -/dovecot-2.2.29.tar.gz -/dovecot-2.2.29.1.tar.gz -/dovecot-2.2-pigeonhole-0.4.18.tar.gz -/dovecot-2.2.30.1.tar.gz -/dovecot-2.2.30.2.tar.gz -/dovecot-2.2.31.tar.gz -/dovecot-2.2-pigeonhole-0.4.19.tar.gz -/dovecot-2.2.32.tar.gz -/dovecot-2.2-pigeonhole-0.4.20.tar.gz -/dovecot-2.2.33.1.tar.gz -/dovecot-2.2-pigeonhole-0.4.21.tar.gz -/dovecot-2.2.33.2.tar.gz -/dovecot-2.3.0.1.tar.gz -/dovecot-2.3-pigeonhole-0.5.0.1.tar.gz +/dovecot-*.tar.gz +/pigeonhole-*.tar.bz2 From 6f1094ca9fe98d12f97b9ed8344ec9d9a5a17668 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 21 Mar 2018 17:17:24 +0100 Subject: [PATCH 011/146] add gcc buildrequire --- dovecot.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 43c8158..fcd1257 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.0.1 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -35,7 +35,7 @@ Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Source15: prestartscript -BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel +BuildRequires: gcc openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel BuildRequires: postgresql-devel @@ -491,6 +491,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Mar 07 2018 Michal Hlavinka - 1:2.3.0.1-2 +- add gcc buildrequire + * Thu Mar 01 2018 Michal Hlavinka - 1:2.3.0.1-1 - dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1 From 233f79dabd2f0f71077b276c891f3303d7799299 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 27 Mar 2018 12:40:22 +0200 Subject: [PATCH 012/146] use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520) --- dovecot-2.3.0.1-libxcrypt.patch | 11 +++++++++++ dovecot.spec | 11 ++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.3.0.1-libxcrypt.patch diff --git a/dovecot-2.3.0.1-libxcrypt.patch b/dovecot-2.3.0.1-libxcrypt.patch new file mode 100644 index 0000000..a8c33bf --- /dev/null +++ b/dovecot-2.3.0.1-libxcrypt.patch @@ -0,0 +1,11 @@ +diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c +--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.000000000 +0100 ++++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200 +@@ -14,6 +14,7 @@ + # define _XPG6 /* Some Solaris versions require this, some break with this */ + #endif + #include ++#include + + #include "mycrypt.h" + diff --git a/dovecot.spec b/dovecot.spec index fcd1257..92f4f15 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.0.1 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -32,6 +32,7 @@ Patch6: dovecot-2.1.10-waitonline.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch +Patch10: dovecot-2.3.0.1-libxcrypt.patch Source15: prestartscript @@ -44,6 +45,7 @@ BuildRequires: mysql-devel BuildRequires: tcp_wrappers-devel %else BuildRequires: mariadb-connector-c-devel +BuildRequires: libxcrypt-devel %endif BuildRequires: openldap-devel BuildRequires: krb5-devel @@ -132,6 +134,7 @@ This package provides the development files for dovecot. %patch6 -p1 -b .waitonline %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem +%patch10 -p1 -b .libxcrypt #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -382,6 +385,7 @@ make check %config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-imap.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-lmtp.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-pop3.conf +%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-submission.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-acl.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-quota.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-plugin.conf @@ -428,6 +432,8 @@ make check %{_libdir}/dovecot/libfs_mail_crypt.so %{_libdir}/dovecot/libdcrypt_openssl.so %{_libdir}/dovecot/lib20_var_expand_crypt.so +%{_libdir}/dovecot/old-stats/libold_stats_mail.so +%{_libdir}/dovecot/old-stats/libstats_auth.so %dir %{_libdir}/dovecot/settings @@ -491,6 +497,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Mar 27 2018 Michal Hlavinka - 1:2.3.0.1-3 +- use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520) + * Wed Mar 07 2018 Michal Hlavinka - 1:2.3.0.1-2 - add gcc buildrequire From 4e81ae69303618da7d1572374ae5f5566a82a287 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 28 Mar 2018 10:43:59 +0200 Subject: [PATCH 013/146] dovecot updated to 2.3.1, pigeonhole updated to 0.5.1 --- dovecot.spec | 9 ++++++--- sources | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 92f4f15..f466d86 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.0.1 +Version: 2.3.1 %global prever %{nil} -Release: 3%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.0.1 +%global pigeonholever 0.5.1 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -497,6 +497,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Mar 28 2018 Michal Hlavinka - 1:2.3.1-1 +- dovecot updated to 2.3.1, pigeonhole updated to 0.5.1 + * Tue Mar 27 2018 Michal Hlavinka - 1:2.3.0.1-3 - use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520) diff --git a/sources b/sources index c5c7083..32f0896 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.0.1.tar.gz) = 2b30c46c1660f425f6303a15cf638388439fd7a8065c91d28caf41d9a6403a4fccb530df3f69037a634bc3b0b9e498037da6b0b93c176f5e3b5808907d3f759d -SHA512 (dovecot-2.3-pigeonhole-0.5.0.1.tar.gz) = 60016145caa444eeba13b49735f87ab2ebe7f178f104ad57283b5aa7e5119920d9f579032b775547e0866e86045a4ab653fd084068187d0cbe2e088cc15fc288 +SHA512 (dovecot-2.3.1.tar.gz) = fe664ab771145f2390fef45839ff2756e36731c61e571dfa6975014f9cea43144e2aca0acf1a83b1dac55ad50042d0fa170b83570aa411228557861ada410b79 +SHA512 (dovecot-2.3-pigeonhole-0.5.1.tar.gz) = 5d65c3c9f3131c4e82287d054bd8b963d7c56c3e0677d7384881cf109ca82080d6222f672d8f973447d98be823a4df5bf43760d4ba87b76447d13abab30130c4 From 8a7475f62a0ef6e3ec0fa8dc363f4cb5380e9fcd Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 28 Mar 2018 16:20:45 +0200 Subject: [PATCH 014/146] fix ftbfs - murmurhash3 check fail --- dovecot-2.3.1-murmurfix.patch | 280 ++++++++++++++++++++++++++++++++++ dovecot.spec | 9 +- 2 files changed, 288 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.3.1-murmurfix.patch diff --git a/dovecot-2.3.1-murmurfix.patch b/dovecot-2.3.1-murmurfix.patch new file mode 100644 index 0000000..b096717 --- /dev/null +++ b/dovecot-2.3.1-murmurfix.patch @@ -0,0 +1,280 @@ +diff -up dovecot-2.3.1/src/lib/murmurhash3.c.murmurfix dovecot-2.3.1/src/lib/murmurhash3.c +--- dovecot-2.3.1/src/lib/murmurhash3.c.murmurfix 2017-12-28 09:46:56.000000000 +0100 ++++ dovecot-2.3.1/src/lib/murmurhash3.c 2018-03-28 13:45:07.282004287 +0200 +@@ -23,7 +23,7 @@ + + static inline uint32_t getblock32(const uint32_t *p, int i) + { +- return p[i]; ++ return le32_to_cpu(p[i]); + } + + //----------------------------------------------------------------------------- +@@ -94,6 +94,8 @@ void murmurhash3_32 (const void *key, si + + h1 = fmix32(h1); + ++ h1 = cpu32_to_be(h1); ++ + memcpy(out, &h1, sizeof(h1)); + } + +@@ -103,7 +105,7 @@ void murmurhash3_32 (const void *key, si + + static inline uint64_t getblock64(const uint64_t *p, int i) + { +- return p[i]; ++ return le64_to_cpu(p[i]); + } + + static inline uint64_t fmix64(uint64_t k) +@@ -206,6 +208,9 @@ void murmurhash3_128(const void *key, si + h1 += h2; + h2 += h1; + ++ h1 = cpu64_to_be(h1); ++ h2 = cpu64_to_be(h2); ++ + memcpy(out, &h1, sizeof(h1)); + memcpy(out+sizeof(h1), &h2, sizeof(h2)); + } +@@ -323,6 +328,11 @@ void murmurhash3_128(const void *key, si + h1 += h2; h1 += h3; h1 += h4; + h2 += h1; h3 += h1; h4 += h1; + ++ h1 = cpu32_to_be(h1); ++ h2 = cpu32_to_be(h2); ++ h3 = cpu32_to_be(h3); ++ h4 = cpu32_to_be(h4); ++ + memcpy(out, &h1, sizeof(h1)); + memcpy(out+sizeof(h1), &h2, sizeof(h2)); + memcpy(out+sizeof(h1)*2, &h3, sizeof(h3)); +diff -up dovecot-2.3.1/src/lib/test-murmurhash3.c.murmurfix dovecot-2.3.1/src/lib/test-murmurhash3.c +--- dovecot-2.3.1/src/lib/test-murmurhash3.c.murmurfix 2018-03-20 11:15:40.000000000 +0100 ++++ dovecot-2.3.1/src/lib/test-murmurhash3.c 2018-03-28 13:45:15.207074149 +0200 +@@ -7,7 +7,19 @@ struct murmur3_test_vectors { + const char *input; + size_t len; + uint32_t seed; +- uint32_t result[4]; /* fits all results */ ++ ++ /* murmurhash3_128() produces a different output on ILP32 and LP64 ++ systems (by design). Therefore, we must use different expected ++ results based on what system we're on. We define both all the ++ time, but use the below pre-processor magic to select which ++ version we'll use. */ ++ uint8_t result_ilp32[MURMURHASH3_128_RESULTBYTES]; /* fits all results */ ++ uint8_t result_lp64[MURMURHASH3_128_RESULTBYTES]; /* fits all results */ ++#ifdef _LP64 ++#define result result_lp64 ++#else ++#define result result_ilp32 ++#endif + }; + + static void test_murmurhash3_algorithm(const char *name, +@@ -29,24 +41,49 @@ static void test_murmurhash3_algorithm(c + + static void test_murmurhash3_32(void) + { ++ /* murmurhash3_32() produces the same output on both ILP32 and LP64 ++ systems, so use the same expected outputs for both */ + struct murmur3_test_vectors vectors[] = { +- { "", 0, 0, { 0, 0, 0, 0}}, +- { "", 0, 0x1, { 0x514E28B7, 0, 0, 0 }}, +- { "", 0, 0xFFFFFFFF, { 0x81F16F39, 0, 0, 0 }}, +- { "\0\0\0\0", 4, 0, { 0x2362F9DE, 0, 0, 0 }}, +- { "aaaa", 4, 0x9747b28c, { 0x5A97808A, 0, 0, 0 }}, +- { "aaa", 3, 0x9747b28c, { 0x283E0130, 0, 0, 0 }}, +- { "aa", 2, 0x9747b28c, { 0x5D211726, 0, 0, 0 }}, +- { "a", 1, 0x9747b28c, { 0x7FA09EA6, 0, 0, 0 }}, +- { "abcd", 4, 0x9747b28c, { 0xF0478627, 0, 0, 0 }}, +- { "abc", 3, 0x9747b28c, { 0xC84A62DD, 0, 0, 0 }}, +- { "ab", 2, 0x9747b28c, { 0x74875592, 0, 0, 0 }}, +- { "Hello, world!", 13, 0x9747b28c, { 0x24884CBA, 0, 0, 0 }}, ++ { "", 0, 0, { 0, }, { 0, } }, ++ { "", 0, 0x1, ++ { 0x51, 0x4E, 0x28, 0xB7, }, ++ { 0x51, 0x4E, 0x28, 0xB7, } }, ++ { "", 0, 0xFFFFFFFF, ++ { 0x81, 0xF1, 0x6F, 0x39, }, ++ { 0x81, 0xF1, 0x6F, 0x39, } }, ++ { "\0\0\0\0", 4, 0, ++ { 0x23, 0x62, 0xF9, 0xDE, }, ++ { 0x23, 0x62, 0xF9, 0xDE, } }, ++ { "aaaa", 4, 0x9747b28c, ++ { 0x5A, 0x97, 0x80, 0x8A, }, ++ { 0x5A, 0x97, 0x80, 0x8A, } }, ++ { "aaa", 3, 0x9747b28c, ++ { 0x28, 0x3E, 0x01, 0x30, }, ++ { 0x28, 0x3E, 0x01, 0x30, } }, ++ { "aa", 2, 0x9747b28c, ++ { 0x5D, 0x21, 0x17, 0x26, }, ++ { 0x5D, 0x21, 0x17, 0x26, } }, ++ { "a", 1, 0x9747b28c, ++ { 0x7F, 0xA0, 0x9E, 0xA6, }, ++ { 0x7F, 0xA0, 0x9E, 0xA6, } }, ++ { "abcd", 4, 0x9747b28c, ++ { 0xF0, 0x47, 0x86, 0x27, }, ++ { 0xF0, 0x47, 0x86, 0x27, } }, ++ { "abc", 3, 0x9747b28c, ++ { 0xC8, 0x4A, 0x62, 0xDD, }, ++ { 0xC8, 0x4A, 0x62, 0xDD, } }, ++ { "ab", 2, 0x9747b28c, ++ { 0x74, 0x87, 0x55, 0x92, }, ++ { 0x74, 0x87, 0x55, 0x92, } }, ++ { "Hello, world!", 13, 0x9747b28c, ++ { 0x24, 0x88, 0x4C, 0xBA, }, ++ { 0x24, 0x88, 0x4C, 0xBA, } }, + { + "\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80", + 16, + 0x9747b28c, +- { 0xD58063C1, 0, 0, 0 } ++ { 0xD5, 0x80, 0x63, 0xC1, }, ++ { 0xD5, 0x80, 0x63, 0xC1, } + }, /* 8 U+03C0 (Greek Small Letter Pi) */ + { + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +@@ -56,7 +93,8 @@ static void test_murmurhash3_32(void) + "aaaaaaaaaaaaaaaaaaaa", + 256, + 0x9747b28c, +- { 0x37405BDC, 0, 0, 0 } ++ { 0x37, 0x40, 0x5B, 0xDC, }, ++ { 0x37, 0x40, 0x5B, 0xDC, } + }, + }; + +@@ -67,25 +105,73 @@ static void test_murmurhash3_32(void) + + static void test_murmurhash3_128(void) + { ++ /* murmurhash3_128() produces a different output on ILP32 and LP64 ++ systems (by design). */ + struct murmur3_test_vectors vectors[] = { +-#ifdef _LP64 +- { "", 0, 0x00000000, { 0x00000000, 0x00000000, 0x00000000, 0x00000000 }}, +- { "", 0, 0x00000001, { 0x6eff5cb5, 0x4610abe5, 0x78f83583, 0x51622daa }}, +- { "", 0, 0xffffffff, { 0x9d3bc9ec, 0x6af1df4d, 0x1ee6446b, 0x85742112 }}, +- { "\0\0\0\0", 4, 0x00000000, { 0xd84c76bc, 0xcfa0f7dd, 0x1cf526f1, 0x58962316 }}, +- { "aaaa", 4, 0x9747b28c, { 0x5e649bf0, 0xb4e0a5f7, 0x038c569f, 0xa5d3e8e9 }}, +- { "aaa", 3, 0x9747b28c, { 0xe4c7466b, 0x8ea5e37a, 0x35dc931c, 0xf925bef0 }}, +- { "aa", 2, 0x9747b28c, { 0xbee5bb1f, 0x12a698a9, 0x5e269401, 0xe93630ff }}, +- { "a", 1, 0x9747b28c, { 0x2db25a1d, 0x5ce8d851, 0x9208f004, 0x9e6dab0f }}, +- { "abcd", 4, 0x9747b28c, { 0xac553791, 0x49b4709e, 0xe9d3a7bb, 0x8a7e67e7 }}, +- { "abc", 3, 0x9747b28c, { 0xbfc3cedc, 0x3743630d, 0x20b504bf, 0xcde0a234 }}, +- { "ab", 2, 0x9747b28c, { 0x1a44280b, 0x8434eead, 0x63ce372b, 0x7eb933e7 }}, +- { "Hello, world!", 13, 0x9747b28c, { 0x62a8392e, 0xedc485d6, 0x31d576ba, 0xf85e7e76 }}, ++ { "", 0, 0x00000000, { 0, }, { 0, }}, ++ { "", 0, 0x00000001, ++ { 0x88, 0xc4, 0xad, 0xec, 0x54, 0xd2, 0x01, 0xb9, ++ 0x54, 0xd2, 0x01, 0xb9, 0x54, 0xd2, 0x01, 0xb9 }, ++ { 0x46, 0x10, 0xab, 0xe5, 0x6e, 0xff, 0x5c, 0xb5, ++ 0x51, 0x62, 0x2d, 0xaa, 0x78, 0xf8, 0x35, 0x83 }}, ++ { "", 0, 0xffffffff, ++ { 0x05, 0x1e, 0x08, 0xa9, 0x98, 0x9d, 0x49, 0xf7, ++ 0x98, 0x9d, 0x49, 0xf7, 0x98, 0x9d, 0x49, 0xf7 }, ++ { 0x6a, 0xf1, 0xdf, 0x4d, 0x9d, 0x3b, 0xc9, 0xec, ++ 0x85, 0x74, 0x21, 0x12, 0x1e, 0xe6, 0x44, 0x6b }}, ++ { "\0\0\0\0", 4, 0x00000000, ++ { 0xcc, 0x06, 0x6f, 0x1f, 0x9e, 0x51, 0x78, 0x40, ++ 0x9e, 0x51, 0x78, 0x40, 0x9e, 0x51, 0x78, 0x40 }, ++ { 0xcf, 0xa0, 0xf7, 0xdd, 0xd8, 0x4c, 0x76, 0xbc, ++ 0x58, 0x96, 0x23, 0x16, 0x1c, 0xf5, 0x26, 0xf1 }}, ++ { "aaaa", 4, 0x9747b28c, ++ { 0x36, 0x80, 0x4c, 0xef, 0x2a, 0x61, 0xc2, 0x24, ++ 0x2a, 0x61, 0xc2, 0x24, 0x2a, 0x61, 0xc2, 0x24 }, ++ { 0xb4, 0xe0, 0xa5, 0xf7, 0x5e, 0x64, 0x9b, 0xf0, ++ 0xa5, 0xd3, 0xe8, 0xe9, 0x03, 0x8c, 0x56, 0x9f }}, ++ { "aaa", 3, 0x9747b28c, ++ { 0x83, 0x83, 0x89, 0xbe, 0x9a, 0xad, 0x7f, 0x88, ++ 0x9a, 0xad, 0x7f, 0x88, 0x9a, 0xad, 0x7f, 0x88 }, ++ { 0x8e, 0xa5, 0xe3, 0x7a, 0xe4, 0xc7, 0x46, 0x6b, ++ 0xf9, 0x25, 0xbe, 0xf0, 0x35, 0xdc, 0x93, 0x1c }}, ++ { "aa", 2, 0x9747b28c, ++ { 0xdf, 0xbe, 0x4a, 0x86, 0x4a, 0x9c, 0x35, 0x0b, ++ 0x4a, 0x9c, 0x35, 0x0b, 0x4a, 0x9c, 0x35, 0x0b }, ++ { 0x12, 0xa6, 0x98, 0xa9, 0xbe, 0xe5, 0xbb, 0x1f, ++ 0xe9, 0x36, 0x30, 0xff, 0x5e, 0x26, 0x94, 0x01 }}, ++ { "a", 1, 0x9747b28c, ++ { 0x08, 0x4e, 0xf9, 0x44, 0x21, 0xa1, 0x18, 0x6e, ++ 0x21, 0xa1, 0x18, 0x6e, 0x21, 0xa1, 0x18, 0x6e }, ++ { 0x5c, 0xe8, 0xd8, 0x51, 0x2d, 0xb2, 0x5a, 0x1d, ++ 0x9e, 0x6d, 0xab, 0x0f, 0x92, 0x08, 0xf0, 0x04 }}, ++ { "abcd", 4, 0x9747b28c, ++ { 0x47, 0x95, 0xc5, 0x29, 0xce, 0xc1, 0x88, 0x5e, ++ 0xce, 0xc1, 0x88, 0x5e, 0xce, 0xc1, 0x88, 0x5e }, ++ { 0x49, 0xb4, 0x70, 0x9e, 0xac, 0x55, 0x37, 0x91, ++ 0x8a, 0x7e, 0x67, 0xe7, 0xe9, 0xd3, 0xa7, 0xbb }}, ++ { "abc", 3, 0x9747b28c, ++ { 0xd6, 0x35, 0x9e, 0xaf, 0x48, 0xfc, 0x3a, 0xc3, ++ 0x48, 0xfc, 0x3a, 0xc3, 0x48, 0xfc, 0x3a, 0xc3 }, ++ { 0x37, 0x43, 0x63, 0x0d, 0xbf, 0xc3, 0xce, 0xdc, ++ 0xcd, 0xe0, 0xa2, 0x34, 0x20, 0xb5, 0x04, 0xbf }}, ++ { "ab", 2, 0x9747b28c, ++ { 0x38, 0x37, 0xd7, 0x95, 0xc7, 0xfe, 0x58, 0x96, ++ 0xc7, 0xfe, 0x58, 0x96, 0xc7, 0xfe, 0x58, 0x96 }, ++ { 0x84, 0x34, 0xee, 0xad, 0x1a, 0x44, 0x28, 0x0b, ++ 0x7e, 0xb9, 0x33, 0xe7, 0x63, 0xce, 0x37, 0x2b }}, ++ { "Hello, world!", 13, 0x9747b28c, ++ { 0x75, 0x6d, 0x54, 0x60, 0xbb, 0x87, 0x22, 0x16, ++ 0xb7, 0xd4, 0x8b, 0x7c, 0x53, 0xc8, 0xc6, 0x36 }, ++ { 0xed, 0xc4, 0x85, 0xd6, 0x62, 0xa8, 0x39, 0x2e, ++ 0xf8, 0x5e, 0x7e, 0x76, 0x31, 0xd5, 0x76, 0xba }}, + { + "\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80", + 16, + 0x9747b28c, +- { 0xc0361a1f, 0x96ea5bd8, 0x094be17b, 0xf8b72bd0 } ++ { 0xaf, 0x2a, 0xd3, 0x25, 0x3a, 0x74, 0xdf, 0x88, ++ 0x38, 0xcc, 0x75, 0x34, 0xf1, 0x97, 0xcc, 0x0d }, ++ { 0x96, 0xea, 0x5b, 0xd8, 0xc0, 0x36, 0x1a, 0x1f, ++ 0xf8, 0xb7, 0x2b, 0xd0, 0x09, 0x4b, 0xe1, 0x7b } + }, + { + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +@@ -95,38 +181,11 @@ static void test_murmurhash3_128(void) + "aaaaaaaaaaaaaaaaaaaa", + 256, + 0x9747b28c, +- { 0xa5dec1c4, 0x07bd957c, 0x1f6cee55, 0xc4d8bb8d } +- }, +-#else /* 32 bit test vectors */ +- { "", 0, 0x00000000, { 0x00000000, 0x00000000, 0x00000000, 0x00000000 }}, +- { "", 0, 0x00000001, { 0x88c4adec, 0x54d201b9, 0x54d201b9, 0x54d201b9 }}, +- { "", 0, 0xffffffff, { 0x051e08a9, 0x989d49f7, 0x989d49f7, 0x989d49f7 }}, +- { "\0\0\0\0", 4, 0x00000000, { 0xcc066f1f, 0x9e517840, 0x9e517840, 0x9e517840 }}, +- { "aaaa", 4, 0x9747b28c, { 0x36804cef, 0x2a61c224, 0x2a61c224, 0x2a61c224 }}, +- { "aaa", 3, 0x9747b28c, { 0x838389be, 0x9aad7f88, 0x9aad7f88, 0x9aad7f88 }}, +- { "aa", 2, 0x9747b28c, { 0xdfbe4a86, 0x4a9c350b, 0x4a9c350b, 0x4a9c350b }}, +- { "a", 1, 0x9747b28c, { 0x084ef944, 0x21a1186e, 0x21a1186e, 0x21a1186e }}, +- { "abcd", 4, 0x9747b28c, { 0x4795c529, 0xcec1885e, 0xcec1885e, 0xcec1885e }}, +- { "abc", 3, 0x9747b28c, { 0xd6359eaf, 0x48fc3ac3, 0x48fc3ac3, 0x48fc3ac3 }}, +- { "ab", 2, 0x9747b28c, { 0x3837d795, 0xc7fe5896, 0xc7fe5896, 0xc7fe5896 }}, +- { "Hello, world!", 13, 0x9747b28c, { 0x756d5460, 0xbb872216, 0xb7d48b7c, 0x53c8c636 }}, +- { +- "\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80", +- 16, +- 0x9747b28c, +- { 0xaf2ad325, 0x3a74df88, 0x38cc7534, 0xf197cc0d } ++ { 0xd3, 0xf2, 0xb7, 0xbb, 0xf6, 0x66, 0xc0, 0xcc, ++ 0xd4, 0xa4, 0x00, 0x60, 0x5e, 0xc8, 0xd3, 0x2a }, ++ { 0x07, 0xbd, 0x95, 0x7c, 0xa5, 0xde, 0xc1, 0xc4, ++ 0xc4, 0xd8, 0xbb, 0x8d, 0x1f, 0x6c, 0xee, 0x55 } + }, +- { +- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +- "aaaaaaaaaaaaaaaaaaaa", +- 256, +- 0x9747b28c, +- { 0xd3f2b7bb, 0xf666c0cc, 0xd4a40060, 0x5ec8d32a } +- }, +-#endif + }; + + test_murmurhash3_algorithm("murmurhash3_128", murmurhash3_128, diff --git a/dovecot.spec b/dovecot.spec index f466d86..1122e27 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.1 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -34,6 +34,9 @@ Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch +# from upstream, for dovecot < 2.3.2 +Patch11: dovecot-2.3.1-murmurfix.patch + Source15: prestartscript BuildRequires: gcc openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -135,6 +138,7 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem %patch10 -p1 -b .libxcrypt +%patch11 -p1 -b .murmurfix #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -497,6 +501,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Mar 28 2018 Michal Hlavinka - 1:2.3.1-2 +- fix ftbfs - murmurhash3 check fail + * Wed Mar 28 2018 Michal Hlavinka - 1:2.3.1-1 - dovecot updated to 2.3.1, pigeonhole updated to 0.5.1 From f874d6b553bf3c4bc9d58ef3fd448b4ef7f5a174 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 19 Apr 2018 16:20:52 +0200 Subject: [PATCH 015/146] fix typo and add c++ BR --- dovecot-2.0-defaultconfig.patch | 2 +- dovecot.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dovecot-2.0-defaultconfig.patch b/dovecot-2.0-defaultconfig.patch index 3f7173f..c18dd47 100644 --- a/dovecot-2.0-defaultconfig.patch +++ b/dovecot-2.0-defaultconfig.patch @@ -27,7 +27,7 @@ diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH # To disable non-EC DH, use: #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH -+ssl_ciper_list = PROFILE=SYSTEM ++ssl_cipher_list = PROFILE=SYSTEM # Colon separated list of elliptic curves to use. Empty value (the default) # means use the defaults from the SSL library. P-521:P-384:P-256 would be an diff --git a/dovecot.spec b/dovecot.spec index 1122e27..1baec19 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -39,7 +39,7 @@ Patch11: dovecot-2.3.1-murmurfix.patch Source15: prestartscript -BuildRequires: gcc openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel +BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel BuildRequires: postgresql-devel From b6cdfb140c0f3618c4531178f0f82f368e2b747f Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 9 Jul 2018 12:09:49 +0200 Subject: [PATCH 016/146] dovecot updated to 2.3.2, pigeonhole to 0.5.2 --- dovecot-2.2.22-systemd_w_protectsystem.patch | 10 +- dovecot-2.3.1-murmurfix.patch | 280 ------------------- dovecot.spec | 13 +- sources | 4 +- 4 files changed, 13 insertions(+), 294 deletions(-) delete mode 100644 dovecot-2.3.1-murmurfix.patch diff --git a/dovecot-2.2.22-systemd_w_protectsystem.patch b/dovecot-2.2.22-systemd_w_protectsystem.patch index 0ffb043..d00a9b9 100644 --- a/dovecot-2.2.22-systemd_w_protectsystem.patch +++ b/dovecot-2.2.22-systemd_w_protectsystem.patch @@ -1,11 +1,11 @@ -diff -up dovecot-2.3.0.1/dovecot.service.in.systemd_w_protectsystem dovecot-2.3.0.1/dovecot.service.in ---- dovecot-2.3.0.1/dovecot.service.in.systemd_w_protectsystem 2018-03-01 10:41:05.591067106 +0100 -+++ dovecot-2.3.0.1/dovecot.service.in 2018-03-01 10:42:52.859959021 +0100 -@@ -20,6 +20,7 @@ ExecReload=@bindir@/doveadm reload +diff -up dovecot-2.3.2/dovecot.service.in.systemd_w_protectsystem dovecot-2.3.2/dovecot.service.in +--- dovecot-2.3.2/dovecot.service.in.systemd_w_protectsystem 2018-07-09 12:00:13.359193526 +0200 ++++ dovecot-2.3.2/dovecot.service.in 2018-07-09 12:00:46.387716884 +0200 +@@ -23,6 +23,7 @@ ExecReload=@bindir@/doveadm reload ExecStop=@bindir@/doveadm stop PrivateTmp=true NonBlocking=yes +# this will make /usr /boot /etc read only for dovecot ProtectSystem=full + ProtectHome=no PrivateDevices=true - # disable this if you want to use apparmor plugin diff --git a/dovecot-2.3.1-murmurfix.patch b/dovecot-2.3.1-murmurfix.patch deleted file mode 100644 index b096717..0000000 --- a/dovecot-2.3.1-murmurfix.patch +++ /dev/null @@ -1,280 +0,0 @@ -diff -up dovecot-2.3.1/src/lib/murmurhash3.c.murmurfix dovecot-2.3.1/src/lib/murmurhash3.c ---- dovecot-2.3.1/src/lib/murmurhash3.c.murmurfix 2017-12-28 09:46:56.000000000 +0100 -+++ dovecot-2.3.1/src/lib/murmurhash3.c 2018-03-28 13:45:07.282004287 +0200 -@@ -23,7 +23,7 @@ - - static inline uint32_t getblock32(const uint32_t *p, int i) - { -- return p[i]; -+ return le32_to_cpu(p[i]); - } - - //----------------------------------------------------------------------------- -@@ -94,6 +94,8 @@ void murmurhash3_32 (const void *key, si - - h1 = fmix32(h1); - -+ h1 = cpu32_to_be(h1); -+ - memcpy(out, &h1, sizeof(h1)); - } - -@@ -103,7 +105,7 @@ void murmurhash3_32 (const void *key, si - - static inline uint64_t getblock64(const uint64_t *p, int i) - { -- return p[i]; -+ return le64_to_cpu(p[i]); - } - - static inline uint64_t fmix64(uint64_t k) -@@ -206,6 +208,9 @@ void murmurhash3_128(const void *key, si - h1 += h2; - h2 += h1; - -+ h1 = cpu64_to_be(h1); -+ h2 = cpu64_to_be(h2); -+ - memcpy(out, &h1, sizeof(h1)); - memcpy(out+sizeof(h1), &h2, sizeof(h2)); - } -@@ -323,6 +328,11 @@ void murmurhash3_128(const void *key, si - h1 += h2; h1 += h3; h1 += h4; - h2 += h1; h3 += h1; h4 += h1; - -+ h1 = cpu32_to_be(h1); -+ h2 = cpu32_to_be(h2); -+ h3 = cpu32_to_be(h3); -+ h4 = cpu32_to_be(h4); -+ - memcpy(out, &h1, sizeof(h1)); - memcpy(out+sizeof(h1), &h2, sizeof(h2)); - memcpy(out+sizeof(h1)*2, &h3, sizeof(h3)); -diff -up dovecot-2.3.1/src/lib/test-murmurhash3.c.murmurfix dovecot-2.3.1/src/lib/test-murmurhash3.c ---- dovecot-2.3.1/src/lib/test-murmurhash3.c.murmurfix 2018-03-20 11:15:40.000000000 +0100 -+++ dovecot-2.3.1/src/lib/test-murmurhash3.c 2018-03-28 13:45:15.207074149 +0200 -@@ -7,7 +7,19 @@ struct murmur3_test_vectors { - const char *input; - size_t len; - uint32_t seed; -- uint32_t result[4]; /* fits all results */ -+ -+ /* murmurhash3_128() produces a different output on ILP32 and LP64 -+ systems (by design). Therefore, we must use different expected -+ results based on what system we're on. We define both all the -+ time, but use the below pre-processor magic to select which -+ version we'll use. */ -+ uint8_t result_ilp32[MURMURHASH3_128_RESULTBYTES]; /* fits all results */ -+ uint8_t result_lp64[MURMURHASH3_128_RESULTBYTES]; /* fits all results */ -+#ifdef _LP64 -+#define result result_lp64 -+#else -+#define result result_ilp32 -+#endif - }; - - static void test_murmurhash3_algorithm(const char *name, -@@ -29,24 +41,49 @@ static void test_murmurhash3_algorithm(c - - static void test_murmurhash3_32(void) - { -+ /* murmurhash3_32() produces the same output on both ILP32 and LP64 -+ systems, so use the same expected outputs for both */ - struct murmur3_test_vectors vectors[] = { -- { "", 0, 0, { 0, 0, 0, 0}}, -- { "", 0, 0x1, { 0x514E28B7, 0, 0, 0 }}, -- { "", 0, 0xFFFFFFFF, { 0x81F16F39, 0, 0, 0 }}, -- { "\0\0\0\0", 4, 0, { 0x2362F9DE, 0, 0, 0 }}, -- { "aaaa", 4, 0x9747b28c, { 0x5A97808A, 0, 0, 0 }}, -- { "aaa", 3, 0x9747b28c, { 0x283E0130, 0, 0, 0 }}, -- { "aa", 2, 0x9747b28c, { 0x5D211726, 0, 0, 0 }}, -- { "a", 1, 0x9747b28c, { 0x7FA09EA6, 0, 0, 0 }}, -- { "abcd", 4, 0x9747b28c, { 0xF0478627, 0, 0, 0 }}, -- { "abc", 3, 0x9747b28c, { 0xC84A62DD, 0, 0, 0 }}, -- { "ab", 2, 0x9747b28c, { 0x74875592, 0, 0, 0 }}, -- { "Hello, world!", 13, 0x9747b28c, { 0x24884CBA, 0, 0, 0 }}, -+ { "", 0, 0, { 0, }, { 0, } }, -+ { "", 0, 0x1, -+ { 0x51, 0x4E, 0x28, 0xB7, }, -+ { 0x51, 0x4E, 0x28, 0xB7, } }, -+ { "", 0, 0xFFFFFFFF, -+ { 0x81, 0xF1, 0x6F, 0x39, }, -+ { 0x81, 0xF1, 0x6F, 0x39, } }, -+ { "\0\0\0\0", 4, 0, -+ { 0x23, 0x62, 0xF9, 0xDE, }, -+ { 0x23, 0x62, 0xF9, 0xDE, } }, -+ { "aaaa", 4, 0x9747b28c, -+ { 0x5A, 0x97, 0x80, 0x8A, }, -+ { 0x5A, 0x97, 0x80, 0x8A, } }, -+ { "aaa", 3, 0x9747b28c, -+ { 0x28, 0x3E, 0x01, 0x30, }, -+ { 0x28, 0x3E, 0x01, 0x30, } }, -+ { "aa", 2, 0x9747b28c, -+ { 0x5D, 0x21, 0x17, 0x26, }, -+ { 0x5D, 0x21, 0x17, 0x26, } }, -+ { "a", 1, 0x9747b28c, -+ { 0x7F, 0xA0, 0x9E, 0xA6, }, -+ { 0x7F, 0xA0, 0x9E, 0xA6, } }, -+ { "abcd", 4, 0x9747b28c, -+ { 0xF0, 0x47, 0x86, 0x27, }, -+ { 0xF0, 0x47, 0x86, 0x27, } }, -+ { "abc", 3, 0x9747b28c, -+ { 0xC8, 0x4A, 0x62, 0xDD, }, -+ { 0xC8, 0x4A, 0x62, 0xDD, } }, -+ { "ab", 2, 0x9747b28c, -+ { 0x74, 0x87, 0x55, 0x92, }, -+ { 0x74, 0x87, 0x55, 0x92, } }, -+ { "Hello, world!", 13, 0x9747b28c, -+ { 0x24, 0x88, 0x4C, 0xBA, }, -+ { 0x24, 0x88, 0x4C, 0xBA, } }, - { - "\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80", - 16, - 0x9747b28c, -- { 0xD58063C1, 0, 0, 0 } -+ { 0xD5, 0x80, 0x63, 0xC1, }, -+ { 0xD5, 0x80, 0x63, 0xC1, } - }, /* 8 U+03C0 (Greek Small Letter Pi) */ - { - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -@@ -56,7 +93,8 @@ static void test_murmurhash3_32(void) - "aaaaaaaaaaaaaaaaaaaa", - 256, - 0x9747b28c, -- { 0x37405BDC, 0, 0, 0 } -+ { 0x37, 0x40, 0x5B, 0xDC, }, -+ { 0x37, 0x40, 0x5B, 0xDC, } - }, - }; - -@@ -67,25 +105,73 @@ static void test_murmurhash3_32(void) - - static void test_murmurhash3_128(void) - { -+ /* murmurhash3_128() produces a different output on ILP32 and LP64 -+ systems (by design). */ - struct murmur3_test_vectors vectors[] = { --#ifdef _LP64 -- { "", 0, 0x00000000, { 0x00000000, 0x00000000, 0x00000000, 0x00000000 }}, -- { "", 0, 0x00000001, { 0x6eff5cb5, 0x4610abe5, 0x78f83583, 0x51622daa }}, -- { "", 0, 0xffffffff, { 0x9d3bc9ec, 0x6af1df4d, 0x1ee6446b, 0x85742112 }}, -- { "\0\0\0\0", 4, 0x00000000, { 0xd84c76bc, 0xcfa0f7dd, 0x1cf526f1, 0x58962316 }}, -- { "aaaa", 4, 0x9747b28c, { 0x5e649bf0, 0xb4e0a5f7, 0x038c569f, 0xa5d3e8e9 }}, -- { "aaa", 3, 0x9747b28c, { 0xe4c7466b, 0x8ea5e37a, 0x35dc931c, 0xf925bef0 }}, -- { "aa", 2, 0x9747b28c, { 0xbee5bb1f, 0x12a698a9, 0x5e269401, 0xe93630ff }}, -- { "a", 1, 0x9747b28c, { 0x2db25a1d, 0x5ce8d851, 0x9208f004, 0x9e6dab0f }}, -- { "abcd", 4, 0x9747b28c, { 0xac553791, 0x49b4709e, 0xe9d3a7bb, 0x8a7e67e7 }}, -- { "abc", 3, 0x9747b28c, { 0xbfc3cedc, 0x3743630d, 0x20b504bf, 0xcde0a234 }}, -- { "ab", 2, 0x9747b28c, { 0x1a44280b, 0x8434eead, 0x63ce372b, 0x7eb933e7 }}, -- { "Hello, world!", 13, 0x9747b28c, { 0x62a8392e, 0xedc485d6, 0x31d576ba, 0xf85e7e76 }}, -+ { "", 0, 0x00000000, { 0, }, { 0, }}, -+ { "", 0, 0x00000001, -+ { 0x88, 0xc4, 0xad, 0xec, 0x54, 0xd2, 0x01, 0xb9, -+ 0x54, 0xd2, 0x01, 0xb9, 0x54, 0xd2, 0x01, 0xb9 }, -+ { 0x46, 0x10, 0xab, 0xe5, 0x6e, 0xff, 0x5c, 0xb5, -+ 0x51, 0x62, 0x2d, 0xaa, 0x78, 0xf8, 0x35, 0x83 }}, -+ { "", 0, 0xffffffff, -+ { 0x05, 0x1e, 0x08, 0xa9, 0x98, 0x9d, 0x49, 0xf7, -+ 0x98, 0x9d, 0x49, 0xf7, 0x98, 0x9d, 0x49, 0xf7 }, -+ { 0x6a, 0xf1, 0xdf, 0x4d, 0x9d, 0x3b, 0xc9, 0xec, -+ 0x85, 0x74, 0x21, 0x12, 0x1e, 0xe6, 0x44, 0x6b }}, -+ { "\0\0\0\0", 4, 0x00000000, -+ { 0xcc, 0x06, 0x6f, 0x1f, 0x9e, 0x51, 0x78, 0x40, -+ 0x9e, 0x51, 0x78, 0x40, 0x9e, 0x51, 0x78, 0x40 }, -+ { 0xcf, 0xa0, 0xf7, 0xdd, 0xd8, 0x4c, 0x76, 0xbc, -+ 0x58, 0x96, 0x23, 0x16, 0x1c, 0xf5, 0x26, 0xf1 }}, -+ { "aaaa", 4, 0x9747b28c, -+ { 0x36, 0x80, 0x4c, 0xef, 0x2a, 0x61, 0xc2, 0x24, -+ 0x2a, 0x61, 0xc2, 0x24, 0x2a, 0x61, 0xc2, 0x24 }, -+ { 0xb4, 0xe0, 0xa5, 0xf7, 0x5e, 0x64, 0x9b, 0xf0, -+ 0xa5, 0xd3, 0xe8, 0xe9, 0x03, 0x8c, 0x56, 0x9f }}, -+ { "aaa", 3, 0x9747b28c, -+ { 0x83, 0x83, 0x89, 0xbe, 0x9a, 0xad, 0x7f, 0x88, -+ 0x9a, 0xad, 0x7f, 0x88, 0x9a, 0xad, 0x7f, 0x88 }, -+ { 0x8e, 0xa5, 0xe3, 0x7a, 0xe4, 0xc7, 0x46, 0x6b, -+ 0xf9, 0x25, 0xbe, 0xf0, 0x35, 0xdc, 0x93, 0x1c }}, -+ { "aa", 2, 0x9747b28c, -+ { 0xdf, 0xbe, 0x4a, 0x86, 0x4a, 0x9c, 0x35, 0x0b, -+ 0x4a, 0x9c, 0x35, 0x0b, 0x4a, 0x9c, 0x35, 0x0b }, -+ { 0x12, 0xa6, 0x98, 0xa9, 0xbe, 0xe5, 0xbb, 0x1f, -+ 0xe9, 0x36, 0x30, 0xff, 0x5e, 0x26, 0x94, 0x01 }}, -+ { "a", 1, 0x9747b28c, -+ { 0x08, 0x4e, 0xf9, 0x44, 0x21, 0xa1, 0x18, 0x6e, -+ 0x21, 0xa1, 0x18, 0x6e, 0x21, 0xa1, 0x18, 0x6e }, -+ { 0x5c, 0xe8, 0xd8, 0x51, 0x2d, 0xb2, 0x5a, 0x1d, -+ 0x9e, 0x6d, 0xab, 0x0f, 0x92, 0x08, 0xf0, 0x04 }}, -+ { "abcd", 4, 0x9747b28c, -+ { 0x47, 0x95, 0xc5, 0x29, 0xce, 0xc1, 0x88, 0x5e, -+ 0xce, 0xc1, 0x88, 0x5e, 0xce, 0xc1, 0x88, 0x5e }, -+ { 0x49, 0xb4, 0x70, 0x9e, 0xac, 0x55, 0x37, 0x91, -+ 0x8a, 0x7e, 0x67, 0xe7, 0xe9, 0xd3, 0xa7, 0xbb }}, -+ { "abc", 3, 0x9747b28c, -+ { 0xd6, 0x35, 0x9e, 0xaf, 0x48, 0xfc, 0x3a, 0xc3, -+ 0x48, 0xfc, 0x3a, 0xc3, 0x48, 0xfc, 0x3a, 0xc3 }, -+ { 0x37, 0x43, 0x63, 0x0d, 0xbf, 0xc3, 0xce, 0xdc, -+ 0xcd, 0xe0, 0xa2, 0x34, 0x20, 0xb5, 0x04, 0xbf }}, -+ { "ab", 2, 0x9747b28c, -+ { 0x38, 0x37, 0xd7, 0x95, 0xc7, 0xfe, 0x58, 0x96, -+ 0xc7, 0xfe, 0x58, 0x96, 0xc7, 0xfe, 0x58, 0x96 }, -+ { 0x84, 0x34, 0xee, 0xad, 0x1a, 0x44, 0x28, 0x0b, -+ 0x7e, 0xb9, 0x33, 0xe7, 0x63, 0xce, 0x37, 0x2b }}, -+ { "Hello, world!", 13, 0x9747b28c, -+ { 0x75, 0x6d, 0x54, 0x60, 0xbb, 0x87, 0x22, 0x16, -+ 0xb7, 0xd4, 0x8b, 0x7c, 0x53, 0xc8, 0xc6, 0x36 }, -+ { 0xed, 0xc4, 0x85, 0xd6, 0x62, 0xa8, 0x39, 0x2e, -+ 0xf8, 0x5e, 0x7e, 0x76, 0x31, 0xd5, 0x76, 0xba }}, - { - "\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80", - 16, - 0x9747b28c, -- { 0xc0361a1f, 0x96ea5bd8, 0x094be17b, 0xf8b72bd0 } -+ { 0xaf, 0x2a, 0xd3, 0x25, 0x3a, 0x74, 0xdf, 0x88, -+ 0x38, 0xcc, 0x75, 0x34, 0xf1, 0x97, 0xcc, 0x0d }, -+ { 0x96, 0xea, 0x5b, 0xd8, 0xc0, 0x36, 0x1a, 0x1f, -+ 0xf8, 0xb7, 0x2b, 0xd0, 0x09, 0x4b, 0xe1, 0x7b } - }, - { - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -@@ -95,38 +181,11 @@ static void test_murmurhash3_128(void) - "aaaaaaaaaaaaaaaaaaaa", - 256, - 0x9747b28c, -- { 0xa5dec1c4, 0x07bd957c, 0x1f6cee55, 0xc4d8bb8d } -- }, --#else /* 32 bit test vectors */ -- { "", 0, 0x00000000, { 0x00000000, 0x00000000, 0x00000000, 0x00000000 }}, -- { "", 0, 0x00000001, { 0x88c4adec, 0x54d201b9, 0x54d201b9, 0x54d201b9 }}, -- { "", 0, 0xffffffff, { 0x051e08a9, 0x989d49f7, 0x989d49f7, 0x989d49f7 }}, -- { "\0\0\0\0", 4, 0x00000000, { 0xcc066f1f, 0x9e517840, 0x9e517840, 0x9e517840 }}, -- { "aaaa", 4, 0x9747b28c, { 0x36804cef, 0x2a61c224, 0x2a61c224, 0x2a61c224 }}, -- { "aaa", 3, 0x9747b28c, { 0x838389be, 0x9aad7f88, 0x9aad7f88, 0x9aad7f88 }}, -- { "aa", 2, 0x9747b28c, { 0xdfbe4a86, 0x4a9c350b, 0x4a9c350b, 0x4a9c350b }}, -- { "a", 1, 0x9747b28c, { 0x084ef944, 0x21a1186e, 0x21a1186e, 0x21a1186e }}, -- { "abcd", 4, 0x9747b28c, { 0x4795c529, 0xcec1885e, 0xcec1885e, 0xcec1885e }}, -- { "abc", 3, 0x9747b28c, { 0xd6359eaf, 0x48fc3ac3, 0x48fc3ac3, 0x48fc3ac3 }}, -- { "ab", 2, 0x9747b28c, { 0x3837d795, 0xc7fe5896, 0xc7fe5896, 0xc7fe5896 }}, -- { "Hello, world!", 13, 0x9747b28c, { 0x756d5460, 0xbb872216, 0xb7d48b7c, 0x53c8c636 }}, -- { -- "\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80\xcf\x80", -- 16, -- 0x9747b28c, -- { 0xaf2ad325, 0x3a74df88, 0x38cc7534, 0xf197cc0d } -+ { 0xd3, 0xf2, 0xb7, 0xbb, 0xf6, 0x66, 0xc0, 0xcc, -+ 0xd4, 0xa4, 0x00, 0x60, 0x5e, 0xc8, 0xd3, 0x2a }, -+ { 0x07, 0xbd, 0x95, 0x7c, 0xa5, 0xde, 0xc1, 0xc4, -+ 0xc4, 0xd8, 0xbb, 0x8d, 0x1f, 0x6c, 0xee, 0x55 } - }, -- { -- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -- "aaaaaaaaaaaaaaaaaaaa", -- 256, -- 0x9747b28c, -- { 0xd3f2b7bb, 0xf666c0cc, 0xd4a40060, 0x5ec8d32a } -- }, --#endif - }; - - test_murmurhash3_algorithm("murmurhash3_128", murmurhash3_128, diff --git a/dovecot.spec b/dovecot.spec index 1baec19..33a49af 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.1 +Version: 2.3.2 %global prever %{nil} -Release: 2%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.1 +%global pigeonholever 0.5.2 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -34,9 +34,6 @@ Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch -# from upstream, for dovecot < 2.3.2 -Patch11: dovecot-2.3.1-murmurfix.patch - Source15: prestartscript BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -138,7 +135,6 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem %patch10 -p1 -b .libxcrypt -%patch11 -p1 -b .murmurfix #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -501,6 +497,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jul 09 2018 Michal Hlavinka - 1:2.3.2-1 +- dovecot updated to 2.3.2, pigeonhole to 0.5.2 + * Wed Mar 28 2018 Michal Hlavinka - 1:2.3.1-2 - fix ftbfs - murmurhash3 check fail diff --git a/sources b/sources index 32f0896..140a873 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.1.tar.gz) = fe664ab771145f2390fef45839ff2756e36731c61e571dfa6975014f9cea43144e2aca0acf1a83b1dac55ad50042d0fa170b83570aa411228557861ada410b79 -SHA512 (dovecot-2.3-pigeonhole-0.5.1.tar.gz) = 5d65c3c9f3131c4e82287d054bd8b963d7c56c3e0677d7384881cf109ca82080d6222f672d8f973447d98be823a4df5bf43760d4ba87b76447d13abab30130c4 +SHA512 (dovecot-2.3.2.tar.gz) = e040a02226aadfe1a81b89225c11e08d0a1aa7ac51c309a95acbc13beb8c1df8a5c891709c7dde0dfb11af0c0bc8a82d27ffba1fb5d9166379241f945d1e8402 +SHA512 (dovecot-2.3-pigeonhole-0.5.2.tar.gz) = 6bc24d9241f94db795a012346d9bc94b5cc7d7ce0175c03213c2b5d179d80dec95e9bdbd50bed628c8f9f7c51639e692ba5e429212a3b4a654c1e4764ac4f11c From d8aa10f515eb3ff2741d2db646480862e8cb9dfa Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 9 Jul 2018 14:03:21 +0200 Subject: [PATCH 017/146] add compression test suite assert crash fix --- ...464385bbcd763f90abc5e212c569b9279ffa.patch | 41 +++++++++++++++++++ dovecot.spec | 4 ++ 2 files changed, 45 insertions(+) create mode 100644 64f4464385bbcd763f90abc5e212c569b9279ffa.patch diff --git a/64f4464385bbcd763f90abc5e212c569b9279ffa.patch b/64f4464385bbcd763f90abc5e212c569b9279ffa.patch new file mode 100644 index 0000000..e846809 --- /dev/null +++ b/64f4464385bbcd763f90abc5e212c569b9279ffa.patch @@ -0,0 +1,41 @@ +From 64f4464385bbcd763f90abc5e212c569b9279ffa Mon Sep 17 00:00:00 2001 +From: Paul Howarth +Date: Mon, 2 Jul 2018 11:52:14 +0100 +Subject: [PATCH] lib-compression: Fix assert-crash in test suite on 32bit + systems + +Fix compilation warnings in test-compression.c due to mismatches +between size_t and uoff_t, which then manifests in assert-crashes +running the test suite on 32bit systems. +--- + src/lib-compression/test-compression.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/lib-compression/test-compression.c b/src/lib-compression/test-compression.c +index 0f7df3d1fe..f62d7d6094 100644 +--- a/src/lib-compression/test-compression.c ++++ b/src/lib-compression/test-compression.c +@@ -20,6 +20,7 @@ static void test_compression_handler(const struct compression_handler *handler) + unsigned char buf[IO_BLOCK_SIZE]; + const unsigned char *data; + size_t size; ++ uoff_t stream_size; + struct sha1_ctxt sha1; + unsigned char output_sha1[SHA1_RESULTLEN], input_sha1[SHA1_RESULTLEN]; + unsigned int i; +@@ -73,11 +74,11 @@ static void test_compression_handler(const struct compression_handler *handler) + file_input = i_stream_create_fd(fd, IO_BLOCK_SIZE); + input = handler->create_istream(file_input, FALSE); + +- test_assert(i_stream_get_size(input, FALSE, &size) == 1); +- test_assert(size == compressed_size); ++ test_assert(i_stream_get_size(input, FALSE, &stream_size) == 1); ++ test_assert(stream_size == compressed_size); + +- test_assert(i_stream_get_size(input, TRUE, &size) == 1); +- test_assert(size == uncompressed_size); ++ test_assert(i_stream_get_size(input, TRUE, &stream_size) == 1); ++ test_assert(stream_size == uncompressed_size); + + sha1_init(&sha1); + for (bool seeked = FALSE;;) { diff --git a/dovecot.spec b/dovecot.spec index 33a49af..bdb377c 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -34,6 +34,9 @@ Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch +# for dovecot <= 2.3.2 +Patch11: 64f4464385bbcd763f90abc5e212c569b9279ffa.patch + Source15: prestartscript BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -135,6 +138,7 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem %patch10 -p1 -b .libxcrypt +%patch11 -p1 -b .64f4464385bbcd763f90abc5e212c569b9279ffa #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd From 5cdfe068e439d6d8c9c84cd8d41bf1f47e8d9259 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 10 Jul 2018 09:19:54 +0200 Subject: [PATCH 018/146] SSL/TLS servers may have crashed during client disconnection --- ...464385bbcd763f90abc5e212c569b9279ffa.patch | 41 ------------------- dovecot.spec | 9 ++-- sources | 2 +- 3 files changed, 5 insertions(+), 47 deletions(-) delete mode 100644 64f4464385bbcd763f90abc5e212c569b9279ffa.patch diff --git a/64f4464385bbcd763f90abc5e212c569b9279ffa.patch b/64f4464385bbcd763f90abc5e212c569b9279ffa.patch deleted file mode 100644 index e846809..0000000 --- a/64f4464385bbcd763f90abc5e212c569b9279ffa.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 64f4464385bbcd763f90abc5e212c569b9279ffa Mon Sep 17 00:00:00 2001 -From: Paul Howarth -Date: Mon, 2 Jul 2018 11:52:14 +0100 -Subject: [PATCH] lib-compression: Fix assert-crash in test suite on 32bit - systems - -Fix compilation warnings in test-compression.c due to mismatches -between size_t and uoff_t, which then manifests in assert-crashes -running the test suite on 32bit systems. ---- - src/lib-compression/test-compression.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/lib-compression/test-compression.c b/src/lib-compression/test-compression.c -index 0f7df3d1fe..f62d7d6094 100644 ---- a/src/lib-compression/test-compression.c -+++ b/src/lib-compression/test-compression.c -@@ -20,6 +20,7 @@ static void test_compression_handler(const struct compression_handler *handler) - unsigned char buf[IO_BLOCK_SIZE]; - const unsigned char *data; - size_t size; -+ uoff_t stream_size; - struct sha1_ctxt sha1; - unsigned char output_sha1[SHA1_RESULTLEN], input_sha1[SHA1_RESULTLEN]; - unsigned int i; -@@ -73,11 +74,11 @@ static void test_compression_handler(const struct compression_handler *handler) - file_input = i_stream_create_fd(fd, IO_BLOCK_SIZE); - input = handler->create_istream(file_input, FALSE); - -- test_assert(i_stream_get_size(input, FALSE, &size) == 1); -- test_assert(size == compressed_size); -+ test_assert(i_stream_get_size(input, FALSE, &stream_size) == 1); -+ test_assert(stream_size == compressed_size); - -- test_assert(i_stream_get_size(input, TRUE, &size) == 1); -- test_assert(size == uncompressed_size); -+ test_assert(i_stream_get_size(input, TRUE, &stream_size) == 1); -+ test_assert(stream_size == uncompressed_size); - - sha1_init(&sha1); - for (bool seeked = FALSE;;) { diff --git a/dovecot.spec b/dovecot.spec index bdb377c..0d5e2a4 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.2 +Version: 2.3.2.1 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -34,9 +34,6 @@ Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch -# for dovecot <= 2.3.2 -Patch11: 64f4464385bbcd763f90abc5e212c569b9279ffa.patch - Source15: prestartscript BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -138,7 +135,6 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem %patch10 -p1 -b .libxcrypt -%patch11 -p1 -b .64f4464385bbcd763f90abc5e212c569b9279ffa #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -501,6 +497,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jul 10 2018 Michal Hlavinka - 1:2.3.2.1-1 +- SSL/TLS servers may have crashed during client disconnection + * Mon Jul 09 2018 Michal Hlavinka - 1:2.3.2-1 - dovecot updated to 2.3.2, pigeonhole to 0.5.2 diff --git a/sources b/sources index 140a873..daab9d6 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.2.tar.gz) = e040a02226aadfe1a81b89225c11e08d0a1aa7ac51c309a95acbc13beb8c1df8a5c891709c7dde0dfb11af0c0bc8a82d27ffba1fb5d9166379241f945d1e8402 +SHA512 (dovecot-2.3.2.1.tar.gz) = c085a0d04925485423086736a3c7d919ad0ca9efeff005890382da5333edb68c7d23ccb89fbe2ac44f8f016fc993bf2c669e450794c3ab13463676cbb47c7bf7 SHA512 (dovecot-2.3-pigeonhole-0.5.2.tar.gz) = 6bc24d9241f94db795a012346d9bc94b5cc7d7ce0175c03213c2b5d179d80dec95e9bdbd50bed628c8f9f7c51639e692ba5e429212a3b4a654c1e4764ac4f11c From 97ed87d1518f002f221feb60d559653e1794912f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 12 Jul 2018 23:06:07 +0000 Subject: [PATCH 019/146] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 0d5e2a4..9d874c9 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.2.1 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -497,6 +497,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jul 12 2018 Fedora Release Engineering - 1:2.3.2.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Tue Jul 10 2018 Michal Hlavinka - 1:2.3.2.1-1 - SSL/TLS servers may have crashed during client disconnection From 08134424664464c56a4981d011c3a6f383d403c3 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 13 Aug 2018 17:51:07 +0200 Subject: [PATCH 020/146] do not try to generate ssl-params as its obsolete (#1614640) --- dovecot-2.2.20-initbysystemd.patch | 7 +------ dovecot.spec | 5 ++++- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/dovecot-2.2.20-initbysystemd.patch b/dovecot-2.2.20-initbysystemd.patch index 4acaaa6..01e8263 100644 --- a/dovecot-2.2.20-initbysystemd.patch +++ b/dovecot-2.2.20-initbysystemd.patch @@ -1,10 +1,9 @@ diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dovecot-init.service --- dovecot-2.3.0.1/dovecot-init.service.initbysystemd 2018-03-01 10:38:22.059716008 +0100 +++ dovecot-2.3.0.1/dovecot-init.service 2018-03-01 10:38:22.059716008 +0100 -@@ -0,0 +1,18 @@ +@@ -0,0 +1,13 @@ +[Unit] +Description=One-time Dovecot init service -+ConditionPathExists=|!/var/lib/dovecot/ssl-parameters.dat +ConditionPathExists=|!/etc/pki/dovecot/certs/dovecot.pem + +[Service] @@ -15,10 +14,6 @@ diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dove +then\ + SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\ +fi;\ -+if [ ! -f /var/lib/dovecot/ssl-parameters.dat ]; \ -+then\ -+ /usr/libexec/dovecot/ssl-params >/dev/null 2>&1; \ -+fi' + diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in --- dovecot-2.3.0.1/dovecot.service.in.initbysystemd 2018-03-01 10:38:22.060716016 +0100 diff --git a/dovecot.spec b/dovecot.spec index 9d874c9..df6d636 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.2.1 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -497,6 +497,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Aug 13 2018 Michal Hlavinka - 1:2.3.2.1-3 +- do not try to generate ssl-params as its obsolete (#1614640) + * Thu Jul 12 2018 Fedora Release Engineering - 1:2.3.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From 571d3e074e81aa08f8a37765bc56172d13d4a4a4 Mon Sep 17 00:00:00 2001 From: Pavel Raiskup Date: Wed, 5 Sep 2018 15:07:12 +0200 Subject: [PATCH 021/146] BuildRequires: s/postgresql-devel/libpq-devel/ That's because we moved libpq.so.5 into libpq package. Related: rhbz#1618698, rhbz#1623764 --- dovecot.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index df6d636..3bab8da 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -39,7 +39,7 @@ Source15: prestartscript BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel -BuildRequires: postgresql-devel +BuildRequires: libpq-devel %if %{?fedora}0 < 280 BuildRequires: mysql-devel BuildRequires: tcp_wrappers-devel From ac25631e9277f8623c5e866c987c68ebfaeb1ea5 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 2 Oct 2018 10:36:12 +0200 Subject: [PATCH 022/146] fix dovecot-init service syntax error (#1635017) --- dovecot-2.2.20-initbysystemd.patch | 2 +- dovecot.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/dovecot-2.2.20-initbysystemd.patch b/dovecot-2.2.20-initbysystemd.patch index 01e8263..7e3d94c 100644 --- a/dovecot-2.2.20-initbysystemd.patch +++ b/dovecot-2.2.20-initbysystemd.patch @@ -13,7 +13,7 @@ diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dove +if [ ! -f /etc/pki/dovecot/certs/dovecot.pem ]; \ +then\ + SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\ -+fi;\ ++fi' + diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in --- dovecot-2.3.0.1/dovecot.service.in.initbysystemd 2018-03-01 10:38:22.060716016 +0100 diff --git a/dovecot.spec b/dovecot.spec index 3bab8da..be1fe03 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.2.1 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -497,6 +497,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Oct 02 2018 Michal Hlavinka - 1:2.3.2.1-4 +- fix dovecot-init service syntax error (#1635017) + * Mon Aug 13 2018 Michal Hlavinka - 1:2.3.2.1-3 - do not try to generate ssl-params as its obsolete (#1614640) From 6d73939b5f803aeb6c04ef7186d68aee9219b064 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 2 Oct 2018 10:41:13 +0200 Subject: [PATCH 023/146] dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3 doveconf hides more secrets now in the default output NUL bytes in mail headers can cause truncated replies when fetched. virtual plugin: Some searches used 100% CPU for many seconds dsync assert-crashed with acl plugin in some situations. imapc: Fixed various assert-crashes when reconnecting to server. --- dovecot.spec | 15 ++++++++++++--- sources | 4 ++-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index be1fe03..1e5e846 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.2.1 +Version: 2.3.3 %global prever %{nil} -Release: 4%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.2 +%global pigeonholever 0.5.3 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -497,6 +497,15 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Oct 02 2018 Michal Hlavinka - 1:2.3.3-1 +- dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3 +- doveconf hides more secrets now in the default output +- NUL bytes in mail headers can cause truncated replies when fetched. +- virtual plugin: Some searches used 100% CPU for many seconds +- dsync assert-crashed with acl plugin in some situations. +- imapc: Fixed various assert-crashes when reconnecting to server. + + * Tue Oct 02 2018 Michal Hlavinka - 1:2.3.2.1-4 - fix dovecot-init service syntax error (#1635017) diff --git a/sources b/sources index daab9d6..99f9b1e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.2.1.tar.gz) = c085a0d04925485423086736a3c7d919ad0ca9efeff005890382da5333edb68c7d23ccb89fbe2ac44f8f016fc993bf2c669e450794c3ab13463676cbb47c7bf7 -SHA512 (dovecot-2.3-pigeonhole-0.5.2.tar.gz) = 6bc24d9241f94db795a012346d9bc94b5cc7d7ce0175c03213c2b5d179d80dec95e9bdbd50bed628c8f9f7c51639e692ba5e429212a3b4a654c1e4764ac4f11c +SHA512 (dovecot-2.3.3.tar.gz) = 8666c4f92f7df883067540f85be9d03dbe6815b58a7f5de55b4292e986e9a2a1ef52c7e0c72dde2bc781fe40d57488b78a99b6b813745b8e4683f1a2fdc1f2ff +SHA512 (dovecot-2.3-pigeonhole-0.5.3.tar.gz) = 8403b1976a915836ba875b96825446d46e0d8c7ff245ed1f2b014347fdc78a81f9ed6dbd05bd3b4f1f7072edc5e9a302201cdb375de44436adcbb83919f203f5 From aa4c0451e31c08e0ac20b8b5a13bf24c9a8746c6 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 9 Jan 2019 17:09:09 +0100 Subject: [PATCH 024/146] dovecot updated to 2.3.4, pigeonhole updated to 0.5.4 --- dovecot.spec | 10 +++++++--- sources | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 1e5e846..aa5de6b 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.3 +Version: 2.3.4 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.3 +%global pigeonholever 0.5.4 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -51,6 +51,7 @@ BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: quota-devel BuildRequires: xz-devel +BuildRequires: libsodium-devel # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -134,7 +135,7 @@ This package provides the development files for dovecot. %patch6 -p1 -b .waitonline %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem -%patch10 -p1 -b .libxcrypt +#%patch10 -p1 -b .libxcrypt #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -497,6 +498,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jan 09 2019 Michal Hlavinka - 1:2.3.4-1 +- dovecot updated to 2.3.4, pigeonhole updated to 0.5.4 + * Tue Oct 02 2018 Michal Hlavinka - 1:2.3.3-1 - dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3 - doveconf hides more secrets now in the default output diff --git a/sources b/sources index 99f9b1e..05b6440 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.3.tar.gz) = 8666c4f92f7df883067540f85be9d03dbe6815b58a7f5de55b4292e986e9a2a1ef52c7e0c72dde2bc781fe40d57488b78a99b6b813745b8e4683f1a2fdc1f2ff -SHA512 (dovecot-2.3-pigeonhole-0.5.3.tar.gz) = 8403b1976a915836ba875b96825446d46e0d8c7ff245ed1f2b014347fdc78a81f9ed6dbd05bd3b4f1f7072edc5e9a302201cdb375de44436adcbb83919f203f5 +SHA512 (dovecot-2.3.4.tar.gz) = 9e97eb08c319c417e8abcb430b3e6c87ed5aa820d6288656fdfd958ff34664f67202a66e4846763bfc85b309b116cea8012e49dab98b478c57974cc178a37a5a +SHA512 (dovecot-2.3-pigeonhole-0.5.4.tar.gz) = 9c82cce7540f8ab66e2e370e0220c99048d6ac53ed680cd763e0b03d0200e2451cee4303ef97b87a16e7248e1c73b92ba91b47a2a20c75cb2cd62695a28046f3 From d111f39fa0e74932996076e3c3e480c575b7bc4f Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 9 Jan 2019 17:46:45 +0100 Subject: [PATCH 025/146] fix tests --- dovecot-2.3.4-de42b54.patch | 69 +++++++++++++++++++++++++++++++++++++ dovecot.spec | 2 ++ 2 files changed, 71 insertions(+) create mode 100644 dovecot-2.3.4-de42b54.patch diff --git a/dovecot-2.3.4-de42b54.patch b/dovecot-2.3.4-de42b54.patch new file mode 100644 index 0000000..534ce98 --- /dev/null +++ b/dovecot-2.3.4-de42b54.patch @@ -0,0 +1,69 @@ +diff --git a/src/lib-master/test-event-stats.c b/src/lib-master/test-event-stats.c +index 8fcb3dd22d..2d8a13cd40 100644 +--- a/src/lib-master/test-event-stats.c ++++ b/src/lib-master/test-event-stats.c +@@ -344,7 +344,7 @@ static void test_no_merging2(void) + event_unref(&child_ev); + test_assert( + compare_test_stats_to( +- "EVENT %lu 1 0 0" ++ "EVENT %"PRIu64" 1 0 0" + " stest-event-stats.c %d" + " l0 0 ctest2\n", id, l)); + test_end(); +@@ -370,12 +370,12 @@ static void test_no_merging3(void) + event_unref(&child_ev); + test_assert( + compare_test_stats_to( +- "BEGIN %lu 0 1 0 0" ++ "BEGIN %"PRIu64" 0 1 0 0" + " stest-event-stats.c %d ctest1\n" +- "EVENT %lu 1 1 0" ++ "EVENT %"PRIu64" 1 1 0" + " stest-event-stats.c %d" + " l1 0 ctest2\n" +- "END\t%lu\n", idp, lp, idp, l, idp)); ++ "END\t%"PRIu64"\n", idp, lp, idp, l, idp)); + test_end(); + } + +@@ -435,7 +435,7 @@ static void test_merge_events2(void) + event_unref(&merge_ev2); + test_assert( + compare_test_stats_to( +- "EVENT %lu 1 0 0" ++ "EVENT %"PRIu64" 1 0 0" + " stest-event-stats.c %d l0 0" + " ctest3 ctest2 ctest1 Tkey3" + " 10 0 Ikey2 20" +@@ -467,11 +467,11 @@ static void test_skip_parents(void) + event_unref(&child_ev); + test_assert( + compare_test_stats_to( +- "BEGIN %lu 0 1 0 0" ++ "BEGIN %"PRIu64" 0 1 0 0" + " stest-event-stats.c %d ctest1\n" +- "EVENT %lu 1 3 0 " ++ "EVENT %"PRIu64" 1 3 0 " + "stest-event-stats.c %d l3 0" +- " ctest2\nEND\t%lu\n", id, lp, id, l, id)); ++ " ctest2\nEND\t%"PRIu64"\n", id, lp, id, l, id)); + test_end(); + } + +@@ -509,12 +509,12 @@ static void test_merge_events_skip_parents(void) + event_unref(&child2_ev); + test_assert( + compare_test_stats_to( +- "BEGIN %lu 0 1 0 0" ++ "BEGIN %"PRIu64" 0 1 0 0" + " stest-event-stats.c %d ctest1\n" +- "EVENT %lu 1 3 0 " ++ "EVENT %"PRIu64" 1 3 0 " + "stest-event-stats.c %d l3 0 " + "ctest4 ctest5 Tkey3 10 0 Skey4" +- " str4\nEND\t%lu\n", id, lp, id, l, id)); ++ " str4\nEND\t%"PRIu64"\n", id, lp, id, l, id)); + test_end(); + } + diff --git a/dovecot.spec b/dovecot.spec index aa5de6b..5f3eee4 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -33,6 +33,7 @@ Patch6: dovecot-2.1.10-waitonline.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch +Patch11: dovecot-2.3.4-de42b54.patch Source15: prestartscript @@ -136,6 +137,7 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem #%patch10 -p1 -b .libxcrypt +%patch11 -p1 -b .de42b54 #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd From 751cddedc287c2085850d2162ecacf0f205a188d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Mon, 14 Jan 2019 19:00:28 +0100 Subject: [PATCH 026/146] Rebuilt for libcrypt.so.2 (#1666033) --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 5f3eee4..038a130 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.4 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -500,6 +500,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jan 14 2019 Björn Esser - 1:2.3.4-2 +- Rebuilt for libcrypt.so.2 (#1666033) + * Wed Jan 09 2019 Michal Hlavinka - 1:2.3.4-1 - dovecot updated to 2.3.4, pigeonhole updated to 0.5.4 From b41067db5bd50cc991e647b4db55145cc92db49c Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:17:42 +0100 Subject: [PATCH 027/146] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- dovecot.spec | 5 ----- 1 file changed, 5 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 038a130..8d4f7d9 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -8,7 +8,6 @@ Version: 2.3.4 Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 -Group: System Environment/Daemons URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz @@ -101,7 +100,6 @@ The SQL drivers and authentication plug-ins are in their subpackages. %package pigeonhole Requires: %{name} = %{epoch}:%{version}-%{release} Summary: Sieve and managesieve plug-in for dovecot -Group: System Environment/Daemons License: MIT and LGPLv2 %description pigeonhole @@ -110,21 +108,18 @@ This package provides sieve and managesieve plug-in for dovecot LDA. %package pgsql Requires: %{name} = %{epoch}:%{version}-%{release} Summary: Postgres SQL back end for dovecot -Group: System Environment/Daemons %description pgsql This package provides the Postgres SQL back end for dovecot-auth etc. %package mysql Requires: %{name} = %{epoch}:%{version}-%{release} Summary: MySQL back end for dovecot -Group: System Environment/Daemons %description mysql This package provides the MySQL back end for dovecot-auth etc. %package devel Requires: %{name} = %{epoch}:%{version}-%{release} Summary: Development files for dovecot -Group: Development/Libraries %description devel This package provides the development files for dovecot. From 436dc795a1ca61c32bb83296538336af0088dedd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 31 Jan 2019 17:32:20 +0000 Subject: [PATCH 028/146] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 8d4f7d9..4193a1f 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.4 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -495,6 +495,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jan 31 2019 Fedora Release Engineering - 1:2.3.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Mon Jan 14 2019 Björn Esser - 1:2.3.4-2 - Rebuilt for libcrypt.so.2 (#1666033) From 04058156dc279e526dbae378281383cb1ca459ae Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 6 Mar 2019 15:41:52 +0100 Subject: [PATCH 029/146] dovecot updated to 2.3.5, pigeonhole updated to 0.5.5 --- dovecot-2.3.4-de42b54.patch | 69 ------------------------------------- dovecot.spec | 11 +++--- sources | 4 +-- 3 files changed, 8 insertions(+), 76 deletions(-) delete mode 100644 dovecot-2.3.4-de42b54.patch diff --git a/dovecot-2.3.4-de42b54.patch b/dovecot-2.3.4-de42b54.patch deleted file mode 100644 index 534ce98..0000000 --- a/dovecot-2.3.4-de42b54.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff --git a/src/lib-master/test-event-stats.c b/src/lib-master/test-event-stats.c -index 8fcb3dd22d..2d8a13cd40 100644 ---- a/src/lib-master/test-event-stats.c -+++ b/src/lib-master/test-event-stats.c -@@ -344,7 +344,7 @@ static void test_no_merging2(void) - event_unref(&child_ev); - test_assert( - compare_test_stats_to( -- "EVENT %lu 1 0 0" -+ "EVENT %"PRIu64" 1 0 0" - " stest-event-stats.c %d" - " l0 0 ctest2\n", id, l)); - test_end(); -@@ -370,12 +370,12 @@ static void test_no_merging3(void) - event_unref(&child_ev); - test_assert( - compare_test_stats_to( -- "BEGIN %lu 0 1 0 0" -+ "BEGIN %"PRIu64" 0 1 0 0" - " stest-event-stats.c %d ctest1\n" -- "EVENT %lu 1 1 0" -+ "EVENT %"PRIu64" 1 1 0" - " stest-event-stats.c %d" - " l1 0 ctest2\n" -- "END\t%lu\n", idp, lp, idp, l, idp)); -+ "END\t%"PRIu64"\n", idp, lp, idp, l, idp)); - test_end(); - } - -@@ -435,7 +435,7 @@ static void test_merge_events2(void) - event_unref(&merge_ev2); - test_assert( - compare_test_stats_to( -- "EVENT %lu 1 0 0" -+ "EVENT %"PRIu64" 1 0 0" - " stest-event-stats.c %d l0 0" - " ctest3 ctest2 ctest1 Tkey3" - " 10 0 Ikey2 20" -@@ -467,11 +467,11 @@ static void test_skip_parents(void) - event_unref(&child_ev); - test_assert( - compare_test_stats_to( -- "BEGIN %lu 0 1 0 0" -+ "BEGIN %"PRIu64" 0 1 0 0" - " stest-event-stats.c %d ctest1\n" -- "EVENT %lu 1 3 0 " -+ "EVENT %"PRIu64" 1 3 0 " - "stest-event-stats.c %d l3 0" -- " ctest2\nEND\t%lu\n", id, lp, id, l, id)); -+ " ctest2\nEND\t%"PRIu64"\n", id, lp, id, l, id)); - test_end(); - } - -@@ -509,12 +509,12 @@ static void test_merge_events_skip_parents(void) - event_unref(&child2_ev); - test_assert( - compare_test_stats_to( -- "BEGIN %lu 0 1 0 0" -+ "BEGIN %"PRIu64" 0 1 0 0" - " stest-event-stats.c %d ctest1\n" -- "EVENT %lu 1 3 0 " -+ "EVENT %"PRIu64" 1 3 0 " - "stest-event-stats.c %d l3 0 " - "ctest4 ctest5 Tkey3 10 0 Skey4" -- " str4\nEND\t%lu\n", id, lp, id, l, id)); -+ " str4\nEND\t%"PRIu64"\n", id, lp, id, l, id)); - test_end(); - } - diff --git a/dovecot.spec b/dovecot.spec index 4193a1f..4212779 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.4 +Version: 2.3.5 %global prever %{nil} -Release: 3%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.4 +%global pigeonholever 0.5.5 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -32,7 +32,6 @@ Patch6: dovecot-2.1.10-waitonline.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch -Patch11: dovecot-2.3.4-de42b54.patch Source15: prestartscript @@ -132,7 +131,6 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem #%patch10 -p1 -b .libxcrypt -%patch11 -p1 -b .de42b54 #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -495,6 +493,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Mar 06 2019 Michal Hlavinka - 1:2.3.5-1 +- dovecot updated to 2.3.5, pigeonhole updated to 0.5.5 + * Thu Jan 31 2019 Fedora Release Engineering - 1:2.3.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/sources b/sources index 05b6440..ea5c3e2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.4.tar.gz) = 9e97eb08c319c417e8abcb430b3e6c87ed5aa820d6288656fdfd958ff34664f67202a66e4846763bfc85b309b116cea8012e49dab98b478c57974cc178a37a5a -SHA512 (dovecot-2.3-pigeonhole-0.5.4.tar.gz) = 9c82cce7540f8ab66e2e370e0220c99048d6ac53ed680cd763e0b03d0200e2451cee4303ef97b87a16e7248e1c73b92ba91b47a2a20c75cb2cd62695a28046f3 +SHA512 (dovecot-2.3.5.tar.gz) = 10513c371aeadd52184daaf8dbb9a7559c6db55e34182bbb2c9539dae0897ddcc76f6fe2ce6a81c7ce0cb94c7f79438ae3bb0e7db8ed46615feb337b4078ecc6 +SHA512 (dovecot-2.3-pigeonhole-0.5.5.tar.gz) = 21519fc9b1152a947b64ce4251e1a4bdbe003b48233b1856a32696f9c1e29f730268c56eb38f9431bbfac345e6cd42e8c78c87d0702f39ebf20c6d326dcdbb94 From b9ba0bbcd9e43649fcf2d0903072d1cbf8f743b7 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 28 Mar 2019 14:56:50 +0100 Subject: [PATCH 030/146] dovecot updated to 2.3.5.1 CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. --- dovecot.spec | 8 +++++++- sources | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 4212779..4f642b7 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.5 +Version: 2.3.5.1 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -493,6 +493,12 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Mar 28 2019 Michal Hlavinka - 1:2.3.5.1-1 +- dovecot updated to 2.3.5.1 +- CVE-2019-7524: Missing input buffer size validation leads into + arbitrary buffer overflow when reading fts or pop3 uidl header + from Dovecot index. + * Wed Mar 06 2019 Michal Hlavinka - 1:2.3.5-1 - dovecot updated to 2.3.5, pigeonhole updated to 0.5.5 diff --git a/sources b/sources index ea5c3e2..1a5e4f7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.5.tar.gz) = 10513c371aeadd52184daaf8dbb9a7559c6db55e34182bbb2c9539dae0897ddcc76f6fe2ce6a81c7ce0cb94c7f79438ae3bb0e7db8ed46615feb337b4078ecc6 +SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a SHA512 (dovecot-2.3-pigeonhole-0.5.5.tar.gz) = 21519fc9b1152a947b64ce4251e1a4bdbe003b48233b1856a32696f9c1e29f730268c56eb38f9431bbfac345e6cd42e8c78c87d0702f39ebf20c6d326dcdbb94 From e9463061ff9bb04ba5cdc039c1ac537d2b54b60e Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 18 Apr 2019 14:45:08 +0200 Subject: [PATCH 031/146] dovecot updated to 2.3.5.2 fixes CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. --- dovecot.spec | 7 ++++++- sources | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 4f642b7..05c6aa2 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.5.1 +Version: 2.3.5.2 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -493,6 +493,11 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Apr 18 2019 Michal Hlavinka - 1:2.3.5.2-1 +- dovecot updated to 2.3.5.2 +- fixes CVE-2019-10691: Trying to login with 8bit username containing + invalid UTF8 input causes auth process to crash if auth policy is enabled. + * Thu Mar 28 2019 Michal Hlavinka - 1:2.3.5.1-1 - dovecot updated to 2.3.5.1 - CVE-2019-7524: Missing input buffer size validation leads into diff --git a/sources b/sources index 1a5e4f7..2af39ad 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a +SHA512 (dovecot-2.3.5.2.tar.gz) = 041ec1c33c6accb5c89d96d7ab2f7dd59795f496c17faea1906e7977983e4a387aa855a238376515c09532731634d9d42e6d6be22659062855241847ea0213d5 SHA512 (dovecot-2.3-pigeonhole-0.5.5.tar.gz) = 21519fc9b1152a947b64ce4251e1a4bdbe003b48233b1856a32696f9c1e29f730268c56eb38f9431bbfac345e6cd42e8c78c87d0702f39ebf20c6d326dcdbb94 From 82caf4b446b3efb43033b2d8bf4fbf8d79ad8c01 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 2 May 2019 13:49:42 +0200 Subject: [PATCH 032/146] dovecot updated to 2.3.6, pigeonhole updated to 0.5.6 --- dovecot.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 05c6aa2..48998ae 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.5.2 +Version: 2.3.6 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.5 +%global pigeonholever 0.5.6 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -493,6 +493,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu May 02 2019 Michal Hlavinka - 1:2.3.6-1 +- dovecot updated to 2.3.6, pigeonhole updated to 0.5.6 + * Thu Apr 18 2019 Michal Hlavinka - 1:2.3.5.2-1 - dovecot updated to 2.3.5.2 - fixes CVE-2019-10691: Trying to login with 8bit username containing diff --git a/sources b/sources index 2af39ad..f5c7b43 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.5.2.tar.gz) = 041ec1c33c6accb5c89d96d7ab2f7dd59795f496c17faea1906e7977983e4a387aa855a238376515c09532731634d9d42e6d6be22659062855241847ea0213d5 -SHA512 (dovecot-2.3-pigeonhole-0.5.5.tar.gz) = 21519fc9b1152a947b64ce4251e1a4bdbe003b48233b1856a32696f9c1e29f730268c56eb38f9431bbfac345e6cd42e8c78c87d0702f39ebf20c6d326dcdbb94 +SHA512 (dovecot-2.3.6.tar.gz) = ec28af2efcbd4ab534298c3342709251074dcdb0f0f4bcad0d24b996b273387e2ce557d7ab54abafb69be3ed7dd61f25c82b9710d78156932e2eff7f941c9eb2 +SHA512 (dovecot-2.3-pigeonhole-0.5.6.tar.gz) = 998a046d2eb5ff7bba615fd1a3efdfb1e7e1dabf191257f7fa2882074acc1735a0a4c11c5f31bab1e964b0118f1a8e9e51b3d5529b8fff6d1312c9a8257d9c20 From b242522b1ee00bfbde7f78518b73d473f778c419 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 13 May 2019 16:15:48 +0200 Subject: [PATCH 033/146] use /run instead of /var/run (#1706372) --- dovecot.spec | 23 +++++++++++++---------- dovecot.tmpfilesd | 2 +- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 48998ae..287dcf3 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.6 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -87,7 +87,7 @@ BuildRequires: curl-devel expat-devel BuildRequires: libcurl-devel expat-devel %endif -%global restart_flag /var/run/%{name}/%{name}-restart-after-rpm-install +%global restart_flag /run/%{name}/%{name}-restart-after-rpm-install %description Dovecot is an IMAP server for Linux/UNIX-like systems, written with security @@ -241,7 +241,7 @@ install -p -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initddir}/dovecot install -p -D -m 600 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/dovecot %endif -mkdir -p $RPM_BUILD_ROOT/var/run/dovecot/{login,empty,token-login} +mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login} # Install dovecot configuration and dovecot-openssl.cnf mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d @@ -298,11 +298,11 @@ then %endif fi -install -d -m 0755 -g dovecot -d /var/run/dovecot -install -d -m 0755 -d /var/run/dovecot/empty -install -d -m 0750 -g dovenull -d /var/run/dovecot/login -install -d -m 0755 -g dovenull -d /var/run/dovecot/token-login -[ -x /sbin/restorecon ] && /sbin/restorecon -R /var/run/dovecot +install -d -m 0755 -g dovecot -d /run/dovecot +install -d -m 0755 -d /run/dovecot/empty +install -d -m 0750 -g dovenull -d /run/dovecot/login +install -d -m 0755 -g dovenull -d /run/dovecot/token-login +[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot %preun if [ $1 = 0 ]; then @@ -313,7 +313,7 @@ if [ $1 = 0 ]; then /sbin/service %{name} stop > /dev/null 2>&1 /sbin/chkconfig --del %{name} %endif - rm -rf /var/run/dovecot + rm -rf /run/dovecot fi %postun @@ -436,7 +436,7 @@ make check %{_libexecdir}/%{name} %exclude %{_libexecdir}/%{name}/managesieve* -%ghost /var/run/dovecot +%ghost /run/dovecot %attr(0750,dovecot,dovecot) /var/lib/dovecot %{_datadir}/%{name} @@ -493,6 +493,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon May 13 2019 Michal Hlavinka - 1:2.3.6-2 +- use /run instead of /var/run (#1706372) + * Thu May 02 2019 Michal Hlavinka - 1:2.3.6-1 - dovecot updated to 2.3.6, pigeonhole updated to 0.5.6 diff --git a/dovecot.tmpfilesd b/dovecot.tmpfilesd index 7178498..d96639a 100644 --- a/dovecot.tmpfilesd +++ b/dovecot.tmpfilesd @@ -1,2 +1,2 @@ -d /var/run/dovecot 0755 root dovecot - +d /run/dovecot 0755 root dovecot - From 4f0fa7c121956e8543bc5ea5a1ad41074e9b7cab Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 31 May 2019 12:42:18 +0200 Subject: [PATCH 034/146] disable gcc 9 stack reuse temporarily --- dovecot.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 287dcf3..c05ed8f 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.6 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -139,7 +139,7 @@ sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src %build #required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules %global _hardened_build 1 -export CFLAGS="%{__global_cflags} -fno-strict-aliasing" +export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}" # el6 autoconf too old to regen; use packaged files (#1082384) %if %{?fedora}00%{?rhel} > 6 @@ -493,6 +493,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Fri May 31 2019 Michal Hlavinka - 1:2.3.6-3 +- disable gcc 9 stack reuse temporarily + * Mon May 13 2019 Michal Hlavinka - 1:2.3.6-2 - use /run instead of /var/run (#1706372) From 3797f0a3522f84e6d4df28971720713ac6a7374f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jul 2019 22:19:32 +0000 Subject: [PATCH 035/146] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index c05ed8f..f32232d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.6 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -493,6 +493,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jul 24 2019 Fedora Release Engineering - 1:2.3.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Fri May 31 2019 Michal Hlavinka - 1:2.3.6-3 - disable gcc 9 stack reuse temporarily From 581436bcf316629f248501934e5c1c711aaadf38 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 19 Aug 2019 15:25:24 +0200 Subject: [PATCH 036/146] dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1 --- dovecot.spec | 9 ++++++--- sources | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index f32232d..7ee0d5e 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.6 +Version: 2.3.7.1 %global prever %{nil} -Release: 4%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.6 +%global pigeonholever 0.5.7.1 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -493,6 +493,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Aug 19 2019 Michal Hlavinka - 1:1-2.3.7.1 +- dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1 + * Wed Jul 24 2019 Fedora Release Engineering - 1:2.3.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/sources b/sources index f5c7b43..8b8981e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.6.tar.gz) = ec28af2efcbd4ab534298c3342709251074dcdb0f0f4bcad0d24b996b273387e2ce557d7ab54abafb69be3ed7dd61f25c82b9710d78156932e2eff7f941c9eb2 -SHA512 (dovecot-2.3-pigeonhole-0.5.6.tar.gz) = 998a046d2eb5ff7bba615fd1a3efdfb1e7e1dabf191257f7fa2882074acc1735a0a4c11c5f31bab1e964b0118f1a8e9e51b3d5529b8fff6d1312c9a8257d9c20 +SHA512 (dovecot-2.3.7.1.tar.gz) = 9addfe2be9ae745ac9164e1658e6638df96bd611d45f172e2cd1cb2c6596e4ce534674e9eea3c1d17f497555061031916e0fb9a9fbc6de0eb6034e2fd0bed3b9 +SHA512 (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 121eac4ad8bc1ddc55c554d00338bb553590b6aedffcb11e34f6cba102d59bd34580cb7218bd5fe820038c004d12db73f7a27ca135c3d4a12c4449bae3216355 From c4e66bf29778aa908204979c13f6e64005b246f0 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 29 Aug 2019 09:44:35 +0200 Subject: [PATCH 037/146] dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2 fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes --- dovecot.spec | 10 ++++++++-- sources | 4 ++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 7ee0d5e..eba9723 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.7.1 +Version: 2.3.7.2 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.7.1 +%global pigeonholever 0.5.7.2 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -493,6 +493,12 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Aug 29 2019 Michal Hlavinka - 1:2.3.7.2-1 +- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2 +- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte + when scanning data in quoted strings, leading to out of bounds heap + memory writes + * Mon Aug 19 2019 Michal Hlavinka - 1:1-2.3.7.1 - dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1 diff --git a/sources b/sources index 8b8981e..9a8ce1a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.7.1.tar.gz) = 9addfe2be9ae745ac9164e1658e6638df96bd611d45f172e2cd1cb2c6596e4ce534674e9eea3c1d17f497555061031916e0fb9a9fbc6de0eb6034e2fd0bed3b9 -SHA512 (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 121eac4ad8bc1ddc55c554d00338bb553590b6aedffcb11e34f6cba102d59bd34580cb7218bd5fe820038c004d12db73f7a27ca135c3d4a12c4449bae3216355 +SHA512 (dovecot-2.3.7.2.tar.gz) = 172f7f0edb884259e4c050607510aee67a35c3a20b7dd147e7c8a25a04921c18f7d6b5c85af2c69ae8c4d53791550970e471b033dbfae94253e331053b6a317d +SHA512 (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = 7fc8d89ee31c8e8c16a9aeaeffb591f4188de36fc80e3a30a9ae10bc5acd7ea5d5d91e077fda566e61d588d9221ec53044ce17a9cc0c9c219dbe6824558a1d60 From 2a068bb47996168ac0ae01ffb509d19ab72d6a77 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 10 Oct 2019 13:04:27 +0200 Subject: [PATCH 038/146] add more buildrequires --- dovecot.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dovecot.spec b/dovecot.spec index eba9723..a1c3dee 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -50,7 +50,10 @@ BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: quota-devel BuildRequires: xz-devel +BuildRequires: lz4-devel BuildRequires: libsodium-devel +BuildRequires: libexttextcat-devel +BuildRequires: libstemmer-devel # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV From 71a430ba9d4a2446f467de61e737079a53138613 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 10 Oct 2019 13:59:30 +0200 Subject: [PATCH 039/146] dovecot updated to 2.3.8, pigeonhole 0.5.8 --- dovecot.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index a1c3dee..bb7322b 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.7.2 +Version: 2.3.8 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.7.2 +%global pigeonholever 0.5.8 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -496,6 +496,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Oct 10 2019 Michal Hlavinka - 1:2.3.8-1 +- dovecot updated to 2.3.8, pigeonhole 0.5.8 + * Thu Aug 29 2019 Michal Hlavinka - 1:2.3.7.2-1 - dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2 - fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte diff --git a/sources b/sources index 9a8ce1a..05fd840 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.7.2.tar.gz) = 172f7f0edb884259e4c050607510aee67a35c3a20b7dd147e7c8a25a04921c18f7d6b5c85af2c69ae8c4d53791550970e471b033dbfae94253e331053b6a317d -SHA512 (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = 7fc8d89ee31c8e8c16a9aeaeffb591f4188de36fc80e3a30a9ae10bc5acd7ea5d5d91e077fda566e61d588d9221ec53044ce17a9cc0c9c219dbe6824558a1d60 +SHA512 (dovecot-2.3.8.tar.gz) = f62439e2ea77ffb544a7752c07085582c5653c64671cb42dd7a7e5aa69eb87059c677aa1fa071efa1ddd2287ab621e9a264ec115be2aeb2f43ab4c685411eae3 +SHA512 (dovecot-2.3-pigeonhole-0.5.8.tar.gz) = ddf009c755cc87c362ddf1c17ac1403b0f6a504b039efef3244f2d5bd4d3963fb25baaaa4d98c089b3e8bddd4675d131765fee5499d9aaf01015e44f7d631d2d From 29bbb4096a3df7dcd05169acedec2012482aa52b Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 5 Dec 2019 18:10:32 +0100 Subject: [PATCH 040/146] dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 --- dovecot.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index bb7322b..2bae171 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.8 +Version: 2.3.9 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.8 +%global pigeonholever 0.5.9 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -496,6 +496,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Dec 04 2019 Michal Hlavinka - 1:2.3.9-1 +- dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 + * Thu Oct 10 2019 Michal Hlavinka - 1:2.3.8-1 - dovecot updated to 2.3.8, pigeonhole 0.5.8 diff --git a/sources b/sources index 05fd840..42fbb78 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.8.tar.gz) = f62439e2ea77ffb544a7752c07085582c5653c64671cb42dd7a7e5aa69eb87059c677aa1fa071efa1ddd2287ab621e9a264ec115be2aeb2f43ab4c685411eae3 -SHA512 (dovecot-2.3-pigeonhole-0.5.8.tar.gz) = ddf009c755cc87c362ddf1c17ac1403b0f6a504b039efef3244f2d5bd4d3963fb25baaaa4d98c089b3e8bddd4675d131765fee5499d9aaf01015e44f7d631d2d +SHA512 (dovecot-2.3.9.tar.gz) = 6f7cfebb0d89709d971a6cd623375805dc018c6d8c4cdaa5f274a5a5b0830c2b135c9cf6c90d0983c70ca76e3def855c501ea32aeb7a67b104cb6676bb9d37db +SHA512 (dovecot-2.3-pigeonhole-0.5.9.tar.gz) = 1b8d2ac8d3985dde035fc45df519788a924ba971f3e39717f5196ea56a982d4156226586d0a964473525d086967883ea52f2e624e81f7035cb0952b76f2414d8 From deb9d38bed7e6cc459e2e9cc365e16dd3802780b Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 19 Dec 2019 15:17:08 +0100 Subject: [PATCH 041/146] CVE-2019-19722: Mails with group addresses in From or To fields caused crash in push notification drivers. --- dovecot.spec | 6 +++++- sources | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 2bae171..5d6c3c3 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.9 +Version: 2.3.9.2 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -496,6 +496,10 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Dec 19 2019 Michal Hlavinka - 1:2.3.9.2-1 +- CVE-2019-19722: Mails with group addresses in From or To fields + caused crash in push notification drivers. + * Wed Dec 04 2019 Michal Hlavinka - 1:2.3.9-1 - dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 diff --git a/sources b/sources index 42fbb78..c3d0413 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.9.tar.gz) = 6f7cfebb0d89709d971a6cd623375805dc018c6d8c4cdaa5f274a5a5b0830c2b135c9cf6c90d0983c70ca76e3def855c501ea32aeb7a67b104cb6676bb9d37db +SHA512 (dovecot-2.3.9.2.tar.gz) = 36e8270bfa33e2bd6aa89017e65c7d1650c494c79ff297759a4b01c026aebcfdf5b1b542d4357e1f9dc2bb8169ef67064f0699b17ca36d658deb70b4c800b253 SHA512 (dovecot-2.3-pigeonhole-0.5.9.tar.gz) = 1b8d2ac8d3985dde035fc45df519788a924ba971f3e39717f5196ea56a982d4156226586d0a964473525d086967883ea52f2e624e81f7035cb0952b76f2414d8 From fc993dbf7d4ca60afaf889d2401118d1fbf095ce Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 9 Jan 2020 15:31:55 +0100 Subject: [PATCH 042/146] fix permissions of ghost files --- dovecot.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 5d6c3c3..8af015d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -304,7 +304,7 @@ fi install -d -m 0755 -g dovecot -d /run/dovecot install -d -m 0755 -d /run/dovecot/empty install -d -m 0750 -g dovenull -d /run/dovecot/login -install -d -m 0755 -g dovenull -d /run/dovecot/token-login +install -d -m 0750 -g dovenull -d /run/dovecot/token-login [ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot %preun @@ -439,7 +439,11 @@ make check %{_libexecdir}/%{name} %exclude %{_libexecdir}/%{name}/managesieve* -%ghost /run/dovecot +%attr(0755,root,dovecot) %ghost /run/dovecot +%attr(0750,root,dovenull) %ghost /run/dovecot/login +%attr(0750,root,dovenull) %ghost /run/dovecot/token-login +%attr(0755,root,root) %ghost /run/dovecot/empty + %attr(0750,dovecot,dovecot) /var/lib/dovecot %{_datadir}/%{name} From adf9e045a905c45b380dceef6d6cd69ba0b20baf Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jan 2020 16:12:26 +0000 Subject: [PATCH 043/146] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 8af015d..4fdfb59 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.9.2 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -500,6 +500,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jan 28 2020 Fedora Release Engineering - 1:2.3.9.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Thu Dec 19 2019 Michal Hlavinka - 1:2.3.9.2-1 - CVE-2019-19722: Mails with group addresses in From or To fields caused crash in push notification drivers. From 1040ee253b23348a61671b2d13c86f063804db9c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 12 Feb 2020 15:16:26 +0100 Subject: [PATCH 044/146] dovecot updated to 2.3.9.3 fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. fixes CVE-2020-7957: Specially crafted mail can crash snippet generation. --- dovecot.spec | 11 +++++++++-- sources | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 4fdfb59..b85d60f 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.9.2 +Version: 2.3.9.3 %global prever %{nil} -Release: 2%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -500,6 +500,13 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Feb 12 2020 Michal Hlavinka - 1:2.3.9.3-1 +- dovecot updated to 2.3.9.3 +- fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS + submission-login and lmtp processes. +- fixes CVE-2020-7957: Specially crafted mail can crash snippet generation. + + * Tue Jan 28 2020 Fedora Release Engineering - 1:2.3.9.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index c3d0413..27cc3f5 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.9.2.tar.gz) = 36e8270bfa33e2bd6aa89017e65c7d1650c494c79ff297759a4b01c026aebcfdf5b1b542d4357e1f9dc2bb8169ef67064f0699b17ca36d658deb70b4c800b253 +SHA512 (dovecot-2.3.9.3.tar.gz) = e39dc825a03f009928b67d01747bb70487fbec155e6be5109037db67b78301aa761db432f7355e96d927abf30c68f0116a5f2cf518b9eebf7f5c7806ac00ae41 SHA512 (dovecot-2.3-pigeonhole-0.5.9.tar.gz) = 1b8d2ac8d3985dde035fc45df519788a924ba971f3e39717f5196ea56a982d4156226586d0a964473525d086967883ea52f2e624e81f7035cb0952b76f2414d8 From 64b3f1c790592c5e5600e0c72da8708125873e17 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 21 Apr 2020 19:12:22 +0200 Subject: [PATCH 045/146] dovecot updated to 2.3.10, pigeonhole updated to 0.5.10 --- dovecot.spec | 10 +++++++--- sources | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index b85d60f..b91f5f8 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.9.3 +Version: 2.3.10 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.9 +%global pigeonholever 0.5.10 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -357,6 +357,7 @@ make check %{_bindir}/doveadm %{_bindir}/doveconf %{_bindir}/dsync +%{_bindir}/dovecot-sysreport %if %{?fedora}0 > 140 || %{?rhel}0 > 60 @@ -439,7 +440,7 @@ make check %{_libexecdir}/%{name} %exclude %{_libexecdir}/%{name}/managesieve* -%attr(0755,root,dovecot) %ghost /run/dovecot +%dir %attr(0755,root,dovecot) %ghost /run/dovecot %attr(0750,root,dovenull) %ghost /run/dovecot/login %attr(0750,root,dovenull) %ghost /run/dovecot/token-login %attr(0755,root,root) %ghost /run/dovecot/empty @@ -500,6 +501,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Apr 21 2020 Michal Hlavinka - 1:2.3.10-1 +- dovecot updated to 2.3.10, pigeonhole updated to 0.5.10 + * Wed Feb 12 2020 Michal Hlavinka - 1:2.3.9.3-1 - dovecot updated to 2.3.9.3 - fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS diff --git a/sources b/sources index 27cc3f5..29b0faa 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.9.3.tar.gz) = e39dc825a03f009928b67d01747bb70487fbec155e6be5109037db67b78301aa761db432f7355e96d927abf30c68f0116a5f2cf518b9eebf7f5c7806ac00ae41 -SHA512 (dovecot-2.3-pigeonhole-0.5.9.tar.gz) = 1b8d2ac8d3985dde035fc45df519788a924ba971f3e39717f5196ea56a982d4156226586d0a964473525d086967883ea52f2e624e81f7035cb0952b76f2414d8 +SHA512 (dovecot-2.3.10.tar.gz) = 73e10d7d1e616d6599eb53f2d2d1ac0f0f2e6e84019faac5cd525e833da44839a7e483635b61d432e3254a9e5f6f90915bec8940c584210341085241949dffa2 +SHA512 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b From 4e11662dbe4cc1f6eaea784e71a958ab8f488626 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 18 May 2020 18:12:36 +0200 Subject: [PATCH 046/146] dovecot updated to 2.3.10.1 fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957 --- dovecot.spec | 6 +++++- sources | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index b91f5f8..d32cc87 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.10 +Version: 2.3.10.1 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -501,6 +501,10 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon May 18 2020 Michal Hlavinka - 1:2.3.10.1-1 +- dovecot updated to 2.3.10.1 +- fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957 + * Tue Apr 21 2020 Michal Hlavinka - 1:2.3.10-1 - dovecot updated to 2.3.10, pigeonhole updated to 0.5.10 diff --git a/sources b/sources index 29b0faa..649f5e0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.10.tar.gz) = 73e10d7d1e616d6599eb53f2d2d1ac0f0f2e6e84019faac5cd525e833da44839a7e483635b61d432e3254a9e5f6f90915bec8940c584210341085241949dffa2 +SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06 SHA512 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b From 9aea43c6d864883d53e5082656cd8bdb40049a7f Mon Sep 17 00:00:00 2001 From: Troy Dawson Date: Thu, 16 Jul 2020 06:53:01 -0700 Subject: [PATCH 047/146] spec file cleanup --- dovecot.spec | 69 ---------------------------------------------------- 1 file changed, 69 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index d32cc87..db69282 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -39,13 +39,8 @@ BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel BuildRequires: libpq-devel -%if %{?fedora}0 < 280 -BuildRequires: mysql-devel -BuildRequires: tcp_wrappers-devel -%else BuildRequires: mariadb-connector-c-devel BuildRequires: libxcrypt-devel -%endif BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: quota-devel @@ -64,31 +59,16 @@ Requires: openssl >= 0.9.7f-4 # Package includes an initscript service file, needs to require initscripts package Requires(pre): shadow-utils -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 Requires: systemd Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -%else -Requires: initscripts -Requires(post): chkconfig -Requires(preun): chkconfig initscripts -Requires(postun): initscripts -%endif -%if %{?fedora}0 > 150 || %{?rhel}0 >60 -#clucene in fedora <=15 and rhel<=6 is too old BuildRequires: clucene-core-devel -%endif %global ssldir %{_sysconfdir}/pki/%{name} -%if %{?fedora}00%{?rhel} < 6 -%global _initddir %{_initrddir} -BuildRequires: curl-devel expat-devel -%else BuildRequires: libcurl-devel expat-devel -%endif %global restart_flag /run/%{name}/%{name}-restart-after-rpm-install @@ -144,11 +124,8 @@ sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src %global _hardened_build 1 export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}" -# el6 autoconf too old to regen; use packaged files (#1082384) -%if %{?fedora}00%{?rhel} > 6 mkdir -p m4 autoreconf -I . -fiv #required for aarch64 support -%endif %configure \ INSTALL_DATA="install -c -p -m644" \ --docdir=%{_docdir}/%{name} \ @@ -165,18 +142,11 @@ autoreconf -I . -fiv #required for aarch64 support --with-sqlite \ --with-zlib \ --with-libcap \ -%if %{?fedora}0 < 280 - --with-libwrap \ -%endif -%if %{?fedora}0 > 150 || %{?rhel}0 >60 --with-lucene \ -%endif --with-ssl=openssl \ --with-ssldir=%{ssldir} \ --with-solr \ -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 --with-systemdsystemunitdir=%{_unitdir} \ -%endif --with-docs sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf @@ -216,11 +186,6 @@ mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonh install -m 644 AUTHORS ChangeLog COPYING COPYING.LGPL INSTALL NEWS README $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole popd - -%if %{?fedora}00%{?rhel} < 6 -sed -i 's|password-auth|system-auth|' %{SOURCE2} -%endif - install -p -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot #install man pages @@ -237,12 +202,7 @@ chmod 600 $RPM_BUILD_ROOT%{ssldir}/certs/dovecot.pem touch $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem chmod 600 $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 install -p -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_tmpfilesdir}/dovecot.conf -%else -install -p -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initddir}/dovecot -install -p -D -m 600 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/dovecot -%endif mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login} @@ -282,23 +242,14 @@ useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's un # do not let dovecot run during upgrade rhbz#134325 if [ "$1" = "2" ]; then rm -f %restart_flag -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 /bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||: /bin/systemctl stop %{name}.service >/dev/null 2>&1 -%else - /sbin/service %{name} status >/dev/null 2>&1 && touch %restart_flag ||: - /sbin/service %{name} stop >/dev/null 2>&1 -%endif fi %post if [ $1 -eq 1 ] then -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 %systemd_post dovecot.service -%else - /sbin/chkconfig --add %{name} -%endif fi install -d -m 0755 -g dovecot -d /run/dovecot @@ -309,27 +260,16 @@ install -d -m 0750 -g dovenull -d /run/dovecot/token-login %preun if [ $1 = 0 ]; then -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 /bin/systemctl disable dovecot.service dovecot.socket >/dev/null 2>&1 || : /bin/systemctl stop dovecot.service dovecot.socket >/dev/null 2>&1 || : -%else - /sbin/service %{name} stop > /dev/null 2>&1 - /sbin/chkconfig --del %{name} -%endif rm -rf /run/dovecot fi %postun -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 /bin/systemctl daemon-reload >/dev/null 2>&1 || : -%endif if [ "$1" -ge "1" -a -e %restart_flag ]; then -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 /bin/systemctl start dovecot.service >/dev/null 2>&1 || : -%else - /sbin/service %{name} start >/dev/null 2>&1 || : -%endif rm -f %restart_flag fi @@ -337,11 +277,7 @@ fi # dovecot should be started again in %%postun, but it's not executed on reinstall # if it was already started, restart_flag won't be here, so it's ok to test it again if [ -e %restart_flag ]; then -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 /bin/systemctl start dovecot.service >/dev/null 2>&1 || : -%else - /sbin/service %{name} start >/dev/null 2>&1 || : -%endif rm -f %restart_flag fi @@ -360,15 +296,10 @@ make check %{_bindir}/dovecot-sysreport -%if %{?fedora}0 > 140 || %{?rhel}0 > 60 %_tmpfilesdir/dovecot.conf %{_unitdir}/dovecot.service %{_unitdir}/dovecot-init.service %{_unitdir}/dovecot.socket -%else -%{_initddir}/dovecot -%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot -%endif %dir %{_sysconfdir}/dovecot %dir %{_sysconfdir}/dovecot/conf.d From 1d11ef9e9434baf5fd17ee6e0d04e6c7bf48be22 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 27 Jul 2020 15:41:53 +0000 Subject: [PATCH 048/146] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index db69282..5754ef4 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.10.1 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -432,6 +432,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jul 27 2020 Fedora Release Engineering - 1:2.3.10.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Mon May 18 2020 Michal Hlavinka - 1:2.3.10.1-1 - dovecot updated to 2.3.10.1 - fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957 From b5c6b67b96c8aec4084b26c8a90739d63daf34de Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 1 Aug 2020 00:40:29 +0000 Subject: [PATCH 049/146] - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 5754ef4..2094a00 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.10.1 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -432,6 +432,10 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Sat Aug 01 2020 Fedora Release Engineering - 1:2.3.10.1-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Mon Jul 27 2020 Fedora Release Engineering - 1:2.3.10.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 8f461376e77d79e11f0b5ef1eda3ed59ce72b508 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Sat, 15 Aug 2020 18:22:04 +0200 Subject: [PATCH 050/146] CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. --- dovecot.spec | 19 ++++++++++++++++--- sources | 4 ++-- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 2094a00..1f50dc1 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.10.1 +Version: 2.3.11.3 %global prever %{nil} -Release: 3%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.10 +%global pigeonholever 0.5.11 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -432,6 +432,19 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Sat Aug 15 2020 Michal Hlavinka - 1:2.3.11.3-1 +- CVE-2020-12100: Parsing mails with a large number of MIME parts could + have resulted in excessive CPU usage or a crash due to running out of + stack memory. +- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check + message buffer size, which leads to reading past allocation which can + lead to crash. +- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an + address that has the empty quoted string as local-part causes the lmtp + service to crash. +- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts + zero-length message, which leads to assert-crash later on. + * Sat Aug 01 2020 Fedora Release Engineering - 1:2.3.10.1-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/sources b/sources index 649f5e0..a256f67 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06 -SHA512 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b +SHA512 (dovecot-2.3.11.3.tar.gz) = d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb +SHA512 (dovecot-2.3-pigeonhole-0.5.11.tar.gz) = 793d93edc50192c52654e2f7244d3e01aaa4e69f786e3ecfcd658a4ab26a5099cc5319cb93221150db4ce94bc4515ffb38115b1d0eeb6e052b956efec680b33d From b50f4be9694aeb0644861004326e504121445829 Mon Sep 17 00:00:00 2001 From: Jeff Law Date: Mon, 17 Aug 2020 14:52:59 -0600 Subject: [PATCH 051/146] Disable LTO for now --- dovecot.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 1f50dc1..f005cc5 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.11.3 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -120,6 +120,9 @@ This package provides the development files for dovecot. sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in %build +# This package references hidden symbols during an LTO link. This needs further +# investigation. Until then, disable LTO +%define _lto_cflags %{nil} #required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules %global _hardened_build 1 export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none" @@ -432,6 +435,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Aug 17 2020 Jeff Law - 1:2.3.11.3-2 +- Disable LTO + * Sat Aug 15 2020 Michal Hlavinka - 1:2.3.11.3-1 - CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of From 98f6723298c5d040a37ac8d1f1b6d44c143453b2 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 26 Aug 2020 19:06:39 +0200 Subject: [PATCH 052/146] fix FTBFS on 32bit systems --- dovecot-2.3.11.3-ftbfs1.patch | 15 +++++++++++++++ dovecot-2.3.11.3-ftbfs2.patch | 22 ++++++++++++++++++++++ dovecot.spec | 9 ++++++++- 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.3.11.3-ftbfs1.patch create mode 100644 dovecot-2.3.11.3-ftbfs2.patch diff --git a/dovecot-2.3.11.3-ftbfs1.patch b/dovecot-2.3.11.3-ftbfs1.patch new file mode 100644 index 0000000..42059ad --- /dev/null +++ b/dovecot-2.3.11.3-ftbfs1.patch @@ -0,0 +1,15 @@ +diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c +index cf05370035..0a030a2be0 100644 +--- a/src/auth/test-mech.c ++++ b/src/auth/test-mech.c +@@ -196,8 +196,8 @@ test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_ + { + string_t *apop_challenge = t_str_new(128); + +- str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(), +- connect_uid, process_start_time+10); ++ str_printfa(apop_challenge,"<%lx.%lx.%"PRIxTIME_T".", (unsigned long)getpid(), ++ (unsigned long)connect_uid, process_start_time+10); + str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26); + *len_r = apop_challenge->used; + return apop_challenge->data; diff --git a/dovecot-2.3.11.3-ftbfs2.patch b/dovecot-2.3.11.3-ftbfs2.patch new file mode 100644 index 0000000..107a4cd --- /dev/null +++ b/dovecot-2.3.11.3-ftbfs2.patch @@ -0,0 +1,22 @@ +diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c +index 0a030a2be0..0a22ff46d0 100644 +--- a/src/auth/test-mech.c ++++ b/src/auth/test-mech.c +@@ -192,7 +192,7 @@ static void test_mech_handle_challenge(struct auth_request *request, + } + + static inline const unsigned char * +-test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r) ++test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r) + { + string_t *apop_challenge = t_str_new(128); + +@@ -323,7 +323,7 @@ static void test_mechs(void) + struct test_case *test_case = &tests[running_test]; + const struct mech_module *mech = test_case->mech; + struct auth_request *request; +- const char *testname = t_strdup_printf("auth mech %s %d/%lu", ++ const char *testname = t_strdup_printf("auth mech %s %d/%zu", + mech->mech_name, + running_test+1, + N_ELEMENTS(tests)); diff --git a/dovecot.spec b/dovecot.spec index f005cc5..f1b4471 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.11.3 %global prever %{nil} -Release: 2%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -32,6 +32,8 @@ Patch6: dovecot-2.1.10-waitonline.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch +Patch12: dovecot-2.3.11.3-ftbfs1.patch +Patch13: dovecot-2.3.11.3-ftbfs2.patch Source15: prestartscript @@ -114,6 +116,8 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem #%patch10 -p1 -b .libxcrypt +%patch12 -p1 -b .ftbfs1 +%patch13 -p1 -b .ftbfs2 #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -435,6 +439,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Aug 26 2020 Michal Hlavinka - 1:2.3.11.3-4 +- fix FTBFS on 32bit systems + * Mon Aug 17 2020 Jeff Law - 1:2.3.11.3-2 - Disable LTO From 29ed947aaea4a89dbadcab2fd9c843ae48a7d156 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 2 Sep 2020 11:58:34 +0200 Subject: [PATCH 053/146] fix gssapi issue --- dovecot-2.3.11.3-gssapi.patch | 13 +++++++++++++ dovecot.spec | 7 ++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.3.11.3-gssapi.patch diff --git a/dovecot-2.3.11.3-gssapi.patch b/dovecot-2.3.11.3-gssapi.patch new file mode 100644 index 0000000..18f6c45 --- /dev/null +++ b/dovecot-2.3.11.3-gssapi.patch @@ -0,0 +1,13 @@ +diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c +index f29e48da88..966273d388 100644 +--- a/src/auth/mech-gssapi.c ++++ b/src/auth/mech-gssapi.c +@@ -735,7 +735,7 @@ mech_gssapi_auth_free(struct auth_request *request) + const struct mech_module mech_gssapi = { + "GSSAPI", + +- .flags = 0, ++ .flags = MECH_SEC_ALLOW_NULS, + .passdb_need = MECH_PASSDB_NEED_NOTHING, + + mech_gssapi_auth_new, diff --git a/dovecot.spec b/dovecot.spec index f1b4471..5077164 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.11.3 %global prever %{nil} -Release: 4%{?dist} +Release: 5%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -34,6 +34,7 @@ Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch Patch12: dovecot-2.3.11.3-ftbfs1.patch Patch13: dovecot-2.3.11.3-ftbfs2.patch +Patch14: dovecot-2.3.11.3-gssapi.patch Source15: prestartscript @@ -118,6 +119,7 @@ This package provides the development files for dovecot. #%patch10 -p1 -b .libxcrypt %patch12 -p1 -b .ftbfs1 %patch13 -p1 -b .ftbfs2 +%patch14 -p1 -b .gssapi #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -439,6 +441,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Sep 02 2020 Michal Hlavinka - 1:2.3.11.3-5 +- fix gssapi issue + * Wed Aug 26 2020 Michal Hlavinka - 1:2.3.11.3-4 - fix FTBFS on 32bit systems From e93cbad322f597213dda7585f8ecc8ecad482e44 Mon Sep 17 00:00:00 2001 From: pgfed Date: Mon, 19 Oct 2020 20:12:58 +0000 Subject: [PATCH 054/146] Update dovecot.spec --- dovecot.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dovecot.spec b/dovecot.spec index 5077164..6704885 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -50,6 +50,7 @@ BuildRequires: quota-devel BuildRequires: xz-devel BuildRequires: lz4-devel BuildRequires: libsodium-devel +BuildRequires: libicu-devel BuildRequires: libexttextcat-devel BuildRequires: libstemmer-devel @@ -151,6 +152,7 @@ autoreconf -I . -fiv #required for aarch64 support --with-sqlite \ --with-zlib \ --with-libcap \ + --with-icu \ --with-lucene \ --with-ssl=openssl \ --with-ssldir=%{ssldir} \ From 4ca072df4d19fe0a3ad5061dea0e0d767d94aa96 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 20 Oct 2020 15:39:01 +0200 Subject: [PATCH 055/146] enable zstd support --- dovecot.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dovecot.spec b/dovecot.spec index 6704885..d560cdc 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -49,6 +49,7 @@ BuildRequires: krb5-devel BuildRequires: quota-devel BuildRequires: xz-devel BuildRequires: lz4-devel +BuildRequires: libzstd-devel BuildRequires: libsodium-devel BuildRequires: libicu-devel BuildRequires: libexttextcat-devel @@ -151,6 +152,7 @@ autoreconf -I . -fiv #required for aarch64 support --with-mysql \ --with-sqlite \ --with-zlib \ + --with-zstd \ --with-libcap \ --with-icu \ --with-lucene \ From b73f4c06b076cd976a62960dc7c48ad49cb952c5 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 17 Dec 2020 04:42:04 +0000 Subject: [PATCH 056/146] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- dovecot.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/dovecot.spec b/dovecot.spec index d560cdc..ecc03f2 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -74,6 +74,7 @@ BuildRequires: clucene-core-devel %global ssldir %{_sysconfdir}/pki/%{name} BuildRequires: libcurl-devel expat-devel +BuildRequires: make %global restart_flag /run/%{name}/%{name}-restart-after-rpm-install From 5e0f363767b1b657a23527c548fee894e73809df Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 4 Jan 2021 10:18:56 +0100 Subject: [PATCH 057/146] change run directory from /var/run to /run (#1777922) --- dovecot-2.3.11-bigkey.patch | 10 ++++++++++ dovecot.spec | 11 ++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.3.11-bigkey.patch diff --git a/dovecot-2.3.11-bigkey.patch b/dovecot-2.3.11-bigkey.patch new file mode 100644 index 0000000..c5b23d9 --- /dev/null +++ b/dovecot-2.3.11-bigkey.patch @@ -0,0 +1,10 @@ +diff -up dovecot-2.2.36/doc/dovecot-openssl.cnf.bigkey dovecot-2.2.36/doc/dovecot-openssl.cnf +--- dovecot-2.2.36/doc/dovecot-openssl.cnf.bigkey 2017-06-23 13:18:28.000000000 +0200 ++++ dovecot-2.2.36/doc/dovecot-openssl.cnf 2018-10-16 17:15:35.836205498 +0200 +@@ -1,5 +1,5 @@ + [ req ] +-default_bits = 1024 ++default_bits = 3072 + encrypt_key = yes + distinguished_name = req_dn + x509_extensions = cert_type diff --git a/dovecot.spec b/dovecot.spec index ecc03f2..dac9610 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.11.3 %global prever %{nil} -Release: 5%{?dist} +Release: 7%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -35,6 +35,7 @@ Patch10: dovecot-2.3.0.1-libxcrypt.patch Patch12: dovecot-2.3.11.3-ftbfs1.patch Patch13: dovecot-2.3.11.3-ftbfs2.patch Patch14: dovecot-2.3.11.3-gssapi.patch +Patch15: dovecot-2.3.11-bigkey.patch Source15: prestartscript @@ -123,6 +124,7 @@ This package provides the development files for dovecot. %patch12 -p1 -b .ftbfs1 %patch13 -p1 -b .ftbfs2 %patch14 -p1 -b .gssapi +%patch15 -p1 -b .bigkey #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -140,6 +142,7 @@ mkdir -p m4 autoreconf -I . -fiv #required for aarch64 support %configure \ INSTALL_DATA="install -c -p -m644" \ + --localstatedir=%{_rundir} \ --docdir=%{_docdir}/%{name} \ --disable-static \ --disable-rpath \ @@ -446,6 +449,12 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Oct 21 2020 Michal Hlavinka - 1:2.3.11.3-7 +- change run directory from /var/run to /run (#1777922) + +* Wed Oct 21 2020 Michal Hlavinka - 1:2.3.11.3-6 +- use bigger default key size (#1882939) + * Wed Sep 02 2020 Michal Hlavinka - 1:2.3.11.3-5 - fix gssapi issue From f8f94ccbdfa6206bb724f43d269aa82dbaa154e5 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 4 Jan 2021 19:46:26 +0100 Subject: [PATCH 058/146] dovecot updated to 2.3.13, pigeonhole to 0.5.13 CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. Metric filter and global event filter variable syntax changed to a SQL-like format. auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged. auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. auth: Removed postfix postmap socket --- dovecot-2.3.11.3-ftbfs1.patch | 15 --------------- dovecot-2.3.11.3-ftbfs2.patch | 22 ---------------------- dovecot-2.3.11.3-gssapi.patch | 13 ------------- dovecot.spec | 30 ++++++++++++++++++++---------- sources | 4 ++-- 5 files changed, 22 insertions(+), 62 deletions(-) delete mode 100644 dovecot-2.3.11.3-ftbfs1.patch delete mode 100644 dovecot-2.3.11.3-ftbfs2.patch delete mode 100644 dovecot-2.3.11.3-gssapi.patch diff --git a/dovecot-2.3.11.3-ftbfs1.patch b/dovecot-2.3.11.3-ftbfs1.patch deleted file mode 100644 index 42059ad..0000000 --- a/dovecot-2.3.11.3-ftbfs1.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c -index cf05370035..0a030a2be0 100644 ---- a/src/auth/test-mech.c -+++ b/src/auth/test-mech.c -@@ -196,8 +196,8 @@ test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_ - { - string_t *apop_challenge = t_str_new(128); - -- str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(), -- connect_uid, process_start_time+10); -+ str_printfa(apop_challenge,"<%lx.%lx.%"PRIxTIME_T".", (unsigned long)getpid(), -+ (unsigned long)connect_uid, process_start_time+10); - str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26); - *len_r = apop_challenge->used; - return apop_challenge->data; diff --git a/dovecot-2.3.11.3-ftbfs2.patch b/dovecot-2.3.11.3-ftbfs2.patch deleted file mode 100644 index 107a4cd..0000000 --- a/dovecot-2.3.11.3-ftbfs2.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c -index 0a030a2be0..0a22ff46d0 100644 ---- a/src/auth/test-mech.c -+++ b/src/auth/test-mech.c -@@ -192,7 +192,7 @@ static void test_mech_handle_challenge(struct auth_request *request, - } - - static inline const unsigned char * --test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r) -+test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r) - { - string_t *apop_challenge = t_str_new(128); - -@@ -323,7 +323,7 @@ static void test_mechs(void) - struct test_case *test_case = &tests[running_test]; - const struct mech_module *mech = test_case->mech; - struct auth_request *request; -- const char *testname = t_strdup_printf("auth mech %s %d/%lu", -+ const char *testname = t_strdup_printf("auth mech %s %d/%zu", - mech->mech_name, - running_test+1, - N_ELEMENTS(tests)); diff --git a/dovecot-2.3.11.3-gssapi.patch b/dovecot-2.3.11.3-gssapi.patch deleted file mode 100644 index 18f6c45..0000000 --- a/dovecot-2.3.11.3-gssapi.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c -index f29e48da88..966273d388 100644 ---- a/src/auth/mech-gssapi.c -+++ b/src/auth/mech-gssapi.c -@@ -735,7 +735,7 @@ mech_gssapi_auth_free(struct auth_request *request) - const struct mech_module mech_gssapi = { - "GSSAPI", - -- .flags = 0, -+ .flags = MECH_SEC_ALLOW_NULS, - .passdb_need = MECH_PASSDB_NEED_NOTHING, - - mech_gssapi_auth_new, diff --git a/dovecot.spec b/dovecot.spec index dac9610..1e16213 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.11.3 +Version: 2.3.13 %global prever %{nil} -Release: 7%{?dist} +Release: %{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.11 +%global pigeonholever 0.5.13 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -32,9 +32,6 @@ Patch6: dovecot-2.1.10-waitonline.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch -Patch12: dovecot-2.3.11.3-ftbfs1.patch -Patch13: dovecot-2.3.11.3-ftbfs2.patch -Patch14: dovecot-2.3.11.3-gssapi.patch Patch15: dovecot-2.3.11-bigkey.patch Source15: prestartscript @@ -121,9 +118,9 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem #%patch10 -p1 -b .libxcrypt -%patch12 -p1 -b .ftbfs1 -%patch13 -p1 -b .ftbfs2 -%patch14 -p1 -b .gssapi +#patch12 -p1 -b .ftbfs1 +#patch13 -p1 -b .ftbfs2 +#patch14 -p1 -b .gssapi %patch15 -p1 -b .bigkey #pushd dovecot-2*3-pigeonhole-%{pigeonholever} @@ -346,7 +343,6 @@ make check %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-vpopmail.conf.ext %config(noreplace) %{_sysconfdir}/pam.d/dovecot %config(noreplace) %{ssldir}/dovecot-openssl.cnf @@ -449,6 +445,20 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jan 04 2021 Michal Hlavinka - 1: +- dovecot updated to 2.3.13, pigeonhole to 0.5.13 +- CVE-2020-24386: Specially crafted command can cause IMAP hibernate to + allow logged in user to access other people's emails and filesystem + information. +- Metric filter and global event filter variable syntax changed to a + SQL-like format. +- auth: Added new aliases for %{variables}. Usage of the old ones is + possible, but discouraged. +- auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth + mechanism and related password schemes. +- auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. +- auth: Removed postfix postmap socket + * Wed Oct 21 2020 Michal Hlavinka - 1:2.3.11.3-7 - change run directory from /var/run to /run (#1777922) diff --git a/sources b/sources index a256f67..a3e1632 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.11.3.tar.gz) = d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb -SHA512 (dovecot-2.3-pigeonhole-0.5.11.tar.gz) = 793d93edc50192c52654e2f7244d3e01aaa4e69f786e3ecfcd658a4ab26a5099cc5319cb93221150db4ce94bc4515ffb38115b1d0eeb6e052b956efec680b33d +SHA512 (dovecot-2.3.13.tar.gz) = 758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95 +SHA512 (dovecot-2.3-pigeonhole-0.5.13.tar.gz) = fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3 From 432e04624d1bb1734264c443a54cc4412650f880 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 6 Jan 2021 11:29:46 +0100 Subject: [PATCH 059/146] dovecot updated to 2.3.13, pigeonhole to 0.5.13 CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. Metric filter and global event filter variable syntax changed to a SQL-like format. auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged. auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. auth: Removed postfix postmap socket --- dovecot-2.3.13-bigtvsec.patch | 36 +++++++++++++++++++++++++++++++++++ dovecot.spec | 2 ++ 2 files changed, 38 insertions(+) create mode 100644 dovecot-2.3.13-bigtvsec.patch diff --git a/dovecot-2.3.13-bigtvsec.patch b/dovecot-2.3.13-bigtvsec.patch new file mode 100644 index 0000000..1c91c0b --- /dev/null +++ b/dovecot-2.3.13-bigtvsec.patch @@ -0,0 +1,36 @@ +diff -up dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec dovecot-2.3.13/src/lib/test-time-util.c +--- dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec 2021-01-06 11:27:06.793315308 +0100 ++++ dovecot-2.3.13/src/lib/test-time-util.c 2021-01-06 11:27:06.815315088 +0100 +@@ -358,7 +358,7 @@ static void test_str_to_timeval(void) + { + struct { + const char *str; +- time_t tv_sec, tv_usec; ++ long int tv_sec, tv_usec; + } tests[] = { + { "0", 0, 0 }, + { "0.0", 0, 0 }, +diff -up dovecot-2.3.13/src/lib/time-util.c.bigtvsec dovecot-2.3.13/src/lib/time-util.c +--- dovecot-2.3.13/src/lib/time-util.c.bigtvsec 2021-01-06 11:10:49.791094852 +0100 ++++ dovecot-2.3.13/src/lib/time-util.c 2021-01-06 11:10:08.255501319 +0100 +@@ -43,16 +43,16 @@ int timeval_cmp_margin(const struct time + + if (tv1->tv_sec < tv2->tv_sec) { + sec_margin = ((int)usec_margin / 1000000) + 1; +- if ((tv2->tv_sec - tv1->tv_sec) > sec_margin) ++ if (((long long)tv2->tv_sec - tv1->tv_sec) > sec_margin) + return -1; +- usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL + ++ usecs_diff = ((long long)tv2->tv_sec - tv1->tv_sec) * 1000000LL + + (tv2->tv_usec - tv1->tv_usec); + ret = -1; + } else if (tv1->tv_sec > tv2->tv_sec) { + sec_margin = ((int)usec_margin / 1000000) + 1; +- if ((tv1->tv_sec - tv2->tv_sec) > sec_margin) ++ if (((long long)tv1->tv_sec - tv2->tv_sec) > sec_margin) + return 1; +- usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL + ++ usecs_diff = ((long long)tv1->tv_sec - tv2->tv_sec) * 1000000LL + + (tv1->tv_usec - tv2->tv_usec); + ret = 1; + } else if (tv1->tv_usec < tv2->tv_usec) { diff --git a/dovecot.spec b/dovecot.spec index 1e16213..20e110d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -33,6 +33,7 @@ Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch Patch15: dovecot-2.3.11-bigkey.patch +Patch16: dovecot-2.3.13-bigtvsec.patch Source15: prestartscript @@ -122,6 +123,7 @@ This package provides the development files for dovecot. #patch13 -p1 -b .ftbfs2 #patch14 -p1 -b .gssapi %patch15 -p1 -b .bigkey +%patch16 -p1 -b .bigtvsec #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd From e1b1e2910c24597e944961e71806d71f60f16b2d Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 6 Jan 2021 11:43:31 +0100 Subject: [PATCH 060/146] fix patch --- dovecot-2.3.13-bigtvsec.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dovecot-2.3.13-bigtvsec.patch b/dovecot-2.3.13-bigtvsec.patch index 1c91c0b..3bd7ce6 100644 --- a/dovecot-2.3.13-bigtvsec.patch +++ b/dovecot-2.3.13-bigtvsec.patch @@ -5,7 +5,7 @@ diff -up dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec dovecot-2.3.13/src/lib { struct { const char *str; -- time_t tv_sec, tv_usec; +- unsigned int tv_sec, tv_usec; + long int tv_sec, tv_usec; } tests[] = { { "0", 0, 0 }, From cc81c97592bfe982ac27cee8d042a66cc78e4b37 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 6 Jan 2021 14:01:36 +0100 Subject: [PATCH 061/146] fix release number --- dovecot.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 20e110d..dd6b889 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.13 %global prever %{nil} -Release: %{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -447,7 +447,10 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog -* Mon Jan 04 2021 Michal Hlavinka - 1: +* Wed Jan 06 2021 Michal Hlavinka - 1:2.3.13-1 +- fix release number + +* Mon Jan 04 2021 Michal Hlavinka - 1:2.3.13-0 - dovecot updated to 2.3.13, pigeonhole to 0.5.13 - CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem From f1771ed0fa45715cc15a5feb3533a5acc74e016f Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 7 Jan 2021 18:28:31 +0100 Subject: [PATCH 062/146] fix rundir location --- dovecot.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index dd6b889..ab21e66 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.13 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -141,7 +141,7 @@ mkdir -p m4 autoreconf -I . -fiv #required for aarch64 support %configure \ INSTALL_DATA="install -c -p -m644" \ - --localstatedir=%{_rundir} \ + --with-rundir=%{_rundir}/%{name} \ --docdir=%{_docdir}/%{name} \ --disable-static \ --disable-rpath \ @@ -447,6 +447,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jan 07 2021 Michal Hlavinka - 1:2.3.13-2 +- fix rundir location + * Wed Jan 06 2021 Michal Hlavinka - 1:2.3.13-1 - fix release number From abd275bba1f5a3dd61e0bbce564a821d96f4eede Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 18 Jan 2021 13:57:17 +0100 Subject: [PATCH 063/146] bump release and rebuild --- dovecot.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index ab21e66..7672068 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.13 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -49,7 +49,9 @@ BuildRequires: quota-devel BuildRequires: xz-devel BuildRequires: lz4-devel BuildRequires: libzstd-devel +%if %{?rhel}0 == 0 BuildRequires: libsodium-devel +%endif BuildRequires: libicu-devel BuildRequires: libexttextcat-devel BuildRequires: libstemmer-devel @@ -447,6 +449,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jan 18 2021 Michal Hlavinka - 1:2.3.13-3 +- bump release and rebuild + * Thu Jan 07 2021 Michal Hlavinka - 1:2.3.13-2 - fix rundir location From 2860368c09267a07a2173ffe1b4d987fced8dfed Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 18 Jan 2021 14:33:47 +0100 Subject: [PATCH 064/146] fix multilib issues --- dovecot.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 7672068..02862e0 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.13 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -55,6 +55,7 @@ BuildRequires: libsodium-devel BuildRequires: libicu-devel BuildRequires: libexttextcat-devel BuildRequires: libstemmer-devel +BuildRequires: multilib-rpm-config # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -192,9 +193,11 @@ rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT -#move doc dir back to build dir so doc macro in files section can use it +# move doc dir back to build dir so doc macro in files section can use it mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall +# fix multilib issues +%multilib_fix_c_header --file %{_includedir}/dovecot/config.h pushd dovecot-2*3-pigeonhole-%{pigeonholever} make install DESTDIR=$RPM_BUILD_ROOT @@ -449,6 +452,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jan 18 2021 Michal Hlavinka - 1:2.3.13-4 +- fix multilib issues + * Mon Jan 18 2021 Michal Hlavinka - 1:2.3.13-3 - bump release and rebuild From 06d34fe3ea08345276d6c5053536132f98594e46 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 26 Jan 2021 03:42:56 +0000 Subject: [PATCH 065/146] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 02862e0..c300c8a 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.13 %global prever %{nil} -Release: 4%{?dist} +Release: 5%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -452,6 +452,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jan 26 2021 Fedora Release Engineering - 1:2.3.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Mon Jan 18 2021 Michal Hlavinka - 1:2.3.13-4 - fix multilib issues From 886a96b230d1c52f5b076d6c818df91cbdc54231 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 1 Feb 2021 13:51:01 +0100 Subject: [PATCH 066/146] use make macros --- dovecot.spec | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index c300c8a..4f5e87b 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.13 %global prever %{nil} -Release: 5%{?dist} +Release: 6%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -170,7 +170,7 @@ autoreconf -I . -fiv #required for aarch64 support sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf -make %{?_smp_mflags} +%make_build #pigeonhole pushd dovecot-2*3-pigeonhole-%{pigeonholever} @@ -185,13 +185,13 @@ pushd dovecot-2*3-pigeonhole-%{pigeonholever} --with-dovecot=../ \ --without-unfinished-features -make %{?_smp_mflags} +%make_build popd %install rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT +%make_install # move doc dir back to build dir so doc macro in files section can use it mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall @@ -200,7 +200,7 @@ mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/ %multilib_fix_c_header --file %{_includedir}/dovecot/config.h pushd dovecot-2*3-pigeonhole-%{pigeonholever} -make install DESTDIR=$RPM_BUILD_ROOT +%make_install mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole @@ -452,6 +452,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Feb 01 2021 Michal Hlavinka - 1:2.3.13-6 +- use make macros + * Tue Jan 26 2021 Fedora Release Engineering - 1:2.3.13-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From abd5abe3b45b384e879674b95135dda1bf8a3cad Mon Sep 17 00:00:00 2001 From: Pavel Raiskup Date: Mon, 8 Feb 2021 09:24:17 +0100 Subject: [PATCH 067/146] rebuild for libpq ABI fix Related: rhbz#1908268 --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 4f5e87b..6ee95b3 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.13 %global prever %{nil} -Release: 6%{?dist} +Release: 7%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -452,6 +452,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Feb 08 2021 Pavel Raiskup - 1:2.3.13-7 +- rebuild for libpq ABI fix rhbz#1908268 + * Mon Feb 01 2021 Michal Hlavinka - 1:2.3.13-6 - use make macros From 8550d54fac848459d6797cc0f5d6e95ebc776ac6 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 22 Mar 2021 19:30:17 +0100 Subject: [PATCH 068/146] do not use own implementation of HMAC, use OpenSSL --- dovecot-2.3.6-opensslhmac.patch | 763 ++++++++++++++++++++++++++++++++ dovecot.spec | 10 +- 2 files changed, 769 insertions(+), 4 deletions(-) create mode 100644 dovecot-2.3.6-opensslhmac.patch diff --git a/dovecot-2.3.6-opensslhmac.patch b/dovecot-2.3.6-opensslhmac.patch new file mode 100644 index 0000000..a95202e --- /dev/null +++ b/dovecot-2.3.6-opensslhmac.patch @@ -0,0 +1,763 @@ +diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/auth/auth-token.c +--- dovecot-2.3.13/src/auth/auth-token.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/auth/auth-token.c 2021-03-22 18:44:06.946142422 +0100 +@@ -161,17 +161,17 @@ void auth_token_deinit(void) + const char *auth_token_get(const char *service, const char *session_pid, + const char *username, const char *session_id) + { +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + unsigned char result[SHA1_RESULTLEN]; + +- hmac_init(&ctx, (const unsigned char*)username, strlen(username), ++ openssl_hmac_init(&ctx, (const unsigned char*)username, strlen(username), + &hash_method_sha1); +- hmac_update(&ctx, session_pid, strlen(session_pid)); ++ openssl_hmac_update(&ctx, session_pid, strlen(session_pid)); + if (session_id != NULL && *session_id != '\0') +- hmac_update(&ctx, session_id, strlen(session_id)); +- hmac_update(&ctx, service, strlen(service)); +- hmac_update(&ctx, auth_token_secret, sizeof(auth_token_secret)); +- hmac_final(&ctx, result); ++ openssl_hmac_update(&ctx, session_id, strlen(session_id)); ++ openssl_hmac_update(&ctx, service, strlen(service)); ++ openssl_hmac_update(&ctx, auth_token_secret, sizeof(auth_token_secret)); ++ openssl_hmac_final(&ctx, result); + + return binary_to_hex(result, sizeof(result)); + } +diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/auth/mech-cram-md5.c +--- dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/auth/mech-cram-md5.c 2021-03-22 18:44:06.946142422 +0100 +@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr + { + + unsigned char digest[MD5_RESULTLEN]; +- struct hmac_context ctx; ++ struct orig_hmac_context ctx; + const char *response_hex; + + if (size != CRAM_MD5_CONTEXTLEN) { +@@ -60,10 +60,10 @@ static bool verify_credentials(struct cr + return FALSE; + } + +- hmac_init(&ctx, NULL, 0, &hash_method_md5); ++ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5); + hmac_md5_set_cram_context(&ctx, credentials); +- hmac_update(&ctx, request->challenge, strlen(request->challenge)); +- hmac_final(&ctx, digest); ++ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge)); ++ orig_hmac_final(&ctx, digest); + + response_hex = binary_to_hex(digest, sizeof(digest)); + +diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/auth/mech-scram.c +--- dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/auth/mech-scram.c 2021-03-22 18:44:06.946142422 +0100 +@@ -78,7 +78,7 @@ static const char *get_scram_server_firs + static const char *get_scram_server_final(struct scram_auth_request *request) + { + const struct hash_method *hmethod = request->hash_method; +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + const char *auth_message; + unsigned char server_signature[hmethod->digest_size]; + string_t *str; +@@ -87,9 +87,9 @@ static const char *get_scram_server_fina + request->server_first_message, ",", + request->client_final_message_without_proof, NULL); + +- hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod); +- hmac_update(&ctx, auth_message, strlen(auth_message)); +- hmac_final(&ctx, server_signature); ++ openssl_hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod); ++ openssl_hmac_update(&ctx, auth_message, strlen(auth_message)); ++ openssl_hmac_final(&ctx, server_signature); + + str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(server_signature))); + str_append(str, "v="); +@@ -228,7 +228,7 @@ static bool parse_scram_client_first(str + static bool verify_credentials(struct scram_auth_request *request) + { + const struct hash_method *hmethod = request->hash_method; +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + const char *auth_message; + unsigned char client_key[hmethod->digest_size]; + unsigned char client_signature[hmethod->digest_size]; +@@ -239,9 +239,9 @@ static bool verify_credentials(struct sc + request->server_first_message, ",", + request->client_final_message_without_proof, NULL); + +- hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod); +- hmac_update(&ctx, auth_message, strlen(auth_message)); +- hmac_final(&ctx, client_signature); ++ openssl_hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod); ++ openssl_hmac_update(&ctx, auth_message, strlen(auth_message)); ++ openssl_hmac_final(&ctx, client_signature); + + const unsigned char *proof_data = request->proof->data; + for (i = 0; i < sizeof(client_signature); i++) +diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme.c +--- dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/auth/password-scheme.c 2021-03-22 18:44:06.947142409 +0100 +@@ -639,11 +639,11 @@ static void + cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r) + { +- struct hmac_context ctx; ++ struct orig_hmac_context ctx; + unsigned char *context_digest; + + context_digest = t_malloc_no0(CRAM_MD5_CONTEXTLEN); +- hmac_init(&ctx, (const unsigned char *)plaintext, ++ orig_hmac_init(&ctx, (const unsigned char *)plaintext, + strlen(plaintext), &hash_method_md5); + hmac_md5_get_cram_context(&ctx, context_digest); + +diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme-scram.c +--- dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/auth/password-scheme-scram.c 2021-03-22 18:44:06.947142409 +0100 +@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co + const unsigned char *salt, size_t salt_size, unsigned int i, + unsigned char *result) + { +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + unsigned char U[hmethod->digest_size]; + unsigned int j, k; + + /* Calculate U1 */ +- hmac_init(&ctx, str, str_size, hmethod); +- hmac_update(&ctx, salt, salt_size); +- hmac_update(&ctx, "\0\0\0\1", 4); +- hmac_final(&ctx, U); ++ openssl_hmac_init(&ctx, str, str_size, hmethod); ++ openssl_hmac_update(&ctx, salt, salt_size); ++ openssl_hmac_update(&ctx, "\0\0\0\1", 4); ++ openssl_hmac_final(&ctx, U); + + memcpy(result, U, hmethod->digest_size); + + /* Calculate U2 to Ui and Hi */ + for (j = 2; j <= i; j++) { +- hmac_init(&ctx, str, str_size, hmethod); +- hmac_update(&ctx, U, sizeof(U)); +- hmac_final(&ctx, U); ++ openssl_hmac_init(&ctx, str, str_size, hmethod); ++ openssl_hmac_update(&ctx, U, sizeof(U)); ++ openssl_hmac_final(&ctx, U); + for (k = 0; k < hmethod->digest_size; k++) + result[k] ^= U[k]; + } +@@ -102,7 +102,7 @@ int scram_verify(const struct hash_metho + const char *plaintext, const unsigned char *raw_password, + size_t size, const char **error_r) + { +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + const char *salt_base64; + unsigned int iter_count; + const unsigned char *salt; +@@ -126,9 +126,9 @@ int scram_verify(const struct hash_metho + salt, salt_len, iter_count, salted_password); + + /* Calculate ClientKey */ +- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); +- hmac_update(&ctx, "Client Key", 10); +- hmac_final(&ctx, client_key); ++ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); ++ openssl_hmac_update(&ctx, "Client Key", 10); ++ openssl_hmac_final(&ctx, client_key); + + /* Calculate StoredKey */ + hash_method_get_digest(hmethod, client_key, sizeof(client_key), +@@ -147,7 +147,7 @@ void scram_generate(const struct hash_me + const unsigned char **raw_password_r, size_t *size_r) + { + string_t *str; +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + unsigned char salt[16]; + unsigned char salted_password[hmethod->digest_size]; + unsigned char client_key[hmethod->digest_size]; +@@ -165,9 +165,9 @@ void scram_generate(const struct hash_me + sizeof(salt), SCRAM_DEFAULT_ITERATE_COUNT, salted_password); + + /* Calculate ClientKey */ +- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); +- hmac_update(&ctx, "Client Key", 10); +- hmac_final(&ctx, client_key); ++ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); ++ openssl_hmac_update(&ctx, "Client Key", 10); ++ openssl_hmac_final(&ctx, client_key); + + /* Calculate StoredKey */ + hash_method_get_digest(hmethod, client_key, sizeof(client_key), +@@ -176,9 +176,9 @@ void scram_generate(const struct hash_me + base64_encode(stored_key, sizeof(stored_key), str); + + /* Calculate ServerKey */ +- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); +- hmac_update(&ctx, "Server Key", 10); +- hmac_final(&ctx, server_key); ++ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); ++ openssl_hmac_update(&ctx, "Server Key", 10); ++ openssl_hmac_final(&ctx, server_key); + str_append_c(str, ','); + base64_encode(server_key, sizeof(server_key), str); + +diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c +--- dovecot-2.3.13/src/lib/hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/lib/hmac.c 2021-03-22 18:44:06.947142409 +0100 +@@ -7,6 +7,10 @@ + * This software is released under the MIT license. + */ + ++#include ++#include ++#include ++#include + #include "lib.h" + #include "hmac.h" + #include "safe-memset.h" +@@ -14,10 +18,65 @@ + + #include "hex-binary.h" + +-void hmac_init(struct hmac_context *_ctx, const unsigned char *key, ++#ifndef HAVE_HMAC_CTX_NEW ++# define HMAC_Init_ex(ctx, key, key_len, md, impl) \ ++ HMAC_Init_ex(&(ctx), key, key_len, md, impl) ++# define HMAC_Update(ctx, data, len) HMAC_Update(&(ctx), data, len) ++# define HMAC_Final(ctx, md, len) HMAC_Final(&(ctx), md, len) ++# define HMAC_CTX_free(ctx) HMAC_cleanup(&(ctx)) ++#else ++# define HMAC_CTX_free(ctx) \ ++ STMT_START { HMAC_CTX_free(ctx); (ctx) = NULL; } STMT_END ++#endif ++ ++ ++void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key, + size_t key_len, const struct hash_method *meth) + { +- struct hmac_context_priv *ctx = &_ctx->u.priv; ++ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv; ++ ++ const EVP_MD *md; ++ const char *ebuf = NULL; ++ const char **error_r = &ebuf; ++ ++ md = EVP_get_digestbyname(meth->name); ++ if(md == NULL) { ++ if (error_r != NULL) { ++ *error_r = t_strdup_printf("Invalid digest %s", ++ meth->name); ++ } ++ //return FALSE; ++ } ++ ++// int ec; ++ ++ i_assert(md != NULL); ++#ifdef HAVE_HMAC_CTX_NEW ++ ctx->ctx = HMAC_CTX_new(); ++/* if (ctx->ctx == NULL) ++ dcrypt_openssl_error(error_r);*/ ++#endif ++ /*ec = */HMAC_Init_ex(ctx->ctx, key, key_len, md, NULL); ++} ++ ++void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key, ++ size_t key_len, const struct hash_method *meth) ++{ ++ static int no_fips = -1; ++ if (no_fips == -1) { ++ int fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY); ++ if (fd != -1) ++ { ++ char buf[4]; ++ if (read(fd, buf, 4) > 0) ++ { ++ no_fips = buf[0] == '0'; ++ } ++ close(fd); ++ } ++ } ++ i_assert(no_fips); ++ struct orig_hmac_context_priv *ctx = &_ctx->u.priv; + int i; + unsigned char k_ipad[64]; + unsigned char k_opad[64]; +@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx + safe_memset(k_opad, 0, 64); + } + +-void hmac_final(struct hmac_context *_ctx, unsigned char *digest) ++void openssl_hmac_final(struct openssl_hmac_context *_ctx, unsigned char *digest) ++{ ++ int ec; ++ unsigned char buf[HMAC_MAX_MD_CBLOCK]; ++ unsigned int outl; ++// const char *ebuf = NULL; ++// const char **error_r = &ebuf; ++ ++ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv; ++ ec = HMAC_Final(ctx->ctx, buf, &outl); ++ HMAC_CTX_free(ctx->ctx); ++ if (ec == 1) ++ memcpy(digest, buf, outl); ++// else ++// dcrypt_openssl_error(error_r); ++ ++} ++ ++void orig_hmac_final(struct orig_hmac_context *_ctx, unsigned char *digest) + { +- struct hmac_context_priv *ctx = &_ctx->u.priv; ++ struct orig_hmac_context_priv *ctx = &_ctx->u.priv; + + ctx->hash->result(ctx->ctx, digest); + +@@ -63,53 +140,50 @@ void hmac_final(struct hmac_context *_ct + ctx->hash->result(ctx->ctxo, digest); + } + +-buffer_t *t_hmac_data(const struct hash_method *meth, ++buffer_t *openssl_t_hmac_data(const struct hash_method *meth, + const unsigned char *key, size_t key_len, + const void *data, size_t data_len) + { +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + i_assert(meth != NULL); + i_assert(key != NULL && key_len > 0); + i_assert(data != NULL || data_len == 0); + + buffer_t *res = t_buffer_create(meth->digest_size); +- hmac_init(&ctx, key, key_len, meth); ++ openssl_hmac_init(&ctx, key, key_len, meth); + if (data_len > 0) +- hmac_update(&ctx, data, data_len); ++ openssl_hmac_update(&ctx, data, data_len); + unsigned char *buf = buffer_get_space_unsafe(res, 0, meth->digest_size); +- hmac_final(&ctx, buf); ++ openssl_hmac_final(&ctx, buf); + return res; + } + +-buffer_t *t_hmac_buffer(const struct hash_method *meth, ++buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth, + const unsigned char *key, size_t key_len, + const buffer_t *data) + { +- return t_hmac_data(meth, key, key_len, data->data, data->used); ++ return openssl_t_hmac_data(meth, key, key_len, data->data, data->used); + } + +-buffer_t *t_hmac_str(const struct hash_method *meth, ++buffer_t *openssl_t_hmac_str(const struct hash_method *meth, + const unsigned char *key, size_t key_len, + const char *data) + { +- return t_hmac_data(meth, key, key_len, data, strlen(data)); ++ return openssl_t_hmac_data(meth, key, key_len, data, strlen(data)); + } + +-void hmac_hkdf(const struct hash_method *method, ++void openssl_hmac_hkdf(const struct hash_method *method, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + const unsigned char *info, size_t info_len, + buffer_t *okm_r, size_t okm_len) + { ++ const EVP_MD *md; ++ EVP_PKEY_CTX *pctx; ++ int r = 1; ++ + i_assert(method != NULL); + i_assert(okm_len < 255*method->digest_size); +- struct hmac_context key_mac; +- struct hmac_context info_mac; +- size_t remain = okm_len; +- unsigned char prk[method->digest_size]; +- unsigned char okm[method->digest_size]; +- /* N = ceil(L/HashLen) */ +- unsigned int rounds = (okm_len + method->digest_size - 1)/method->digest_size; + + /* salt and info can be NULL */ + i_assert(salt != NULL || salt_len == 0); +@@ -118,35 +192,30 @@ void hmac_hkdf(const struct hash_method + i_assert(ikm != NULL && ikm_len > 0); + i_assert(okm_r != NULL && okm_len > 0); + +- /* but they still need valid pointer, reduces +- complains from static analysers */ +- if (salt == NULL) +- salt = &uchar_nul; +- if (info == NULL) +- info = &uchar_nul; +- +- /* extract */ +- hmac_init(&key_mac, salt, salt_len, method); +- hmac_update(&key_mac, ikm, ikm_len); +- hmac_final(&key_mac, prk); +- +- /* expand */ +- for (unsigned int i = 0; remain > 0 && i < rounds; i++) { +- unsigned char round = (i+1); +- size_t amt = remain; +- if (amt > method->digest_size) +- amt = method->digest_size; +- hmac_init(&info_mac, prk, method->digest_size, method); +- if (i > 0) +- hmac_update(&info_mac, okm, method->digest_size); +- hmac_update(&info_mac, info, info_len); +- hmac_update(&info_mac, &round, 1); +- memset(okm, 0, method->digest_size); +- hmac_final(&info_mac, okm); +- buffer_append(okm_r, okm, amt); +- remain -= amt; ++ ++ md = EVP_get_digestbyname(method->name); ++ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); ++ unsigned char *okm_buf = buffer_get_space_unsafe(okm_r, 0, okm_len); ++ ++ if ((r=EVP_PKEY_derive_init(pctx)) <= 0) ++ goto out; ++ if ((r=EVP_PKEY_CTX_set_hkdf_md(pctx, md)) <= 0) ++ goto out; ++ if ((r=EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len)) <= 0) ++ goto out; ++ if ((r=EVP_PKEY_CTX_set1_hkdf_key(pctx, ikm, ikm_len)) <= 0) ++ goto out; ++ if ((r=EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len)) <= 0) ++ goto out; ++ if ((r=EVP_PKEY_derive(pctx, okm_buf, &okm_len)) <= 0) ++ goto out; ++ ++ out: ++ EVP_PKEY_CTX_free(pctx); ++ if (r <= 0) { ++ unsigned long ec = ERR_get_error(); ++ unsigned char *error = t_strdup_printf("%s", ERR_error_string(ec, NULL)); ++ i_error("%s", error); + } + +- safe_memset(prk, 0, sizeof(prk)); +- safe_memset(okm, 0, sizeof(okm)); + } +diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.c +--- dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/lib/hmac-cram-md5.c 2021-03-22 18:44:06.947142409 +0100 +@@ -9,10 +9,10 @@ + #include "md5.h" + #include "hmac-cram-md5.h" + +-void hmac_md5_get_cram_context(struct hmac_context *_hmac_ctx, ++void hmac_md5_get_cram_context(struct orig_hmac_context *_hmac_ctx, + unsigned char context_digest[CRAM_MD5_CONTEXTLEN]) + { +- struct hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv; ++ struct orig_hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv; + unsigned char *cdp; + + struct md5_context *ctx = (void*)hmac_ctx->ctx; +@@ -35,10 +35,10 @@ void hmac_md5_get_cram_context(struct hm + CDPUT(cdp, ctx->d); + } + +-void hmac_md5_set_cram_context(struct hmac_context *_hmac_ctx, ++void hmac_md5_set_cram_context(struct orig_hmac_context *_hmac_ctx, + const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]) + { +- struct hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv; ++ struct orig_hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv; + const unsigned char *cdp; + + struct md5_context *ctx = (void*)hmac_ctx->ctx; +diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.h +--- dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/lib/hmac-cram-md5.h 2021-03-22 18:44:06.947142409 +0100 +@@ -5,9 +5,9 @@ + + #define CRAM_MD5_CONTEXTLEN 32 + +-void hmac_md5_get_cram_context(struct hmac_context *ctx, ++void hmac_md5_get_cram_context(struct orig_hmac_context *ctx, + unsigned char context_digest[CRAM_MD5_CONTEXTLEN]); +-void hmac_md5_set_cram_context(struct hmac_context *ctx, ++void hmac_md5_set_cram_context(struct orig_hmac_context *ctx, + const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]); + + +diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h +--- dovecot-2.3.13/src/lib/hmac.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/lib/hmac.h 2021-03-22 18:44:06.947142409 +0100 +@@ -3,60 +3,97 @@ + + #include "hash-method.h" + #include "sha1.h" ++#include ++#include ++#include ++#include + + #define HMAC_MAX_CONTEXT_SIZE 256 + +-struct hmac_context_priv { ++struct openssl_hmac_context_priv { ++#ifdef HAVE_HMAC_CTX_NEW ++ HMAC_CTX *ctx; ++#else ++ HMAC_CTX ctx; ++#endif ++ const struct hash_method *hash; ++}; ++ ++struct orig_hmac_context_priv { + char ctx[HMAC_MAX_CONTEXT_SIZE]; + char ctxo[HMAC_MAX_CONTEXT_SIZE]; + const struct hash_method *hash; + }; + +-struct hmac_context { ++struct openssl_hmac_context { ++ union { ++ struct openssl_hmac_context_priv priv; ++ uint64_t padding_requirement; ++ } u; ++}; ++ ++struct orig_hmac_context { + union { +- struct hmac_context_priv priv; ++ struct orig_hmac_context_priv priv; + uint64_t padding_requirement; + } u; + }; + +-void hmac_init(struct hmac_context *ctx, const unsigned char *key, ++void openssl_hmac_init(struct openssl_hmac_context *ctx, const unsigned char *key, ++ size_t key_len, const struct hash_method *meth); ++void openssl_hmac_final(struct openssl_hmac_context *ctx, unsigned char *digest); ++ ++static inline void ++openssl_hmac_update(struct openssl_hmac_context *_ctx, const void *data, size_t size) ++{ ++ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv; ++ HMAC_Update(ctx->ctx, data, size); ++/* if (ec != 1) ++ { ++ const char *ebuf = NULL; ++ const char **error_r = &ebuf; ++ dcrypt_openssl_error(error_r); ++ }*/ ++} ++ ++void orig_hmac_init(struct orig_hmac_context *ctx, const unsigned char *key, + size_t key_len, const struct hash_method *meth); +-void hmac_final(struct hmac_context *ctx, unsigned char *digest); ++void orig_hmac_final(struct orig_hmac_context *ctx, unsigned char *digest); + + + static inline void +-hmac_update(struct hmac_context *_ctx, const void *data, size_t size) ++orig_hmac_update(struct orig_hmac_context *_ctx, const void *data, size_t size) + { +- struct hmac_context_priv *ctx = &_ctx->u.priv; ++ struct orig_hmac_context_priv *ctx = &_ctx->u.priv; + + ctx->hash->loop(ctx->ctx, data, size); + } + +-buffer_t *t_hmac_data(const struct hash_method *meth, ++buffer_t *openssl_t_hmac_data(const struct hash_method *meth, + const unsigned char *key, size_t key_len, + const void *data, size_t data_len); +-buffer_t *t_hmac_buffer(const struct hash_method *meth, ++buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth, + const unsigned char *key, size_t key_len, + const buffer_t *data); +-buffer_t *t_hmac_str(const struct hash_method *meth, ++buffer_t *openssl_t_hmac_str(const struct hash_method *meth, + const unsigned char *key, size_t key_len, + const char *data); + +-void hmac_hkdf(const struct hash_method *method, ++void openssl_hmac_hkdf(const struct hash_method *method, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + const unsigned char *info, size_t info_len, + buffer_t *okm_r, size_t okm_len); + + static inline buffer_t * +-t_hmac_hkdf(const struct hash_method *method, ++openssl_t_hmac_hkdf(const struct hash_method *method, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + const unsigned char *info, size_t info_len, + size_t okm_len) + { + buffer_t *okm_buffer = t_buffer_create(okm_len); +- hmac_hkdf(method, salt, salt_len, ikm, ikm_len, info, info_len, ++ openssl_hmac_hkdf(method, salt, salt_len, ikm, ikm_len, info, info_len, + okm_buffer, okm_len); + return okm_buffer; + } +diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c +--- dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 18:44:06.948142396 +0100 +@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha + const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN], + size_t *token_len_r) + { +- struct hmac_context hmac; ++ struct openssl_hmac_context hmac; + unsigned char *token; + + token = t_new(unsigned char, SHA1_RESULTLEN + 1); + token[0] = IMAP_URLAUTH_MECH_INTERNAL_VERSION; + +- hmac_init(&hmac, mailbox_key, IMAP_URLAUTH_KEY_LEN, &hash_method_sha1); +- hmac_update(&hmac, rumpurl, strlen(rumpurl)); +- hmac_final(&hmac, token+1); ++ openssl_hmac_init(&hmac, mailbox_key, IMAP_URLAUTH_KEY_LEN, &hash_method_sha1); ++ openssl_hmac_update(&hmac, rumpurl, strlen(rumpurl)); ++ openssl_hmac_final(&hmac, token+1); + + *token_len_r = SHA1_RESULTLEN + 1; + return token; +diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/Makefile.am +--- dovecot-2.3.13/src/lib/Makefile.am.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/lib/Makefile.am 2021-03-22 18:44:06.948142396 +0100 +@@ -352,6 +352,9 @@ headers = \ + wildcard-match.h \ + write-full.h + ++liblib_la_LIBADD = $(SSL_LIBS) ++liblib_la_CFLAGS = $(SSL_CFLAGS) ++ + test_programs = test-lib + noinst_PROGRAMS = $(test_programs) + +diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c +--- dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-22 18:46:42.645100171 +0100 ++++ dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c 2021-03-22 18:46:42.657100014 +0100 +@@ -96,14 +96,14 @@ static int oauth2_validate_hmac(const st + const buffer_t *key; + if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0) + return -1; +- struct hmac_context ctx; +- hmac_init(&ctx, key->data, key->used, method); +- hmac_update(&ctx, blobs[0], strlen(blobs[0])); +- hmac_update(&ctx, ".", 1); +- hmac_update(&ctx, blobs[1], strlen(blobs[1])); ++ struct openssl_hmac_context ctx; ++ openssl_hmac_init(&ctx, key->data, key->used, method); ++ openssl_hmac_update(&ctx, blobs[0], strlen(blobs[0])); ++ openssl_hmac_update(&ctx, ".", 1); ++ openssl_hmac_update(&ctx, blobs[1], strlen(blobs[1])); + unsigned char digest[method->digest_size]; + +- hmac_final(&ctx, digest); ++ openssl_hmac_final(&ctx, digest); + + buffer_t *their_digest = + t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]); +diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c +--- dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 18:44:06.948142396 +0100 +@@ -219,7 +219,7 @@ static void save_key_to(const char *algo + static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key) + { + i_assert(key != NULL); +- buffer_t *sig = t_hmac_buffer(&hash_method_sha256, key->data, key->used, ++ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha256, key->data, key->used, + tokenbuf); + buffer_append(tokenbuf, ".", 1); + base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, +diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5.c +--- dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/lib/pkcs5.c 2021-03-22 18:44:06.948142396 +0100 +@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho + size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */ + unsigned char dk[l * hash->digest_size]; + unsigned char *block; +- struct hmac_context hctx; ++ struct openssl_hmac_context hctx; + unsigned int c,i,t; + unsigned char U_c[hash->digest_size]; + +@@ -60,17 +60,17 @@ int pkcs5_pbkdf2(const struct hash_metho + block = &(dk[t*hash->digest_size]); + /* U_1 = PRF(Password, Salt|| INT_BE32(Block_Number)) */ + c = htonl(t+1); +- hmac_init(&hctx, password, password_len, hash); +- hmac_update(&hctx, salt, salt_len); +- hmac_update(&hctx, &c, sizeof(c)); +- hmac_final(&hctx, U_c); ++ openssl_hmac_init(&hctx, password, password_len, hash); ++ openssl_hmac_update(&hctx, salt, salt_len); ++ openssl_hmac_update(&hctx, &c, sizeof(c)); ++ openssl_hmac_final(&hctx, U_c); + /* block = U_1 ^ .. ^ U_iter */ + memcpy(block, U_c, hash->digest_size); + /* U_c = PRF(Password, U_c-1) */ + for(c = 1; c < iter; c++) { +- hmac_init(&hctx, password, password_len, hash); +- hmac_update(&hctx, U_c, hash->digest_size); +- hmac_final(&hctx, U_c); ++ openssl_hmac_init(&hctx, password, password_len, hash); ++ openssl_hmac_update(&hctx, U_c, hash->digest_size); ++ openssl_hmac_final(&hctx, U_c); + for(i = 0; i < hash->digest_size; i++) + block[i] ^= U_c[i]; + } +diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/test-hmac.c +--- dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 ++++ dovecot-2.3.13/src/lib/test-hmac.c 2021-03-22 18:44:06.948142396 +0100 +@@ -112,11 +112,11 @@ static void test_hmac_rfc(void) + test_begin("hmac sha256 rfc4231 vectors"); + for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) { + const struct test_vector *vec = &(test_vectors[i]); +- struct hmac_context ctx; +- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); +- hmac_update(&ctx, vec->data, vec->data_len); ++ struct openssl_hmac_context ctx; ++ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); ++ openssl_hmac_update(&ctx, vec->data, vec->data_len); + unsigned char res[SHA256_RESULTLEN]; +- hmac_final(&ctx, res); ++ openssl_hmac_final(&ctx, res); + test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i); + } + test_end(); +@@ -129,7 +129,7 @@ static void test_hmac_buffer(void) + + buffer_t *tmp; + +- tmp = t_hmac_data(hash_method_lookup(vec->prf), vec->key, vec->key_len, ++ tmp = openssl_t_hmac_data(hash_method_lookup(vec->prf), vec->key, vec->key_len, + vec->data, vec->data_len); + + test_assert(tmp->used == vec->res_len && +@@ -146,7 +146,7 @@ static void test_hkdf_rfc(void) + buffer_set_used_size(res, 0); + const struct test_vector_5869 *vec = &(test_vectors_5869[i]); + const struct hash_method *m = hash_method_lookup(vec->prf); +- hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm, vec->ikm_len, ++ openssl_hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm, vec->ikm_len, + vec->info, vec->info_len, res, vec->okm_len); + test_assert_idx(memcmp(res->data, vec->okm, vec->okm_len) == 0, i); + } +@@ -159,7 +159,7 @@ static void test_hkdf_buffer(void) + test_begin("hkdf temporary buffer"); + const struct test_vector_5869 *vec = &(test_vectors_5869[0]); + const struct hash_method *m = hash_method_lookup(vec->prf); +- buffer_t *tmp = t_hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm, ++ buffer_t *tmp = openssl_t_hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm, + vec->ikm_len, vec->info, vec->info_len, + vec->okm_len); + test_assert(tmp->used == vec->okm_len && diff --git a/dovecot.spec b/dovecot.spec index 6ee95b3..7e769e6 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -35,6 +35,11 @@ Patch10: dovecot-2.3.0.1-libxcrypt.patch Patch15: dovecot-2.3.11-bigkey.patch Patch16: dovecot-2.3.13-bigtvsec.patch +# do not use own implementation of HMAC, use OpenSSL for certification purposes +# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces +# hard to break circular dependency between lib and lib-dcrypt +Patch17: dovecot-2.3.6-opensslhmac.patch + Source15: prestartscript BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -121,12 +126,9 @@ This package provides the development files for dovecot. %patch6 -p1 -b .waitonline %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem -#%patch10 -p1 -b .libxcrypt -#patch12 -p1 -b .ftbfs1 -#patch13 -p1 -b .ftbfs2 -#patch14 -p1 -b .gssapi %patch15 -p1 -b .bigkey %patch16 -p1 -b .bigtvsec +%patch17 -p1 -b .opensslhmac #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd From 25d565523c37b64b947072151fa5afb928444d55 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 22 Mar 2021 21:06:01 +0100 Subject: [PATCH 069/146] dovecot updated to 2.3.14, pigeonhole to 0.5.14 use OpenSSL's implementation of HMAC Remove autocreate, expire, snarf and mail-filter plugins. Remove cydir storage driver. Remove XZ/LZMA write support. Read support will be removed in future release. --- dovecot-2.2.20-initbysystemd.patch | 2 +- dovecot-2.3.13-bigtvsec.patch | 36 ------- dovecot-2.3.6-opensslhmac.patch | 168 +++++++++++++++++++---------- dovecot.spec | 21 ++-- sources | 4 +- 5 files changed, 125 insertions(+), 106 deletions(-) delete mode 100644 dovecot-2.3.13-bigtvsec.patch diff --git a/dovecot-2.2.20-initbysystemd.patch b/dovecot-2.2.20-initbysystemd.patch index 7e3d94c..85327ee 100644 --- a/dovecot-2.2.20-initbysystemd.patch +++ b/dovecot-2.2.20-initbysystemd.patch @@ -21,7 +21,7 @@ diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/doveco @@ -8,7 +8,8 @@ Description=Dovecot IMAP/POP3 email server Documentation=man:dovecot(1) - Documentation=http://wiki2.dovecot.org/ + Documentation=https://doc.dovecot.org/ -After=local-fs.target network-online.target +After=local-fs.target network-online.target dovecot-init.service +Requires=dovecot-init.service diff --git a/dovecot-2.3.13-bigtvsec.patch b/dovecot-2.3.13-bigtvsec.patch deleted file mode 100644 index 3bd7ce6..0000000 --- a/dovecot-2.3.13-bigtvsec.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec dovecot-2.3.13/src/lib/test-time-util.c ---- dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec 2021-01-06 11:27:06.793315308 +0100 -+++ dovecot-2.3.13/src/lib/test-time-util.c 2021-01-06 11:27:06.815315088 +0100 -@@ -358,7 +358,7 @@ static void test_str_to_timeval(void) - { - struct { - const char *str; -- unsigned int tv_sec, tv_usec; -+ long int tv_sec, tv_usec; - } tests[] = { - { "0", 0, 0 }, - { "0.0", 0, 0 }, -diff -up dovecot-2.3.13/src/lib/time-util.c.bigtvsec dovecot-2.3.13/src/lib/time-util.c ---- dovecot-2.3.13/src/lib/time-util.c.bigtvsec 2021-01-06 11:10:49.791094852 +0100 -+++ dovecot-2.3.13/src/lib/time-util.c 2021-01-06 11:10:08.255501319 +0100 -@@ -43,16 +43,16 @@ int timeval_cmp_margin(const struct time - - if (tv1->tv_sec < tv2->tv_sec) { - sec_margin = ((int)usec_margin / 1000000) + 1; -- if ((tv2->tv_sec - tv1->tv_sec) > sec_margin) -+ if (((long long)tv2->tv_sec - tv1->tv_sec) > sec_margin) - return -1; -- usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL + -+ usecs_diff = ((long long)tv2->tv_sec - tv1->tv_sec) * 1000000LL + - (tv2->tv_usec - tv1->tv_usec); - ret = -1; - } else if (tv1->tv_sec > tv2->tv_sec) { - sec_margin = ((int)usec_margin / 1000000) + 1; -- if ((tv1->tv_sec - tv2->tv_sec) > sec_margin) -+ if (((long long)tv1->tv_sec - tv2->tv_sec) > sec_margin) - return 1; -- usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL + -+ usecs_diff = ((long long)tv1->tv_sec - tv2->tv_sec) * 1000000LL + - (tv1->tv_usec - tv2->tv_usec); - ret = 1; - } else if (tv1->tv_usec < tv2->tv_usec) { diff --git a/dovecot-2.3.6-opensslhmac.patch b/dovecot-2.3.6-opensslhmac.patch index a95202e..ba6453b 100644 --- a/dovecot-2.3.6-opensslhmac.patch +++ b/dovecot-2.3.6-opensslhmac.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/auth/auth-token.c ---- dovecot-2.3.13/src/auth/auth-token.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/auth-token.c 2021-03-22 18:44:06.946142422 +0100 +diff -up dovecot-2.3.14/src/auth/auth-token.c.opensslhmac dovecot-2.3.14/src/auth/auth-token.c +--- dovecot-2.3.14/src/auth/auth-token.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/auth-token.c 2021-03-22 20:44:13.022912242 +0100 @@ -161,17 +161,17 @@ void auth_token_deinit(void) const char *auth_token_get(const char *service, const char *session_pid, const char *username, const char *session_id) @@ -26,9 +26,9 @@ diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/aut return binary_to_hex(result, sizeof(result)); } -diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/auth/mech-cram-md5.c ---- dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/mech-cram-md5.c 2021-03-22 18:44:06.946142422 +0100 +diff -up dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.14/src/auth/mech-cram-md5.c +--- dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/mech-cram-md5.c 2021-03-22 20:44:13.022912242 +0100 @@ -51,7 +51,7 @@ static bool verify_credentials(struct cr { @@ -52,9 +52,9 @@ diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/ response_hex = binary_to_hex(digest, sizeof(digest)); -diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/auth/mech-scram.c ---- dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/mech-scram.c 2021-03-22 18:44:06.946142422 +0100 +diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/auth/mech-scram.c +--- dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/mech-scram.c 2021-03-22 20:44:13.022912242 +0100 @@ -78,7 +78,7 @@ static const char *get_scram_server_firs static const char *get_scram_server_final(struct scram_auth_request *request) { @@ -99,9 +99,9 @@ diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/aut const unsigned char *proof_data = request->proof->data; for (i = 0; i < sizeof(client_signature); i++) -diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme.c ---- dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/password-scheme.c 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme.c +--- dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/password-scheme.c 2021-03-22 20:44:13.022912242 +0100 @@ -639,11 +639,11 @@ static void cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) @@ -116,9 +116,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/sr strlen(plaintext), &hash_method_md5); hmac_md5_get_cram_context(&ctx, context_digest); -diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme-scram.c ---- dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/password-scheme-scram.c 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme-scram.c +--- dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/password-scheme-scram.c 2021-03-22 20:44:13.023912229 +0100 @@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co const unsigned char *salt, size_t salt_size, unsigned int i, unsigned char *result) @@ -208,9 +208,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3 str_append_c(str, ','); base64_encode(server_key, sizeof(server_key), str); -diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c ---- dovecot-2.3.13/src/lib/hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/hmac.c 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/lib/hmac.c.opensslhmac dovecot-2.3.14/src/lib/hmac.c +--- dovecot-2.3.14/src/lib/hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/hmac.c 2021-03-22 20:44:13.023912229 +0100 @@ -7,6 +7,10 @@ * This software is released under the MIT license. */ @@ -287,11 +287,11 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c + } + i_assert(no_fips); + struct orig_hmac_context_priv *ctx = &_ctx->u.priv; - int i; - unsigned char k_ipad[64]; - unsigned char k_opad[64]; + unsigned int i; + unsigned char k_ipad[meth->block_size]; + unsigned char k_opad[meth->block_size]; @@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx - safe_memset(k_opad, 0, 64); + safe_memset(k_opad, 0, meth->block_size); } -void hmac_final(struct hmac_context *_ctx, unsigned char *digest) @@ -448,9 +448,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c - safe_memset(prk, 0, sizeof(prk)); - safe_memset(okm, 0, sizeof(okm)); } -diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.c ---- dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/hmac-cram-md5.c 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.c +--- dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/hmac-cram-md5.c 2021-03-22 20:44:13.023912229 +0100 @@ -9,10 +9,10 @@ #include "md5.h" #include "hmac-cram-md5.h" @@ -477,9 +477,9 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/l const unsigned char *cdp; struct md5_context *ctx = (void*)hmac_ctx->ctx; -diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.h ---- dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/hmac-cram-md5.h 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.h +--- dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/hmac-cram-md5.h 2021-03-22 20:44:13.023912229 +0100 @@ -5,9 +5,9 @@ #define CRAM_MD5_CONTEXTLEN 32 @@ -492,19 +492,19 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/l const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]); -diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h ---- dovecot-2.3.13/src/lib/hmac.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/hmac.h 2021-03-22 18:44:06.947142409 +0100 -@@ -3,60 +3,97 @@ - +diff -up dovecot-2.3.14/src/lib/hmac.h.opensslhmac dovecot-2.3.14/src/lib/hmac.h +--- dovecot-2.3.14/src/lib/hmac.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/hmac.h 2021-03-22 20:44:13.023912229 +0100 +@@ -4,60 +4,97 @@ #include "hash-method.h" #include "sha1.h" + #include "sha2.h" +#include +#include +#include +#include - #define HMAC_MAX_CONTEXT_SIZE 256 + #define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx) -struct hmac_context_priv { +struct openssl_hmac_context_priv { @@ -606,9 +606,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h okm_buffer, okm_len); return okm_buffer; } -diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c ---- dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 18:44:06.948142396 +0100 +diff -up dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c +--- dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 20:44:13.023912229 +0100 @@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN], size_t *token_len_r) @@ -629,9 +629,9 @@ diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot- *token_len_r = SHA1_RESULTLEN + 1; return token; -diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/Makefile.am ---- dovecot-2.3.13/src/lib/Makefile.am.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/Makefile.am 2021-03-22 18:44:06.948142396 +0100 +diff -up dovecot-2.3.14/src/lib/Makefile.am.opensslhmac dovecot-2.3.14/src/lib/Makefile.am +--- dovecot-2.3.14/src/lib/Makefile.am.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/Makefile.am 2021-03-22 20:44:13.023912229 +0100 @@ -352,6 +352,9 @@ headers = \ wildcard-match.h \ write-full.h @@ -642,13 +642,13 @@ diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/M test_programs = test-lib noinst_PROGRAMS = $(test_programs) -diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c ---- dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-22 18:46:42.645100171 +0100 -+++ dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c 2021-03-22 18:46:42.657100014 +0100 -@@ -96,14 +96,14 @@ static int oauth2_validate_hmac(const st - const buffer_t *key; +diff -up dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c +--- dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c 2021-03-22 20:44:13.024912217 +0100 +@@ -106,14 +106,14 @@ oauth2_validate_hmac(const struct oauth2 if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0) return -1; + - struct hmac_context ctx; - hmac_init(&ctx, key->data, key->used, method); - hmac_update(&ctx, blobs[0], strlen(blobs[0])); @@ -666,10 +666,10 @@ diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/s buffer_t *their_digest = t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]); -diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c ---- dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 18:44:06.948142396 +0100 -@@ -219,7 +219,7 @@ static void save_key_to(const char *algo +diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c +--- dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 20:46:09.524440794 +0100 +@@ -236,7 +236,7 @@ static void save_key_to(const char *algo static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key) { i_assert(key != NULL); @@ -678,9 +678,27 @@ diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3 tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5.c ---- dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/pkcs5.c 2021-03-22 18:44:06.948142396 +0100 +@@ -246,7 +246,7 @@ static void sign_jwt_token_hs256(buffer_ + static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key) + { + i_assert(key != NULL); +- buffer_t *sig = t_hmac_buffer(&hash_method_sha384, key->data, key->used, ++ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha384, key->data, key->used, + tokenbuf); + buffer_append(tokenbuf, ".", 1); + base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, +@@ -256,7 +256,7 @@ static void sign_jwt_token_hs384(buffer_ + static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key) + { + i_assert(key != NULL); +- buffer_t *sig = t_hmac_buffer(&hash_method_sha512, key->data, key->used, ++ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha512, key->data, key->used, + tokenbuf); + buffer_append(tokenbuf, ".", 1); + base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, +diff -up dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac dovecot-2.3.14/src/lib/pkcs5.c +--- dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/pkcs5.c 2021-03-22 20:44:13.024912217 +0100 @@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */ unsigned char dk[l * hash->digest_size]; @@ -715,10 +733,10 @@ diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5 for(i = 0; i < hash->digest_size; i++) block[i] ^= U_c[i]; } -diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/test-hmac.c ---- dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/test-hmac.c 2021-03-22 18:44:06.948142396 +0100 -@@ -112,11 +112,11 @@ static void test_hmac_rfc(void) +diff -up dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac dovecot-2.3.14/src/lib/test-hmac.c +--- dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/test-hmac.c 2021-03-22 20:44:13.024912217 +0100 +@@ -206,11 +206,11 @@ static void test_hmac_rfc(void) test_begin("hmac sha256 rfc4231 vectors"); for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) { const struct test_vector *vec = &(test_vectors[i]); @@ -734,7 +752,39 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i); } test_end(); -@@ -129,7 +129,7 @@ static void test_hmac_buffer(void) +@@ -221,11 +221,11 @@ static void test_hmac384_rfc(void) + test_begin("hmac sha384 rfc4231 vectors"); + for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac384); i++) { + const struct test_vector *vec = &(test_vectors_hmac384[i]); +- struct hmac_context ctx; +- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); +- hmac_update(&ctx, vec->data, vec->data_len); ++ struct openssl_hmac_context ctx; ++ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); ++ openssl_hmac_update(&ctx, vec->data, vec->data_len); + unsigned char res[SHA384_RESULTLEN]; +- hmac_final(&ctx, res); ++ openssl_hmac_final(&ctx, res); + test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i); + } + test_end(); +@@ -236,11 +236,11 @@ static void test_hmac512_rfc(void) + test_begin("hmac sha512 rfc4231 vectors"); + for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac512); i++) { + const struct test_vector *vec = &(test_vectors_hmac512[i]); +- struct hmac_context ctx; +- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); +- hmac_update(&ctx, vec->data, vec->data_len); ++ struct openssl_hmac_context ctx; ++ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); ++ openssl_hmac_update(&ctx, vec->data, vec->data_len); + unsigned char res[SHA512_RESULTLEN]; +- hmac_final(&ctx, res); ++ openssl_hmac_final(&ctx, res); + test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i); + } + test_end(); +@@ -253,7 +253,7 @@ static void test_hmac_buffer(void) buffer_t *tmp; @@ -743,7 +793,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t vec->data, vec->data_len); test_assert(tmp->used == vec->res_len && -@@ -146,7 +146,7 @@ static void test_hkdf_rfc(void) +@@ -270,7 +270,7 @@ static void test_hkdf_rfc(void) buffer_set_used_size(res, 0); const struct test_vector_5869 *vec = &(test_vectors_5869[i]); const struct hash_method *m = hash_method_lookup(vec->prf); @@ -752,7 +802,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t vec->info, vec->info_len, res, vec->okm_len); test_assert_idx(memcmp(res->data, vec->okm, vec->okm_len) == 0, i); } -@@ -159,7 +159,7 @@ static void test_hkdf_buffer(void) +@@ -283,7 +283,7 @@ static void test_hkdf_buffer(void) test_begin("hkdf temporary buffer"); const struct test_vector_5869 *vec = &(test_vectors_5869[0]); const struct hash_method *m = hash_method_lookup(vec->prf); diff --git a/dovecot.spec b/dovecot.spec index 7e769e6..aba275c 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.13 +Version: 2.3.14 %global prever %{nil} -Release: 7%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.13 +%global pigeonholever 0.5.14 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -33,12 +33,11 @@ Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch Patch15: dovecot-2.3.11-bigkey.patch -Patch16: dovecot-2.3.13-bigtvsec.patch # do not use own implementation of HMAC, use OpenSSL for certification purposes # not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces # hard to break circular dependency between lib and lib-dcrypt -Patch17: dovecot-2.3.6-opensslhmac.patch +Patch16: dovecot-2.3.6-opensslhmac.patch Source15: prestartscript @@ -127,8 +126,7 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem %patch15 -p1 -b .bigkey -%patch16 -p1 -b .bigtvsec -%patch17 -p1 -b .opensslhmac +%patch16 -p1 -b .opensslhmac #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -333,6 +331,7 @@ make check %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-logging.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-mail.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-master.conf +%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-metrics.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-ssl.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-lda.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-mailboxes.conf @@ -352,7 +351,6 @@ make check %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext - %config(noreplace) %{_sysconfdir}/pam.d/dovecot %config(noreplace) %{ssldir}/dovecot-openssl.cnf @@ -454,6 +452,13 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Mar 22 2021 Michal Hlavinka - 1:2.3.14-1 +- dovecot updated to 2.3.14, pigeonhole to 0.5.14 +- use OpenSSL's implementation of HMAC +- Remove autocreate, expire, snarf and mail-filter plugins. +- Remove cydir storage driver. +- Remove XZ/LZMA write support. Read support will be removed in future release. + * Mon Feb 08 2021 Pavel Raiskup - 1:2.3.13-7 - rebuild for libpq ABI fix rhbz#1908268 diff --git a/sources b/sources index a3e1632..a7b5e63 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.13.tar.gz) = 758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95 -SHA512 (dovecot-2.3-pigeonhole-0.5.13.tar.gz) = fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3 +SHA512 (dovecot-2.3.14.tar.gz) = 69df234cb739c7ee7ae3acfb9756bc22481e94c95463d32bfac315c7ec4b1ba0dfbff552b769f2ab7ee554087ca2ebbe331aa008d3af26417016612dc7cad103 +SHA512 (dovecot-2.3-pigeonhole-0.5.14.tar.gz) = c5d5d309769eabe2c0971646d0c14d166b6b524acf59e1069eca803f764544fa2535c09c9a630ca706aa70442b688ee26af831d29e674823bac7ea7c0e1f33cc From 4345d3c47bcb2687e1a46cbb793d71939a477610 Mon Sep 17 00:00:00 2001 From: Jeff Law Date: Mon, 10 May 2021 12:08:39 -0600 Subject: [PATCH 070/146] Re-enable LTO --- dovecot.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index aba275c..5c8751a 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.14 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -133,9 +133,6 @@ This package provides the development files for dovecot. sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in %build -# This package references hidden symbols during an LTO link. This needs further -# investigation. Until then, disable LTO -%define _lto_cflags %{nil} #required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules %global _hardened_build 1 export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none" @@ -452,6 +449,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon May 10 2021 Jeff Law - 1:2.3.14-2 +- Re-enable LTO + * Mon Mar 22 2021 Michal Hlavinka - 1:2.3.14-1 - dovecot updated to 2.3.14, pigeonhole to 0.5.14 - use OpenSSL's implementation of HMAC From ec859bf9de446e4e1d1d5b333871ab3bf662338d Mon Sep 17 00:00:00 2001 From: Pete Walter Date: Wed, 19 May 2021 16:45:17 +0100 Subject: [PATCH 071/146] Rebuild for ICU 69 --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 5c8751a..5b72de5 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.14 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -449,6 +449,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed May 19 2021 Pete Walter - 1:2.3.14-3 +- Rebuild for ICU 69 + * Mon May 10 2021 Jeff Law - 1:2.3.14-2 - Re-enable LTO From 9e2964f1dde7dee5a366c7e0d0cd3431dd9a9b14 Mon Sep 17 00:00:00 2001 From: Pete Walter Date: Thu, 20 May 2021 00:58:00 +0100 Subject: [PATCH 072/146] Rebuild for ICU 69 --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 5b72de5..6c24c47 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.3.14 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -449,6 +449,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed May 19 2021 Pete Walter - 1:2.3.14-4 +- Rebuild for ICU 69 + * Wed May 19 2021 Pete Walter - 1:2.3.14-3 - Rebuild for ICU 69 From f838a05fb90576dd53b8339860d7bea120a83778 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 21 Jun 2021 23:25:54 +0200 Subject: [PATCH 073/146] dovecot updated to 2.3.15, pigeonhole updated to 0.5.15 CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Add TSLv1.3 support to min_protocols. Allow configuring ssl_cipher_suites. (for TLSv1.3+) --- dovecot-2.1.10-waitonline.patch | 12 +++++----- dovecot-2.2.20-initbysystemd.patch | 35 +++++++++++++++++------------- dovecot-2.3.11-bigkey.patch | 8 +++---- dovecot-2.3.15-fixvalcond.patch | 24 ++++++++++++++++++++ dovecot-2.3.15-valbasherr.patch | 20 +++++++++++++++++ dovecot.spec | 24 +++++++++++++++++--- sources | 4 ++-- 7 files changed, 97 insertions(+), 30 deletions(-) create mode 100644 dovecot-2.3.15-fixvalcond.patch create mode 100644 dovecot-2.3.15-valbasherr.patch diff --git a/dovecot-2.1.10-waitonline.patch b/dovecot-2.1.10-waitonline.patch index 2b1cd42..af3ce19 100644 --- a/dovecot-2.1.10-waitonline.patch +++ b/dovecot-2.1.10-waitonline.patch @@ -1,11 +1,11 @@ -diff -up dovecot-2.3.0.1/dovecot.service.in.waitonline dovecot-2.3.0.1/dovecot.service.in ---- dovecot-2.3.0.1/dovecot.service.in.waitonline 2018-03-01 10:35:39.888371078 +0100 -+++ dovecot-2.3.0.1/dovecot.service.in 2018-03-01 10:36:29.738784661 +0100 -@@ -12,6 +12,7 @@ After=local-fs.target network-online.tar +diff -up dovecot-2.3.15/dovecot.service.in.waitonline dovecot-2.3.15/dovecot.service.in +--- dovecot-2.3.15/dovecot.service.in.waitonline 2021-06-21 20:19:19.560494654 +0200 ++++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:21:17.443066248 +0200 +@@ -15,6 +15,7 @@ After=local-fs.target network-online.tar [Service] - Type=simple + Type=@systemdservicetype@ +ExecStartPre=/usr/libexec/dovecot/prestartscript ExecStart=@sbindir@/dovecot -F - PIDFile=@rundir@/master.pid ExecReload=@bindir@/doveadm reload + ExecStop=@bindir@/doveadm stop diff --git a/dovecot-2.2.20-initbysystemd.patch b/dovecot-2.2.20-initbysystemd.patch index 85327ee..313e26b 100644 --- a/dovecot-2.2.20-initbysystemd.patch +++ b/dovecot-2.2.20-initbysystemd.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dovecot-init.service ---- dovecot-2.3.0.1/dovecot-init.service.initbysystemd 2018-03-01 10:38:22.059716008 +0100 -+++ dovecot-2.3.0.1/dovecot-init.service 2018-03-01 10:38:22.059716008 +0100 +diff -up dovecot-2.3.15/dovecot-init.service.initbysystemd dovecot-2.3.15/dovecot-init.service +--- dovecot-2.3.15/dovecot-init.service.initbysystemd 2021-06-21 20:21:49.250680889 +0200 ++++ dovecot-2.3.15/dovecot-init.service 2021-06-21 20:21:49.250680889 +0200 @@ -0,0 +1,13 @@ +[Unit] +Description=One-time Dovecot init service @@ -15,10 +15,10 @@ diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dove + SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\ +fi' + -diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in ---- dovecot-2.3.0.1/dovecot.service.in.initbysystemd 2018-03-01 10:38:22.060716016 +0100 -+++ dovecot-2.3.0.1/dovecot.service.in 2018-03-01 10:40:45.524901319 +0100 -@@ -8,7 +8,8 @@ +diff -up dovecot-2.3.15/dovecot.service.in.initbysystemd dovecot-2.3.15/dovecot.service.in +--- dovecot-2.3.15/dovecot.service.in.initbysystemd 2021-06-21 20:21:49.250680889 +0200 ++++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:22:46.935981920 +0200 +@@ -11,7 +11,8 @@ Description=Dovecot IMAP/POP3 email server Documentation=man:dovecot(1) Documentation=https://doc.dovecot.org/ @@ -27,20 +27,25 @@ diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/doveco +Requires=dovecot-init.service [Service] - Type=simple -diff -up dovecot-2.3.0.1/Makefile.am.initbysystemd dovecot-2.3.0.1/Makefile.am ---- dovecot-2.3.0.1/Makefile.am.initbysystemd 2018-02-28 15:28:57.000000000 +0100 -+++ dovecot-2.3.0.1/Makefile.am 2018-03-01 10:38:22.060716016 +0100 -@@ -63,9 +63,10 @@ if HAVE_SYSTEMD + Type=@systemdservicetype@ +diff -up dovecot-2.3.15/Makefile.am.initbysystemd dovecot-2.3.15/Makefile.am +--- dovecot-2.3.15/Makefile.am.initbysystemd 2021-06-21 20:21:49.250680889 +0200 ++++ dovecot-2.3.15/Makefile.am 2021-06-21 20:24:26.676765849 +0200 +@@ -21,6 +21,7 @@ EXTRA_DIST = \ + run-test-valgrind.supp \ + dovecot.service.in \ + dovecot.socket \ ++ dovecot-init.service \ + $(conf_DATA) + noinst_DATA = dovecot-config +@@ -69,7 +70,8 @@ dovecot-config: dovecot-config.in Makefi + if WANT_SYSTEMD systemdsystemunit_DATA = \ dovecot.socket \ - dovecot.service + dovecot.service \ + dovecot-init.service - else --EXTRA_DIST += dovecot.socket dovecot.service.in -+EXTRA_DIST += dovecot.socket dovecot.service.in dovecot-init.service endif install-exec-hook: diff --git a/dovecot-2.3.11-bigkey.patch b/dovecot-2.3.11-bigkey.patch index c5b23d9..dc81a33 100644 --- a/dovecot-2.3.11-bigkey.patch +++ b/dovecot-2.3.11-bigkey.patch @@ -1,9 +1,9 @@ -diff -up dovecot-2.2.36/doc/dovecot-openssl.cnf.bigkey dovecot-2.2.36/doc/dovecot-openssl.cnf ---- dovecot-2.2.36/doc/dovecot-openssl.cnf.bigkey 2017-06-23 13:18:28.000000000 +0200 -+++ dovecot-2.2.36/doc/dovecot-openssl.cnf 2018-10-16 17:15:35.836205498 +0200 +diff -up dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey dovecot-2.3.15/doc/dovecot-openssl.cnf +--- dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey 2021-06-21 20:24:51.913456628 +0200 ++++ dovecot-2.3.15/doc/dovecot-openssl.cnf 2021-06-21 20:25:36.352912123 +0200 @@ -1,5 +1,5 @@ [ req ] --default_bits = 1024 +-default_bits = 2048 +default_bits = 3072 encrypt_key = yes distinguished_name = req_dn diff --git a/dovecot-2.3.15-fixvalcond.patch b/dovecot-2.3.15-fixvalcond.patch new file mode 100644 index 0000000..6262271 --- /dev/null +++ b/dovecot-2.3.15-fixvalcond.patch @@ -0,0 +1,24 @@ +diff -up dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c +--- dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200 ++++ dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200 +@@ -109,7 +109,7 @@ static int sieve_dict_script_get_stream + { + struct sieve_dict_script *dscript = + (struct sieve_dict_script *)script; +- const char *path, *name = script->name, *data, *error; ++ const char *path, *name = script->name, *data, *error = NULL; + int ret; + + dscript->data_pool = +diff -up dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.15/src/lib-storage/index/index-attribute.c +--- dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond 2021-06-14 15:40:37.000000000 +0200 ++++ dovecot-2.3.15/src/lib-storage/index/index-attribute.c 2021-06-21 21:52:22.963171229 +0200 +@@ -249,7 +249,7 @@ int index_storage_attribute_get(struct m + struct mail_attribute_value *value_r) + { + struct dict *dict; +- const char *mailbox_prefix, *error; ++ const char *mailbox_prefix, *error = NULL; + int ret; + + i_zero(value_r); diff --git a/dovecot-2.3.15-valbasherr.patch b/dovecot-2.3.15-valbasherr.patch new file mode 100644 index 0000000..bbcb86f --- /dev/null +++ b/dovecot-2.3.15-valbasherr.patch @@ -0,0 +1,20 @@ +diff -up dovecot-2.3.15/run-test-valgrind.supp.valbasherr dovecot-2.3.15/run-test-valgrind.supp +--- dovecot-2.3.15/run-test-valgrind.supp.valbasherr 2021-06-21 22:52:53.272707239 +0200 ++++ dovecot-2.3.15/run-test-valgrind.supp 2021-06-21 22:54:19.786668430 +0200 +@@ -1,4 +1,16 @@ + { ++ ++ Memcheck:Leak ++ match-leak-kinds: definite ++ fun:malloc ++ fun:make_if_command ++ fun:yyparse ++ fun:parse_command ++ fun:read_command ++ fun:reader_loop ++ fun:main ++} ++{ + + Memcheck:Leak + fun:malloc diff --git a/dovecot.spec b/dovecot.spec index 6c24c47..77819bd 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.14 +Version: 2.3.15 %global prever %{nil} -Release: 4%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.14 +%global pigeonholever 0.5.15 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -38,6 +38,8 @@ Patch15: dovecot-2.3.11-bigkey.patch # not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces # hard to break circular dependency between lib and lib-dcrypt Patch16: dovecot-2.3.6-opensslhmac.patch +Patch17: dovecot-2.3.15-fixvalcond.patch +Patch18: dovecot-2.3.15-valbasherr.patch Source15: prestartscript @@ -127,6 +129,11 @@ This package provides the development files for dovecot. %patch9 -p1 -b .systemd_w_protectsystem %patch15 -p1 -b .bigkey %patch16 -p1 -b .opensslhmac +%patch17 -p1 -b .fixvalcond +%patch18 -p1 -b .valbasherr +cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ +# valgrind would fail with shell wrapper +echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -449,6 +456,17 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jun 21 2021 Michal Hlavinka - 1:2.3.15-1 +- dovecot updated to 2.3.15, pigeonhole updated to 0.5.15 +- CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in + JWT tokens. This may be used to supply attacker controlled keys to + validate tokens, if attacker has local access. +- CVE-2021-33515: On-path attacker could have injected plaintext commands + before STARTTLS negotiation that would be executed after STARTTLS + finished with the client. +- Add TSLv1.3 support to min_protocols. +- Allow configuring ssl_cipher_suites. (for TLSv1.3+) + * Wed May 19 2021 Pete Walter - 1:2.3.14-4 - Rebuild for ICU 69 diff --git a/sources b/sources index a7b5e63..93a735e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.14.tar.gz) = 69df234cb739c7ee7ae3acfb9756bc22481e94c95463d32bfac315c7ec4b1ba0dfbff552b769f2ab7ee554087ca2ebbe331aa008d3af26417016612dc7cad103 -SHA512 (dovecot-2.3-pigeonhole-0.5.14.tar.gz) = c5d5d309769eabe2c0971646d0c14d166b6b524acf59e1069eca803f764544fa2535c09c9a630ca706aa70442b688ee26af831d29e674823bac7ea7c0e1f33cc +SHA512 (dovecot-2.3.15.tar.gz) = 75bbdbeac663da109f78dba06c42bb5193e911c6b3c64f055fc4473ae9afaf0c8304c49fc7f06c5c6b61e67dd13dc21fbed6ff160a99f38f547c88ba05e6b03a +SHA512 (dovecot-2.3-pigeonhole-0.5.15.tar.gz) = 521070080802bf2a50cd0ff0af5dc991c04d70b807abc2cd9aa567444a4869f5f42800f19d9b740a519bd4069437139e70ca6ae4b905479fcec8faa133ac5f54 From 2e3cc75314f8112272746f5e4452a7d67eae36ce Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 23 Jun 2021 09:58:10 +0200 Subject: [PATCH 074/146] fix FTBFS --- dovecot.spec | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 77819bd..2cf361e 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -1,5 +1,10 @@ %global __provides_exclude_from %{_docdir} %global __requires_exclude_from %{_docdir} + +# FIXME: lto and annobin breaks build atm, retest after 2021-08 +%global _lto_cflags %nil +%undefine _annotated_build + Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 @@ -38,6 +43,8 @@ Patch15: dovecot-2.3.11-bigkey.patch # not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces # hard to break circular dependency between lib and lib-dcrypt Patch16: dovecot-2.3.6-opensslhmac.patch + +# FTBFS Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch @@ -62,6 +69,11 @@ BuildRequires: libicu-devel BuildRequires: libexttextcat-devel BuildRequires: libstemmer-devel BuildRequires: multilib-rpm-config +BuildRequires: flex, bison +BuildRequires: systemd-devel +%if %{?fedora}0 >= 35 +BuildRequires: glibc-gconv-extra +%endif # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -149,6 +161,7 @@ autoreconf -I . -fiv #required for aarch64 support %configure \ INSTALL_DATA="install -c -p -m644" \ --with-rundir=%{_rundir}/%{name} \ + --with-systemd \ --docdir=%{_docdir}/%{name} \ --disable-static \ --disable-rpath \ @@ -171,7 +184,6 @@ autoreconf -I . -fiv #required for aarch64 support --with-solr \ --with-systemdsystemunitdir=%{_unitdir} \ --with-docs - sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf %make_build From b920232ea61ed6d8a49be619a549d0b5973a308c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 23 Jun 2021 11:32:21 +0200 Subject: [PATCH 075/146] fix spec file condition --- dovecot.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 2cf361e..bfb1f47 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -71,7 +71,7 @@ BuildRequires: libstemmer-devel BuildRequires: multilib-rpm-config BuildRequires: flex, bison BuildRequires: systemd-devel -%if %{?fedora}0 >= 35 +%if %{?fedora}0 >= 350 BuildRequires: glibc-gconv-extra %endif From 4439c8a8338489cc888d790471f5621000b07406 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 21:05:11 +0000 Subject: [PATCH 076/146] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index bfb1f47..3f86e46 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -10,7 +10,7 @@ Name: dovecot Epoch: 1 Version: 2.3.15 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -468,6 +468,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jul 21 2021 Fedora Release Engineering - 1:2.3.15-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Mon Jun 21 2021 Michal Hlavinka - 1:2.3.15-1 - dovecot updated to 2.3.15, pigeonhole updated to 0.5.15 - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in From 5a2167681c759db4d023582af721b209760d7629 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 20 Aug 2021 21:40:35 +0200 Subject: [PATCH 077/146] dovecot updated to 2.3.16, pigeonhole to 0.5.16 fixes several regressions --- dovecot-2.3.15-fixvalcond.patch | 4 ++-- dovecot.spec | 10 +++++++--- sources | 4 ++-- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/dovecot-2.3.15-fixvalcond.patch b/dovecot-2.3.15-fixvalcond.patch index 6262271..82bdafc 100644 --- a/dovecot-2.3.15-fixvalcond.patch +++ b/dovecot-2.3.15-fixvalcond.patch @@ -1,6 +1,6 @@ diff -up dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c ---- dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200 -+++ dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200 +--- dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.16/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200 ++++ dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.16/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200 @@ -109,7 +109,7 @@ static int sieve_dict_script_get_stream { struct sieve_dict_script *dscript = diff --git a/dovecot.spec b/dovecot.spec index 3f86e46..4bb5efb 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -8,9 +8,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.15 +Version: 2.3.16 %global prever %{nil} -Release: 2%{?dist} +Release: %{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -18,7 +18,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.15 +%global pigeonholever 0.5.16 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -468,6 +468,10 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Fri Aug 20 2021 Michal Hlavinka - 1:2.3.16-1 +- dovecot updated to 2.3.16, pigeonhole to 0.5.16 +- fixes several regressions + * Wed Jul 21 2021 Fedora Release Engineering - 1:2.3.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild diff --git a/sources b/sources index 93a735e..da08013 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.15.tar.gz) = 75bbdbeac663da109f78dba06c42bb5193e911c6b3c64f055fc4473ae9afaf0c8304c49fc7f06c5c6b61e67dd13dc21fbed6ff160a99f38f547c88ba05e6b03a -SHA512 (dovecot-2.3-pigeonhole-0.5.15.tar.gz) = 521070080802bf2a50cd0ff0af5dc991c04d70b807abc2cd9aa567444a4869f5f42800f19d9b740a519bd4069437139e70ca6ae4b905479fcec8faa133ac5f54 +SHA512 (dovecot-2.3-pigeonhole-0.5.16.tar.gz) = 880e00654eab85cc41b27ac470cce6011991e3cdb005642f495c2297fd9492bfb2b6b4ef63c88c2ac10bec870ad69b8bee6b11dd1bc5099e16c3cc2857312543 +SHA512 (dovecot-2.3.16.tar.gz) = 31a9d352c7ead466d65ee0535b1fbd9138e35235f1ebfeedc4eef54cba450663c59708d162eaf0712af1c40f23526ac86aab2eece8cefde3edf690127472fd1e From 76cf16c36f731857e1f57af5ec1742c7b03afe64 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 20 Aug 2021 21:41:35 +0200 Subject: [PATCH 078/146] fix release number --- dovecot.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 4bb5efb..443cf56 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -10,7 +10,7 @@ Name: dovecot Epoch: 1 Version: 2.3.16 %global prever %{nil} -Release: %{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 From 98b241328a0617ad8c08947ce56cd4fa81546ce9 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 20 Aug 2021 22:12:05 +0200 Subject: [PATCH 079/146] fix ftbfs for s390x --- dovecot-2.3.16-ftbfsbigend.patch | 53 ++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 dovecot-2.3.16-ftbfsbigend.patch diff --git a/dovecot-2.3.16-ftbfsbigend.patch b/dovecot-2.3.16-ftbfsbigend.patch new file mode 100644 index 0000000..762503b --- /dev/null +++ b/dovecot-2.3.16-ftbfsbigend.patch @@ -0,0 +1,53 @@ +commit ec4595097067a736717ef202fe8542b1b4bc2dd5 +Author: Timo Sirainen +Date: Tue Aug 10 12:22:08 2021 +0300 + + lib-index: Fix storing cache fields' last_used with 64bit big endian CPUs + +diff --git a/src/lib-index/mail-cache-fields.c b/src/lib-index/mail-cache-fields.c +index e929fb559d..429e0d234c 100644 +--- a/src/lib-index/mail-cache-fields.c ++++ b/src/lib-index/mail-cache-fields.c +@@ -524,6 +524,19 @@ static void copy_to_buf_byte(struct mail_cache *cache, buffer_t *dest, + } + } + ++static void ++copy_to_buf_last_used(struct mail_cache *cache, buffer_t *dest, bool add_new) ++{ ++ size_t offset = offsetof(struct mail_cache_field, last_used); ++#if defined(WORDS_BIGENDIAN) && SIZEOF_VOID_P == 8 ++ /* 64bit time_t with big endian CPUs: copy the last 32 bits instead of ++ the first 32 bits (that are always 0). The 32 bits are enough until ++ year 2106, so we're not in a hurry to use 64 bits on disk. */ ++ offset += sizeof(uint32_t); ++#endif ++ copy_to_buf(cache, dest, add_new, offset, sizeof(uint32_t)); ++} ++ + static int mail_cache_header_fields_update_locked(struct mail_cache *cache) + { + buffer_t *buffer; +@@ -536,9 +549,7 @@ static int mail_cache_header_fields_update_locked(struct mail_cache *cache) + + buffer = t_buffer_create(256); + +- copy_to_buf(cache, buffer, FALSE, +- offsetof(struct mail_cache_field, last_used), +- sizeof(uint32_t)); ++ copy_to_buf_last_used(cache, buffer, FALSE); + ret = mail_cache_write(cache, buffer->data, buffer->used, + offset + MAIL_CACHE_FIELD_LAST_USED()); + if (ret == 0) { +@@ -599,9 +610,7 @@ void mail_cache_header_fields_get(struct mail_cache *cache, buffer_t *dest) + buffer_append(dest, &hdr, sizeof(hdr)); + + /* we have to keep the field order for the existing fields. */ +- copy_to_buf(cache, dest, TRUE, +- offsetof(struct mail_cache_field, last_used), +- sizeof(uint32_t)); ++ copy_to_buf_last_used(cache, dest, TRUE); + copy_to_buf(cache, dest, TRUE, + offsetof(struct mail_cache_field, field_size), + sizeof(uint32_t)); + From d3bbb3608fa7e3da8531857918006d6c9c639129 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 20 Aug 2021 22:51:18 +0200 Subject: [PATCH 080/146] also spec file change --- dovecot.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dovecot.spec b/dovecot.spec index 443cf56..7201319 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -47,6 +47,7 @@ Patch16: dovecot-2.3.6-opensslhmac.patch # FTBFS Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch +Patch19: dovecot-2.3.16-ftbfsbigend.patch Source15: prestartscript @@ -143,6 +144,7 @@ This package provides the development files for dovecot. %patch16 -p1 -b .opensslhmac %patch17 -p1 -b .fixvalcond %patch18 -p1 -b .valbasherr +%patch19 -p1 -b .ftbfsbigend cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude From a833b2f8baed0676b24dc9bb65e2ab99017413a8 Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:00:52 +0200 Subject: [PATCH 081/146] Rebuilt with OpenSSL 3.0.0 --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 7201319..bf0e87c 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -10,7 +10,7 @@ Name: dovecot Epoch: 1 Version: 2.3.16 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -470,6 +470,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Sep 14 2021 Sahana Prasad - 1:2.3.16-2 +- Rebuilt with OpenSSL 3.0.0 + * Fri Aug 20 2021 Michal Hlavinka - 1:2.3.16-1 - dovecot updated to 2.3.16, pigeonhole to 0.5.16 - fixes several regressions From b7a5210a80f05801b0fea9169010729abab70403 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 27 Sep 2021 20:04:59 +0200 Subject: [PATCH 082/146] fix OpenSSLv3 issues 2005884 --- dovecot-2.3.14-opensslv3.patch | 34 ++++++++++++++++++++++++++++++++++ dovecot.spec | 7 ++++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.3.14-opensslv3.patch diff --git a/dovecot-2.3.14-opensslv3.patch b/dovecot-2.3.14-opensslv3.patch new file mode 100644 index 0000000..fa6c44f --- /dev/null +++ b/dovecot-2.3.14-opensslv3.patch @@ -0,0 +1,34 @@ +diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c +--- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 2021-06-03 18:56:52.573174433 +0200 ++++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c 2021-06-03 18:56:52.585174274 +0200 +@@ -73,10 +73,30 @@ + 2key algo oid1symmetric algo namesalthash algoroundsE(RSA = i2d_PrivateKey, EC=Private Point)key id + **/ + ++#if OPENSSL_VERSION_MAJOR == 3 ++static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key) ++{ ++ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key); ++ EVP_PKEY_set1_EC_KEY(key, eck); ++ EC_KEY_free(eck); ++ return eck; ++} ++ ++static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key) ++{ ++ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key); ++ EVP_PKEY_set1_EC_KEY(key, eck); ++ return eck; ++} ++ ++#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3 ++#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3 ++#else + #ifndef HAVE_EVP_PKEY_get0 + #define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec + #define EVP_PKEY_get0_RSA(x) x->pkey.rsa + #endif ++#endif + + #ifndef HAVE_OBJ_LENGTH + #define OBJ_length(o) ((o)->length) diff --git a/dovecot.spec b/dovecot.spec index bf0e87c..f10ae50 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -10,7 +10,7 @@ Name: dovecot Epoch: 1 Version: 2.3.16 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -48,6 +48,7 @@ Patch16: dovecot-2.3.6-opensslhmac.patch Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch Patch19: dovecot-2.3.16-ftbfsbigend.patch +Patch20: dovecot-2.3.14-opensslv3.patch Source15: prestartscript @@ -145,6 +146,7 @@ This package provides the development files for dovecot. %patch17 -p1 -b .fixvalcond %patch18 -p1 -b .valbasherr %patch19 -p1 -b .ftbfsbigend +%patch20 -p1 -b .opensslv3 cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude @@ -470,6 +472,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Sep 27 2021 Michal Hlavinka - 1:2.3.16-3 +- fix OpenSSLv3 issues 2005884 + * Tue Sep 14 2021 Sahana Prasad - 1:2.3.16-2 - Rebuilt with OpenSSL 3.0.0 From abbc1b8cb5f6c815ea2a00bd63e7a13116ae7687 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 28 Sep 2021 13:50:59 +0200 Subject: [PATCH 083/146] reenable LTO --- dovecot.spec | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index f10ae50..538a011 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -1,25 +1,21 @@ %global __provides_exclude_from %{_docdir} %global __requires_exclude_from %{_docdir} -# FIXME: lto and annobin breaks build atm, retest after 2021-08 -%global _lto_cflags %nil -%undefine _annotated_build - Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 Version: 2.3.16 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 -URL: http://www.dovecot.org/ -Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz +URL: https://www.dovecot.org/ +Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam %global pigeonholever 0.5.16 -Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz +Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -472,6 +468,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Sep 28 2021 Michal Hlavinka - 1:2.3.16-4 +- reenable LTO + * Mon Sep 27 2021 Michal Hlavinka - 1:2.3.16-3 - fix OpenSSLv3 issues 2005884 From 00e2d877808c82b6e0c45b69dbe19052aad33164 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 2 Nov 2021 21:53:11 +0100 Subject: [PATCH 084/146] dovecot updated to 2.3.17, pigeonhole to 0.5.17 --- dovecot-2.3.15-fixvalcond.patch | 20 ++++++++++---------- dovecot.spec | 9 ++++++--- sources | 4 ++-- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/dovecot-2.3.15-fixvalcond.patch b/dovecot-2.3.15-fixvalcond.patch index 82bdafc..5137a1d 100644 --- a/dovecot-2.3.15-fixvalcond.patch +++ b/dovecot-2.3.15-fixvalcond.patch @@ -1,19 +1,19 @@ -diff -up dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c ---- dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.16/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200 -+++ dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.16/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200 -@@ -109,7 +109,7 @@ static int sieve_dict_script_get_stream - { - struct sieve_dict_script *dscript = +diff -up dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c +--- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 ++++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 +@@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream (struct sieve_dict_script *)script; + struct sieve_dict_storage *dstorage = + (struct sieve_dict_storage *)script->storage; - const char *path, *name = script->name, *data, *error; + const char *path, *name = script->name, *data, *error = NULL; int ret; dscript->data_pool = -diff -up dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.15/src/lib-storage/index/index-attribute.c ---- dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond 2021-06-14 15:40:37.000000000 +0200 -+++ dovecot-2.3.15/src/lib-storage/index/index-attribute.c 2021-06-21 21:52:22.963171229 +0200 -@@ -249,7 +249,7 @@ int index_storage_attribute_get(struct m +diff -up dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.17/src/lib-storage/index/index-attribute.c +--- dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond 2021-10-27 13:09:04.000000000 +0200 ++++ dovecot-2.3.17/src/lib-storage/index/index-attribute.c 2021-11-02 21:51:36.109032050 +0100 +@@ -248,7 +248,7 @@ int index_storage_attribute_get(struct m struct mail_attribute_value *value_r) { struct dict *dict; diff --git a/dovecot.spec b/dovecot.spec index 538a011..5991fbc 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,9 +4,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.16 +Version: 2.3.17 %global prever %{nil} -Release: 4%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -14,7 +14,7 @@ URL: https://www.dovecot.org/ Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.16 +%global pigeonholever 0.5.17 Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -468,6 +468,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Nov 02 2021 Michal Hlavinka - 1:2.3.17-1 +- dovecot updated to 2.3.17, pigeonhole to 0.5.17 + * Tue Sep 28 2021 Michal Hlavinka - 1:2.3.16-4 - reenable LTO diff --git a/sources b/sources index da08013..c9b3cac 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3-pigeonhole-0.5.16.tar.gz) = 880e00654eab85cc41b27ac470cce6011991e3cdb005642f495c2297fd9492bfb2b6b4ef63c88c2ac10bec870ad69b8bee6b11dd1bc5099e16c3cc2857312543 -SHA512 (dovecot-2.3.16.tar.gz) = 31a9d352c7ead466d65ee0535b1fbd9138e35235f1ebfeedc4eef54cba450663c59708d162eaf0712af1c40f23526ac86aab2eece8cefde3edf690127472fd1e +SHA512 (dovecot-2.3.17.tar.gz) = 5b45d0f2f8af5cf095aff35f8e6a74bbbfd153b6e4596510eade671507d77476544e3a012087b4d4432c0399601f29a49cdf8b34249438f440031c8d027d1cd3 +SHA512 (dovecot-2.3-pigeonhole-0.5.17.tar.gz) = c4bf69504ec22de53bfeffb55fc95438fb0f648390ca6e6485f652e2e74a34cd7508390bb595b958cbabc53f0e20fbc42e163b2682dc65159fae2acafbd94bad From 0874a3628a8033fc23930f343d97083cb18a3441 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 7 Dec 2021 22:22:53 +0100 Subject: [PATCH 085/146] dovecot updated to 2.3.17.1, pigeonhole to 0.5.17.1 dsync: Add back accidentically removed parameters. lib-ssl-iostream: Fix assert-crash when OpenSSL returned syscall error without errno. dovecot, managesieve and sieve-tool failed to run if ssl_ca was too large. --- dovecot-2.3.15-fixvalcond.patch | 4 ++-- dovecot.spec | 13 ++++++++++--- sources | 4 ++-- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/dovecot-2.3.15-fixvalcond.patch b/dovecot-2.3.15-fixvalcond.patch index 5137a1d..26090a1 100644 --- a/dovecot-2.3.15-fixvalcond.patch +++ b/dovecot-2.3.15-fixvalcond.patch @@ -1,6 +1,6 @@ diff -up dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c ---- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 -+++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 +--- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17.1/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 ++++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17.1/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 @@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream (struct sieve_dict_script *)script; struct sieve_dict_storage *dstorage = diff --git a/dovecot.spec b/dovecot.spec index 5991fbc..c5f5885 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,7 +4,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.17 +Version: 2.3.17.1 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: https://www.dovecot.org/ Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.17 +%global pigeonholever 0.5.17.1 Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -70,7 +70,7 @@ BuildRequires: multilib-rpm-config BuildRequires: flex, bison BuildRequires: systemd-devel %if %{?fedora}0 >= 350 -BuildRequires: glibc-gconv-extra +#BuildRequires: glibc-gconv-extra %endif # gettext-devel is needed for running autoconf because of the @@ -468,6 +468,13 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Dec 07 2021 Michal Hlavinka - 1:2.3.17.1-1 +- dovecot updated to 2.3.17.1, pigeonhole to 0.5.17.1 +- dsync: Add back accidentically removed parameters. +- lib-ssl-iostream: Fix assert-crash when OpenSSL returned syscall error + without errno. +- dovecot, managesieve and sieve-tool failed to run if ssl_ca was too large. + * Tue Nov 02 2021 Michal Hlavinka - 1:2.3.17-1 - dovecot updated to 2.3.17, pigeonhole to 0.5.17 diff --git a/sources b/sources index c9b3cac..76a3cc8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.17.tar.gz) = 5b45d0f2f8af5cf095aff35f8e6a74bbbfd153b6e4596510eade671507d77476544e3a012087b4d4432c0399601f29a49cdf8b34249438f440031c8d027d1cd3 -SHA512 (dovecot-2.3-pigeonhole-0.5.17.tar.gz) = c4bf69504ec22de53bfeffb55fc95438fb0f648390ca6e6485f652e2e74a34cd7508390bb595b958cbabc53f0e20fbc42e163b2682dc65159fae2acafbd94bad +SHA512 (dovecot-2.3.17.1.tar.gz) = 976aa4f68e86f401e5766017e1702740d5b03892aff98f31f9ef0c6d242311d0f4b50d7faa426306bf1c902d7fc6d021438977bc887fa66ee360b069ec32ad79 +SHA512 (dovecot-2.3-pigeonhole-0.5.17.1.tar.gz) = 632a963d90a3fa052f314360d59ff25274d80952307ab5dd9193a2713ebf686500a7b2559b56f04b07e0a261066eed9b8525b14197f3be51728af09acb76e894 From e195fa62dc0843d54b378f306a6aca7669cca2e9 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 20 Jan 2022 00:59:08 +0000 Subject: [PATCH 086/146] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index c5f5885..83c58e2 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.17.1 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -468,6 +468,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jan 20 2022 Fedora Release Engineering - 1:2.3.17.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Tue Dec 07 2021 Michal Hlavinka - 1:2.3.17.1-1 - dovecot updated to 2.3.17.1, pigeonhole to 0.5.17.1 - dsync: Add back accidentically removed parameters. From f9a454dd49393ac6e2df3adf8d13411b2698db6c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 9 Feb 2022 10:15:45 +0100 Subject: [PATCH 087/146] updated to 2.3.18, pigeonhole to 0.5.18 --- dovecot-2.3.15-fixvalcond.patch | 6 +- dovecot-2.3.16-ftbfsbigend.patch | 53 -------------- dovecot-2.3.6-opensslhmac.patch | 114 +++++++++++++++---------------- dovecot.spec | 11 +-- sources | 4 +- 5 files changed, 68 insertions(+), 120 deletions(-) delete mode 100644 dovecot-2.3.16-ftbfsbigend.patch diff --git a/dovecot-2.3.15-fixvalcond.patch b/dovecot-2.3.15-fixvalcond.patch index 26090a1..6711010 100644 --- a/dovecot-2.3.15-fixvalcond.patch +++ b/dovecot-2.3.15-fixvalcond.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c ---- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17.1/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 -+++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17.1/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 +diff -up dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.18/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.18/src/lib-sieve/storage/dict/sieve-dict-script.c +--- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.18/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 ++++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.18/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 @@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream (struct sieve_dict_script *)script; struct sieve_dict_storage *dstorage = diff --git a/dovecot-2.3.16-ftbfsbigend.patch b/dovecot-2.3.16-ftbfsbigend.patch deleted file mode 100644 index 762503b..0000000 --- a/dovecot-2.3.16-ftbfsbigend.patch +++ /dev/null @@ -1,53 +0,0 @@ -commit ec4595097067a736717ef202fe8542b1b4bc2dd5 -Author: Timo Sirainen -Date: Tue Aug 10 12:22:08 2021 +0300 - - lib-index: Fix storing cache fields' last_used with 64bit big endian CPUs - -diff --git a/src/lib-index/mail-cache-fields.c b/src/lib-index/mail-cache-fields.c -index e929fb559d..429e0d234c 100644 ---- a/src/lib-index/mail-cache-fields.c -+++ b/src/lib-index/mail-cache-fields.c -@@ -524,6 +524,19 @@ static void copy_to_buf_byte(struct mail_cache *cache, buffer_t *dest, - } - } - -+static void -+copy_to_buf_last_used(struct mail_cache *cache, buffer_t *dest, bool add_new) -+{ -+ size_t offset = offsetof(struct mail_cache_field, last_used); -+#if defined(WORDS_BIGENDIAN) && SIZEOF_VOID_P == 8 -+ /* 64bit time_t with big endian CPUs: copy the last 32 bits instead of -+ the first 32 bits (that are always 0). The 32 bits are enough until -+ year 2106, so we're not in a hurry to use 64 bits on disk. */ -+ offset += sizeof(uint32_t); -+#endif -+ copy_to_buf(cache, dest, add_new, offset, sizeof(uint32_t)); -+} -+ - static int mail_cache_header_fields_update_locked(struct mail_cache *cache) - { - buffer_t *buffer; -@@ -536,9 +549,7 @@ static int mail_cache_header_fields_update_locked(struct mail_cache *cache) - - buffer = t_buffer_create(256); - -- copy_to_buf(cache, buffer, FALSE, -- offsetof(struct mail_cache_field, last_used), -- sizeof(uint32_t)); -+ copy_to_buf_last_used(cache, buffer, FALSE); - ret = mail_cache_write(cache, buffer->data, buffer->used, - offset + MAIL_CACHE_FIELD_LAST_USED()); - if (ret == 0) { -@@ -599,9 +610,7 @@ void mail_cache_header_fields_get(struct mail_cache *cache, buffer_t *dest) - buffer_append(dest, &hdr, sizeof(hdr)); - - /* we have to keep the field order for the existing fields. */ -- copy_to_buf(cache, dest, TRUE, -- offsetof(struct mail_cache_field, last_used), -- sizeof(uint32_t)); -+ copy_to_buf_last_used(cache, dest, TRUE); - copy_to_buf(cache, dest, TRUE, - offsetof(struct mail_cache_field, field_size), - sizeof(uint32_t)); - diff --git a/dovecot-2.3.6-opensslhmac.patch b/dovecot-2.3.6-opensslhmac.patch index ba6453b..53f3321 100644 --- a/dovecot-2.3.6-opensslhmac.patch +++ b/dovecot-2.3.6-opensslhmac.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.3.14/src/auth/auth-token.c.opensslhmac dovecot-2.3.14/src/auth/auth-token.c ---- dovecot-2.3.14/src/auth/auth-token.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/auth/auth-token.c 2021-03-22 20:44:13.022912242 +0100 +diff -up dovecot-2.3.18/src/auth/auth-token.c.opensslhmac dovecot-2.3.18/src/auth/auth-token.c +--- dovecot-2.3.18/src/auth/auth-token.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/auth/auth-token.c 2022-02-09 09:27:15.887883359 +0100 @@ -161,17 +161,17 @@ void auth_token_deinit(void) const char *auth_token_get(const char *service, const char *session_pid, const char *username, const char *session_id) @@ -26,9 +26,9 @@ diff -up dovecot-2.3.14/src/auth/auth-token.c.opensslhmac dovecot-2.3.14/src/aut return binary_to_hex(result, sizeof(result)); } -diff -up dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.14/src/auth/mech-cram-md5.c ---- dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/auth/mech-cram-md5.c 2021-03-22 20:44:13.022912242 +0100 +diff -up dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.18/src/auth/mech-cram-md5.c +--- dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/auth/mech-cram-md5.c 2022-02-09 09:27:15.887883359 +0100 @@ -51,7 +51,7 @@ static bool verify_credentials(struct cr { @@ -52,10 +52,10 @@ diff -up dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.14/src/ response_hex = binary_to_hex(digest, sizeof(digest)); -diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/auth/mech-scram.c ---- dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/auth/mech-scram.c 2021-03-22 20:44:13.022912242 +0100 -@@ -78,7 +78,7 @@ static const char *get_scram_server_firs +diff -up dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac dovecot-2.3.18/src/auth/mech-scram.c +--- dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/auth/mech-scram.c 2022-02-09 09:31:50.927146858 +0100 +@@ -93,7 +93,7 @@ get_scram_server_first(struct scram_auth static const char *get_scram_server_final(struct scram_auth_request *request) { const struct hash_method *hmethod = request->hash_method; @@ -64,7 +64,7 @@ diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/aut const char *auth_message; unsigned char server_signature[hmethod->digest_size]; string_t *str; -@@ -87,9 +87,9 @@ static const char *get_scram_server_fina +@@ -109,9 +109,9 @@ static const char *get_scram_server_fina request->server_first_message, ",", request->client_final_message_without_proof, NULL); @@ -75,9 +75,9 @@ diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/aut + openssl_hmac_update(&ctx, auth_message, strlen(auth_message)); + openssl_hmac_final(&ctx, server_signature); - str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(server_signature))); - str_append(str, "v="); -@@ -228,7 +228,7 @@ static bool parse_scram_client_first(str + /* RFC 5802, Section 7: + +@@ -292,7 +292,7 @@ parse_scram_client_first(struct scram_au static bool verify_credentials(struct scram_auth_request *request) { const struct hash_method *hmethod = request->hash_method; @@ -86,7 +86,7 @@ diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/aut const char *auth_message; unsigned char client_key[hmethod->digest_size]; unsigned char client_signature[hmethod->digest_size]; -@@ -239,9 +239,9 @@ static bool verify_credentials(struct sc +@@ -310,9 +310,9 @@ static bool verify_credentials(struct sc request->server_first_message, ",", request->client_final_message_without_proof, NULL); @@ -97,11 +97,11 @@ diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/aut + openssl_hmac_update(&ctx, auth_message, strlen(auth_message)); + openssl_hmac_final(&ctx, client_signature); + /* ClientProof := ClientKey XOR ClientSignature */ const unsigned char *proof_data = request->proof->data; - for (i = 0; i < sizeof(client_signature); i++) -diff -up dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme.c ---- dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/auth/password-scheme.c 2021-03-22 20:44:13.022912242 +0100 +diff -up dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme.c +--- dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/auth/password-scheme.c 2022-02-09 09:27:15.888883345 +0100 @@ -639,11 +639,11 @@ static void cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) @@ -116,9 +116,9 @@ diff -up dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac dovecot-2.3.14/sr strlen(plaintext), &hash_method_md5); hmac_md5_get_cram_context(&ctx, context_digest); -diff -up dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme-scram.c ---- dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/auth/password-scheme-scram.c 2021-03-22 20:44:13.023912229 +0100 +diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme-scram.c +--- dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/auth/password-scheme-scram.c 2022-02-09 09:27:15.888883345 +0100 @@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co const unsigned char *salt, size_t salt_size, unsigned int i, unsigned char *result) @@ -208,9 +208,9 @@ diff -up dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3 str_append_c(str, ','); base64_encode(server_key, sizeof(server_key), str); -diff -up dovecot-2.3.14/src/lib/hmac.c.opensslhmac dovecot-2.3.14/src/lib/hmac.c ---- dovecot-2.3.14/src/lib/hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib/hmac.c 2021-03-22 20:44:13.023912229 +0100 +diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c +--- dovecot-2.3.18/src/lib/hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib/hmac.c 2022-02-09 09:27:15.888883345 +0100 @@ -7,6 +7,10 @@ * This software is released under the MIT license. */ @@ -448,9 +448,9 @@ diff -up dovecot-2.3.14/src/lib/hmac.c.opensslhmac dovecot-2.3.14/src/lib/hmac.c - safe_memset(prk, 0, sizeof(prk)); - safe_memset(okm, 0, sizeof(okm)); } -diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.c ---- dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib/hmac-cram-md5.c 2021-03-22 20:44:13.023912229 +0100 +diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.c +--- dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib/hmac-cram-md5.c 2022-02-09 09:27:15.888883345 +0100 @@ -9,10 +9,10 @@ #include "md5.h" #include "hmac-cram-md5.h" @@ -477,9 +477,9 @@ diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.14/src/l const unsigned char *cdp; struct md5_context *ctx = (void*)hmac_ctx->ctx; -diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.h ---- dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib/hmac-cram-md5.h 2021-03-22 20:44:13.023912229 +0100 +diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.h +--- dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib/hmac-cram-md5.h 2022-02-09 09:27:15.888883345 +0100 @@ -5,9 +5,9 @@ #define CRAM_MD5_CONTEXTLEN 32 @@ -492,9 +492,9 @@ diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.14/src/l const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]); -diff -up dovecot-2.3.14/src/lib/hmac.h.opensslhmac dovecot-2.3.14/src/lib/hmac.h ---- dovecot-2.3.14/src/lib/hmac.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib/hmac.h 2021-03-22 20:44:13.023912229 +0100 +diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h +--- dovecot-2.3.18/src/lib/hmac.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib/hmac.h 2022-02-09 09:27:15.888883345 +0100 @@ -4,60 +4,97 @@ #include "hash-method.h" #include "sha1.h" @@ -606,9 +606,9 @@ diff -up dovecot-2.3.14/src/lib/hmac.h.opensslhmac dovecot-2.3.14/src/lib/hmac.h okm_buffer, okm_len); return okm_buffer; } -diff -up dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c ---- dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 20:44:13.023912229 +0100 +diff -up dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c +--- dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c 2022-02-09 09:27:15.888883345 +0100 @@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN], size_t *token_len_r) @@ -629,10 +629,10 @@ diff -up dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot- *token_len_r = SHA1_RESULTLEN + 1; return token; -diff -up dovecot-2.3.14/src/lib/Makefile.am.opensslhmac dovecot-2.3.14/src/lib/Makefile.am ---- dovecot-2.3.14/src/lib/Makefile.am.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib/Makefile.am 2021-03-22 20:44:13.023912229 +0100 -@@ -352,6 +352,9 @@ headers = \ +diff -up dovecot-2.3.18/src/lib/Makefile.am.opensslhmac dovecot-2.3.18/src/lib/Makefile.am +--- dovecot-2.3.18/src/lib/Makefile.am.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib/Makefile.am 2022-02-09 09:27:15.889883331 +0100 +@@ -354,6 +354,9 @@ headers = \ wildcard-match.h \ write-full.h @@ -642,10 +642,10 @@ diff -up dovecot-2.3.14/src/lib/Makefile.am.opensslhmac dovecot-2.3.14/src/lib/M test_programs = test-lib noinst_PROGRAMS = $(test_programs) -diff -up dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c ---- dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c 2021-03-22 20:44:13.024912217 +0100 -@@ -106,14 +106,14 @@ oauth2_validate_hmac(const struct oauth2 +diff -up dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c +--- dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100 +@@ -144,14 +144,14 @@ oauth2_validate_hmac(const struct oauth2 if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0) return -1; @@ -666,10 +666,10 @@ diff -up dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.14/s buffer_t *their_digest = t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]); -diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c ---- dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 20:46:09.524440794 +0100 -@@ -236,7 +236,7 @@ static void save_key_to(const char *algo +diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c +--- dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100 +@@ -248,7 +248,7 @@ static void save_key_azp_to(const char * static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key) { i_assert(key != NULL); @@ -678,7 +678,7 @@ diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3 tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -@@ -246,7 +246,7 @@ static void sign_jwt_token_hs256(buffer_ +@@ -258,7 +258,7 @@ static void sign_jwt_token_hs256(buffer_ static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key) { i_assert(key != NULL); @@ -687,7 +687,7 @@ diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3 tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -@@ -256,7 +256,7 @@ static void sign_jwt_token_hs384(buffer_ +@@ -268,7 +268,7 @@ static void sign_jwt_token_hs384(buffer_ static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key) { i_assert(key != NULL); @@ -696,9 +696,9 @@ diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3 tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -diff -up dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac dovecot-2.3.14/src/lib/pkcs5.c ---- dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib/pkcs5.c 2021-03-22 20:44:13.024912217 +0100 +diff -up dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac dovecot-2.3.18/src/lib/pkcs5.c +--- dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib/pkcs5.c 2022-02-09 09:27:15.889883331 +0100 @@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */ unsigned char dk[l * hash->digest_size]; @@ -733,9 +733,9 @@ diff -up dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac dovecot-2.3.14/src/lib/pkcs5 for(i = 0; i < hash->digest_size; i++) block[i] ^= U_c[i]; } -diff -up dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac dovecot-2.3.14/src/lib/test-hmac.c ---- dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 -+++ dovecot-2.3.14/src/lib/test-hmac.c 2021-03-22 20:44:13.024912217 +0100 +diff -up dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac dovecot-2.3.18/src/lib/test-hmac.c +--- dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 ++++ dovecot-2.3.18/src/lib/test-hmac.c 2022-02-09 09:27:15.889883331 +0100 @@ -206,11 +206,11 @@ static void test_hmac_rfc(void) test_begin("hmac sha256 rfc4231 vectors"); for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) { diff --git a/dovecot.spec b/dovecot.spec index 83c58e2..dbee79d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,9 +4,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.17.1 +Version: 2.3.18 %global prever %{nil} -Release: 2%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -14,7 +14,7 @@ URL: https://www.dovecot.org/ Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.17.1 +%global pigeonholever 0.5.18 Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -43,7 +43,6 @@ Patch16: dovecot-2.3.6-opensslhmac.patch # FTBFS Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch -Patch19: dovecot-2.3.16-ftbfsbigend.patch Patch20: dovecot-2.3.14-opensslv3.patch Source15: prestartscript @@ -141,7 +140,6 @@ This package provides the development files for dovecot. %patch16 -p1 -b .opensslhmac %patch17 -p1 -b .fixvalcond %patch18 -p1 -b .valbasherr -%patch19 -p1 -b .ftbfsbigend %patch20 -p1 -b .opensslv3 cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ # valgrind would fail with shell wrapper @@ -468,6 +466,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Feb 09 2022 Michal Hlavinka - 1:2.3.18-1 +- updated to 2.3.18, pigeonhole to 0.5.18 + * Thu Jan 20 2022 Fedora Release Engineering - 1:2.3.17.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild diff --git a/sources b/sources index 76a3cc8..d434056 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.17.1.tar.gz) = 976aa4f68e86f401e5766017e1702740d5b03892aff98f31f9ef0c6d242311d0f4b50d7faa426306bf1c902d7fc6d021438977bc887fa66ee360b069ec32ad79 -SHA512 (dovecot-2.3-pigeonhole-0.5.17.1.tar.gz) = 632a963d90a3fa052f314360d59ff25274d80952307ab5dd9193a2713ebf686500a7b2559b56f04b07e0a261066eed9b8525b14197f3be51728af09acb76e894 +SHA512 (dovecot-2.3.18.tar.gz) = b5eccf790a3960614876f122efb6296fe49ab7c523b08c10347fd4d10ed293fbd327279511c227b420f7c0786975186157eaa0fb5cd3aab1f3be9a4c5c3ad233 +SHA512 (dovecot-2.3-pigeonhole-0.5.18.tar.gz) = 44c3d945a5aebb8935e6e46751e44f505f2abd529c31e3efb689d3b5b9cdf9bca4f5231fc42a8d19837cb95c7618f5b64dfdf5964f40a0a6987144a37cdbaaec From 24321854aab9e7ad74f48e4106c54a8c05f850e6 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 9 Feb 2022 12:09:44 +0100 Subject: [PATCH 088/146] skip aarch64 check, it timeouts --- dovecot.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dovecot.spec b/dovecot.spec index dbee79d..770a174 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -317,9 +317,12 @@ rm -f %restart_flag fi %check +%ifnarch aarch64 +# some aarch64 tests timeout, skip for now make check cd dovecot-2*3-pigeonhole-%{pigeonholever} make check +%endif %files %doc docinstall/* AUTHORS ChangeLog COPYING COPYING.LGPL COPYING.MIT NEWS README From e62c64f4afb5123ba6be031febf626b7e5c2856c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 30 May 2022 21:01:34 +0200 Subject: [PATCH 089/146] updated to 2.3.19, pigeonhole to 0.5.19 --- 30e69471792aec8.patch | 25 +++++++++++++++++++++++++ dovecot-2.3.15-fixvalcond.patch | 6 +++--- dovecot.spec | 9 +++++++-- sources | 4 ++-- 4 files changed, 37 insertions(+), 7 deletions(-) create mode 100644 30e69471792aec8.patch diff --git a/30e69471792aec8.patch b/30e69471792aec8.patch new file mode 100644 index 0000000..2f2c7cb --- /dev/null +++ b/30e69471792aec8.patch @@ -0,0 +1,25 @@ +From 30e69471792aec818dbbfa64adb868db14a6d8e2 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen +Date: Wed, 18 May 2022 11:31:44 +0300 +Subject: [PATCH] auth: Fix assert-crash in iterating multiple userdbs + +Broken by 501e17ba6b448ba3c88338596e0e8f99f0693f79 + +Fixes: +Panic: file userdb-blocking.c: line 125 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL) +--- + src/auth/auth-master-connection.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/auth/auth-master-connection.c b/src/auth/auth-master-connection.c +index 02eb11d38e..3f439b861a 100644 +--- a/src/auth/auth-master-connection.c ++++ b/src/auth/auth-master-connection.c +@@ -514,7 +514,6 @@ static void master_input_list_callback(const char *user, void *context) + ctx->auth_request->userdb = userdb; + ctx->iter = userdb_blocking_iter_init(ctx->auth_request, + master_input_list_callback, ctx); +- userdb_blocking_iter_next(ctx->iter); + return; + } + diff --git a/dovecot-2.3.15-fixvalcond.patch b/dovecot-2.3.15-fixvalcond.patch index 6711010..fc37561 100644 --- a/dovecot-2.3.15-fixvalcond.patch +++ b/dovecot-2.3.15-fixvalcond.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.18/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.18/src/lib-sieve/storage/dict/sieve-dict-script.c ---- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.18/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 -+++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.18/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 +diff -up dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c +--- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 ++++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 @@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream (struct sieve_dict_script *)script; struct sieve_dict_storage *dstorage = diff --git a/dovecot.spec b/dovecot.spec index 770a174..c2d987d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,7 +4,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.18 +Version: 2.3.19 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: https://www.dovecot.org/ Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.18 +%global pigeonholever 0.5.19 Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -44,6 +44,7 @@ Patch16: dovecot-2.3.6-opensslhmac.patch Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch Patch20: dovecot-2.3.14-opensslv3.patch +Patch21: 30e69471792aec8.patch Source15: prestartscript @@ -141,6 +142,7 @@ This package provides the development files for dovecot. %patch17 -p1 -b .fixvalcond %patch18 -p1 -b .valbasherr %patch20 -p1 -b .opensslv3 +%patch21 -p1 -b .30e69471792aec8 cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude @@ -469,6 +471,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon May 30 2022 Michal Hlavinka - 1:2.3.19-1 +- updated to 2.3.19, pigeonhole to 0.5.19 + * Wed Feb 09 2022 Michal Hlavinka - 1:2.3.18-1 - updated to 2.3.18, pigeonhole to 0.5.18 diff --git a/sources b/sources index d434056..5ee52a2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.18.tar.gz) = b5eccf790a3960614876f122efb6296fe49ab7c523b08c10347fd4d10ed293fbd327279511c227b420f7c0786975186157eaa0fb5cd3aab1f3be9a4c5c3ad233 -SHA512 (dovecot-2.3-pigeonhole-0.5.18.tar.gz) = 44c3d945a5aebb8935e6e46751e44f505f2abd529c31e3efb689d3b5b9cdf9bca4f5231fc42a8d19837cb95c7618f5b64dfdf5964f40a0a6987144a37cdbaaec +SHA512 (dovecot-2.3.19.tar.gz) = a61ce88b53c4f24faddf4951f16cb75dfe52aa7057d072c727566a7c9a683cc487d26cea9a83ad8aca161a053949d2f2196ba6a58015e3d33be897094aabf887 +SHA512 (dovecot-2.3-pigeonhole-0.5.19.tar.gz) = 5b0a61c7711232ea3651b818a970b500b05bd340a04bcd5a5f0ea0529eda65f498912a845c8f3b3b80196d010bc22bd4a380e1f682cb42f62b80d2d43a94993a From 061b8c4d54bf9fd4ecf772078fe7fb8dc48aa38c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 20 Jun 2022 23:10:22 +0200 Subject: [PATCH 090/146] updated to 2.3.19.1 --- 30e69471792aec8.patch | 25 ------------------------- dovecot.spec | 7 ++++--- sources | 2 +- 3 files changed, 5 insertions(+), 29 deletions(-) delete mode 100644 30e69471792aec8.patch diff --git a/30e69471792aec8.patch b/30e69471792aec8.patch deleted file mode 100644 index 2f2c7cb..0000000 --- a/30e69471792aec8.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 30e69471792aec818dbbfa64adb868db14a6d8e2 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Wed, 18 May 2022 11:31:44 +0300 -Subject: [PATCH] auth: Fix assert-crash in iterating multiple userdbs - -Broken by 501e17ba6b448ba3c88338596e0e8f99f0693f79 - -Fixes: -Panic: file userdb-blocking.c: line 125 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL) ---- - src/auth/auth-master-connection.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/auth/auth-master-connection.c b/src/auth/auth-master-connection.c -index 02eb11d38e..3f439b861a 100644 ---- a/src/auth/auth-master-connection.c -+++ b/src/auth/auth-master-connection.c -@@ -514,7 +514,6 @@ static void master_input_list_callback(const char *user, void *context) - ctx->auth_request->userdb = userdb; - ctx->iter = userdb_blocking_iter_init(ctx->auth_request, - master_input_list_callback, ctx); -- userdb_blocking_iter_next(ctx->iter); - return; - } - diff --git a/dovecot.spec b/dovecot.spec index c2d987d..0274180 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,7 +4,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.19 +Version: 2.3.19.1 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -44,7 +44,6 @@ Patch16: dovecot-2.3.6-opensslhmac.patch Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch Patch20: dovecot-2.3.14-opensslv3.patch -Patch21: 30e69471792aec8.patch Source15: prestartscript @@ -142,7 +141,6 @@ This package provides the development files for dovecot. %patch17 -p1 -b .fixvalcond %patch18 -p1 -b .valbasherr %patch20 -p1 -b .opensslv3 -%patch21 -p1 -b .30e69471792aec8 cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude @@ -471,6 +469,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jun 20 2022 Michal Hlavinka - 1:2.3.19.1-1 +- updated to 2.3.19.1 + * Mon May 30 2022 Michal Hlavinka - 1:2.3.19-1 - updated to 2.3.19, pigeonhole to 0.5.19 diff --git a/sources b/sources index 5ee52a2..8250050 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.19.tar.gz) = a61ce88b53c4f24faddf4951f16cb75dfe52aa7057d072c727566a7c9a683cc487d26cea9a83ad8aca161a053949d2f2196ba6a58015e3d33be897094aabf887 +SHA512 (dovecot-2.3.19.1.tar.gz) = ceb87a5f76b6352d28fd030aae5ad2165a133e9a8a6309891e793911203fc0ada9fb254dc05d183eaaa7e2b9851d3f1755b33f08fa6ff5b4b415ac4272bfe150 SHA512 (dovecot-2.3-pigeonhole-0.5.19.tar.gz) = 5b0a61c7711232ea3651b818a970b500b05bd340a04bcd5a5f0ea0529eda65f498912a845c8f3b3b80196d010bc22bd4a380e1f682cb42f62b80d2d43a94993a From 3282577fa1e67fdcc83b96a98a114459d5963c39 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 6 Jul 2022 21:09:22 +0200 Subject: [PATCH 091/146] test could fail causing nonzero return value of whole post script --- dovecot.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 0274180..2f38ca7 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -291,7 +291,7 @@ install -d -m 0755 -g dovecot -d /run/dovecot install -d -m 0755 -d /run/dovecot/empty install -d -m 0750 -g dovenull -d /run/dovecot/login install -d -m 0750 -g dovenull -d /run/dovecot/token-login -[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot +[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot ||: %preun if [ $1 = 0 ]; then From 16f3f32fa2d7fd5e26a449a43d9510af895bff74 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 12 Jul 2022 23:02:43 +0200 Subject: [PATCH 092/146] fix possible privilege escalation when similar master and non-master passdbs are used --- dovecot-2.3.19.1-7bad6a24.patch | 131 ++++++++++++++++++++++++++++++++ dovecot.spec | 7 +- 2 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.3.19.1-7bad6a24.patch diff --git a/dovecot-2.3.19.1-7bad6a24.patch b/dovecot-2.3.19.1-7bad6a24.patch new file mode 100644 index 0000000..c980dde --- /dev/null +++ b/dovecot-2.3.19.1-7bad6a24.patch @@ -0,0 +1,131 @@ +From 7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen +Date: Mon, 9 May 2022 15:23:33 +0300 +Subject: [PATCH] auth: Fix handling passdbs with identical driver/args but + different mechanisms/username_filter + +The passdb was wrongly deduplicated in this situation, causing wrong +mechanisms or username_filter setting to be used. This would be a rather +unlikely configuration though. + +Fixed by moving mechanisms and username_filter from struct passdb_module +to struct auth_passdb, which is where they should have been in the first +place. +--- + src/auth/auth-request.c | 6 +++--- + src/auth/auth.c | 18 ++++++++++++++++++ + src/auth/auth.h | 5 +++++ + src/auth/passdb.c | 15 ++------------- + src/auth/passdb.h | 4 ---- + 5 files changed, 28 insertions(+), 20 deletions(-) + +diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c +index cd08b1fa02..0ca29f3674 100644 +--- a/src/auth/auth-request.c ++++ b/src/auth/auth-request.c +@@ -534,8 +534,8 @@ auth_request_want_skip_passdb(struct auth_request *request, + struct auth_passdb *passdb) + { + /* if mechanism is not supported, skip */ +- const char *const *mechs = passdb->passdb->mechanisms; +- const char *const *username_filter = passdb->passdb->username_filter; ++ const char *const *mechs = passdb->mechanisms; ++ const char *const *username_filter = passdb->username_filter; + const char *username; + + username = request->fields.user; +@@ -548,7 +548,7 @@ auth_request_want_skip_passdb(struct auth_request *request, + return TRUE; + } + +- if (passdb->passdb->username_filter != NULL && ++ if (passdb->username_filter != NULL && + !auth_request_username_accepted(username_filter, username)) { + auth_request_log_debug(request, + request->mech != NULL ? AUTH_SUBSYS_MECH +diff --git a/src/auth/auth.c b/src/auth/auth.c +index f2f3fda20c..9f6c4ba60c 100644 +--- a/src/auth/auth.c ++++ b/src/auth/auth.c +@@ -99,6 +99,24 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *set, + auth_passdb->override_fields_tmpl = + passdb_template_build(auth->pool, set->override_fields); + ++ if (*set->mechanisms == '\0') { ++ auth_passdb->mechanisms = NULL; ++ } else if (strcasecmp(set->mechanisms, "none") == 0) { ++ auth_passdb->mechanisms = (const char *const[]){ NULL }; ++ } else { ++ auth_passdb->mechanisms = ++ (const char *const *)p_strsplit_spaces(auth->pool, ++ set->mechanisms, " ,"); ++ } ++ ++ if (*set->username_filter == '\0') { ++ auth_passdb->username_filter = NULL; ++ } else { ++ auth_passdb->username_filter = ++ (const char *const *)p_strsplit_spaces(auth->pool, ++ set->username_filter, " ,"); ++ } ++ + /* for backwards compatibility: */ + if (set->pass) + auth_passdb->result_success = AUTH_DB_RULE_CONTINUE; +diff --git a/src/auth/auth.h b/src/auth/auth.h +index f700e29d5c..460a179765 100644 +--- a/src/auth/auth.h ++++ b/src/auth/auth.h +@@ -41,6 +41,11 @@ struct auth_passdb { + struct passdb_template *default_fields_tmpl; + struct passdb_template *override_fields_tmpl; + ++ /* Supported authentication mechanisms, NULL is all, {NULL} is none */ ++ const char *const *mechanisms; ++ /* Username filter, NULL is no filter */ ++ const char *const *username_filter; ++ + enum auth_passdb_skip skip; + enum auth_db_rule result_success; + enum auth_db_rule result_failure; +diff --git a/src/auth/passdb.c b/src/auth/passdb.c +index eb4ac8ae82..f5eed1af4f 100644 +--- a/src/auth/passdb.c ++++ b/src/auth/passdb.c +@@ -224,19 +224,8 @@ passdb_preinit(pool_t pool, const struct auth_passdb_settings *set) + passdb->id = ++auth_passdb_id; + passdb->iface = *iface; + passdb->args = p_strdup(pool, set->args); +- if (*set->mechanisms == '\0') { +- passdb->mechanisms = NULL; +- } else if (strcasecmp(set->mechanisms, "none") == 0) { +- passdb->mechanisms = (const char *const[]){NULL}; +- } else { +- passdb->mechanisms = (const char* const*)p_strsplit_spaces(pool, set->mechanisms, " ,"); +- } +- +- if (*set->username_filter == '\0') { +- passdb->username_filter = NULL; +- } else { +- passdb->username_filter = (const char* const*)p_strsplit_spaces(pool, set->username_filter, " ,"); +- } ++ /* NOTE: if anything else than driver & args are added here, ++ passdb_find() also needs to be updated. */ + array_push_back(&passdb_modules, &passdb); + return passdb; + } +diff --git a/src/auth/passdb.h b/src/auth/passdb.h +index 2e95328e5c..e466a9fdb6 100644 +--- a/src/auth/passdb.h ++++ b/src/auth/passdb.h +@@ -63,10 +63,6 @@ struct passdb_module { + /* Default password scheme for this module. + If default_cache_key is set, must not be NULL. */ + const char *default_pass_scheme; +- /* Supported authentication mechanisms, NULL is all, [NULL] is none*/ +- const char *const *mechanisms; +- /* Username filter, NULL is no filter */ +- const char *const *username_filter; + + /* If blocking is set to TRUE, use child processes to access + this passdb. */ diff --git a/dovecot.spec b/dovecot.spec index 2f38ca7..956189c 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.19.1 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -44,6 +44,7 @@ Patch16: dovecot-2.3.6-opensslhmac.patch Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch Patch20: dovecot-2.3.14-opensslv3.patch +Patch21: dovecot-2.3.19.1-7bad6a24.patch Source15: prestartscript @@ -141,6 +142,7 @@ This package provides the development files for dovecot. %patch17 -p1 -b .fixvalcond %patch18 -p1 -b .valbasherr %patch20 -p1 -b .opensslv3 +%patch21 -p1 -b .7bad6a24 cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude @@ -469,6 +471,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jul 12 2022 Michal Hlavinka - 1:2.3.19.1-2 +- fix possible privilege escalation when similar master and non-master passdbs are used + * Mon Jun 20 2022 Michal Hlavinka - 1:2.3.19.1-1 - updated to 2.3.19.1 From ed8d027a72e7e7893d7756901d96d5d1ec273713 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 21 Jul 2022 00:51:53 +0000 Subject: [PATCH 093/146] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 956189c..1b77960 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.19.1 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -471,6 +471,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jul 21 2022 Fedora Release Engineering - 1:2.3.19.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Tue Jul 12 2022 Michal Hlavinka - 1:2.3.19.1-2 - fix possible privilege escalation when similar master and non-master passdbs are used From c18ffec6977b07116292f9e1e6d4104f15df6665 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= Date: Mon, 1 Aug 2022 15:03:38 +0200 Subject: [PATCH 094/146] Rebuilt for ICU 71.1 --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 1b77960..a87d765 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.19.1 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -471,6 +471,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Aug 01 2022 Frantisek Zatloukal - 1:2.3.19.1-4 +- Rebuilt for ICU 71.1 + * Thu Jul 21 2022 Fedora Release Engineering - 1:2.3.19.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From dc8bf012af5887a23d7a1987b689bd1debfa531d Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 23 Aug 2022 23:25:38 +0200 Subject: [PATCH 095/146] spec file cleanup rhbz#2120072 --- dovecot.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index a87d765..fb8a3b8 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -69,6 +69,7 @@ BuildRequires: libstemmer-devel BuildRequires: multilib-rpm-config BuildRequires: flex, bison BuildRequires: systemd-devel +BuildRequires: systemd-rpm-macros %if %{?fedora}0 >= 350 #BuildRequires: glibc-gconv-extra %endif @@ -182,7 +183,6 @@ autoreconf -I . -fiv #required for aarch64 support --with-ssl=openssl \ --with-ssldir=%{ssldir} \ --with-solr \ - --with-systemdsystemunitdir=%{_unitdir} \ --with-docs sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf From f7ac2e4adcde6edea4d02d1a381845496cf65673 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 24 Aug 2022 08:35:08 +0200 Subject: [PATCH 096/146] add unit dir variable --- dovecot.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index fb8a3b8..0309be6 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -183,7 +183,9 @@ autoreconf -I . -fiv #required for aarch64 support --with-ssl=openssl \ --with-ssldir=%{ssldir} \ --with-solr \ - --with-docs + --with-docs \ + systemdsystemunitdir=%{_unitdir} + sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf %make_build From 6c72b310bcbc737845ee2713369c94f5be08ebdf Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 11 Oct 2022 23:20:23 +0200 Subject: [PATCH 097/146] build with lua support (#2132420) --- dovecot.spec | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 0309be6..e89c6ba 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.19.1 %global prever %{nil} -Release: 4%{?dist} +Release: 5%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -62,6 +62,7 @@ BuildRequires: lz4-devel BuildRequires: libzstd-devel %if %{?rhel}0 == 0 BuildRequires: libsodium-devel +BuildRequires: lua-devel %endif BuildRequires: libicu-devel BuildRequires: libexttextcat-devel @@ -179,6 +180,9 @@ autoreconf -I . -fiv #required for aarch64 support --with-zstd \ --with-libcap \ --with-icu \ +%if %{?rhel}0 == 0 + --with-lua=plugin \ +%endif --with-lucene \ --with-ssl=openssl \ --with-ssldir=%{ssldir} \ @@ -393,6 +397,9 @@ make check %{_libdir}/dovecot/auth/lib20_auth_var_expand_crypt.so %{_libdir}/dovecot/auth/libauthdb_imap.so %{_libdir}/dovecot/auth/libauthdb_ldap.so +%if %{?rhel}0 == 0 +%{_libdir}/dovecot/auth/libauthdb_lua.so +%endif %{_libdir}/dovecot/auth/libmech_gssapi.so %{_libdir}/dovecot/auth/libdriver_sqlite.so %{_libdir}/dovecot/dict/libdriver_sqlite.so @@ -473,6 +480,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Oct 11 2022 Michal Hlavinka - 1:2.3.19.1-5 +- build with lua support (#2132420) + * Mon Aug 01 2022 Frantisek Zatloukal - 1:2.3.19.1-4 - Rebuilt for ICU 71.1 From 4990c863a92f96ea84156ee799a7a453781333d3 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 8 Nov 2022 22:15:18 +0100 Subject: [PATCH 098/146] use Wants=network-online.target instead of preexec nm-online (#2095949) --- dovecot-2.1.10-waitonline.patch | 16 ++++++++-------- dovecot-2.2.20-initbysystemd.patch | 2 +- dovecot.spec | 5 ++++- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/dovecot-2.1.10-waitonline.patch b/dovecot-2.1.10-waitonline.patch index af3ce19..20daf40 100644 --- a/dovecot-2.1.10-waitonline.patch +++ b/dovecot-2.1.10-waitonline.patch @@ -1,11 +1,11 @@ -diff -up dovecot-2.3.15/dovecot.service.in.waitonline dovecot-2.3.15/dovecot.service.in ---- dovecot-2.3.15/dovecot.service.in.waitonline 2021-06-21 20:19:19.560494654 +0200 -+++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:21:17.443066248 +0200 -@@ -15,6 +15,7 @@ After=local-fs.target network-online.tar +diff -up dovecot-2.3.19.1/dovecot.service.in.waitonline dovecot-2.3.19.1/dovecot.service.in +--- dovecot-2.3.19.1/dovecot.service.in.waitonline 2022-06-14 08:55:03.000000000 +0200 ++++ dovecot-2.3.19.1/dovecot.service.in 2022-11-08 20:28:37.550081709 +0100 +@@ -12,6 +12,7 @@ Description=Dovecot IMAP/POP3 email serv + Documentation=man:dovecot(1) + Documentation=https://doc.dovecot.org/ + After=local-fs.target network-online.target ++Wants=network-online.target [Service] Type=@systemdservicetype@ -+ExecStartPre=/usr/libexec/dovecot/prestartscript - ExecStart=@sbindir@/dovecot -F - ExecReload=@bindir@/doveadm reload - ExecStop=@bindir@/doveadm stop diff --git a/dovecot-2.2.20-initbysystemd.patch b/dovecot-2.2.20-initbysystemd.patch index 313e26b..7099960 100644 --- a/dovecot-2.2.20-initbysystemd.patch +++ b/dovecot-2.2.20-initbysystemd.patch @@ -25,9 +25,9 @@ diff -up dovecot-2.3.15/dovecot.service.in.initbysystemd dovecot-2.3.15/dovecot. -After=local-fs.target network-online.target +After=local-fs.target network-online.target dovecot-init.service +Requires=dovecot-init.service + Wants=network-online.target [Service] - Type=@systemdservicetype@ diff -up dovecot-2.3.15/Makefile.am.initbysystemd dovecot-2.3.15/Makefile.am --- dovecot-2.3.15/Makefile.am.initbysystemd 2021-06-21 20:21:49.250680889 +0200 +++ dovecot-2.3.15/Makefile.am 2021-06-21 20:24:26.676765849 +0200 diff --git a/dovecot.spec b/dovecot.spec index e89c6ba..2fc0d48 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.19.1 %global prever %{nil} -Release: 5%{?dist} +Release: 6%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -480,6 +480,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Nov 08 2022 Michal Hlavinka - 1:2.3.19.1-6 +- use Wants=network-online.target instead of preexec nm-online (#2095949) + * Tue Oct 11 2022 Michal Hlavinka - 1:2.3.19.1-5 - build with lua support (#2132420) From f93b448621ba0bd5217ca57b413358e31bc148ac Mon Sep 17 00:00:00 2001 From: Pete Walter Date: Sat, 31 Dec 2022 02:36:22 +0000 Subject: [PATCH 099/146] Rebuild for ICU 72 --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 2fc0d48..3322958 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.19.1 %global prever %{nil} -Release: 6%{?dist} +Release: 7%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -480,6 +480,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Sat Dec 31 2022 Pete Walter - 1:2.3.19.1-7 +- Rebuild for ICU 72 + * Tue Nov 08 2022 Michal Hlavinka - 1:2.3.19.1-6 - use Wants=network-online.target instead of preexec nm-online (#2095949) From 76899ef8f2fc7c4a2a3542ab0fd9edf8c72ae75a Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 2 Jan 2023 10:55:17 +0100 Subject: [PATCH 100/146] Port configure script to C99 Related to: --- dovecot-configure-c99.patch | 25 +++++++++++++++++++++++++ dovecot.spec | 7 ++++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 dovecot-configure-c99.patch diff --git a/dovecot-configure-c99.patch b/dovecot-configure-c99.patch new file mode 100644 index 0000000..17a49fe --- /dev/null +++ b/dovecot-configure-c99.patch @@ -0,0 +1,25 @@ +m4: crypt_xxpg6.m4: Define _DEFAULT_SOURCE for current glibc + +Current glibc no longer implements the CRYPT extension, so it does not +declare crypt in in strict standard modes. The check +defines _XOPEN_SOURCE, which enables one of these modes. Defining +_DEFAULT_SOURCE as well again makes available the crypt function +prototype. + +This avoids a configure check result change with compilers which do +not support implicit function declarations. + +Submitted upstream: + +diff --git a/m4/crypt_xpg6.m4 b/m4/crypt_xpg6.m4 +index 0085b2ac76..3a288a3713 100644 +--- a/m4/crypt_xpg6.m4 ++++ b/m4/crypt_xpg6.m4 +@@ -6,6 +6,7 @@ AC_DEFUN([DOVECOT_CRYPT_XPG6], [ + #define _XOPEN_SOURCE 4 + #define _XOPEN_SOURCE_EXTENDED 1 + #define _XOPEN_VERSION 4 ++ #define _DEFAULT_SOURCE + #define _XPG4_2 + #define _XPG6 + #include diff --git a/dovecot.spec b/dovecot.spec index 3322958..477cac5 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.19.1 %global prever %{nil} -Release: 7%{?dist} +Release: 8%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -45,6 +45,7 @@ Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch Patch20: dovecot-2.3.14-opensslv3.patch Patch21: dovecot-2.3.19.1-7bad6a24.patch +Patch22: dovecot-configure-c99.patch Source15: prestartscript @@ -145,6 +146,7 @@ This package provides the development files for dovecot. %patch18 -p1 -b .valbasherr %patch20 -p1 -b .opensslv3 %patch21 -p1 -b .7bad6a24 +%patch22 -p1 -b .c99 cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude @@ -480,6 +482,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jan 02 2023 Florian Weimer - 1:2.3.19.1-8 +- Port configure script to C99 + * Sat Dec 31 2022 Pete Walter - 1:2.3.19.1-7 - Rebuild for ICU 72 From bf9aef0f2163411ddcd58633142072e5596f07e3 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 2 Jan 2023 16:38:53 +0100 Subject: [PATCH 101/146] rebased to 2.3.20 --- dovecot.spec | 7 +++++-- sources | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 477cac5..4f61fe0 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,9 +4,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.19.1 +Version: 2.3.20 %global prever %{nil} -Release: 8%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -482,6 +482,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Jan 02 2023 Michal Hlavinka - 1:2.3.20-1 +- rebased to 2.3.20 + * Mon Jan 02 2023 Florian Weimer - 1:2.3.19.1-8 - Port configure script to C99 diff --git a/sources b/sources index 8250050..11eaf3c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.19.1.tar.gz) = ceb87a5f76b6352d28fd030aae5ad2165a133e9a8a6309891e793911203fc0ada9fb254dc05d183eaaa7e2b9851d3f1755b33f08fa6ff5b4b415ac4272bfe150 +SHA512 (dovecot-2.3.20.tar.gz) = 20c5a9cacf2c22d99d46400b666206e5b153c35286c205eec5df4d2ce0c88cf29ea15df81716794fd75837f6d67dfa4037096cf4bb66f524877a9a0a6bb282c8 SHA512 (dovecot-2.3-pigeonhole-0.5.19.tar.gz) = 5b0a61c7711232ea3651b818a970b500b05bd340a04bcd5a5f0ea0529eda65f498912a845c8f3b3b80196d010bc22bd4a380e1f682cb42f62b80d2d43a94993a From f701f57c30ad8d705ece1e3583e8de53e47cf48c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 2 Jan 2023 21:16:51 +0100 Subject: [PATCH 102/146] update pigeonhole to 0.5.20 --- dovecot.spec | 2 +- sources | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 4f61fe0..769be44 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -483,7 +483,7 @@ make check %changelog * Mon Jan 02 2023 Michal Hlavinka - 1:2.3.20-1 -- rebased to 2.3.20 +- updated to 2.3.20, pigeonhole to 0.5.20 * Mon Jan 02 2023 Florian Weimer - 1:2.3.19.1-8 - Port configure script to C99 diff --git a/sources b/sources index 11eaf3c..baf5b10 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (dovecot-2.3.20.tar.gz) = 20c5a9cacf2c22d99d46400b666206e5b153c35286c205eec5df4d2ce0c88cf29ea15df81716794fd75837f6d67dfa4037096cf4bb66f524877a9a0a6bb282c8 -SHA512 (dovecot-2.3-pigeonhole-0.5.19.tar.gz) = 5b0a61c7711232ea3651b818a970b500b05bd340a04bcd5a5f0ea0529eda65f498912a845c8f3b3b80196d010bc22bd4a380e1f682cb42f62b80d2d43a94993a +SHA512 (dovecot-2.3-pigeonhole-0.5.20.tar.gz) = 45683e6bd678db00fc3e3c61d27a264d30d0e9aeb9ceb7ab55f94f0317d387056fa092e266062117cbe2a9dc2c90ddca03d154e78aad9c0d61fe8cf2c9187603 From ad6921078cc3347621745a3c1832977329437ca7 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 2 Jan 2023 22:48:15 +0100 Subject: [PATCH 103/146] update spec and patch for pigeonhole --- dovecot-2.3.15-fixvalcond.patch | 4 ++-- dovecot.spec | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dovecot-2.3.15-fixvalcond.patch b/dovecot-2.3.15-fixvalcond.patch index fc37561..f20881a 100644 --- a/dovecot-2.3.15-fixvalcond.patch +++ b/dovecot-2.3.15-fixvalcond.patch @@ -1,6 +1,6 @@ diff -up dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c ---- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 -+++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 +--- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.20/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 ++++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.20/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 @@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream (struct sieve_dict_script *)script; struct sieve_dict_storage *dstorage = diff --git a/dovecot.spec b/dovecot.spec index 769be44..f8d4957 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -14,7 +14,7 @@ URL: https://www.dovecot.org/ Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.19 +%global pigeonholever 0.5.20 Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd From d427dc3561bc5ef696247a4165e962327d511f3e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 19 Jan 2023 01:44:29 +0000 Subject: [PATCH 104/146] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index f8d4957..4ef6d27 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.20 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -482,6 +482,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jan 19 2023 Fedora Release Engineering - 1:2.3.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Mon Jan 02 2023 Michal Hlavinka - 1:2.3.20-1 - updated to 2.3.20, pigeonhole to 0.5.20 From 3327ce59b3405b8e597e8ffa8f07602bc0fc543c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 14 Feb 2023 17:53:49 +0100 Subject: [PATCH 105/146] drop SHA1 OTP --- dovecot-2.3.20-nolibotp.patch | 295 ++++++++++++++++++++++++++++++++++ dovecot.spec | 15 +- 2 files changed, 308 insertions(+), 2 deletions(-) create mode 100644 dovecot-2.3.20-nolibotp.patch diff --git a/dovecot-2.3.20-nolibotp.patch b/dovecot-2.3.20-nolibotp.patch new file mode 100644 index 0000000..4ec0b78 --- /dev/null +++ b/dovecot-2.3.20-nolibotp.patch @@ -0,0 +1,295 @@ +diff -up dovecot-2.3.20/configure.ac.nolibotp dovecot-2.3.20/configure.ac +--- dovecot-2.3.20/configure.ac.nolibotp 2022-12-21 09:49:12.000000000 +0100 ++++ dovecot-2.3.20/configure.ac 2023-02-14 16:54:02.118531016 +0100 +@@ -854,7 +854,6 @@ src/lib-lua/Makefile + src/lib-mail/Makefile + src/lib-master/Makefile + src/lib-program-client/Makefile +-src/lib-otp/Makefile + src/lib-dovecot/Makefile + src/lib-sasl/Makefile + src/lib-settings/Makefile +diff -up dovecot-2.3.20/src/auth/main.c.nolibotp dovecot-2.3.20/src/auth/main.c +--- dovecot-2.3.20/src/auth/main.c.nolibotp 2022-12-21 09:49:12.000000000 +0100 ++++ dovecot-2.3.20/src/auth/main.c 2023-02-14 16:54:02.118531016 +0100 +@@ -19,8 +19,6 @@ + #include "password-scheme.h" + #include "passdb-cache.h" + #include "mech.h" +-#include "otp.h" +-#include "mech-otp-common.h" + #include "auth.h" + #include "auth-penalty.h" + #include "auth-token.h" +@@ -283,7 +281,6 @@ static void main_deinit(void) + + auth_policy_deinit(); + mech_register_deinit(&mech_reg); +- mech_otp_deinit(); + mech_deinit(global_auth_settings); + + /* allow modules to unregister their dbs/drivers/etc. before freeing +diff -up dovecot-2.3.20/src/auth/Makefile.am.nolibotp dovecot-2.3.20/src/auth/Makefile.am +--- dovecot-2.3.20/src/auth/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100 ++++ dovecot-2.3.20/src/auth/Makefile.am 2023-02-14 16:54:02.118531016 +0100 +@@ -45,7 +45,6 @@ AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib-sql \ + -I$(top_srcdir)/src/lib-settings \ + -I$(top_srcdir)/src/lib-old-stats \ +- -I$(top_srcdir)/src/lib-otp \ + -I$(top_srcdir)/src/lib-master \ + -I$(top_srcdir)/src/lib-oauth2 \ + -I$(top_srcdir)/src/lib-ssl-iostream \ +@@ -67,7 +66,6 @@ libpassword_la_SOURCES = \ + password-scheme-crypt.c \ + password-scheme-md5crypt.c \ + password-scheme-scram.c \ +- password-scheme-otp.c \ + password-scheme-pbkdf2.c \ + password-scheme-sodium.c + libpassword_la_CFLAGS = $(AM_CPPFLAGS) $(LIBSODIUM_CFLAGS) +@@ -76,7 +74,6 @@ auth_libs = \ + libauth.la \ + libstats_auth.la \ + libpassword.la \ +- ../lib-otp/libotp.la \ + $(AUTH_LUA_LIBS) \ + $(LIBDOVECOT_SQL) + +@@ -95,7 +92,6 @@ libauth_la_SOURCES = \ + auth-client-connection.c \ + auth-master-connection.c \ + auth-policy.c \ +- mech-otp-common.c \ + mech-plain-common.c \ + auth-penalty.c \ + auth-request.c \ +@@ -122,7 +118,6 @@ libauth_la_SOURCES = \ + mech-digest-md5.c \ + mech-external.c \ + mech-gssapi.c \ +- mech-otp.c \ + mech-scram.c \ + mech-apop.c \ + mech-winbind.c \ +@@ -161,7 +156,6 @@ headers = \ + auth-client-connection.h \ + auth-common.h \ + auth-master-connection.h \ +- mech-otp-common.h \ + mech-plain-common.h \ + mech-digest-md5-private.h \ + mech-scram.h \ +@@ -260,7 +254,6 @@ test_libs = \ + test_libpassword_SOURCES = test-libpassword.c + test_libpassword_LDADD = \ + libpassword.la \ +- ../lib-otp/libotp.la \ + $(CRYPT_LIBS) \ + $(LIBDOVECOT_SQL) \ + $(LIBSODIUM_LIBS) \ +diff -up dovecot-2.3.20/src/auth/mech.c.nolibotp dovecot-2.3.20/src/auth/mech.c +--- dovecot-2.3.20/src/auth/mech.c.nolibotp 2023-02-14 16:55:38.421231797 +0100 ++++ dovecot-2.3.20/src/auth/mech.c 2023-02-14 16:55:38.434231892 +0100 +@@ -71,7 +71,6 @@ extern const struct mech_module mech_apo + extern const struct mech_module mech_cram_md5; + extern const struct mech_module mech_digest_md5; + extern const struct mech_module mech_external; +-extern const struct mech_module mech_otp; + extern const struct mech_module mech_scram_sha1; + extern const struct mech_module mech_scram_sha256; + extern const struct mech_module mech_anonymous; +@@ -206,7 +205,6 @@ void mech_init(const struct auth_setting + mech_register_module(&mech_gssapi_spnego); + #endif + } +- mech_register_module(&mech_otp); + mech_register_module(&mech_scram_sha1); + mech_register_module(&mech_scram_sha256); + mech_register_module(&mech_anonymous); +@@ -233,7 +231,6 @@ void mech_deinit(const struct auth_setti + mech_unregister_module(&mech_gssapi_spnego); + #endif + } +- mech_unregister_module(&mech_otp); + mech_unregister_module(&mech_scram_sha1); + mech_unregister_module(&mech_scram_sha256); + mech_unregister_module(&mech_anonymous); +diff -up dovecot-2.3.20/src/auth/password-scheme.c.nolibotp dovecot-2.3.20/src/auth/password-scheme.c +--- dovecot-2.3.20/src/auth/password-scheme.c.nolibotp 2023-02-14 16:54:02.109530950 +0100 ++++ dovecot-2.3.20/src/auth/password-scheme.c 2023-02-14 16:54:02.119531023 +0100 +@@ -13,7 +13,6 @@ + #include "randgen.h" + #include "sha1.h" + #include "sha2.h" +-#include "otp.h" + #include "str.h" + #include "password-scheme.h" + +@@ -709,32 +708,6 @@ plain_md5_generate(const char *plaintext + *size_r = MD5_RESULTLEN; + } + +-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, +- const unsigned char *raw_password, size_t size, +- const char **error_r) +-{ +- const char *password, *generated; +- +- password = t_strndup(raw_password, size); +- if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) { +- *error_r = "Invalid OTP data in passdb"; +- return -1; +- } +- +- return strcasecmp(password, generated) == 0 ? 1 : 0; +-} +- +-static void +-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, +- const unsigned char **raw_password_r, size_t *size_r) +-{ +- const char *password; +- +- if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0) +- i_unreached(); +- *raw_password_r = (const unsigned char *)password; +- *size_r = strlen(password); +-} + + static const struct password_scheme builtin_schemes[] = { + { "MD5", PW_ENCODING_NONE, 0, md5_verify, md5_crypt_generate }, +@@ -770,7 +743,6 @@ static const struct password_scheme buil + NULL, plain_md5_generate }, + { "LDAP-MD5", PW_ENCODING_BASE64, MD5_RESULTLEN, + NULL, plain_md5_generate }, +- { "OTP", PW_ENCODING_NONE, 0, otp_verify, otp_generate }, + { "PBKDF2", PW_ENCODING_NONE, 0, pbkdf2_verify, pbkdf2_generate }, + }; + +diff -up dovecot-2.3.20/src/auth/password-scheme.h.nolibotp dovecot-2.3.20/src/auth/password-scheme.h +--- dovecot-2.3.20/src/auth/password-scheme.h.nolibotp 2023-02-14 16:56:50.929759540 +0100 ++++ dovecot-2.3.20/src/auth/password-scheme.h 2023-02-14 16:56:50.947759671 +0100 +@@ -92,9 +92,6 @@ void password_set_encryption_rounds(unsi + /* INTERNAL: */ + const char *password_generate_salt(size_t len); + const char *password_generate_md5_crypt(const char *pw, const char *salt); +-int password_generate_otp(const char *pw, const char *state_data, +- unsigned int algo, const char **result_r) +- ATTR_NULL(2); + + int crypt_verify(const char *plaintext, + const struct password_generate_params *params, +diff -up dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp dovecot-2.3.20/src/auth/test-libpassword.c +--- dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp 2023-02-14 16:54:55.880922175 +0100 ++++ dovecot-2.3.20/src/auth/test-libpassword.c 2023-02-14 16:54:55.896922291 +0100 +@@ -106,7 +106,6 @@ static void test_password_schemes(void) + test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test"); + test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test"); + test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test"); +- test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test"); + test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test"); + test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test"); + test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test"); +diff -up dovecot-2.3.20/src/auth/test-mech.c.nolibotp dovecot-2.3.20/src/auth/test-mech.c +--- dovecot-2.3.20/src/auth/test-mech.c.nolibotp 2022-12-21 09:49:12.000000000 +0100 ++++ dovecot-2.3.20/src/auth/test-mech.c 2023-02-14 16:54:02.119531023 +0100 +@@ -8,8 +8,6 @@ + #include "auth-request-handler-private.h" + #include "auth-settings.h" + #include "mech-digest-md5-private.h" +-#include "otp.h" +-#include "mech-otp-common.h" + #include "settings-parser.h" + #include "password-scheme.h" + #include "auth-token.h" +@@ -27,7 +25,6 @@ extern const struct mech_module mech_dov + extern const struct mech_module mech_external; + extern const struct mech_module mech_login; + extern const struct mech_module mech_oauthbearer; +-extern const struct mech_module mech_otp; + extern const struct mech_module mech_plain; + extern const struct mech_module mech_scram_sha1; + extern const struct mech_module mech_scram_sha256; +@@ -65,10 +62,7 @@ request_handler_reply_mock_callback(stru + + if (request->passdb_result == PASSDB_RESULT_OK) + request->failed = FALSE; +- else if (request->mech == &mech_otp) { +- if (null_strcmp(request->fields.user, "otp_phase_2") == 0) +- request->failed = FALSE; +- } else if (request->mech == &mech_oauthbearer) { ++ else if (request->mech == &mech_oauthbearer) { + } + }; + +@@ -224,10 +218,6 @@ static void test_mechs(void) + {&mech_plain, UCHAR_LEN("\0testuser\0testpass"), "testuser", NULL, TRUE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", NULL, TRUE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", NULL, TRUE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, +- {&mech_otp, UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, +- {&mech_otp, UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, +- {&mech_otp, UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", NULL , TRUE, TRUE, FALSE}, + {&mech_oauthbearer, UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", NULL, FALSE, TRUE, FALSE}, + {&mech_scram_sha1, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, + {&mech_scram_sha256, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, +@@ -242,8 +232,6 @@ static void test_mechs(void) + {&mech_external, UCHAR_LEN(""), "testuser", NULL, FALSE, TRUE, FALSE}, + {&mech_external, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_login, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN(""), NULL, "invalid input", FALSE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN(""), "testuser", "invalid input", FALSE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_oauthbearer, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_xoauth2, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, +@@ -255,7 +243,6 @@ static void test_mechs(void) + {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_apop, UCHAR_LEN("1.1.1"), NULL, NULL, FALSE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN("somebody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE}, + {&mech_cram_md5, UCHAR_LEN("testuser\0response"), "testuser", NULL, FALSE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("testuser\0"), "testuser", NULL, FALSE, FALSE, FALSE}, + +@@ -297,9 +284,7 @@ static void test_mechs(void) + {&mech_plain, UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("failingwiththis"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("failing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), NULL, "invalid input", FALSE, FALSE, FALSE}, + /* phase 2 */ +- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE}, + {&mech_scram_sha1, UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_scram_sha1, UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_scram_sha1, UCHAR_LEN("n,a=masteruser,,"), NULL, NULL, FALSE, FALSE, FALSE}, +@@ -387,7 +372,6 @@ static void test_mechs(void) + + test_end(); + } T_END; +- mech_otp_deinit(); + auths_deinit(); + auth_token_deinit(); + password_schemes_deinit(); +diff -up dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp dovecot-2.3.20/src/doveadm/Makefile.am +--- dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100 ++++ dovecot-2.3.20/src/doveadm/Makefile.am 2023-02-14 16:54:02.119531023 +0100 +@@ -36,8 +36,7 @@ AM_CPPFLAGS = \ + $(BINARY_CFLAGS) + + cmd_pw_libs = \ +- ../auth/libpassword.la \ +- ../lib-otp/libotp.la ++ ../auth/libpassword.la + + libs = \ + dsync/libdsync.la \ +diff -up dovecot-2.3.20/src/Makefile.am.nolibotp dovecot-2.3.20/src/Makefile.am +--- dovecot-2.3.20/src/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100 ++++ dovecot-2.3.20/src/Makefile.am 2023-02-14 16:54:02.119531023 +0100 +@@ -40,7 +40,6 @@ SUBDIRS = \ + lib-index \ + lib-storage \ + lib-sql \ +- lib-otp \ + lib-lda \ + lib-dict-backend \ + anvil \ diff --git a/dovecot.spec b/dovecot.spec index 4ef6d27..bcb7526 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.20 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -44,9 +44,12 @@ Patch16: dovecot-2.3.6-opensslhmac.patch Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch Patch20: dovecot-2.3.14-opensslv3.patch -Patch21: dovecot-2.3.19.1-7bad6a24.patch +Patch21: dovecot-2.3.19.1-7bad6a24.patch Patch22: dovecot-configure-c99.patch +# Fedora/RHEL specific, drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes +Patch23: dovecot-2.3.20-nolibotp.patch + Source15: prestartscript BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -147,6 +150,7 @@ This package provides the development files for dovecot. %patch20 -p1 -b .opensslv3 %patch21 -p1 -b .7bad6a24 %patch22 -p1 -b .c99 +%patch23 -p1 -b .nolibotp cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude @@ -155,6 +159,10 @@ echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.excl #popd sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in + +# drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes +rm -rf src/lib-otp + %build #required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules %global _hardened_build 1 @@ -482,6 +490,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Feb 14 2023 Michal Hlavinka - 1:2.3.20-3 +- drop SHA1 OTP + * Thu Jan 19 2023 Fedora Release Engineering - 1:2.3.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From cfcfd288ac9ff5fda37af2b79fece5f53f7bccc2 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 26 Apr 2023 11:33:43 +0200 Subject: [PATCH 106/146] update license tag format (SPDX migration) for https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 --- dovecot.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index bcb7526..96426b3 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,9 +6,9 @@ Name: dovecot Epoch: 1 Version: 2.3.20 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 -License: MIT and LGPLv2 +License: MIT AND LGPL-2.1-only URL: https://www.dovecot.org/ Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz @@ -112,7 +112,7 @@ The SQL drivers and authentication plug-ins are in their subpackages. %package pigeonhole Requires: %{name} = %{epoch}:%{version}-%{release} Summary: Sieve and managesieve plug-in for dovecot -License: MIT and LGPLv2 +License: MIT AND LGPL-2.1-only %description pigeonhole This package provides sieve and managesieve plug-in for dovecot LDA. @@ -490,6 +490,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Apr 26 2023 Michal Hlavinka - 1:2.3.20-4 +- update license tag format (SPDX migration) for https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 + * Tue Feb 14 2023 Michal Hlavinka - 1:2.3.20-3 - drop SHA1 OTP From f141104cec30d074f3e1af9205b6d4475f9cdae4 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 3 May 2023 12:21:11 +0200 Subject: [PATCH 107/146] use new patch macro format, with epel compatibility --- dovecot.spec | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 96426b3..6ec59b7 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -137,20 +137,20 @@ This package provides the development files for dovecot. %prep %setup -q -n %{name}-%{version}%{?prever} -a 8 -%patch1 -p1 -b .default-settings -%patch2 -p1 -b .mkcert-permissions -%patch3 -p1 -b .mkcert-paths -%patch6 -p1 -b .waitonline -%patch8 -p1 -b .initbysystemd -%patch9 -p1 -b .systemd_w_protectsystem -%patch15 -p1 -b .bigkey -%patch16 -p1 -b .opensslhmac -%patch17 -p1 -b .fixvalcond -%patch18 -p1 -b .valbasherr -%patch20 -p1 -b .opensslv3 -%patch21 -p1 -b .7bad6a24 -%patch22 -p1 -b .c99 -%patch23 -p1 -b .nolibotp +%patch -P1 -p1 -b .default-settings +%patch -P2 -p1 -b .mkcert-permissions +%patch -P3 -p1 -b .mkcert-paths +%patch -P6 -p1 -b .waitonline +%patch -P8 -p1 -b .initbysystemd +%patch -P9 -p1 -b .systemd_w_protectsystem +%patch -P15 -p1 -b .bigkey +%patch -P16 -p1 -b .opensslhmac +%patch -P17 -p1 -b .fixvalcond +%patch -P18 -p1 -b .valbasherr +%patch -P20 -p1 -b .opensslv3 +%patch -P21 -p1 -b .7bad6a24 +%patch -P22 -p1 -b .c99 +%patch -P23 -p1 -b .nolibotp cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude From 9c80caab1f24630c0e5b8f71dacdde5f0c96d853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= Date: Tue, 11 Jul 2023 22:14:19 +0200 Subject: [PATCH 108/146] Rebuilt for ICU 73.2 --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 6ec59b7..d8419ef 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.20 %global prever %{nil} -Release: 4%{?dist} +Release: 5%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -490,6 +490,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jul 11 2023 František Zatloukal - 1:2.3.20-5 +- Rebuilt for ICU 73.2 + * Wed Apr 26 2023 Michal Hlavinka - 1:2.3.20-4 - update license tag format (SPDX migration) for https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 From ab67f10b83a65d3aa425f9bc6b285eeed79693f4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 17:49:57 +0000 Subject: [PATCH 109/146] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index d8419ef..dacd741 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.20 %global prever %{nil} -Release: 5%{?dist} +Release: 6%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -490,6 +490,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jul 19 2023 Fedora Release Engineering - 1:2.3.20-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Tue Jul 11 2023 František Zatloukal - 1:2.3.20-5 - Rebuilt for ICU 73.2 From b0924ff71d51112e2286bf97a2426ad450d903cd Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 18 Sep 2023 16:44:20 +0200 Subject: [PATCH 110/146] update pigeonhole to 0.5.21 --- dovecot.spec | 2 +- sources | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index dacd741..4aa3c43 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -14,7 +14,7 @@ URL: https://www.dovecot.org/ Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.20 +%global pigeonholever 0.5.21 Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd diff --git a/sources b/sources index baf5b10..affa461 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (dovecot-2.3.20.tar.gz) = 20c5a9cacf2c22d99d46400b666206e5b153c35286c205eec5df4d2ce0c88cf29ea15df81716794fd75837f6d67dfa4037096cf4bb66f524877a9a0a6bb282c8 -SHA512 (dovecot-2.3-pigeonhole-0.5.20.tar.gz) = 45683e6bd678db00fc3e3c61d27a264d30d0e9aeb9ceb7ab55f94f0317d387056fa092e266062117cbe2a9dc2c90ddca03d154e78aad9c0d61fe8cf2c9187603 +SHA512 (dovecot-2.3-pigeonhole-0.5.21.tar.gz) = 5537444025a474ee1b79919a424e24530695aec639361c531257f25fac286673719d476906d99d47e348deb57baa75419bff7dd284c82d2b751334dedec96314 From 97e16a026d8809e49610603484347c8aa62cefec Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 18 Sep 2023 16:51:08 +0200 Subject: [PATCH 111/146] strip version for pigeonhole src dir for simplifying the rest of code/patches --- dovecot-2.3.15-fixvalcond.patch | 6 +++--- dovecot.spec | 16 ++++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/dovecot-2.3.15-fixvalcond.patch b/dovecot-2.3.15-fixvalcond.patch index f20881a..a064c26 100644 --- a/dovecot-2.3.15-fixvalcond.patch +++ b/dovecot-2.3.15-fixvalcond.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.19/src/lib-sieve/storage/dict/sieve-dict-script.c ---- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.20/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 -+++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.20/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 +diff -up dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c +--- dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 ++++ dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 @@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream (struct sieve_dict_script *)script; struct sieve_dict_storage *dstorage = diff --git a/dovecot.spec b/dovecot.spec index 4aa3c43..351bc6b 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -137,6 +137,10 @@ This package provides the development files for dovecot. %prep %setup -q -n %{name}-%{version}%{?prever} -a 8 + +# standardize name, so we don't have to update patches and scripts +mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole + %patch -P1 -p1 -b .default-settings %patch -P2 -p1 -b .mkcert-permissions %patch -P3 -p1 -b .mkcert-paths @@ -151,11 +155,11 @@ This package provides the development files for dovecot. %patch -P21 -p1 -b .7bad6a24 %patch -P22 -p1 -b .c99 %patch -P23 -p1 -b .nolibotp -cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ +cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper -echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude +echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude -#pushd dovecot-2*3-pigeonhole-%{pigeonholever} +#pushd dovecot-pigeonhole #popd sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in @@ -205,7 +209,7 @@ sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10 %make_build #pigeonhole -pushd dovecot-2*3-pigeonhole-%{pigeonholever} +pushd dovecot-pigeonhole # required for snapshot [ -f configure ] || autoreconf -fiv @@ -231,7 +235,7 @@ mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/ # fix multilib issues %multilib_fix_c_header --file %{_includedir}/dovecot/config.h -pushd dovecot-2*3-pigeonhole-%{pigeonholever} +pushd dovecot-pigeonhole %make_install mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole @@ -338,7 +342,7 @@ fi %ifnarch aarch64 # some aarch64 tests timeout, skip for now make check -cd dovecot-2*3-pigeonhole-%{pigeonholever} +cd dovecot-pigeonhole make check %endif From a17c8bb9c38a8839932aa0b7b00ec9deef679119 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 18 Sep 2023 17:18:06 +0200 Subject: [PATCH 112/146] updated to 2.3.21(2239134) --- dovecot.spec | 7 +++++-- sources | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 351bc6b..9012161 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,9 +4,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.20 +Version: 2.3.21 %global prever %{nil} -Release: 6%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -494,6 +494,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Sep 18 2023 Michal Hlavinka - 1:2.3.21-1 +- updated to 2.3.21(2239134) + * Wed Jul 19 2023 Fedora Release Engineering - 1:2.3.20-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/sources b/sources index affa461..399a48e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.20.tar.gz) = 20c5a9cacf2c22d99d46400b666206e5b153c35286c205eec5df4d2ce0c88cf29ea15df81716794fd75837f6d67dfa4037096cf4bb66f524877a9a0a6bb282c8 +SHA512 (dovecot-2.3.21.tar.gz) = 2d463c38639c3fd3d617ee5b1a4e4d0c11362339c4d4d62a5a90164a8b10bc58919545679bbf379139bdb743fdb013033abfddc1fc6401eb8099463cdc2401ca SHA512 (dovecot-2.3-pigeonhole-0.5.21.tar.gz) = 5537444025a474ee1b79919a424e24530695aec639361c531257f25fac286673719d476906d99d47e348deb57baa75419bff7dd284c82d2b751334dedec96314 From be6ae59ea8042f982ce6c886be77663bd5a49dee Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 5 Oct 2023 08:54:11 +0200 Subject: [PATCH 113/146] rebuild for new libsodium --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 9012161..662dd5e 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -494,6 +494,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Oct 05 2023 Remi Collet - 1:2.3.21-2 +- rebuild for new libsodium + * Mon Sep 18 2023 Michal Hlavinka - 1:2.3.21-1 - updated to 2.3.21(2239134) From 87aba78b82d390aab08295759d6aa27423c0bc4e Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 24 Oct 2023 13:23:03 +0200 Subject: [PATCH 114/146] drop lucene to reduce dependency, use solr for fts instead --- dovecot.spec | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 662dd5e..2f9b6f4 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -69,15 +69,15 @@ BuildRequires: libsodium-devel BuildRequires: lua-devel %endif BuildRequires: libicu-devel +%if 0%{?rhel} == 0 && 0%{?fedora}0 < 38 BuildRequires: libexttextcat-devel +BuildRequires: clucene-core-devel +%endif BuildRequires: libstemmer-devel BuildRequires: multilib-rpm-config BuildRequires: flex, bison BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros -%if %{?fedora}0 >= 350 -#BuildRequires: glibc-gconv-extra -%endif # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -93,8 +93,6 @@ Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -BuildRequires: clucene-core-devel - %global ssldir %{_sysconfdir}/pki/%{name} BuildRequires: libcurl-devel expat-devel @@ -161,7 +159,9 @@ echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude #pushd dovecot-pigeonhole #popd +%if 0%{?rhel} == 0 && 0%{?fedora}0 < 38 sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in +%endif # drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes @@ -197,7 +197,13 @@ autoreconf -I . -fiv #required for aarch64 support %if %{?rhel}0 == 0 --with-lua=plugin \ %endif +%if 0%{?rhel} == 0 && 0%{?fedora}0 < 38 --with-lucene \ + --with-exttextcat \ +%else + --without-lucene \ + --without-exttextcat \ +%endif --with-ssl=openssl \ --with-ssldir=%{ssldir} \ --with-solr \ @@ -494,6 +500,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Oct 24 2023 Michal Hlavinka - 1:2.3.21-3 +- drop lucene to reduce dependency, use solr for fts instead + * Thu Oct 05 2023 Remi Collet - 1:2.3.21-2 - rebuild for new libsodium From 3d400774ff844ec32c4ecf95b0a9eb0091137a7c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 17:29:59 +0000 Subject: [PATCH 115/146] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 2f9b6f4..a0e234c 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -500,6 +500,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Fri Jan 19 2024 Fedora Release Engineering - 1:2.3.21-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Tue Oct 24 2023 Michal Hlavinka - 1:2.3.21-3 - drop lucene to reduce dependency, use solr for fts instead From 010a512bd0731e160012a49cd297778485c4b3d8 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jan 2024 09:46:23 +0000 Subject: [PATCH 116/146] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index a0e234c..43ddfe1 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21 %global prever %{nil} -Release: 4%{?dist} +Release: 5%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -500,6 +500,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jan 24 2024 Fedora Release Engineering - 1:2.3.21-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Fri Jan 19 2024 Fedora Release Engineering - 1:2.3.21-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 79a5cb2d9f4b55b50731c9eea2eada66b0dda4fe Mon Sep 17 00:00:00 2001 From: Pete Walter Date: Wed, 31 Jan 2024 19:23:26 +0000 Subject: [PATCH 117/146] Rebuild for ICU 74 --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 43ddfe1..9d747ec 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21 %global prever %{nil} -Release: 5%{?dist} +Release: 6%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -500,6 +500,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jan 31 2024 Pete Walter - 1:2.3.21-6 +- Rebuild for ICU 74 + * Wed Jan 24 2024 Fedora Release Engineering - 1:2.3.21-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From cd7e39531b15a322fbb0e92cd854d631b6881d35 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 19 Feb 2024 17:42:39 +0100 Subject: [PATCH 118/146] allow dtpath for plugins --- rpminspect.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 rpminspect.yaml diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..15a5d00 --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,7 @@ +--- +runpath: + allowed_paths: + # dovecot only plugins + - /usr/lib/dovecot/old-stats + - /usr/lib64/dovecot/old-stats + From cf9c7c9c6b756ee48c32ab358cafcab1032b37a5 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 26 Mar 2024 22:20:59 +0100 Subject: [PATCH 119/146] drop i686 build as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval --- dovecot.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 9d747ec..09a9e2f 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21 %global prever %{nil} -Release: 6%{?dist} +Release: 7%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -98,6 +98,11 @@ Requires(postun): systemd-units BuildRequires: libcurl-devel expat-devel BuildRequires: make +%if 0%{?fedora} > 39 +# as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval +ExcludeArch: %{ix86} +%endif + %global restart_flag /run/%{name}/%{name}-restart-after-rpm-install %description @@ -500,6 +505,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Mar 26 2024 Michal Hlavinka - 1:2.3.21-7 +- drop i686 build as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval + * Wed Jan 31 2024 Pete Walter - 1:2.3.21-6 - Rebuild for ICU 74 From f3cea215ee06d57897f264ec79f8f8696785a4f5 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 18 Jun 2024 16:15:36 +0200 Subject: [PATCH 120/146] fix sieve crash when there are two missing optional scripts --- dovecot-2.0-defaultconfig.patch | 23 ++++++++++----- dovecot-2.3-ph_optglob.patch | 48 ++++++++++++++++++++++++++++++ dovecot-2.3-ph_scriptcmp.patch | 12 ++++++++ dovecot.spec | 52 ++++++++++++++++++--------------- 4 files changed, 104 insertions(+), 31 deletions(-) create mode 100644 dovecot-2.3-ph_optglob.patch create mode 100644 dovecot-2.3-ph_scriptcmp.patch diff --git a/dovecot-2.0-defaultconfig.patch b/dovecot-2.0-defaultconfig.patch index c18dd47..21f00ec 100644 --- a/dovecot-2.0-defaultconfig.patch +++ b/dovecot-2.0-defaultconfig.patch @@ -1,6 +1,15 @@ -diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf ---- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings 2018-02-28 15:28:57.000000000 +0100 -+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf 2018-03-01 10:29:38.208368555 +0100 +diff -up dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf +--- dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings 2021-08-06 11:25:51.000000000 +0200 ++++ dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf 2021-10-27 11:13:45.666956339 +0200 +@@ -175,7 +175,7 @@ namespace inbox { + # to make sure that users can't log in as daemons or other system users. + # Note that denying root logins is hardcoded to dovecot binary and can't + # be done even if first_valid_uid is set to 0. +-#first_valid_uid = 500 ++first_valid_uid = 1000 + #last_valid_uid = 0 + + # Valid GID range for users, defaults to non-root/wheel. Users having @@ -322,6 +322,7 @@ protocol !indexer-worker { # them simultaneously. #mbox_read_locks = fcntl @@ -9,9 +18,9 @@ diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings # Maximum time to wait for lock (all of them) before aborting. #mbox_lock_timeout = 5 mins -diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf ---- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings 2018-02-28 15:28:57.000000000 +0100 -+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf 2018-03-01 10:33:54.779499044 +0100 +diff -up dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf +--- dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings 2021-08-06 11:25:51.000000000 +0200 ++++ dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf 2021-10-27 11:13:02.834533975 +0200 @@ -3,7 +3,9 @@ ## @@ -23,7 +32,7 @@ diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but -@@ -57,6 +59,7 @@ ssl_key = script), sieve_script_location(included->script), + ((flags & EXT_INCLUDE_FLAG_ONCE) != 0 ? "(once) " : ""), + ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0 ? "(optional) " : ""), +- include_id, sieve_binary_block_get_id(included->block)); ++ (included->block == NULL ? "(missing) " : ""), ++ include_id, ++ (included->block == NULL ? -1 : sieve_binary_block_get_id(included->block))); + + return TRUE; + } +diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c +--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob 2023-09-14 15:18:26.000000000 +0200 ++++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c 2024-06-04 09:10:45.187823805 +0200 +@@ -693,6 +693,25 @@ int ext_include_execute_include(const st + } + + ctx = ext_include_get_interpreter_context(this_ext, renv->interp); ++ if (included->block == NULL) { ++ if ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0) { ++ sieve_runtime_trace( ++ renv, SIEVE_TRLVL_NONE, ++ "include: skipped include for script '%s' " ++ "[inc id: %d, block: NULL]; optional and unavailable", ++ sieve_script_name(included->script), ++ include_id); ++ return result; ++ } else { ++ sieve_runtime_trace( ++ renv, SIEVE_TRLVL_NONE, ++ "include: unavailable script '%s' " ++ "[inc id: %d, block: NULL]", ++ sieve_script_name(included->script), ++ include_id); ++ return SIEVE_EXEC_BIN_CORRUPT; ++ } ++ } + block_id = sieve_binary_block_get_id(included->block); + + /* If :once modifier is specified, check for duplicate include */ diff --git a/dovecot-2.3-ph_scriptcmp.patch b/dovecot-2.3-ph_scriptcmp.patch new file mode 100644 index 0000000..2bcaade --- /dev/null +++ b/dovecot-2.3-ph_scriptcmp.patch @@ -0,0 +1,12 @@ +diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c +--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 2024-06-03 13:35:24.408858593 +0200 ++++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c 2024-06-03 13:35:24.434858849 +0200 +@@ -800,7 +800,7 @@ static bool sieve_file_script_equals + (struct sieve_file_script *)other; + + return ( CMP_DEV_T(fscript->st.st_dev, fother->st.st_dev) && +- fscript->st.st_ino == fother->st.st_ino ); ++ fscript->st.st_ino == fother->st.st_ino && (fscript->st.st_ino != 0 || script->location != NULL && other->location != NULL && strcmp(script->location, other->location) == 0)); + } + + /* diff --git a/dovecot.spec b/dovecot.spec index 09a9e2f..4a60551 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21 %global prever %{nil} -Release: 7%{?dist} +Release: 8%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -21,6 +21,8 @@ Source10: dovecot.tmpfilesd #our own Source14: dovecot.conf.5 +Source15: prestartscript +Source16: dovecot.sysusers # 3x Fedora/RHEL specific Patch1: dovecot-2.0-defaultconfig.patch @@ -49,8 +51,8 @@ Patch22: dovecot-configure-c99.patch # Fedora/RHEL specific, drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes Patch23: dovecot-2.3.20-nolibotp.patch - -Source15: prestartscript +Patch24: dovecot-2.3-ph_optglob.patch +Patch25: dovecot-2.3-ph_scriptcmp.patch BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig @@ -144,20 +146,22 @@ This package provides the development files for dovecot. # standardize name, so we don't have to update patches and scripts mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole -%patch -P1 -p1 -b .default-settings -%patch -P2 -p1 -b .mkcert-permissions -%patch -P3 -p1 -b .mkcert-paths -%patch -P6 -p1 -b .waitonline -%patch -P8 -p1 -b .initbysystemd -%patch -P9 -p1 -b .systemd_w_protectsystem -%patch -P15 -p1 -b .bigkey -%patch -P16 -p1 -b .opensslhmac -%patch -P17 -p1 -b .fixvalcond -%patch -P18 -p1 -b .valbasherr -%patch -P20 -p1 -b .opensslv3 -%patch -P21 -p1 -b .7bad6a24 -%patch -P22 -p1 -b .c99 -%patch -P23 -p1 -b .nolibotp +%patch -P 1 -p1 -b .default-settings +%patch -P 2 -p1 -b .mkcert-permissions +%patch -P 3 -p1 -b .mkcert-paths +%patch -P 6 -p1 -b .waitonline +%patch -P 8 -p1 -b .initbysystemd +%patch -P 9 -p1 -b .systemd_w_protectsystem +%patch -P 15 -p1 -b .bigkey +%patch -P 16 -p1 -b .opensslhmac +%patch -P 17 -p1 -b .fixvalcond +%patch -P 18 -p1 -b .valbasherr +%patch -P 20 -p1 -b .opensslv3 +%patch -P 21 -p1 -b .7bad6a24 +%patch -P 22 -p1 -b .c99 +%patch -P 23 -p1 -b .nolibotp +%patch -P 24 -p1 -b .ph_optglob +%patch -P 25 -p1 -b .ph_scriptcmp cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude @@ -262,6 +266,8 @@ install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5 #install waitonline script install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript +install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.sysusers + # generate ghost .pem files mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs mkdir -p $RPM_BUILD_ROOT%{ssldir}/private @@ -299,13 +305,7 @@ popd %pre #dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid -getent group dovecot >/dev/null || groupadd -r --gid 97 dovecot -getent passwd dovecot >/dev/null || \ -useradd -r --uid 97 -g dovecot -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot IMAP server" dovecot - -getent group dovenull >/dev/null || groupadd -r dovenull -getent passwd dovenull >/dev/null || \ -useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's unauthorized user" dovenull +%sysusers_create_compat %{SOURCE16} # do not let dovecot run during upgrade rhbz#134325 if [ "$1" = "2" ]; then @@ -368,6 +368,7 @@ make check %_tmpfilesdir/dovecot.conf +%{_sysusersdir}/dovecot.sysusers %{_unitdir}/dovecot.service %{_unitdir}/dovecot-init.service %{_unitdir}/dovecot.socket @@ -505,6 +506,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jun 18 2024 Michal Hlavinka - 1:2.3.21-8 +- fix sieve crash when there are two missing optional scripts + * Tue Mar 26 2024 Michal Hlavinka - 1:2.3.21-7 - drop i686 build as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval From 363bc31d1b1910e5aba1fac4496d79e8d67e8a3f Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Fri, 5 Jul 2024 11:27:29 -0400 Subject: [PATCH 121/146] Import sysusers file This was missing from the previous commit. --- dovecot.sysusers | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 dovecot.sysusers diff --git a/dovecot.sysusers b/dovecot.sysusers new file mode 100644 index 0000000..c286ee4 --- /dev/null +++ b/dovecot.sysusers @@ -0,0 +1,9 @@ +#Type Name ID GECOS Home directory Shell +g dovecot 97 +u dovecot 97 "Dovecot IMAP server" /usr/libexec/dovecot /sbin/nologin +m dovecot dovecot + +g dovenull - +u dovenull - "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin +m dovenull dovenull + From 8262f7803f607681105c1b51ad50efad796c6a4e Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Fri, 5 Jul 2024 13:29:03 -0400 Subject: [PATCH 122/146] Fix tests with RPM 4.20 RPM 4.20 added a build-specific path to %_builddir, which resulted in the socket path used in test-imap-client-hibernate to become too long. This upstream commit shortens the socket path: https://github.com/dovecot/core/commit/9a3e0d099044d3a7478c3a24ccb8990181767f7c --- dovecot-2.3.21-test-socket-path.patch | 22 ++++++++++++++++++++++ dovecot.spec | 4 ++++ 2 files changed, 26 insertions(+) create mode 100644 dovecot-2.3.21-test-socket-path.patch diff --git a/dovecot-2.3.21-test-socket-path.patch b/dovecot-2.3.21-test-socket-path.patch new file mode 100644 index 0000000..8132244 --- /dev/null +++ b/dovecot-2.3.21-test-socket-path.patch @@ -0,0 +1,22 @@ +From 9a3e0d099044d3a7478c3a24ccb8990181767f7c Mon Sep 17 00:00:00 2001 +From: Duncan Bellamy +Date: Sat, 6 Mar 2021 14:25:29 +0000 +Subject: [PATCH] imap: Shorten test-imap-client-hibernate socket path length + +--- + src/imap/test-imap-client-hibernate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/imap/test-imap-client-hibernate.c b/src/imap/test-imap-client-hibernate.c +index 9b90e1bd9a..c5392fa3fc 100644 +--- a/src/imap/test-imap-client-hibernate.c ++++ b/src/imap/test-imap-client-hibernate.c +@@ -19,7 +19,7 @@ + + #include + +-#define TEMP_DIRNAME ".test-imap-client-hibernate" ++#define TEMP_DIRNAME ".test-ich" + + #define EVILSTR "\t\r\n\001" + diff --git a/dovecot.spec b/dovecot.spec index 4a60551..72637af 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -54,6 +54,9 @@ Patch23: dovecot-2.3.20-nolibotp.patch Patch24: dovecot-2.3-ph_optglob.patch Patch25: dovecot-2.3-ph_scriptcmp.patch +# imap: Shorten test-imap-client-hibernate socket path length +Patch26: dovecot-2.3.21-test-socket-path.patch + BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel @@ -162,6 +165,7 @@ mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 23 -p1 -b .nolibotp %patch -P 24 -p1 -b .ph_optglob %patch -P 25 -p1 -b .ph_scriptcmp +%patch -P 26 -p1 -b .test-socket-path cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude From e757cf8512365b4736bbc375384bc7bb59a88707 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Fri, 5 Jul 2024 13:34:28 -0400 Subject: [PATCH 123/146] Do not use deprecated OpenSSL v3 ENGINE API Based on c10s with one addition for lib-dcrypt: https://gitlab.com/redhat/centos-stream/rpms/dovecot/-/commit/3a1bfe8d5daf89ff5c22ad8232fc1202241bd173 --- dovecot-2.3.21-noengine.patch | 201 ++++++++++++++++++++++++++++++++++ dovecot.spec | 5 + 2 files changed, 206 insertions(+) create mode 100644 dovecot-2.3.21-noengine.patch diff --git a/dovecot-2.3.21-noengine.patch b/dovecot-2.3.21-noengine.patch new file mode 100644 index 0000000..c3bb50e --- /dev/null +++ b/dovecot-2.3.21-noengine.patch @@ -0,0 +1,201 @@ +diff -up dovecot-2.3.21/m4/ssl.m4.noengine dovecot-2.3.21/m4/ssl.m4 +--- dovecot-2.3.21/m4/ssl.m4.noengine 2024-05-06 17:39:59.362886891 +0200 ++++ dovecot-2.3.21/m4/ssl.m4 2024-05-06 17:42:17.945312656 +0200 +@@ -233,6 +233,27 @@ AC_DEFUN([DOVECOT_SSL], [ + AC_CHECK_LIB(ssl, ECDSA_SIG_set0, [ + AC_DEFINE(HAVE_ECDSA_SIG_SET0,, [Build with ECDSA_SIG_set0 support]) + ],, $SSL_LIBS) ++ AC_CHECK_LIB(ssl, OSSL_PROVIDER_try_load, [ ++ AC_DEFINE(HAVE_OSSL_PROVIDER_try_load,, [Build with OSSL_PROVIDER_try_load support]) ++ ],, $SSL_LIBS) ++ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [ ++ AC_DEFINE(HAVE_OPENSSL_init_ssl,, [Build with OPENSSL_init_ssl support]) ++ ],, $SSL_LIBS) ++ AC_CHECK_LIB(ssl, OPENSSL_cleanup, [ ++ AC_DEFINE(HAVE_OPENSSL_cleanup,, [OpenSSL supports OPENSSL_cleanup()]) ++ ],, $SSL_LIBS) ++ AC_CHECK_LIB(ssl, OPENSSL_thread_stop, [ ++ AC_DEFINE(HAVE_OPENSSL_thread_stop,, [OpenSSL supports OPENSSL_thread_stop()]) ++ ],, $SSL_LIBS) ++ AC_CHECK_LIB(ssl, ERR_remove_thread_state, [ ++ AC_DEFINE(HAVE_ERR_remove_thread_state,, [OpenSSL supports ERR_remove_thread_state()]) ++ ],, $SSL_LIBS) ++ AC_CHECK_LIB(ssl, ERR_remove_state, [ ++ AC_DEFINE(HAVE_ERR_remove_state,, [OpenSSL supports ERR_remove_state()]) ++ ],, $SSL_LIBS) ++ AC_CHECK_LIB(ssl, ENGINE_by_id_DISABLED, [ ++ AC_DEFINE(HAVE_ENGINE_by_id,, [OpenSSL supports ENGINE_by_id() - !!!EXPLICITELY DISABLED!!! ]) ++ ],, $SSL_LIBS) + AC_CHECK_LIB(ssl, EC_GROUP_order_bits, [ + AC_DEFINE(HAVE_EC_GROUP_order_bits,, [Build with EC_GROUP_order_bits support]) + ],, $SSL_LIBS) +diff --git dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c.noengine dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c +index 1cbe352541..239a981251 100644 +--- dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c.noengine ++++ dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c +@@ -20,7 +20,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff -up dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c.noengine dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c +--- dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c.noengine 2023-09-14 15:17:46.000000000 +0200 ++++ dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c 2024-05-06 17:39:59.363886901 +0200 +@@ -3,13 +3,23 @@ + #include "lib.h" + #include "randgen.h" + #include "dovecot-openssl-common.h" ++#include "iostream-openssl.h" + + #include +-#include ++#include ++#ifdef HAVE_OSSL_PROVIDER_try_load ++# include ++#else ++# include ++#endif + #include + + static int openssl_init_refcount = 0; +-static ENGINE *dovecot_openssl_engine; ++#ifdef HAVE_OSSL_PROVIDER_try_load ++static OSSL_PROVIDER *dovecot_openssl_engine = NULL; ++#else ++static ENGINE *dovecot_openssl_engine = NULL; ++#endif + + #ifdef HAVE_SSL_NEW_MEM_FUNCS + static void *dovecot_openssl_malloc(size_t size, const char *u0 ATTR_UNUSED, int u1 ATTR_UNUSED) +@@ -17,12 +27,14 @@ static void *dovecot_openssl_malloc(size + static void *dovecot_openssl_malloc(size_t size) + #endif + { ++ if (size == 0) ++ return NULL; + /* this may be performance critical, so don't use + i_malloc() or calloc() */ + void *mem = malloc(size); +- if (mem == NULL) { ++ if (unlikely(mem == NULL)) { + i_fatal_status(FATAL_OUTOFMEM, +- "OpenSSL: malloc(%zu): Out of memory", size); ++ "OpenSSL: malloc(%zu): Out of memory", size); + } + return mem; + } +@@ -33,10 +45,14 @@ static void *dovecot_openssl_realloc(voi + static void *dovecot_openssl_realloc(void *ptr, size_t size) + #endif + { ++ if (size == 0) { ++ free(ptr); ++ return NULL; ++ } + void *mem = realloc(ptr, size); +- if (mem == NULL) { ++ if (unlikely(mem == NULL)) { + i_fatal_status(FATAL_OUTOFMEM, +- "OpenSSL: realloc(%zu): Out of memory", size); ++ "OpenSSL: realloc(%zu): Out of memory", size); + } + return mem; + } +@@ -63,9 +79,13 @@ void dovecot_openssl_common_global_ref(v + /*i_warning("CRYPTO_set_mem_functions() was called too late");*/ + } + ++#ifdef HAVE_OPENSSL_init_ssl ++ OPENSSL_init_ssl(0, NULL); ++#else + SSL_library_init(); + SSL_load_error_strings(); + OpenSSL_add_all_algorithms(); ++#endif + } + + bool dovecot_openssl_common_global_unref(void) +@@ -76,30 +96,35 @@ bool dovecot_openssl_common_global_unref + return TRUE; + + if (dovecot_openssl_engine != NULL) { ++#ifdef HAVE_OSSL_PROVIDER_try_load ++ OSSL_PROVIDER_unload(dovecot_openssl_engine); ++#else + ENGINE_finish(dovecot_openssl_engine); ++#endif + dovecot_openssl_engine = NULL; + } ++#ifdef HAVE_OPENSSL_cleanup ++ OPENSSL_cleanup(); ++#else + /* OBJ_cleanup() is called automatically by EVP_cleanup() in + newer versions. Doesn't hurt to call it anyway. */ + OBJ_cleanup(); +-#ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS ++# if !defined(OPENSSL_NO_COMP) + SSL_COMP_free_compression_methods(); +-#endif ++# endif + ENGINE_cleanup(); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); +-#ifdef HAVE_OPENSSL_AUTO_THREAD_DEINIT ++# ifdef HAVE_OPENSSL_thread_stop + /* no cleanup needed */ +-#elif defined(HAVE_OPENSSL_ERR_REMOVE_THREAD_STATE) ++# elif defined(HAVE_ERR_remove_thread_state) + /* This was marked as deprecated in v1.1. */ + ERR_remove_thread_state(NULL); +-#else ++# elif defined(HAVE_ERR_remove_state) + /* This was deprecated by ERR_remove_thread_state(NULL) in v1.0.0. */ + ERR_remove_state(0); +-#endif ++# endif + ERR_free_strings(); +-#ifdef HAVE_OPENSSL_CLEANUP +- OPENSSL_cleanup(); + #endif + return FALSE; + } +@@ -110,6 +135,7 @@ int dovecot_openssl_common_global_set_en + if (dovecot_openssl_engine != NULL) + return 1; + ++#ifdef HAVE_ENGINE_by_id + ENGINE_load_builtin_engines(); + dovecot_openssl_engine = ENGINE_by_id(engine); + if (dovecot_openssl_engine == NULL) { +@@ -128,5 +154,15 @@ int dovecot_openssl_common_global_set_en + dovecot_openssl_engine = NULL; + return -1; + } ++#elif defined(HAVE_OSSL_PROVIDER_try_load) ++ if ((dovecot_openssl_engine = OSSL_PROVIDER_try_load(NULL, engine, 1)) == NULL) { ++ *error_r = t_strdup_printf("Cannot load '%s': %s", engine, ++ openssl_iostream_error()); ++ return 0; ++ } ++ return 1; ++#else ++ *error_r = t_strdup_printf("Cannot load '%s': No engine/provider support available", engine); ++#endif + return 1; + } +diff -up dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am.noengine dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am +--- dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am.noengine 2023-09-14 15:17:46.000000000 +0200 ++++ dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am 2024-05-06 17:39:59.363886901 +0200 +@@ -5,7 +5,8 @@ NOPLUGIN_LDFLAGS = + AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-test \ +- -DMODULE_DIR=\""$(moduledir)"\" ++ -DMODULE_DIR=\""$(moduledir)"\" \ ++ $(SSL_CFLAGS) + + if BUILD_OPENSSL + module_LTLIBRARIES = libssl_iostream_openssl.la diff --git a/dovecot.spec b/dovecot.spec index 72637af..7bc2fb2 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -57,6 +57,9 @@ Patch25: dovecot-2.3-ph_scriptcmp.patch # imap: Shorten test-imap-client-hibernate socket path length Patch26: dovecot-2.3.21-test-socket-path.patch +# Compile without OpenSSL ENGINE, adapted from 2.4 dovecot, issue #RHEL-33733 +Patch27: dovecot-2.3.21-noengine.patch + BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel @@ -166,6 +169,7 @@ mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 24 -p1 -b .ph_optglob %patch -P 25 -p1 -b .ph_scriptcmp %patch -P 26 -p1 -b .test-socket-path +%patch -P 27 -p1 -b .noengine cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude @@ -512,6 +516,7 @@ make check %changelog * Tue Jun 18 2024 Michal Hlavinka - 1:2.3.21-8 - fix sieve crash when there are two missing optional scripts +- Do not use deprecated OpenSSL v3 ENGINE API * Tue Mar 26 2024 Michal Hlavinka - 1:2.3.21-7 - drop i686 build as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval From 341d1956fc601e2e54d8b01c711b0a506552247d Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Fri, 5 Jul 2024 13:37:08 -0400 Subject: [PATCH 124/146] Drop dependency on libstemmer on RHEL libstemmer is being dropped from RHEL 10; based on c10s: https://gitlab.com/redhat/centos-stream/rpms/dovecot/-/commit/457d2d7eff114504dc895f9db6d976c2f0396cbd --- dovecot.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/dovecot.spec b/dovecot.spec index 7bc2fb2..4133291 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -81,7 +81,9 @@ BuildRequires: libicu-devel BuildRequires: libexttextcat-devel BuildRequires: clucene-core-devel %endif +%if %{?rhel}0 == 0 BuildRequires: libstemmer-devel +%endif BuildRequires: multilib-rpm-config BuildRequires: flex, bison BuildRequires: systemd-devel @@ -212,7 +214,11 @@ autoreconf -I . -fiv #required for aarch64 support --with-libcap \ --with-icu \ %if %{?rhel}0 == 0 + --with-libstemmer \ --with-lua=plugin \ +%else + --without-libstemmer \ + --without-lua \ %endif %if 0%{?rhel} == 0 && 0%{?fedora}0 < 38 --with-lucene \ @@ -517,6 +523,7 @@ make check * Tue Jun 18 2024 Michal Hlavinka - 1:2.3.21-8 - fix sieve crash when there are two missing optional scripts - Do not use deprecated OpenSSL v3 ENGINE API +- Drop dependency on libstemmer on RHEL * Tue Mar 26 2024 Michal Hlavinka - 1:2.3.21-7 - drop i686 build as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval From fa1cc5039f457b38f1bb26d0c7f7a762e598f86e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 17 Jul 2024 21:19:55 +0000 Subject: [PATCH 125/146] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 4133291..b2a432d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21 %global prever %{nil} -Release: 8%{?dist} +Release: 9%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -520,6 +520,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jul 17 2024 Fedora Release Engineering - 1:2.3.21-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Tue Jun 18 2024 Michal Hlavinka - 1:2.3.21-8 - fix sieve crash when there are two missing optional scripts - Do not use deprecated OpenSSL v3 ENGINE API From 5abbf370d553db7af43943676c8ac232a6eeab13 Mon Sep 17 00:00:00 2001 From: Gordon Messmer Date: Thu, 1 Aug 2024 11:53:24 -0700 Subject: [PATCH 126/146] Examine the server process GOT for signs of tampering. --- .fmf/version | 1 + plans/main.fmf | 6 +++++ tests/got-audit/got-audit.gdb | 2 ++ tests/got-audit/main.fmf | 10 +++++++++ tests/got-audit/runtest.sh | 41 +++++++++++++++++++++++++++++++++++ tests/main.fmf | 2 ++ 6 files changed, 62 insertions(+) create mode 100644 .fmf/version create mode 100644 plans/main.fmf create mode 100644 tests/got-audit/got-audit.gdb create mode 100644 tests/got-audit/main.fmf create mode 100755 tests/got-audit/runtest.sh create mode 100644 tests/main.fmf diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..ae0c305 --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,6 @@ +summary: Run all tests +execute: + how: tmt +discover: + how: fmf + diff --git a/tests/got-audit/got-audit.gdb b/tests/got-audit/got-audit.gdb new file mode 100644 index 0000000..6661297 --- /dev/null +++ b/tests/got-audit/got-audit.gdb @@ -0,0 +1,2 @@ +gef config gef.disable_color True +got-audit --all diff --git a/tests/got-audit/main.fmf b/tests/got-audit/main.fmf new file mode 100644 index 0000000..a90b249 --- /dev/null +++ b/tests/got-audit/main.fmf @@ -0,0 +1,10 @@ +summary: Audit the GOT for signs of tampering +description: | + Pointers in the server process GOT will be checked to ensure that + each function pointer's value is within a shared object file + that exports a symbol of that name, and that no shared object + files export conflicting symbols. +contact: Gordon Messmer +require+: + - gdb-gef # needed to test got-audit + diff --git a/tests/got-audit/runtest.sh b/tests/got-audit/runtest.sh new file mode 100755 index 0000000..0c98471 --- /dev/null +++ b/tests/got-audit/runtest.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dovecot/Sanity/got-audit +# Description: Check pointers in the server process GOT for signs of tampering +# Author: Gordon Messmer +# + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +rlJournalStart + rlPhaseStartSetup + rlServiceStart dovecot + rlRun "TestDir=\$(pwd)" + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlRun "auditfile=\$(mktemp --tmpdir=${TmpDir})" + rlPhaseEnd + + rlPhaseStartTest "Run GEF got-audit" + rlRun "SERVICE_PID=\$( systemctl show --property=MainPID dovecot.service | cut -f2 -d= )" + rlRun "echo SERVICE_PID is '$SERVICE_PID'" + [ -n "$SERVICE_PID" ] || rlFail "No service pid was found" + rlRun "gdb-gef --pid '$SERVICE_PID' --command='$TestDir'/got-audit.gdb --batch > '$auditfile'" + # Basic test: ensure that at least one symbol is found in libc.so, + # to verify that the report looks plausible. + rlAssertGrep " : /.*/libc.so" "$auditfile" + # Ensure the got-audit did not report any errors + rlAssertNotGrep " :: ERROR" "$auditfile" + rlRun "cp '$auditfile' '$TMT_TEST_DATA'/got-audit.txt" + rlPhaseEnd + + rlPhaseStartCleanup + rlServiceRestore dovecot + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/main.fmf b/tests/main.fmf new file mode 100644 index 0000000..f225a72 --- /dev/null +++ b/tests/main.fmf @@ -0,0 +1,2 @@ +test: ./runtest.sh +framework: beakerlib From 6f7ee4008d5c89c19de6520d72491c3d69c6538e Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 19 Aug 2024 14:15:04 +0200 Subject: [PATCH 127/146] updated to 2.3.21.1(2304907) --- dovecot.spec | 7 +++++-- sources | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index b2a432d..89f7fc5 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,9 +4,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.21 +Version: 2.3.21.1 %global prever %{nil} -Release: 9%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -520,6 +520,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Aug 19 2024 Michal Hlavinka - 1:2.3.21.1-1 +- updated to 2.3.21.1(2304907) + * Wed Jul 17 2024 Fedora Release Engineering - 1:2.3.21-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild diff --git a/sources b/sources index 399a48e..794598b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.21.tar.gz) = 2d463c38639c3fd3d617ee5b1a4e4d0c11362339c4d4d62a5a90164a8b10bc58919545679bbf379139bdb743fdb013033abfddc1fc6401eb8099463cdc2401ca +SHA512 (dovecot-2.3.21.1.tar.gz) = 9de6ce3a579ef2040248b692874a6d64a732bb735a9cee3144604927cad49690c4b0e29f7ecf3af23190d56f30956d955d13acd5d352534df62fbdfde4b60f9f SHA512 (dovecot-2.3-pigeonhole-0.5.21.tar.gz) = 5537444025a474ee1b79919a424e24530695aec639361c531257f25fac286673719d476906d99d47e348deb57baa75419bff7dd284c82d2b751334dedec96314 From 209b81316bbbf49d07202abbab688f981a02d88c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 2 Oct 2024 13:28:08 +0200 Subject: [PATCH 128/146] pigeonhole updated to 0.5.21.1 --- dovecot.spec | 7 +++++-- sources | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 89f7fc5..43e0724 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21.1 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -14,7 +14,7 @@ URL: https://www.dovecot.org/ Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.21 +%global pigeonholever 0.5.21.1 Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -520,6 +520,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Oct 02 2024 Michal Hlavinka - 1:2.3.21.1-2 +- pigeonhole updated to 0.5.21.1 + * Mon Aug 19 2024 Michal Hlavinka - 1:2.3.21.1-1 - updated to 2.3.21.1(2304907) diff --git a/sources b/sources index 794598b..a62fbdb 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (dovecot-2.3.21.1.tar.gz) = 9de6ce3a579ef2040248b692874a6d64a732bb735a9cee3144604927cad49690c4b0e29f7ecf3af23190d56f30956d955d13acd5d352534df62fbdfde4b60f9f -SHA512 (dovecot-2.3-pigeonhole-0.5.21.tar.gz) = 5537444025a474ee1b79919a424e24530695aec639361c531257f25fac286673719d476906d99d47e348deb57baa75419bff7dd284c82d2b751334dedec96314 +SHA512 (dovecot-2.3-pigeonhole-0.5.21.1.tar.gz) = 7387b417611599fe70d1a83d3b408321e66f5a883bf78a9d55c7496b1a17220677daebaefde2061e0d7064fe07c410ecfc64662878bb253ddcd9e128dd83fbaa From 3df7c90635ed3969564fc622d511d347d69aec17 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 16:10:22 +0000 Subject: [PATCH 129/146] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 43e0724..9c6b883 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21.1 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -520,6 +520,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jan 16 2025 Fedora Release Engineering - 1:2.3.21.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Wed Oct 02 2024 Michal Hlavinka - 1:2.3.21.1-2 - pigeonhole updated to 0.5.21.1 From 4c5334294744b552c6c5b4fc023f71fa35273e00 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 29 Jan 2025 11:06:17 +0100 Subject: [PATCH 130/146] fix ftbfs fix ftbfs fix ftbfs fix ftbfs fix ftbfs --- dovecot-2.3.21.1-fixicu.patch | 13 +++++++++++++ dovecot.spec | 7 ++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.3.21.1-fixicu.patch diff --git a/dovecot-2.3.21.1-fixicu.patch b/dovecot-2.3.21.1-fixicu.patch new file mode 100644 index 0000000..19f0658 --- /dev/null +++ b/dovecot-2.3.21.1-fixicu.patch @@ -0,0 +1,13 @@ +diff -up dovecot-2.3.20/m4/want_icu.m4.fixicu dovecot-2.3.20/m4/want_icu.m4 +--- dovecot-2.3.20/m4/want_icu.m4.fixicu 2022-12-21 09:49:12.000000000 +0100 ++++ dovecot-2.3.20/m4/want_icu.m4 2025-01-29 10:47:25.765768562 +0100 +@@ -1,7 +1,7 @@ + AC_DEFUN([DOVECOT_WANT_ICU], [ + if test "$want_icu" != "no"; then +- if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n 2>/dev/null; then +- PKG_CHECK_MODULES(LIBICU, icu-i18n) ++ if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n icu-uc 2>/dev/null; then ++ PKG_CHECK_MODULES(LIBICU, icu-i18n icu-uc) + have_icu=yes + AC_DEFINE(HAVE_LIBICU,, [Define if you want ICU normalization support for FTS]) + elif test "$want_icu" = "yes"; then diff --git a/dovecot.spec b/dovecot.spec index 9c6b883..fb794a0 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21.1 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -59,6 +59,7 @@ Patch26: dovecot-2.3.21-test-socket-path.patch # Compile without OpenSSL ENGINE, adapted from 2.4 dovecot, issue #RHEL-33733 Patch27: dovecot-2.3.21-noengine.patch +Patch28: dovecot-2.3.21.1-fixicu.patch BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig @@ -172,6 +173,7 @@ mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 25 -p1 -b .ph_scriptcmp %patch -P 26 -p1 -b .test-socket-path %patch -P 27 -p1 -b .noengine +%patch -P 28 -p1 -b .fixicu cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude @@ -520,6 +522,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jan 29 2025 Michal Hlavinka - 1:2.3.21.1-4 +- fix ftbfs + * Thu Jan 16 2025 Fedora Release Engineering - 1:2.3.21.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From b2ca856c570be1eeed7f1a98939b111eecc7664c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 29 Jan 2025 11:27:22 +0100 Subject: [PATCH 131/146] fix failing test --- dovecot-2.3.21.1-fixtestdatastack.patch | 16 ++++++++++++++++ dovecot.spec | 4 ++++ 2 files changed, 20 insertions(+) create mode 100644 dovecot-2.3.21.1-fixtestdatastack.patch diff --git a/dovecot-2.3.21.1-fixtestdatastack.patch b/dovecot-2.3.21.1-fixtestdatastack.patch new file mode 100644 index 0000000..dc7bac8 --- /dev/null +++ b/dovecot-2.3.21.1-fixtestdatastack.patch @@ -0,0 +1,16 @@ +diff --git a/src/lib/test-data-stack.c b/src/lib/test-data-stack.c +index 3c33597685..03f97b4a50 100644 +--- a/src/lib/test-data-stack.c ++++ b/src/lib/test-data-stack.c +@@ -98,9 +98,9 @@ static void test_ds_get_bytes_available(void) + if (i > 0) + t_malloc_no0(i); + avail1 = t_get_bytes_available(); +- t_malloc_no0(avail1); ++ (void)t_malloc_no0(avail1); + test_assert_idx(t_get_bytes_available() == 0, i); +- t_malloc_no0(1); ++ (void)t_malloc_no0(1); + test_assert_idx(t_get_bytes_available() > 0, i); + } T_END; + T_BEGIN { diff --git a/dovecot.spec b/dovecot.spec index fb794a0..3da99a7 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -61,6 +61,9 @@ Patch26: dovecot-2.3.21-test-socket-path.patch Patch27: dovecot-2.3.21-noengine.patch Patch28: dovecot-2.3.21.1-fixicu.patch +# from upstream, for <= 2.3.21.1 +Patch29: dovecot-2.3.21.1-fixtestdatastack.patch + BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel @@ -174,6 +177,7 @@ mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 26 -p1 -b .test-socket-path %patch -P 27 -p1 -b .noengine %patch -P 28 -p1 -b .fixicu +%patch -P 29 -p1 -b .fixtestdatastack cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude From 87cbd4abfcc3cbb0b9314f847344d69d8a82a245 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 29 Jan 2025 12:39:49 +0100 Subject: [PATCH 132/146] more fixes needed --- dovecot-2.3.21.1-fixtestdatastack.patch | 8 ++++++++ dovecot.spec | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/dovecot-2.3.21.1-fixtestdatastack.patch b/dovecot-2.3.21.1-fixtestdatastack.patch index dc7bac8..7a02167 100644 --- a/dovecot-2.3.21.1-fixtestdatastack.patch +++ b/dovecot-2.3.21.1-fixtestdatastack.patch @@ -14,3 +14,11 @@ index 3c33597685..03f97b4a50 100644 test_assert_idx(t_get_bytes_available() > 0, i); } T_END; T_BEGIN { +@@ -188,7 +188,6 @@ static void test_ds_buffers(void) + void *b = t_buffer_get(1000); + void *a = t_malloc_no0(1); + void *b2 = t_buffer_get(1001); +- test_assert(a == b); /* expected, not guaranteed */ + test_assert(b2 != b); + } T_END; + test_end(); diff --git a/dovecot.spec b/dovecot.spec index 3da99a7..4bce7c3 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -61,7 +61,7 @@ Patch26: dovecot-2.3.21-test-socket-path.patch Patch27: dovecot-2.3.21-noengine.patch Patch28: dovecot-2.3.21.1-fixicu.patch -# from upstream, for <= 2.3.21.1 +# from upstream PR#229, for < 2.4 Patch29: dovecot-2.3.21.1-fixtestdatastack.patch BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel From 3addd9914fc93da19f8b7a8ff567fd3d961a596b Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 5 Feb 2025 13:00:03 +0100 Subject: [PATCH 133/146] fix sysusers config file name --- dovecot.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 4bce7c3..cd44759 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21.1 %global prever %{nil} -Release: 4%{?dist} +Release: 5%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -286,7 +286,7 @@ install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5 #install waitonline script install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript -install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.sysusers +install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.conf # generate ghost .pem files mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs @@ -388,7 +388,7 @@ make check %_tmpfilesdir/dovecot.conf -%{_sysusersdir}/dovecot.sysusers +%{_sysusersdir}/dovecot.conf %{_unitdir}/dovecot.service %{_unitdir}/dovecot-init.service %{_unitdir}/dovecot.socket @@ -526,6 +526,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Feb 05 2025 Michal Hlavinka - 1:2.3.21.1-5 +- fix sysusers config file name + * Wed Jan 29 2025 Michal Hlavinka - 1:2.3.21.1-4 - fix ftbfs From 185ca6506af62223398098e1905752468bfb8ba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Feb 2025 17:03:17 +0100 Subject: [PATCH 134/146] Drop call to %sysusers_create_compat After https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers, rpm will handle account creation automatically. --- dovecot.spec | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index cd44759..a48827d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.21.1 %global prever %{nil} -Release: 5%{?dist} +Release: 6%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -101,7 +101,6 @@ BuildRequires: gettext-devel Requires: openssl >= 0.9.7f-4 # Package includes an initscript service file, needs to require initscripts package -Requires(pre): shadow-utils Requires: systemd Requires(post): systemd-units Requires(preun): systemd-units @@ -324,9 +323,6 @@ popd %pre -#dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid -%sysusers_create_compat %{SOURCE16} - # do not let dovecot run during upgrade rhbz#134325 if [ "$1" = "2" ]; then rm -f %restart_flag @@ -526,6 +522,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 1:2.3.21.1-6 +- Drop call to %sysusers_create_compat + * Wed Feb 05 2025 Michal Hlavinka - 1:2.3.21.1-5 - fix sysusers config file name From 307379e46319db47b6d583eea0426d9ecfc63fea Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 5 Jun 2025 17:02:02 +0200 Subject: [PATCH 135/146] update to new major version 2.4 and trim changelog --- dovecot-2.0-defaultconfig.patch | 118 +- dovecot-2.1.10-waitonline.patch | 8 +- dovecot-2.2.20-initbysystemd.patch | 34 +- dovecot-2.3-ph_optglob.patch | 30 +- dovecot-2.3.0.1-libxcrypt.patch | 11 - dovecot-2.3.14-opensslv3.patch | 34 - dovecot-2.3.15-fixvalcond.patch | 20 +- dovecot-2.3.19.1-7bad6a24.patch | 131 - dovecot-2.3.21-noengine.patch | 201 -- dovecot-2.3.21-test-socket-path.patch | 22 - dovecot-2.3.21.1-fixtestdatastack.patch | 24 - ....patch => dovecot-2.4.1-opensslhmac3.patch | 559 +++-- dovecot-configure-c99.patch | 25 - dovecot.spec | 2195 +---------------- sources | 4 +- 15 files changed, 559 insertions(+), 2857 deletions(-) delete mode 100644 dovecot-2.3.0.1-libxcrypt.patch delete mode 100644 dovecot-2.3.14-opensslv3.patch delete mode 100644 dovecot-2.3.19.1-7bad6a24.patch delete mode 100644 dovecot-2.3.21-noengine.patch delete mode 100644 dovecot-2.3.21-test-socket-path.patch delete mode 100644 dovecot-2.3.21.1-fixtestdatastack.patch rename dovecot-2.3.6-opensslhmac.patch => dovecot-2.4.1-opensslhmac3.patch (59%) delete mode 100644 dovecot-configure-c99.patch diff --git a/dovecot-2.0-defaultconfig.patch b/dovecot-2.0-defaultconfig.patch index 21f00ec..1fcc276 100644 --- a/dovecot-2.0-defaultconfig.patch +++ b/dovecot-2.0-defaultconfig.patch @@ -1,42 +1,88 @@ -diff -up dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf ---- dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings 2021-08-06 11:25:51.000000000 +0200 -+++ dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf 2021-10-27 11:13:45.666956339 +0200 -@@ -175,7 +175,7 @@ namespace inbox { - # to make sure that users can't log in as daemons or other system users. - # Note that denying root logins is hardcoded to dovecot binary and can't - # be done even if first_valid_uid is set to 0. --#first_valid_uid = 500 +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in +--- dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-settings 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in 2025-06-03 16:50:19.632050332 +0200 +@@ -24,16 +24,13 @@ protocols { + lmtp = yes + } + +-mail_home = /srv/mail/%{user} +-mail_driver = sdbox ++mail_home = /home/%{user} ++mail_driver = maildir + mail_path = ~/mail + +-mail_uid = vmail +-mail_gid = vmail +- +-# By default first_valid_uid is 500. If your vmail user's UID is smaller, ++# By default first_valid_uid is 1000. If your vmail user's UID is smaller, + # you need to modify this: +-#first_valid_uid = uid-number-of-vmail-user +first_valid_uid = 1000 - #last_valid_uid = 0 - # Valid GID range for users, defaults to non-root/wheel. Users having -@@ -322,6 +322,7 @@ protocol !indexer-worker { - # them simultaneously. - #mbox_read_locks = fcntl - #mbox_write_locks = dotlock fcntl -+mbox_write_locks = fcntl + namespace inbox { + inbox = yes +@@ -44,7 +41,13 @@ namespace inbox { + passdb pam { + } - # Maximum time to wait for lock (all of them) before aborting. - #mbox_lock_timeout = 5 mins -diff -up dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf ---- dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings 2021-08-06 11:25:51.000000000 +0200 -+++ dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf 2021-10-27 11:13:02.834533975 +0200 -@@ -3,7 +3,9 @@ - ## - - # SSL/TLS support: yes, no, required. --#ssl = yes -+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps -+# plain imap and pop3 are still allowed for local connections ++userdb passwd { ++} ++ +ssl = required - - # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before - # dropping root privileges, so keep the key file unreadable by anyone but -@@ -64,6 +66,7 @@ ssl_key = &1;\ +fi' + -diff -up dovecot-2.3.15/dovecot.service.in.initbysystemd dovecot-2.3.15/dovecot.service.in ---- dovecot-2.3.15/dovecot.service.in.initbysystemd 2021-06-21 20:21:49.250680889 +0200 -+++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:22:46.935981920 +0200 +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in +--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd 2025-06-02 23:32:10.685195261 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in 2025-06-02 23:34:03.123174934 +0200 @@ -11,7 +11,8 @@ Description=Dovecot IMAP/POP3 email server Documentation=man:dovecot(1) Documentation=https://doc.dovecot.org/ --After=local-fs.target network-online.target -+After=local-fs.target network-online.target dovecot-init.service +-After=local-fs.target network-online.target remote-fs.target time-sync.target ++After=local-fs.target network-online.target remote-fs.target time-sync.target dovecot-init.service +Requires=dovecot-init.service Wants=network-online.target [Service] -diff -up dovecot-2.3.15/Makefile.am.initbysystemd dovecot-2.3.15/Makefile.am ---- dovecot-2.3.15/Makefile.am.initbysystemd 2021-06-21 20:21:49.250680889 +0200 -+++ dovecot-2.3.15/Makefile.am 2021-06-21 20:24:26.676765849 +0200 -@@ -21,6 +21,7 @@ EXTRA_DIST = \ +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am 2025-06-02 23:33:22.221675050 +0200 +@@ -19,6 +19,7 @@ EXTRA_DIST = \ + update-version.sh \ run-test-valgrind.supp \ dovecot.service.in \ - dovecot.socket \ + dovecot-init.service \ - $(conf_DATA) - - noinst_DATA = dovecot-config -@@ -69,7 +70,8 @@ dovecot-config: dovecot-config.in Makefi + dovecot.socket \ + version \ + build-aux/git-abi-version-gen \ +@@ -67,7 +68,8 @@ dovecot-config: dovecot-config.in Makefi if WANT_SYSTEMD systemdsystemunit_DATA = \ dovecot.socket \ diff --git a/dovecot-2.3-ph_optglob.patch b/dovecot-2.3-ph_optglob.patch index d31527c..55bf77a 100644 --- a/dovecot-2.3-ph_optglob.patch +++ b/dovecot-2.3-ph_optglob.patch @@ -1,26 +1,26 @@ -diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c ---- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob 2024-06-04 09:11:28.514189662 +0200 -+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c 2024-06-04 09:18:23.219809778 +0200 -@@ -368,11 +368,13 @@ static bool opc_include_dump - return FALSE; +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob 2025-06-03 23:43:09.773363279 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c 2025-06-03 23:47:49.234931325 +0200 +@@ -361,11 +361,13 @@ static bool opc_include_dump(const struc sieve_code_descend(denv); -- sieve_code_dumpf(denv, "script: `%s' from %s %s%s[ID: %d, BLOCK: %d]", -+ sieve_code_dumpf(denv, "script: `%s' from %s %s%s%s[ID: %d, BLOCK: %d]", - sieve_script_name(included->script), sieve_script_location(included->script), - ((flags & EXT_INCLUDE_FLAG_ONCE) != 0 ? "(once) " : ""), + sieve_code_dumpf( +- denv, "script: '%s' %s%s[ID: %d, BLOCK: %d]", ++ denv, "script: '%s' %s%s%s[ID: %d, BLOCK: %d]", + sieve_script_label(included->script), + ((flags & EXT_INCLUDE_FLAG_ONCE) != 0 ? "(once) " : ""), ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0 ? "(optional) " : ""), - include_id, sieve_binary_block_get_id(included->block)); -+ (included->block == NULL ? "(missing) " : ""), -+ include_id, ++ (included->block == NULL ? "(missing) " : ""), ++ include_id, + (included->block == NULL ? -1 : sieve_binary_block_get_id(included->block))); return TRUE; } -diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c ---- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob 2023-09-14 15:18:26.000000000 +0200 -+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c 2024-06-04 09:10:45.187823805 +0200 -@@ -693,6 +693,25 @@ int ext_include_execute_include(const st +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob 2025-01-24 08:09:43.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c 2025-06-03 23:43:09.773531445 +0200 +@@ -715,6 +715,25 @@ int ext_include_execute_include(const st } ctx = ext_include_get_interpreter_context(this_ext, renv->interp); diff --git a/dovecot-2.3.0.1-libxcrypt.patch b/dovecot-2.3.0.1-libxcrypt.patch deleted file mode 100644 index a8c33bf..0000000 --- a/dovecot-2.3.0.1-libxcrypt.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c ---- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.000000000 +0100 -+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200 -@@ -14,6 +14,7 @@ - # define _XPG6 /* Some Solaris versions require this, some break with this */ - #endif - #include -+#include - - #include "mycrypt.h" - diff --git a/dovecot-2.3.14-opensslv3.patch b/dovecot-2.3.14-opensslv3.patch deleted file mode 100644 index fa6c44f..0000000 --- a/dovecot-2.3.14-opensslv3.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c ---- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 2021-06-03 18:56:52.573174433 +0200 -+++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c 2021-06-03 18:56:52.585174274 +0200 -@@ -73,10 +73,30 @@ - 2key algo oid1symmetric algo namesalthash algoroundsE(RSA = i2d_PrivateKey, EC=Private Point)key id - **/ - -+#if OPENSSL_VERSION_MAJOR == 3 -+static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key) -+{ -+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key); -+ EVP_PKEY_set1_EC_KEY(key, eck); -+ EC_KEY_free(eck); -+ return eck; -+} -+ -+static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key) -+{ -+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key); -+ EVP_PKEY_set1_EC_KEY(key, eck); -+ return eck; -+} -+ -+#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3 -+#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3 -+#else - #ifndef HAVE_EVP_PKEY_get0 - #define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec - #define EVP_PKEY_get0_RSA(x) x->pkey.rsa - #endif -+#endif - - #ifndef HAVE_OBJ_LENGTH - #define OBJ_length(o) ((o)->length) diff --git a/dovecot-2.3.15-fixvalcond.patch b/dovecot-2.3.15-fixvalcond.patch index a064c26..4ef5447 100644 --- a/dovecot-2.3.15-fixvalcond.patch +++ b/dovecot-2.3.15-fixvalcond.patch @@ -1,19 +1,19 @@ -diff -up dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c ---- dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100 -+++ dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100 -@@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream - (struct sieve_dict_script *)script; +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2025-06-02 23:36:21.897399891 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2025-06-02 23:38:13.748569461 +0200 +@@ -102,7 +102,7 @@ sieve_dict_script_get_stream(struct siev + container_of(script, struct sieve_dict_script, script); struct sieve_dict_storage *dstorage = - (struct sieve_dict_storage *)script->storage; + container_of(storage, struct sieve_dict_storage, storage); - const char *path, *name = script->name, *data, *error; + const char *path, *name = script->name, *data, *error = NULL; int ret; dscript->data_pool = -diff -up dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.17/src/lib-storage/index/index-attribute.c ---- dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond 2021-10-27 13:09:04.000000000 +0200 -+++ dovecot-2.3.17/src/lib-storage/index/index-attribute.c 2021-11-02 21:51:36.109032050 +0100 -@@ -248,7 +248,7 @@ int index_storage_attribute_get(struct m +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c 2025-06-02 23:36:21.897571934 +0200 +@@ -250,7 +250,7 @@ int index_storage_attribute_get(struct m struct mail_attribute_value *value_r) { struct dict *dict; diff --git a/dovecot-2.3.19.1-7bad6a24.patch b/dovecot-2.3.19.1-7bad6a24.patch deleted file mode 100644 index c980dde..0000000 --- a/dovecot-2.3.19.1-7bad6a24.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Mon, 9 May 2022 15:23:33 +0300 -Subject: [PATCH] auth: Fix handling passdbs with identical driver/args but - different mechanisms/username_filter - -The passdb was wrongly deduplicated in this situation, causing wrong -mechanisms or username_filter setting to be used. This would be a rather -unlikely configuration though. - -Fixed by moving mechanisms and username_filter from struct passdb_module -to struct auth_passdb, which is where they should have been in the first -place. ---- - src/auth/auth-request.c | 6 +++--- - src/auth/auth.c | 18 ++++++++++++++++++ - src/auth/auth.h | 5 +++++ - src/auth/passdb.c | 15 ++------------- - src/auth/passdb.h | 4 ---- - 5 files changed, 28 insertions(+), 20 deletions(-) - -diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c -index cd08b1fa02..0ca29f3674 100644 ---- a/src/auth/auth-request.c -+++ b/src/auth/auth-request.c -@@ -534,8 +534,8 @@ auth_request_want_skip_passdb(struct auth_request *request, - struct auth_passdb *passdb) - { - /* if mechanism is not supported, skip */ -- const char *const *mechs = passdb->passdb->mechanisms; -- const char *const *username_filter = passdb->passdb->username_filter; -+ const char *const *mechs = passdb->mechanisms; -+ const char *const *username_filter = passdb->username_filter; - const char *username; - - username = request->fields.user; -@@ -548,7 +548,7 @@ auth_request_want_skip_passdb(struct auth_request *request, - return TRUE; - } - -- if (passdb->passdb->username_filter != NULL && -+ if (passdb->username_filter != NULL && - !auth_request_username_accepted(username_filter, username)) { - auth_request_log_debug(request, - request->mech != NULL ? AUTH_SUBSYS_MECH -diff --git a/src/auth/auth.c b/src/auth/auth.c -index f2f3fda20c..9f6c4ba60c 100644 ---- a/src/auth/auth.c -+++ b/src/auth/auth.c -@@ -99,6 +99,24 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *set, - auth_passdb->override_fields_tmpl = - passdb_template_build(auth->pool, set->override_fields); - -+ if (*set->mechanisms == '\0') { -+ auth_passdb->mechanisms = NULL; -+ } else if (strcasecmp(set->mechanisms, "none") == 0) { -+ auth_passdb->mechanisms = (const char *const[]){ NULL }; -+ } else { -+ auth_passdb->mechanisms = -+ (const char *const *)p_strsplit_spaces(auth->pool, -+ set->mechanisms, " ,"); -+ } -+ -+ if (*set->username_filter == '\0') { -+ auth_passdb->username_filter = NULL; -+ } else { -+ auth_passdb->username_filter = -+ (const char *const *)p_strsplit_spaces(auth->pool, -+ set->username_filter, " ,"); -+ } -+ - /* for backwards compatibility: */ - if (set->pass) - auth_passdb->result_success = AUTH_DB_RULE_CONTINUE; -diff --git a/src/auth/auth.h b/src/auth/auth.h -index f700e29d5c..460a179765 100644 ---- a/src/auth/auth.h -+++ b/src/auth/auth.h -@@ -41,6 +41,11 @@ struct auth_passdb { - struct passdb_template *default_fields_tmpl; - struct passdb_template *override_fields_tmpl; - -+ /* Supported authentication mechanisms, NULL is all, {NULL} is none */ -+ const char *const *mechanisms; -+ /* Username filter, NULL is no filter */ -+ const char *const *username_filter; -+ - enum auth_passdb_skip skip; - enum auth_db_rule result_success; - enum auth_db_rule result_failure; -diff --git a/src/auth/passdb.c b/src/auth/passdb.c -index eb4ac8ae82..f5eed1af4f 100644 ---- a/src/auth/passdb.c -+++ b/src/auth/passdb.c -@@ -224,19 +224,8 @@ passdb_preinit(pool_t pool, const struct auth_passdb_settings *set) - passdb->id = ++auth_passdb_id; - passdb->iface = *iface; - passdb->args = p_strdup(pool, set->args); -- if (*set->mechanisms == '\0') { -- passdb->mechanisms = NULL; -- } else if (strcasecmp(set->mechanisms, "none") == 0) { -- passdb->mechanisms = (const char *const[]){NULL}; -- } else { -- passdb->mechanisms = (const char* const*)p_strsplit_spaces(pool, set->mechanisms, " ,"); -- } -- -- if (*set->username_filter == '\0') { -- passdb->username_filter = NULL; -- } else { -- passdb->username_filter = (const char* const*)p_strsplit_spaces(pool, set->username_filter, " ,"); -- } -+ /* NOTE: if anything else than driver & args are added here, -+ passdb_find() also needs to be updated. */ - array_push_back(&passdb_modules, &passdb); - return passdb; - } -diff --git a/src/auth/passdb.h b/src/auth/passdb.h -index 2e95328e5c..e466a9fdb6 100644 ---- a/src/auth/passdb.h -+++ b/src/auth/passdb.h -@@ -63,10 +63,6 @@ struct passdb_module { - /* Default password scheme for this module. - If default_cache_key is set, must not be NULL. */ - const char *default_pass_scheme; -- /* Supported authentication mechanisms, NULL is all, [NULL] is none*/ -- const char *const *mechanisms; -- /* Username filter, NULL is no filter */ -- const char *const *username_filter; - - /* If blocking is set to TRUE, use child processes to access - this passdb. */ diff --git a/dovecot-2.3.21-noengine.patch b/dovecot-2.3.21-noengine.patch deleted file mode 100644 index c3bb50e..0000000 --- a/dovecot-2.3.21-noengine.patch +++ /dev/null @@ -1,201 +0,0 @@ -diff -up dovecot-2.3.21/m4/ssl.m4.noengine dovecot-2.3.21/m4/ssl.m4 ---- dovecot-2.3.21/m4/ssl.m4.noengine 2024-05-06 17:39:59.362886891 +0200 -+++ dovecot-2.3.21/m4/ssl.m4 2024-05-06 17:42:17.945312656 +0200 -@@ -233,6 +233,27 @@ AC_DEFUN([DOVECOT_SSL], [ - AC_CHECK_LIB(ssl, ECDSA_SIG_set0, [ - AC_DEFINE(HAVE_ECDSA_SIG_SET0,, [Build with ECDSA_SIG_set0 support]) - ],, $SSL_LIBS) -+ AC_CHECK_LIB(ssl, OSSL_PROVIDER_try_load, [ -+ AC_DEFINE(HAVE_OSSL_PROVIDER_try_load,, [Build with OSSL_PROVIDER_try_load support]) -+ ],, $SSL_LIBS) -+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [ -+ AC_DEFINE(HAVE_OPENSSL_init_ssl,, [Build with OPENSSL_init_ssl support]) -+ ],, $SSL_LIBS) -+ AC_CHECK_LIB(ssl, OPENSSL_cleanup, [ -+ AC_DEFINE(HAVE_OPENSSL_cleanup,, [OpenSSL supports OPENSSL_cleanup()]) -+ ],, $SSL_LIBS) -+ AC_CHECK_LIB(ssl, OPENSSL_thread_stop, [ -+ AC_DEFINE(HAVE_OPENSSL_thread_stop,, [OpenSSL supports OPENSSL_thread_stop()]) -+ ],, $SSL_LIBS) -+ AC_CHECK_LIB(ssl, ERR_remove_thread_state, [ -+ AC_DEFINE(HAVE_ERR_remove_thread_state,, [OpenSSL supports ERR_remove_thread_state()]) -+ ],, $SSL_LIBS) -+ AC_CHECK_LIB(ssl, ERR_remove_state, [ -+ AC_DEFINE(HAVE_ERR_remove_state,, [OpenSSL supports ERR_remove_state()]) -+ ],, $SSL_LIBS) -+ AC_CHECK_LIB(ssl, ENGINE_by_id_DISABLED, [ -+ AC_DEFINE(HAVE_ENGINE_by_id,, [OpenSSL supports ENGINE_by_id() - !!!EXPLICITELY DISABLED!!! ]) -+ ],, $SSL_LIBS) - AC_CHECK_LIB(ssl, EC_GROUP_order_bits, [ - AC_DEFINE(HAVE_EC_GROUP_order_bits,, [Build with EC_GROUP_order_bits support]) - ],, $SSL_LIBS) -diff --git dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c.noengine dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c -index 1cbe352541..239a981251 100644 ---- dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c.noengine -+++ dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c -@@ -20,7 +20,6 @@ - #include - #include - #include --#include - #include - #include - #include -diff -up dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c.noengine dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c ---- dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c.noengine 2023-09-14 15:17:46.000000000 +0200 -+++ dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c 2024-05-06 17:39:59.363886901 +0200 -@@ -3,13 +3,23 @@ - #include "lib.h" - #include "randgen.h" - #include "dovecot-openssl-common.h" -+#include "iostream-openssl.h" - - #include --#include -+#include -+#ifdef HAVE_OSSL_PROVIDER_try_load -+# include -+#else -+# include -+#endif - #include - - static int openssl_init_refcount = 0; --static ENGINE *dovecot_openssl_engine; -+#ifdef HAVE_OSSL_PROVIDER_try_load -+static OSSL_PROVIDER *dovecot_openssl_engine = NULL; -+#else -+static ENGINE *dovecot_openssl_engine = NULL; -+#endif - - #ifdef HAVE_SSL_NEW_MEM_FUNCS - static void *dovecot_openssl_malloc(size_t size, const char *u0 ATTR_UNUSED, int u1 ATTR_UNUSED) -@@ -17,12 +27,14 @@ static void *dovecot_openssl_malloc(size - static void *dovecot_openssl_malloc(size_t size) - #endif - { -+ if (size == 0) -+ return NULL; - /* this may be performance critical, so don't use - i_malloc() or calloc() */ - void *mem = malloc(size); -- if (mem == NULL) { -+ if (unlikely(mem == NULL)) { - i_fatal_status(FATAL_OUTOFMEM, -- "OpenSSL: malloc(%zu): Out of memory", size); -+ "OpenSSL: malloc(%zu): Out of memory", size); - } - return mem; - } -@@ -33,10 +45,14 @@ static void *dovecot_openssl_realloc(voi - static void *dovecot_openssl_realloc(void *ptr, size_t size) - #endif - { -+ if (size == 0) { -+ free(ptr); -+ return NULL; -+ } - void *mem = realloc(ptr, size); -- if (mem == NULL) { -+ if (unlikely(mem == NULL)) { - i_fatal_status(FATAL_OUTOFMEM, -- "OpenSSL: realloc(%zu): Out of memory", size); -+ "OpenSSL: realloc(%zu): Out of memory", size); - } - return mem; - } -@@ -63,9 +79,13 @@ void dovecot_openssl_common_global_ref(v - /*i_warning("CRYPTO_set_mem_functions() was called too late");*/ - } - -+#ifdef HAVE_OPENSSL_init_ssl -+ OPENSSL_init_ssl(0, NULL); -+#else - SSL_library_init(); - SSL_load_error_strings(); - OpenSSL_add_all_algorithms(); -+#endif - } - - bool dovecot_openssl_common_global_unref(void) -@@ -76,30 +96,35 @@ bool dovecot_openssl_common_global_unref - return TRUE; - - if (dovecot_openssl_engine != NULL) { -+#ifdef HAVE_OSSL_PROVIDER_try_load -+ OSSL_PROVIDER_unload(dovecot_openssl_engine); -+#else - ENGINE_finish(dovecot_openssl_engine); -+#endif - dovecot_openssl_engine = NULL; - } -+#ifdef HAVE_OPENSSL_cleanup -+ OPENSSL_cleanup(); -+#else - /* OBJ_cleanup() is called automatically by EVP_cleanup() in - newer versions. Doesn't hurt to call it anyway. */ - OBJ_cleanup(); --#ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS -+# if !defined(OPENSSL_NO_COMP) - SSL_COMP_free_compression_methods(); --#endif -+# endif - ENGINE_cleanup(); - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); --#ifdef HAVE_OPENSSL_AUTO_THREAD_DEINIT -+# ifdef HAVE_OPENSSL_thread_stop - /* no cleanup needed */ --#elif defined(HAVE_OPENSSL_ERR_REMOVE_THREAD_STATE) -+# elif defined(HAVE_ERR_remove_thread_state) - /* This was marked as deprecated in v1.1. */ - ERR_remove_thread_state(NULL); --#else -+# elif defined(HAVE_ERR_remove_state) - /* This was deprecated by ERR_remove_thread_state(NULL) in v1.0.0. */ - ERR_remove_state(0); --#endif -+# endif - ERR_free_strings(); --#ifdef HAVE_OPENSSL_CLEANUP -- OPENSSL_cleanup(); - #endif - return FALSE; - } -@@ -110,6 +135,7 @@ int dovecot_openssl_common_global_set_en - if (dovecot_openssl_engine != NULL) - return 1; - -+#ifdef HAVE_ENGINE_by_id - ENGINE_load_builtin_engines(); - dovecot_openssl_engine = ENGINE_by_id(engine); - if (dovecot_openssl_engine == NULL) { -@@ -128,5 +154,15 @@ int dovecot_openssl_common_global_set_en - dovecot_openssl_engine = NULL; - return -1; - } -+#elif defined(HAVE_OSSL_PROVIDER_try_load) -+ if ((dovecot_openssl_engine = OSSL_PROVIDER_try_load(NULL, engine, 1)) == NULL) { -+ *error_r = t_strdup_printf("Cannot load '%s': %s", engine, -+ openssl_iostream_error()); -+ return 0; -+ } -+ return 1; -+#else -+ *error_r = t_strdup_printf("Cannot load '%s': No engine/provider support available", engine); -+#endif - return 1; - } -diff -up dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am.noengine dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am ---- dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am.noengine 2023-09-14 15:17:46.000000000 +0200 -+++ dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am 2024-05-06 17:39:59.363886901 +0200 -@@ -5,7 +5,8 @@ NOPLUGIN_LDFLAGS = - AM_CPPFLAGS = \ - -I$(top_srcdir)/src/lib \ - -I$(top_srcdir)/src/lib-test \ -- -DMODULE_DIR=\""$(moduledir)"\" -+ -DMODULE_DIR=\""$(moduledir)"\" \ -+ $(SSL_CFLAGS) - - if BUILD_OPENSSL - module_LTLIBRARIES = libssl_iostream_openssl.la diff --git a/dovecot-2.3.21-test-socket-path.patch b/dovecot-2.3.21-test-socket-path.patch deleted file mode 100644 index 8132244..0000000 --- a/dovecot-2.3.21-test-socket-path.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 9a3e0d099044d3a7478c3a24ccb8990181767f7c Mon Sep 17 00:00:00 2001 -From: Duncan Bellamy -Date: Sat, 6 Mar 2021 14:25:29 +0000 -Subject: [PATCH] imap: Shorten test-imap-client-hibernate socket path length - ---- - src/imap/test-imap-client-hibernate.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/imap/test-imap-client-hibernate.c b/src/imap/test-imap-client-hibernate.c -index 9b90e1bd9a..c5392fa3fc 100644 ---- a/src/imap/test-imap-client-hibernate.c -+++ b/src/imap/test-imap-client-hibernate.c -@@ -19,7 +19,7 @@ - - #include - --#define TEMP_DIRNAME ".test-imap-client-hibernate" -+#define TEMP_DIRNAME ".test-ich" - - #define EVILSTR "\t\r\n\001" - diff --git a/dovecot-2.3.21.1-fixtestdatastack.patch b/dovecot-2.3.21.1-fixtestdatastack.patch deleted file mode 100644 index 7a02167..0000000 --- a/dovecot-2.3.21.1-fixtestdatastack.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/src/lib/test-data-stack.c b/src/lib/test-data-stack.c -index 3c33597685..03f97b4a50 100644 ---- a/src/lib/test-data-stack.c -+++ b/src/lib/test-data-stack.c -@@ -98,9 +98,9 @@ static void test_ds_get_bytes_available(void) - if (i > 0) - t_malloc_no0(i); - avail1 = t_get_bytes_available(); -- t_malloc_no0(avail1); -+ (void)t_malloc_no0(avail1); - test_assert_idx(t_get_bytes_available() == 0, i); -- t_malloc_no0(1); -+ (void)t_malloc_no0(1); - test_assert_idx(t_get_bytes_available() > 0, i); - } T_END; - T_BEGIN { -@@ -188,7 +188,6 @@ static void test_ds_buffers(void) - void *b = t_buffer_get(1000); - void *a = t_malloc_no0(1); - void *b2 = t_buffer_get(1001); -- test_assert(a == b); /* expected, not guaranteed */ - test_assert(b2 != b); - } T_END; - test_end(); diff --git a/dovecot-2.3.6-opensslhmac.patch b/dovecot-2.4.1-opensslhmac3.patch similarity index 59% rename from dovecot-2.3.6-opensslhmac.patch rename to dovecot-2.4.1-opensslhmac3.patch index 53f3321..20b26a2 100644 --- a/dovecot-2.3.6-opensslhmac.patch +++ b/dovecot-2.4.1-opensslhmac3.patch @@ -1,7 +1,7 @@ -diff -up dovecot-2.3.18/src/auth/auth-token.c.opensslhmac dovecot-2.3.18/src/auth/auth-token.c ---- dovecot-2.3.18/src/auth/auth-token.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/auth/auth-token.c 2022-02-09 09:27:15.887883359 +0100 -@@ -161,17 +161,17 @@ void auth_token_deinit(void) +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c 2025-06-03 22:53:40.039980828 +0200 +@@ -162,17 +162,17 @@ void auth_token_deinit(void) const char *auth_token_get(const char *service, const char *session_pid, const char *username, const char *session_id) { @@ -26,19 +26,19 @@ diff -up dovecot-2.3.18/src/auth/auth-token.c.opensslhmac dovecot-2.3.18/src/aut return binary_to_hex(result, sizeof(result)); } -diff -up dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.18/src/auth/mech-cram-md5.c ---- dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/auth/mech-cram-md5.c 2022-02-09 09:27:15.887883359 +0100 -@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c 2025-06-03 22:53:40.040125680 +0200 +@@ -50,7 +50,7 @@ static bool verify_credentials(struct cr + const unsigned char *credentials, size_t size) { - unsigned char digest[MD5_RESULTLEN]; - struct hmac_context ctx; + struct orig_hmac_context ctx; const char *response_hex; if (size != CRAM_MD5_CONTEXTLEN) { -@@ -60,10 +60,10 @@ static bool verify_credentials(struct cr +@@ -59,10 +59,10 @@ static bool verify_credentials(struct cr return FALSE; } @@ -52,82 +52,82 @@ diff -up dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.18/src/ response_hex = binary_to_hex(digest, sizeof(digest)); -diff -up dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac dovecot-2.3.18/src/auth/mech-scram.c ---- dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/auth/mech-scram.c 2022-02-09 09:31:50.927146858 +0100 -@@ -93,7 +93,7 @@ get_scram_server_first(struct scram_auth - static const char *get_scram_server_final(struct scram_auth_request *request) - { - const struct hash_method *hmethod = request->hash_method; -- struct hmac_context ctx; -+ struct openssl_hmac_context ctx; - const char *auth_message; - unsigned char server_signature[hmethod->digest_size]; - string_t *str; -@@ -109,9 +109,9 @@ static const char *get_scram_server_fina - request->server_first_message, ",", - request->client_final_message_without_proof, NULL); - -- hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod); -- hmac_update(&ctx, auth_message, strlen(auth_message)); -- hmac_final(&ctx, server_signature); -+ openssl_hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod); -+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message)); -+ openssl_hmac_final(&ctx, server_signature); - - /* RFC 5802, Section 7: - -@@ -292,7 +292,7 @@ parse_scram_client_first(struct scram_au - static bool verify_credentials(struct scram_auth_request *request) - { - const struct hash_method *hmethod = request->hash_method; -- struct hmac_context ctx; -+ struct openssl_hmac_context ctx; - const char *auth_message; - unsigned char client_key[hmethod->digest_size]; +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c 2025-06-03 22:59:21.239579904 +0200 +@@ -248,7 +248,7 @@ static string_t *auth_scram_get_client_f unsigned char client_signature[hmethod->digest_size]; -@@ -310,9 +310,9 @@ static bool verify_credentials(struct sc - request->server_first_message, ",", - request->client_final_message_without_proof, NULL); + unsigned char client_proof[hmethod->digest_size]; + unsigned char server_key[hmethod->digest_size]; +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + const void *cbind_input; + size_t cbind_input_size; + string_t *auth_message, *str; +@@ -307,9 +307,9 @@ static string_t *auth_scram_get_client_f + client->iter, salted_password); -- hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod); -- hmac_update(&ctx, auth_message, strlen(auth_message)); + /* ClientKey := HMAC(SaltedPassword, "Client Key") */ +- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); +- hmac_update(&ctx, "Client Key", 10); +- hmac_final(&ctx, client_key); ++ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); ++ openssl_hmac_update(&ctx, "Client Key", 10); ++ openssl_hmac_final(&ctx, client_key); + + /* StoredKey := H(ClientKey) */ + hash_method_get_digest(hmethod, client_key, sizeof(client_key), +@@ -327,9 +327,9 @@ static string_t *auth_scram_get_client_f + str_append_str(auth_message, str); + + /* ClientSignature := HMAC(StoredKey, AuthMessage) */ +- hmac_init(&ctx, stored_key, sizeof(stored_key), hmethod); +- hmac_update(&ctx, str_data(auth_message), str_len(auth_message)); - hmac_final(&ctx, client_signature); -+ openssl_hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod); -+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message)); ++ openssl_hmac_init(&ctx, stored_key, sizeof(stored_key), hmethod); ++ openssl_hmac_update(&ctx, str_data(auth_message), str_len(auth_message)); + openssl_hmac_final(&ctx, client_signature); /* ClientProof := ClientKey XOR ClientSignature */ - const unsigned char *proof_data = request->proof->data; -diff -up dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme.c ---- dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/auth/password-scheme.c 2022-02-09 09:27:15.888883345 +0100 -@@ -639,11 +639,11 @@ static void - cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, - const unsigned char **raw_password_r, size_t *size_r) - { -- struct hmac_context ctx; -+ struct orig_hmac_context ctx; - unsigned char *context_digest; + for (k = 0; k < hmethod->digest_size; k++) +@@ -340,16 +340,16 @@ static string_t *auth_scram_get_client_f + safe_memset(client_signature, 0, sizeof(client_signature)); - context_digest = t_malloc_no0(CRAM_MD5_CONTEXTLEN); -- hmac_init(&ctx, (const unsigned char *)plaintext, -+ orig_hmac_init(&ctx, (const unsigned char *)plaintext, - strlen(plaintext), &hash_method_md5); - hmac_md5_get_cram_context(&ctx, context_digest); + /* ServerKey := HMAC(SaltedPassword, "Server Key") */ +- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); +- hmac_update(&ctx, "Server Key", 10); +- hmac_final(&ctx, server_key); ++ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); ++ openssl_hmac_update(&ctx, "Server Key", 10); ++ openssl_hmac_final(&ctx, server_key); -diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme-scram.c ---- dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/auth/password-scheme-scram.c 2022-02-09 09:27:15.888883345 +0100 -@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co - const unsigned char *salt, size_t salt_size, unsigned int i, - unsigned char *result) + /* ServerSignature := HMAC(ServerKey, AuthMessage) */ + client->server_signature = + p_malloc(client->pool, hmethod->digest_size); +- hmac_init(&ctx, server_key, sizeof(server_key), hmethod); +- hmac_update(&ctx, str_data(auth_message), str_len(auth_message)); +- hmac_final(&ctx, client->server_signature); ++ openssl_hmac_init(&ctx, server_key, sizeof(server_key), hmethod); ++ openssl_hmac_update(&ctx, str_data(auth_message), str_len(auth_message)); ++ openssl_hmac_final(&ctx, client->server_signature); + + safe_memset(salted_password, 0, sizeof(salted_password)); + +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c 2025-06-03 22:53:40.040441433 +0200 +@@ -31,7 +31,7 @@ void auth_scram_hi(const struct hash_met + const unsigned char *salt, size_t salt_size, unsigned int i, + unsigned char *result) { - struct hmac_context ctx; + struct openssl_hmac_context ctx; unsigned char U[hmethod->digest_size]; unsigned int j, k; +@@ -51,18 +51,18 @@ void auth_scram_hi(const struct hash_met + */ + /* Calculate U1 */ - hmac_init(&ctx, str, str_size, hmethod); - hmac_update(&ctx, salt, salt_size); @@ -151,7 +151,108 @@ diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3 for (k = 0; k < hmethod->digest_size; k++) result[k] ^= U[k]; } -@@ -102,7 +102,7 @@ int scram_verify(const struct hash_metho +@@ -75,7 +75,7 @@ void auth_scram_generate_key_data(const + unsigned char stored_key_r[], + unsigned char server_key_r[]) + { +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + unsigned char salt[16]; + unsigned char salted_password[hmethod->digest_size]; + unsigned char client_key[hmethod->digest_size]; +@@ -97,18 +97,18 @@ void auth_scram_generate_key_data(const + salt, sizeof(salt), rounds, salted_password); + + /* Calculate ClientKey */ +- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); +- hmac_update(&ctx, "Client Key", 10); +- hmac_final(&ctx, client_key); ++ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); ++ openssl_hmac_update(&ctx, "Client Key", 10); ++ openssl_hmac_final(&ctx, client_key); + + /* Calculate StoredKey */ + hash_method_get_digest(hmethod, client_key, sizeof(client_key), + stored_key_r); + + /* Calculate ServerKey */ +- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); +- hmac_update(&ctx, "Server Key", 10); +- hmac_final(&ctx, server_key_r); ++ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); ++ openssl_hmac_update(&ctx, "Server Key", 10); ++ openssl_hmac_final(&ctx, server_key_r); + + safe_memset(salted_password, 0, sizeof(salted_password)); + safe_memset(client_key, 0, sizeof(client_key)); +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c 2025-06-03 23:01:21.982844336 +0200 +@@ -342,7 +342,7 @@ auth_scram_server_verify_credentials(str + { + const struct hash_method *hmethod = server->set.hash_method; + struct auth_scram_key_data *kdata = &server->key_data; +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + const char *auth_message; + unsigned char client_key[hmethod->digest_size]; + unsigned char client_signature[hmethod->digest_size]; +@@ -363,9 +363,9 @@ auth_scram_server_verify_credentials(str + server->server_first_message, ",", + server->client_final_message_without_proof, NULL); + +- hmac_init(&ctx, kdata->stored_key, hmethod->digest_size, hmethod); +- hmac_update(&ctx, auth_message, strlen(auth_message)); +- hmac_final(&ctx, client_signature); ++ openssl_hmac_init(&ctx, kdata->stored_key, hmethod->digest_size, hmethod); ++ openssl_hmac_update(&ctx, auth_message, strlen(auth_message)); ++ openssl_hmac_final(&ctx, client_signature); + + /* ClientProof := ClientKey XOR ClientSignature */ + const unsigned char *proof_data = server->proof->data; +@@ -494,7 +494,7 @@ auth_scram_get_server_final(struct auth_ + { + const struct hash_method *hmethod = server->set.hash_method; + struct auth_scram_key_data *kdata = &server->key_data; +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + const char *auth_message; + unsigned char server_signature[hmethod->digest_size]; + string_t *str; +@@ -510,9 +510,9 @@ auth_scram_get_server_final(struct auth_ + server->server_first_message, ",", + server->client_final_message_without_proof, NULL); + +- hmac_init(&ctx, kdata->server_key, hmethod->digest_size, hmethod); +- hmac_update(&ctx, auth_message, strlen(auth_message)); +- hmac_final(&ctx, server_signature); ++ openssl_hmac_init(&ctx, kdata->server_key, hmethod->digest_size, hmethod); ++ openssl_hmac_update(&ctx, auth_message, strlen(auth_message)); ++ openssl_hmac_final(&ctx, server_signature); + + /* RFC 5802, Section 7: + +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-06-03 22:53:40.040746416 +0200 +@@ -631,11 +631,11 @@ static void + cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, + const unsigned char **raw_password_r, size_t *size_r) + { +- struct hmac_context ctx; ++ struct orig_hmac_context ctx; + unsigned char *context_digest; + + context_digest = t_malloc_no0(CRAM_MD5_CONTEXTLEN); +- hmac_init(&ctx, (const unsigned char *)plaintext, ++ orig_hmac_init(&ctx, (const unsigned char *)plaintext, + strlen(plaintext), &hash_method_md5); + hmac_md5_get_cram_context(&ctx, context_digest); + +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c 2025-06-03 22:53:40.040877783 +0200 +@@ -69,7 +69,7 @@ int scram_verify(const struct hash_metho const char *plaintext, const unsigned char *raw_password, size_t size, const char **error_r) { @@ -160,8 +261,8 @@ diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3 const char *salt_base64; unsigned int iter_count; const unsigned char *salt; -@@ -126,9 +126,9 @@ int scram_verify(const struct hash_metho - salt, salt_len, iter_count, salted_password); +@@ -94,9 +94,9 @@ int scram_verify(const struct hash_metho + salt, salt_len, iter_count, salted_password); /* Calculate ClientKey */ - hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); @@ -173,44 +274,9 @@ diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3 /* Calculate StoredKey */ hash_method_get_digest(hmethod, client_key, sizeof(client_key), -@@ -147,7 +147,7 @@ void scram_generate(const struct hash_me - const unsigned char **raw_password_r, size_t *size_r) - { - string_t *str; -- struct hmac_context ctx; -+ struct openssl_hmac_context ctx; - unsigned char salt[16]; - unsigned char salted_password[hmethod->digest_size]; - unsigned char client_key[hmethod->digest_size]; -@@ -165,9 +165,9 @@ void scram_generate(const struct hash_me - sizeof(salt), SCRAM_DEFAULT_ITERATE_COUNT, salted_password); - - /* Calculate ClientKey */ -- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); -- hmac_update(&ctx, "Client Key", 10); -- hmac_final(&ctx, client_key); -+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); -+ openssl_hmac_update(&ctx, "Client Key", 10); -+ openssl_hmac_final(&ctx, client_key); - - /* Calculate StoredKey */ - hash_method_get_digest(hmethod, client_key, sizeof(client_key), -@@ -176,9 +176,9 @@ void scram_generate(const struct hash_me - base64_encode(stored_key, sizeof(stored_key), str); - - /* Calculate ServerKey */ -- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); -- hmac_update(&ctx, "Server Key", 10); -- hmac_final(&ctx, server_key); -+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod); -+ openssl_hmac_update(&ctx, "Server Key", 10); -+ openssl_hmac_final(&ctx, server_key); - str_append_c(str, ','); - base64_encode(server_key, sizeof(server_key), str); - -diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c ---- dovecot-2.3.18/src/lib/hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib/hmac.c 2022-02-09 09:27:15.888883345 +0100 +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c 2025-06-03 22:53:40.041060556 +0200 @@ -7,6 +7,10 @@ * This software is released under the MIT license. */ @@ -222,7 +288,7 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c #include "lib.h" #include "hmac.h" #include "safe-memset.h" -@@ -14,10 +18,65 @@ +@@ -14,10 +18,103 @@ #include "hex-binary.h" @@ -239,11 +305,48 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c +#endif + + -+void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key, ++void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key, //DONE size_t key_len, const struct hash_method *meth) { - struct hmac_context_priv *ctx = &_ctx->u.priv; -+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv; ++#ifdef USE_OPENSSL3_METHODS ++ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv; ++ ++ ++ const EVP_MD *md; ++ const char *ebuf = NULL; ++ const char **error_r = &ebuf; ++ OSSL_PARAM params[2]; ++ ++ md = EVP_get_digestbyname(meth->name); ++ if(md == NULL) { ++ if (error_r != NULL) { ++ *error_r = t_strdup_printf("Invalid digest %s", ++ meth->name); ++ } ++ //return FALSE; ++ } ++ ++ ctx->mac = EVP_MAC_fetch(NULL, "HMAC", NULL); ++ ++ ctx->ctx = EVP_MAC_CTX_new(ctx->mac); ++ if (ctx->ctx == NULL) { ++ EVP_MAC_free(ctx->mac); ++ } ++ ++ params[0] = OSSL_PARAM_construct_utf8_string("digest", (char *)meth->name, 0); ++ params[1] = OSSL_PARAM_construct_end(); ++ ++ if (EVP_MAC_init(ctx->ctx, key, key_len, ++ params) == 0) { ++ if (error_r != NULL) { ++ *error_r = t_strdup_printf("Invalid digest %s", ++ meth->name); ++ } ++ } ++ ++#else ++ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv; + + const EVP_MD *md; + const char *ebuf = NULL; @@ -267,9 +370,10 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c + dcrypt_openssl_error(error_r);*/ +#endif + /*ec = */HMAC_Init_ex(ctx->ctx, key, key_len, md, NULL); ++#endif +} + -+void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key, ++void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key, //DONE + size_t key_len, const struct hash_method *meth) +{ + static int no_fips = -1; @@ -290,22 +394,29 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c unsigned int i; unsigned char k_ipad[meth->block_size]; unsigned char k_opad[meth->block_size]; -@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx +@@ -54,9 +151,33 @@ void hmac_init(struct hmac_context *_ctx safe_memset(k_opad, 0, meth->block_size); } -void hmac_final(struct hmac_context *_ctx, unsigned char *digest) -+void openssl_hmac_final(struct openssl_hmac_context *_ctx, unsigned char *digest) -+{ ++void openssl_hmac_final(struct openssl_hmac_context *_ctx, unsigned char *digest) //FIXME + { +- struct hmac_context_priv *ctx = &_ctx->u.priv; + int ec; -+ unsigned char buf[HMAC_MAX_MD_CBLOCK]; -+ unsigned int outl; ++ unsigned char buf[EVP_MAX_MD_SIZE]; ++ size_t outl; +// const char *ebuf = NULL; +// const char **error_r = &ebuf; + + struct openssl_hmac_context_priv *ctx = &_ctx->u.priv; ++#ifdef USE_OPENSSL3_METHODS ++ ec = EVP_MAC_final(ctx->ctx, buf, &outl, sizeof buf); ++ EVP_MAC_CTX_free(ctx->ctx); ++ EVP_MAC_free(ctx->mac); ++#else + ec = HMAC_Final(ctx->ctx, buf, &outl); + HMAC_CTX_free(ctx->ctx); ++#endif + if (ec == 1) + memcpy(digest, buf, outl); +// else @@ -313,19 +424,18 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c + +} + -+void orig_hmac_final(struct orig_hmac_context *_ctx, unsigned char *digest) - { -- struct hmac_context_priv *ctx = &_ctx->u.priv; ++void orig_hmac_final(struct orig_hmac_context *_ctx, unsigned char *digest) //DONE ++{ + struct orig_hmac_context_priv *ctx = &_ctx->u.priv; ctx->hash->result(ctx->ctx, digest); -@@ -63,53 +140,50 @@ void hmac_final(struct hmac_context *_ct +@@ -64,53 +185,50 @@ void hmac_final(struct hmac_context *_ct ctx->hash->result(ctx->ctxo, digest); } -buffer_t *t_hmac_data(const struct hash_method *meth, -+buffer_t *openssl_t_hmac_data(const struct hash_method *meth, ++buffer_t *openssl_t_hmac_data(const struct hash_method *meth, //FIXME const unsigned char *key, size_t key_len, const void *data, size_t data_len) { @@ -348,7 +458,7 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c } -buffer_t *t_hmac_buffer(const struct hash_method *meth, -+buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth, ++buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth, //DONE const unsigned char *key, size_t key_len, const buffer_t *data) { @@ -357,7 +467,7 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c } -buffer_t *t_hmac_str(const struct hash_method *meth, -+buffer_t *openssl_t_hmac_str(const struct hash_method *meth, ++buffer_t *openssl_t_hmac_str(const struct hash_method *meth, //DONE const unsigned char *key, size_t key_len, const char *data) { @@ -366,7 +476,7 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c } -void hmac_hkdf(const struct hash_method *method, -+void openssl_hmac_hkdf(const struct hash_method *method, ++void openssl_hmac_hkdf(const struct hash_method *method, //FIXME const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, @@ -388,7 +498,7 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c /* salt and info can be NULL */ i_assert(salt != NULL || salt_len == 0); -@@ -118,35 +192,30 @@ void hmac_hkdf(const struct hash_method +@@ -119,35 +237,30 @@ void hmac_hkdf(const struct hash_method i_assert(ikm != NULL && ikm_len > 0); i_assert(okm_r != NULL && okm_len > 0); @@ -448,9 +558,9 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c - safe_memset(prk, 0, sizeof(prk)); - safe_memset(okm, 0, sizeof(okm)); } -diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.c ---- dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib/hmac-cram-md5.c 2022-02-09 09:27:15.888883345 +0100 +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c 2025-06-03 22:53:40.041190220 +0200 @@ -9,10 +9,10 @@ #include "md5.h" #include "hmac-cram-md5.h" @@ -477,9 +587,9 @@ diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.18/src/l const unsigned char *cdp; struct md5_context *ctx = (void*)hmac_ctx->ctx; -diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.h ---- dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib/hmac-cram-md5.h 2022-02-09 09:27:15.888883345 +0100 +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h 2025-06-03 22:53:40.041283645 +0200 @@ -5,9 +5,9 @@ #define CRAM_MD5_CONTEXTLEN 32 @@ -492,10 +602,10 @@ diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.18/src/l const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]); -diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h ---- dovecot-2.3.18/src/lib/hmac.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib/hmac.h 2022-02-09 09:27:15.888883345 +0100 -@@ -4,60 +4,97 @@ +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h 2025-06-03 22:53:40.041401056 +0200 +@@ -4,60 +4,108 @@ #include "hash-method.h" #include "sha1.h" #include "sha2.h" @@ -507,15 +617,22 @@ diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h #define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx) -struct hmac_context_priv { ++ ++#define USE_OPENSSL3_METHODS 1 ++ +struct openssl_hmac_context_priv { ++#ifdef USE_OPENSSL3_METHODS ++ EVP_MAC *mac; ++ EVP_MAC_CTX *ctx; ++#else +#ifdef HAVE_HMAC_CTX_NEW + HMAC_CTX *ctx; +#else + HMAC_CTX ctx; +#endif ++#endif + const struct hash_method *hash; +}; -+ +struct orig_hmac_context_priv { char ctx[HMAC_MAX_CONTEXT_SIZE]; char ctxo[HMAC_MAX_CONTEXT_SIZE]; @@ -524,21 +641,21 @@ diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h -struct hmac_context { +struct openssl_hmac_context { -+ union { -+ struct openssl_hmac_context_priv priv; -+ uint64_t padding_requirement; -+ } u; -+}; -+ -+struct orig_hmac_context { union { - struct hmac_context_priv priv; -+ struct orig_hmac_context_priv priv; ++ struct openssl_hmac_context_priv priv; uint64_t padding_requirement; } u; }; -void hmac_init(struct hmac_context *ctx, const unsigned char *key, ++struct orig_hmac_context { ++ union { ++ struct orig_hmac_context_priv priv; ++ uint64_t padding_requirement; ++ } u; ++}; ++ +void openssl_hmac_init(struct openssl_hmac_context *ctx, const unsigned char *key, + size_t key_len, const struct hash_method *meth); +void openssl_hmac_final(struct openssl_hmac_context *ctx, unsigned char *digest); @@ -547,7 +664,11 @@ diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h +openssl_hmac_update(struct openssl_hmac_context *_ctx, const void *data, size_t size) +{ + struct openssl_hmac_context_priv *ctx = &_ctx->u.priv; ++#ifdef USE_OPENSSL3_METHODS ++ EVP_MAC_update(ctx->ctx, data, size); ++#else + HMAC_Update(ctx->ctx, data, size); ++#endif +/* if (ec != 1) + { + const char *ebuf = NULL; @@ -606,12 +727,12 @@ diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h okm_buffer, okm_len); return okm_buffer; } -diff -up dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c ---- dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c 2022-02-09 09:27:15.888883345 +0100 -@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha - const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN], - size_t *token_len_r) +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c 2025-06-03 22:53:40.041513908 +0200 +@@ -87,15 +87,15 @@ imap_urlauth_internal_generate( + const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN], + size_t *token_len_r) { - struct hmac_context hmac; + struct openssl_hmac_context hmac; @@ -629,10 +750,10 @@ diff -up dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot- *token_len_r = SHA1_RESULTLEN + 1; return token; -diff -up dovecot-2.3.18/src/lib/Makefile.am.opensslhmac dovecot-2.3.18/src/lib/Makefile.am ---- dovecot-2.3.18/src/lib/Makefile.am.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib/Makefile.am 2022-02-09 09:27:15.889883331 +0100 -@@ -354,6 +354,9 @@ headers = \ +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am 2025-06-03 22:53:40.041626579 +0200 +@@ -359,6 +359,9 @@ headers = \ wildcard-match.h \ write-full.h @@ -642,34 +763,34 @@ diff -up dovecot-2.3.18/src/lib/Makefile.am.opensslhmac dovecot-2.3.18/src/lib/M test_programs = test-lib noinst_PROGRAMS = $(test_programs) -diff -up dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c ---- dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100 -@@ -144,14 +144,14 @@ oauth2_validate_hmac(const struct oauth2 +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c 2025-06-03 22:53:40.041749500 +0200 +@@ -210,14 +210,14 @@ oauth2_validate_hmac(const struct oauth2 if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0) return -1; - struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + unsigned char digest[method->digest_size]; + - hmac_init(&ctx, key->data, key->used, method); - hmac_update(&ctx, blobs[0], strlen(blobs[0])); - hmac_update(&ctx, ".", 1); - hmac_update(&ctx, blobs[1], strlen(blobs[1])); -+ struct openssl_hmac_context ctx; +- hmac_final(&ctx, digest); + openssl_hmac_init(&ctx, key->data, key->used, method); + openssl_hmac_update(&ctx, blobs[0], strlen(blobs[0])); + openssl_hmac_update(&ctx, ".", 1); + openssl_hmac_update(&ctx, blobs[1], strlen(blobs[1])); - unsigned char digest[method->digest_size]; - -- hmac_final(&ctx, digest); + openssl_hmac_final(&ctx, digest); buffer_t *their_digest = t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]); -diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c ---- dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100 -@@ -248,7 +248,7 @@ static void save_key_azp_to(const char * +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c 2025-06-03 22:53:40.041891667 +0200 +@@ -250,7 +250,7 @@ static void save_key_azp_to(const char * static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key) { i_assert(key != NULL); @@ -678,7 +799,7 @@ diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3 tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -@@ -258,7 +258,7 @@ static void sign_jwt_token_hs256(buffer_ +@@ -260,7 +260,7 @@ static void sign_jwt_token_hs256(buffer_ static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key) { i_assert(key != NULL); @@ -687,7 +808,7 @@ diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3 tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -@@ -268,7 +268,7 @@ static void sign_jwt_token_hs384(buffer_ +@@ -270,7 +270,7 @@ static void sign_jwt_token_hs384(buffer_ static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key) { i_assert(key != NULL); @@ -696,9 +817,9 @@ diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3 tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -diff -up dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac dovecot-2.3.18/src/lib/pkcs5.c ---- dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib/pkcs5.c 2022-02-09 09:27:15.889883331 +0100 +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c 2025-06-03 22:53:40.042033283 +0200 @@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */ unsigned char dk[l * hash->digest_size]; @@ -733,9 +854,9 @@ diff -up dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac dovecot-2.3.18/src/lib/pkcs5 for(i = 0; i < hash->digest_size; i++) block[i] ^= U_c[i]; } -diff -up dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac dovecot-2.3.18/src/lib/test-hmac.c ---- dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100 -+++ dovecot-2.3.18/src/lib/test-hmac.c 2022-02-09 09:27:15.889883331 +0100 +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c 2025-06-03 22:53:40.042135125 +0200 @@ -206,11 +206,11 @@ static void test_hmac_rfc(void) test_begin("hmac sha256 rfc4231 vectors"); for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) { @@ -811,3 +932,81 @@ diff -up dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac dovecot-2.3.18/src/lib/t vec->ikm_len, vec->info, vec->info_len, vec->okm_len); test_assert(tmp->used == vec->okm_len && +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 2025-06-04 12:40:11.891062419 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am 2025-06-04 12:40:11.907575156 +0200 +@@ -30,13 +30,13 @@ test_libs = \ + $(DLLIB) + + test_var_expand_crypt_SOURCES = test-var-expand-crypt.c +-test_var_expand_crypt_LDADD = $(test_libs) ++test_var_expand_crypt_LDADD = $(test_libs) $(SSL_LIBS) + test_var_expand_crypt_DEPENDENCIES = $(module_LTLIBRARIES) + if HAVE_WHOLE_ARCHIVE + test_var_expand_crypt_LDFLAGS = -export-dynamic -Wl,$(LD_WHOLE_ARCHIVE),../lib/.libs/liblib.a,../lib-json/.libs/libjson.a,../lib-ssl-iostream/.libs/libssl_iostream.a,$(LD_NO_WHOLE_ARCHIVE) + endif + +-test_var_expand_crypt_CFLAGS = $(AM_CPPFLAGS) \ ++test_var_expand_crypt_CFLAGS = $(AM_CPPFLAGS) $(SSL_CFLAGS) \ + -DDCRYPT_BUILD_DIR=\"$(top_builddir)/src/lib-dcrypt\" + + check-local: +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 2025-06-04 20:00:36.614009610 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am 2025-06-04 20:00:36.627577639 +0200 +@@ -65,6 +65,7 @@ auth_LDFLAGS = -export-dynamic + auth_libs = \ + ../lib-auth/libauth-crypt.la \ + $(AUTH_LUA_LIBS) \ ++ $(SSL_LIBS) \ + $(LIBDOVECOT_SQL) + + auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS) +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 2025-06-04 21:58:25.496716279 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am 2025-06-04 23:14:17.353832049 +0200 +@@ -21,11 +21,13 @@ AM_CPPFLAGS = \ + $(BINARY_CFLAGS) + + imap_LDFLAGS = -export-dynamic \ ++ $(SSL_LIBS) \ + $(BINARY_LDFLAGS) + + imap_LDADD = \ + ../lib-imap-urlauth/libimap-urlauth.la \ + ../lib-compression/libcompression.la \ ++ $(SSL_LIBS) \ + $(LIBDOVECOT_STORAGE) \ + $(LIBDOVECOT) + imap_DEPENDENCIES = \ +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 2025-06-05 11:34:56.817495906 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am 2025-06-05 11:34:56.830938840 +0200 +@@ -22,6 +22,7 @@ imap_urlauth_CPPFLAGS = \ + imap_urlauth_LDFLAGS = -export-dynamic + + imap_urlauth_LDADD = $(LIBDOVECOT) \ ++ $(SSL_LIBS) + $(BINARY_LDFLAGS) + + imap_urlauth_DEPENDENCIES = $(LIBDOVECOT_DEPS) +@@ -52,7 +53,7 @@ imap_urlauth_worker_LDFLAGS = -export-dy + urlauth_libs = \ + $(top_builddir)/src/lib-imap-urlauth/libimap-urlauth.la + +-imap_urlauth_worker_LDADD = $(urlauth_libs) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT) ++imap_urlauth_worker_LDADD = $(urlauth_libs) $(SSL_LIBS) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT) + imap_urlauth_worker_DEPENDENCIES = $(urlauth_libs) $(LIBDOVECOT_STORAGE_DEPS) $(LIBDOVECOT_DEPS) + + imap_urlauth_worker_SOURCES = \ +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslhmac3 2025-06-05 12:53:50.410853506 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am 2025-06-05 12:53:50.424176491 +0200 +@@ -29,6 +29,7 @@ submission_LDADD = \ + $(urlauth_libs) \ + $(LIBDOVECOT_STORAGE) \ + $(LIBDOVECOT) \ ++ $(SSL_LIBS) \ + $(MODULE_LIBS) + submission_DEPENDENCIES = \ + $(urlauth_libs) \ diff --git a/dovecot-configure-c99.patch b/dovecot-configure-c99.patch deleted file mode 100644 index 17a49fe..0000000 --- a/dovecot-configure-c99.patch +++ /dev/null @@ -1,25 +0,0 @@ -m4: crypt_xxpg6.m4: Define _DEFAULT_SOURCE for current glibc - -Current glibc no longer implements the CRYPT extension, so it does not -declare crypt in in strict standard modes. The check -defines _XOPEN_SOURCE, which enables one of these modes. Defining -_DEFAULT_SOURCE as well again makes available the crypt function -prototype. - -This avoids a configure check result change with compilers which do -not support implicit function declarations. - -Submitted upstream: - -diff --git a/m4/crypt_xpg6.m4 b/m4/crypt_xpg6.m4 -index 0085b2ac76..3a288a3713 100644 ---- a/m4/crypt_xpg6.m4 -+++ b/m4/crypt_xpg6.m4 -@@ -6,6 +6,7 @@ AC_DEFUN([DOVECOT_CRYPT_XPG6], [ - #define _XOPEN_SOURCE 4 - #define _XOPEN_SOURCE_EXTENDED 1 - #define _XOPEN_VERSION 4 -+ #define _DEFAULT_SOURCE - #define _XPG4_2 - #define _XPG6 - #include diff --git a/dovecot.spec b/dovecot.spec index a48827d..8df09a7 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,18 +4,18 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.21.1 -%global prever %{nil} -Release: 6%{?dist} +Version: 2.4.1 +%global prever -4 +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only URL: https://www.dovecot.org/ -Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz +Source: https://www.dovecot.org/releases/2.4/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.21.1 -Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz +%global pigeonholever %{version}%{?prever} +Source8: https://pigeonhole.dovecot.org/releases/2.4/dovecot-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -34,36 +34,20 @@ Patch6: dovecot-2.1.10-waitonline.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch -Patch10: dovecot-2.3.0.1-libxcrypt.patch Patch15: dovecot-2.3.11-bigkey.patch # do not use own implementation of HMAC, use OpenSSL for certification purposes # not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces # hard to break circular dependency between lib and lib-dcrypt -Patch16: dovecot-2.3.6-opensslhmac.patch +Patch16: dovecot-2.4.1-opensslhmac3.patch # FTBFS Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch -Patch20: dovecot-2.3.14-opensslv3.patch -Patch21: dovecot-2.3.19.1-7bad6a24.patch -Patch22: dovecot-configure-c99.patch -# Fedora/RHEL specific, drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes -Patch23: dovecot-2.3.20-nolibotp.patch Patch24: dovecot-2.3-ph_optglob.patch Patch25: dovecot-2.3-ph_scriptcmp.patch -# imap: Shorten test-imap-client-hibernate socket path length -Patch26: dovecot-2.3.21-test-socket-path.patch - -# Compile without OpenSSL ENGINE, adapted from 2.4 dovecot, issue #RHEL-33733 -Patch27: dovecot-2.3.21-noengine.patch -Patch28: dovecot-2.3.21.1-fixicu.patch - -# from upstream PR#229, for < 2.4 -Patch29: dovecot-2.3.21.1-fixtestdatastack.patch - BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel @@ -79,17 +63,15 @@ BuildRequires: libzstd-devel %if %{?rhel}0 == 0 BuildRequires: libsodium-devel BuildRequires: lua-devel +BuildRequires: lua-json %endif BuildRequires: libicu-devel -%if 0%{?rhel} == 0 && 0%{?fedora}0 < 38 -BuildRequires: libexttextcat-devel -BuildRequires: clucene-core-devel -%endif %if %{?rhel}0 == 0 BuildRequires: libstemmer-devel %endif BuildRequires: multilib-rpm-config BuildRequires: flex, bison +BuildRequires: perl-version BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros @@ -101,6 +83,7 @@ BuildRequires: gettext-devel Requires: openssl >= 0.9.7f-4 # Package includes an initscript service file, needs to require initscripts package +Requires(pre): shadow-utils Requires: systemd Requires(post): systemd-units Requires(preun): systemd-units @@ -155,41 +138,32 @@ This package provides the development files for dovecot. %setup -q -n %{name}-%{version}%{?prever} -a 8 # standardize name, so we don't have to update patches and scripts -mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole +mv dovecot-pigeonhole-%{pigeonholever} dovecot-pigeonhole -%patch -P 1 -p1 -b .default-settings +%patch -P 1 -p2 -b .default-settings %patch -P 2 -p1 -b .mkcert-permissions %patch -P 3 -p1 -b .mkcert-paths -%patch -P 6 -p1 -b .waitonline -%patch -P 8 -p1 -b .initbysystemd +%patch -P 6 -p2 -b .waitonline +%patch -P 8 -p2 -b .initbysystemd %patch -P 9 -p1 -b .systemd_w_protectsystem %patch -P 15 -p1 -b .bigkey -%patch -P 16 -p1 -b .opensslhmac -%patch -P 17 -p1 -b .fixvalcond +%patch -P 16 -p2 -b .opensslhmac3 +%patch -P 17 -p2 -b .fixvalcond %patch -P 18 -p1 -b .valbasherr -%patch -P 20 -p1 -b .opensslv3 -%patch -P 21 -p1 -b .7bad6a24 -%patch -P 22 -p1 -b .c99 -%patch -P 23 -p1 -b .nolibotp -%patch -P 24 -p1 -b .ph_optglob -%patch -P 25 -p1 -b .ph_scriptcmp -%patch -P 26 -p1 -b .test-socket-path -%patch -P 27 -p1 -b .noengine -%patch -P 28 -p1 -b .fixicu -%patch -P 29 -p1 -b .fixtestdatastack +#patch -P 24 -p2 -b .ph_optglob +#patch -P 25 -p1 -b .ph_scriptcmp cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude -#pushd dovecot-pigeonhole -#popd -%if 0%{?rhel} == 0 && 0%{?fedora}0 < 38 -sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in -%endif - - # drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes -rm -rf src/lib-otp +#rm -rf src/lib-otp +pushd src/lib-otp +for f in *.c *.h +do + echo >$f +done +popd %build #required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules @@ -197,7 +171,15 @@ rm -rf src/lib-otp export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}" mkdir -p m4 -autoreconf -I . -fiv #required for aarch64 support +if [ -d /usr/share/gettext/m4 ] +then + #required for aarch64 support + # point to gettext explicitely, autoreconf cant find iconv.m4 otherwise + autoreconf -I . -I /usr/share/gettext/m4 +else + autoreconf -I . -fiv #required for aarch64 support +fi + %configure \ INSTALL_DATA="install -c -p -m644" \ --with-rundir=%{_rundir}/%{name} \ @@ -225,20 +207,15 @@ autoreconf -I . -fiv #required for aarch64 support --without-libstemmer \ --without-lua \ %endif -%if 0%{?rhel} == 0 && 0%{?fedora}0 < 38 - --with-lucene \ - --with-exttextcat \ -%else --without-lucene \ --without-exttextcat \ -%endif --with-ssl=openssl \ --with-ssldir=%{ssldir} \ --with-solr \ --with-docs \ systemdsystemunitdir=%{_unitdir} -sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf +sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh # doc/example-config/conf.d/10-ssl.conf %make_build @@ -301,10 +278,7 @@ mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login} # Install dovecot configuration and dovecot-openssl.cnf mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d -install -p -m 644 docinstall/example-config/dovecot.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot -install -p -m 644 docinstall/example-config/conf.d/*.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d install -p -m 644 $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole/example-config/conf.d/*.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d -install -p -m 644 docinstall/example-config/conf.d/*.conf.ext $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d install -p -m 644 $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole/example-config/conf.d/*.conf.ext $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d ||: install -p -m 644 doc/dovecot-openssl.cnf $RPM_BUILD_ROOT%{ssldir}/dovecot-openssl.cnf @@ -323,6 +297,11 @@ popd %pre +%if 0%{?fedora} < 42 +#dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid +%sysusers_create_compat %{SOURCE16} +%endif + # do not let dovecot run during upgrade rhbz#134325 if [ "$1" = "2" ]; then rm -f %restart_flag @@ -374,15 +353,13 @@ make check %endif %files -%doc docinstall/* AUTHORS ChangeLog COPYING COPYING.LGPL COPYING.MIT NEWS README +%doc docinstall/* AUTHORS ChangeLog COPYING COPYING.LGPL COPYING.MIT INSTALL.md NEWS README.md SECURITY.md %{_sbindir}/dovecot %{_bindir}/doveadm %{_bindir}/doveconf -%{_bindir}/dsync %{_bindir}/dovecot-sysreport - %_tmpfilesdir/dovecot.conf %{_sysusersdir}/dovecot.conf %{_unitdir}/dovecot.service @@ -392,32 +369,6 @@ make check %dir %{_sysconfdir}/dovecot %dir %{_sysconfdir}/dovecot/conf.d %config(noreplace) %{_sysconfdir}/dovecot/dovecot.conf -#list all so we'll be noticed if upstream changes anything -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-auth.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-director.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-logging.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-mail.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-master.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-metrics.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-ssl.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-lda.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-mailboxes.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-imap.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-lmtp.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-pop3.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-submission.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-acl.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-quota.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-plugin.conf -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-checkpassword.conf.ext -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-deny.conf.ext -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-dict.conf.ext -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-ldap.conf.ext -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-master.conf.ext -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-passwdfile.conf.ext -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext -%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext %config(noreplace) %{_sysconfdir}/pam.d/dovecot %config(noreplace) %{ssldir}/dovecot-openssl.cnf @@ -436,7 +387,6 @@ make check #these (*.so files) are plugins, not devel files %{_libdir}/dovecot/*_plugin.so %exclude %{_libdir}/dovecot/*_sieve_plugin.so -%{_libdir}/dovecot/auth/lib20_auth_var_expand_crypt.so %{_libdir}/dovecot/auth/libauthdb_imap.so %{_libdir}/dovecot/auth/libauthdb_ldap.so %if %{?rhel}0 == 0 @@ -450,11 +400,8 @@ make check %{_libdir}/dovecot/libssl_iostream_openssl.so %{_libdir}/dovecot/libfs_compress.so %{_libdir}/dovecot/libfs_crypt.so -%{_libdir}/dovecot/libfs_mail_crypt.so %{_libdir}/dovecot/libdcrypt_openssl.so -%{_libdir}/dovecot/lib20_var_expand_crypt.so -%{_libdir}/dovecot/old-stats/libold_stats_mail.so -%{_libdir}/dovecot/old-stats/libstats_auth.so +%{_libdir}/dovecot//var_expand_crypt.so %dir %{_libdir}/dovecot/settings @@ -474,7 +421,6 @@ make check %{_mandir}/man1/doveadm*.1* %{_mandir}/man1/doveconf.1* %{_mandir}/man1/dovecot*.1* -%{_mandir}/man1/dsync.1* %{_mandir}/man5/dovecot.conf.5* %{_mandir}/man7/doveadm-search-query.7* @@ -522,8 +468,14 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jun 03 2025 Michal Hlavinka - 1:2.4.1-1 +- updated to 2.4.1 release +- note: configuration is incompatible with 2.3.x version +- trim changelog +- revert previous change, only if-guard it + * Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 1:2.3.21.1-6 -- Drop call to %sysusers_create_compat +- Drop call to %%sysusers_create_compat * Wed Feb 05 2025 Michal Hlavinka - 1:2.3.21.1-5 - fix sysusers config file name @@ -701,2056 +653,9 @@ make check information. - Metric filter and global event filter variable syntax changed to a SQL-like format. -- auth: Added new aliases for %{variables}. Usage of the old ones is +- auth: Added new aliases for %%{variables}. Usage of the old ones is possible, but discouraged. - auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. - auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. - auth: Removed postfix postmap socket - -* Wed Oct 21 2020 Michal Hlavinka - 1:2.3.11.3-7 -- change run directory from /var/run to /run (#1777922) - -* Wed Oct 21 2020 Michal Hlavinka - 1:2.3.11.3-6 -- use bigger default key size (#1882939) - -* Wed Sep 02 2020 Michal Hlavinka - 1:2.3.11.3-5 -- fix gssapi issue - -* Wed Aug 26 2020 Michal Hlavinka - 1:2.3.11.3-4 -- fix FTBFS on 32bit systems - -* Mon Aug 17 2020 Jeff Law - 1:2.3.11.3-2 -- Disable LTO - -* Sat Aug 15 2020 Michal Hlavinka - 1:2.3.11.3-1 -- CVE-2020-12100: Parsing mails with a large number of MIME parts could - have resulted in excessive CPU usage or a crash due to running out of - stack memory. -- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check - message buffer size, which leads to reading past allocation which can - lead to crash. -- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an - address that has the empty quoted string as local-part causes the lmtp - service to crash. -- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts - zero-length message, which leads to assert-crash later on. - -* Sat Aug 01 2020 Fedora Release Engineering - 1:2.3.10.1-3 -- Second attempt - Rebuilt for - https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Mon Jul 27 2020 Fedora Release Engineering - 1:2.3.10.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Mon May 18 2020 Michal Hlavinka - 1:2.3.10.1-1 -- dovecot updated to 2.3.10.1 -- fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957 - -* Tue Apr 21 2020 Michal Hlavinka - 1:2.3.10-1 -- dovecot updated to 2.3.10, pigeonhole updated to 0.5.10 - -* Wed Feb 12 2020 Michal Hlavinka - 1:2.3.9.3-1 -- dovecot updated to 2.3.9.3 -- fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS - submission-login and lmtp processes. -- fixes CVE-2020-7957: Specially crafted mail can crash snippet generation. - - -* Tue Jan 28 2020 Fedora Release Engineering - 1:2.3.9.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Dec 19 2019 Michal Hlavinka - 1:2.3.9.2-1 -- CVE-2019-19722: Mails with group addresses in From or To fields - caused crash in push notification drivers. - -* Wed Dec 04 2019 Michal Hlavinka - 1:2.3.9-1 -- dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 - -* Thu Oct 10 2019 Michal Hlavinka - 1:2.3.8-1 -- dovecot updated to 2.3.8, pigeonhole 0.5.8 - -* Thu Aug 29 2019 Michal Hlavinka - 1:2.3.7.2-1 -- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2 -- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte - when scanning data in quoted strings, leading to out of bounds heap - memory writes - -* Mon Aug 19 2019 Michal Hlavinka - 1:1-2.3.7.1 -- dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1 - -* Wed Jul 24 2019 Fedora Release Engineering - 1:2.3.6-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Fri May 31 2019 Michal Hlavinka - 1:2.3.6-3 -- disable gcc 9 stack reuse temporarily - -* Mon May 13 2019 Michal Hlavinka - 1:2.3.6-2 -- use /run instead of /var/run (#1706372) - -* Thu May 02 2019 Michal Hlavinka - 1:2.3.6-1 -- dovecot updated to 2.3.6, pigeonhole updated to 0.5.6 - -* Thu Apr 18 2019 Michal Hlavinka - 1:2.3.5.2-1 -- dovecot updated to 2.3.5.2 -- fixes CVE-2019-10691: Trying to login with 8bit username containing - invalid UTF8 input causes auth process to crash if auth policy is enabled. - -* Thu Mar 28 2019 Michal Hlavinka - 1:2.3.5.1-1 -- dovecot updated to 2.3.5.1 -- CVE-2019-7524: Missing input buffer size validation leads into - arbitrary buffer overflow when reading fts or pop3 uidl header - from Dovecot index. - -* Wed Mar 06 2019 Michal Hlavinka - 1:2.3.5-1 -- dovecot updated to 2.3.5, pigeonhole updated to 0.5.5 - -* Thu Jan 31 2019 Fedora Release Engineering - 1:2.3.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Jan 14 2019 Björn Esser - 1:2.3.4-2 -- Rebuilt for libcrypt.so.2 (#1666033) - -* Wed Jan 09 2019 Michal Hlavinka - 1:2.3.4-1 -- dovecot updated to 2.3.4, pigeonhole updated to 0.5.4 - -* Tue Oct 02 2018 Michal Hlavinka - 1:2.3.3-1 -- dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3 -- doveconf hides more secrets now in the default output -- NUL bytes in mail headers can cause truncated replies when fetched. -- virtual plugin: Some searches used 100% CPU for many seconds -- dsync assert-crashed with acl plugin in some situations. -- imapc: Fixed various assert-crashes when reconnecting to server. - - -* Tue Oct 02 2018 Michal Hlavinka - 1:2.3.2.1-4 -- fix dovecot-init service syntax error (#1635017) - -* Mon Aug 13 2018 Michal Hlavinka - 1:2.3.2.1-3 -- do not try to generate ssl-params as its obsolete (#1614640) - -* Thu Jul 12 2018 Fedora Release Engineering - 1:2.3.2.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jul 10 2018 Michal Hlavinka - 1:2.3.2.1-1 -- SSL/TLS servers may have crashed during client disconnection - -* Mon Jul 09 2018 Michal Hlavinka - 1:2.3.2-1 -- dovecot updated to 2.3.2, pigeonhole to 0.5.2 - -* Wed Mar 28 2018 Michal Hlavinka - 1:2.3.1-2 -- fix ftbfs - murmurhash3 check fail - -* Wed Mar 28 2018 Michal Hlavinka - 1:2.3.1-1 -- dovecot updated to 2.3.1, pigeonhole updated to 0.5.1 - -* Tue Mar 27 2018 Michal Hlavinka - 1:2.3.0.1-3 -- use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520) - -* Wed Mar 07 2018 Michal Hlavinka - 1:2.3.0.1-2 -- add gcc buildrequire - -* Thu Mar 01 2018 Michal Hlavinka - 1:2.3.0.1-1 -- dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1 - -* Fri Feb 09 2018 Igor Gnatenko - 1:2.2.33.2-5 -- Escape macros in %%changelog - -* Wed Feb 07 2018 Fedora Release Engineering - 1:2.2.33.2-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Sat Jan 20 2018 Björn Esser - 1:2.2.33.2-3 -- Rebuilt for switch to libxcrypt - -* Mon Jan 08 2018 Michal Hlavinka - 1:2.2.33.2-2 -- remove tcp_wrappers on Fedora 28 and later (#1518761) -- use use mariadb-connector-c-devel instead of mysql-devel on Fedora 28 and later (#1493624) - -* Tue Oct 24 2017 Michal Hlavinka - 1:2.2.33.2-1 -- dovecot updated to 2.2.33.2 -- doveadm: Fix crash in proxying (or dsync replication) if remote is - running older than v2.2.33 -- auth: Fix memory leak in %%{ldap_dn} -- dict-sql: Fix data types to work correctly with Cassandra - -* Wed Oct 18 2017 Michal Hlavinka - 1:2.2.33.1-1 -- dovecot updated to 2.2.33.1, pigeonhole updated to -- Added %%{if}, see https://wiki2.dovecot.org/Variables#Conditionals -- sdbox: Mails were always opened when expunging, unless - mail_attachment_fs was explicitly set to empty. -- lmtp/doveadm proxy: hostip passdb field was ignored, which caused - unnecessary DNS lookups if host field wasn't an IP -- lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO -- quota_clone: Update also when quota is unlimited (broken in v2.2.31) -- mbox, zlib: Fix assert-crash when accessing compressed mbox -- doveadm director kick -f parameter didn't work -- doveadm director flush resulted flushing all hosts, if - wasn't an IP address. -- director: Various fixes to handling backend/director changes at - abnormal times, especially while ring was unsynced. -- director: Use less CPU in imap-login processes when moving/kicking - many users. -- lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs - when lmtp_rcpt_check_quota=yes -- LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A - missing LDAP-based script could cause the script sequence to exit earlier. -- sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name - conversion. This caused problems with mailbox names containing UTF-8 - characters. - -* Mon Aug 28 2017 Michal Hlavinka - 1:2.2.32-2 -- pigeonhole updated to 0.4.20 -- Made the retention period for redirect duplicate identifiers - configurable. Changed the default retention period from 24 to 12 hours. -- sieve-filter: Fixed memory leak: forgot to clean up script binary at - end of execution -- managesieve-login: Fixed handling of AUTHENTICATE command. A second - authenticate command would be parsed wrong. - -* Fri Aug 25 2017 Michal Hlavinka - 1:2.2.32-1 -- dovecot updated to 2.2.32 -- Modseq tracking didn't always work correctly. This could have caused - imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to - not work perfectly. -- mdbox: "Inconsistency in map index" wasn't fixed automatically -- dict-ldap: %%variable values used in the LDAP filter weren't escaped. -- quota=count: quota_warning = -storage=.. was never executed (try #2). -- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent - FETCHes, but weren't. -- quota-status service didn't support recipient_delimiter -- acl: Don't access dovecot-acl-list files with acl_globals_only=yes -- mail_location: If INDEX dir is set, mailbox deletion deletes its - childrens' indexes. -- director: v2.2.31 caused rapid reconnection loops to directors - that were down. - -* Wed Aug 02 2017 Fedora Release Engineering - 1:2.2.31-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 1:2.2.31-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Tue Jul 11 2017 Michal Hlavinka - 1:2.2.31-3 -- enable tcpwrap support (#1450587) - -* Tue Jul 04 2017 Michal Hlavinka - 1:2.2.31-2 -- revert commit breaking NOTIFY support - -* Tue Jun 27 2017 Michal Hlavinka - 1:2.2.31-1 -- dovecot updated to 2.2.31 -- Various fixes to handling mailbox listing. Especially related to - handling nonexistent autocreated/autosubscribed mailboxes and ACLs. -- Global ACL file was parsed as if it was local ACL file. This caused - some of the ACL rule interactions to not work exactly as intended. -- Using mail_sort_max_read_count may have caused very high CPU usage. -- Message address parsing could have crashed on invalid input. -- imapc_features=fetch-headers wasn't always working correctly and - caused the full header to be fetched. -- imapc: Various bugfixes related to connection failure handling. -- quota=count: quota_warning = -storage=.. was never executed -- quota=count: Add support for "ns" parameter -- dsync: Fix incremental syncing for mails that don't have Date or - Message-ID headers. -- imap: Fix hang when client sends pipelined SEARCH + - EXPUNGE/CLOSE/LOGOUT. -- oauth2: Token validation didn't accept empty server responses. -- imap: NOTIFY command has been almost completely broken since the - beginning. -- pigeonhole updated to 0.4.19 -- Fixed bug in handling of implicit keep in some cases. -- include extension: Fixed segfault that (sometimes) occurred when the - global script location was left unconfigured. - -* Wed Jun 07 2017 Michal Hlavinka - 1:2.2.30.2-1 -- dovecot updated to 2.2.30.2 -- auth: Multiple failed authentications within short time caused crashes -- push-notification: OX driver crashed at deinit - -* Thu Jun 01 2017 Michal Hlavinka - 1:2.2.30.1-1 -- dovecot updated to 2.2.30.1 -- More fixes to automatically fix corruption in dovecot.list.index -- dsync-server: Fix support for dsync_features=empty-header-workaround -- imapc: Various bugfixes, including infinite loops on some errors -- IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't - enabled modseq tracking via CONDSTORE/QRESYNC. -- fts-lucene: Fix it to work again with mbox format -- Some internal error messages may have contained garbage in v2.2.29 -- mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys - are used. Otherwise the copied mails can't be opened. - -* Wed Apr 12 2017 Michal Hlavinka - 1:2.2.29.1-1 -- dovecot updated to 2.2.29.1 -- dict-sql: Merging multiple UPDATEs to a single statement wasn't - actually working. -- pigeonhole updated to 0.4.18 -- imapsieve plugin: Implemented the copy_source_after rule action. When this - is enabled for a mailbox rule, the specified Sieve script is executed for - the message in the source mailbox during a "COPY" event. This happens only - after the Sieve script that is executed for the corresponding message in the - destination mailbox finishes running successfully. -- imapsieve plugin: Added non-standard Sieve environment items for the source - and destination mailbox. -- multiscript: The execution of the discard script had an implicit "keep", - rather than an implicit "discard". - -* Tue Apr 11 2017 Michal Hlavinka - 1:2.2.29-1 -- dovecot updated to 2.2.29 -- fts-tika: Fixed crash when parsing attachment without - Content-Disposition header. Broken by 2.2.28. -- trash plugin was broken in 2.2.28 -- auth: When passdb/userdb lookups were done via auth-workers, too much - data was added to auth cache. This could have resulted in wrong - replies when using multiple passdbs/userdbs. -- auth: passdb { skip & mechanisms } were ignored for the first passdb -- oauth2: Various fixes, including fixes to crashes -- dsync: Large Sieve scripts (or other large metadata) weren't always - synced. -- Index rebuild (e.g. doveadm force-resync) set all mails as \Recent -- imap-hibernate: %%{userdb:*} wasn't expanded in mail_log_prefix -- doveadm: Exit codes weren't preserved when proxying commands via - doveadm-server. Almost all errors used exit code 75 (tempfail). -- ACLs weren't applied to not-yet-existing autocreated mailboxes. -- Fixed a potential crash when parsing a broken message header. -- cassandra: Fallback consistency settings weren't working correctly. -- doveadm director status : "Initial config" was always empty -- imapc: Various reconnection fixes. - -* Mon Feb 27 2017 Michal Hlavinka - 1:2.2.28-1 -- dovecot updated to 2.2.28, pigeonhole to 0.4.17 -- auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them - in lib-dsasl for client side. -- imap: SEARCH/SORT may have assert-crashed in - client_check_command_hangs -- imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes. -- search: Using NOT n:* or NOT UID n:* wasn't handled correctly -- fts: fts_autoindex_exclude = \Special-use caused crashes -- doveadm-server: Fix leaks and other problems when process is reused - for multiple requests (service_count != 1) -- sdbox: Fix assert-crash on mailbox create race -- lda/lmtp: deliver_log_format values weren't entirely correct if Sieve - was used. especially %%{storage_id} was broken. -- imapsieve plugin: Fixed assert failure occurring when used with virtual - mailboxes. -- doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's - string value. - -* Fri Feb 10 2017 Fedora Release Engineering - 1:2.2.27-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Wed Dec 14 2016 Than Ngo - 1:2.2.27-2 -- fixed bz#1403760, big endian issue - -* Mon Dec 05 2016 Michal Hlavinka - 1:2.2.27-1 -- Fixed crash in auth process when auth-policy was configured and - authentication was aborted/failed without a username set. -- director: If two users had different tags but the same hash, - the users may have been redirected to the wrong tag's hosts. -- Index files may have been thought incorrectly lost, causing - "Missing middle file seq=.." to be logged and index rebuild. - This happened more easily with IMAP hibernation enabled. -- Various fixes to restoring state correctly in un-hibernation. -- dovecot.index files were commonly 4 bytes per email too large. This - is because 3 bytes per email were being wasted that could have been - used for IMAP keywords. -- Various fixes to handle dovecot.list.index corruption better. -- lib-fts: Fixed assert-crash in address tokenizer with specific input. -- Fixed assert-crash in HTML to text parsing with specific input - (e.g. for FTS indexing or snippet generation) -- doveadm sync -1: Fixed handling mailbox GUID conflicts. -- sdbox, mdbox: Perform full index rebuild if corruption is detected - inside lib-index, which runs index fsck. -- quota: Don't skip quota checks when moving mails between different - quota roots. -- search: Multiple sequence sets or UID sets in search parameters - weren't handled correctly. They were incorrectly merged together. - -* Fri Dec 02 2016 Michal Hlavinka - 1:2.2.26.0-2 -- fix remote crash when auth-policy component is activated (CVE-2016-8652,#1401025) - -* Mon Oct 31 2016 Michal Hlavinka - 1:2.2.26.0-1 -- dovecot updated to 2.2.26.0, pigeonhole updated to 0.4.16 -- master process's listener socket was leaked to all child processes. - This might have allowed untrusted processes to capture and prevent - "doveadm service stop" comands from working. -- login proxy: Fixed crash when outgoing SSL connections were hanging. -- auth: userdb fields weren't passed to auth-workers, so %%{userdb:*} - from previous userdbs didn't work there. -- auth: Fixed auth_bind=yes + sasl_bind=yes to work together -- lmtp: %%{userdb:*} variables didn't work in mail_log_prefix -- Fixed writing >2GB to iostream-temp files (used by fs-compress, - fs-metawrap, doveadm-http) -- fts-solr: Fixed searching multiple mailboxes -- and more... - -* Mon Jul 04 2016 Michal Hlavinka - 1:2.2.25-1 -- dovecot updated to 2.2.25 -- doveadm backup was sometimes deleting entire mailboxes unnecessarily. -- doveadm: Command -parameters weren't being sent to doveadm-server. -- if dovecot.index read failed e.g. because mmap() reached VSZ limit, - an empty index could have been opened instead, corrupting the - mailbox state. -- lazy-expunge: Fixed a crash when copying failed. Various other fixes. -- fts-lucene: Fixed crash on index rescan. -- dict-ldap: Various fixes -- dict-sql: NULL values crashed. Now they're treated as "not found". - - -* Wed Apr 27 2016 Michal Hlavinka - 1:2.2.24-1 -- dovecot updated to 2.2.24 -- Huge header lines could have caused Dovecot to use too much memory -- dsync: Detect and handle invalid/stale -s state string better. -- dsync: Fixed crash caused by specific mailbox renames -- auth: Auth cache is now disabled passwd-file. -- fts-tika: Don't crash if it returns 500 error -- dict-redis: Fixed timeout handling -- SEARCH INTHREAD was crashing -- stats: Only a single fifo_listeners was supported, making it impossible to - use both auth_stats=yes and mail stats plugin. -- SSL errors were logged in separate "Stacked error" log lines instead of as - part of the disconnection reason. -- MIME body parser didn't handle properly when a child MIME part's --boundary - had the same prefix as the parent. -- pigeonhole updated to 0.4.14 -- extprograms plugin: Fixed epoll() panic caused by closing the output - FD before the output stream. -- Made sure that the local part of a mail address is encoded properly - using quoted string syntax when it is not a dot-atom. - -* Thu Mar 31 2016 Michal Hlavinka - 1:2.2.23-1 -- dovecot updated to 2.2.23, pigeonhole updated to 0.4.13 -- Various fixes to doveadm. Especially running commands via - doveadm-server was broken. -- director: Fixed user weakness getting stuck in some situations -- director: Fixed a situation where directors keep re-sending - different states to each others and never becoming synced. -- director: Fixed assert-crash related to a slow "user killed" reply -- Fixed assert-crash related to istream-concat, which could have - been triggered at least by a Sieve script. - -* Wed Mar 16 2016 Michal Hlavinka - 1:2.2.22-1 -- dovecot updated to 2.2.22 -- auth: Auth caching was done too aggressively when %%variables were - used in default_fields, override_fields or LDAP pass/user_attrs. - userdb result_* were also ignored when user was found from cache. -- imap: Fixed various assert-crashes caused v2.2.20+. Some of them - caught actual hangs or otherwise unwanted behavior towards IMAP - clients. -- Expunges were forgotten in some situations, for example when - pipelining multiple IMAP MOVE commands. -- quota: Per-namespaces quota were broken for dict and count backends - in v2.2.20+ -- fts-solr: Search queries were using OR instead of AND as the - separator for multi-token search queries in v2.2.20+. -- Single instance storage support wasn't really working in v2.2.16+ -- dbox: POP3 message ordering wasn't working correctly. -- virtual plugin: Fixed crashes related to backend mailbox deletions. - -* Mon Feb 08 2016 Michal Hlavinka - 1:2.2.21-4 -- pigeonhole updated to 0.4.12 -- multiscript: Fixed bug in handling of (implicit) keep; final keep action was - always executed as though there was a failure. -- managesieve-login: Fixed proxy to allow SASL mechanisms other than PLAIN. -- ldap storage: Prevent segfault occurring when assigning certain (global) - configuration options. - -* Wed Feb 03 2016 Fedora Release Engineering - 1:2.2.21-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Thu Jan 28 2016 Michal Hlavinka - 1:2.2.21-2 -- pigeonhole updated to 0.4.11 -- Sieve mime extension: Fixed the header :mime :anychild test to work properly - outside a foreverypart loop. -- Fixed assert failure occurring when text extraction is attempted on a - empty or broken text part. -- Fixed assert failure in handling of body parts that are converted to text. -- Fixed header unfolding for (mime) headers parsed from any mime part. -- Fixed trimming for (mime) headers parsed from any mime part. -- Fixed erroneous changes to the message part tree structure performed when - re-parsing the message. -- LDA Sieve plugin: Fixed bug in error handling of script storage initialization -- Fixed duplication of discard actions in the script result. -- Made sure that quota errors never get logged as errors in syslog. - -* Wed Dec 16 2015 Michal Hlavinka - 1:2.2.21-1 -- dovecot updated to 2.2.21 -- doveadm mailbox list (and some others) were broken in v2.2.20 -- director: Fixed making backend changes when running with only a - single director server. -- virtual plugin: Fixed crash when trying to open nonexistent - autocreated backend mailbox. -- pigeonhole updated to 0.4.10 -- implemented the Sieve mime and foreverypart extensions (RFC 5703). -+ sieve body extension: Properly implemented the `:text' body - transform. It now extracts text for HTML message parts. -- variables extension: Fixed handling of empty string by the `:length' - set modifier. An empty string yielded an empty string rather than "0". -- Fixed memory leak in the Sieve script byte code dumping facility. - Extension contexts were never actually freed. -- doveadm sieve plugin: Fixed crashes caused by incorrect context - allocation in the sieve command implementations. - -* Tue Dec 08 2015 Michal Hlavinka - 1:2.2.20-2 -- move ssl initialization from %%post to dovecot-init.service - -* Tue Dec 08 2015 Michal Hlavinka - 1:2.2.20-1 -- dovecot updated to 2.2.20 -- director: Backend tags weren't working correctly. -- ldap: tls_* settings weren't used for ldaps URIs. -- ldap, mysql: Fixed setting connect timeout. -- auth: userdb lookups via auth-worker couldn't change username -- dsync: Fixed handling deleted directories. Make sure we don't go to - infinite mailbox renaming loop. -- imap: Fixed crash in NOTIFY when there were watched namespaces that - didn't support NOTIFY. -- imap: After SETMETADATA was used, various commands (especially FETCH) - could have started hanging when their output was large. -- stats: Idle sessions weren't refreshed often enough, causing stats - process to forget them and log errors about unknown sessions when - they were updated later. -- stats: Fixed "Duplicate session ID" errors when LMTP delivered to - multiple recipients and fts_autoindex=yes. -- zlib plugin: Fixed copying causing cache corruption when zlib_save - wasn't set, but the source message was compressed. -- fts-solr: Fixed escaping Solr query parameters. -- lmtp: quota_full_tempfail=yes was ignored with - lmtp_rcpt_check_quota=yes - -* Mon Oct 05 2015 Michal Hlavinka - 1:2.2.19-1 -- dovecot updated to 2.2.19 -- mdbox: Rebuilding could have caused message's reference count to - overflow the 16bit number in some situations, causing problems when - trying to expunge the duplicates. -- Various search fixes (fts, solr, tika, lib-charset, indexer) -- Various virtual plugin fixes -- Various fixes and optimizations to dsync, imapc and pop3-migration -- imap: Various RFC compliancy and crash fixes to NOTIFY -- pigeonhole updated to 0.4.9 -- ManageSieve: Fixed an assert failure occurring when a client - disconnects during the GETSCRIPT command. -- doveadm sieve plugin: Fixed incorrect initialization (mem leaks) of mail user. -- sieve-filter command line tool: Fixed handling of failure-related - implicit keep when there is an explicit default destination folder. -- lib-sieve: Fixed bug in RFC5322 header folding. - -* Mon Aug 24 2015 Michal Hlavinka - 1:2.2.18-5 -- use the system crypto policy (#1109114) - -* Fri Jun 19 2015 Michal Hlavinka - 1:2.2.18-4 -- fix build for s390x and ppc64 (#1232650) - -* Wed Jun 17 2015 Fedora Release Engineering - 1:2.2.18-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Mon May 18 2015 Michal Hlavinka - 1:2.2.18-2 -- update pigeonhole to 0.4.8 -- Fixed problem in address test: erroneously decoded mime-encoded words in - address headers. -- extprograms plugin: Fixed failure occurring when connecting to script - service without the need to read back the output from the external program. -- Fixed bug in script storage path normalization occurring with relative - symbolic links below root. - -* Fri May 15 2015 Michal Hlavinka - 1:2.2.18-1 -- director: Login UNIX sockets were normally detected as doveadm or - director ring sockets, causing it to break in existing installations. -- sdbox: When copying a mail in alt storage, place the destination to - alt storage as well. - -* Thu May 14 2015 Michal Hlavinka - 1:2.2.17-1 -- dovecot updated to 2.2.17 -- pigeonhole updated to 0.4.7 -- auth: If auth_master_user_separator was set, auth process could be - crashed by trying to log in with empty master username. -- imap-login, pop3-login: Fixed crash on handshake failures with new - OpenSSL versions (v1.0.2) when SSLv3 was disabled. -- auth: If one passdb fails allow_nets check, it shouldn't have failed - all the other passdb checks later on. -- imap: Server METADATA couldn't be accessed -- imapc: Fixed \Muted label handling in gmail-migration. -- imapc: Various bugfixes and improvements. -- Trash plugin fixes by Alexei Gradinari -- mbox: Fixed crash/corruption in some situations - -* Tue Apr 28 2015 Michal Hlavinka - 1:2.2.16-2 -- fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process - -* Mon Mar 16 2015 Michal Hlavinka - 1:2.2.16-1 -- dovecot updated to 2.2.16 -- auth: Don't crash if master user login is attempted without - any configured master=yes passdbs -- Parsing UTF-8 text for mails could have caused broken results - sometimes if buffering was split in the middle of a UTF-8 character. - This affected at least searching messages. -- String sanitization for some logged output wasn't done properly: - UTF-8 text could have been truncated wrongly or the truncation may - not have happened at all. -- fts-lucene: Lookups from virtual mailbox consisting of over 32 - physical mailboxes could have caused crashes. - -* Thu Feb 05 2015 Michal Hlavinka - 1:2.2.15-3 -- fix mbox istream crashes (#1189198, #1186504) - -* Mon Jan 05 2015 Michal Hlavinka - 1:2.2.15-2 -- fix crash related to logging BYE notifications (#1176282) -- update pigeonhole to 0.4.6 - -* Thu Oct 30 2014 Michal Hlavinka - 1:2.2.15-1 -- dovecot updated to 2.2.15 -- various race condition fixes to LAYOUT=index -- v2.2.14 virtual plugin crashed in some situations - -* Fri Oct 17 2014 Michal Hlavinka - 1:2.2.14-1 -- dovecot updated to 2.2.14, pigeonhole updated to 0.4.3 -- fixed several race conditions with dovecot.index.cache handling that - may have caused unnecessary "cache is corrupted" errors. -- auth: If auth client listed userdb and disconnected before finishing, - the auth worker process got stuck -- imap-login, pop3-login: Fixed potential crashes when client - disconnected unexpectedly. -- imap proxy: The connection was hanging in some usage patterns. - -* Thu Aug 21 2014 Michal Hlavinka - 1:2.2.13-4 -- use network-online target instead of just network (#1119814) - -* Sat Aug 16 2014 Fedora Release Engineering - 1:2.2.13-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Sat Jun 07 2014 Fedora Release Engineering - 1:2.2.13-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Mon May 12 2014 Michal Hlavinka - 1:2.2.13-1 -- dovecot updated to 2.2.13 -- fixes CVE-2014-3430: denial of service through maxxing out SSL connections -- pop3 server was still crashing in v2.2.12 -- maildir: Various fixes and improvements to handling compressed mails -- fts-lucene, fts-solr: Fixed crash on search when the index contained - duplicate entries. -- mail_attachment_dir: Attachments with the last base64-encoded line - longer than the rest wasn't handled correctly. -- IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+ -- acl: Global ACL file handling was broken when multiple entries - matched the mailbox name - -* Sun Mar 30 2014 John Morris - 1:2.2.12-2 -- el6 build fixes (#1082384): -- el6 autoconf too old to regen; use packaged files -- fix compile error when __global_ldflags macro undefined - -* Fri Feb 14 2014 Michal Hlavinka - 1:2.2.12-1 -- dovecot updated to 2.2.12 -- fixes pop3 crash - -* Thu Feb 13 2014 Michal Hlavinka - 1:2.2.11-1 -- dovecot updated to 2.2.11 -- imap: SEARCH/SORT PARTIAL reponses may have been too large. -- doveadm backup: Fixed assert-crash when syncing mailbox deletion. - -* Thu Jan 02 2014 Michal Hlavinka - 1:2.2.10-1 -- dovecot updated to 2.2.10 -- quota-status: quota_grace was ignored -- ldap: Fixed memory leak with auth_bind=yes and without - auth_bind_userdn. -- imap: Don't send HIGHESTMODSEQ anymore on SELECT/EXAMINE when - CONDSTORE/QRESYNC has never before been enabled for the mailbox. -- imap: Fixes to handling mailboxes without permanent modseqs. - (When [NOMODSEQ] is returned by SELECT, mainly with in-memory - indexes.) -- imap: Various fixes to METADATA support. -- stats plugin: Processes that only temporarily dropped privileges - (e.g. indexer-worker) may have been logging errors about not being - able to open /proc/self/io. - -* Mon Nov 25 2013 Michal Hlavinka - 1:2.2.9-1 -- improved cache file handling exposed several old bugs related to fetching - mail headers. -- iostream handling changes were causing some connections to be disconnected - before flushing their output - -* Wed Nov 20 2013 Michal Hlavinka - 1:2.2.8-1 -- Fixed infinite loop in message parsing if message ends with - "--boundary" and CR (without LF). Messages saved via SMTP/LMTP can't - trigger this, because messages must end with an "LF.". A user could - trigger this for him/herself though. -- lmtp: Client was sometimes disconnected before all the output was - sent to it. -- replicator: Database wasn't being exported to disk every 15 minutes - as it should have. Instead it was being imported, causing "doveadm - replicator remove" commands to not work very well. - -* Thu Nov 14 2013 Michal Hlavinka - 1:2.2.7-2 -- fix ostream infinite loop (#1029906) - -* Mon Nov 04 2013 Michal Hlavinka - 1:2.2.7-1 -- dovecot updated to 2.2.7 -- master process was doing a hostname.domain lookup for each created - process, which may have caused a lot of unnecessary DNS lookups. -- dsync: Syncing over 100 messages at once caused problems in some - situations, causing messages to get new UIDs. -- fts-solr: Different Solr hosts for different users didn't work. - -* Tue Oct 01 2013 Michal Hlavinka - 1:2.2.6-1 -- dovecot updated to 2.2.6, pigeonhole updated to 0.4.2 -- director: v2.2.5 changes caused "SYNC lost" errors -- dsync: Many fixes and error handling improvements -- doveadm -A: Don't waste CPU by doing a separate config lookup - for each user -- Long-running ssl-params process no longer prevents Dovecot restart -- mbox: Fixed mailbox_list_index=yes to work correctly - -* Thu Aug 08 2013 Michal Hlavinka - 1:2.2.5-2 -- use unversioned doc dir (#993731) - -* Wed Aug 07 2013 Michal Hlavinka - 1:2.2.5-1 -- dovecot updated to 2.2.5 -- added some missing man pages (by Pascal Volk) -- director: Users near expiration could have been redirected to - different servers at the same time. -- pop3: Avoid assert-crash if client disconnects during LIST. -- mdbox: Corrupted index header still wasn't automatically fixed. -- dsync: Various fixes to work better with imapc and pop3c storages. -- ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl - symbols conflicted with Cyrus SASL library. - -* Tue Jul 30 2013 Michal Hlavinka - 1:2.2.4-3 -- dovecot pigeonhole updated to 0.4.1 - -* Wed Jul 10 2013 Michal Hlavinka - 1:2.2.4-2 -- fix name conflict with cyrus-sasl (#975869) - -* Tue Jun 25 2013 Michal Hlavinka - 1:2.2.4-1 -- dovecot updated to 2.2.4 -- imap/pop3 proxy: Master user logins were broken in v2.2.3 -- sdbox/mdbox: A corrupted index header with wrong size was never - automatically fixed in v2.2.3. -- mbox: Fixed assert-crashes related to locking. - -* Mon Jun 17 2013 Michal Hlavinka - 1:2.2.3-1 -- dovecot updated to 2.2.3 -- IMAP: If subject contained only whitespace, Dovecot returned an - ENVELOPE reply with a huge literal value, effectively causing the - IMAP client to wait for more data forever. -- IMAP: Various URLAUTH fixes. -- imapc: Various bugfixes and improvements -- pop3c: Various fixes to make it work in dsync (without imapc) -- dsync: Fixes to syncing subscriptions. Fixes to syncing mailbox - renames. - -* Tue May 21 2013 Michal Hlavinka - 1:2.2.2-2 -- fix location of tmpfiles configuration (#964448) - -* Mon May 20 2013 Michal Hlavinka - 1:2.2.2-1 -- dovecot updated to 2.2.2 -- IMAP: Various URLAUTH fixes. -- IMAP: Fixed a hang with invalid APPEND parameters. -- IMAP LIST-EXTENDED: INBOX was never listed with \Subscribed flag. -- mailbox_list_index=yes still caused crashes. -- maildir: Fixed a crash after dovecot-keywords file was re-read. -- maildir: If files had reappeared unexpectedly to a Maildir, they - were ignored until index files were deleted. -- Maildir: Fixed handling over 26 keywords in a mailbox. -- imap/pop3-login proxying: Fixed a crash if TCP connection succeeded, - but the remote login timed out. - -* Thu May 16 2013 Michal Hlavinka - 1:2.2.1-4 -- update pigeonhole to 0.4.0 - -* Mon Apr 29 2013 Michal Hlavinka - 1:2.2.1-3 -- revert last change and use different fix - -* Wed Apr 24 2013 Kalev Lember - 1:2.2.1-2 -- Filter out autogenerated perl deps (#956194) - -* Fri Apr 19 2013 Michal Hlavinka - 1:2.2.1-1 -- dovecot updated to 2.2.1 -- mailbox_list_index=yes was broken. -- LAYOUT=index didn't list subscriptions. -- auth: Multiple master passdbs didn't work. -- Message parsing (e.g. during search) crashed when multipart message - didn't actually contain any parts. -- dovecot updated to 2.2.1 - -* Mon Apr 15 2013 Michal Hlavinka - 1:2.2.0-1 -- dovecot updated to 2.2.0 -- Mailbox list indexes weren't using proper file permissions based - on the root directory. -- replicator: doveadm commands and user list export may have skipped - some users. -- Various fixes to mailbox_list_index=yes - -* Fri Apr 05 2013 Michal Hlavinka - 1:2.2-0.4 -- dovecot updated to 2.2 RC4 -- various bugfixes to LDAP changes in rc3 - -* Wed Mar 27 2013 Michal Hlavinka - 1:2.2-0.3 -- dovecot updated to 2.2 RC3 -- Fixed a crash when decoding quoted-printable content. -- dsync: Various bugfixes - -* Thu Feb 28 2013 Michal Hlavinka - 1:2.2-0.2 -- do not print error when NetworkManager is not installed (#916456) - -* Wed Feb 27 2013 Michal Hlavinka - 1:2.2-0.1 -- major update to dovecot 2.2 RC2 - -* Mon Feb 11 2013 Michal Hlavinka - 1:2.1.15-1 -- dovecot updated to 2.1.15 -- v2.1.14's dovecot.index.cache fixes caused Dovecot to use more disk I/O - and memory than was necessary. - -* Tue Feb 05 2013 Michal Hlavinka - 1:2.1.14-2 -- spec clean up - -* Thu Jan 31 2013 Michal Hlavinka - 1:2.1.14-1 -- dovecot updated to 2.1.14 -- v2.1.11+ had a race condition where it sometimes overwrote data in - dovecot.index.cache file. This could have caused Dovecot to return - the same cached data to two different messages. -- mdbox: Fixes to handling duplicate GUIDs during index rebuild - -* Tue Jan 15 2013 Michal Hlavinka - 1:2.1.13-1 -- dovecot updated to 2.1.13 -- Some fixes to cache file changes in v2.1.11. -- virtual storage: Sorting mailbox by from/to/cc/bcc didn't work. - -* Mon Dec 03 2012 Michal Hlavinka - 1:2.1.12-1 -- dovecot updated to 2.1.12 -- lmtp proxy: Fixed hanging if remote server was down. -- doveadm: Various fixes to handling doveadm-server connections. -- auth: passdb imap was broken in v2.1.10. - -* Thu Nov 08 2012 Michal Hlavinka - 1:2.1.10-3 -- fix network still not ready race condition (#871623) - -* Fri Nov 02 2012 Michal Hlavinka - 1:2.1.10-2 -- add reload command to service file - -* Wed Sep 19 2012 Michal Hlavinka - 1:2.1.10-1 -- dovecot updated to 2.1.10, pigeonhole updated to 0.3.3 -- director: In some conditions director may have disconnected from - another director (without logging about it), thinking it was sending - invalid data. -- imap: Various fixes to listing mailboxes. -- login processes crashed if there were a lot of local {} or remote {} - settings blocks. - -* Fri Aug 24 2012 Michal Hlavinka - 1:2.1.9-2 -- use new systemd rpm macros (#851238) - -* Thu Aug 02 2012 Michal Hlavinka - 1:2.1.9-1 -- dovecot updated to 2.1.9 -- Full text search indexing might have failed for some messages, - always causing indexer-worker process to run out of memory. -- fts-lucene: Fixed handling SEARCH HEADER FROM/TO/SUBJECT/CC/BCC when - the header wasn't lowercased. -- fts-squat: Fixed crash when searching a virtual mailbox. -- pop3: Fixed assert crash when doing UIDL on empty mailbox on some - setups. -- auth: GSSAPI RFC compliancy and error handling fixes. -- Various fixes related to handling shared namespaces - -* Wed Jul 18 2012 Fedora Release Engineering - 1:2.1.8-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Tue Jul 03 2012 Michal Hlavinka - 1:2.1.8-2 -- pigeonhole updated to 0.3.1 -- Fixed several small issues, including a few potential segfault bugs, based - on static source code analysis. - -* Tue Jul 03 2012 Michal Hlavinka - 1:2.1.8-1 -- dovecot updated to 2.1.8 -- imap: Mailbox names were accidentally sent as UTF-8 instead of mUTF-7 - in previous v2.1.x releases for STATUS, MYRIGHTS and GETQUOTAROOT commands. -- lmtp proxy: Don't timeout connections too early when mail has a lot of RCPT TOs. -- director: Don't crash if the director is working alone. -- shared mailboxes: Avoid doing "@domain" userdb lookups. -- doveadm: Fixed crash with proxying some commands. -- fts-squat: Fixed handling multiple SEARCH parameters. -- imapc: Fixed a crash when message had more than 8 keywords. -- imapc: Don't crash on APPEND/COPY if server doesn't support UIDPLUS. - - -* Mon Jul 02 2012 Michal Hlavinka - 1:2.1.7-5 -- make quota work with NFS mounted mailboxes - -* Fri Jun 22 2012 Michal Hlavinka - 1:2.1.7-4 -- posttrans argument is always zero - -* Fri Jun 15 2012 Michal Hlavinka - 1:2.1.7-3 -- do not let dovecot run during upgrade (#134325) - -* Wed May 30 2012 Michal Hlavinka - 1:2.1.7-2 -- fix changelog, 2.1.7-1 had copy-pasted upstream changelog, which was wrong -- director: Don't crash with quickly disconnecting incoming director - connections. -- mdbox: If mail was originally saved to non-INBOX, and namespace - prefix is non-empty, don't assert-crash when rebuilding indexes. -- sdbox: Don't use more fds than necessary when copying mails. -- auth: Fixed crash with DIGEST-MD5 when attempting to do master user - login without master passdbs. -- Several fixes to mail_shared_explicit_inbox=no -- imapc: Use imapc_list_prefix also for listing subscriptions. - -* Wed May 30 2012 Michal Hlavinka - 1:2.1.7-1 -- updated to 2.1.7 -- v2.1.5: Using "~/" as mail_location or elsewhere failed to actually - expand it to home directory. -- dbox: Fixed potential assert-crash when reading dbox files. -- trash plugin: Fixed behavior when quota is already over limit. -- mail_log plugin: Logging "copy" event didn't work. -- Proxying to backend server with SSL: Verifying server certificate - name always failed, because it was compared to an IP address. - -* Wed May 09 2012 Michal Hlavinka - 1:2.1.6-2 -- fix socket activation again, fix in 2.1.6 is incomplete - -* Wed May 09 2012 Michal Hlavinka - 1:2.1.6-1 -- v2.1.5: Using "~/" as mail_location or elsewhere failed to actually - expand it to home directory. -- dbox: Fixed potential assert-crash when reading dbox files. -- trash plugin: Fixed behavior when quota is already over limit. -- Proxying to backend server with SSL: Verifying server certificate - name always failed, because it was compared to an IP address. - -* Tue Apr 24 2012 Michal Hlavinka - 1:2.1.5-1 -- IMAP: Several fixes related to mailbox listing in some configs -- director: A lot of fixes and performance improvements -- mbox: Deleting a mailbox didn't delete its index files. -- pop3c: TOP command was sent incorrectly -- trash plugin didn't work properly -- LMTP: Don't add a duplicate Return-Path: header when proxying. -- listescape: Don't unescape namespace prefixes. - -* Tue Apr 24 2012 Michal Hlavinka - 1:2.1.4-2 -- close systemd extra sockets that are not configured - -* Tue Apr 10 2012 Michal Hlavinka - 1:2.1.4-1 -- dovecot updated to 2.1.4 -- Proxying SSL connections crashed in v2.1.[23] -- fts-solr: Indexing mail bodies was broken. -- director: Several changes to significantly improve error handling -- doveadm import didn't import messages' flags -- mail_full_filesystem_access=yes was broken -- Make sure IMAP clients can't create directories when accessing - nonexistent users' mailboxes via shared namespace. -- Dovecot auth clients authenticating via TCP socket could have failed - with bogus "PID already in use" errors. - -* Mon Mar 19 2012 Michal Hlavinka - 1:2.1.3-1 -- dovecot updated to 2.1.3 -- multi-dbox format in dovecot 2.1.2 was broken -- temporarily disable check phase until bug #798968 is fixed - -* Fri Mar 16 2012 Michal Hlavinka - 1:2.1.2-1 -- dovecot updated to 2.1.2 -- doveadm sync: If mailbox was expunged empty, messages may have - become back instead of also being expunged in the other side. -- imap_id_* settings were ignored before login. -- Several fixes to mailbox_list_index=yes -- Previous v2.1.x didn't log all messages at shutdown. - -* Thu Mar 01 2012 Michal Hlavinka - 1:2.1.1-2 -- enable fts_lucene plugin (#798661) - -* Fri Feb 24 2012 Michal Hlavinka - 1:2.1.1-1 -- dovecot updated to 2.1.1 -- acl plugin + autocreated mailboxes crashed when listing mailboxes -- doveadm force-resync: Don't skip autocreated mailboxes (especially - INBOX). -- If process runs out of fds, stop listening for new connections only - temporarily, not permanently (avoids hangs with process_limit=1 - services) -- auth: passdb imap crashed for non-login authentication (e.g. smtp). - - -* Mon Feb 20 2012 Michal Hlavinka - 1:2.1.0-1 -- updated to 2.1.0 (no major changes since .rc6) -- include pigeonhole doc files (NEWS, README, ...) - -* Tue Feb 14 2012 Michal Hlavinka - 1:2.1-0.7.rc6 -- updated to 2.1.rc6 -- dbox: Fixed error handling when saving failed or was aborted -- IMAP: Using COMPRESS extension may have caused assert-crashes -- IMAP: THREAD REFS sometimes returned invalid (0) nodes. -- dsync: Fixed handling non-ASCII characters in mailbox names. - -* Tue Feb 07 2012 Michal Hlavinka - 1:2.1-0.6.rc5 -- use PrivateTmp in systemd unit file - -* Tue Feb 07 2012 Michal Hlavinka - 1:2.1-0.5.rc5 -- updated to 2.1.rc5 -- director: With >2 directors ring syncing might have stalled during - director connect/disconnect, causing logins to fail. -- LMTP client/proxy: Fixed potential hanging when sending (big) mails -- Compressed mails with external attachments (dbox + SIS + zlib) failed - sometimes with bogus "cached message size wrong" errors. - -* Mon Jan 09 2012 Michal Hlavinka - 1:2.1-0.4.rc3 -- updated to 2.1.rc3 -- dsync was merged into doveadm -- added pop3c (= POP3 client) storage backend - -* Wed Dec 14 2011 Michal Hlavinka - 1:2.1-0.3.rc1 -- allow imap+TLS and pop3+TLS by default - -* Fri Dec 02 2011 Michal Hlavinka - 1:2.1-0.2.rc1 -- call systemd reload in postun - -* Wed Nov 30 2011 Michal Hlavinka - 1:2.1-0.1.rc1 -- updated to 2.1.rc1 -- major changes since 2.0.x: -- plugins now use UTF-8 mailbox names rather than mUTF-7 -- auth_username_format default changed to %%Lu -- solr full text search backend changed to use mailbox GUIDs instead of - mailbox names, requiring reindexing everything - -* Mon Nov 21 2011 Michal Hlavinka - 1:2.0.16-1 -- dovecot updated to 2.0.16 - -* Mon Oct 24 2011 Michal Hlavinka - 1:2.0.15-2 -- do not use obsolete settings in default configuration (#743444) - -* Mon Sep 19 2011 Michal Hlavinka - 1:2.0.15-1 -- dovecot updated to 2.0.15 -- v2.0.14: Index reading could have eaten a lot of memory in some - situations -- mbox: Fixed crash during mail delivery when mailbox didn't yet have - GUID assigned to it. -- zlib+mbox: Fetching last message from compressed mailboxes crashed. - -* Tue Sep 13 2011 Michal Hlavinka - 1:2.0.14-2 -- do not enable insecure connections by default - -* Mon Aug 29 2011 Michal Hlavinka - 1:2.0.14-1 -- dovecot updated to 2.0.14 -- userdb extra fields can now return name+=value to append to an - existing name -- script-login attempted an unnecessary config lookup, which usually - failed with "Permission denied". -- lmtp: Fixed parsing quoted strings with spaces as local-part for - MAIL FROM and RCPT TO. -- imap: FETCH BODY[HEADER.FIELDS (..)] may have crashed or not - returned all data sometimes. -- ldap: Fixed random assert-crashing with with sasl_bind=yes. -- Fixes to handling mail chroots -- Fixed renaming mailboxes under different parent with FS layout when - using separate ALT, INDEX or CONTROL paths. -- zlib: Fixed reading concatenated .gz files. - -* Fri Jul 15 2011 Michal Hlavinka - 1:2.0.13-2 -- do not include sysv init script - -* Thu May 12 2011 Michal Hlavinka - 1:2.0.13-1 -- dovecot updated to 2.0.13 -- mdbox purge: Fixed wrong warning about corrupted extrefs. -- script-login binary wasn't actually dropping privileges to the - user/group/chroot specified by its service settings. -- Fixed potential crashes and other problems when parsing header names - that contained NUL characters. - -* Fri Apr 15 2011 Michal Hlavinka - 1:2.0.12-2 -- pigeonhole updated to 0.2.3, which includes: -- managesieve: fixed bug in UTF-8 checking of string values -- sieve command line tools now avoid initializing the mail store unless necessary -- removed header MIME-decoding to fix erroneous address parsing -- fixed segfault bug in extension configuration, triggered when unknown - extension is mentioned in sieve_extensions setting. - -* Wed Apr 13 2011 Michal Hlavinka - 1:2.0.12-1 -- dbox: Fixes to handling external attachments -- dsync: More fixes to avoid hanging with remote syncs -- dsync: Many other syncing/correctness fixes -- doveconf: v2.0.10 and v2.0.11 didn't output plugin {} section right - -* Mon Mar 28 2011 Michal Hlavinka - 1:2.0.11-5 -- rebuild with new patch - -* Mon Mar 28 2011 Michal Hlavinka - 1:2.0.11-4 -- fix regression in config file parsing (#690401) - -* Wed Mar 23 2011 Dan Horák - 1:2.0.11-3 -- rebuilt for mysql 5.5.10 (soname bump in libmysqlclient) - -* Wed Mar 23 2011 Michal Hlavinka - 1:2.0.11-2 -- rebuild because of updated dependencies - -* Mon Mar 07 2011 Michal Hlavinka - 1:2.0.11-1 -- IMAP: Fixed hangs with COMPRESS extension -- IMAP: Fixed a hang when trying to COPY to a nonexistent mailbox. -- IMAP: Fixed hang/crash with SEARCHRES + pipelining $. -- IMAP: Fixed assert-crash if IDLE+DONE is sent in same TCP packet. - -* Thu Feb 17 2011 Michal Hlavinka - 1:2.0.9-3 -- add missing section to dovecot's systemd service file - -* Tue Feb 08 2011 Fedora Release Engineering - 1:2.0.9-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Thu Jan 13 2011 Michal Hlavinka - 1:2.0.9-1 -- dovecot updated to 2.0.9 -- fixed a high system CPU usage / high context switch count performance problem -- lda: Fixed a crash when trying to send "out of quota" reply - -* Mon Dec 20 2010 Michal Hlavinka - 1:2.0.8-3 -- add full path and check to restorecon in post - -* Tue Dec 07 2010 Michal Hlavinka - 1:2.0.8-2 -- fix s/foobar/dovecot/ typo in post script - -* Tue Dec 07 2010 Michal Hlavinka - 1:2.0.8-1 -- dovecot updated to 2.0.8, pigeonhole updated to 0.2.2 -- services' default vsz_limits weren't being enforced correctly -- added systemd support -- dbox: Fixes to handling external mail attachments -- imap, pop3: When service { client_count } was larger than 1, the - log messages didn't use the correct prefix -- MySQL: Only the first specified host was ever used - -* Mon Nov 29 2010 Michal Hlavinka - 1:2.0.7-3 -- make it work with /var/run on tmpfs (#656577) - -* Tue Nov 23 2010 Michal Hlavinka - 1:2.0.7-2 -- fix regression with valid_chroot_dirs being ignored (#654083) - -* Tue Nov 09 2010 Michal Hlavinka - 1:2.0.7-1 -- dovecot updated to 2.0.7 -- IMAP: Fixed LIST-STATUS when listing subscriptions with subscriptions=no namespaces. -- IMAP: Fixed SELECT QRESYNC not to crash on mailbox close if a lot of changes were being sent. -- quota: Don't count virtual mailboxes in quota -- doveadm expunge didn't always actually do the physical expunging -- Fixed some index reading optimizations introduced by v2.0.5. -- LMTP proxying fixes - -* Fri Oct 22 2010 Michal Hlavinka - 1:2.0.6-1 -- dovecot updated to 2.0.6 -- Pre-login CAPABILITY includes IDLE again. Mainly to make Blackberry - servers happy. -- auth: auth_cache_negative_ttl default was 0 in earlier v2.0.x, but it - was supposed to be 1 hour as in v1.x. Changed it back to 1h. -- doveadm: Added import command for importing mails from other storages. -- Reduced NFS I/O operations for index file accesses -- dbox, Maildir: When copying messages, copy also already cached fields - from dovecot.index.cache -- Maildir: LDA/LMTP assert-crashed sometimes when saving a mail. -- Fixed leaking fds when writing to dovecot.mailbox.log. -- Fixed rare dovecot.index.cache corruption -- IMAP: SEARCH YOUNGER/OLDER wasn't working correctly - -* Mon Oct 04 2010 Michal Hlavinka - 1:2.0.5-1 -- dovecot updated to 2.0.5 -- acl: Fixed the logic of merging multiple ACL entries -- sdbox: Fixed memory leak when copying messages with hard links. -- zlib: Fixed several crashes, which mainly showed up with mbox. -- quota: Don't crash if user has quota disabled, but plugin loaded. -- acl: Fixed crashing when sometimes listing shared mailboxes via dict proxy. - -* Tue Sep 28 2010 Michal Hlavinka - 1:2.0.4-1 -- dovecot updated to 2.0.4 -- multi-dbox: If :INDEX=path is specified, keep storage/dovecot.map.index* - files also in the index path rather than in the main storage directory. -- dsync: POP3 UIDLs weren't copied with Maildir -- dict file: Fixed fd leak (showed up easily with LMTP + quota) - -* Mon Sep 20 2010 Michal Hlavinka - 1:2.0.3-1 -- dovecot updated to 2.0.3 -- dovecot-lda: Removed use of non-standard Envelope-To: header as - a default for -a -- dsync: Fixed handling \Noselect mailboxes -- Fixed an infinite loop introduced by v2.0.2's message parser changes. -- Fixed a crash introduced by v2.0.2's istream-crlf changes. - -* Thu Sep 16 2010 Michal Hlavinka - 1:2.0.2-1 -- dovecot updated -- vpopmail support is disabled for now, since it's broken. You can use - it via checkpassword support or its sql/ldap database directly. -- maildir: Fixed "duplicate uidlist entry" errors that happened at - least with LMTP when mail was delivered to multiple recipients -- Deleting ACLs didn't cause entries to be removed from acl_shared_dict -- mail_max_lock_timeout setting wasn't working with all locks - -* Wed Aug 25 2010 Michal Hlavinka - 1:2.0.1-1 -- dovecot and pigeonhole updated -- sieve: sieved renamed to sieve-dump -- when dsync is started as root, remote dsync command is now also executed - as root instead of with dropped privileges. -- IMAP: QRESYNC parameters for SELECT weren't handled correctly. -- UTF-8 string validity checking wasn't done correctly -- dsync: Fixed a random assert-crash with remote dsyncing - -* Tue Aug 17 2010 Michal Hlavinka - 1:2.0-1 -- dovecot and pigeonhole updated -- dict quota didn't always decrease quota when messages were expunged -- Shared INBOX wasn't always listed with FS layout - -* Wed Aug 11 2010 Michal Hlavinka - 1:2.0-0.21.rc5 -- dovecot and pigeonhole updated -- Using more than 2 plugins could have caused broken behavior -- Listescape plugin fixes -- mbox: Fixed a couple of assert-crashes -- mdbox: Fixed potential assert-crash when saving multiple messages - in one transaction - -* Thu Aug 05 2010 Michal Hlavinka - 1:2.0-0.20.rc4 -- dovecot and pigeonhole updated -- doveadm mailbox status: Fixed listing non-ASCII mailbox names. -- doveadm fetch: Fixed output when fetching message header or body -- doveadm director map/add/remove: Fixed handling IP address as parameter. -- dsync: A few more fixes - -* Wed Jul 21 2010 Michal Hlavinka - 1:2.0-0.19.rc3 -- dovecot and pigeonhole updated -- fixed lda + sieve crash -- added mail_temp_dir setting, used by deliver and lmtp for creating - temporary mail files. Default is /tmp. -- imap: Fixed checking if list=children namespace has children. -- mdbox: Race condition fixes related to copying and purging - -* Fri Jul 16 2010 Michal Hlavinka - 1:2.0-0.18.rc2.20100716 -- dovecot and pigeonhole updated -- enabled pigeonhole's build time test suite -- acl: Fixed crashon FS layout with non-default hierarchy separator -- dbox renamed to sdbox -- dsync fixes and improvements - -* Mon Jul 12 2010 Michal Hlavinka - 1:2.0-0.17.rc2.20100712 -- dovecot and pigeonhole updated -- fixed a crash with empty mail_plugins -- fixed sharing INBOX to other users -- director+LMTP proxy wasn't working correctly -- v1.x config parser failed with some settings if pigeonhole wasn't installed. -- virtual: If non-matching messages weren't expunged within same session, - they never got expunged. - -* Wed Jul 07 2010 Michal Hlavinka - 1:2.0-0.16.rc1.20100707 -- updated dovecot and pigeonhole -- a lot of dsync fixes -- improved (m)dbox recovery - -* Mon Jun 28 2010 Michal Hlavinka - 1:2.0-0.15.beta6.20100626 -- updated dovecot, pigeonhole and man pages -- moved disable_plaintext_auth to 10-auth.conf -- mdbox: Fixed assert-crash on storage rebuild if file got lost -- lib-charset: Don't assert-crash when iconv() skips lots of invalid input -- master: Fixed crash on deinit (maybe also on reload) - -* Thu Jun 10 2010 Michal Hlavinka - 1:2.0-0.14.beta5.20100610 -- dovecot updated -- lib-storage: Fixed accessing uncommitted saved mails with dsync -- example-config: Moved ACL and quota settings to a separate .conf files -- dbox, mdbox: Fixed race conditions when creating mailboxes - -* Mon May 31 2010 Michal Hlavinka - 1:2.0-0.13.beta5.20100529 -- dovecot and pigeonhole updated -- enable solr fulltext search -- master: Fixed crash on config reload -- lib-storage: Don't assert-crash when copying a mail fails - -* Tue May 18 2010 Michal Hlavinka - 1:2.0-0.12.beta5.20100515 -- dovenull is unauthorized user, needs own dovenull group - -* Tue May 18 2010 Michal Hlavinka - 1:2.0-0.11.beta5.20100515 -- fix typo in dovenull username - -* Mon May 17 2010 Michal Hlavinka - 1:2.0-0.9.beta5.20100515 -- pigeonhole and dovecot updated to snapshot 20100515 -- fix crash for THREAD command - -* Wed May 05 2010 Michal Hlavinka - 1:2.0-0.8.beta4.20100505 -- pigeonhole and dovecot updated to snapshot 20100505 -- mdbox: Avoid rebuilding storage if another process already did it -- lib-storage: Fixed () sublists in IMAP SEARCH parser -- example-config: auth-checkpassword include wasn't listed in 10-auth.conf -- doveadm: Added search command -- lib-master: Don't crash after timeouting an auth-master request -- master: If inet listener uses DNS name, which returns multiple IPs, - listen in all of them - -* Wed Apr 28 2010 Michal Hlavinka - 1:2.0-0.7.beta4.20100427 -- updated to snapshot 20100427 -- doveconf now prints only the one setting's value -- mdbox: Automatically delete old temp.* files from storage/ directory -- mdbox: use flock locking by default - -* Wed Apr 21 2010 Michal Hlavinka - 1:2.0-0.6.beta4.20100421 -- updated to snapshot 20100421 -- mdbox: Purge crashed if it purged all messages from a file -- lib-storage: Shared namespace's prefix_len wasn't updated after prefix was truncated -- imap-quota: Iterate quota roots only once when replying to GETQUOTAROOT -- idle: Do cork/uncork when sending "OK Still here" notification -- login: If proxy returns ssl=yes and no port, switch port to imaps/pop3s - -* Wed Apr 14 2010 Michal Hlavinka - 1:2.0-0.5.beta4.20100414 -- add make check -- updated to snapshot 20100414 -- config: Added nn- prefix to *.conf files so the sort ordering makes more sense -- lib-master: Log an error if login client disconnects too early -- mdbox: If purging found corrupted files, it didn't auto-rebuild storage -- lib-storage: Added support for searching save date -- and more... -- pigeonhole updated: -- Mailbox extension: fixed memory leak in the mailboxexists test -- added login failure handler - -* Tue Apr 06 2010 Michal Hlavinka - 1:2.0-0.4.beta4.20100406 -- updated to snapshot 20100406 -- auth: If userdb lookup fails internally, don't cache the result. -- Added support for userdb lookup to fail with a reason -- sdbox: mailbox_update() could have changed UIDVALIDITY incorrectly -- layout=maildir++: Fixed deleting mailboxes with mailbox=file storages -- Fixed potential problems with parsing invalid address groups. -- dsync: Don't repeatedly try to keep opening the same failing mailbox -- lib-storage: Don't crash if root mail directory isn't given. - -* Tue Mar 30 2010 Michal Hlavinka - 1:2.0-0.3.beta4.20100330 -- fix certs location in ssl.conf - -* Mon Mar 29 2010 Michal Hlavinka - 1:2.0-0.2.beta4.aefa279e2c70 -- update to snapshot aefa279e2c70 from 2010-03-27 -- fixes complains about missing tcpwrap (#577426) - -* Thu Mar 25 2010 Michal Hlavinka - 1:2.0-0.1.beta4 -- dovecot updated to 2.0 beta 4 - -* Fri Mar 12 2010 Michal Hlavinka - 1:1.2.11-2 -- fix missing bzip2 support in zlib plugin (#572797) - -* Tue Mar 09 2010 Michal Hlavinka - 1:1.2.11-1 -- updated to 1.2.11 -- mbox: Message header reading was unnecessarily slow. Fetching a - huge header could have resulted in Dovecot eating a lot of CPU. - Also searching messages was much slower than necessary. -- maildir: Reading uidlist could have ended up in an infinite loop. -- IMAP IDLE: v1.2.7+ caused extra load by checking changes every - 0.5 seconds after a change had occurred in mailbox - -* Tue Feb 23 2010 Michal Hlavinka - 1:1.2.10-4 -- move libs to correct package - -* Fri Feb 19 2010 Michal Hlavinka - 1:1.2.10-3 -- merged dovecot-sieve and dovecot-managesieve into dovecot-pigeonhole -- merged dovecot-sqlite, dovecot-gssapi and dovecot-ldap into dovecot - -* Mon Jan 25 2010 Michal Hlavinka - 1:1.2.10-2 -- updated sive and managesieve -- Added preliminary support for Sieve plugins and added support for - installing Sieve development headers -- Variables extension: added support for variable namespaces. -- Added configurable script size limit. Compiler will refuse to - compile files larger than sieve_max_script_size. -- Fixed a bug in the i;ascii-numeric comparator. If one of the - strings started with a non-digit character, the comparator would - always yield less-than. -- Imap4flags extension: fixed bug in removeflag: removing a single - flag failed due to off-by-one error (bug report by Julian Cowley). -- Fixed parser recovery. In particular cases it would trigger spurious - errors after an initial valid error and sometimes additional errors - were inappropriately ignored. -- Implemented ManageSieve QUOTA enforcement. -- Added MAXREDIRECTS capability after login. -- Implemented new script name rules specified in most recent - ManageSieve draft. -- Fixed assertion failure occuring with challenge-response SASL - mechanisms. - -* Mon Jan 25 2010 Michal Hlavinka - 1:1.2.10-1 -- updated to 1.2.10 -- %%variables now support %%{host}, %%{pid} and %%{env:ENVIRONMENT_NAME} - everywhere. -- LIST-STATUS capability is now advertised -- maildir: Fixed several assert-crashes. -- imap: LIST "" inbox shouldn't crash when using namespace with - "INBOX." prefix. -- lazy_expunge now ignores non-private namespaces. - -* Tue Dec 22 2009 Michal Hlavinka - 1:1.2.9-2 -- sieve updated to 0.1.14 -- managesieve updated to 0.11.10 - -* Fri Dec 18 2009 Michal Hlavinka - 1:1.2.9-1 -- updated to 1.2.9 -- maildir: When saving, filenames now always contain ,S=. - Previously this was done only when quota plugin was loaded. It's - required for zlib plugin and may be useful for other things too. -- maildir: v1.2.7 and v1.2.8 caused assert-crashes in - maildir_uidlist_records_drop_expunges() -- maildir_copy_preserve_filename=yes could have caused crashes. -- Maildir++ quota: % limits weren't updated when limits were read - from maildirsize. -- virtual: v1.2.8 didn't fully fix the "lots of mailboxes" bug -- virtual: Fixed updating virtual mailbox based on flag changes. -- fts-squat: Fixed searching multi-byte characters. - -* Wed Nov 25 2009 Michal Hlavinka - 1:1.2.8-4 -- spec cleanup - -* Tue Nov 24 2009 Michal Hlavinka - 1:1.2.8-3 -- fix dovecot's restart after update (#518753) - -* Tue Nov 24 2009 Michal Hlavinka - 1:1.2.8-2 -- fix initdddir typo (for rhel rebuilds) - -* Fri Nov 20 2009 Michal Hlavinka - 1:1.2.8-1 -- update to dovecot 1.2.8 - -* Mon Nov 16 2009 Michal Hlavinka - 1:1.2.7-2 -- use originall managesieve to dovecot diff -- EPEL-ize spec for rhel5 rebuilds (#537666) - -* Fri Nov 13 2009 Michal Hlavinka - 1:1.2.7-1 -- updated to dovecot 1.2.7 -- add man pages -- IMAP: IDLE now sends "Still here" notifications to same user's - connections at the same time. This hopefully reduces power usage - of some mobile clients that use multiple IDLEing connections. -- IMAP: If imap_capability is set, show it in the login banner. -- IMAP: Implemented SORT=DISPLAY extension. -- Login process creation could have sometimes failed with epoll_ctl() - errors or without epoll probably some other strange things could - have happened. -- Maildir: Fixed some performance issues -- Maildir: Fixed crash when using a lot of keywords. -- Several fixes to QRESYNC extension and modseq handling -- mbox: Make sure failed saves get rolled back with NFS. -- dbox: Several fixes. - -* Mon Nov 02 2009 Michal Hlavinka - 1:1.2.6-5 -- spec cleanup - -* Wed Oct 21 2009 Michal Hlavinka - 1:1.2.6-4 -- imap-login: If imap_capability is set, show it in the banner - instead of the default (#524485) - -* Mon Oct 19 2009 Michal Hlavinka - 1:1.2.6-3 -- sieve updated to 0.1.13 which brings these changes: -- Body extension: implemented proper handling of the :raw transform - and added various new tests to the test suite. However, :content - "multipart" and :content "message/rfc822" are still not working. -- Fixed race condition occuring when multiple instances are saving the - same binary (patch by Timo Sirainen). -- Body extension: don't give SKIP_BODY_BLOCK flag to message parser, - we want the body! -- Fixed bugs in multiscript support; subsequent keep actions were not - always merged correctly and implicit side effects were not always - handled correctly. -- Fixed a segfault bug in the sieve-test tool occuring when compile - fails. -- Fixed segfault bug in action procesing. It was triggered while - merging side effects in duplicate actions. -- Fixed bug in the Sieve plugin that caused it to try to stat() a NULL - path, yielding a 'Bad address' error. - -* Fri Oct 09 2009 Michal Hlavinka - 1:1.2.6-2 -- fix init script for case when no action was specified - -* Tue Oct 06 2009 Michal Hlavinka - 1:1.2.6-1 -- dovecot updated to 1.2.6 -- Added authtest utility for doing passdb and userdb lookups. -- login: ssl_security string now also shows the used compression. -- quota: Don't crash with non-Maildir++ quota backend. -- imap proxy: Fixed crashing with some specific password characters. -- fixed broken dovecot --exec-mail. -- Avoid assert-crashing when two processes try to create index at the - same time. - -* Tue Sep 29 2009 Michal Hlavinka - 1:1.2.5-2 -- build with libcap enabled - -* Thu Sep 17 2009 Michal Hlavinka - 1:1.2.5-1 -- updated to dovecot 1.2.5 -- Authentication: DIGEST-MD5 and RPA mechanisms no longer require - user's login realm to be listed in auth_realms. It only made - configuration more difficult without really providing extra security. -- zlib plugin: Don't allow clients to save compressed data directly. - This prevents users from exploiting (most of the) potential security - holes in zlib/bzlib. -- fix index file handling that could have caused an assert-crash -- IMAP: Fixes to QRESYNC extension. -- deliver: Don't send rejects to any messages that have Auto-Submitted - header. This avoids emails loops. - -* Wed Sep 16 2009 Tomas Mraz - 1:1.2.4-3 -- use password-auth common PAM configuration instead of system-auth - -* Fri Aug 21 2009 Tomas Mraz - 1:1.2.4-2 -- rebuilt with new openssl - -* Fri Aug 21 2009 Michal Hlavinka - 1:1.2.4-1 -- updated: dovecot 1.2.4, managesieve 0.11.9, sieve 0.1.12 -- fixed a crash in index file handling -- fixed a crash in saving messages where message contained a CR - character that wasn't followed by LF -- fixed a crash when listing shared namespace prefix -- sieve: implemented the new date extension. This allows matching - against date values in header fields and the current date at - the time of script evaluation -- managesieve: reintroduced ability to abort SASL with "*" response - -* Mon Aug 10 2009 Michal Hlavinka - 1:1.2.3-1 -- updated: dovecot 1.2.3, managesieve 0.11.8, sieve 0.1.11 -- Mailbox names with control characters can't be created anymore. - Existing mailboxes can still be accessed though. -- Allow namespace prefix to be opened as mailbox, if a mailbox - already exists in the root dir. -- Maildir: dovecot-uidlist was being recreated every time a mailbox - was accessed, even if nothing changed. -- listescape plugin was somewhat broken -- ldap: Fixed hang when >128 requests were sent at once. -- fts_squat: Fixed crashing when searching virtual mailbox. -- imap: Fixed THREAD .. INTHREAD crashing. - -* Tue Jul 28 2009 Michal Hlavinka - 1:1.2.2-1.20090728snap -- updated to post 1.2.2 snapshot (including post release GSSAPI fix) -- Fixed "corrupted index cache file" errors -- IMAP: FETCH X-* parameters weren't working. -- Maildir++ quota: Quota was sometimes updated wrong -- Dovecot master process could hang if it received signals too rapidly - -* Fri Jul 24 2009 Fedora Release Engineering - 1:1.2.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Thu Jul 23 2009 Michal Hlavinka - 1:1.2.1-2 -- updated sieve plugin to 0.1.9 - -* Mon Jul 13 2009 Michal Hlavinka - 1:1.2.1-1 -- updated to 1.2.1 -- GSSAPI authentication is fixed (#506782) -- logins now fail if home directory path is relative, because it was - not working correctly and never was expected to work -- sieve and managesieve update - -* Mon Apr 20 2009 Michal Hlavinka - 1:1.2-0.rc3.1 -- updated to 1.2.rc3 - -* Mon Apr 06 2009 Michal Hlavinka - 1:1.2-0.rc2.1 -- updated to 1.2.rc2 - -* Mon Mar 30 2009 Michal Hlavinka - 1:1.2-0.beta4.2 -- fix typo and rebuild - -* Mon Mar 30 2009 Michal Hlavinka - 1:1.2-0.beta4.1 -- spec clean-up -- updated to 1.2.beta4 - -* Tue Feb 24 2009 Fedora Release Engineering - 1:1.1.11-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Wed Feb 11 2009 Michal Hlavinka - 1:1.1.11-1 -- updated to 1.1.11 -- IMAP: PERMANENTFLAGS list didn't contain \*, causing some clients - not to save keywords. -- auth: Using "username" or "domain" passdb fields caused problems - with cache and blocking passdbs in v1.1.8 .. v1.1.10. -- userdb prefetch + blocking passdbs was broken with non-plaintext - auth in v1.1.8 .. v1.1.10. - -* Tue Jan 27 2009 Michal Hlavinka - 1:1.1.10-1 -- updated to 1.1.10 - -* Sat Jan 24 2009 Dan Horak - 1:1.1.8-3 -- rebuild with new mysql - -* Tue Jan 13 2009 Michal Hlavinka - 1:1.1.8-2 -- added managesieve support (thanks Helmut K. C. Tessarek) - -* Thu Jan 8 2009 Michal Hlavinka - 1:1.1.8-1 -- dovecot updated to 1.1.8 -- sieve-plugin updated to 1.1.6 - -* Tue Dec 2 2008 Michal Hlavinka - 1:1.1.7-2 -- revert changes from 1:1.1.6-2 and 1:1.1.6-1 -- password can be stored in different file readable only for root - via !include_try directive - -* Tue Dec 2 2008 Michal Hlavinka - 1:1.1.7-1 -- update to upstream version 1.1.7 - -* Mon Nov 3 2008 Michal Hlavinka - 1:1.1.6-2 -- changed comment in sysconfig to match actual state - -* Mon Nov 3 2008 Michal Hlavinka - 1:1.1.6-1 -- update to upstream version 1.1.6 -- change permissions of deliver and dovecot.conf to prevent possible password exposure - -* Wed Oct 29 2008 Michal Hlavinka - 1:1.1.5-1 -- update to upstream version 1.1.5 (Resolves: CVE-2008-4577, CVE-2008-4578) - -* Tue Sep 2 2008 Dan Horak - 1:1.1.3-1 -- update to upstream version 1.1.3 - -* Tue Jul 29 2008 Dan Horak - 1:1.1.2-2 -- really ask for the password during start-up - -* Tue Jul 29 2008 Dan Horak - 1:1.1.2-1 -- update to upstream version 1.1.2 -- final solution for #445200 (add /etc/sysconfig/dovecot for start-up options) - -* Fri Jun 27 2008 Dan Horak - 1:1.1.1-2 -- update default settings to listen on both IPv4 and IPv6 instead of IPv6 only - -* Sun Jun 22 2008 Dan Horak - 1:1.1.1-1 -- update to upstream version 1.1.1 - -* Sat Jun 21 2008 Dan Horak - 1:1.1.0-1 -- update to upstream version 1.1.0 -- update sieve plugin to 1.1.5 -- remove unnecessary patches -- enable ldap and gssapi plugins -- change ownership of dovecot.conf (Resolves: #452088) - -* Wed Jun 18 2008 Dan Horak - 1:1.0.14-4 -- update init script (Resolves: #451838) - -* Fri Jun 6 2008 Dan Horak - 1:1.0.14-3 -- build devel subpackage (Resolves: #306881) - -* Thu Jun 5 2008 Dan Horak - 1:1.0.14-2 -- install convert-tool (Resolves: #450010) - -* Tue Jun 3 2008 Dan Horak - 1:1.0.14-1 -- update to upstream version 1.0.14 -- remove setcred patch (use of setcred must be explictly enabled in config) - -* Thu May 29 2008 Dan Horak - 1:1.0.13-8 -- update scriptlets to follow UsersAndGroups guideline -- remove support for upgrading from version < 1.0 from scriptlets -- Resolves: #448095 - -* Tue May 20 2008 Dan Horak - 1:1.0.13-7 -- spec file cleanup -- update sieve plugin to 1.0.3 -- Resolves: #445200, #238018 - -* Sun Mar 09 2008 Tomas Janousek - 1:1.0.13-6 -- update to latest upstream stable (1.0.13) - -* Wed Feb 20 2008 Fedora Release Engineering - 1:1.0.10-5 -- Autorebuild for GCC 4.3 - -* Mon Jan 07 2008 Tomas Janousek - 1:1.0.10-4 -- update to latest upstream stable (1.0.10) - -* Wed Dec 05 2007 Jesse Keating - 1:1.0.7-3 -- Bump for deps - -* Mon Nov 05 2007 Tomas Janousek - 1:1.0.7-2 -- update to latest upstream stable (1.0.7) -- added the winbind patch (#286351) - -* Tue Sep 25 2007 Tomas Janousek - 1:1.0.5-1 -- downgraded to lastest upstream stable (1.0.5) - -* Wed Aug 22 2007 Tomas Janousek - 1.1-16.1.alpha3 -- updated license tags - -* Mon Aug 13 2007 Tomas Janousek - 1.1-16.alpha3 -- updated to latest upstream alpha -- update dovecot-sieve to 0367450c9382 from hg - -* Fri Aug 10 2007 Tomas Janousek - 1.1-15.alpha2 -- updated to latest upstream alpha -- split ldap and gssapi plugins to subpackages - -* Wed Jul 25 2007 Tomas Janousek - 1.1-14.6.hg.a744ae38a9e1 -- update to a744ae38a9e1 from hg -- update dovecot-sieve to 131e25f6862b from hg and enable it again - -* Thu Jul 19 2007 Tomas Janousek - 1.1-14.5.alpha1 -- update to latest upstream alpha -- don't build dovecot-sieve, it's only for 1.0 - -* Sun Jul 15 2007 Tomas Janousek - 1.0.2-13.5 -- update to latest upstream - -* Mon Jun 18 2007 Tomas Janousek - 1.0.1-12.5 -- update to latest upstream - -* Fri Jun 08 2007 Tomas Janousek - 1.0.0-11.7 -- specfile merge from 145241 branch - - new sql split patch - - support for not building all sql modules - - split sql libraries to separate packages - -* Sat Apr 14 2007 Tomas Janousek - 1.0.0-11.1 -- dovecot-1.0.beta2-pam-tty.patch is no longer needed - -* Fri Apr 13 2007 Tomas Janousek - 1.0.0-11 -- update to latest upstream - -* Tue Apr 10 2007 Tomas Janousek - 1.0-10.rc31 -- update to latest upstream - -* Fri Apr 06 2007 Tomas Janousek - 1.0-9.rc30 -- update to latest upstream - -* Fri Mar 30 2007 Tomas Janousek - 1.0-8.1.rc28 -- spec file cleanup (fixes docs path) - -* Fri Mar 23 2007 Tomas Janousek - 1.0-8.rc28 -- update to latest upstream - -* Mon Mar 19 2007 Tomas Janousek - 1.0-7.rc27 -- use dovecot-sieve's version for the package - -* Mon Mar 19 2007 Tomas Janousek - 1.0-6.rc27 -- update to latest upstream -- added dovecot-sieve - -* Fri Mar 02 2007 Tomas Janousek - 1.0-5.rc25 -- update to latest upstream - -* Sun Feb 25 2007 Jef Spaleta - 1.0-4.rc22 -- Merge review changes - -* Thu Feb 08 2007 Tomas Janousek - 1.0-3.rc22 -- update to latest upstream, fixes a few bugs - -* Mon Jan 08 2007 Tomas Janousek - 1.0-2.rc17 -- update to latest upstream, fixes a few bugs - -* Thu Dec 21 2006 Tomas Janousek - 1.0-1.1.rc15 -- reenabled GSSAPI (#220377) - -* Tue Dec 05 2006 Tomas Janousek - 1.0-1.rc15 -- update to latest upstream, fixes a few bugs, plus a security - vulnerability (#216508, CVE-2006-5973) - -* Tue Oct 10 2006 Petr Rockai - 1.0-0.3.rc7 -- fix few inconsistencies in specfile, fixes #198940 - -* Wed Oct 04 2006 Petr Rockai - 1.0-0.2.rc7 -- fix default paths in the example mkcert.sh to match configuration - defaults (fixes #183151) - -* Sun Oct 01 2006 Jesse Keating - 1.0-0.1.rc7 -- rebuilt for unwind info generation, broken in gcc-4.1.1-21 - -* Fri Sep 22 2006 Petr Rockai - 1.0-0.rc7 -- update to latest upstream release candidate, should fix occasional - hangs and mbox issues... INBOX. namespace is still broken though -- do not run over symlinked certificates in new locations on upgrade - -* Tue Aug 15 2006 Petr Rockai - 1.0-0.rc2.2 -- include /var/lib/dovecot in the package, prevents startup failure - on new installs - -* Mon Jul 17 2006 Petr Rockai - 1.0-0.rc2.1 -- reenable inotify and see what happens - -* Thu Jul 13 2006 Petr Rockai - 1.0-0.rc2 -- update to latest upstream release candidate -- disable inotify for now, doesn't build -- this needs fixing though - -* Wed Jul 12 2006 Jesse Keating - 1.0-0.beta8.2.1 -- rebuild - -* Thu Jun 08 2006 Petr Rockai - 1.0-0.beta8.2 -- put back pop3_uidl_format default that got lost - in the beta2->beta7 upgrade (would cause pop3 to not work - at all in many situations) - -* Thu May 04 2006 Petr Rockai - 1.0-0.beta8.1 -- upgrade to latest upstream beta release (beta8) -- contains a security fix in mbox handling - -* Thu May 04 2006 Petr Rockai - 1.0-0.beta7.1 -- upgrade to latest upstream beta release -- fixed BR 173048 - -* Fri Mar 17 2006 Petr Rockai - 1.0-0.beta2.8 -- fix sqlite detection in upstream configure checks, second part - of #182240 - -* Wed Mar 8 2006 Bill Nottingham - 1.0-0.beta2.7 -- fix scriplet noise some more - -* Mon Mar 6 2006 Jeremy Katz - 1.0-0.beta2.6 -- fix scriptlet error (mitr, #184151) - -* Mon Feb 27 2006 Petr Rockai - 1.0-0.beta2.5 -- fix #182240 by looking in lib64 for libs first and then lib -- fix comment #1 in #182240 by copying over the example config files - to documentation directory - -* Fri Feb 10 2006 Jesse Keating - 1.0-0.beta2.4.1 -- bump again for double-long bug on ppc(64) - -* Thu Feb 09 2006 Petr Rockai - 1.0-0.beta2.4 -- enable inotify as it should work now (#179431) - -* Tue Feb 07 2006 Jesse Keating - 1.0-0.beta2.3.1 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Thu Feb 02 2006 Petr Rockai - 1.0-0.beta2.3 -- change the compiled-in defaults and adjust the default's configfile - commented-out example settings to match compiled-in defaults, - instead of changing the defaults only in the configfile, as per #179432 -- fix #179574 by providing a default uidl_format for pop3 -- half-fix #179620 by having plaintext auth enabled by default... this - needs more thinking (which one we really want) and documentation - either way - -* Tue Jan 31 2006 Petr Rockai - 1.0-0.beta2.2 -- update URL in description -- call dovecot --build-ssl-parameters in postinst as per #179430 - -* Mon Jan 30 2006 Petr Rockai - 1.0-0.beta2.1 -- fix spec to work with BUILD_DIR != SOURCE_DIR -- forward-port and split pam-nocred patch - -* Mon Jan 23 2006 Petr Rockai - 1.0-0.beta2 -- new upstream version, hopefully fixes #173928, #163550 -- fix #168866, use install -p to install documentation - -* Fri Dec 09 2005 Jesse Keating -- rebuilt - -* Sat Nov 12 2005 Tom Lane - 0.99.14-10.fc5 -- Rebuild due to mysql update. - -* Wed Nov 9 2005 Tomas Mraz - 0.99.14-9.fc5 -- rebuilt with new openssl - -* Fri Sep 30 2005 Tomas Mraz - 0.99.14-8.fc5 -- use include instead of pam_stack in pam config - -* Wed Jul 27 2005 John Dennis - 0.99.14-7.fc5 -- fix bug #150888, log authenication failures with ip address - -* Fri Jul 22 2005 John Dennis - 0.99.14-6.fc5 -- fix bug #149673, add dummy PAM_TTY - -* Thu Apr 28 2005 John Dennis - 0.99.14-5.fc4 -- fix bug #156159 insecure location of restart flag file - -* Fri Apr 22 2005 John Dennis - 0.99.14-4.fc4 -- openssl moved its certs, CA, etc. from /usr/share/ssl to /etc/pki - -* Tue Apr 12 2005 Tom Lane 0.99.14-3.fc4 -- Rebuild for Postgres 8.0.2 (new libpq major version). - -* Mon Mar 7 2005 John Dennis 0.99.14-2.fc4 -- bump rev for gcc4 build - -* Mon Feb 14 2005 John Dennis - 0.99.14-1.fc4 -- fix bug #147874, update to 0.99.14 release - v0.99.14 2005-02-11 Timo Sirainen - - Message address fields are now parsed differently, fixing some - issues with spaces. Affects only clients which use FETCH ENVELOPE - command. - - Message MIME parser was somewhat broken with missing MIME boundaries - - mbox: Don't allow X-UID headers in mails to override the UIDs we - would otherwise set. Too large values can break some clients and - cause other trouble. - - passwd-file userdb wasn't working - - PAM crashed with 64bit systems - - non-SSL inetd startup wasn't working - - If UID FETCH notices and skips an expunged message, don't return - a NO reply. It's not needed and only makes clients give error - messages. - -* Wed Feb 2 2005 John Dennis - 0.99.13-4.devel -- fix bug #146198, clean up temp kerberos tickets - -* Mon Jan 17 2005 John Dennis 0.99.13-3.devel -- fix bug #145214, force mbox_locks to fcntl only -- fix bug #145241, remove prereq on postgres and mysql, allow rpm auto - dependency generator to pick up client lib dependency if needed. - -* Thu Jan 13 2005 John Dennis 0.99.13-2.devel -- make postgres & mysql conditional build -- remove execute bit on migration example scripts so rpm does not pull - in additional dependences on perl and perl modules that are not present - in dovecot proper. -- add REDHAT-FAQ.txt to doc directory - -* Thu Jan 6 2005 John Dennis 0.99.13-1.devel -- bring up to date with latest upstream, 0.99.13, bug #143707 - also fix bug #14462, bad dovecot-uid macro name - -* Thu Jan 6 2005 John Dennis 0.99.11-10.devel -- fix bug #133618, removed LITERAL+ capability from capability string - -* Wed Jan 5 2005 John Dennis 0.99.11-9.devel -- fix bug #134325, stop dovecot during installation - -* Wed Jan 5 2005 John Dennis 0.99.11-8.devel -- fix bug #129539, dovecot starts too early, - set chkconfig to 65 35 to match cyrus-imapd -- also delete some old commented out code from SSL certificate creation - -* Thu Dec 23 2004 John Dennis 0.99.11-7.devel -- add UW to Dovecot migration documentation and scripts, bug #139954 - fix SSL documentation and scripts, add missing documentation, bug #139276 - -* Mon Nov 15 2004 Warren Togami 0.99.11-2.FC4.1 -- rebuild against MySQL4 - -* Thu Oct 21 2004 John Dennis -- fix bug #136623 - Change License field from GPL to LGPL to reflect actual license - -* Thu Sep 30 2004 John Dennis 0.99.11-1.FC3.3 -- fix bug #124786, listen to ipv6 as well as ipv4 - -* Wed Sep 8 2004 John Dennis 0.99.11-1.FC3.1 -- bring up to latest upstream, - comments from Timo Sirainen on release v0.99.11 2004-09-04 - + 127.* and ::1 IP addresses are treated as secured with - disable_plaintext_auth = yes - + auth_debug setting for extra authentication debugging - + Some documentation and error message updates - + Create PID file in /var/run/dovecot/master.pid - + home setting is now optional in static userdb - + Added mail setting to static userdb - - After APPENDing to selected mailbox Dovecot didn't always notice the - new mail immediately which broke some clients - - THREAD and SORT commands crashed with some mails - - If APPENDed mail ended with CR character, Dovecot aborted the saving - - Output streams sometimes sent data duplicated and lost part of it. - This could have caused various strange problems, but looks like in - practise it rarely caused real problems. - -* Wed Aug 4 2004 John Dennis -- change release field separator from comma to dot, bump build number - -* Mon Aug 2 2004 John Dennis 0.99.10.9-1,FC3,1 -- bring up to date with latest upstream, fixes include: -- LDAP support compiles now with Solaris LDAP library -- IMAP BODY and BODYSTRUCTURE replies were wrong for MIME parts which - didn't contain Content-Type header. -- MySQL and PostgreSQL auth didn't reconnect if connection was lost - to SQL server -- Linking fixes for dovecot-auth with some systems -- Last fix for disconnecting client when downloading mail longer than - 30 seconds actually made it never disconnect client. Now it works - properly: disconnect when client hasn't read _any_ data for 30 - seconds. -- MySQL compiling got broken in last release -- More PostgreSQL reconnection fixing - - -* Mon Jul 26 2004 John Dennis 0.99.10.7-1,FC3,1 -- enable postgres and mySQL in build -- fix configure to look for mysql in alternate locations -- nuke configure script in tar file, recreate from configure.in using autoconf - -- bring up to latest upstream, which included: -- Added outlook-pop3-no-nuls workaround to fix Outlook hang in mails with NULs. -- Config file lines can now contain quoted strings ("value ") -- If client didn't finish downloading a single mail in 30 seconds, - Dovecot closed the connection. This was supposed to work so that - if client hasn't read data at all in 30 seconds, it's disconnected. -- Maildir: LIST now doesn't skip symlinks - - -* Wed Jun 30 2004 John Dennis -- bump rev for build -- change rev for FC3 build - -* Fri Jun 25 2004 John Dennis - 0.99.10.6-1 -- bring up to date with upstream, - recent change log comments from Timo Sirainen were: - SHA1 password support using OpenSSL crypto library - mail_extra_groups setting - maildir_stat_dirs setting - Added NAMESPACE capability and command - Autocreate missing maildirs (instead of crashing) - Fixed occational crash in maildir synchronization - Fixed occational assertion crash in ioloop.c - Fixed FreeBSD compiling issue - Fixed issues with 64bit Solaris binary - -* Tue Jun 15 2004 Elliot Lee -- rebuilt - -* Thu May 27 2004 David Woodhouse 0.99.10.5-1 -- Update to 0.99.10.5 to fix maildir segfaults (#123022) - -* Fri May 07 2004 Warren Togami 0.99.10.4-4 -- default auth config that is actually usable -- Timo Sirainen (author) suggested functionality fixes - maildir, imap-fetch-body-section, customflags-fix - -* Mon Feb 23 2004 Tim Waugh -- Use ':' instead of '.' as separator for chown. - -* Tue Feb 17 2004 Jeremy Katz - 0.99.10.4-3 -- restart properly if it dies (#115594) - -* Fri Feb 13 2004 Elliot Lee -- rebuilt - -* Mon Nov 24 2003 Jeremy Katz 0.99.10.4-1 -- update to 0.99.10.4 - -* Mon Oct 6 2003 Jeremy Katz 0.99.10-7 -- another patch from upstream to fix returning invalid data on partial - BODY[part] fetches -- patch to avoid confusion of draft/deleted in indexes - -* Tue Sep 23 2003 Jeremy Katz 0.99.10-6 -- add some patches from upstream (#104288) - -* Thu Sep 4 2003 Jeremy Katz 0.99.10-5 -- fix startup with 2.6 with patch from upstream (#103801) - -* Tue Sep 2 2003 Jeremy Katz 0.99.10-4 -- fix assert in search code (#103383) - -* Tue Jul 22 2003 Nalin Dahyabhai 0.99.10-3 -- rebuild - -* Thu Jul 17 2003 Bill Nottingham 0.99.10-2 -- don't run by default - -* Thu Jun 26 2003 Jeremy Katz 0.99.10-1 -- 0.99.10 - -* Mon Jun 23 2003 Jeremy Katz 0.99.10-0.2 -- 0.99.10-rc2 (includes ssl detection fix) -- a few tweaks from fedora - - noreplace the config file - - configure --with-ldap to get LDAP enabled - -* Mon Jun 23 2003 Jeremy Katz 0.99.10-0.1 -- 0.99.10-rc1 -- add fix for ssl detection -- add zlib-devel to BuildRequires -- change pam service name to dovecot -- include pam config - -* Thu May 8 2003 Jeremy Katz 0.99.9.1-1 -- update to 0.99.9.1 -- add patch from upstream to fix potential bug when fetching with - CR+LF linefeeds -- tweak some things in the initscript and config file noticed by the - fedora folks - -* Sun Mar 16 2003 Jeremy Katz 0.99.8.1-2 -- fix ssl dir -- own /var/run/dovecot/login with the correct perms -- fix chmod/chown in post - -* Fri Mar 14 2003 Jeremy Katz 0.99.8.1-1 -- update to 0.99.8.1 - -* Tue Mar 11 2003 Jeremy Katz 0.99.8-2 -- add a patch to fix quoting problem from CVS - -* Mon Mar 10 2003 Jeremy Katz 0.99.8-1 -- 0.99.8 -- add some buildrequires -- fixup to build with openssl 0.9.7 -- now includes a pop3 daemon (off by default) -- clean up description and %%preun -- add dovecot user (uid/gid of 97) -- add some buildrequires -- move the ssl cert to %%{_datadir}/ssl/certs -- create a dummy ssl cert in %%post -- own /var/run/dovecot -- make the config file a source so we get default mbox locks of fcntl - -* Sun Dec 1 2002 Seth Vidal -- 0.99.4 and fix startup so it starts imap-master not vsftpd :) - -* Tue Nov 26 2002 Seth Vidal -- first build diff --git a/sources b/sources index a62fbdb..490e720 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.21.1.tar.gz) = 9de6ce3a579ef2040248b692874a6d64a732bb735a9cee3144604927cad49690c4b0e29f7ecf3af23190d56f30956d955d13acd5d352534df62fbdfde4b60f9f -SHA512 (dovecot-2.3-pigeonhole-0.5.21.1.tar.gz) = 7387b417611599fe70d1a83d3b408321e66f5a883bf78a9d55c7496b1a17220677daebaefde2061e0d7064fe07c410ecfc64662878bb253ddcd9e128dd83fbaa +SHA512 (dovecot-2.4.1-4.tar.gz) = 4915e9282898a4bce4dc3c9781f9aa849e8a2d5bb89dffc2222b417560eaa0135d66342ef342098a86dd5e9b4e76d41145381b7264144411cf45a6f88ca36698 +SHA512 (dovecot-pigeonhole-2.4.1-4.tar.gz) = 47b9cc62b13d710123389c47d13c104e70b815d683dc6b957e86b57b2f175101d07f462d0fdb0488d6dcdcfbbc137c926825ba9a0d798551576aa7f3c9082100 From dc0e5473d5122d64754550e37a96cc9e349ac437 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 5 Jun 2025 21:06:03 +0200 Subject: [PATCH 136/146] nolibotp patch is still needed --- ...botp.patch => dovecot-2.4.1-nolibotp.patch | 94 ------------------- dovecot.spec | 4 + 2 files changed, 4 insertions(+), 94 deletions(-) rename dovecot-2.3.20-nolibotp.patch => dovecot-2.4.1-nolibotp.patch (77%) diff --git a/dovecot-2.3.20-nolibotp.patch b/dovecot-2.4.1-nolibotp.patch similarity index 77% rename from dovecot-2.3.20-nolibotp.patch rename to dovecot-2.4.1-nolibotp.patch index 4ec0b78..78edc49 100644 --- a/dovecot-2.3.20-nolibotp.patch +++ b/dovecot-2.4.1-nolibotp.patch @@ -1,14 +1,3 @@ -diff -up dovecot-2.3.20/configure.ac.nolibotp dovecot-2.3.20/configure.ac ---- dovecot-2.3.20/configure.ac.nolibotp 2022-12-21 09:49:12.000000000 +0100 -+++ dovecot-2.3.20/configure.ac 2023-02-14 16:54:02.118531016 +0100 -@@ -854,7 +854,6 @@ src/lib-lua/Makefile - src/lib-mail/Makefile - src/lib-master/Makefile - src/lib-program-client/Makefile --src/lib-otp/Makefile - src/lib-dovecot/Makefile - src/lib-sasl/Makefile - src/lib-settings/Makefile diff -up dovecot-2.3.20/src/auth/main.c.nolibotp dovecot-2.3.20/src/auth/main.c --- dovecot-2.3.20/src/auth/main.c.nolibotp 2022-12-21 09:49:12.000000000 +0100 +++ dovecot-2.3.20/src/auth/main.c 2023-02-14 16:54:02.118531016 +0100 @@ -29,65 +18,6 @@ diff -up dovecot-2.3.20/src/auth/main.c.nolibotp dovecot-2.3.20/src/auth/main.c mech_deinit(global_auth_settings); /* allow modules to unregister their dbs/drivers/etc. before freeing -diff -up dovecot-2.3.20/src/auth/Makefile.am.nolibotp dovecot-2.3.20/src/auth/Makefile.am ---- dovecot-2.3.20/src/auth/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100 -+++ dovecot-2.3.20/src/auth/Makefile.am 2023-02-14 16:54:02.118531016 +0100 -@@ -45,7 +45,6 @@ AM_CPPFLAGS = \ - -I$(top_srcdir)/src/lib-sql \ - -I$(top_srcdir)/src/lib-settings \ - -I$(top_srcdir)/src/lib-old-stats \ -- -I$(top_srcdir)/src/lib-otp \ - -I$(top_srcdir)/src/lib-master \ - -I$(top_srcdir)/src/lib-oauth2 \ - -I$(top_srcdir)/src/lib-ssl-iostream \ -@@ -67,7 +66,6 @@ libpassword_la_SOURCES = \ - password-scheme-crypt.c \ - password-scheme-md5crypt.c \ - password-scheme-scram.c \ -- password-scheme-otp.c \ - password-scheme-pbkdf2.c \ - password-scheme-sodium.c - libpassword_la_CFLAGS = $(AM_CPPFLAGS) $(LIBSODIUM_CFLAGS) -@@ -76,7 +74,6 @@ auth_libs = \ - libauth.la \ - libstats_auth.la \ - libpassword.la \ -- ../lib-otp/libotp.la \ - $(AUTH_LUA_LIBS) \ - $(LIBDOVECOT_SQL) - -@@ -95,7 +92,6 @@ libauth_la_SOURCES = \ - auth-client-connection.c \ - auth-master-connection.c \ - auth-policy.c \ -- mech-otp-common.c \ - mech-plain-common.c \ - auth-penalty.c \ - auth-request.c \ -@@ -122,7 +118,6 @@ libauth_la_SOURCES = \ - mech-digest-md5.c \ - mech-external.c \ - mech-gssapi.c \ -- mech-otp.c \ - mech-scram.c \ - mech-apop.c \ - mech-winbind.c \ -@@ -161,7 +156,6 @@ headers = \ - auth-client-connection.h \ - auth-common.h \ - auth-master-connection.h \ -- mech-otp-common.h \ - mech-plain-common.h \ - mech-digest-md5-private.h \ - mech-scram.h \ -@@ -260,7 +254,6 @@ test_libs = \ - test_libpassword_SOURCES = test-libpassword.c - test_libpassword_LDADD = \ - libpassword.la \ -- ../lib-otp/libotp.la \ - $(CRYPT_LIBS) \ - $(LIBDOVECOT_SQL) \ - $(LIBSODIUM_LIBS) \ diff -up dovecot-2.3.20/src/auth/mech.c.nolibotp dovecot-2.3.20/src/auth/mech.c --- dovecot-2.3.20/src/auth/mech.c.nolibotp 2023-02-14 16:55:38.421231797 +0100 +++ dovecot-2.3.20/src/auth/mech.c 2023-02-14 16:55:38.434231892 +0100 @@ -269,27 +199,3 @@ diff -up dovecot-2.3.20/src/auth/test-mech.c.nolibotp dovecot-2.3.20/src/auth/te auths_deinit(); auth_token_deinit(); password_schemes_deinit(); -diff -up dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp dovecot-2.3.20/src/doveadm/Makefile.am ---- dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100 -+++ dovecot-2.3.20/src/doveadm/Makefile.am 2023-02-14 16:54:02.119531023 +0100 -@@ -36,8 +36,7 @@ AM_CPPFLAGS = \ - $(BINARY_CFLAGS) - - cmd_pw_libs = \ -- ../auth/libpassword.la \ -- ../lib-otp/libotp.la -+ ../auth/libpassword.la - - libs = \ - dsync/libdsync.la \ -diff -up dovecot-2.3.20/src/Makefile.am.nolibotp dovecot-2.3.20/src/Makefile.am ---- dovecot-2.3.20/src/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100 -+++ dovecot-2.3.20/src/Makefile.am 2023-02-14 16:54:02.119531023 +0100 -@@ -40,7 +40,6 @@ SUBDIRS = \ - lib-index \ - lib-storage \ - lib-sql \ -- lib-otp \ - lib-lda \ - lib-dict-backend \ - anvil \ diff --git a/dovecot.spec b/dovecot.spec index 8df09a7..0e5b19d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -45,6 +45,9 @@ Patch16: dovecot-2.4.1-opensslhmac3.patch Patch17: dovecot-2.3.15-fixvalcond.patch Patch18: dovecot-2.3.15-valbasherr.patch +# Fedora/RHEL specific, drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes +Patch23: dovecot-2.4.1-nolibotp.patch + Patch24: dovecot-2.3-ph_optglob.patch Patch25: dovecot-2.3-ph_scriptcmp.patch @@ -150,6 +153,7 @@ mv dovecot-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 16 -p2 -b .opensslhmac3 %patch -P 17 -p2 -b .fixvalcond %patch -P 18 -p1 -b .valbasherr +%patch -P 23 -p1 -b .nolibotp #patch -P 24 -p2 -b .ph_optglob #patch -P 25 -p1 -b .ph_scriptcmp cp run-test-valgrind.supp dovecot-pigeonhole/ From 4c4f414ae9d1b7362f2b3014de25f74a4c4fc53e Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 5 Jun 2025 21:18:14 +0200 Subject: [PATCH 137/146] but actuall updated patch is needed --- dovecot-2.4.1-nolibotp.patch | 226 +++++++++++++++++------------------ dovecot.spec | 2 +- 2 files changed, 109 insertions(+), 119 deletions(-) diff --git a/dovecot-2.4.1-nolibotp.patch b/dovecot-2.4.1-nolibotp.patch index 78edc49..42e62ba 100644 --- a/dovecot-2.4.1-nolibotp.patch +++ b/dovecot-2.4.1-nolibotp.patch @@ -1,7 +1,7 @@ -diff -up dovecot-2.3.20/src/auth/main.c.nolibotp dovecot-2.3.20/src/auth/main.c ---- dovecot-2.3.20/src/auth/main.c.nolibotp 2022-12-21 09:49:12.000000000 +0100 -+++ dovecot-2.3.20/src/auth/main.c 2023-02-14 16:54:02.118531016 +0100 -@@ -19,8 +19,6 @@ +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c 2025-06-05 21:08:46.902918388 +0200 +@@ -20,8 +20,6 @@ #include "password-scheme.h" #include "passdb-cache.h" #include "mech.h" @@ -10,44 +10,105 @@ diff -up dovecot-2.3.20/src/auth/main.c.nolibotp dovecot-2.3.20/src/auth/main.c #include "auth.h" #include "auth-penalty.h" #include "auth-token.h" -@@ -283,7 +281,6 @@ static void main_deinit(void) +@@ -272,7 +270,6 @@ static void main_deinit(void) auth_policy_deinit(); mech_register_deinit(&mech_reg); - mech_otp_deinit(); + db_oauth2_deinit(); mech_deinit(global_auth_settings); - - /* allow modules to unregister their dbs/drivers/etc. before freeing -diff -up dovecot-2.3.20/src/auth/mech.c.nolibotp dovecot-2.3.20/src/auth/mech.c ---- dovecot-2.3.20/src/auth/mech.c.nolibotp 2023-02-14 16:55:38.421231797 +0100 -+++ dovecot-2.3.20/src/auth/mech.c 2023-02-14 16:55:38.434231892 +0100 + settings_free(global_auth_settings); +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp 2025-06-05 21:06:36.218750400 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c 2025-06-05 21:09:55.056067262 +0200 @@ -71,7 +71,6 @@ extern const struct mech_module mech_apo extern const struct mech_module mech_cram_md5; extern const struct mech_module mech_digest_md5; extern const struct mech_module mech_external; -extern const struct mech_module mech_otp; extern const struct mech_module mech_scram_sha1; + extern const struct mech_module mech_scram_sha1_plus; extern const struct mech_module mech_scram_sha256; - extern const struct mech_module mech_anonymous; -@@ -206,7 +205,6 @@ void mech_init(const struct auth_setting +@@ -217,7 +216,6 @@ void mech_init(const struct auth_setting mech_register_module(&mech_gssapi_spnego); #endif } - mech_register_module(&mech_otp); mech_register_module(&mech_scram_sha1); + mech_register_module(&mech_scram_sha1_plus); mech_register_module(&mech_scram_sha256); - mech_register_module(&mech_anonymous); -@@ -233,7 +231,6 @@ void mech_deinit(const struct auth_setti +@@ -247,7 +245,6 @@ void mech_deinit(const struct auth_setti mech_unregister_module(&mech_gssapi_spnego); #endif } - mech_unregister_module(&mech_otp); mech_unregister_module(&mech_scram_sha1); + mech_unregister_module(&mech_scram_sha1_plus); mech_unregister_module(&mech_scram_sha256); - mech_unregister_module(&mech_anonymous); -diff -up dovecot-2.3.20/src/auth/password-scheme.c.nolibotp dovecot-2.3.20/src/auth/password-scheme.c ---- dovecot-2.3.20/src/auth/password-scheme.c.nolibotp 2023-02-14 16:54:02.109530950 +0100 -+++ dovecot-2.3.20/src/auth/password-scheme.c 2023-02-14 16:54:02.119531023 +0100 +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c 2025-06-05 21:11:55.124524758 +0200 +@@ -24,7 +24,6 @@ extern const struct mech_module mech_dig + extern const struct mech_module mech_external; + extern const struct mech_module mech_login; + extern const struct mech_module mech_oauthbearer; +-extern const struct mech_module mech_otp; + extern const struct mech_module mech_plain; + extern const struct mech_module mech_scram_sha1; + extern const struct mech_module mech_scram_sha256; +@@ -60,10 +59,7 @@ request_handler_reply_mock_callback(stru + + if (request->passdb_result == PASSDB_RESULT_OK) + request->failed = FALSE; +- else if (request->mech == &mech_otp) { +- if (null_strcmp(request->fields.user, "otp_phase_2") == 0) +- request->failed = FALSE; +- } else if (request->mech == &mech_oauthbearer) { ++ else if (request->mech == &mech_oauthbearer) { + } + }; + +@@ -181,10 +177,6 @@ static void test_mechs(void) + {&mech_plain, UCHAR_LEN("\0testuser\0testpass"), "testuser", NULL, TRUE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", NULL, TRUE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", NULL, TRUE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, +- {&mech_otp, UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, +- {&mech_otp, UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, +- {&mech_otp, UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", NULL , TRUE, TRUE, FALSE}, + {&mech_oauthbearer, UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", NULL, FALSE, TRUE, FALSE}, + {&mech_scram_sha1, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, + {&mech_scram_sha256, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, +@@ -199,8 +191,6 @@ static void test_mechs(void) + {&mech_external, UCHAR_LEN(""), "testuser", NULL, FALSE, TRUE, FALSE}, + {&mech_external, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_login, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN(""), NULL, "invalid input", FALSE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN(""), "testuser", "invalid input", FALSE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_oauthbearer, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_xoauth2, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, +@@ -212,7 +202,6 @@ static void test_mechs(void) + {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_apop, UCHAR_LEN("1.1.1"), NULL, NULL, FALSE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN("somebody\0testuser"), "testuser", "unsupported response type", FALSE, TRUE, FALSE}, + {&mech_cram_md5, UCHAR_LEN("testuser\0response"), "testuser", NULL, FALSE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("testuser\0"), "testuser", NULL, FALSE, FALSE, FALSE}, + +@@ -254,9 +243,7 @@ static void test_mechs(void) + {&mech_plain, UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("failingwiththis"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_plain, UCHAR_LEN("failing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, +- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), NULL, "invalid input", FALSE, FALSE, FALSE}, + /* phase 2 */ +- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), "testuser", "unsupported response type", FALSE, TRUE, FALSE}, + {&mech_scram_sha1, UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_scram_sha1, UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, NULL, FALSE, FALSE, FALSE}, + {&mech_scram_sha1, UCHAR_LEN("n,a=masteruser,,"), NULL, NULL, FALSE, FALSE, FALSE}, +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.nolibotp 2025-06-05 21:15:38.089454364 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-06-05 21:15:38.102747365 +0200 @@ -13,7 +13,6 @@ #include "randgen.h" #include "sha1.h" @@ -55,8 +116,8 @@ diff -up dovecot-2.3.20/src/auth/password-scheme.c.nolibotp dovecot-2.3.20/src/a -#include "otp.h" #include "str.h" #include "password-scheme.h" - -@@ -709,32 +708,6 @@ plain_md5_generate(const char *plaintext + #include "password-scheme-private.h" +@@ -701,33 +700,6 @@ plain_md5_generate(const char *plaintext *size_r = MD5_RESULTLEN; } @@ -86,21 +147,28 @@ diff -up dovecot-2.3.20/src/auth/password-scheme.c.nolibotp dovecot-2.3.20/src/a - *raw_password_r = (const unsigned char *)password; - *size_r = strlen(password); -} - +- static const struct password_scheme builtin_schemes[] = { - { "MD5", PW_ENCODING_NONE, 0, md5_verify, md5_crypt_generate }, -@@ -770,7 +743,6 @@ static const struct password_scheme buil - NULL, plain_md5_generate }, - { "LDAP-MD5", PW_ENCODING_BASE64, MD5_RESULTLEN, - NULL, plain_md5_generate }, -- { "OTP", PW_ENCODING_NONE, 0, otp_verify, otp_generate }, - { "PBKDF2", PW_ENCODING_NONE, 0, pbkdf2_verify, pbkdf2_generate }, - }; - -diff -up dovecot-2.3.20/src/auth/password-scheme.h.nolibotp dovecot-2.3.20/src/auth/password-scheme.h ---- dovecot-2.3.20/src/auth/password-scheme.h.nolibotp 2023-02-14 16:56:50.929759540 +0100 -+++ dovecot-2.3.20/src/auth/password-scheme.h 2023-02-14 16:56:50.947759671 +0100 -@@ -92,9 +92,6 @@ void password_set_encryption_rounds(unsi + { + .name = "MD5", +@@ -891,13 +863,6 @@ static const struct password_scheme buil + .password_generate = plain_md5_generate, + }, + { +- .name = "OTP", +- .default_encoding = PW_ENCODING_NONE, +- .raw_password_len = 0, +- .password_verify = otp_verify, +- .password_generate = otp_generate, +- }, +- { + .name = "PBKDF2", + .default_encoding = PW_ENCODING_NONE, + .raw_password_len = 0, +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.nolibotp 2025-06-05 21:16:12.241545079 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h 2025-06-05 21:16:12.249776307 +0200 +@@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi /* INTERNAL: */ const char *password_generate_salt(size_t len); const char *password_generate_md5_crypt(const char *pw, const char *salt); @@ -108,12 +176,12 @@ diff -up dovecot-2.3.20/src/auth/password-scheme.h.nolibotp dovecot-2.3.20/src/a - unsigned int algo, const char **result_r) - ATTR_NULL(2); - int crypt_verify(const char *plaintext, - const struct password_generate_params *params, -diff -up dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp dovecot-2.3.20/src/auth/test-libpassword.c ---- dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp 2023-02-14 16:54:55.880922175 +0100 -+++ dovecot-2.3.20/src/auth/test-libpassword.c 2023-02-14 16:54:55.896922291 +0100 -@@ -106,7 +106,6 @@ static void test_password_schemes(void) + int scram_scheme_parse(const struct hash_method *hmethod, const char *name, + const unsigned char *credentials, size_t size, +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c.nolibotp 2025-06-05 21:16:40.122669090 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c 2025-06-05 21:16:40.136347538 +0200 +@@ -107,7 +107,6 @@ static void test_password_schemes(void) test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test"); test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test"); test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test"); @@ -121,81 +189,3 @@ diff -up dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp dovecot-2.3.20/src/ test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test"); test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test"); test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test"); -diff -up dovecot-2.3.20/src/auth/test-mech.c.nolibotp dovecot-2.3.20/src/auth/test-mech.c ---- dovecot-2.3.20/src/auth/test-mech.c.nolibotp 2022-12-21 09:49:12.000000000 +0100 -+++ dovecot-2.3.20/src/auth/test-mech.c 2023-02-14 16:54:02.119531023 +0100 -@@ -8,8 +8,6 @@ - #include "auth-request-handler-private.h" - #include "auth-settings.h" - #include "mech-digest-md5-private.h" --#include "otp.h" --#include "mech-otp-common.h" - #include "settings-parser.h" - #include "password-scheme.h" - #include "auth-token.h" -@@ -27,7 +25,6 @@ extern const struct mech_module mech_dov - extern const struct mech_module mech_external; - extern const struct mech_module mech_login; - extern const struct mech_module mech_oauthbearer; --extern const struct mech_module mech_otp; - extern const struct mech_module mech_plain; - extern const struct mech_module mech_scram_sha1; - extern const struct mech_module mech_scram_sha256; -@@ -65,10 +62,7 @@ request_handler_reply_mock_callback(stru - - if (request->passdb_result == PASSDB_RESULT_OK) - request->failed = FALSE; -- else if (request->mech == &mech_otp) { -- if (null_strcmp(request->fields.user, "otp_phase_2") == 0) -- request->failed = FALSE; -- } else if (request->mech == &mech_oauthbearer) { -+ else if (request->mech == &mech_oauthbearer) { - } - }; - -@@ -224,10 +218,6 @@ static void test_mechs(void) - {&mech_plain, UCHAR_LEN("\0testuser\0testpass"), "testuser", NULL, TRUE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", NULL, TRUE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", NULL, TRUE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, -- {&mech_otp, UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, -- {&mech_otp, UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, -- {&mech_otp, UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", NULL , TRUE, TRUE, FALSE}, - {&mech_oauthbearer, UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", NULL, FALSE, TRUE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, - {&mech_scram_sha256, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, -@@ -242,8 +232,6 @@ static void test_mechs(void) - {&mech_external, UCHAR_LEN(""), "testuser", NULL, FALSE, TRUE, FALSE}, - {&mech_external, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_login, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN(""), NULL, "invalid input", FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN(""), "testuser", "invalid input", FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_oauthbearer, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_xoauth2, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, -@@ -255,7 +243,6 @@ static void test_mechs(void) - {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_apop, UCHAR_LEN("1.1.1"), NULL, NULL, FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN("somebody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE}, - {&mech_cram_md5, UCHAR_LEN("testuser\0response"), "testuser", NULL, FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("testuser\0"), "testuser", NULL, FALSE, FALSE, FALSE}, - -@@ -297,9 +284,7 @@ static void test_mechs(void) - {&mech_plain, UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("failingwiththis"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("failing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), NULL, "invalid input", FALSE, FALSE, FALSE}, - /* phase 2 */ -- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("n,a=masteruser,,"), NULL, NULL, FALSE, FALSE, FALSE}, -@@ -387,7 +372,6 @@ static void test_mechs(void) - - test_end(); - } T_END; -- mech_otp_deinit(); - auths_deinit(); - auth_token_deinit(); - password_schemes_deinit(); diff --git a/dovecot.spec b/dovecot.spec index 0e5b19d..1e9a1a2 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -153,7 +153,7 @@ mv dovecot-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 16 -p2 -b .opensslhmac3 %patch -P 17 -p2 -b .fixvalcond %patch -P 18 -p1 -b .valbasherr -%patch -P 23 -p1 -b .nolibotp +%patch -P 23 -p2 -b .nolibotp #patch -P 24 -p2 -b .ph_optglob #patch -P 25 -p1 -b .ph_scriptcmp cp run-test-valgrind.supp dovecot-pigeonhole/ From c7cc256e1a6dd95858e75c653db042235fb9598d Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 5 Jun 2025 23:17:39 +0200 Subject: [PATCH 138/146] but updated patch is needed --- dovecot-2.4.1-nolibotp.patch | 31 +++++++++++++++++++++---------- dovecot.spec | 4 ++++ 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/dovecot-2.4.1-nolibotp.patch b/dovecot-2.4.1-nolibotp.patch index 42e62ba..6c8dad5 100644 --- a/dovecot-2.4.1-nolibotp.patch +++ b/dovecot-2.4.1-nolibotp.patch @@ -1,6 +1,6 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c 2025-06-05 21:08:46.902918388 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c 2025-06-05 22:36:50.148155427 +0200 @@ -20,8 +20,6 @@ #include "password-scheme.h" #include "passdb-cache.h" @@ -19,8 +19,8 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c.nolibotp dovecot-2. mech_deinit(global_auth_settings); settings_free(global_auth_settings); diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp 2025-06-05 21:06:36.218750400 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c 2025-06-05 21:09:55.056067262 +0200 +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c 2025-06-05 22:36:50.148435422 +0200 @@ -71,7 +71,6 @@ extern const struct mech_module mech_apo extern const struct mech_module mech_cram_md5; extern const struct mech_module mech_digest_md5; @@ -45,9 +45,20 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp dovecot-2. mech_unregister_module(&mech_scram_sha1); mech_unregister_module(&mech_scram_sha1_plus); mech_unregister_module(&mech_scram_sha256); +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c.nolibotp 2025-06-05 23:11:23.428522162 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c 2025-06-05 23:11:23.443511259 +0200 +@@ -72,7 +72,6 @@ void test_auth_init(void) + void test_auth_deinit(void) + { + auth_penalty_deinit(&auth_penalty); +- mech_otp_deinit(); + db_oauth2_deinit(); + auths_deinit(); + auth_token_deinit(); diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c 2025-06-05 21:11:55.124524758 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c 2025-06-05 22:36:50.148639214 +0200 @@ -24,7 +24,6 @@ extern const struct mech_module mech_dig extern const struct mech_module mech_external; extern const struct mech_module mech_login; @@ -107,8 +118,8 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c.nolibotp dovec {&mech_scram_sha1, UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, NULL, FALSE, FALSE, FALSE}, {&mech_scram_sha1, UCHAR_LEN("n,a=masteruser,,"), NULL, NULL, FALSE, FALSE, FALSE}, diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.nolibotp 2025-06-05 21:15:38.089454364 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-06-05 21:15:38.102747365 +0200 +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.nolibotp 2025-06-05 22:36:50.142606171 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-06-05 22:36:50.148822418 +0200 @@ -13,7 +13,6 @@ #include "randgen.h" #include "sha1.h" @@ -166,8 +177,8 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.noli .default_encoding = PW_ENCODING_NONE, .raw_password_len = 0, diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.nolibotp 2025-06-05 21:16:12.241545079 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h 2025-06-05 21:16:12.249776307 +0200 +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.nolibotp 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h 2025-06-05 22:36:50.148942954 +0200 @@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi /* INTERNAL: */ const char *password_generate_salt(size_t len); @@ -179,8 +190,8 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.noli int scram_scheme_parse(const struct hash_method *hmethod, const char *name, const unsigned char *credentials, size_t size, diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c.nolibotp 2025-06-05 21:16:40.122669090 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c 2025-06-05 21:16:40.136347538 +0200 +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c 2025-06-05 22:36:50.149077275 +0200 @@ -107,7 +107,6 @@ static void test_password_schemes(void) test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test"); test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test"); diff --git a/dovecot.spec b/dovecot.spec index 1e9a1a2..69cda61 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -162,6 +162,10 @@ echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude # drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes #rm -rf src/lib-otp +echo >src/auth/mech-otp-common.c +echo >src/auth/mech-otp-common.h +echo >src/auth/mech-otp.c +echo >src/lib-auth/password-scheme-otp.c pushd src/lib-otp for f in *.c *.h do From 1b30785ce51a19f0f9dc02ae50bec37daf4c427d Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 24 Jun 2025 14:27:16 +0200 Subject: [PATCH 139/146] fix dovecot 2.4 gssapi regression (rhbz#2374419) --- dovecot-2.3-ph_optglob.patch | 48 ---------------------------------- dovecot-2.3-ph_scriptcmp.patch | 12 --------- dovecot-2.4.1-gssapi.patch | 12 +++++++++ dovecot.spec | 12 ++++----- 4 files changed, 18 insertions(+), 66 deletions(-) delete mode 100644 dovecot-2.3-ph_optglob.patch delete mode 100644 dovecot-2.3-ph_scriptcmp.patch create mode 100644 dovecot-2.4.1-gssapi.patch diff --git a/dovecot-2.3-ph_optglob.patch b/dovecot-2.3-ph_optglob.patch deleted file mode 100644 index 55bf77a..0000000 --- a/dovecot-2.3-ph_optglob.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob 2025-06-03 23:43:09.773363279 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c 2025-06-03 23:47:49.234931325 +0200 -@@ -361,11 +361,13 @@ static bool opc_include_dump(const struc - - sieve_code_descend(denv); - sieve_code_dumpf( -- denv, "script: '%s' %s%s[ID: %d, BLOCK: %d]", -+ denv, "script: '%s' %s%s%s[ID: %d, BLOCK: %d]", - sieve_script_label(included->script), - ((flags & EXT_INCLUDE_FLAG_ONCE) != 0 ? "(once) " : ""), - ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0 ? "(optional) " : ""), -- include_id, sieve_binary_block_get_id(included->block)); -+ (included->block == NULL ? "(missing) " : ""), -+ include_id, -+ (included->block == NULL ? -1 : sieve_binary_block_get_id(included->block))); - - return TRUE; - } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob 2025-01-24 08:09:43.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c 2025-06-03 23:43:09.773531445 +0200 -@@ -715,6 +715,25 @@ int ext_include_execute_include(const st - } - - ctx = ext_include_get_interpreter_context(this_ext, renv->interp); -+ if (included->block == NULL) { -+ if ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0) { -+ sieve_runtime_trace( -+ renv, SIEVE_TRLVL_NONE, -+ "include: skipped include for script '%s' " -+ "[inc id: %d, block: NULL]; optional and unavailable", -+ sieve_script_name(included->script), -+ include_id); -+ return result; -+ } else { -+ sieve_runtime_trace( -+ renv, SIEVE_TRLVL_NONE, -+ "include: unavailable script '%s' " -+ "[inc id: %d, block: NULL]", -+ sieve_script_name(included->script), -+ include_id); -+ return SIEVE_EXEC_BIN_CORRUPT; -+ } -+ } - block_id = sieve_binary_block_get_id(included->block); - - /* If :once modifier is specified, check for duplicate include */ diff --git a/dovecot-2.3-ph_scriptcmp.patch b/dovecot-2.3-ph_scriptcmp.patch deleted file mode 100644 index 2bcaade..0000000 --- a/dovecot-2.3-ph_scriptcmp.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c ---- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 2024-06-03 13:35:24.408858593 +0200 -+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c 2024-06-03 13:35:24.434858849 +0200 -@@ -800,7 +800,7 @@ static bool sieve_file_script_equals - (struct sieve_file_script *)other; - - return ( CMP_DEV_T(fscript->st.st_dev, fother->st.st_dev) && -- fscript->st.st_ino == fother->st.st_ino ); -+ fscript->st.st_ino == fother->st.st_ino && (fscript->st.st_ino != 0 || script->location != NULL && other->location != NULL && strcmp(script->location, other->location) == 0)); - } - - /* diff --git a/dovecot-2.4.1-gssapi.patch b/dovecot-2.4.1-gssapi.patch new file mode 100644 index 0000000..9765eb9 --- /dev/null +++ b/dovecot-2.4.1-gssapi.patch @@ -0,0 +1,12 @@ +diff -up dovecot-2.4.1-4/src/auth/mech-gssapi.c.gssapi dovecot-2.4.1-4/src/auth/mech-gssapi.c +--- dovecot-2.4.1-4/src/auth/mech-gssapi.c.gssapi 2025-06-24 00:07:54.720275640 +0200 ++++ dovecot-2.4.1-4/src/auth/mech-gssapi.c 2025-06-24 00:10:04.541651871 +0200 +@@ -672,7 +672,7 @@ mech_gssapi_auth_initial(struct auth_req + + if (data_size == 0) { + /* The client should go first */ +- auth_request_handler_reply_continue(request, NULL, 0); ++ auth_request_handler_reply_continue(request, uchar_empty_ptr, 0); + } else { + mech_gssapi_auth_continue(request, data, data_size); + } diff --git a/dovecot.spec b/dovecot.spec index 69cda61..2cfe5b7 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.4.1 %global prever -4 -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -47,9 +47,7 @@ Patch18: dovecot-2.3.15-valbasherr.patch # Fedora/RHEL specific, drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes Patch23: dovecot-2.4.1-nolibotp.patch - -Patch24: dovecot-2.3-ph_optglob.patch -Patch25: dovecot-2.3-ph_scriptcmp.patch +Patch24: dovecot-2.4.1-gssapi.patch BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig @@ -154,8 +152,7 @@ mv dovecot-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 17 -p2 -b .fixvalcond %patch -P 18 -p1 -b .valbasherr %patch -P 23 -p2 -b .nolibotp -#patch -P 24 -p2 -b .ph_optglob -#patch -P 25 -p1 -b .ph_scriptcmp +%patch -P 24 -p1 -b .gssapi cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude @@ -476,6 +473,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jun 24 2025 Michal Hlavinka - 1:2.4.1-2 +- fix dovecot 2.4 gssapi regression (rhbz#2374419) + * Tue Jun 03 2025 Michal Hlavinka - 1:2.4.1-1 - updated to 2.4.1 release - note: configuration is incompatible with 2.3.x version From ce9db32f706366baeb9bbc8b38e3a9131aeb54af Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 19:29:40 +0000 Subject: [PATCH 140/146] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 2cfe5b7..65a7b29 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.4.1 %global prever -4 -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -473,6 +473,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jul 23 2025 Fedora Release Engineering - 1:2.4.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Tue Jun 24 2025 Michal Hlavinka - 1:2.4.1-2 - fix dovecot 2.4 gssapi regression (rhbz#2374419) From 46c0ff966fe154a1208380e69b2e57effc19e06e Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 30 Jul 2025 12:09:04 +0200 Subject: [PATCH 141/146] fix compatibility with latest openssl (#2383209) --- dovecot-2.4.1-opensslhmac3.patch | 162 +++++++++++++++---------------- dovecot.spec | 5 +- 2 files changed, 81 insertions(+), 86 deletions(-) diff --git a/dovecot-2.4.1-opensslhmac3.patch b/dovecot-2.4.1-opensslhmac3.patch index 20b26a2..d5e8a92 100644 --- a/dovecot-2.4.1-opensslhmac3.patch +++ b/dovecot-2.4.1-opensslhmac3.patch @@ -1,6 +1,6 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c 2025-06-03 22:53:40.039980828 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c 2025-07-30 11:45:19.801515296 +0200 @@ -162,17 +162,17 @@ void auth_token_deinit(void) const char *auth_token_get(const char *service, const char *session_pid, const char *username, const char *session_id) @@ -26,9 +26,20 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 return binary_to_hex(result, sizeof(result)); } +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am 2025-07-30 11:45:19.803705887 +0200 +@@ -66,6 +66,7 @@ auth_LDFLAGS = -export-dynamic + auth_libs = \ + ../lib-auth/libauth-crypt.la \ + $(AUTH_LUA_LIBS) \ ++ $(SSL_LIBS) \ + $(LIBDOVECOT_SQL) + + auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS) diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c 2025-06-03 22:53:40.040125680 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c 2025-07-30 11:45:19.801656370 +0200 @@ -50,7 +50,7 @@ static bool verify_credentials(struct cr const unsigned char *credentials, size_t size) { @@ -52,9 +63,46 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c.opensslhma response_hex = binary_to_hex(digest, sizeof(digest)); +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am 2025-07-30 11:45:19.803805844 +0200 +@@ -21,11 +21,13 @@ AM_CPPFLAGS = \ + $(BINARY_CFLAGS) + + imap_LDFLAGS = -export-dynamic \ ++ $(SSL_LIBS) \ + $(BINARY_LDFLAGS) + + imap_LDADD = \ + ../lib-imap-urlauth/libimap-urlauth.la \ + ../lib-compression/libcompression.la \ ++ $(SSL_LIBS) \ + $(LIBDOVECOT_STORAGE) \ + $(LIBDOVECOT) + imap_DEPENDENCIES = \ +diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am 2025-07-30 11:45:19.803904279 +0200 +@@ -22,6 +22,7 @@ imap_urlauth_CPPFLAGS = \ + imap_urlauth_LDFLAGS = -export-dynamic + + imap_urlauth_LDADD = $(LIBDOVECOT) \ ++ $(SSL_LIBS) + $(BINARY_LDFLAGS) + + imap_urlauth_DEPENDENCIES = $(LIBDOVECOT_DEPS) +@@ -52,7 +53,7 @@ imap_urlauth_worker_LDFLAGS = -export-dy + urlauth_libs = \ + $(top_builddir)/src/lib-imap-urlauth/libimap-urlauth.la + +-imap_urlauth_worker_LDADD = $(urlauth_libs) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT) ++imap_urlauth_worker_LDADD = $(urlauth_libs) $(SSL_LIBS) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT) + imap_urlauth_worker_DEPENDENCIES = $(urlauth_libs) $(LIBDOVECOT_STORAGE_DEPS) $(LIBDOVECOT_DEPS) + + imap_urlauth_worker_SOURCES = \ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c 2025-06-03 22:59:21.239579904 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c 2025-07-30 11:45:19.801788468 +0200 @@ -248,7 +248,7 @@ static string_t *auth_scram_get_client_f unsigned char client_signature[hmethod->digest_size]; unsigned char client_proof[hmethod->digest_size]; @@ -115,7 +163,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.op diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c 2025-06-03 22:53:40.040441433 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c 2025-07-30 11:45:19.801918022 +0200 @@ -31,7 +31,7 @@ void auth_scram_hi(const struct hash_met const unsigned char *salt, size_t salt_size, unsigned int i, unsigned char *result) @@ -187,7 +235,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhm safe_memset(client_key, 0, sizeof(client_key)); diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c 2025-06-03 23:01:21.982844336 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c 2025-07-30 11:45:19.802027357 +0200 @@ -342,7 +342,7 @@ auth_scram_server_verify_credentials(str { const struct hash_method *hmethod = server->set.hash_method; @@ -234,7 +282,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.op diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-06-03 22:53:40.040746416 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-07-30 11:45:19.802166177 +0200 @@ -631,11 +631,11 @@ static void cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) @@ -251,7 +299,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.open diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c 2025-06-03 22:53:40.040877783 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c 2025-07-30 11:45:19.802285591 +0200 @@ -69,7 +69,7 @@ int scram_verify(const struct hash_metho const char *plaintext, const unsigned char *raw_password, size_t size, const char **error_r) @@ -276,7 +324,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram. hash_method_get_digest(hmethod, client_key, sizeof(client_key), diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c 2025-06-03 22:53:40.041060556 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c 2025-07-30 11:46:43.346310291 +0200 @@ -7,6 +7,10 @@ * This software is released under the MIT license. */ @@ -306,9 +354,8 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot + + +void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key, //DONE - size_t key_len, const struct hash_method *meth) - { -- struct hmac_context_priv *ctx = &_ctx->u.priv; ++ size_t key_len, const struct hash_method *meth) ++{ +#ifdef USE_OPENSSL3_METHODS + struct openssl_hmac_context_priv *ctx = &_ctx->u.priv; + @@ -374,8 +421,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot +} + +void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key, //DONE -+ size_t key_len, const struct hash_method *meth) -+{ + size_t key_len, const struct hash_method *meth) + { +- struct hmac_context_priv *ctx = &_ctx->u.priv; + static int no_fips = -1; + if (no_fips == -1) { + int fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY); @@ -498,17 +546,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot /* salt and info can be NULL */ i_assert(salt != NULL || salt_len == 0); -@@ -119,35 +237,30 @@ void hmac_hkdf(const struct hash_method - i_assert(ikm != NULL && ikm_len > 0); - i_assert(okm_r != NULL && okm_len > 0); +@@ -126,28 +244,29 @@ void hmac_hkdf(const struct hash_method + if (info == NULL) + info = &uchar_nul; -- /* but they still need valid pointer, reduces -- complains from static analysers */ -- if (salt == NULL) -- salt = &uchar_nul; -- if (info == NULL) -- info = &uchar_nul; -- - /* extract */ - hmac_init(&key_mac, salt, salt_len, method); - hmac_update(&key_mac, ikm, ikm_len); @@ -529,7 +570,6 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot - hmac_final(&info_mac, okm); - buffer_append(okm_r, okm, amt); - remain -= amt; -+ + md = EVP_get_digestbyname(method->name); + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); + unsigned char *okm_buf = buffer_get_space_unsafe(okm_r, 0, okm_len); @@ -560,7 +600,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot } diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c 2025-06-03 22:53:40.041190220 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c 2025-07-30 11:45:19.802547733 +0200 @@ -9,10 +9,10 @@ #include "md5.h" #include "hmac-cram-md5.h" @@ -589,7 +629,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac struct md5_context *ctx = (void*)hmac_ctx->ctx; diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h 2025-06-03 22:53:40.041283645 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h 2025-07-30 11:45:19.802643613 +0200 @@ -5,9 +5,9 @@ #define CRAM_MD5_CONTEXTLEN 32 @@ -604,7 +644,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h 2025-06-03 22:53:40.041401056 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h 2025-07-30 11:45:19.802751766 +0200 @@ -4,60 +4,108 @@ #include "hash-method.h" #include "sha1.h" @@ -729,7 +769,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 dovecot } diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c 2025-06-03 22:53:40.041513908 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c 2025-07-30 11:45:19.802862354 +0200 @@ -87,15 +87,15 @@ imap_urlauth_internal_generate( const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN], size_t *token_len_r) @@ -752,7 +792,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c return token; diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am 2025-06-03 22:53:40.041626579 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am 2025-07-30 11:45:19.802976508 +0200 @@ -359,6 +359,9 @@ headers = \ wildcard-match.h \ write-full.h @@ -765,7 +805,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 do diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c 2025-06-03 22:53:40.041749500 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c 2025-07-30 11:45:19.803097425 +0200 @@ -210,14 +210,14 @@ oauth2_validate_hmac(const struct oauth2 if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0) return -1; @@ -789,7 +829,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.openssl t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]); diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c 2025-06-03 22:53:40.041891667 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c 2025-07-30 11:45:19.803224443 +0200 @@ -250,7 +250,7 @@ static void save_key_azp_to(const char * static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key) { @@ -819,7 +859,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.op base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c 2025-06-03 22:53:40.042033283 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c 2025-07-30 11:45:19.803357132 +0200 @@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */ unsigned char dk[l * hash->digest_size]; @@ -856,7 +896,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 doveco } diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c --- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c 2025-06-03 22:53:40.042135125 +0200 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c 2025-07-30 11:45:19.803460807 +0200 @@ -206,11 +206,11 @@ static void test_hmac_rfc(void) test_begin("hmac sha256 rfc4231 vectors"); for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) { @@ -933,8 +973,8 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 do vec->okm_len); test_assert(tmp->used == vec->okm_len && diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 2025-06-04 12:40:11.891062419 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am 2025-06-04 12:40:11.907575156 +0200 +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am 2025-07-30 11:45:19.803606280 +0200 @@ -30,13 +30,13 @@ test_libs = \ $(DLLIB) @@ -951,57 +991,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.a -DDCRYPT_BUILD_DIR=\"$(top_builddir)/src/lib-dcrypt\" check-local: -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 2025-06-04 20:00:36.614009610 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am 2025-06-04 20:00:36.627577639 +0200 -@@ -65,6 +65,7 @@ auth_LDFLAGS = -export-dynamic - auth_libs = \ - ../lib-auth/libauth-crypt.la \ - $(AUTH_LUA_LIBS) \ -+ $(SSL_LIBS) \ - $(LIBDOVECOT_SQL) - - auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS) -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 2025-06-04 21:58:25.496716279 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am 2025-06-04 23:14:17.353832049 +0200 -@@ -21,11 +21,13 @@ AM_CPPFLAGS = \ - $(BINARY_CFLAGS) - - imap_LDFLAGS = -export-dynamic \ -+ $(SSL_LIBS) \ - $(BINARY_LDFLAGS) - - imap_LDADD = \ - ../lib-imap-urlauth/libimap-urlauth.la \ - ../lib-compression/libcompression.la \ -+ $(SSL_LIBS) \ - $(LIBDOVECOT_STORAGE) \ - $(LIBDOVECOT) - imap_DEPENDENCIES = \ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 2025-06-05 11:34:56.817495906 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am 2025-06-05 11:34:56.830938840 +0200 -@@ -22,6 +22,7 @@ imap_urlauth_CPPFLAGS = \ - imap_urlauth_LDFLAGS = -export-dynamic - - imap_urlauth_LDADD = $(LIBDOVECOT) \ -+ $(SSL_LIBS) - $(BINARY_LDFLAGS) - - imap_urlauth_DEPENDENCIES = $(LIBDOVECOT_DEPS) -@@ -52,7 +53,7 @@ imap_urlauth_worker_LDFLAGS = -export-dy - urlauth_libs = \ - $(top_builddir)/src/lib-imap-urlauth/libimap-urlauth.la - --imap_urlauth_worker_LDADD = $(urlauth_libs) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT) -+imap_urlauth_worker_LDADD = $(urlauth_libs) $(SSL_LIBS) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT) - imap_urlauth_worker_DEPENDENCIES = $(urlauth_libs) $(LIBDOVECOT_STORAGE_DEPS) $(LIBDOVECOT_DEPS) - - imap_urlauth_worker_SOURCES = \ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslhmac3 2025-06-05 12:53:50.410853506 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am 2025-06-05 12:53:50.424176491 +0200 +--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am 2025-07-30 11:45:19.804003916 +0200 @@ -29,6 +29,7 @@ submission_LDADD = \ $(urlauth_libs) \ $(LIBDOVECOT_STORAGE) \ diff --git a/dovecot.spec b/dovecot.spec index 65a7b29..a2b3419 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.4.1 %global prever -4 -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -473,6 +473,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jul 30 2025 Michal Hlavinka - 1:2.4.1-4 +- fix compatibility with latest openssl (#2383209) + * Wed Jul 23 2025 Fedora Release Engineering - 1:2.4.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 23bb7279ffdf12617166b27a9222edc7455a9ce7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= Date: Wed, 6 Aug 2025 09:53:18 +0200 Subject: [PATCH 142/146] Rebuilt for icu 77.1 --- dovecot.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index a2b3419..e13fd72 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.4.1 %global prever -4 -Release: 4%{?dist} +Release: 5%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -473,6 +473,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Aug 06 2025 František Zatloukal - 1:2.4.1-5 +- Rebuilt for icu 77.1 + * Wed Jul 30 2025 Michal Hlavinka - 1:2.4.1-4 - fix compatibility with latest openssl (#2383209) From a410538c46a993da6a5923dedc9c07348f201461 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 9 Oct 2025 15:54:00 +0200 Subject: [PATCH 143/146] fix CVE-2025-30189: users would end up overwriting each other in cache (rhbz#2402122) --- dovecot-2.4.1-cve-2025-30189.patch | 104 +++++++++++++++++++++++++++++ dovecot.spec | 9 ++- 2 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.4.1-cve-2025-30189.patch diff --git a/dovecot-2.4.1-cve-2025-30189.patch b/dovecot-2.4.1-cve-2025-30189.patch new file mode 100644 index 0000000..ec5a370 --- /dev/null +++ b/dovecot-2.4.1-cve-2025-30189.patch @@ -0,0 +1,104 @@ +diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h +index 1d420eceaa..90aba17ec3 100644 +--- a/src/auth/auth-settings.h ++++ b/src/auth/auth-settings.h +@@ -1,6 +1,8 @@ + #ifndef AUTH_SETTINGS_H + #define AUTH_SETTINGS_H + ++#define AUTH_CACHE_KEY_USER "%{user}" ++ + struct master_service; + struct master_service_settings_output; + +diff --git a/src/auth/passdb-bsdauth.c b/src/auth/passdb-bsdauth.c +index 68292679b7..1b86da4053 100644 +--- a/src/auth/passdb-bsdauth.c ++++ b/src/auth/passdb-bsdauth.c +@@ -14,8 +14,6 @@ + #include + #include + +-#define BSDAUTH_CACHE_KEY "%u" +- + struct passdb_bsdauth_settings { + pool_t pool; + }; +@@ -104,7 +102,7 @@ bsdauth_preinit(pool_t pool, struct event *event, + &post_set, error_r) < 0) + return -1; + module->default_cache_key = auth_cache_parse_key_and_fields( +- pool, BSDAUTH_CACHE_KEY, &post_set->fields, "bsdauth"); ++ pool, AUTH_CACHE_KEY_USER, &post_set->fields, "bsdauth"); + + settings_free(post_set); + *module_r = module; +diff --git a/src/auth/passdb-oauth2.c b/src/auth/passdb-oauth2.c +index 96d902d323..91fed06018 100644 +--- a/src/auth/passdb-oauth2.c ++++ b/src/auth/passdb-oauth2.c +@@ -53,7 +53,7 @@ oauth2_preinit(pool_t pool, struct event *event, struct passdb_module **module_r + if (db_oauth2_init(event, TRUE, &module->db, error_r) < 0) + return -1; + module->module.default_pass_scheme = "PLAIN"; +- module->module.default_cache_key = "%u"; ++ module->module.default_cache_key = AUTH_CACHE_KEY_USER; + *module_r = &module->module; + return 0; + } +diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c +index 2acbceb80a..fdf0f573ef 100644 +--- a/src/auth/passdb-pam.c ++++ b/src/auth/passdb-pam.c +@@ -415,7 +415,8 @@ static int pam_preinit(pool_t pool, struct event *event, + module = p_new(pool, struct pam_passdb_module, 1); + module->module.default_cache_key = + auth_cache_parse_key_and_fields(pool, +- t_strdup_printf("%%u/%s", set->service_name), ++ t_strdup_printf("%"AUTH_CACHE_KEY_USER"\t%s", ++ set->service_name), + &post_set->fields, "pam"); + module->requests_left = set->max_requests; + module->pam_setcred = set->setcred; +diff --git a/src/auth/passdb-passwd.c b/src/auth/passdb-passwd.c +index 13003151f9..22e2eae7fa 100644 +--- a/src/auth/passdb-passwd.c ++++ b/src/auth/passdb-passwd.c +@@ -10,7 +10,6 @@ + #include "safe-memset.h" + #include "ipwd.h" + +-#define PASSWD_CACHE_KEY "%u" + #define PASSWD_PASS_SCHEME "CRYPT" + + #undef DEF +@@ -142,7 +141,7 @@ static int passwd_preinit(pool_t pool, struct event *event, + &post_set, error_r) < 0) + return -1; + module->default_cache_key = auth_cache_parse_key_and_fields(pool, +- PASSWD_CACHE_KEY, ++ AUTH_CACHE_KEY_USER, + &post_set->fields, + "passwd"); + settings_free(post_set); +diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c +index 5241129a0c..14cf90a6d6 100644 +--- a/src/auth/userdb-passwd.c ++++ b/src/auth/userdb-passwd.c +@@ -9,7 +9,6 @@ + #include "ipwd.h" + #include "time-util.h" + +-#define USER_CACHE_KEY "%u" + #define PASSWD_SLOW_WARN_MSECS (10*1000) + #define PASSWD_SLOW_MASTER_WARN_MSECS 50 + #define PASSDB_SLOW_MASTER_WARN_COUNT_INTERVAL 100 +@@ -225,7 +224,7 @@ static int passwd_preinit(pool_t pool, struct event *event ATTR_UNUSED, + struct passwd_userdb_module *module = + p_new(pool, struct passwd_userdb_module, 1); + +- module->module.default_cache_key = USER_CACHE_KEY; ++ module->module.default_cache_key = AUTH_CACHE_KEY_USER; + *module_r = &module->module; + return 0; + } diff --git a/dovecot.spec b/dovecot.spec index e13fd72..cf4c370 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.4.1 %global prever -4 -Release: 5%{?dist} +Release: 6%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -48,6 +48,9 @@ Patch18: dovecot-2.3.15-valbasherr.patch # Fedora/RHEL specific, drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes Patch23: dovecot-2.4.1-nolibotp.patch Patch24: dovecot-2.4.1-gssapi.patch +#from upstream, for <= 2.4.1, rhbz#2402122 +#https://github.com/dovecot/core/commit/a70ce7d3e2f983979e971414c5892c4e30197231.diff +Patch25: dovecot-2.4.1-cve-2025-30189.patch BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig @@ -153,6 +156,7 @@ mv dovecot-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 18 -p1 -b .valbasherr %patch -P 23 -p2 -b .nolibotp %patch -P 24 -p1 -b .gssapi +%patch -P 25 -p1 -b .cve-2025-30189 cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude @@ -473,6 +477,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Oct 09 2025 Michal Hlavinka - 1:2.4.1-6 +- fix CVE-2025-30189: users would end up overwriting each other in cache (rhbz#2402122) + * Wed Aug 06 2025 František Zatloukal - 1:2.4.1-5 - Rebuilt for icu 77.1 From 9d5bfd100c4d531af7900d82ec6cc30af4d7970d Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 15 Oct 2025 12:11:32 +0200 Subject: [PATCH 144/146] enable fts flatcurve --- dovecot-2.0-defaultconfig.patch | 25 +++++++++++++++++-------- dovecot.spec | 7 ++++++- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/dovecot-2.0-defaultconfig.patch b/dovecot-2.0-defaultconfig.patch index 1fcc276..c9d0eb4 100644 --- a/dovecot-2.0-defaultconfig.patch +++ b/dovecot-2.0-defaultconfig.patch @@ -1,7 +1,15 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in --- dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-settings 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in 2025-06-03 16:50:19.632050332 +0200 -@@ -24,16 +24,13 @@ protocols { ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in 2025-10-15 12:05:14.570388273 +0200 +@@ -16,24 +16,19 @@ dovecot_storage_version = @DOVECOT_CONFI + # The configuration below is a minimal configuration file using system user authentication. + # See https://@DOVECOT_ASSET_URL@/configuration_manual/quick_configuration/ + +-!include_try conf.d/*.conf +- + # Enable wanted protocols: + protocols { + imap = yes lmtp = yes } @@ -22,7 +30,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-setting namespace inbox { inbox = yes -@@ -44,7 +41,13 @@ namespace inbox { +@@ -44,7 +39,15 @@ namespace inbox { passdb pam { } @@ -38,10 +46,11 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-setting + cert_file = /etc/pki/dovecot/certs/dovecot.pem + key_file = /etc/pki/dovecot/private/dovecot.pem } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/20-managesieve.conf.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/20-managesieve.conf ++ ++!include_try conf.d/*.conf diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf ---- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings 2025-06-03 16:28:32.356717374 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf 2025-06-03 16:29:15.924259043 +0200 +--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings 2025-03-28 12:33:46.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf 2025-10-15 12:00:16.233557725 +0200 @@ -21,7 +21,6 @@ # file or directory. Refer to Pigeonhole wiki or INSTALL file for more # information. @@ -68,8 +77,8 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-conf #sieve_trace_addresses = no -} diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf ---- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings 2025-06-03 16:28:43.039733071 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf 2025-06-03 16:29:27.569868558 +0200 +--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings 2025-03-28 12:33:46.000000000 +0100 ++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf 2025-10-15 12:00:16.234048364 +0200 @@ -6,7 +6,6 @@ # sieve_extensions or sieve_global_extensions settings. Restricting these # extensions to a global context using sieve_global_extensions is recommended. diff --git a/dovecot.spec b/dovecot.spec index cf4c370..dc4dfa0 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.4.1 %global prever -4 -Release: 6%{?dist} +Release: 7%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -72,6 +72,7 @@ BuildRequires: lua-json BuildRequires: libicu-devel %if %{?rhel}0 == 0 BuildRequires: libstemmer-devel +BuildRequires: xapian-core-devel %endif BuildRequires: multilib-rpm-config BuildRequires: flex, bison @@ -211,6 +212,7 @@ fi --with-icu \ %if %{?rhel}0 == 0 --with-libstemmer \ + --with-flatcurve \ --with-lua=plugin \ %else --without-libstemmer \ @@ -477,6 +479,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Oct 15 2025 Michal Hlavinka - 1:2.4.1-7 +- enable fts flatcurve + * Thu Oct 09 2025 Michal Hlavinka - 1:2.4.1-6 - fix CVE-2025-30189: users would end up overwriting each other in cache (rhbz#2402122) From 23861b39298d698bc65c323cf2f2e3c39be739a9 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 5 Nov 2025 12:00:08 +0100 Subject: [PATCH 145/146] update patch for CVE-2025-30189 --- dovecot-2.4.1-cve-2025-30189.patch | 371 ++++++++++++++++++++++++++++- dovecot.spec | 7 +- 2 files changed, 370 insertions(+), 8 deletions(-) diff --git a/dovecot-2.4.1-cve-2025-30189.patch b/dovecot-2.4.1-cve-2025-30189.patch index ec5a370..5b9deae 100644 --- a/dovecot-2.4.1-cve-2025-30189.patch +++ b/dovecot-2.4.1-cve-2025-30189.patch @@ -1,5 +1,25 @@ +From a70ce7d3e2f983979e971414c5892c4e30197231 Mon Sep 17 00:00:00 2001 +From: Aki Tuomi +Date: Fri, 25 Jul 2025 08:16:52 +0300 +Subject: [PATCH 1/7] auth: Use AUTH_CACHE_KEY_USER instead of per-database + constants + +Fixes cache key issue where users would end up overwriting +each other in cache due to cache key being essentially static +string because we no longer support %u. + +Forgotten in 2e298e7ee98b6df61cf85117f000290d60a473b8 +--- + src/auth/auth-settings.h | 2 ++ + src/auth/passdb-bsdauth.c | 4 +--- + src/auth/passdb-oauth2.c | 2 +- + src/auth/passdb-pam.c | 3 ++- + src/auth/passdb-passwd.c | 3 +-- + src/auth/userdb-passwd.c | 3 +-- + 6 files changed, 8 insertions(+), 9 deletions(-) + diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h -index 1d420eceaa..90aba17ec3 100644 +index 1d420eceaaf..90aba17ec38 100644 --- a/src/auth/auth-settings.h +++ b/src/auth/auth-settings.h @@ -1,6 +1,8 @@ @@ -12,7 +32,7 @@ index 1d420eceaa..90aba17ec3 100644 struct master_service_settings_output; diff --git a/src/auth/passdb-bsdauth.c b/src/auth/passdb-bsdauth.c -index 68292679b7..1b86da4053 100644 +index 68292679b7f..1b86da4053c 100644 --- a/src/auth/passdb-bsdauth.c +++ b/src/auth/passdb-bsdauth.c @@ -14,8 +14,6 @@ @@ -34,7 +54,7 @@ index 68292679b7..1b86da4053 100644 settings_free(post_set); *module_r = module; diff --git a/src/auth/passdb-oauth2.c b/src/auth/passdb-oauth2.c -index 96d902d323..91fed06018 100644 +index 96d902d323d..91fed060183 100644 --- a/src/auth/passdb-oauth2.c +++ b/src/auth/passdb-oauth2.c @@ -53,7 +53,7 @@ oauth2_preinit(pool_t pool, struct event *event, struct passdb_module **module_r @@ -47,7 +67,7 @@ index 96d902d323..91fed06018 100644 return 0; } diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c -index 2acbceb80a..fdf0f573ef 100644 +index 2acbceb80a3..fdf0f573ef4 100644 --- a/src/auth/passdb-pam.c +++ b/src/auth/passdb-pam.c @@ -415,7 +415,8 @@ static int pam_preinit(pool_t pool, struct event *event, @@ -61,7 +81,7 @@ index 2acbceb80a..fdf0f573ef 100644 module->requests_left = set->max_requests; module->pam_setcred = set->setcred; diff --git a/src/auth/passdb-passwd.c b/src/auth/passdb-passwd.c -index 13003151f9..22e2eae7fa 100644 +index 13003151f9c..22e2eae7fa3 100644 --- a/src/auth/passdb-passwd.c +++ b/src/auth/passdb-passwd.c @@ -10,7 +10,6 @@ @@ -82,7 +102,7 @@ index 13003151f9..22e2eae7fa 100644 "passwd"); settings_free(post_set); diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c -index 5241129a0c..14cf90a6d6 100644 +index 5241129a0cc..14cf90a6d65 100644 --- a/src/auth/userdb-passwd.c +++ b/src/auth/userdb-passwd.c @@ -9,7 +9,6 @@ @@ -102,3 +122,342 @@ index 5241129a0c..14cf90a6d6 100644 *module_r = &module->module; return 0; } + +From c45ce2c073c9439a9d6366016cb4d41059d737f0 Mon Sep 17 00:00:00 2001 +From: Aki Tuomi +Date: Wed, 30 Jul 2025 09:42:20 +0300 +Subject: [PATCH 2/7] auth: auth-cache - Refactor + auth_cache_parse_key_and_fields() + +Call auth_cache_parse_key_exclude() at the function end, +simplifies next commit. +--- + src/auth/auth-cache.c | 24 +++++++++++------------- + 1 file changed, 11 insertions(+), 13 deletions(-) + +diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c +index 360ad8b3f62..3ccd45ff4b9 100644 +--- a/src/auth/auth-cache.c ++++ b/src/auth/auth-cache.c +@@ -129,20 +129,18 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, + const ARRAY_TYPE(const_string) *fields, + const char *exclude_driver) + { +- if (array_is_empty(fields)) +- return auth_cache_parse_key_exclude(pool, query, exclude_driver); +- +- string_t *full_query = t_str_new(128); +- str_append(full_query, query); +- +- unsigned int i, count; +- const char *const *str = array_get(fields, &count); +- for (i = 0; i < count; i += 2) { +- str_append_c(full_query, '\t'); +- str_append(full_query, str[i + 1]); ++ if (!array_is_empty(fields)) { ++ unsigned int i, count; ++ const char *const *str = array_get(fields, &count); ++ string_t *full_query = t_str_new(128); ++ str_append(full_query, query); ++ for (i = 0; i < count; i += 2) { ++ str_append_c(full_query, '\t'); ++ str_append(full_query, str[i + 1]); ++ } ++ query = str_c(full_query); + } +- return auth_cache_parse_key_exclude(pool, str_c(full_query), +- exclude_driver); ++ return auth_cache_parse_key_exclude(pool, query, exclude_driver); + } + + static void + +From 759ee1af848480987d012de2f7135160156724b6 Mon Sep 17 00:00:00 2001 +From: Aki Tuomi +Date: Fri, 25 Jul 2025 11:48:43 +0300 +Subject: [PATCH 3/7] auth: auth-cache - Deduplicate auth_cache_parse_key() to + use auth_cache_parse_key_and_fields() + +Simplifies following commit +--- + src/auth/auth-cache.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c +index 3ccd45ff4b9..ad8cbe50784 100644 +--- a/src/auth/auth-cache.c ++++ b/src/auth/auth-cache.c +@@ -122,14 +122,14 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, + + char *auth_cache_parse_key(pool_t pool, const char *query) + { +- return auth_cache_parse_key_exclude(pool, query, NULL); ++ return auth_cache_parse_key_and_fields(pool, query, NULL, NULL); + } + + char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, + const ARRAY_TYPE(const_string) *fields, + const char *exclude_driver) + { +- if (!array_is_empty(fields)) { ++ if (fields != NULL && !array_is_empty(fields)) { + unsigned int i, count; + const char *const *str = array_get(fields, &count); + string_t *full_query = t_str_new(128); + +From d12bb78b5a235f31c9d5a655bd223c28d44bcadb Mon Sep 17 00:00:00 2001 +From: Aki Tuomi +Date: Fri, 25 Jul 2025 11:51:16 +0300 +Subject: [PATCH 4/7] auth: auth-cache - Change auth_cache_parse_key_exclude() + to return error + +Simplifies following commit +--- + src/auth/auth-cache.c | 25 ++++++++++++++++++------- + 1 file changed, 18 insertions(+), 7 deletions(-) + +diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c +index ad8cbe50784..407e5d4aa0e 100644 +--- a/src/auth/auth-cache.c ++++ b/src/auth/auth-cache.c +@@ -64,8 +64,10 @@ static void auth_cache_key_add_tab_idx(string_t *str, unsigned int i) + str_append_c(str, '}'); + } + +-static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, +- const char *exclude_driver) ++static int auth_cache_parse_key_exclude(pool_t pool, const char *query, ++ const char *exclude_driver, ++ char **cache_key_r, ++ const char **error_r) + { + string_t *str; + bool key_seen[AUTH_REQUEST_VAR_TAB_COUNT]; +@@ -76,9 +78,9 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, + + struct var_expand_program *prog; + if (var_expand_program_create(query, &prog, &error) < 0) { +- e_debug(auth_event, "auth-cache: var_expand_program_create('%s') failed: %s", +- query, error); +- return p_strdup(pool, ""); ++ *error_r = t_strdup_printf("var_expand_program_create(%s) failed: %s", ++ query, error); ++ return -1; + } + + const char *const *vars = var_expand_program_variables(prog); +@@ -117,7 +119,8 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, + + var_expand_program_free(&prog); + +- return p_strdup(pool, str_c(str)); ++ *cache_key_r = p_strdup(pool, str_c(str)); ++ return 0; + } + + char *auth_cache_parse_key(pool_t pool, const char *query) +@@ -140,7 +143,15 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, + } + query = str_c(full_query); + } +- return auth_cache_parse_key_exclude(pool, query, exclude_driver); ++ ++ char *cache_key; ++ const char *error; ++ if (auth_cache_parse_key_exclude(pool, query, exclude_driver, ++ &cache_key, &error) < 0) { ++ e_debug(auth_event, "auth-cache: %s", error); ++ cache_key = p_strdup(pool, ""); ++ } ++ return cache_key; + } + + static void + +From 20d15baa071747f91176eb3115235aa8c78a3d11 Mon Sep 17 00:00:00 2001 +From: Aki Tuomi +Date: Fri, 25 Jul 2025 11:52:36 +0300 +Subject: [PATCH 5/7] auth: auth-cache - Treat cache key parsing errors as + fatals + +Avoids accidentically turning off caching +--- + src/auth/auth-cache.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c +index 407e5d4aa0e..be569349182 100644 +--- a/src/auth/auth-cache.c ++++ b/src/auth/auth-cache.c +@@ -147,10 +147,8 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, + char *cache_key; + const char *error; + if (auth_cache_parse_key_exclude(pool, query, exclude_driver, +- &cache_key, &error) < 0) { +- e_debug(auth_event, "auth-cache: %s", error); +- cache_key = p_strdup(pool, ""); +- } ++ &cache_key, &error) < 0) ++ i_fatal("auth-cache: %s", error); + return cache_key; + } + + +From 0172f8e8c55aff42c688633b2891cf157641366b Mon Sep 17 00:00:00 2001 +From: Aki Tuomi +Date: Fri, 25 Jul 2025 11:41:03 +0300 +Subject: [PATCH 6/7] auth: auth-cache - Require cache key to contain at least + one variable + +--- + src/auth/auth-cache.c | 7 +++++++ + src/auth/test-auth-cache.c | 37 ++++++++++++++++++++++++++++++++++++- + 2 files changed, 43 insertions(+), 1 deletion(-) + +diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c +index be569349182..32959f5d0f4 100644 +--- a/src/auth/auth-cache.c ++++ b/src/auth/auth-cache.c +@@ -86,6 +86,13 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query, + const char *const *vars = var_expand_program_variables(prog); + str = t_str_new(32); + ++ if (*vars == NULL && *query != '\0') { ++ var_expand_program_free(&prog); ++ *error_r = t_strdup_printf("%s: Cache key must contain at least one variable", ++ query); ++ return -1; ++ } ++ + for (; *vars != NULL; vars++) { + /* ignore any providers */ + if (strchr(*vars, ':') != NULL && +diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c +index 46836defc6d..b36d83ec022 100644 +--- a/src/auth/test-auth-cache.c ++++ b/src/auth/test-auth-cache.c +@@ -97,7 +97,35 @@ static void test_auth_cache_parse_key(void) + tests[i].in); + test_assert_strcmp_idx(cache_key, tests[i].out, i); + } ++ ++ test_end(); ++} ++ ++static enum fatal_test_state test_cache_key_missing_variable(unsigned int i) ++{ ++ if (i == 0) ++ test_begin("auth cache missing variable"); ++ ++ /* ensure that we do not accept static string */ ++ static const struct { ++ const char *in, *out; ++ } tests_bad[] = { ++ { "%u", "auth-cache: %u: Cache key must contain at least one variable" }, ++ { "foobar", "auth-cache: foobar: Cache key must contain at least one variable" }, ++ { "%{test", "auth-cache: var_expand_program_create(%{test) " \ ++ "failed: syntax error, unexpected end of file, " \ ++ "expecting CCBRACE or PIPE" }, ++ }; ++ ++ if (i < N_ELEMENTS(tests_bad)) { ++ test_expect_fatal_string(tests_bad[i].out); ++ (void)auth_cache_parse_key(pool_datastack_create(), ++ tests_bad[i].in); ++ return FATAL_TEST_FAILURE; ++ } ++ + test_end(); ++ return FATAL_TEST_FINISHED; + } + + int main(void) +@@ -108,7 +136,14 @@ int main(void) + test_auth_cache_parse_key, + NULL + }; +- int ret = test_run(test_functions); ++ ++ static test_fatal_func_t *const fatal_functions[] = { ++ test_cache_key_missing_variable, ++ NULL, ++ }; ++ ++ int ret = test_run_with_fatals(test_functions, fatal_functions); ++ + event_unref(&auth_event); + return ret; + } + +From 34caed79b76a7b82a2a9c94cf35371bec6c2b826 Mon Sep 17 00:00:00 2001 +From: Aki Tuomi +Date: Fri, 25 Jul 2025 12:00:57 +0300 +Subject: [PATCH 7/7] auth: auth-cache - Drop auth_cache_parse_key() + +It's only used by tests and can now just call +auth_cache_parse_key_and_fields(). +--- + src/auth/auth-cache.c | 5 ----- + src/auth/auth-cache.h | 6 ++---- + src/auth/test-auth-cache.c | 8 ++++---- + 3 files changed, 6 insertions(+), 13 deletions(-) + +diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c +index 32959f5d0f4..82cc0d526eb 100644 +--- a/src/auth/auth-cache.c ++++ b/src/auth/auth-cache.c +@@ -130,11 +130,6 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query, + return 0; + } + +-char *auth_cache_parse_key(pool_t pool, const char *query) +-{ +- return auth_cache_parse_key_and_fields(pool, query, NULL, NULL); +-} +- + char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, + const ARRAY_TYPE(const_string) *fields, + const char *exclude_driver) +diff --git a/src/auth/auth-cache.h b/src/auth/auth-cache.h +index 9bdb9185170..d63621b1a4c 100644 +--- a/src/auth/auth-cache.h ++++ b/src/auth/auth-cache.h +@@ -16,10 +16,8 @@ struct auth_cache_node { + struct auth_cache; + struct auth_request; + +-/* Parses all %x variables from query and compresses them into tab-separated +- list, so it can be used as a cache key. */ +-char *auth_cache_parse_key(pool_t pool, const char *query); +-/* Same as auth_cache_parse_key(), but add also variables from "fields", ++/* Parses all %variables from query and compresses them into tab-separated ++ list, so it can be used as a cache key. Adds also variables from "fields", + except variables prefixed with ":" */ + char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, + const ARRAY_TYPE(const_string) *fields, +diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c +index b36d83ec022..f58c21f7afb 100644 +--- a/src/auth/test-auth-cache.c ++++ b/src/auth/test-auth-cache.c +@@ -93,8 +93,8 @@ static void test_auth_cache_parse_key(void) + test_begin("auth cache parse key"); + + for (i = 0; i < N_ELEMENTS(tests); i++) { +- cache_key = auth_cache_parse_key(pool_datastack_create(), +- tests[i].in); ++ cache_key = auth_cache_parse_key_and_fields(pool_datastack_create(), ++ tests[i].in, NULL, NULL); + test_assert_strcmp_idx(cache_key, tests[i].out, i); + } + +@@ -119,8 +119,8 @@ static enum fatal_test_state test_cache_key_missing_variable(unsigned int i) + + if (i < N_ELEMENTS(tests_bad)) { + test_expect_fatal_string(tests_bad[i].out); +- (void)auth_cache_parse_key(pool_datastack_create(), +- tests_bad[i].in); ++ (void)auth_cache_parse_key_and_fields(pool_datastack_create(), ++ tests_bad[i].in, NULL, NULL); + return FATAL_TEST_FAILURE; + } + diff --git a/dovecot.spec b/dovecot.spec index dc4dfa0..9937b17 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.4.1 %global prever -4 -Release: 7%{?dist} +Release: 8%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -49,7 +49,7 @@ Patch18: dovecot-2.3.15-valbasherr.patch Patch23: dovecot-2.4.1-nolibotp.patch Patch24: dovecot-2.4.1-gssapi.patch #from upstream, for <= 2.4.1, rhbz#2402122 -#https://github.com/dovecot/core/commit/a70ce7d3e2f983979e971414c5892c4e30197231.diff +#https://github.com/dovecot/core/compare/a70ce7d3e2f983979e971414c5892c4e30197231%5E...34caed79b76a7b82a2a9c94cf35371bec6c2b826.patch Patch25: dovecot-2.4.1-cve-2025-30189.patch BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -479,6 +479,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Nov 05 2025 Michal Hlavinka - 1:2.4.1-8 +- update patch for CVE-2025-30189 + * Wed Oct 15 2025 Michal Hlavinka - 1:2.4.1-7 - enable fts flatcurve From 92e5ee1d37bfe4e6608de4b3c602b05ffa500b70 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Sun, 30 Nov 2025 21:40:26 +0100 Subject: [PATCH 146/146] updated to 2.4.2 (#2411846) --- dovecot-2.0-defaultconfig.patch | 20 +- dovecot-2.4.1-cve-2025-30189.patch | 463 ----------------------------- dovecot-2.4.1-gssapi.patch | 12 - dovecot-2.4.1-nolibotp.patch | 331 +++++++++++++-------- dovecot-2.4.1-opensslhmac3.patch | 237 ++++++++------- dovecot-2.4.2-fixbuild.patch | 135 +++++++++ dovecot.spec | 23 +- sources | 4 +- 8 files changed, 496 insertions(+), 729 deletions(-) delete mode 100644 dovecot-2.4.1-cve-2025-30189.patch delete mode 100644 dovecot-2.4.1-gssapi.patch create mode 100644 dovecot-2.4.2-fixbuild.patch diff --git a/dovecot-2.0-defaultconfig.patch b/dovecot-2.0-defaultconfig.patch index c9d0eb4..c7e145e 100644 --- a/dovecot-2.0-defaultconfig.patch +++ b/dovecot-2.0-defaultconfig.patch @@ -1,9 +1,9 @@ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in ---- dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-settings 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in 2025-10-15 12:05:14.570388273 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in +--- dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in 2025-11-30 09:24:17.130246956 +0100 @@ -16,24 +16,19 @@ dovecot_storage_version = @DOVECOT_CONFI # The configuration below is a minimal configuration file using system user authentication. - # See https://@DOVECOT_ASSET_URL@/configuration_manual/quick_configuration/ + # See https://@DOVECOT_ASSET_URL@/latest/core/config/quick.html -!include_try conf.d/*.conf - @@ -48,9 +48,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/doc/dovecot.conf.in.default-setting } + +!include_try conf.d/*.conf -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf ---- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings 2025-03-28 12:33:46.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf 2025-10-15 12:00:16.233557725 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf +--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings 2025-10-29 08:00:30.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf 2025-11-30 09:18:17.667869864 +0100 @@ -21,7 +21,6 @@ # file or directory. Refer to Pigeonhole wiki or INSTALL file for more # information. @@ -76,9 +76,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-conf # the source line numbers. #sieve_trace_addresses = no -} -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf ---- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings 2025-03-28 12:33:46.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf 2025-10-15 12:00:16.234048364 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf +--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings 2025-10-29 08:00:30.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf 2025-11-30 09:18:17.668131795 +0100 @@ -6,7 +6,6 @@ # sieve_extensions or sieve_global_extensions settings. Restricting these # extensions to a global context using sieve_global_extensions is recommended. diff --git a/dovecot-2.4.1-cve-2025-30189.patch b/dovecot-2.4.1-cve-2025-30189.patch deleted file mode 100644 index 5b9deae..0000000 --- a/dovecot-2.4.1-cve-2025-30189.patch +++ /dev/null @@ -1,463 +0,0 @@ -From a70ce7d3e2f983979e971414c5892c4e30197231 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 08:16:52 +0300 -Subject: [PATCH 1/7] auth: Use AUTH_CACHE_KEY_USER instead of per-database - constants - -Fixes cache key issue where users would end up overwriting -each other in cache due to cache key being essentially static -string because we no longer support %u. - -Forgotten in 2e298e7ee98b6df61cf85117f000290d60a473b8 ---- - src/auth/auth-settings.h | 2 ++ - src/auth/passdb-bsdauth.c | 4 +--- - src/auth/passdb-oauth2.c | 2 +- - src/auth/passdb-pam.c | 3 ++- - src/auth/passdb-passwd.c | 3 +-- - src/auth/userdb-passwd.c | 3 +-- - 6 files changed, 8 insertions(+), 9 deletions(-) - -diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h -index 1d420eceaaf..90aba17ec38 100644 ---- a/src/auth/auth-settings.h -+++ b/src/auth/auth-settings.h -@@ -1,6 +1,8 @@ - #ifndef AUTH_SETTINGS_H - #define AUTH_SETTINGS_H - -+#define AUTH_CACHE_KEY_USER "%{user}" -+ - struct master_service; - struct master_service_settings_output; - -diff --git a/src/auth/passdb-bsdauth.c b/src/auth/passdb-bsdauth.c -index 68292679b7f..1b86da4053c 100644 ---- a/src/auth/passdb-bsdauth.c -+++ b/src/auth/passdb-bsdauth.c -@@ -14,8 +14,6 @@ - #include - #include - --#define BSDAUTH_CACHE_KEY "%u" -- - struct passdb_bsdauth_settings { - pool_t pool; - }; -@@ -104,7 +102,7 @@ bsdauth_preinit(pool_t pool, struct event *event, - &post_set, error_r) < 0) - return -1; - module->default_cache_key = auth_cache_parse_key_and_fields( -- pool, BSDAUTH_CACHE_KEY, &post_set->fields, "bsdauth"); -+ pool, AUTH_CACHE_KEY_USER, &post_set->fields, "bsdauth"); - - settings_free(post_set); - *module_r = module; -diff --git a/src/auth/passdb-oauth2.c b/src/auth/passdb-oauth2.c -index 96d902d323d..91fed060183 100644 ---- a/src/auth/passdb-oauth2.c -+++ b/src/auth/passdb-oauth2.c -@@ -53,7 +53,7 @@ oauth2_preinit(pool_t pool, struct event *event, struct passdb_module **module_r - if (db_oauth2_init(event, TRUE, &module->db, error_r) < 0) - return -1; - module->module.default_pass_scheme = "PLAIN"; -- module->module.default_cache_key = "%u"; -+ module->module.default_cache_key = AUTH_CACHE_KEY_USER; - *module_r = &module->module; - return 0; - } -diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c -index 2acbceb80a3..fdf0f573ef4 100644 ---- a/src/auth/passdb-pam.c -+++ b/src/auth/passdb-pam.c -@@ -415,7 +415,8 @@ static int pam_preinit(pool_t pool, struct event *event, - module = p_new(pool, struct pam_passdb_module, 1); - module->module.default_cache_key = - auth_cache_parse_key_and_fields(pool, -- t_strdup_printf("%%u/%s", set->service_name), -+ t_strdup_printf("%"AUTH_CACHE_KEY_USER"\t%s", -+ set->service_name), - &post_set->fields, "pam"); - module->requests_left = set->max_requests; - module->pam_setcred = set->setcred; -diff --git a/src/auth/passdb-passwd.c b/src/auth/passdb-passwd.c -index 13003151f9c..22e2eae7fa3 100644 ---- a/src/auth/passdb-passwd.c -+++ b/src/auth/passdb-passwd.c -@@ -10,7 +10,6 @@ - #include "safe-memset.h" - #include "ipwd.h" - --#define PASSWD_CACHE_KEY "%u" - #define PASSWD_PASS_SCHEME "CRYPT" - - #undef DEF -@@ -142,7 +141,7 @@ static int passwd_preinit(pool_t pool, struct event *event, - &post_set, error_r) < 0) - return -1; - module->default_cache_key = auth_cache_parse_key_and_fields(pool, -- PASSWD_CACHE_KEY, -+ AUTH_CACHE_KEY_USER, - &post_set->fields, - "passwd"); - settings_free(post_set); -diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c -index 5241129a0cc..14cf90a6d65 100644 ---- a/src/auth/userdb-passwd.c -+++ b/src/auth/userdb-passwd.c -@@ -9,7 +9,6 @@ - #include "ipwd.h" - #include "time-util.h" - --#define USER_CACHE_KEY "%u" - #define PASSWD_SLOW_WARN_MSECS (10*1000) - #define PASSWD_SLOW_MASTER_WARN_MSECS 50 - #define PASSDB_SLOW_MASTER_WARN_COUNT_INTERVAL 100 -@@ -225,7 +224,7 @@ static int passwd_preinit(pool_t pool, struct event *event ATTR_UNUSED, - struct passwd_userdb_module *module = - p_new(pool, struct passwd_userdb_module, 1); - -- module->module.default_cache_key = USER_CACHE_KEY; -+ module->module.default_cache_key = AUTH_CACHE_KEY_USER; - *module_r = &module->module; - return 0; - } - -From c45ce2c073c9439a9d6366016cb4d41059d737f0 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Wed, 30 Jul 2025 09:42:20 +0300 -Subject: [PATCH 2/7] auth: auth-cache - Refactor - auth_cache_parse_key_and_fields() - -Call auth_cache_parse_key_exclude() at the function end, -simplifies next commit. ---- - src/auth/auth-cache.c | 24 +++++++++++------------- - 1 file changed, 11 insertions(+), 13 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index 360ad8b3f62..3ccd45ff4b9 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -129,20 +129,18 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - const ARRAY_TYPE(const_string) *fields, - const char *exclude_driver) - { -- if (array_is_empty(fields)) -- return auth_cache_parse_key_exclude(pool, query, exclude_driver); -- -- string_t *full_query = t_str_new(128); -- str_append(full_query, query); -- -- unsigned int i, count; -- const char *const *str = array_get(fields, &count); -- for (i = 0; i < count; i += 2) { -- str_append_c(full_query, '\t'); -- str_append(full_query, str[i + 1]); -+ if (!array_is_empty(fields)) { -+ unsigned int i, count; -+ const char *const *str = array_get(fields, &count); -+ string_t *full_query = t_str_new(128); -+ str_append(full_query, query); -+ for (i = 0; i < count; i += 2) { -+ str_append_c(full_query, '\t'); -+ str_append(full_query, str[i + 1]); -+ } -+ query = str_c(full_query); - } -- return auth_cache_parse_key_exclude(pool, str_c(full_query), -- exclude_driver); -+ return auth_cache_parse_key_exclude(pool, query, exclude_driver); - } - - static void - -From 759ee1af848480987d012de2f7135160156724b6 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 11:48:43 +0300 -Subject: [PATCH 3/7] auth: auth-cache - Deduplicate auth_cache_parse_key() to - use auth_cache_parse_key_and_fields() - -Simplifies following commit ---- - src/auth/auth-cache.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index 3ccd45ff4b9..ad8cbe50784 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -122,14 +122,14 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, - - char *auth_cache_parse_key(pool_t pool, const char *query) - { -- return auth_cache_parse_key_exclude(pool, query, NULL); -+ return auth_cache_parse_key_and_fields(pool, query, NULL, NULL); - } - - char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - const ARRAY_TYPE(const_string) *fields, - const char *exclude_driver) - { -- if (!array_is_empty(fields)) { -+ if (fields != NULL && !array_is_empty(fields)) { - unsigned int i, count; - const char *const *str = array_get(fields, &count); - string_t *full_query = t_str_new(128); - -From d12bb78b5a235f31c9d5a655bd223c28d44bcadb Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 11:51:16 +0300 -Subject: [PATCH 4/7] auth: auth-cache - Change auth_cache_parse_key_exclude() - to return error - -Simplifies following commit ---- - src/auth/auth-cache.c | 25 ++++++++++++++++++------- - 1 file changed, 18 insertions(+), 7 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index ad8cbe50784..407e5d4aa0e 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -64,8 +64,10 @@ static void auth_cache_key_add_tab_idx(string_t *str, unsigned int i) - str_append_c(str, '}'); - } - --static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, -- const char *exclude_driver) -+static int auth_cache_parse_key_exclude(pool_t pool, const char *query, -+ const char *exclude_driver, -+ char **cache_key_r, -+ const char **error_r) - { - string_t *str; - bool key_seen[AUTH_REQUEST_VAR_TAB_COUNT]; -@@ -76,9 +78,9 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, - - struct var_expand_program *prog; - if (var_expand_program_create(query, &prog, &error) < 0) { -- e_debug(auth_event, "auth-cache: var_expand_program_create('%s') failed: %s", -- query, error); -- return p_strdup(pool, ""); -+ *error_r = t_strdup_printf("var_expand_program_create(%s) failed: %s", -+ query, error); -+ return -1; - } - - const char *const *vars = var_expand_program_variables(prog); -@@ -117,7 +119,8 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query, - - var_expand_program_free(&prog); - -- return p_strdup(pool, str_c(str)); -+ *cache_key_r = p_strdup(pool, str_c(str)); -+ return 0; - } - - char *auth_cache_parse_key(pool_t pool, const char *query) -@@ -140,7 +143,15 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - } - query = str_c(full_query); - } -- return auth_cache_parse_key_exclude(pool, query, exclude_driver); -+ -+ char *cache_key; -+ const char *error; -+ if (auth_cache_parse_key_exclude(pool, query, exclude_driver, -+ &cache_key, &error) < 0) { -+ e_debug(auth_event, "auth-cache: %s", error); -+ cache_key = p_strdup(pool, ""); -+ } -+ return cache_key; - } - - static void - -From 20d15baa071747f91176eb3115235aa8c78a3d11 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 11:52:36 +0300 -Subject: [PATCH 5/7] auth: auth-cache - Treat cache key parsing errors as - fatals - -Avoids accidentically turning off caching ---- - src/auth/auth-cache.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index 407e5d4aa0e..be569349182 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -147,10 +147,8 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - char *cache_key; - const char *error; - if (auth_cache_parse_key_exclude(pool, query, exclude_driver, -- &cache_key, &error) < 0) { -- e_debug(auth_event, "auth-cache: %s", error); -- cache_key = p_strdup(pool, ""); -- } -+ &cache_key, &error) < 0) -+ i_fatal("auth-cache: %s", error); - return cache_key; - } - - -From 0172f8e8c55aff42c688633b2891cf157641366b Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 11:41:03 +0300 -Subject: [PATCH 6/7] auth: auth-cache - Require cache key to contain at least - one variable - ---- - src/auth/auth-cache.c | 7 +++++++ - src/auth/test-auth-cache.c | 37 ++++++++++++++++++++++++++++++++++++- - 2 files changed, 43 insertions(+), 1 deletion(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index be569349182..32959f5d0f4 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -86,6 +86,13 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query, - const char *const *vars = var_expand_program_variables(prog); - str = t_str_new(32); - -+ if (*vars == NULL && *query != '\0') { -+ var_expand_program_free(&prog); -+ *error_r = t_strdup_printf("%s: Cache key must contain at least one variable", -+ query); -+ return -1; -+ } -+ - for (; *vars != NULL; vars++) { - /* ignore any providers */ - if (strchr(*vars, ':') != NULL && -diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c -index 46836defc6d..b36d83ec022 100644 ---- a/src/auth/test-auth-cache.c -+++ b/src/auth/test-auth-cache.c -@@ -97,7 +97,35 @@ static void test_auth_cache_parse_key(void) - tests[i].in); - test_assert_strcmp_idx(cache_key, tests[i].out, i); - } -+ -+ test_end(); -+} -+ -+static enum fatal_test_state test_cache_key_missing_variable(unsigned int i) -+{ -+ if (i == 0) -+ test_begin("auth cache missing variable"); -+ -+ /* ensure that we do not accept static string */ -+ static const struct { -+ const char *in, *out; -+ } tests_bad[] = { -+ { "%u", "auth-cache: %u: Cache key must contain at least one variable" }, -+ { "foobar", "auth-cache: foobar: Cache key must contain at least one variable" }, -+ { "%{test", "auth-cache: var_expand_program_create(%{test) " \ -+ "failed: syntax error, unexpected end of file, " \ -+ "expecting CCBRACE or PIPE" }, -+ }; -+ -+ if (i < N_ELEMENTS(tests_bad)) { -+ test_expect_fatal_string(tests_bad[i].out); -+ (void)auth_cache_parse_key(pool_datastack_create(), -+ tests_bad[i].in); -+ return FATAL_TEST_FAILURE; -+ } -+ - test_end(); -+ return FATAL_TEST_FINISHED; - } - - int main(void) -@@ -108,7 +136,14 @@ int main(void) - test_auth_cache_parse_key, - NULL - }; -- int ret = test_run(test_functions); -+ -+ static test_fatal_func_t *const fatal_functions[] = { -+ test_cache_key_missing_variable, -+ NULL, -+ }; -+ -+ int ret = test_run_with_fatals(test_functions, fatal_functions); -+ - event_unref(&auth_event); - return ret; - } - -From 34caed79b76a7b82a2a9c94cf35371bec6c2b826 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Fri, 25 Jul 2025 12:00:57 +0300 -Subject: [PATCH 7/7] auth: auth-cache - Drop auth_cache_parse_key() - -It's only used by tests and can now just call -auth_cache_parse_key_and_fields(). ---- - src/auth/auth-cache.c | 5 ----- - src/auth/auth-cache.h | 6 ++---- - src/auth/test-auth-cache.c | 8 ++++---- - 3 files changed, 6 insertions(+), 13 deletions(-) - -diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c -index 32959f5d0f4..82cc0d526eb 100644 ---- a/src/auth/auth-cache.c -+++ b/src/auth/auth-cache.c -@@ -130,11 +130,6 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query, - return 0; - } - --char *auth_cache_parse_key(pool_t pool, const char *query) --{ -- return auth_cache_parse_key_and_fields(pool, query, NULL, NULL); --} -- - char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - const ARRAY_TYPE(const_string) *fields, - const char *exclude_driver) -diff --git a/src/auth/auth-cache.h b/src/auth/auth-cache.h -index 9bdb9185170..d63621b1a4c 100644 ---- a/src/auth/auth-cache.h -+++ b/src/auth/auth-cache.h -@@ -16,10 +16,8 @@ struct auth_cache_node { - struct auth_cache; - struct auth_request; - --/* Parses all %x variables from query and compresses them into tab-separated -- list, so it can be used as a cache key. */ --char *auth_cache_parse_key(pool_t pool, const char *query); --/* Same as auth_cache_parse_key(), but add also variables from "fields", -+/* Parses all %variables from query and compresses them into tab-separated -+ list, so it can be used as a cache key. Adds also variables from "fields", - except variables prefixed with ":" */ - char *auth_cache_parse_key_and_fields(pool_t pool, const char *query, - const ARRAY_TYPE(const_string) *fields, -diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c -index b36d83ec022..f58c21f7afb 100644 ---- a/src/auth/test-auth-cache.c -+++ b/src/auth/test-auth-cache.c -@@ -93,8 +93,8 @@ static void test_auth_cache_parse_key(void) - test_begin("auth cache parse key"); - - for (i = 0; i < N_ELEMENTS(tests); i++) { -- cache_key = auth_cache_parse_key(pool_datastack_create(), -- tests[i].in); -+ cache_key = auth_cache_parse_key_and_fields(pool_datastack_create(), -+ tests[i].in, NULL, NULL); - test_assert_strcmp_idx(cache_key, tests[i].out, i); - } - -@@ -119,8 +119,8 @@ static enum fatal_test_state test_cache_key_missing_variable(unsigned int i) - - if (i < N_ELEMENTS(tests_bad)) { - test_expect_fatal_string(tests_bad[i].out); -- (void)auth_cache_parse_key(pool_datastack_create(), -- tests_bad[i].in); -+ (void)auth_cache_parse_key_and_fields(pool_datastack_create(), -+ tests_bad[i].in, NULL, NULL); - return FATAL_TEST_FAILURE; - } - diff --git a/dovecot-2.4.1-gssapi.patch b/dovecot-2.4.1-gssapi.patch deleted file mode 100644 index 9765eb9..0000000 --- a/dovecot-2.4.1-gssapi.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dovecot-2.4.1-4/src/auth/mech-gssapi.c.gssapi dovecot-2.4.1-4/src/auth/mech-gssapi.c ---- dovecot-2.4.1-4/src/auth/mech-gssapi.c.gssapi 2025-06-24 00:07:54.720275640 +0200 -+++ dovecot-2.4.1-4/src/auth/mech-gssapi.c 2025-06-24 00:10:04.541651871 +0200 -@@ -672,7 +672,7 @@ mech_gssapi_auth_initial(struct auth_req - - if (data_size == 0) { - /* The client should go first */ -- auth_request_handler_reply_continue(request, NULL, 0); -+ auth_request_handler_reply_continue(request, uchar_empty_ptr, 0); - } else { - mech_gssapi_auth_continue(request, data, data_size); - } diff --git a/dovecot-2.4.1-nolibotp.patch b/dovecot-2.4.1-nolibotp.patch index 6c8dad5..aea6ada 100644 --- a/dovecot-2.4.1-nolibotp.patch +++ b/dovecot-2.4.1-nolibotp.patch @@ -1,134 +1,80 @@ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/main.c 2025-06-05 22:36:50.148155427 +0200 -@@ -20,8 +20,6 @@ - #include "password-scheme.h" - #include "passdb-cache.h" - #include "mech.h" --#include "otp.h" --#include "mech-otp-common.h" - #include "auth.h" - #include "auth-penalty.h" - #include "auth-token.h" -@@ -272,7 +270,6 @@ static void main_deinit(void) - - auth_policy_deinit(); - mech_register_deinit(&mech_reg); -- mech_otp_deinit(); - db_oauth2_deinit(); - mech_deinit(global_auth_settings); - settings_free(global_auth_settings); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech.c 2025-06-05 22:36:50.148435422 +0200 -@@ -71,7 +71,6 @@ extern const struct mech_module mech_apo - extern const struct mech_module mech_cram_md5; - extern const struct mech_module mech_digest_md5; - extern const struct mech_module mech_external; --extern const struct mech_module mech_otp; - extern const struct mech_module mech_scram_sha1; - extern const struct mech_module mech_scram_sha1_plus; - extern const struct mech_module mech_scram_sha256; -@@ -217,7 +216,6 @@ void mech_init(const struct auth_setting - mech_register_module(&mech_gssapi_spnego); - #endif - } -- mech_register_module(&mech_otp); - mech_register_module(&mech_scram_sha1); - mech_register_module(&mech_scram_sha1_plus); - mech_register_module(&mech_scram_sha256); -@@ -247,7 +245,6 @@ void mech_deinit(const struct auth_setti - mech_unregister_module(&mech_gssapi_spnego); - #endif - } -- mech_unregister_module(&mech_otp); - mech_unregister_module(&mech_scram_sha1); - mech_unregister_module(&mech_scram_sha1_plus); - mech_unregister_module(&mech_scram_sha256); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c.nolibotp 2025-06-05 23:11:23.428522162 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-auth.c 2025-06-05 23:11:23.443511259 +0200 -@@ -72,7 +72,6 @@ void test_auth_init(void) - void test_auth_deinit(void) - { - auth_penalty_deinit(&auth_penalty); -- mech_otp_deinit(); - db_oauth2_deinit(); - auths_deinit(); - auth_token_deinit(); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/test-mech.c 2025-06-05 22:36:50.148639214 +0200 -@@ -24,7 +24,6 @@ extern const struct mech_module mech_dig - extern const struct mech_module mech_external; - extern const struct mech_module mech_login; - extern const struct mech_module mech_oauthbearer; --extern const struct mech_module mech_otp; - extern const struct mech_module mech_plain; - extern const struct mech_module mech_scram_sha1; - extern const struct mech_module mech_scram_sha256; -@@ -60,10 +59,7 @@ request_handler_reply_mock_callback(stru +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c 2025-11-30 13:38:50.100927373 +0100 +@@ -16,7 +16,7 @@ + static const char *const settings[] = { + "base_dir", ".", + "auth_mechanisms", +- "ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN OTP " ++ "ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN " + "OAUTHBEARER SCRAM-SHA-1 SCRAM-SHA-256 XOAUTH2", + "auth_username_chars", "", + "auth_username_format", "", +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c 2025-11-30 13:38:50.101130654 +0100 +@@ -46,10 +46,7 @@ request_handler_reply_mock_callback(stru if (request->passdb_result == PASSDB_RESULT_OK) request->failed = FALSE; -- else if (request->mech == &mech_otp) { +- else if (strcmp(request->fields.mech_name, SASL_MECH_NAME_OTP) == 0) { - if (null_strcmp(request->fields.user, "otp_phase_2") == 0) - request->failed = FALSE; -- } else if (request->mech == &mech_oauthbearer) { -+ else if (request->mech == &mech_oauthbearer) { +- } else if (strcmp(request->fields.mech_name, ++ else if (strcmp(request->fields.mech_name, + SASL_MECH_NAME_OAUTHBEARER) == 0) { } }; +@@ -190,10 +187,6 @@ static void test_mechs(void) + {"PLAIN", UCHAR_LEN("\0testuser\0testpass"), "testuser", TRUE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", TRUE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", TRUE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", TRUE, TRUE, FALSE}, +- {"OTP", UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", TRUE, TRUE, FALSE}, +- {"OTP", UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", TRUE, TRUE, FALSE}, +- {"OTP", UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", TRUE, TRUE, FALSE}, + {"OAUTHBEARER", UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", FALSE, TRUE, FALSE}, + {"SCRAM-SHA-1", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE}, + {"SCRAM-SHA-256", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE}, +@@ -208,8 +201,6 @@ static void test_mechs(void) + {"EXTERNAL", UCHAR_LEN(""), "testuser", FALSE, TRUE, FALSE}, + {"EXTERNAL", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, + {"LOGIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN(""), "testuser", FALSE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, + {"OAUTHBEARER", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, + {"XOAUTH2", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE}, +@@ -221,7 +212,6 @@ static void test_mechs(void) + {"APOP", UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, FALSE, FALSE, FALSE}, + {"APOP", UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, FALSE, FALSE, FALSE}, + {"APOP", UCHAR_LEN("1.1.1"), NULL, FALSE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN("somebody\0testuser"), "testuser", FALSE, TRUE, FALSE}, + {"CRAM-MD5", UCHAR_LEN("testuser\0response"), "testuser", FALSE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("testuser\0"), "testuser", FALSE, FALSE, FALSE}, -@@ -181,10 +177,6 @@ static void test_mechs(void) - {&mech_plain, UCHAR_LEN("\0testuser\0testpass"), "testuser", NULL, TRUE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", NULL, TRUE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", NULL, TRUE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, -- {&mech_otp, UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, -- {&mech_otp, UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", NULL, TRUE, TRUE, FALSE}, -- {&mech_otp, UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", NULL , TRUE, TRUE, FALSE}, - {&mech_oauthbearer, UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", NULL, FALSE, TRUE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, - {&mech_scram_sha256, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE}, -@@ -199,8 +191,6 @@ static void test_mechs(void) - {&mech_external, UCHAR_LEN(""), "testuser", NULL, FALSE, TRUE, FALSE}, - {&mech_external, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_login, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN(""), NULL, "invalid input", FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN(""), "testuser", "invalid input", FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_oauthbearer, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_xoauth2, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE}, -@@ -212,7 +202,6 @@ static void test_mechs(void) - {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_apop, UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_apop, UCHAR_LEN("1.1.1"), NULL, NULL, FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN("somebody\0testuser"), "testuser", "unsupported response type", FALSE, TRUE, FALSE}, - {&mech_cram_md5, UCHAR_LEN("testuser\0response"), "testuser", NULL, FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("testuser\0"), "testuser", NULL, FALSE, FALSE, FALSE}, - -@@ -254,9 +243,7 @@ static void test_mechs(void) - {&mech_plain, UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("failingwiththis"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_plain, UCHAR_LEN("failing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE}, -- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), NULL, "invalid input", FALSE, FALSE, FALSE}, +@@ -264,9 +254,7 @@ static void test_mechs(void) + {"PLAIN", UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, FALSE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("failingwiththis"), NULL, FALSE, FALSE, FALSE}, + {"PLAIN", UCHAR_LEN("failing\0withthis"), NULL, FALSE, FALSE, FALSE}, +- {"OTP", UCHAR_LEN("someb\0ody\0testuser"), NULL, FALSE, FALSE, FALSE}, /* phase 2 */ -- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), "testuser", "unsupported response type", FALSE, TRUE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, NULL, FALSE, FALSE, FALSE}, - {&mech_scram_sha1, UCHAR_LEN("n,a=masteruser,,"), NULL, NULL, FALSE, FALSE, FALSE}, -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.nolibotp 2025-06-05 22:36:50.142606171 +0200 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-06-05 22:36:50.148822418 +0200 +- {"OTP", UCHAR_LEN("someb\0ody\0testuser"), "testuser", FALSE, TRUE, FALSE}, + {"SCRAM-SHA-1", UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, FALSE, FALSE, FALSE}, + {"SCRAM-SHA-1", UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, FALSE, FALSE, FALSE}, + {"SCRAM-SHA-1", UCHAR_LEN("n,a=masteruser,,"), NULL, FALSE, FALSE, FALSE}, +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp 2025-11-30 13:38:50.093609901 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c 2025-11-30 13:38:50.101359374 +0100 @@ -13,7 +13,6 @@ #include "randgen.h" #include "sha1.h" #include "sha2.h" -#include "otp.h" #include "str.h" + #include "auth-digest.h" #include "password-scheme.h" - #include "password-scheme-private.h" -@@ -701,33 +700,6 @@ plain_md5_generate(const char *plaintext +@@ -704,33 +703,6 @@ plain_md5_generate(const char *plaintext *size_r = MD5_RESULTLEN; } @@ -162,7 +108,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.noli static const struct password_scheme builtin_schemes[] = { { .name = "MD5", -@@ -891,13 +863,6 @@ static const struct password_scheme buil +@@ -894,13 +866,6 @@ static const struct password_scheme buil .password_generate = plain_md5_generate, }, { @@ -176,9 +122,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.noli .name = "PBKDF2", .default_encoding = PW_ENCODING_NONE, .raw_password_len = 0, -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h 2025-06-05 22:36:50.148942954 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h 2025-11-30 13:38:50.101549260 +0100 @@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi /* INTERNAL: */ const char *password_generate_salt(size_t len); @@ -187,11 +133,11 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.h.noli - unsigned int algo, const char **result_r) - ATTR_NULL(2); - int scram_scheme_parse(const struct hash_method *hmethod, const char *name, - const unsigned char *credentials, size_t size, -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c.nolibotp 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c 2025-06-05 22:36:50.149077275 +0200 + int scram_verify(const struct hash_method *hmethod, const char *scheme_name, + const char *plaintext, const unsigned char *raw_password, +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c 2025-11-30 13:38:50.101711124 +0100 @@ -107,7 +107,6 @@ static void test_password_schemes(void) test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test"); test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test"); @@ -200,3 +146,140 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/test-password-scheme.c test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test"); test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test"); test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test"); +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp 2025-11-30 13:39:54.210043386 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c 2025-11-30 13:39:54.217205256 +0100 +@@ -175,7 +175,6 @@ void dsasl_clients_init(void) + dsasl_client_mech_register(&dsasl_client_mech_digest_md5); + dsasl_client_mech_register(&dsasl_client_mech_cram_md5); + dsasl_client_mech_register(&dsasl_client_mech_oauthbearer); +- dsasl_client_mech_register(&dsasl_client_mech_otp); + dsasl_client_mech_register(&dsasl_client_mech_xoauth2); + dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1); + dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1_plus); +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp 2025-11-30 13:40:22.269119732 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h 2025-11-30 13:40:22.275363043 +0100 +@@ -50,7 +50,6 @@ extern const struct dsasl_client_mech ds + extern const struct dsasl_client_mech dsasl_client_mech_external; + extern const struct dsasl_client_mech dsasl_client_mech_login; + extern const struct dsasl_client_mech dsasl_client_mech_oauthbearer; +-extern const struct dsasl_client_mech dsasl_client_mech_otp; + extern const struct dsasl_client_mech dsasl_client_mech_xoauth2; + extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1; + extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1_plus; +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp 2025-11-30 13:40:56.823727053 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c 2025-11-30 13:40:56.837864792 +0100 +@@ -635,7 +635,6 @@ static void fuzz_sasl_run(struct istream + sasl_server_mech_register_cram_md5(server_inst); + sasl_server_mech_register_digest_md5(server_inst); + sasl_server_mech_register_login(server_inst); +- sasl_server_mech_register_otp(server_inst); + sasl_server_mech_register_plain(server_inst); + sasl_server_mech_register_scram_sha1(server_inst); + sasl_server_mech_register_scram_sha1_plus(server_inst); +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp 2025-11-30 13:41:24.035316421 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h 2025-11-30 13:41:24.050796571 +0100 +@@ -193,8 +193,6 @@ void sasl_server_mech_register_scram_sha + void sasl_server_mech_register_scram_sha256_plus( + struct sasl_server_instance *sinst); + +-void sasl_server_mech_register_otp(struct sasl_server_instance *sinst); +- + /* Winbind */ + + struct sasl_server_winbind_settings { +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp 2025-11-30 13:42:08.741524883 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c 2025-11-30 13:42:08.757334395 +0100 +@@ -507,7 +507,6 @@ test_sasl_run(const struct test_sasl *te + sasl_server_mech_register_digest_md5(server_inst); + sasl_server_mech_register_external(server_inst); + sasl_server_mech_register_login(server_inst); +- sasl_server_mech_register_otp(server_inst); + sasl_server_mech_register_plain(server_inst); + sasl_server_mech_register_scram_sha1(server_inst); + sasl_server_mech_register_scram_sha1_plus(server_inst); +@@ -722,16 +721,6 @@ static const struct test_sasl success_te + .password = "tokentokentoken", + }, + }, +- /* OTP */ +- { +- .mech = "OTP", +- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME, +- .server = { +- .authid = "user", +- .password = "pass", +- }, +- .repeat = 1050, +- }, + /* EXTERNAL */ + { + .mech = "EXTERNAL", +@@ -1457,31 +1446,6 @@ static const struct test_sasl bad_creds_ + }, + .failure = TRUE, + }, +- /* OTP */ +- { +- .mech = "OTP", +- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME, +- .server = { +- .authid = "user", +- .password = "pass", +- }, +- .client = { +- .authid = "userb", +- }, +- .failure = TRUE, +- }, +- { +- .mech = "OTP", +- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME, +- .server = { +- .authid = "user", +- .password = "pass", +- }, +- .client = { +- .password = "florp", +- }, +- .failure = TRUE, +- }, + /* EXTERNAL */ + { + .mech = "EXTERNAL", +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 2025-11-30 13:56:23.124460140 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c 2025-11-30 13:56:39.521935947 +0100 +@@ -472,7 +472,6 @@ MECH_SIMPLE_REGISTER__TEMPLATE(cram_md5) + MECH_SIMPLE_REGISTER__TEMPLATE(digest_md5) + MECH_SIMPLE_REGISTER__TEMPLATE(external) + MECH_SIMPLE_REGISTER__TEMPLATE(login) +-MECH_SIMPLE_REGISTER__TEMPLATE(otp) + MECH_SIMPLE_REGISTER__TEMPLATE(plain) + MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1) + MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1_plus) +@@ -539,12 +538,6 @@ static const struct auth_sasl_mech_modul + .mech_register = mech_login_register, + }; + +-static const struct auth_sasl_mech_module mech_otp = { +- .mech_name = SASL_MECH_NAME_OTP, +- +- .mech_register = mech_otp_register, +-}; +- + static const struct auth_sasl_mech_module mech_plain = { + .mech_name = SASL_MECH_NAME_PLAIN, + +@@ -612,7 +605,6 @@ static void auth_sasl_mechs_init(const s + if (set->use_winbind) + auth_sasl_mech_register_module(&mech_winbind_ntlm); + auth_sasl_mech_oauth2_register(); +- auth_sasl_mech_register_module(&mech_otp); + auth_sasl_mech_register_module(&mech_plain); + auth_sasl_mech_register_module(&mech_scram_sha1); + auth_sasl_mech_register_module(&mech_scram_sha1_plus); diff --git a/dovecot-2.4.1-opensslhmac3.patch b/dovecot-2.4.1-opensslhmac3.patch index d5e8a92..1947856 100644 --- a/dovecot-2.4.1-opensslhmac3.patch +++ b/dovecot-2.4.1-opensslhmac3.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c 2025-07-30 11:45:19.801515296 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c 2025-11-30 09:57:55.178213106 +0100 @@ -162,17 +162,17 @@ void auth_token_deinit(void) const char *auth_token_get(const char *service, const char *session_pid, const char *username, const char *session_id) @@ -26,10 +26,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/auth-token.c.opensslhmac3 return binary_to_hex(result, sizeof(result)); } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am 2025-07-30 11:45:19.803705887 +0200 -@@ -66,6 +66,7 @@ auth_LDFLAGS = -export-dynamic +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am 2025-11-30 09:57:55.178490134 +0100 +@@ -71,6 +71,7 @@ auth_LDFLAGS = -export-dynamic auth_libs = \ ../lib-auth/libauth-crypt.la \ $(AUTH_LUA_LIBS) \ @@ -37,35 +37,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/Makefile.am.opensslhmac3 d $(LIBDOVECOT_SQL) auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS) -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/auth/mech-cram-md5.c 2025-07-30 11:45:19.801656370 +0200 -@@ -50,7 +50,7 @@ static bool verify_credentials(struct cr - const unsigned char *credentials, size_t size) - { - unsigned char digest[MD5_RESULTLEN]; -- struct hmac_context ctx; -+ struct orig_hmac_context ctx; - const char *response_hex; - - if (size != CRAM_MD5_CONTEXTLEN) { -@@ -59,10 +59,10 @@ static bool verify_credentials(struct cr - return FALSE; - } - -- hmac_init(&ctx, NULL, 0, &hash_method_md5); -+ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5); - hmac_md5_set_cram_context(&ctx, credentials); -- hmac_update(&ctx, request->challenge, strlen(request->challenge)); -- hmac_final(&ctx, digest); -+ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge)); -+ orig_hmac_final(&ctx, digest); - - response_hex = binary_to_hex(digest, sizeof(digest)); - -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am 2025-07-30 11:45:19.803805844 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am 2025-11-30 09:57:55.179136544 +0100 @@ -21,11 +21,13 @@ AM_CPPFLAGS = \ $(BINARY_CFLAGS) @@ -80,10 +54,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap/Makefile.am.opensslhmac3 d $(LIBDOVECOT_STORAGE) \ $(LIBDOVECOT) imap_DEPENDENCIES = \ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am 2025-07-30 11:45:19.803904279 +0200 -@@ -22,6 +22,7 @@ imap_urlauth_CPPFLAGS = \ +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am 2025-11-30 09:57:55.179268682 +0100 +@@ -23,6 +23,7 @@ imap_urlauth_CPPFLAGS = \ imap_urlauth_LDFLAGS = -export-dynamic imap_urlauth_LDADD = $(LIBDOVECOT) \ @@ -91,7 +65,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.openss $(BINARY_LDFLAGS) imap_urlauth_DEPENDENCIES = $(LIBDOVECOT_DEPS) -@@ -52,7 +53,7 @@ imap_urlauth_worker_LDFLAGS = -export-dy +@@ -53,7 +54,7 @@ imap_urlauth_worker_LDFLAGS = -export-dy urlauth_libs = \ $(top_builddir)/src/lib-imap-urlauth/libimap-urlauth.la @@ -100,10 +74,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/imap-urlauth/Makefile.am.openss imap_urlauth_worker_DEPENDENCIES = $(urlauth_libs) $(LIBDOVECOT_STORAGE_DEPS) $(LIBDOVECOT_DEPS) imap_urlauth_worker_SOURCES = \ -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c 2025-07-30 11:45:19.801788468 +0200 -@@ -248,7 +248,7 @@ static string_t *auth_scram_get_client_f +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c 2025-11-30 09:57:55.179413002 +0100 +@@ -222,7 +222,7 @@ static string_t *auth_scram_get_client_f unsigned char client_signature[hmethod->digest_size]; unsigned char client_proof[hmethod->digest_size]; unsigned char server_key[hmethod->digest_size]; @@ -112,7 +86,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.op const void *cbind_input; size_t cbind_input_size; string_t *auth_message, *str; -@@ -307,9 +307,9 @@ static string_t *auth_scram_get_client_f +@@ -281,9 +281,9 @@ static string_t *auth_scram_get_client_f client->iter, salted_password); /* ClientKey := HMAC(SaltedPassword, "Client Key") */ @@ -125,7 +99,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.op /* StoredKey := H(ClientKey) */ hash_method_get_digest(hmethod, client_key, sizeof(client_key), -@@ -327,9 +327,9 @@ static string_t *auth_scram_get_client_f +@@ -301,9 +301,9 @@ static string_t *auth_scram_get_client_f str_append_str(auth_message, str); /* ClientSignature := HMAC(StoredKey, AuthMessage) */ @@ -138,7 +112,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.op /* ClientProof := ClientKey XOR ClientSignature */ for (k = 0; k < hmethod->digest_size; k++) -@@ -340,16 +340,16 @@ static string_t *auth_scram_get_client_f +@@ -314,16 +314,16 @@ static string_t *auth_scram_get_client_f safe_memset(client_signature, 0, sizeof(client_signature)); /* ServerKey := HMAC(SaltedPassword, "Server Key") */ @@ -161,9 +135,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-client.c.op safe_memset(salted_password, 0, sizeof(salted_password)); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c 2025-07-30 11:45:19.801918022 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c 2025-11-30 09:57:55.179729815 +0100 @@ -31,7 +31,7 @@ void auth_scram_hi(const struct hash_met const unsigned char *salt, size_t salt_size, unsigned int i, unsigned char *result) @@ -233,10 +207,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram.c.opensslhm safe_memset(salted_password, 0, sizeof(salted_password)); safe_memset(client_key, 0, sizeof(client_key)); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c 2025-07-30 11:45:19.802027357 +0200 -@@ -342,7 +342,7 @@ auth_scram_server_verify_credentials(str +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c 2025-11-30 09:57:55.179862473 +0100 +@@ -288,7 +288,7 @@ auth_scram_server_verify_credentials(str { const struct hash_method *hmethod = server->set.hash_method; struct auth_scram_key_data *kdata = &server->key_data; @@ -245,7 +219,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.op const char *auth_message; unsigned char client_key[hmethod->digest_size]; unsigned char client_signature[hmethod->digest_size]; -@@ -363,9 +363,9 @@ auth_scram_server_verify_credentials(str +@@ -309,9 +309,9 @@ auth_scram_server_verify_credentials(str server->server_first_message, ",", server->client_final_message_without_proof, NULL); @@ -258,7 +232,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.op /* ClientProof := ClientKey XOR ClientSignature */ const unsigned char *proof_data = server->proof->data; -@@ -494,7 +494,7 @@ auth_scram_get_server_final(struct auth_ +@@ -440,7 +440,7 @@ auth_scram_get_server_final(struct auth_ { const struct hash_method *hmethod = server->set.hash_method; struct auth_scram_key_data *kdata = &server->key_data; @@ -267,7 +241,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.op const char *auth_message; unsigned char server_signature[hmethod->digest_size]; string_t *str; -@@ -510,9 +510,9 @@ auth_scram_get_server_final(struct auth_ +@@ -456,9 +456,9 @@ auth_scram_get_server_final(struct auth_ server->server_first_message, ",", server->client_final_message_without_proof, NULL); @@ -280,10 +254,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/auth-scram-server.c.op /* RFC 5802, Section 7: -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c 2025-07-30 11:45:19.802166177 +0200 -@@ -631,11 +631,11 @@ static void +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c 2025-11-30 09:57:55.180035106 +0100 +@@ -633,11 +633,11 @@ static void cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) { @@ -297,10 +271,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme.c.open strlen(plaintext), &hash_method_md5); hmac_md5_get_cram_context(&ctx, context_digest); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram.c 2025-07-30 11:45:19.802285591 +0200 -@@ -69,7 +69,7 @@ int scram_verify(const struct hash_metho +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c 2025-11-30 09:57:55.180182392 +0100 +@@ -23,7 +23,7 @@ int scram_verify(const struct hash_metho const char *plaintext, const unsigned char *raw_password, size_t size, const char **error_r) { @@ -309,7 +283,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram. const char *salt_base64; unsigned int iter_count; const unsigned char *salt; -@@ -94,9 +94,9 @@ int scram_verify(const struct hash_metho +@@ -49,9 +49,9 @@ int scram_verify(const struct hash_metho salt, salt_len, iter_count, salted_password); /* Calculate ClientKey */ @@ -322,9 +296,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-auth/password-scheme-scram. /* Calculate StoredKey */ hash_method_get_digest(hmethod, client_key, sizeof(client_key), -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c 2025-07-30 11:46:43.346310291 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c 2025-11-30 09:57:55.180318937 +0100 @@ -7,6 +7,10 @@ * This software is released under the MIT license. */ @@ -598,9 +572,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.c.opensslhmac3 dovecot - safe_memset(prk, 0, sizeof(prk)); - safe_memset(okm, 0, sizeof(okm)); } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c 2025-07-30 11:45:19.802547733 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c 2025-11-30 09:57:55.180461985 +0100 @@ -9,10 +9,10 @@ #include "md5.h" #include "hmac-cram-md5.h" @@ -627,9 +601,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.c.opensslhmac const unsigned char *cdp; struct md5_context *ctx = (void*)hmac_ctx->ctx; -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h 2025-07-30 11:45:19.802643613 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h 2025-11-30 09:57:55.180563796 +0100 @@ -5,9 +5,9 @@ #define CRAM_MD5_CONTEXTLEN 32 @@ -642,9 +616,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac-cram-md5.h.opensslhmac const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h 2025-07-30 11:45:19.802751766 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h 2025-11-30 09:57:55.180723505 +0100 @@ -4,60 +4,108 @@ #include "hash-method.h" #include "sha1.h" @@ -654,7 +628,7 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 dovecot +#include +#include - #define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx) + #define HMAC_MAX_CONTEXT_SIZE HASH_METHOD_MAX_CONTEXT_SIZE -struct hmac_context_priv { + @@ -767,9 +741,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/hmac.h.opensslhmac3 dovecot okm_buffer, okm_len); return okm_buffer; } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c 2025-07-30 11:45:19.802862354 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c 2025-11-30 09:57:55.180863807 +0100 @@ -87,15 +87,15 @@ imap_urlauth_internal_generate( const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN], size_t *token_len_r) @@ -790,10 +764,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-imap-urlauth/imap-urlauth.c *token_len_r = SHA1_RESULTLEN + 1; return token; -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am 2025-07-30 11:45:19.802976508 +0200 -@@ -359,6 +359,9 @@ headers = \ +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am 2025-11-30 09:57:55.180990124 +0100 +@@ -414,6 +414,9 @@ headers = \ wildcard-match.h \ write-full.h @@ -803,9 +777,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/Makefile.am.opensslhmac3 do test_programs = test-lib noinst_PROGRAMS = $(test_programs) -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c 2025-07-30 11:45:19.803097425 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c 2025-11-30 09:57:55.181135306 +0100 @@ -210,14 +210,14 @@ oauth2_validate_hmac(const struct oauth2 if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0) return -1; @@ -827,9 +801,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/oauth2-jwt.c.openssl buffer_t *their_digest = t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]); -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c 2025-07-30 11:45:19.803224443 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c 2025-11-30 09:57:55.181290025 +0100 @@ -250,7 +250,7 @@ static void save_key_azp_to(const char * static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key) { @@ -857,9 +831,9 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-oauth2/test-oauth2-jwt.c.op tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c 2025-07-30 11:45:19.803357132 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c 2025-11-30 09:57:55.181492013 +0100 @@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */ unsigned char dk[l * hash->digest_size]; @@ -894,9 +868,35 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/pkcs5.c.opensslhmac3 doveco for(i = 0; i < hash->digest_size; i++) block[i] ^= U_c[i]; } -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c 2025-07-30 11:45:19.803460807 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c 2025-11-30 10:00:28.967795725 +0100 +@@ -53,7 +53,7 @@ verify_credentials(struct sasl_server_me + container_of(auth_request, struct cram_auth_request, + auth_request); + unsigned char digest[MD5_RESULTLEN]; +- struct hmac_context ctx; ++ struct orig_hmac_context ctx; + const char *response_hex; + + if (size != CRAM_MD5_CONTEXTLEN) { +@@ -62,10 +62,10 @@ verify_credentials(struct sasl_server_me + return; + } + +- hmac_init(&ctx, NULL, 0, &hash_method_md5); ++ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5); + hmac_md5_set_cram_context(&ctx, credentials); +- hmac_update(&ctx, request->challenge, strlen(request->challenge)); +- hmac_final(&ctx, digest); ++ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge)); ++ orig_hmac_final(&ctx, digest); + + response_hex = binary_to_hex(digest, sizeof(digest)); + +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c 2025-11-30 09:57:55.181656401 +0100 @@ -206,11 +206,11 @@ static void test_hmac_rfc(void) test_begin("hmac sha256 rfc4231 vectors"); for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) { @@ -972,10 +972,10 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib/test-hmac.c.opensslhmac3 do vec->ikm_len, vec->info, vec->info_len, vec->okm_len); test_assert(tmp->used == vec->okm_len && -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.am 2025-07-30 11:45:19.803606280 +0200 -@@ -30,13 +30,13 @@ test_libs = \ +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am 2025-11-30 09:58:11.669117030 +0100 +@@ -34,13 +34,13 @@ test_libs = \ $(DLLIB) test_var_expand_crypt_SOURCES = test-var-expand-crypt.c @@ -986,14 +986,14 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-var-expand-crypt/Makefile.a test_var_expand_crypt_LDFLAGS = -export-dynamic -Wl,$(LD_WHOLE_ARCHIVE),../lib/.libs/liblib.a,../lib-json/.libs/libjson.a,../lib-ssl-iostream/.libs/libssl_iostream.a,$(LD_NO_WHOLE_ARCHIVE) endif --test_var_expand_crypt_CFLAGS = $(AM_CPPFLAGS) \ -+test_var_expand_crypt_CFLAGS = $(AM_CPPFLAGS) $(SSL_CFLAGS) \ +-test_var_expand_crypt_CFLAGS = $(AM_CFLAGS) \ ++test_var_expand_crypt_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) \ -DDCRYPT_BUILD_DIR=\"$(top_builddir)/src/lib-dcrypt\" check-local: -diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslhmac3 dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am ---- dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslhmac3 2025-03-28 12:32:27.000000000 +0100 -+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am 2025-07-30 11:45:19.804003916 +0200 +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am +--- dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am 2025-11-30 09:57:55.182137562 +0100 @@ -29,6 +29,7 @@ submission_LDADD = \ $(urlauth_libs) \ $(LIBDOVECOT_STORAGE) \ @@ -1002,3 +1002,24 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/submission/Makefile.am.opensslh $(MODULE_LIBS) submission_DEPENDENCIES = \ $(urlauth_libs) \ +diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c.fixbuild2 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c +--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c.fixbuild2 2025-11-30 13:11:06.583413762 +0100 ++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c 2025-11-30 13:22:04.883307427 +0100 +@@ -81,13 +81,13 @@ mech_cram_md5_output(struct dsasl_client + return DSASL_CLIENT_RESULT_OK; + } + +- struct hmac_context ctx; ++ struct openssl_hmac_context ctx; + unsigned char digest[MD5_RESULTLEN]; + +- hmac_init(&ctx, (const unsigned char *)client->password, ++ openssl_hmac_init(&ctx, (const unsigned char *)client->password, + strlen(client->password), &hash_method_md5); +- hmac_update(&ctx, cclient->challenge, strlen(cclient->challenge)); +- hmac_final(&ctx, digest); ++ openssl_hmac_update(&ctx, cclient->challenge, strlen(cclient->challenge)); ++ openssl_hmac_final(&ctx, digest); + + str = str_new(client->pool, 256); + str_append(str, client->set.authid); diff --git a/dovecot-2.4.2-fixbuild.patch b/dovecot-2.4.2-fixbuild.patch new file mode 100644 index 0000000..ad5530b --- /dev/null +++ b/dovecot-2.4.2-fixbuild.patch @@ -0,0 +1,135 @@ +diff -up dovecot-2.4.2/src/lib/istream.c.fixbuild dovecot-2.4.2/src/lib/istream.c +--- dovecot-2.4.2/src/lib/istream.c.fixbuild 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2/src/lib/istream.c 2025-11-30 11:40:37.739536137 +0100 +@@ -85,7 +85,7 @@ void i_stream_add_destroy_callback(struc + } + + void i_stream_remove_destroy_callback(struct istream *stream, +- void (*callback)()) ++ istream_callback_t *callback) + { + io_stream_remove_destroy_callback(&stream->real_stream->iostream, + callback); +diff -up dovecot-2.4.2/src/lib/istream.h.fixbuild dovecot-2.4.2/src/lib/istream.h +--- dovecot-2.4.2/src/lib/istream.h.fixbuild 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2/src/lib/istream.h 2025-11-30 11:40:37.739798710 +0100 +@@ -100,7 +100,7 @@ void i_stream_add_destroy_callback(struc + (istream_callback_t *)callback, context) + /* Remove the destroy callback. */ + void i_stream_remove_destroy_callback(struct istream *stream, +- void (*callback)()); ++ istream_callback_t *callback); + + /* Return file descriptor for stream, or -1 if none is available. */ + int i_stream_get_fd(struct istream *stream); +diff -up dovecot-2.4.2/src/lib/ostream.c.fixbuild dovecot-2.4.2/src/lib/ostream.c +--- dovecot-2.4.2/src/lib/ostream.c.fixbuild 2025-11-30 11:42:21.434063550 +0100 ++++ dovecot-2.4.2/src/lib/ostream.c 2025-11-30 11:42:55.814100259 +0100 +@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc + } + + void o_stream_remove_destroy_callback(struct ostream *stream, +- void (*callback)()) ++ ostream_callback_t *callback) + { + io_stream_remove_destroy_callback(&stream->real_stream->iostream, + callback); +diff -up dovecot-2.4.2/src/lib/ostream.h.fixbuild dovecot-2.4.2/src/lib/ostream.h +--- dovecot-2.4.2/src/lib/ostream.h.fixbuild 2025-11-30 11:42:29.639009602 +0100 ++++ dovecot-2.4.2/src/lib/ostream.h 2025-11-30 11:43:20.101652841 +0100 +@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc + (ostream_callback_t *)callback, context) + /* Remove the destroy callback. */ + void o_stream_remove_destroy_callback(struct ostream *stream, +- void (*callback)()); ++ ostream_callback_t *callback); + + /* Mark the stream and all of its parent streams closed. Nothing will be + sent after this call. When using ostreams that require writing a trailer, +diff -up dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild dovecot-2.4.2/src/lib-json/json-istream.c +--- dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild 2025-10-29 07:58:41.000000000 +0100 ++++ dovecot-2.4.2/src/lib-json/json-istream.c 2025-11-30 12:52:15.970430672 +0100 +@@ -706,7 +706,7 @@ static void json_istream_drop_value_stre + if (stream->seekable_stream != NULL) { + i_stream_remove_destroy_callback( + stream->seekable_stream, +- json_istream_drop_seekable_stream); ++ (istream_callback_t *)json_istream_drop_seekable_stream); + i_stream_unref(&stream->seekable_stream); + } + } +@@ -720,12 +720,12 @@ static void json_istream_consumed_value_ + if (stream->seekable_stream != NULL) { + i_stream_remove_destroy_callback( + stream->seekable_stream, +- json_istream_drop_seekable_stream); ++ (istream_callback_t *)json_istream_drop_seekable_stream); + } + if (stream->value_stream != NULL) { + i_stream_remove_destroy_callback( + stream->value_stream, +- json_istream_drop_value_stream); ++ (istream_callback_t *)json_istream_drop_value_stream); + } + stream->value_stream = NULL; + stream->seekable_stream = NULL; + i_stream_remove_destroy_callback(conn->incoming_payload, +- http_client_payload_destroyed); ++ (istream_callback_t *)http_client_payload_destroyed); + conn->incoming_payload = NULL; + } + +diff -up dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-server-connection.c +--- dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild 2025-11-30 13:02:24.337384848 +0100 ++++ dovecot-2.4.2/src/lib-http/http-server-connection.c 2025-11-30 13:03:14.477064608 +0100 +@@ -1066,7 +1066,7 @@ http_server_connection_disconnect(struct + if (conn->incoming_payload != NULL) { + /* The stream is still accessed by lib-http caller. */ + i_stream_remove_destroy_callback(conn->incoming_payload, +- http_server_payload_destroyed); ++ (istream_callback_t *)http_server_payload_destroyed); + conn->incoming_payload = NULL; + } + if (conn->payload_handler != NULL) +diff -up dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-client-connection.c +--- dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild 2025-11-30 12:57:42.670247695 +0100 ++++ dovecot-2.4.2/src/lib-http/http-client-connection.c 2025-11-30 13:00:54.862436490 +0100 +@@ -832,7 +832,7 @@ void http_client_connection_request_dest + is closed and we don't care about it anymore, so act as though it is + destroyed. */ + i_stream_remove_destroy_callback(payload, +- http_client_payload_destroyed); ++ (istream_callback_t *)http_client_payload_destroyed); + http_client_payload_destroyed(req); + } + +@@ -888,7 +888,7 @@ http_client_connection_return_response(s + if (response->payload != NULL) { + i_stream_remove_destroy_callback( + conn->incoming_payload, +- http_client_payload_destroyed); ++ (istream_callback_t *)http_client_payload_destroyed); + i_stream_unref(&conn->incoming_payload); + connection_input_resume(&conn->conn); + } +@@ -1731,7 +1731,7 @@ http_client_connection_disconnect(struct + if (conn->incoming_payload != NULL) { + /* The stream is still accessed by lib-http caller. */ + i_stream_remove_destroy_callback(conn->incoming_payload, +- http_client_payload_destroyed); ++ (istream_callback_t *)http_client_payload_destroyed); + conn->incoming_payload = NULL; + } + +diff -up dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 dovecot-2.4.2/src/lib-storage/index/index-mail.c +--- dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 2025-11-30 13:48:46.658539149 +0100 ++++ dovecot-2.4.2/src/lib-storage/index/index-mail.c 2025-11-30 13:49:47.178158024 +0100 +@@ -1840,7 +1840,7 @@ static void index_mail_close_streams_ful + allowed to have references until the mail is closed + (but we can't really check that) */ + i_stream_remove_destroy_callback(data->stream, +- index_mail_stream_destroy_callback); ++ (istream_callback_t *)index_mail_stream_destroy_callback); + } + i_stream_unref(&data->stream); + /* there must be no references to the mail when the diff --git a/dovecot.spec b/dovecot.spec index 9937b17..11efa4b 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -4,9 +4,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.4.1 -%global prever -4 -Release: 8%{?dist} +Version: 2.4.2 +%global prever %{nil} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT AND LGPL-2.1-only @@ -47,10 +47,7 @@ Patch18: dovecot-2.3.15-valbasherr.patch # Fedora/RHEL specific, drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes Patch23: dovecot-2.4.1-nolibotp.patch -Patch24: dovecot-2.4.1-gssapi.patch -#from upstream, for <= 2.4.1, rhbz#2402122 -#https://github.com/dovecot/core/compare/a70ce7d3e2f983979e971414c5892c4e30197231%5E...34caed79b76a7b82a2a9c94cf35371bec6c2b826.patch -Patch25: dovecot-2.4.1-cve-2025-30189.patch +Patch24: dovecot-2.4.2-fixbuild.patch BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig @@ -156,8 +153,7 @@ mv dovecot-pigeonhole-%{pigeonholever} dovecot-pigeonhole %patch -P 17 -p2 -b .fixvalcond %patch -P 18 -p1 -b .valbasherr %patch -P 23 -p2 -b .nolibotp -%patch -P 24 -p1 -b .gssapi -%patch -P 25 -p1 -b .cve-2025-30189 +%patch -P 24 -p1 -b .fixbuild cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude @@ -168,6 +164,8 @@ echo >src/auth/mech-otp-common.c echo >src/auth/mech-otp-common.h echo >src/auth/mech-otp.c echo >src/lib-auth/password-scheme-otp.c +echo >src/lib-sasl/sasl-server-mech-otp.c +echo >src/lib-sasl/dsasl-client-mech-otp.c pushd src/lib-otp for f in *.c *.h do @@ -360,7 +358,8 @@ fi # some aarch64 tests timeout, skip for now make check cd dovecot-pigeonhole -make check +# FIXME: make check will fail as it requires doveconf to be already installed at /usr/bin/doveconf +make check ||: %endif %files @@ -404,6 +403,7 @@ make check %{_libdir}/dovecot/auth/libauthdb_lua.so %endif %{_libdir}/dovecot/auth/libmech_gssapi.so +%{_libdir}/dovecot/auth/libmech_gss_spnego.so %{_libdir}/dovecot/auth/libdriver_sqlite.so %{_libdir}/dovecot/dict/libdriver_sqlite.so %{_libdir}/dovecot/dict/libdict_ldap.so @@ -479,6 +479,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Sun Nov 30 2025 Michal Hlavinka - 1:2.4.2-1 +- updated to 2.4.2 (#2411846) + * Wed Nov 05 2025 Michal Hlavinka - 1:2.4.1-8 - update patch for CVE-2025-30189 diff --git a/sources b/sources index 490e720..54fc50d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.4.1-4.tar.gz) = 4915e9282898a4bce4dc3c9781f9aa849e8a2d5bb89dffc2222b417560eaa0135d66342ef342098a86dd5e9b4e76d41145381b7264144411cf45a6f88ca36698 -SHA512 (dovecot-pigeonhole-2.4.1-4.tar.gz) = 47b9cc62b13d710123389c47d13c104e70b815d683dc6b957e86b57b2f175101d07f462d0fdb0488d6dcdcfbbc137c926825ba9a0d798551576aa7f3c9082100 +SHA512 (dovecot-2.4.2.tar.gz) = 0524695341abe711d3a811c56156889d6fef7a09becc684c6f1dc1e5add605969ca8794eb7d44bfbc49f70515f22e8640b5828443addecfe4798fb8b174670ae +SHA512 (dovecot-pigeonhole-2.4.2.tar.gz) = 82c46c7ac2792aa5c211c8b66309f9f21c05ecd2fa8ab3abf98fb4e05831fd37aaa3edffcfbe1b3defbb9ac8ef9df1c33ece83cf7524e8b226c4deab8c250134