updated to 2.4.2 (#2411846)

and trim changelog

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,117 +1,2 @@
-dovecot-2.0.rc3.tar.gz
-pigeonhole-snap01ee63b788c9.tar.bz2
-dovecot-2.0.rc4.tar.gz
-pigeonhole-snapcac6acdc4d0e.tar.bz2
-dovecot-2.0.rc5.tar.gz
-pigeonhole-snap0592366457df.tar.bz2
-/dovecot-2.0.0.tar.gz
-/pigeonhole-snap1ae9569b0383.tar.bz2
-/dovecot-2.0.1.tar.gz
-/pigeonhole-snapd51650c8af85.tar.bz2
-/dovecot-2.0.2.tar.gz
-/pigeonhole-snapfbcb05e7eda1.tar.bz2
-/dovecot-2.0.3.tar.gz
-/pigeonhole-snapcb4c1ebecff3.tar.bz2
-/dovecot-2.0.4.tar.gz
-/pigeonhole-snap824454514f08.tar.bz2
-/dovecot-2.0.5.tar.gz
-/pigeonhole-snapa50464354f5a.tar.bz2
-/dovecot-2.0.6.tar.gz
-/pigeonhole-snap2023f8c74250.tar.bz2
-/dovecot-2.0.7.tar.gz
-/pigeonhole-snapa8cc6294071e.tar.bz2
-/dovecot-2.0.8.tar.gz
-/pigeonhole-snap67d2240966ec.tar.bz2
-/dovecot-2.0-pigeonhole-0.2.2.tar.gz
-/dovecot-2.0.9.tar.gz
-/dovecot-2.0.11.tar.gz
-/dovecot-2.0.12.tar.gz
-/dovecot-2.0-pigeonhole-0.2.3.tar.gz
-/dovecot-2.0.13.tar.gz
-/dovecot-2.0.14.tar.gz
-/dovecot-2.0.15.tar.gz
-/dovecot-2.0.16.tar.gz
-/dovecot-2.1.rc1.tar.gz
-/dovecot-2.1-pigeonhole-b3bff60a18da.tar.bz2
-/dovecot-2.1.rc3.tar.gz
-/dovecot-2.1.rc5.tar.gz
-/dovecot-2.1-pigeonhole-a130a50f82e1.tar.bz2
-/dovecot-2.1.rc6.tar.gz
-/dovecot-2.1-pigeonhole-b2a456e15ed5.tar.bz2
-/dovecot-2.1.0.tar.gz
-/dovecot-2.1-pigeonhole-0.3.0.tar.gz
-/dovecot-2.1.1.tar.gz
-/pigeonhole-snap67950c9d3675.tar.bz2
-/dovecot-2.1.2.tar.gz
-/pigeonhole-snap08a2d2718a65.tar.bz2
-/dovecot-2.1.3.tar.gz
-/dovecot-2.1.4.tar.gz
-/dovecot-2.1.5.tar.gz
-/dovecot-2.1.6.tar.gz
-/dovecot-2.1.7.tar.gz
-/dovecot-2.1-pigeonhole-0.3.1.tar.gz
-/dovecot-2.1.8.tar.gz
-/dovecot-2.1.9.tar.gz
-/dovecot-2.1.10.tar.gz
-/dovecot-2.1-pigeonhole-0.3.3.tar.gz
-/dovecot-2.1.12.tar.gz
-/dovecot-2.1.13.tar.gz
-/dovecot-2.1.14.tar.gz
-/dovecot-2.1.15.tar.gz
-/dovecot-2.2.rc2.tar.gz
-/pigeonhole-99eec511aa2c.tar.bz2
-/dovecot-2.2.rc3.tar.gz
-/dovecot-2.2.rc4.tar.gz
-/dovecot-2.2.0.tar.gz
-/dovecot-2.2.1.tar.gz
-/pigeonhole-snape42a38f02d28.tar.bz2
-/dovecot-2.2-pigeonhole-0.4.0.tar.gz
-/dovecot-2.2.2.tar.gz
-/dovecot-2.2.3.tar.gz
-/dovecot-2.2.4.tar.gz
-/dovecot-2.2-pigeonhole-0.4.1.tar.gz
-/dovecot-2.2.5.tar.gz
-/dovecot-2.2.6.tar.gz
-/dovecot-2.2-pigeonhole-0.4.2.tar.gz
-/dovecot-2.2.7.tar.gz
-/dovecot-2.2.8.tar.gz
-/dovecot-2.2.9.tar.gz
-/dovecot-2.2.10.tar.gz
-/dovecot-2.2.11.tar.gz
-/dovecot-2.2.12.tar.gz
-/dovecot-2.2.13.tar.gz
-/dovecot-2.2.14.tar.gz
-/dovecot-2.2-pigeonhole-0.4.3.tar.gz
-/dovecot-2.2.15.tar.gz
-/pigeonhole-snapded0c5a467aa.tar.bz2
-/dovecot-2.2-pigeonhole-0.4.6.tar.gz
-/dovecot-2.2.16.tar.gz
-/dovecot-2.2.17.tar.gz
-/dovecot-2.2.18.tar.gz
-/dovecot-2.2-pigeonhole-0.4.7.tar.gz
-/dovecot-2.2-pigeonhole-0.4.8.tar.gz
-/dovecot-2.2.19.tar.gz
-/dovecot-2.2-pigeonhole-0.4.9.tar.gz
-/dovecot-2.2.20.tar.gz
-/dovecot-2.2.21.tar.gz
-/dovecot-2.2-pigeonhole-0.4.10.tar.gz
-/dovecot-2.2-pigeonhole-0.4.11.tar.gz
-/dovecot-2.2-pigeonhole-0.4.12.tar.gz
-/dovecot-2.2.22.tar.gz
-/dovecot-2.2.23.tar.gz
-/dovecot-2.2-pigeonhole-0.4.13.tar.gz
-/dovecot-2.2.24.tar.gz
-/dovecot-2.2-pigeonhole-0.4.14.tar.gz
-/dovecot-2.2.25.tar.gz
-/dovecot-2.2.26.0.tar.gz
-/dovecot-2.2-pigeonhole-0.4.16.tar.gz
-/dovecot-2.2.27.tar.gz
-/dovecot-2.2.28.tar.gz
-/dovecot-2.2-pigeonhole-0.4.17.tar.gz
-/dovecot-2.2.29.tar.gz
-/dovecot-2.2.29.1.tar.gz
-/dovecot-2.2-pigeonhole-0.4.18.tar.gz
-/dovecot-2.2.30.1.tar.gz
-/dovecot-2.2.30.2.tar.gz
-/dovecot-2.2.31.tar.gz
-/dovecot-2.2-pigeonhole-0.4.19.tar.gz
+/dovecot-*.tar.gz
+/pigeonhole-*.tar.bz2

dovecot-2.0-defaultconfig.patch

@@ -1,33 +1,97 @@
-diff -up dovecot-2.2.18/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.2.18/doc/example-config/conf.d/10-mail.conf
---- dovecot-2.2.18/doc/example-config/conf.d/10-mail.conf.default-settings	2014-06-02 13:50:10.000000000 +0200
-+++ dovecot-2.2.18/doc/example-config/conf.d/10-mail.conf	2015-08-24 17:09:03.866648631 +0200
-@@ -283,6 +283,7 @@ namespace inbox {
- # them simultaneously.
- #mbox_read_locks = fcntl
- #mbox_write_locks = dotlock fcntl
-+mbox_write_locks = fcntl
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in
+--- dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in	2025-11-30 09:24:17.130246956 +0100
+@@ -16,24 +16,19 @@ dovecot_storage_version = @DOVECOT_CONFI
+ # The configuration below is a minimal configuration file using system user authentication.
+ # See https://@DOVECOT_ASSET_URL@/latest/core/config/quick.html
  
- # Maximum time to wait for lock (all of them) before aborting.
- #mbox_lock_timeout = 5 mins
-diff -up dovecot-2.2.18/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.2.18/doc/example-config/conf.d/10-ssl.conf
---- dovecot-2.2.18/doc/example-config/conf.d/10-ssl.conf.default-settings	2014-10-03 16:36:00.000000000 +0200
-+++ dovecot-2.2.18/doc/example-config/conf.d/10-ssl.conf	2015-08-24 17:10:49.536071649 +0200
-@@ -3,7 +3,9 @@
- ##
+-!include_try conf.d/*.conf
+-
+ # Enable wanted protocols:
+ protocols {
+   imap = yes
+   lmtp = yes
+ }
  
- # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
--#ssl = yes
-+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
-+# plain imap and pop3 are still allowed for local connections
+-mail_home = /srv/mail/%{user}
+-mail_driver = sdbox
++mail_home = /home/%{user}
++mail_driver = maildir
+ mail_path = ~/mail
+ 
+-mail_uid = vmail
+-mail_gid = vmail
+-
+-# By default first_valid_uid is 500. If your vmail user's UID is smaller,
++# By default first_valid_uid is 1000. If your vmail user's UID is smaller,
+ # you need to modify this:
+-#first_valid_uid = uid-number-of-vmail-user
++first_valid_uid = 1000
+ 
+ namespace inbox {
+   inbox = yes
+@@ -44,7 +39,15 @@ namespace inbox {
+ passdb pam {
+ }
+ 
++userdb passwd {
++}
++
 +ssl = required
- 
- # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
- # dropping root privileges, so keep the key file unreadable by anyone but
-@@ -50,6 +52,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
- 
- # SSL ciphers to use
- #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
 +ssl_cipher_list = PROFILE=SYSTEM
++
+ ssl_server {
+-  cert_file = /etc/dovecot/ssl-cert.pem
+-  key_file = /etc/dovecot/ssl-key.pem
++  cert_file = /etc/pki/dovecot/certs/dovecot.pem
++  key_file = /etc/pki/dovecot/private/dovecot.pem
+ }
++
++!include_try conf.d/*.conf
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf
+--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings	2025-10-29 08:00:30.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf	2025-11-30 09:18:17.667869864 +0100
+@@ -21,7 +21,6 @@
+ # file or directory. Refer to Pigeonhole wiki or INSTALL file for more
+ # information.
  
- # Prefer the server's order of ciphers over client's.
- #ssl_prefer_server_ciphers = no
+-plugin {
+   # The location of the user's main Sieve script or script storage. The LDA
+   # Sieve plugin uses this to find the active script for Sieve filtering at
+   # delivery. The "include" extension uses this location for retrieving
+@@ -36,7 +35,10 @@ plugin {
+   # active script symlink is located.
+   # For other types: use the ';name=' parameter to specify the name of the
+   # default/active script.
+-  sieve = file:~/sieve;active=~/.dovecot.sieve
++sieve_script personal {
++  path = ~/sieve
++  active_path = ~/.dovecot.sieve
++}
+ 
+   # The default Sieve script when the user has none. This is the location of a
+   # global sieve script file, which gets executed ONLY if user's personal Sieve
+@@ -202,4 +204,3 @@ plugin {
+   # Enables showing byte code addresses in the trace output, rather than only
+   # the source line numbers.
+   #sieve_trace_addresses = no 
+-}
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf
+--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings	2025-10-29 08:00:30.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf	2025-11-30 09:18:17.668131795 +0100
+@@ -6,7 +6,6 @@
+ # sieve_extensions or sieve_global_extensions settings. Restricting these
+ # extensions to a global context using sieve_global_extensions is recommended.
+ 
+-plugin {
+ 
+   # The directory where the program sockets are located for the
+   # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+@@ -23,7 +22,6 @@ plugin {
+   #sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
+   #sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
+   #sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
+-}
+ 
+ # An example program service called 'do-something' to pipe messages to
+ #service do-something {

dovecot-2.1.10-waitonline.patch

@@ -1,11 +1,11 @@
-diff -up dovecot-2.2.22/dovecot.service.in.waitonline dovecot-2.2.22/dovecot.service.in
---- dovecot-2.2.22/dovecot.service.in.waitonline	2016-03-16 13:36:49.426772606 +0100
-+++ dovecot-2.2.22/dovecot.service.in	2016-03-16 13:47:23.923606903 +0100
-@@ -24,6 +24,7 @@ After=local-fs.target network.target
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline	2025-06-02 23:29:29.141111228 +0200
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in	2025-06-02 23:31:27.124155453 +0200
+@@ -12,6 +12,7 @@ Description=Dovecot IMAP/POP3 email serv
+ Documentation=man:dovecot(1)
+ Documentation=https://doc.dovecot.org/
+ After=local-fs.target network-online.target remote-fs.target time-sync.target
++Wants=network-online.target
  
  [Service]
- Type=forking
-+ExecStartPre=/usr/libexec/dovecot/prestartscript
- ExecStart=@sbindir@/dovecot
- PIDFile=@rundir@/master.pid
- ExecReload=@bindir@/doveadm reload
+ Type=@systemdservicetype@

dovecot-2.2.13-online.patch

@@ -1,12 +0,0 @@
-diff -up dovecot-2.2.22/dovecot.service.in.online dovecot-2.2.22/dovecot.service.in
---- dovecot-2.2.22/dovecot.service.in.online	2016-03-16 13:47:47.112491206 +0100
-+++ dovecot-2.2.22/dovecot.service.in	2016-03-16 13:48:14.339355363 +0100
-@@ -20,7 +20,7 @@
- Description=Dovecot IMAP/POP3 email server
- Documentation=man:dovecot(1)
- Documentation=http://wiki2.dovecot.org/
--After=local-fs.target network.target
-+After=local-fs.target network-online.target
- 
- [Service]
- Type=forking

dovecot-2.2.20-initbysystemd.patch

@@ -1,10 +1,9 @@
-diff -up dovecot-2.2.22/dovecot-init.service.initbysystemd dovecot-2.2.22/dovecot-init.service
---- dovecot-2.2.22/dovecot-init.service.initbysystemd	2016-03-16 13:48:25.996297203 +0100
-+++ dovecot-2.2.22/dovecot-init.service	2016-03-16 13:48:25.996297203 +0100
-@@ -0,0 +1,18 @@
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd	2025-06-02 23:32:10.685053915 +0200
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service	2025-06-02 23:32:10.685053915 +0200
+@@ -0,0 +1,13 @@
 +[Unit]
 +Description=One-time Dovecot init service
-+ConditionPathExists=|!/var/lib/dovecot/ssl-parameters.dat
 +ConditionPathExists=|!/etc/pki/dovecot/certs/dovecot.pem
 +
 +[Service]
@@ -14,38 +13,39 @@ diff -up dovecot-2.2.22/dovecot-init.service.initbysystemd dovecot-2.2.22/doveco
 +if [ ! -f /etc/pki/dovecot/certs/dovecot.pem ]; \
 +then\
 +  SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
-+fi;\
-+if [ ! -f /var/lib/dovecot/ssl-parameters.dat ]; \
-+then\
-+  /usr/libexec/dovecot/ssl-params >/dev/null 2>&1; \
 +fi'
 +
-diff -up dovecot-2.2.22/dovecot.service.in.initbysystemd dovecot-2.2.22/dovecot.service.in
---- dovecot-2.2.22/dovecot.service.in.initbysystemd	2016-03-16 13:48:25.996297203 +0100
-+++ dovecot-2.2.22/dovecot.service.in	2016-03-16 13:49:17.619039641 +0100
-@@ -20,7 +20,8 @@
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd	2025-06-02 23:32:10.685195261 +0200
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in	2025-06-02 23:34:03.123174934 +0200
+@@ -11,7 +11,8 @@
  Description=Dovecot IMAP/POP3 email server
  Documentation=man:dovecot(1)
- Documentation=http://wiki2.dovecot.org/
--After=local-fs.target network-online.target
-+After=local-fs.target network-online.target dovecot-init.service
+ Documentation=https://doc.dovecot.org/
+-After=local-fs.target network-online.target remote-fs.target time-sync.target
++After=local-fs.target network-online.target remote-fs.target time-sync.target dovecot-init.service
 +Requires=dovecot-init.service
+ Wants=network-online.target
  
  [Service]
- Type=forking
-diff -up dovecot-2.2.22/Makefile.am.initbysystemd dovecot-2.2.22/Makefile.am
---- dovecot-2.2.22/Makefile.am.initbysystemd	2016-03-04 12:04:33.000000000 +0100
-+++ dovecot-2.2.22/Makefile.am	2016-03-16 13:48:25.996297203 +0100
-@@ -51,9 +51,10 @@ if HAVE_SYSTEMD
- 
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd	2025-03-28 12:32:27.000000000 +0100
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am	2025-06-02 23:33:22.221675050 +0200
+@@ -19,6 +19,7 @@ EXTRA_DIST = \
+ 	update-version.sh \
+ 	run-test-valgrind.supp \
+ 	dovecot.service.in \
++	dovecot-init.service \
+ 	dovecot.socket \
+ 	version \
+ 	build-aux/git-abi-version-gen \
+@@ -67,7 +68,8 @@ dovecot-config: dovecot-config.in Makefi
+ if WANT_SYSTEMD
  systemdsystemunit_DATA = \
          dovecot.socket \
 -        dovecot.service
 +        dovecot.service \
 +        dovecot-init.service
- else
--EXTRA_DIST += dovecot.socket dovecot.service.in
-+EXTRA_DIST += dovecot.socket dovecot.service.in dovecot-init.service
  endif
  
  install-exec-hook:

dovecot-2.2.22-systemd_w_protectsystem.patch

@@ -1,14 +1,11 @@
-diff -up dovecot-2.2.28/dovecot.service.in.systemd_w_protectsystem dovecot-2.2.28/dovecot.service.in
---- dovecot-2.2.28/dovecot.service.in.systemd_w_protectsystem	2017-02-27 10:00:14.647423500 +0100
-+++ dovecot-2.2.28/dovecot.service.in	2017-02-27 10:02:18.051377067 +0100
-@@ -20,8 +20,8 @@ ExecReload=@bindir@/doveadm reload
+diff -up dovecot-2.3.2/dovecot.service.in.systemd_w_protectsystem dovecot-2.3.2/dovecot.service.in
+--- dovecot-2.3.2/dovecot.service.in.systemd_w_protectsystem	2018-07-09 12:00:13.359193526 +0200
++++ dovecot-2.3.2/dovecot.service.in	2018-07-09 12:00:46.387716884 +0200
+@@ -23,6 +23,7 @@ ExecReload=@bindir@/doveadm reload
  ExecStop=@bindir@/doveadm stop
  PrivateTmp=true
  NonBlocking=yes
--# Enable this if your systemd is new enough to support it:
--#ProtectSystem=full
-+# Enable this if your systemd is new enough to support it: (it will make /usr /boot /etc read only for dovecot)
-+ProtectSystem=full
- 
- # You can add environment variables with e.g.:
- #Environment='CORE_OUTOFMEM=1'
++# this will make /usr /boot /etc read only for dovecot
+ ProtectSystem=full
+ ProtectHome=no
+ PrivateDevices=true

dovecot-2.2.31-notifyrevert.patch

@@ -1,28 +0,0 @@
-From 64d2efdc4b0bdf92249840e9db89b91c8dc0f3a3 Mon Sep 17 00:00:00 2001
-From: Timo Sirainen <timo.sirainen@dovecot.fi>
-Date: Sat, 17 Jun 2017 14:38:22 +0300
-Subject: [PATCH] imap: Fix NOTIFY to parse more than just the first
- event-group
-
----
- src/imap/cmd-notify.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/imap/cmd-notify.c b/src/imap/cmd-notify.c
-index 4c6aad975..94cf103b8 100644
---- a/src/imap/cmd-notify.c
-+++ b/src/imap/cmd-notify.c
-@@ -292,10 +292,10 @@ cmd_notify_set(struct imap_notify_context *ctx, const struct imap_arg *args)
- 		ctx->send_immediate_status = TRUE;
- 		args++;
- 	}
-+	for (; args->type != IMAP_ARG_EOL; args++) {
-+		if (!imap_arg_get_list(args, &event_group))
-+			return -1;
- 
--	if (!imap_arg_get_list(args, &event_group))
--		return -1;
--	for (; event_group->type != IMAP_ARG_EOL; event_group++) {
- 		/* filter-mailboxes */
- 		if (!imap_arg_get_atom(event_group, &filter_mailboxes))
- 			return -1;

dovecot-2.3.11-bigkey.patch

@@ -0,0 +1,10 @@
+diff -up dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey dovecot-2.3.15/doc/dovecot-openssl.cnf
+--- dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey	2021-06-21 20:24:51.913456628 +0200
++++ dovecot-2.3.15/doc/dovecot-openssl.cnf	2021-06-21 20:25:36.352912123 +0200
+@@ -1,5 +1,5 @@
+ [ req ]
+-default_bits = 2048
++default_bits = 3072
+ encrypt_key = yes
+ distinguished_name = req_dn
+ x509_extensions = cert_type

dovecot-2.3.15-fixvalcond.patch

@@ -0,0 +1,24 @@
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond	2025-06-02 23:36:21.897399891 +0200
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c	2025-06-02 23:38:13.748569461 +0200
+@@ -102,7 +102,7 @@ sieve_dict_script_get_stream(struct siev
+ 		container_of(script, struct sieve_dict_script, script);
+ 	struct sieve_dict_storage *dstorage =
+ 		container_of(storage, struct sieve_dict_storage, storage);
+-	const char *path, *name = script->name, *data, *error;
++	const char *path, *name = script->name, *data, *error = NULL;
+ 	int ret;
+ 
+ 	dscript->data_pool =
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond	2025-03-28 12:32:27.000000000 +0100
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c	2025-06-02 23:36:21.897571934 +0200
+@@ -250,7 +250,7 @@ int index_storage_attribute_get(struct m
+ 				struct mail_attribute_value *value_r)
+ {
+ 	struct dict *dict;
+-	const char *mailbox_prefix, *error;
++	const char *mailbox_prefix, *error = NULL;
+ 	int ret;
+ 
+ 	i_zero(value_r);

dovecot-2.3.15-valbasherr.patch

@@ -0,0 +1,20 @@
+diff -up dovecot-2.3.15/run-test-valgrind.supp.valbasherr dovecot-2.3.15/run-test-valgrind.supp
+--- dovecot-2.3.15/run-test-valgrind.supp.valbasherr	2021-06-21 22:52:53.272707239 +0200
++++ dovecot-2.3.15/run-test-valgrind.supp	2021-06-21 22:54:19.786668430 +0200
+@@ -1,4 +1,16 @@
+ {
++   <bashagin>
++   Memcheck:Leak
++   match-leak-kinds: definite
++   fun:malloc
++   fun:make_if_command
++   fun:yyparse
++   fun:parse_command
++   fun:read_command
++   fun:reader_loop
++   fun:main
++}
++{
+    <bash>
+    Memcheck:Leak
+    fun:malloc

dovecot-2.3.21.1-fixicu.patch

@@ -0,0 +1,13 @@
+diff -up dovecot-2.3.20/m4/want_icu.m4.fixicu dovecot-2.3.20/m4/want_icu.m4
+--- dovecot-2.3.20/m4/want_icu.m4.fixicu	2022-12-21 09:49:12.000000000 +0100
++++ dovecot-2.3.20/m4/want_icu.m4	2025-01-29 10:47:25.765768562 +0100
+@@ -1,7 +1,7 @@
+ AC_DEFUN([DOVECOT_WANT_ICU], [
+   if test "$want_icu" != "no"; then
+-    if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n 2>/dev/null; then
+-      PKG_CHECK_MODULES(LIBICU, icu-i18n)
++    if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n icu-uc 2>/dev/null; then
++      PKG_CHECK_MODULES(LIBICU, icu-i18n icu-uc)
+       have_icu=yes
+       AC_DEFINE(HAVE_LIBICU,, [Define if you want ICU normalization support for FTS])
+     elif test "$want_icu" = "yes"; then

dovecot-2.4.1-nolibotp.patch

@@ -0,0 +1,285 @@
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c	2025-11-30 13:38:50.100927373 +0100
+@@ -16,7 +16,7 @@
+ static const char *const settings[] = {
+ 	"base_dir", ".",
+ 	"auth_mechanisms",
+-		"ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN OTP "
++		"ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN "
+ 		"OAUTHBEARER SCRAM-SHA-1 SCRAM-SHA-256 XOAUTH2",
+ 	"auth_username_chars", "",
+ 	"auth_username_format", "",
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c	2025-11-30 13:38:50.101130654 +0100
+@@ -46,10 +46,7 @@ request_handler_reply_mock_callback(stru
+ 
+ 	if (request->passdb_result == PASSDB_RESULT_OK)
+ 		request->failed = FALSE;
+-	else if (strcmp(request->fields.mech_name, SASL_MECH_NAME_OTP) == 0) {
+-		if (null_strcmp(request->fields.user, "otp_phase_2") == 0)
+-			request->failed = FALSE;
+-	} else if (strcmp(request->fields.mech_name,
++	else if (strcmp(request->fields.mech_name,
+ 			  SASL_MECH_NAME_OAUTHBEARER) == 0) {
+ 	}
+ };
+@@ -190,10 +187,6 @@ static void test_mechs(void)
+ 		{"PLAIN", UCHAR_LEN("\0testuser\0testpass"), "testuser", TRUE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", TRUE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", TRUE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", TRUE, TRUE, FALSE},
+-		{"OTP", UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", TRUE, TRUE, FALSE},
+-		{"OTP", UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", TRUE, TRUE, FALSE},
+-		{"OTP", UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", TRUE, TRUE, FALSE},
+ 		{"OAUTHBEARER", UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", FALSE, TRUE, FALSE},
+ 		{"SCRAM-SHA-1", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE},
+ 		{"SCRAM-SHA-256", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser",  TRUE, FALSE, FALSE},
+@@ -208,8 +201,6 @@ static void test_mechs(void)
+ 		{"EXTERNAL", UCHAR_LEN(""), "testuser", FALSE, TRUE, FALSE},
+ 		{"EXTERNAL", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+ 		{"LOGIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN(""), "testuser", FALSE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+ 		{"OAUTHBEARER", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+ 		{"XOAUTH2", UCHAR_LEN(""), NULL,  FALSE, FALSE, FALSE},
+@@ -221,7 +212,6 @@ static void test_mechs(void)
+ 		{"APOP", UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, FALSE, FALSE, FALSE},
+ 		{"APOP", UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, FALSE, FALSE, FALSE},
+ 		{"APOP", UCHAR_LEN("1.1.1"), NULL, FALSE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN("somebody\0testuser"), "testuser", FALSE, TRUE, FALSE},
+ 		{"CRAM-MD5", UCHAR_LEN("testuser\0response"), "testuser",  FALSE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("testuser\0"), "testuser", FALSE, FALSE, FALSE},
+ 
+@@ -264,9 +254,7 @@ static void test_mechs(void)
+ 		{"PLAIN", UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, FALSE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("failingwiththis"), NULL, FALSE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("failing\0withthis"), NULL, FALSE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN("someb\0ody\0testuser"), NULL, FALSE, FALSE, FALSE},
+ 		/* phase 2 */
+-		{"OTP", UCHAR_LEN("someb\0ody\0testuser"), "testuser", FALSE, TRUE, FALSE},
+ 		{"SCRAM-SHA-1", UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, FALSE, FALSE, FALSE},
+ 		{"SCRAM-SHA-1", UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, FALSE, FALSE, FALSE},
+ 		{"SCRAM-SHA-1", UCHAR_LEN("n,a=masteruser,,"), NULL, FALSE, FALSE, FALSE},
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp	2025-11-30 13:38:50.093609901 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c	2025-11-30 13:38:50.101359374 +0100
+@@ -13,7 +13,6 @@
+ #include "randgen.h"
+ #include "sha1.h"
+ #include "sha2.h"
+-#include "otp.h"
+ #include "str.h"
+ #include "auth-digest.h"
+ #include "password-scheme.h"
+@@ -704,33 +703,6 @@ plain_md5_generate(const char *plaintext
+ 	*size_r = MD5_RESULTLEN;
+ }
+ 
+-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
+-		      const unsigned char *raw_password, size_t size,
+-		      const char **error_r)
+-{
+-	const char *password, *generated;
+-
+-	password = t_strndup(raw_password, size);
+-	if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) {
+-		*error_r = "Invalid OTP data in passdb";
+-		return -1;
+-	}
+-
+-	return strcasecmp(password, generated) == 0 ? 1 : 0;
+-}
+-
+-static void
+-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
+-	     const unsigned char **raw_password_r, size_t *size_r)
+-{
+-	const char *password;
+-
+-	if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0)
+-		i_unreached();
+-	*raw_password_r = (const unsigned char *)password;
+-	*size_r = strlen(password);
+-}
+-
+ static const struct password_scheme builtin_schemes[] = {
+ 	{
+ 		.name = "MD5",
+@@ -894,13 +866,6 @@ static const struct password_scheme buil
+ 		.password_generate = plain_md5_generate,
+ 	},
+ 	{
+-		.name = "OTP",
+-		.default_encoding = PW_ENCODING_NONE,
+-		.raw_password_len = 0,
+-		.password_verify = otp_verify,
+-		.password_generate = otp_generate,
+-	},
+-	{
+ 		.name = "PBKDF2",
+ 		.default_encoding = PW_ENCODING_NONE,
+ 		.raw_password_len = 0,
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h	2025-11-30 13:38:50.101549260 +0100
+@@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi
+ /* INTERNAL: */
+ const char *password_generate_salt(size_t len);
+ const char *password_generate_md5_crypt(const char *pw, const char *salt);
+-int password_generate_otp(const char *pw, const char *state_data,
+-			  unsigned int algo, const char **result_r)
+-	ATTR_NULL(2);
+ 
+ int scram_verify(const struct hash_method *hmethod, const char *scheme_name,
+ 		 const char *plaintext, const unsigned char *raw_password,
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c	2025-11-30 13:38:50.101711124 +0100
+@@ -107,7 +107,6 @@ static void test_password_schemes(void)
+ 	test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test");
+ 	test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test");
+ 	test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test");
+-	test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test");
+ 	test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test");
+ 	test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
+ 	test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp	2025-11-30 13:39:54.210043386 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c	2025-11-30 13:39:54.217205256 +0100
+@@ -175,7 +175,6 @@ void dsasl_clients_init(void)
+ 	dsasl_client_mech_register(&dsasl_client_mech_digest_md5);
+ 	dsasl_client_mech_register(&dsasl_client_mech_cram_md5);
+ 	dsasl_client_mech_register(&dsasl_client_mech_oauthbearer);
+-	dsasl_client_mech_register(&dsasl_client_mech_otp);
+ 	dsasl_client_mech_register(&dsasl_client_mech_xoauth2);
+ 	dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1);
+ 	dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1_plus);
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp	2025-11-30 13:40:22.269119732 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h	2025-11-30 13:40:22.275363043 +0100
+@@ -50,7 +50,6 @@ extern const struct dsasl_client_mech ds
+ extern const struct dsasl_client_mech dsasl_client_mech_external;
+ extern const struct dsasl_client_mech dsasl_client_mech_login;
+ extern const struct dsasl_client_mech dsasl_client_mech_oauthbearer;
+-extern const struct dsasl_client_mech dsasl_client_mech_otp;
+ extern const struct dsasl_client_mech dsasl_client_mech_xoauth2;
+ extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1;
+ extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1_plus;
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp	2025-11-30 13:40:56.823727053 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c	2025-11-30 13:40:56.837864792 +0100
+@@ -635,7 +635,6 @@ static void fuzz_sasl_run(struct istream
+ 	sasl_server_mech_register_cram_md5(server_inst);
+ 	sasl_server_mech_register_digest_md5(server_inst);
+ 	sasl_server_mech_register_login(server_inst);
+-	sasl_server_mech_register_otp(server_inst);
+ 	sasl_server_mech_register_plain(server_inst);
+ 	sasl_server_mech_register_scram_sha1(server_inst);
+ 	sasl_server_mech_register_scram_sha1_plus(server_inst);
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp	2025-11-30 13:41:24.035316421 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h	2025-11-30 13:41:24.050796571 +0100
+@@ -193,8 +193,6 @@ void sasl_server_mech_register_scram_sha
+ void sasl_server_mech_register_scram_sha256_plus(
+ 	struct sasl_server_instance *sinst);
+ 
+-void sasl_server_mech_register_otp(struct sasl_server_instance *sinst);
+-
+ /* Winbind */
+ 
+ struct sasl_server_winbind_settings {
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp	2025-11-30 13:42:08.741524883 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c	2025-11-30 13:42:08.757334395 +0100
+@@ -507,7 +507,6 @@ test_sasl_run(const struct test_sasl *te
+ 	sasl_server_mech_register_digest_md5(server_inst);
+ 	sasl_server_mech_register_external(server_inst);
+ 	sasl_server_mech_register_login(server_inst);
+-	sasl_server_mech_register_otp(server_inst);
+ 	sasl_server_mech_register_plain(server_inst);
+ 	sasl_server_mech_register_scram_sha1(server_inst);
+ 	sasl_server_mech_register_scram_sha1_plus(server_inst);
+@@ -722,16 +721,6 @@ static const struct test_sasl success_te
+ 			.password = "tokentokentoken",
+ 		},
+ 	},
+-	/* OTP */
+-	{
+-		.mech = "OTP",
+-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
+-		.server = {
+-			.authid = "user",
+-			.password = "pass",
+-		},
+-		.repeat = 1050,
+-	},
+ 	/* EXTERNAL */
+ 	{
+ 		.mech = "EXTERNAL",
+@@ -1457,31 +1446,6 @@ static const struct test_sasl bad_creds_
+ 		},
+ 		.failure = TRUE,
+ 	},
+-	/* OTP */
+-	{
+-		.mech = "OTP",
+-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
+-		.server = {
+-			.authid = "user",
+-			.password = "pass",
+-		},
+-		.client = {
+-			.authid = "userb",
+-		},
+-		.failure = TRUE,
+-	},
+-	{
+-		.mech = "OTP",
+-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
+-		.server = {
+-			.authid = "user",
+-			.password = "pass",
+-		},
+-		.client = {
+-			.password = "florp",
+-		},
+-		.failure = TRUE,
+-	},
+ 	/* EXTERNAL */
+ 	{
+ 		.mech = "EXTERNAL",
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2	2025-11-30 13:56:23.124460140 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c	2025-11-30 13:56:39.521935947 +0100
+@@ -472,7 +472,6 @@ MECH_SIMPLE_REGISTER__TEMPLATE(cram_md5)
+ MECH_SIMPLE_REGISTER__TEMPLATE(digest_md5)
+ MECH_SIMPLE_REGISTER__TEMPLATE(external)
+ MECH_SIMPLE_REGISTER__TEMPLATE(login)
+-MECH_SIMPLE_REGISTER__TEMPLATE(otp)
+ MECH_SIMPLE_REGISTER__TEMPLATE(plain)
+ MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1)
+ MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1_plus)
+@@ -539,12 +538,6 @@ static const struct auth_sasl_mech_modul
+ 	.mech_register = mech_login_register,
+ };
+ 
+-static const struct auth_sasl_mech_module mech_otp = {
+-	.mech_name = SASL_MECH_NAME_OTP,
+-
+-	.mech_register = mech_otp_register,
+-};
+-
+ static const struct auth_sasl_mech_module mech_plain = {
+ 	.mech_name = SASL_MECH_NAME_PLAIN,
+ 
+@@ -612,7 +605,6 @@ static void auth_sasl_mechs_init(const s
+ 	if (set->use_winbind)
+ 		auth_sasl_mech_register_module(&mech_winbind_ntlm);
+ 	auth_sasl_mech_oauth2_register();
+-	auth_sasl_mech_register_module(&mech_otp);
+ 	auth_sasl_mech_register_module(&mech_plain);
+ 	auth_sasl_mech_register_module(&mech_scram_sha1);
+ 	auth_sasl_mech_register_module(&mech_scram_sha1_plus);

dovecot-2.4.2-fixbuild.patch

@@ -0,0 +1,135 @@
+diff -up dovecot-2.4.2/src/lib/istream.c.fixbuild dovecot-2.4.2/src/lib/istream.c
+--- dovecot-2.4.2/src/lib/istream.c.fixbuild	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2/src/lib/istream.c	2025-11-30 11:40:37.739536137 +0100
+@@ -85,7 +85,7 @@ void i_stream_add_destroy_callback(struc
+ }
+ 
+ void i_stream_remove_destroy_callback(struct istream *stream,
+-				      void (*callback)())
++				      istream_callback_t *callback)
+ {
+ 	io_stream_remove_destroy_callback(&stream->real_stream->iostream,
+ 					  callback);
+diff -up dovecot-2.4.2/src/lib/istream.h.fixbuild dovecot-2.4.2/src/lib/istream.h
+--- dovecot-2.4.2/src/lib/istream.h.fixbuild	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2/src/lib/istream.h	2025-11-30 11:40:37.739798710 +0100
+@@ -100,7 +100,7 @@ void i_stream_add_destroy_callback(struc
+ 		(istream_callback_t *)callback, context)
+ /* Remove the destroy callback. */
+ void i_stream_remove_destroy_callback(struct istream *stream,
+-				      void (*callback)());
++				      istream_callback_t *callback);
+ 
+ /* Return file descriptor for stream, or -1 if none is available. */
+ int i_stream_get_fd(struct istream *stream);
+diff -up dovecot-2.4.2/src/lib/ostream.c.fixbuild dovecot-2.4.2/src/lib/ostream.c
+--- dovecot-2.4.2/src/lib/ostream.c.fixbuild	2025-11-30 11:42:21.434063550 +0100
++++ dovecot-2.4.2/src/lib/ostream.c	2025-11-30 11:42:55.814100259 +0100
+@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
+ }
+ 
+ void o_stream_remove_destroy_callback(struct ostream *stream,
+-				      void (*callback)())
++				      ostream_callback_t *callback)
+ {
+ 	io_stream_remove_destroy_callback(&stream->real_stream->iostream,
+ 					  callback);
+diff -up dovecot-2.4.2/src/lib/ostream.h.fixbuild dovecot-2.4.2/src/lib/ostream.h
+--- dovecot-2.4.2/src/lib/ostream.h.fixbuild	2025-11-30 11:42:29.639009602 +0100
++++ dovecot-2.4.2/src/lib/ostream.h	2025-11-30 11:43:20.101652841 +0100
+@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
+ 		(ostream_callback_t *)callback, context)
+ /* Remove the destroy callback. */
+ void o_stream_remove_destroy_callback(struct ostream *stream,
+-				      void (*callback)());
++				      ostream_callback_t *callback);
+ 
+ /* Mark the stream and all of its parent streams closed. Nothing will be
+    sent after this call. When using ostreams that require writing a trailer,
+diff -up dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild dovecot-2.4.2/src/lib-json/json-istream.c
+--- dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2/src/lib-json/json-istream.c	2025-11-30 12:52:15.970430672 +0100
+@@ -706,7 +706,7 @@ static void json_istream_drop_value_stre
+ 		if (stream->seekable_stream != NULL) {
+ 			i_stream_remove_destroy_callback(
+ 				stream->seekable_stream,
+-				json_istream_drop_seekable_stream);
++				(istream_callback_t *)json_istream_drop_seekable_stream);
+ 			i_stream_unref(&stream->seekable_stream);
+ 		}
+ 	}
+@@ -720,12 +720,12 @@ static void json_istream_consumed_value_
+ 	if (stream->seekable_stream != NULL) {
+ 		i_stream_remove_destroy_callback(
+ 			stream->seekable_stream,
+-			json_istream_drop_seekable_stream);
++			(istream_callback_t *)json_istream_drop_seekable_stream);
+ 	}
+ 	if (stream->value_stream != NULL) {
+ 		i_stream_remove_destroy_callback(
+ 			stream->value_stream,
+-			json_istream_drop_value_stream);
++			(istream_callback_t *)json_istream_drop_value_stream);
+ 	}
+ 	stream->value_stream = NULL;
+ 	stream->seekable_stream = NULL;
+ 		i_stream_remove_destroy_callback(conn->incoming_payload,
+-						 http_client_payload_destroyed);
++						 (istream_callback_t *)http_client_payload_destroyed);
+ 		conn->incoming_payload = NULL;
+ 	}
+ 
+diff -up dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-server-connection.c
+--- dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild	2025-11-30 13:02:24.337384848 +0100
++++ dovecot-2.4.2/src/lib-http/http-server-connection.c	2025-11-30 13:03:14.477064608 +0100
+@@ -1066,7 +1066,7 @@ http_server_connection_disconnect(struct
+ 	if (conn->incoming_payload != NULL) {
+ 		/* The stream is still accessed by lib-http caller. */
+ 		i_stream_remove_destroy_callback(conn->incoming_payload,
+-						 http_server_payload_destroyed);
++						 (istream_callback_t *)http_server_payload_destroyed);
+ 		conn->incoming_payload = NULL;
+ 	}
+ 	if (conn->payload_handler != NULL)
+diff -up dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-client-connection.c
+--- dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild	2025-11-30 12:57:42.670247695 +0100
++++ dovecot-2.4.2/src/lib-http/http-client-connection.c	2025-11-30 13:00:54.862436490 +0100
+@@ -832,7 +832,7 @@ void http_client_connection_request_dest
+ 	   is closed and we don't care about it anymore, so act as though it is
+ 	   destroyed. */
+ 	i_stream_remove_destroy_callback(payload,
+-					 http_client_payload_destroyed);
++					 (istream_callback_t *)http_client_payload_destroyed);
+ 	http_client_payload_destroyed(req);
+ }
+ 
+@@ -888,7 +888,7 @@ http_client_connection_return_response(s
+ 		if (response->payload != NULL) {
+ 			i_stream_remove_destroy_callback(
+ 				conn->incoming_payload,
+-				http_client_payload_destroyed);
++				(istream_callback_t *)http_client_payload_destroyed);
+ 			i_stream_unref(&conn->incoming_payload);
+ 			connection_input_resume(&conn->conn);
+ 		}
+@@ -1731,7 +1731,7 @@ http_client_connection_disconnect(struct
+ 	if (conn->incoming_payload != NULL) {
+ 		/* The stream is still accessed by lib-http caller. */
+ 		i_stream_remove_destroy_callback(conn->incoming_payload,
+-						 http_client_payload_destroyed);
++						 (istream_callback_t *)http_client_payload_destroyed);
+ 		conn->incoming_payload = NULL;
+ 	}
+ 
+diff -up dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 dovecot-2.4.2/src/lib-storage/index/index-mail.c
+--- dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2	2025-11-30 13:48:46.658539149 +0100
++++ dovecot-2.4.2/src/lib-storage/index/index-mail.c	2025-11-30 13:49:47.178158024 +0100
+@@ -1840,7 +1840,7 @@ static void index_mail_close_streams_ful
+ 			   allowed to have references until the mail is closed
+ 			   (but we can't really check that) */
+ 			i_stream_remove_destroy_callback(data->stream,
+-				index_mail_stream_destroy_callback);
++				(istream_callback_t *)index_mail_stream_destroy_callback);
+ 		}
+ 		i_stream_unref(&data->stream);
+ 		/* there must be no references to the mail when the

dovecot.sysusers

@@ -0,0 +1,9 @@
+#Type Name    ID    GECOS                       Home directory       Shell
+g     dovecot 97
+u     dovecot 97   "Dovecot IMAP server"        /usr/libexec/dovecot /sbin/nologin
+m     dovecot dovecot
+
+g     dovenull -
+u     dovenull -   "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin
+m     dovenull dovenull
+

dovecot.tmpfilesd

@@ -1,2 +1,2 @@
-d /var/run/dovecot 0755 root dovecot -
+d /run/dovecot 0755 root dovecot -
 

plans/main.fmf

@@ -0,0 +1,6 @@
+summary: Run all tests
+execute:
+  how: tmt
+discover:
+  how: fmf
+

rpminspect.yaml

@@ -0,0 +1,7 @@
+---
+runpath:
+  allowed_paths:
+    # dovecot only plugins
+    - /usr/lib/dovecot/old-stats
+    - /usr/lib64/dovecot/old-stats
+

sources

@@ -1,2 +1,2 @@
-SHA512 (dovecot-2.2.31.tar.gz) = 071797e260a75de9117b03c0fa9d903de82b1f1c039c2aece2d7313587e6673c49174bfce17b80fe3f3725fcbc42ed3a1bd1f1c22efef5bc016752277eff3266
-SHA512 (dovecot-2.2-pigeonhole-0.4.19.tar.gz) = c1211a3c65b25995770309c427ec5cd888ddb962f2f64884640163b492a11ffa8937aac1eb66d25e48f0e00131da1cc98c1cb307781576780de47b8816333ff1
+SHA512 (dovecot-2.4.2.tar.gz) = 0524695341abe711d3a811c56156889d6fef7a09becc684c6f1dc1e5add605969ca8794eb7d44bfbc49f70515f22e8640b5828443addecfe4798fb8b174670ae
+SHA512 (dovecot-pigeonhole-2.4.2.tar.gz) = 82c46c7ac2792aa5c211c8b66309f9f21c05ecd2fa8ab3abf98fb4e05831fd37aaa3edffcfbe1b3defbb9ac8ef9df1c33ece83cf7524e8b226c4deab8c250134

tests/got-audit/got-audit.gdb

@@ -0,0 +1,2 @@
+gef config gef.disable_color True
+got-audit --all

tests/got-audit/main.fmf

@@ -0,0 +1,10 @@
+summary: Audit the GOT for signs of tampering
+description: |
+  Pointers in the server process GOT will be checked to ensure that
+  each function pointer's value is within a shared object file
+  that exports a symbol of that name, and that no shared object
+  files export conflicting symbols.
+contact: Gordon Messmer <gordon.messmer@gmail.com>
+require+:
+  - gdb-gef           # needed to test got-audit
+

tests/got-audit/runtest.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/dovecot/Sanity/got-audit
+#   Description: Check pointers in the server process GOT for signs of tampering
+#   Author: Gordon Messmer <gordon.messmer@gmail.com>
+#
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlServiceStart dovecot
+        rlRun "TestDir=\$(pwd)"
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "auditfile=\$(mktemp --tmpdir=${TmpDir})"
+    rlPhaseEnd
+
+    rlPhaseStartTest "Run GEF got-audit"
+        rlRun "SERVICE_PID=\$( systemctl show --property=MainPID dovecot.service | cut -f2 -d= )"
+        rlRun "echo SERVICE_PID is '$SERVICE_PID'"
+        [ -n "$SERVICE_PID" ] || rlFail "No service pid was found"
+        rlRun "gdb-gef --pid '$SERVICE_PID' --command='$TestDir'/got-audit.gdb --batch > '$auditfile'"
+        # Basic test: ensure that at least one symbol is found in libc.so,
+        #  to verify that the report looks plausible.
+        rlAssertGrep " : /.*/libc.so" "$auditfile"
+        # Ensure the got-audit did not report any errors
+        rlAssertNotGrep " :: ERROR" "$auditfile"
+        rlRun "cp '$auditfile' '$TMT_TEST_DATA'/got-audit.txt"
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlServiceRestore dovecot
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd

tests/main.fmf

@@ -0,0 +1,2 @@
+test: ./runtest.sh
+framework: beakerlib