updated to 2.4.2 (#2411846)

and trim changelog

.fmf/version

@@ -0,0 +1 @@
+1

dovecot-2.0-defaultconfig.patch

@@ -1,33 +1,97 @@
-diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
---- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
-+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf	2018-03-01 10:29:38.208368555 +0100
-@@ -322,6 +322,7 @@ protocol !indexer-worker {
- # them simultaneously.
- #mbox_read_locks = fcntl
- #mbox_write_locks = dotlock fcntl
-+mbox_write_locks = fcntl
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in
+--- dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in	2025-11-30 09:24:17.130246956 +0100
+@@ -16,24 +16,19 @@ dovecot_storage_version = @DOVECOT_CONFI
+ # The configuration below is a minimal configuration file using system user authentication.
+ # See https://@DOVECOT_ASSET_URL@/latest/core/config/quick.html
  
- # Maximum time to wait for lock (all of them) before aborting.
- #mbox_lock_timeout = 5 mins
-diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
---- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
-+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf	2018-03-01 10:33:54.779499044 +0100
-@@ -3,7 +3,9 @@
- ##
+-!include_try conf.d/*.conf
+-
+ # Enable wanted protocols:
+ protocols {
+   imap = yes
+   lmtp = yes
+ }
  
- # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
--#ssl = yes
-+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
-+# plain imap and pop3 are still allowed for local connections
+-mail_home = /srv/mail/%{user}
+-mail_driver = sdbox
++mail_home = /home/%{user}
++mail_driver = maildir
+ mail_path = ~/mail
+ 
+-mail_uid = vmail
+-mail_gid = vmail
+-
+-# By default first_valid_uid is 500. If your vmail user's UID is smaller,
++# By default first_valid_uid is 1000. If your vmail user's UID is smaller,
+ # you need to modify this:
+-#first_valid_uid = uid-number-of-vmail-user
++first_valid_uid = 1000
+ 
+ namespace inbox {
+   inbox = yes
+@@ -44,7 +39,15 @@ namespace inbox {
+ passdb pam {
+ }
+ 
++userdb passwd {
++}
++
 +ssl = required
- 
- # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
- # dropping root privileges, so keep the key file unreadable by anyone but
-@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
- #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
- # To disable non-EC DH, use:
- #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
 +ssl_cipher_list = PROFILE=SYSTEM
++
+ ssl_server {
+-  cert_file = /etc/dovecot/ssl-cert.pem
+-  key_file = /etc/dovecot/ssl-key.pem
++  cert_file = /etc/pki/dovecot/certs/dovecot.pem
++  key_file = /etc/pki/dovecot/private/dovecot.pem
+ }
++
++!include_try conf.d/*.conf
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf
+--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings	2025-10-29 08:00:30.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf	2025-11-30 09:18:17.667869864 +0100
+@@ -21,7 +21,6 @@
+ # file or directory. Refer to Pigeonhole wiki or INSTALL file for more
+ # information.
  
- # Colon separated list of elliptic curves to use. Empty value (the default)
- # means use the defaults from the SSL library. P-521:P-384:P-256 would be an
+-plugin {
+   # The location of the user's main Sieve script or script storage. The LDA
+   # Sieve plugin uses this to find the active script for Sieve filtering at
+   # delivery. The "include" extension uses this location for retrieving
+@@ -36,7 +35,10 @@ plugin {
+   # active script symlink is located.
+   # For other types: use the ';name=' parameter to specify the name of the
+   # default/active script.
+-  sieve = file:~/sieve;active=~/.dovecot.sieve
++sieve_script personal {
++  path = ~/sieve
++  active_path = ~/.dovecot.sieve
++}
+ 
+   # The default Sieve script when the user has none. This is the location of a
+   # global sieve script file, which gets executed ONLY if user's personal Sieve
+@@ -202,4 +204,3 @@ plugin {
+   # Enables showing byte code addresses in the trace output, rather than only
+   # the source line numbers.
+   #sieve_trace_addresses = no 
+-}
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf
+--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings	2025-10-29 08:00:30.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf	2025-11-30 09:18:17.668131795 +0100
+@@ -6,7 +6,6 @@
+ # sieve_extensions or sieve_global_extensions settings. Restricting these
+ # extensions to a global context using sieve_global_extensions is recommended.
+ 
+-plugin {
+ 
+   # The directory where the program sockets are located for the
+   # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+@@ -23,7 +22,6 @@ plugin {
+   #sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
+   #sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
+   #sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
+-}
+ 
+ # An example program service called 'do-something' to pipe messages to
+ #service do-something {

dovecot-2.1.10-waitonline.patch

@@ -1,11 +1,11 @@
-diff -up dovecot-2.3.0.1/dovecot.service.in.waitonline dovecot-2.3.0.1/dovecot.service.in
---- dovecot-2.3.0.1/dovecot.service.in.waitonline	2018-03-01 10:35:39.888371078 +0100
-+++ dovecot-2.3.0.1/dovecot.service.in	2018-03-01 10:36:29.738784661 +0100
-@@ -12,6 +12,7 @@ After=local-fs.target network-online.tar
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline	2025-06-02 23:29:29.141111228 +0200
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in	2025-06-02 23:31:27.124155453 +0200
+@@ -12,6 +12,7 @@ Description=Dovecot IMAP/POP3 email serv
+ Documentation=man:dovecot(1)
+ Documentation=https://doc.dovecot.org/
+ After=local-fs.target network-online.target remote-fs.target time-sync.target
++Wants=network-online.target
  
  [Service]
- Type=simple
-+ExecStartPre=/usr/libexec/dovecot/prestartscript
- ExecStart=@sbindir@/dovecot -F
- PIDFile=@rundir@/master.pid
- ExecReload=@bindir@/doveadm reload
+ Type=@systemdservicetype@

dovecot-2.2.20-initbysystemd.patch

@@ -1,6 +1,6 @@
-diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dovecot-init.service
---- dovecot-2.3.0.1/dovecot-init.service.initbysystemd	2018-03-01 10:38:22.059716008 +0100
-+++ dovecot-2.3.0.1/dovecot-init.service	2018-03-01 10:38:22.059716008 +0100
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd	2025-06-02 23:32:10.685053915 +0200
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service	2025-06-02 23:32:10.685053915 +0200
 @@ -0,0 +1,13 @@
 +[Unit]
 +Description=One-time Dovecot init service
@@ -15,32 +15,37 @@ diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dove
 +  SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
 +fi'
 +
-diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in
---- dovecot-2.3.0.1/dovecot.service.in.initbysystemd	2018-03-01 10:38:22.060716016 +0100
-+++ dovecot-2.3.0.1/dovecot.service.in	2018-03-01 10:40:45.524901319 +0100
-@@ -8,7 +8,8 @@
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd	2025-06-02 23:32:10.685195261 +0200
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in	2025-06-02 23:34:03.123174934 +0200
+@@ -11,7 +11,8 @@
  Description=Dovecot IMAP/POP3 email server
  Documentation=man:dovecot(1)
- Documentation=http://wiki2.dovecot.org/
--After=local-fs.target network-online.target
-+After=local-fs.target network-online.target dovecot-init.service
+ Documentation=https://doc.dovecot.org/
+-After=local-fs.target network-online.target remote-fs.target time-sync.target
++After=local-fs.target network-online.target remote-fs.target time-sync.target dovecot-init.service
 +Requires=dovecot-init.service
+ Wants=network-online.target
  
  [Service]
- Type=simple
-diff -up dovecot-2.3.0.1/Makefile.am.initbysystemd dovecot-2.3.0.1/Makefile.am
---- dovecot-2.3.0.1/Makefile.am.initbysystemd	2018-02-28 15:28:57.000000000 +0100
-+++ dovecot-2.3.0.1/Makefile.am	2018-03-01 10:38:22.060716016 +0100
-@@ -63,9 +63,10 @@ if HAVE_SYSTEMD
- 
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd	2025-03-28 12:32:27.000000000 +0100
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am	2025-06-02 23:33:22.221675050 +0200
+@@ -19,6 +19,7 @@ EXTRA_DIST = \
+ 	update-version.sh \
+ 	run-test-valgrind.supp \
+ 	dovecot.service.in \
++	dovecot-init.service \
+ 	dovecot.socket \
+ 	version \
+ 	build-aux/git-abi-version-gen \
+@@ -67,7 +68,8 @@ dovecot-config: dovecot-config.in Makefi
+ if WANT_SYSTEMD
  systemdsystemunit_DATA = \
          dovecot.socket \
 -        dovecot.service
 +        dovecot.service \
 +        dovecot-init.service
- else
--EXTRA_DIST += dovecot.socket dovecot.service.in
-+EXTRA_DIST += dovecot.socket dovecot.service.in dovecot-init.service
  endif
  
  install-exec-hook:

dovecot-2.3.0.1-libxcrypt.patch

@@ -1,11 +0,0 @@
-diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c
---- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt       2018-02-28 15:28:58.000000000 +0100
-+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
-@@ -14,6 +14,7 @@
- #  define _XPG6 /* Some Solaris versions require this, some break with this */
- #endif
- #include <unistd.h>
-+#include <crypt.h>
- 
- #include "mycrypt.h"
- 

dovecot-2.3.11-bigkey.patch

@@ -0,0 +1,10 @@
+diff -up dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey dovecot-2.3.15/doc/dovecot-openssl.cnf
+--- dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey	2021-06-21 20:24:51.913456628 +0200
++++ dovecot-2.3.15/doc/dovecot-openssl.cnf	2021-06-21 20:25:36.352912123 +0200
+@@ -1,5 +1,5 @@
+ [ req ]
+-default_bits = 2048
++default_bits = 3072
+ encrypt_key = yes
+ distinguished_name = req_dn
+ x509_extensions = cert_type

dovecot-2.3.11.3-ftbfs1.patch

@@ -1,15 +0,0 @@
-diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c
-index cf05370035..0a030a2be0 100644
---- a/src/auth/test-mech.c
-+++ b/src/auth/test-mech.c
-@@ -196,8 +196,8 @@ test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_
- {
- 	string_t *apop_challenge = t_str_new(128);
- 
--	str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(),
--		    connect_uid, process_start_time+10);
-+	str_printfa(apop_challenge,"<%lx.%lx.%"PRIxTIME_T".", (unsigned long)getpid(),
-+		    (unsigned long)connect_uid, process_start_time+10);
- 	str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26);
- 	*len_r = apop_challenge->used;
- 	return apop_challenge->data;

dovecot-2.3.11.3-ftbfs2.patch

@@ -1,22 +0,0 @@
-diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c
-index 0a030a2be0..0a22ff46d0 100644
---- a/src/auth/test-mech.c
-+++ b/src/auth/test-mech.c
-@@ -192,7 +192,7 @@ static void test_mech_handle_challenge(struct auth_request *request,
- }
- 
- static inline const unsigned char *
--test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r)
-+test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r)
- {
- 	string_t *apop_challenge = t_str_new(128);
- 
-@@ -323,7 +323,7 @@ static void test_mechs(void)
- 		struct test_case *test_case = &tests[running_test];
- 		const struct mech_module *mech = test_case->mech;
- 		struct auth_request *request;
--		const char *testname = t_strdup_printf("auth mech %s %d/%lu",
-+		const char *testname = t_strdup_printf("auth mech %s %d/%zu",
- 						       mech->mech_name,
- 						       running_test+1,
- 						       N_ELEMENTS(tests));

dovecot-2.3.11.3-gssapi.patch

@@ -1,13 +0,0 @@
-diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
-index f29e48da88..966273d388 100644
---- a/src/auth/mech-gssapi.c
-+++ b/src/auth/mech-gssapi.c
-@@ -735,7 +735,7 @@ mech_gssapi_auth_free(struct auth_request *request)
- const struct mech_module mech_gssapi = {
- 	"GSSAPI",
- 
--	.flags = 0,
-+	.flags = MECH_SEC_ALLOW_NULS,
- 	.passdb_need = MECH_PASSDB_NEED_NOTHING,
- 
- 	mech_gssapi_auth_new,

dovecot-2.3.15-fixvalcond.patch

@@ -0,0 +1,24 @@
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond	2025-06-02 23:36:21.897399891 +0200
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c	2025-06-02 23:38:13.748569461 +0200
+@@ -102,7 +102,7 @@ sieve_dict_script_get_stream(struct siev
+ 		container_of(script, struct sieve_dict_script, script);
+ 	struct sieve_dict_storage *dstorage =
+ 		container_of(storage, struct sieve_dict_storage, storage);
+-	const char *path, *name = script->name, *data, *error;
++	const char *path, *name = script->name, *data, *error = NULL;
+ 	int ret;
+ 
+ 	dscript->data_pool =
+diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c
+--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond	2025-03-28 12:32:27.000000000 +0100
++++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c	2025-06-02 23:36:21.897571934 +0200
+@@ -250,7 +250,7 @@ int index_storage_attribute_get(struct m
+ 				struct mail_attribute_value *value_r)
+ {
+ 	struct dict *dict;
+-	const char *mailbox_prefix, *error;
++	const char *mailbox_prefix, *error = NULL;
+ 	int ret;
+ 
+ 	i_zero(value_r);

dovecot-2.3.15-valbasherr.patch

@@ -0,0 +1,20 @@
+diff -up dovecot-2.3.15/run-test-valgrind.supp.valbasherr dovecot-2.3.15/run-test-valgrind.supp
+--- dovecot-2.3.15/run-test-valgrind.supp.valbasherr	2021-06-21 22:52:53.272707239 +0200
++++ dovecot-2.3.15/run-test-valgrind.supp	2021-06-21 22:54:19.786668430 +0200
+@@ -1,4 +1,16 @@
+ {
++   <bashagin>
++   Memcheck:Leak
++   match-leak-kinds: definite
++   fun:malloc
++   fun:make_if_command
++   fun:yyparse
++   fun:parse_command
++   fun:read_command
++   fun:reader_loop
++   fun:main
++}
++{
+    <bash>
+    Memcheck:Leak
+    fun:malloc

dovecot-2.3.21.1-fixicu.patch

@@ -0,0 +1,13 @@
+diff -up dovecot-2.3.20/m4/want_icu.m4.fixicu dovecot-2.3.20/m4/want_icu.m4
+--- dovecot-2.3.20/m4/want_icu.m4.fixicu	2022-12-21 09:49:12.000000000 +0100
++++ dovecot-2.3.20/m4/want_icu.m4	2025-01-29 10:47:25.765768562 +0100
+@@ -1,7 +1,7 @@
+ AC_DEFUN([DOVECOT_WANT_ICU], [
+   if test "$want_icu" != "no"; then
+-    if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n 2>/dev/null; then
+-      PKG_CHECK_MODULES(LIBICU, icu-i18n)
++    if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n icu-uc 2>/dev/null; then
++      PKG_CHECK_MODULES(LIBICU, icu-i18n icu-uc)
+       have_icu=yes
+       AC_DEFINE(HAVE_LIBICU,, [Define if you want ICU normalization support for FTS])
+     elif test "$want_icu" = "yes"; then

dovecot-2.4.1-nolibotp.patch

@@ -0,0 +1,285 @@
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c	2025-11-30 13:38:50.100927373 +0100
+@@ -16,7 +16,7 @@
+ static const char *const settings[] = {
+ 	"base_dir", ".",
+ 	"auth_mechanisms",
+-		"ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN OTP "
++		"ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN "
+ 		"OAUTHBEARER SCRAM-SHA-1 SCRAM-SHA-256 XOAUTH2",
+ 	"auth_username_chars", "",
+ 	"auth_username_format", "",
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c	2025-11-30 13:38:50.101130654 +0100
+@@ -46,10 +46,7 @@ request_handler_reply_mock_callback(stru
+ 
+ 	if (request->passdb_result == PASSDB_RESULT_OK)
+ 		request->failed = FALSE;
+-	else if (strcmp(request->fields.mech_name, SASL_MECH_NAME_OTP) == 0) {
+-		if (null_strcmp(request->fields.user, "otp_phase_2") == 0)
+-			request->failed = FALSE;
+-	} else if (strcmp(request->fields.mech_name,
++	else if (strcmp(request->fields.mech_name,
+ 			  SASL_MECH_NAME_OAUTHBEARER) == 0) {
+ 	}
+ };
+@@ -190,10 +187,6 @@ static void test_mechs(void)
+ 		{"PLAIN", UCHAR_LEN("\0testuser\0testpass"), "testuser", TRUE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", TRUE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", TRUE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", TRUE, TRUE, FALSE},
+-		{"OTP", UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", TRUE, TRUE, FALSE},
+-		{"OTP", UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", TRUE, TRUE, FALSE},
+-		{"OTP", UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", TRUE, TRUE, FALSE},
+ 		{"OAUTHBEARER", UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", FALSE, TRUE, FALSE},
+ 		{"SCRAM-SHA-1", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE},
+ 		{"SCRAM-SHA-256", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser",  TRUE, FALSE, FALSE},
+@@ -208,8 +201,6 @@ static void test_mechs(void)
+ 		{"EXTERNAL", UCHAR_LEN(""), "testuser", FALSE, TRUE, FALSE},
+ 		{"EXTERNAL", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+ 		{"LOGIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN(""), "testuser", FALSE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+ 		{"OAUTHBEARER", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
+ 		{"XOAUTH2", UCHAR_LEN(""), NULL,  FALSE, FALSE, FALSE},
+@@ -221,7 +212,6 @@ static void test_mechs(void)
+ 		{"APOP", UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, FALSE, FALSE, FALSE},
+ 		{"APOP", UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, FALSE, FALSE, FALSE},
+ 		{"APOP", UCHAR_LEN("1.1.1"), NULL, FALSE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN("somebody\0testuser"), "testuser", FALSE, TRUE, FALSE},
+ 		{"CRAM-MD5", UCHAR_LEN("testuser\0response"), "testuser",  FALSE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("testuser\0"), "testuser", FALSE, FALSE, FALSE},
+ 
+@@ -264,9 +254,7 @@ static void test_mechs(void)
+ 		{"PLAIN", UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, FALSE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("failingwiththis"), NULL, FALSE, FALSE, FALSE},
+ 		{"PLAIN", UCHAR_LEN("failing\0withthis"), NULL, FALSE, FALSE, FALSE},
+-		{"OTP", UCHAR_LEN("someb\0ody\0testuser"), NULL, FALSE, FALSE, FALSE},
+ 		/* phase 2 */
+-		{"OTP", UCHAR_LEN("someb\0ody\0testuser"), "testuser", FALSE, TRUE, FALSE},
+ 		{"SCRAM-SHA-1", UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, FALSE, FALSE, FALSE},
+ 		{"SCRAM-SHA-1", UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, FALSE, FALSE, FALSE},
+ 		{"SCRAM-SHA-1", UCHAR_LEN("n,a=masteruser,,"), NULL, FALSE, FALSE, FALSE},
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp	2025-11-30 13:38:50.093609901 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c	2025-11-30 13:38:50.101359374 +0100
+@@ -13,7 +13,6 @@
+ #include "randgen.h"
+ #include "sha1.h"
+ #include "sha2.h"
+-#include "otp.h"
+ #include "str.h"
+ #include "auth-digest.h"
+ #include "password-scheme.h"
+@@ -704,33 +703,6 @@ plain_md5_generate(const char *plaintext
+ 	*size_r = MD5_RESULTLEN;
+ }
+ 
+-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
+-		      const unsigned char *raw_password, size_t size,
+-		      const char **error_r)
+-{
+-	const char *password, *generated;
+-
+-	password = t_strndup(raw_password, size);
+-	if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) {
+-		*error_r = "Invalid OTP data in passdb";
+-		return -1;
+-	}
+-
+-	return strcasecmp(password, generated) == 0 ? 1 : 0;
+-}
+-
+-static void
+-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
+-	     const unsigned char **raw_password_r, size_t *size_r)
+-{
+-	const char *password;
+-
+-	if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0)
+-		i_unreached();
+-	*raw_password_r = (const unsigned char *)password;
+-	*size_r = strlen(password);
+-}
+-
+ static const struct password_scheme builtin_schemes[] = {
+ 	{
+ 		.name = "MD5",
+@@ -894,13 +866,6 @@ static const struct password_scheme buil
+ 		.password_generate = plain_md5_generate,
+ 	},
+ 	{
+-		.name = "OTP",
+-		.default_encoding = PW_ENCODING_NONE,
+-		.raw_password_len = 0,
+-		.password_verify = otp_verify,
+-		.password_generate = otp_generate,
+-	},
+-	{
+ 		.name = "PBKDF2",
+ 		.default_encoding = PW_ENCODING_NONE,
+ 		.raw_password_len = 0,
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h	2025-11-30 13:38:50.101549260 +0100
+@@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi
+ /* INTERNAL: */
+ const char *password_generate_salt(size_t len);
+ const char *password_generate_md5_crypt(const char *pw, const char *salt);
+-int password_generate_otp(const char *pw, const char *state_data,
+-			  unsigned int algo, const char **result_r)
+-	ATTR_NULL(2);
+ 
+ int scram_verify(const struct hash_method *hmethod, const char *scheme_name,
+ 		 const char *plaintext, const unsigned char *raw_password,
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c	2025-11-30 13:38:50.101711124 +0100
+@@ -107,7 +107,6 @@ static void test_password_schemes(void)
+ 	test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test");
+ 	test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test");
+ 	test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test");
+-	test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test");
+ 	test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test");
+ 	test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
+ 	test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp	2025-11-30 13:39:54.210043386 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c	2025-11-30 13:39:54.217205256 +0100
+@@ -175,7 +175,6 @@ void dsasl_clients_init(void)
+ 	dsasl_client_mech_register(&dsasl_client_mech_digest_md5);
+ 	dsasl_client_mech_register(&dsasl_client_mech_cram_md5);
+ 	dsasl_client_mech_register(&dsasl_client_mech_oauthbearer);
+-	dsasl_client_mech_register(&dsasl_client_mech_otp);
+ 	dsasl_client_mech_register(&dsasl_client_mech_xoauth2);
+ 	dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1);
+ 	dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1_plus);
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp	2025-11-30 13:40:22.269119732 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h	2025-11-30 13:40:22.275363043 +0100
+@@ -50,7 +50,6 @@ extern const struct dsasl_client_mech ds
+ extern const struct dsasl_client_mech dsasl_client_mech_external;
+ extern const struct dsasl_client_mech dsasl_client_mech_login;
+ extern const struct dsasl_client_mech dsasl_client_mech_oauthbearer;
+-extern const struct dsasl_client_mech dsasl_client_mech_otp;
+ extern const struct dsasl_client_mech dsasl_client_mech_xoauth2;
+ extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1;
+ extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1_plus;
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp	2025-11-30 13:40:56.823727053 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c	2025-11-30 13:40:56.837864792 +0100
+@@ -635,7 +635,6 @@ static void fuzz_sasl_run(struct istream
+ 	sasl_server_mech_register_cram_md5(server_inst);
+ 	sasl_server_mech_register_digest_md5(server_inst);
+ 	sasl_server_mech_register_login(server_inst);
+-	sasl_server_mech_register_otp(server_inst);
+ 	sasl_server_mech_register_plain(server_inst);
+ 	sasl_server_mech_register_scram_sha1(server_inst);
+ 	sasl_server_mech_register_scram_sha1_plus(server_inst);
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp	2025-11-30 13:41:24.035316421 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h	2025-11-30 13:41:24.050796571 +0100
+@@ -193,8 +193,6 @@ void sasl_server_mech_register_scram_sha
+ void sasl_server_mech_register_scram_sha256_plus(
+ 	struct sasl_server_instance *sinst);
+ 
+-void sasl_server_mech_register_otp(struct sasl_server_instance *sinst);
+-
+ /* Winbind */
+ 
+ struct sasl_server_winbind_settings {
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp	2025-11-30 13:42:08.741524883 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c	2025-11-30 13:42:08.757334395 +0100
+@@ -507,7 +507,6 @@ test_sasl_run(const struct test_sasl *te
+ 	sasl_server_mech_register_digest_md5(server_inst);
+ 	sasl_server_mech_register_external(server_inst);
+ 	sasl_server_mech_register_login(server_inst);
+-	sasl_server_mech_register_otp(server_inst);
+ 	sasl_server_mech_register_plain(server_inst);
+ 	sasl_server_mech_register_scram_sha1(server_inst);
+ 	sasl_server_mech_register_scram_sha1_plus(server_inst);
+@@ -722,16 +721,6 @@ static const struct test_sasl success_te
+ 			.password = "tokentokentoken",
+ 		},
+ 	},
+-	/* OTP */
+-	{
+-		.mech = "OTP",
+-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
+-		.server = {
+-			.authid = "user",
+-			.password = "pass",
+-		},
+-		.repeat = 1050,
+-	},
+ 	/* EXTERNAL */
+ 	{
+ 		.mech = "EXTERNAL",
+@@ -1457,31 +1446,6 @@ static const struct test_sasl bad_creds_
+ 		},
+ 		.failure = TRUE,
+ 	},
+-	/* OTP */
+-	{
+-		.mech = "OTP",
+-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
+-		.server = {
+-			.authid = "user",
+-			.password = "pass",
+-		},
+-		.client = {
+-			.authid = "userb",
+-		},
+-		.failure = TRUE,
+-	},
+-	{
+-		.mech = "OTP",
+-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
+-		.server = {
+-			.authid = "user",
+-			.password = "pass",
+-		},
+-		.client = {
+-			.password = "florp",
+-		},
+-		.failure = TRUE,
+-	},
+ 	/* EXTERNAL */
+ 	{
+ 		.mech = "EXTERNAL",
+diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c
+--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2	2025-11-30 13:56:23.124460140 +0100
++++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c	2025-11-30 13:56:39.521935947 +0100
+@@ -472,7 +472,6 @@ MECH_SIMPLE_REGISTER__TEMPLATE(cram_md5)
+ MECH_SIMPLE_REGISTER__TEMPLATE(digest_md5)
+ MECH_SIMPLE_REGISTER__TEMPLATE(external)
+ MECH_SIMPLE_REGISTER__TEMPLATE(login)
+-MECH_SIMPLE_REGISTER__TEMPLATE(otp)
+ MECH_SIMPLE_REGISTER__TEMPLATE(plain)
+ MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1)
+ MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1_plus)
+@@ -539,12 +538,6 @@ static const struct auth_sasl_mech_modul
+ 	.mech_register = mech_login_register,
+ };
+ 
+-static const struct auth_sasl_mech_module mech_otp = {
+-	.mech_name = SASL_MECH_NAME_OTP,
+-
+-	.mech_register = mech_otp_register,
+-};
+-
+ static const struct auth_sasl_mech_module mech_plain = {
+ 	.mech_name = SASL_MECH_NAME_PLAIN,
+ 
+@@ -612,7 +605,6 @@ static void auth_sasl_mechs_init(const s
+ 	if (set->use_winbind)
+ 		auth_sasl_mech_register_module(&mech_winbind_ntlm);
+ 	auth_sasl_mech_oauth2_register();
+-	auth_sasl_mech_register_module(&mech_otp);
+ 	auth_sasl_mech_register_module(&mech_plain);
+ 	auth_sasl_mech_register_module(&mech_scram_sha1);
+ 	auth_sasl_mech_register_module(&mech_scram_sha1_plus);

dovecot-2.4.2-fixbuild.patch

@@ -0,0 +1,135 @@
+diff -up dovecot-2.4.2/src/lib/istream.c.fixbuild dovecot-2.4.2/src/lib/istream.c
+--- dovecot-2.4.2/src/lib/istream.c.fixbuild	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2/src/lib/istream.c	2025-11-30 11:40:37.739536137 +0100
+@@ -85,7 +85,7 @@ void i_stream_add_destroy_callback(struc
+ }
+ 
+ void i_stream_remove_destroy_callback(struct istream *stream,
+-				      void (*callback)())
++				      istream_callback_t *callback)
+ {
+ 	io_stream_remove_destroy_callback(&stream->real_stream->iostream,
+ 					  callback);
+diff -up dovecot-2.4.2/src/lib/istream.h.fixbuild dovecot-2.4.2/src/lib/istream.h
+--- dovecot-2.4.2/src/lib/istream.h.fixbuild	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2/src/lib/istream.h	2025-11-30 11:40:37.739798710 +0100
+@@ -100,7 +100,7 @@ void i_stream_add_destroy_callback(struc
+ 		(istream_callback_t *)callback, context)
+ /* Remove the destroy callback. */
+ void i_stream_remove_destroy_callback(struct istream *stream,
+-				      void (*callback)());
++				      istream_callback_t *callback);
+ 
+ /* Return file descriptor for stream, or -1 if none is available. */
+ int i_stream_get_fd(struct istream *stream);
+diff -up dovecot-2.4.2/src/lib/ostream.c.fixbuild dovecot-2.4.2/src/lib/ostream.c
+--- dovecot-2.4.2/src/lib/ostream.c.fixbuild	2025-11-30 11:42:21.434063550 +0100
++++ dovecot-2.4.2/src/lib/ostream.c	2025-11-30 11:42:55.814100259 +0100
+@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
+ }
+ 
+ void o_stream_remove_destroy_callback(struct ostream *stream,
+-				      void (*callback)())
++				      ostream_callback_t *callback)
+ {
+ 	io_stream_remove_destroy_callback(&stream->real_stream->iostream,
+ 					  callback);
+diff -up dovecot-2.4.2/src/lib/ostream.h.fixbuild dovecot-2.4.2/src/lib/ostream.h
+--- dovecot-2.4.2/src/lib/ostream.h.fixbuild	2025-11-30 11:42:29.639009602 +0100
++++ dovecot-2.4.2/src/lib/ostream.h	2025-11-30 11:43:20.101652841 +0100
+@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
+ 		(ostream_callback_t *)callback, context)
+ /* Remove the destroy callback. */
+ void o_stream_remove_destroy_callback(struct ostream *stream,
+-				      void (*callback)());
++				      ostream_callback_t *callback);
+ 
+ /* Mark the stream and all of its parent streams closed. Nothing will be
+    sent after this call. When using ostreams that require writing a trailer,
+diff -up dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild dovecot-2.4.2/src/lib-json/json-istream.c
+--- dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild	2025-10-29 07:58:41.000000000 +0100
++++ dovecot-2.4.2/src/lib-json/json-istream.c	2025-11-30 12:52:15.970430672 +0100
+@@ -706,7 +706,7 @@ static void json_istream_drop_value_stre
+ 		if (stream->seekable_stream != NULL) {
+ 			i_stream_remove_destroy_callback(
+ 				stream->seekable_stream,
+-				json_istream_drop_seekable_stream);
++				(istream_callback_t *)json_istream_drop_seekable_stream);
+ 			i_stream_unref(&stream->seekable_stream);
+ 		}
+ 	}
+@@ -720,12 +720,12 @@ static void json_istream_consumed_value_
+ 	if (stream->seekable_stream != NULL) {
+ 		i_stream_remove_destroy_callback(
+ 			stream->seekable_stream,
+-			json_istream_drop_seekable_stream);
++			(istream_callback_t *)json_istream_drop_seekable_stream);
+ 	}
+ 	if (stream->value_stream != NULL) {
+ 		i_stream_remove_destroy_callback(
+ 			stream->value_stream,
+-			json_istream_drop_value_stream);
++			(istream_callback_t *)json_istream_drop_value_stream);
+ 	}
+ 	stream->value_stream = NULL;
+ 	stream->seekable_stream = NULL;
+ 		i_stream_remove_destroy_callback(conn->incoming_payload,
+-						 http_client_payload_destroyed);
++						 (istream_callback_t *)http_client_payload_destroyed);
+ 		conn->incoming_payload = NULL;
+ 	}
+ 
+diff -up dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-server-connection.c
+--- dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild	2025-11-30 13:02:24.337384848 +0100
++++ dovecot-2.4.2/src/lib-http/http-server-connection.c	2025-11-30 13:03:14.477064608 +0100
+@@ -1066,7 +1066,7 @@ http_server_connection_disconnect(struct
+ 	if (conn->incoming_payload != NULL) {
+ 		/* The stream is still accessed by lib-http caller. */
+ 		i_stream_remove_destroy_callback(conn->incoming_payload,
+-						 http_server_payload_destroyed);
++						 (istream_callback_t *)http_server_payload_destroyed);
+ 		conn->incoming_payload = NULL;
+ 	}
+ 	if (conn->payload_handler != NULL)
+diff -up dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-client-connection.c
+--- dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild	2025-11-30 12:57:42.670247695 +0100
++++ dovecot-2.4.2/src/lib-http/http-client-connection.c	2025-11-30 13:00:54.862436490 +0100
+@@ -832,7 +832,7 @@ void http_client_connection_request_dest
+ 	   is closed and we don't care about it anymore, so act as though it is
+ 	   destroyed. */
+ 	i_stream_remove_destroy_callback(payload,
+-					 http_client_payload_destroyed);
++					 (istream_callback_t *)http_client_payload_destroyed);
+ 	http_client_payload_destroyed(req);
+ }
+ 
+@@ -888,7 +888,7 @@ http_client_connection_return_response(s
+ 		if (response->payload != NULL) {
+ 			i_stream_remove_destroy_callback(
+ 				conn->incoming_payload,
+-				http_client_payload_destroyed);
++				(istream_callback_t *)http_client_payload_destroyed);
+ 			i_stream_unref(&conn->incoming_payload);
+ 			connection_input_resume(&conn->conn);
+ 		}
+@@ -1731,7 +1731,7 @@ http_client_connection_disconnect(struct
+ 	if (conn->incoming_payload != NULL) {
+ 		/* The stream is still accessed by lib-http caller. */
+ 		i_stream_remove_destroy_callback(conn->incoming_payload,
+-						 http_client_payload_destroyed);
++						 (istream_callback_t *)http_client_payload_destroyed);
+ 		conn->incoming_payload = NULL;
+ 	}
+ 
+diff -up dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 dovecot-2.4.2/src/lib-storage/index/index-mail.c
+--- dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2	2025-11-30 13:48:46.658539149 +0100
++++ dovecot-2.4.2/src/lib-storage/index/index-mail.c	2025-11-30 13:49:47.178158024 +0100
+@@ -1840,7 +1840,7 @@ static void index_mail_close_streams_ful
+ 			   allowed to have references until the mail is closed
+ 			   (but we can't really check that) */
+ 			i_stream_remove_destroy_callback(data->stream,
+-				index_mail_stream_destroy_callback);
++				(istream_callback_t *)index_mail_stream_destroy_callback);
+ 		}
+ 		i_stream_unref(&data->stream);
+ 		/* there must be no references to the mail when the

dovecot.sysusers

@@ -0,0 +1,9 @@
+#Type Name    ID    GECOS                       Home directory       Shell
+g     dovecot 97
+u     dovecot 97   "Dovecot IMAP server"        /usr/libexec/dovecot /sbin/nologin
+m     dovecot dovecot
+
+g     dovenull -
+u     dovenull -   "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin
+m     dovenull dovenull
+

plans/main.fmf

@@ -0,0 +1,6 @@
+summary: Run all tests
+execute:
+  how: tmt
+discover:
+  how: fmf
+

rpminspect.yaml

@@ -0,0 +1,7 @@
+---
+runpath:
+  allowed_paths:
+    # dovecot only plugins
+    - /usr/lib/dovecot/old-stats
+    - /usr/lib64/dovecot/old-stats
+

sources

@@ -1,2 +1,2 @@
-SHA512 (dovecot-2.3.11.3.tar.gz) = d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb
-SHA512 (dovecot-2.3-pigeonhole-0.5.11.tar.gz) = 793d93edc50192c52654e2f7244d3e01aaa4e69f786e3ecfcd658a4ab26a5099cc5319cb93221150db4ce94bc4515ffb38115b1d0eeb6e052b956efec680b33d
+SHA512 (dovecot-2.4.2.tar.gz) = 0524695341abe711d3a811c56156889d6fef7a09becc684c6f1dc1e5add605969ca8794eb7d44bfbc49f70515f22e8640b5828443addecfe4798fb8b174670ae
+SHA512 (dovecot-pigeonhole-2.4.2.tar.gz) = 82c46c7ac2792aa5c211c8b66309f9f21c05ecd2fa8ab3abf98fb4e05831fd37aaa3edffcfbe1b3defbb9ac8ef9df1c33ece83cf7524e8b226c4deab8c250134

tests/got-audit/got-audit.gdb

@@ -0,0 +1,2 @@
+gef config gef.disable_color True
+got-audit --all

tests/got-audit/main.fmf

@@ -0,0 +1,10 @@
+summary: Audit the GOT for signs of tampering
+description: |
+  Pointers in the server process GOT will be checked to ensure that
+  each function pointer's value is within a shared object file
+  that exports a symbol of that name, and that no shared object
+  files export conflicting symbols.
+contact: Gordon Messmer <gordon.messmer@gmail.com>
+require+:
+  - gdb-gef           # needed to test got-audit
+

tests/got-audit/runtest.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/dovecot/Sanity/got-audit
+#   Description: Check pointers in the server process GOT for signs of tampering
+#   Author: Gordon Messmer <gordon.messmer@gmail.com>
+#
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlServiceStart dovecot
+        rlRun "TestDir=\$(pwd)"
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "auditfile=\$(mktemp --tmpdir=${TmpDir})"
+    rlPhaseEnd
+
+    rlPhaseStartTest "Run GEF got-audit"
+        rlRun "SERVICE_PID=\$( systemctl show --property=MainPID dovecot.service | cut -f2 -d= )"
+        rlRun "echo SERVICE_PID is '$SERVICE_PID'"
+        [ -n "$SERVICE_PID" ] || rlFail "No service pid was found"
+        rlRun "gdb-gef --pid '$SERVICE_PID' --command='$TestDir'/got-audit.gdb --batch > '$auditfile'"
+        # Basic test: ensure that at least one symbol is found in libc.so,
+        #  to verify that the report looks plausible.
+        rlAssertGrep " : /.*/libc.so" "$auditfile"
+        # Ensure the got-audit did not report any errors
+        rlAssertNotGrep " :: ERROR" "$auditfile"
+        rlRun "cp '$auditfile' '$TMT_TEST_DATA'/got-audit.txt"
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlServiceRestore dovecot
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd

tests/main.fmf

@@ -0,0 +1,2 @@
+test: ./runtest.sh
+framework: beakerlib