dovecot updated to 2.3.8, pigeonhole 0.5.8

dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2
fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes
2019-10-10 14:33:13 +02:00 · 2019-08-29 11:04:23 +02:00 · 2019-08-19 17:35:29 +02:00 · 2019-05-31 16:21:00 +02:00 · 2019-05-02 17:01:44 +02:00 · 2019-04-18 15:03:30 +02:00
21 changed files with 2148 additions and 2007 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -1 +0,0 @@
-1
--- a/dovecot-2.0-defaultconfig.patch
+++ b/dovecot-2.0-defaultconfig.patch
@ -1,97 +1,33 @@
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in
--- dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in	2025-11-30 09:24:17.130246956 +0100
-@@ -16,24 +16,19 @@ dovecot_storage_version = @DOVECOT_CONFI
- # The configuration below is a minimal configuration file using system user authentication.
- # See https://@DOVECOT_ASSET_URL@/latest/core/config/quick.html
+diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
+--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf	2018-03-01 10:29:38.208368555 +0100
+@@ -322,6 +322,7 @@ protocol !indexer-worker {
+ # them simultaneously.
+ #mbox_read_locks = fcntl
+ #mbox_write_locks = dotlock fcntl
+mbox_write_locks = fcntl
 
-!include_try conf.d/*.conf
-
- # Enable wanted protocols:
- protocols {
-   imap = yes
-   lmtp = yes
- }
+ # Maximum time to wait for lock (all of them) before aborting.
+ #mbox_lock_timeout = 5 mins
+diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
+--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf	2018-03-01 10:33:54.779499044 +0100
+@@ -3,7 +3,9 @@
+ ##
 
-mail_home = /srv/mail/%{user}
-mail_driver = sdbox
-+mail_home = /home/%{user}
-+mail_driver = maildir
- mail_path = ~/mail
- 
-mail_uid = vmail
-mail_gid = vmail
-
-# By default first_valid_uid is 500. If your vmail user's UID is smaller,
-+# By default first_valid_uid is 1000. If your vmail user's UID is smaller,
- # you need to modify this:
-#first_valid_uid = uid-number-of-vmail-user
-+first_valid_uid = 1000
- 
- namespace inbox {
-   inbox = yes
-@@ -44,7 +39,15 @@ namespace inbox {
- passdb pam {
- }
- 
-+userdb passwd {
-+}
-+
+ # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+-#ssl = yes
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
+# plain imap and pop3 are still allowed for local connections
 +ssl = required
+ 
+ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+ # dropping root privileges, so keep the key file unreadable by anyone but
+@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
+ #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+ # To disable non-EC DH, use:
+ #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
 +ssl_cipher_list = PROFILE=SYSTEM
-+
- ssl_server {
-  cert_file = /etc/dovecot/ssl-cert.pem
-  key_file = /etc/dovecot/ssl-key.pem
-+  cert_file = /etc/pki/dovecot/certs/dovecot.pem
-+  key_file = /etc/pki/dovecot/private/dovecot.pem
- }
-+
-+!include_try conf.d/*.conf
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf
--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings	2025-10-29 08:00:30.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf	2025-11-30 09:18:17.667869864 +0100
-@@ -21,7 +21,6 @@
- # file or directory. Refer to Pigeonhole wiki or INSTALL file for more
- # information.
 
-plugin {
-   # The location of the user's main Sieve script or script storage. The LDA
-   # Sieve plugin uses this to find the active script for Sieve filtering at
-   # delivery. The "include" extension uses this location for retrieving
-@@ -36,7 +35,10 @@ plugin {
-   # active script symlink is located.
-   # For other types: use the ';name=' parameter to specify the name of the
-   # default/active script.
-  sieve = file:~/sieve;active=~/.dovecot.sieve
-+sieve_script personal {
-+  path = ~/sieve
-+  active_path = ~/.dovecot.sieve
-+}
- 
-   # The default Sieve script when the user has none. This is the location of a
-   # global sieve script file, which gets executed ONLY if user's personal Sieve
-@@ -202,4 +204,3 @@ plugin {
-   # Enables showing byte code addresses in the trace output, rather than only
-   # the source line numbers.
-   #sieve_trace_addresses = no 
-}
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf
--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings	2025-10-29 08:00:30.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf	2025-11-30 09:18:17.668131795 +0100
-@@ -6,7 +6,6 @@
- # sieve_extensions or sieve_global_extensions settings. Restricting these
- # extensions to a global context using sieve_global_extensions is recommended.
- 
-plugin {
- 
-   # The directory where the program sockets are located for the
-   # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
-@@ -23,7 +22,6 @@ plugin {
-   #sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
-   #sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
-   #sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
-}
- 
- # An example program service called 'do-something' to pipe messages to
- #service do-something {
+ # Colon separated list of elliptic curves to use. Empty value (the default)
+ # means use the defaults from the SSL library. P-521:P-384:P-256 would be an
--- a/dovecot-2.1.10-waitonline.patch
+++ b/dovecot-2.1.10-waitonline.patch
@ -1,11 +1,11 @@
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline	2025-06-02 23:29:29.141111228 +0200
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in	2025-06-02 23:31:27.124155453 +0200
-@@ -12,6 +12,7 @@ Description=Dovecot IMAP/POP3 email serv
- Documentation=man:dovecot(1)
- Documentation=https://doc.dovecot.org/
- After=local-fs.target network-online.target remote-fs.target time-sync.target
-+Wants=network-online.target
+diff -up dovecot-2.3.0.1/dovecot.service.in.waitonline dovecot-2.3.0.1/dovecot.service.in
+--- dovecot-2.3.0.1/dovecot.service.in.waitonline	2018-03-01 10:35:39.888371078 +0100
+++ dovecot-2.3.0.1/dovecot.service.in	2018-03-01 10:36:29.738784661 +0100
+@@ -12,6 +12,7 @@ After=local-fs.target network-online.tar
 
 [Service]
- Type=@systemdservicetype@
+ Type=simple
+ExecStartPre=/usr/libexec/dovecot/prestartscript
+ ExecStart=@sbindir@/dovecot -F
+ PIDFile=@rundir@/master.pid
+ ExecReload=@bindir@/doveadm reload
--- a/dovecot-2.2.20-initbysystemd.patch
+++ b/dovecot-2.2.20-initbysystemd.patch
@ -1,6 +1,6 @@
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd	2025-06-02 23:32:10.685053915 +0200
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service	2025-06-02 23:32:10.685053915 +0200
+diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dovecot-init.service
+--- dovecot-2.3.0.1/dovecot-init.service.initbysystemd	2018-03-01 10:38:22.059716008 +0100
+++ dovecot-2.3.0.1/dovecot-init.service	2018-03-01 10:38:22.059716008 +0100
@@ -0,0 +1,13 @@
 +[Unit]
 +Description=One-time Dovecot init service
@ -15,37 +15,32 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd
 +  SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
 +fi'
 +
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd	2025-06-02 23:32:10.685195261 +0200
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in	2025-06-02 23:34:03.123174934 +0200
-@@ -11,7 +11,8 @@
+diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in
+--- dovecot-2.3.0.1/dovecot.service.in.initbysystemd	2018-03-01 10:38:22.060716016 +0100
+++ dovecot-2.3.0.1/dovecot.service.in	2018-03-01 10:40:45.524901319 +0100
+@@ -8,7 +8,8 @@
 Description=Dovecot IMAP/POP3 email server
 Documentation=man:dovecot(1)
- Documentation=https://doc.dovecot.org/
-After=local-fs.target network-online.target remote-fs.target time-sync.target
-+After=local-fs.target network-online.target remote-fs.target time-sync.target dovecot-init.service
+ Documentation=http://wiki2.dovecot.org/
+-After=local-fs.target network-online.target
+After=local-fs.target network-online.target dovecot-init.service
 +Requires=dovecot-init.service
- Wants=network-online.target
 
 [Service]
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am
--- dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd	2025-03-28 12:32:27.000000000 +0100
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am	2025-06-02 23:33:22.221675050 +0200
-@@ -19,6 +19,7 @@ EXTRA_DIST = \
- 	update-version.sh \
- 	run-test-valgrind.supp \
- 	dovecot.service.in \
-+	dovecot-init.service \
- 	dovecot.socket \
- 	version \
- 	build-aux/git-abi-version-gen \
-@@ -67,7 +68,8 @@ dovecot-config: dovecot-config.in Makefi
- if WANT_SYSTEMD
+ Type=simple
+diff -up dovecot-2.3.0.1/Makefile.am.initbysystemd dovecot-2.3.0.1/Makefile.am
+--- dovecot-2.3.0.1/Makefile.am.initbysystemd	2018-02-28 15:28:57.000000000 +0100
+++ dovecot-2.3.0.1/Makefile.am	2018-03-01 10:38:22.060716016 +0100
+@@ -63,9 +63,10 @@ if HAVE_SYSTEMD
+ 
 systemdsystemunit_DATA = \
         dovecot.socket \
 -        dovecot.service
 +        dovecot.service \
 +        dovecot-init.service
+ else
+-EXTRA_DIST += dovecot.socket dovecot.service.in
+EXTRA_DIST += dovecot.socket dovecot.service.in dovecot-init.service
 endif
 
 install-exec-hook:
--- a/dovecot-2.3.0.1-libxcrypt.patch
+++ b/dovecot-2.3.0.1-libxcrypt.patch
@ -0,0 +1,11 @@
+diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c
+--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt       2018-02-28 15:28:58.000000000 +0100
+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
+@@ -14,6 +14,7 @@
+ #  define _XPG6 /* Some Solaris versions require this, some break with this */
+ #endif
+ #include <unistd.h>
+#include <crypt.h>
+ 
+ #include "mycrypt.h"
+ 
--- a/dovecot-2.3.11-bigkey.patch
+++ b/dovecot-2.3.11-bigkey.patch
@ -1,10 +0,0 @@
-diff -up dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey dovecot-2.3.15/doc/dovecot-openssl.cnf
--- dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey	2021-06-21 20:24:51.913456628 +0200
-+++ dovecot-2.3.15/doc/dovecot-openssl.cnf	2021-06-21 20:25:36.352912123 +0200
-@@ -1,5 +1,5 @@
- [ req ]
-default_bits = 2048
-+default_bits = 3072
- encrypt_key = yes
- distinguished_name = req_dn
- x509_extensions = cert_type
--- a/dovecot-2.3.15-fixvalcond.patch
+++ b/dovecot-2.3.15-fixvalcond.patch
@ -1,24 +0,0 @@
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond	2025-06-02 23:36:21.897399891 +0200
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c	2025-06-02 23:38:13.748569461 +0200
-@@ -102,7 +102,7 @@ sieve_dict_script_get_stream(struct siev
- 		container_of(script, struct sieve_dict_script, script);
- 	struct sieve_dict_storage *dstorage =
- 		container_of(storage, struct sieve_dict_storage, storage);
-	const char *path, *name = script->name, *data, *error;
-+	const char *path, *name = script->name, *data, *error = NULL;
- 	int ret;
- 
- 	dscript->data_pool =
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c
--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond	2025-03-28 12:32:27.000000000 +0100
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c	2025-06-02 23:36:21.897571934 +0200
-@@ -250,7 +250,7 @@ int index_storage_attribute_get(struct m
- 				struct mail_attribute_value *value_r)
- {
- 	struct dict *dict;
-	const char *mailbox_prefix, *error;
-+	const char *mailbox_prefix, *error = NULL;
- 	int ret;
- 
- 	i_zero(value_r);
--- a/dovecot-2.3.15-valbasherr.patch
+++ b/dovecot-2.3.15-valbasherr.patch
@ -1,20 +0,0 @@
-diff -up dovecot-2.3.15/run-test-valgrind.supp.valbasherr dovecot-2.3.15/run-test-valgrind.supp
--- dovecot-2.3.15/run-test-valgrind.supp.valbasherr	2021-06-21 22:52:53.272707239 +0200
-+++ dovecot-2.3.15/run-test-valgrind.supp	2021-06-21 22:54:19.786668430 +0200
-@@ -1,4 +1,16 @@
- {
-+   <bashagin>
-+   Memcheck:Leak
-+   match-leak-kinds: definite
-+   fun:malloc
-+   fun:make_if_command
-+   fun:yyparse
-+   fun:parse_command
-+   fun:read_command
-+   fun:reader_loop
-+   fun:main
-+}
-+{
-    <bash>
-    Memcheck:Leak
-    fun:malloc
--- a/dovecot-2.3.21.1-fixicu.patch
+++ b/dovecot-2.3.21.1-fixicu.patch
@ -1,13 +0,0 @@
-diff -up dovecot-2.3.20/m4/want_icu.m4.fixicu dovecot-2.3.20/m4/want_icu.m4
--- dovecot-2.3.20/m4/want_icu.m4.fixicu	2022-12-21 09:49:12.000000000 +0100
-+++ dovecot-2.3.20/m4/want_icu.m4	2025-01-29 10:47:25.765768562 +0100
-@@ -1,7 +1,7 @@
- AC_DEFUN([DOVECOT_WANT_ICU], [
-   if test "$want_icu" != "no"; then
-    if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n 2>/dev/null; then
-      PKG_CHECK_MODULES(LIBICU, icu-i18n)
-+    if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n icu-uc 2>/dev/null; then
-+      PKG_CHECK_MODULES(LIBICU, icu-i18n icu-uc)
-       have_icu=yes
-       AC_DEFINE(HAVE_LIBICU,, [Define if you want ICU normalization support for FTS])
-     elif test "$want_icu" = "yes"; then
--- a/dovecot-2.4.1-nolibotp.patch
+++ b/dovecot-2.4.1-nolibotp.patch
@ -1,285 +0,0 @@
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c	2025-11-30 13:38:50.100927373 +0100
-@@ -16,7 +16,7 @@
- static const char *const settings[] = {
- 	"base_dir", ".",
- 	"auth_mechanisms",
-		"ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN OTP "
-+		"ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN "
- 		"OAUTHBEARER SCRAM-SHA-1 SCRAM-SHA-256 XOAUTH2",
- 	"auth_username_chars", "",
- 	"auth_username_format", "",
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c	2025-11-30 13:38:50.101130654 +0100
-@@ -46,10 +46,7 @@ request_handler_reply_mock_callback(stru
- 
- 	if (request->passdb_result == PASSDB_RESULT_OK)
- 		request->failed = FALSE;
-	else if (strcmp(request->fields.mech_name, SASL_MECH_NAME_OTP) == 0) {
-		if (null_strcmp(request->fields.user, "otp_phase_2") == 0)
-			request->failed = FALSE;
-	} else if (strcmp(request->fields.mech_name,
-+	else if (strcmp(request->fields.mech_name,
- 			  SASL_MECH_NAME_OAUTHBEARER) == 0) {
- 	}
- };
-@@ -190,10 +187,6 @@ static void test_mechs(void)
- 		{"PLAIN", UCHAR_LEN("\0testuser\0testpass"), "testuser", TRUE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", TRUE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", TRUE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", TRUE, TRUE, FALSE},
-		{"OTP", UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", TRUE, TRUE, FALSE},
-		{"OTP", UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", TRUE, TRUE, FALSE},
-		{"OTP", UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", TRUE, TRUE, FALSE},
- 		{"OAUTHBEARER", UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", FALSE, TRUE, FALSE},
- 		{"SCRAM-SHA-1", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE},
- 		{"SCRAM-SHA-256", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser",  TRUE, FALSE, FALSE},
-@@ -208,8 +201,6 @@ static void test_mechs(void)
- 		{"EXTERNAL", UCHAR_LEN(""), "testuser", FALSE, TRUE, FALSE},
- 		{"EXTERNAL", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
- 		{"LOGIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN(""), "testuser", FALSE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
- 		{"OAUTHBEARER", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
- 		{"XOAUTH2", UCHAR_LEN(""), NULL,  FALSE, FALSE, FALSE},
-@@ -221,7 +212,6 @@ static void test_mechs(void)
- 		{"APOP", UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, FALSE, FALSE, FALSE},
- 		{"APOP", UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, FALSE, FALSE, FALSE},
- 		{"APOP", UCHAR_LEN("1.1.1"), NULL, FALSE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN("somebody\0testuser"), "testuser", FALSE, TRUE, FALSE},
- 		{"CRAM-MD5", UCHAR_LEN("testuser\0response"), "testuser",  FALSE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("testuser\0"), "testuser", FALSE, FALSE, FALSE},
- 
-@@ -264,9 +254,7 @@ static void test_mechs(void)
- 		{"PLAIN", UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, FALSE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("failingwiththis"), NULL, FALSE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("failing\0withthis"), NULL, FALSE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN("someb\0ody\0testuser"), NULL, FALSE, FALSE, FALSE},
- 		/* phase 2 */
-		{"OTP", UCHAR_LEN("someb\0ody\0testuser"), "testuser", FALSE, TRUE, FALSE},
- 		{"SCRAM-SHA-1", UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, FALSE, FALSE, FALSE},
- 		{"SCRAM-SHA-1", UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, FALSE, FALSE, FALSE},
- 		{"SCRAM-SHA-1", UCHAR_LEN("n,a=masteruser,,"), NULL, FALSE, FALSE, FALSE},
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp	2025-11-30 13:38:50.093609901 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c	2025-11-30 13:38:50.101359374 +0100
-@@ -13,7 +13,6 @@
- #include "randgen.h"
- #include "sha1.h"
- #include "sha2.h"
-#include "otp.h"
- #include "str.h"
- #include "auth-digest.h"
- #include "password-scheme.h"
-@@ -704,33 +703,6 @@ plain_md5_generate(const char *plaintext
- 	*size_r = MD5_RESULTLEN;
- }
- 
-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
-		      const unsigned char *raw_password, size_t size,
-		      const char **error_r)
-{
-	const char *password, *generated;
-
-	password = t_strndup(raw_password, size);
-	if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) {
-		*error_r = "Invalid OTP data in passdb";
-		return -1;
-	}
-
-	return strcasecmp(password, generated) == 0 ? 1 : 0;
-}
-
-static void
-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
-	     const unsigned char **raw_password_r, size_t *size_r)
-{
-	const char *password;
-
-	if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0)
-		i_unreached();
-	*raw_password_r = (const unsigned char *)password;
-	*size_r = strlen(password);
-}
-
- static const struct password_scheme builtin_schemes[] = {
- 	{
- 		.name = "MD5",
-@@ -894,13 +866,6 @@ static const struct password_scheme buil
- 		.password_generate = plain_md5_generate,
- 	},
- 	{
-		.name = "OTP",
-		.default_encoding = PW_ENCODING_NONE,
-		.raw_password_len = 0,
-		.password_verify = otp_verify,
-		.password_generate = otp_generate,
-	},
-	{
- 		.name = "PBKDF2",
- 		.default_encoding = PW_ENCODING_NONE,
- 		.raw_password_len = 0,
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h	2025-11-30 13:38:50.101549260 +0100
-@@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi
- /* INTERNAL: */
- const char *password_generate_salt(size_t len);
- const char *password_generate_md5_crypt(const char *pw, const char *salt);
-int password_generate_otp(const char *pw, const char *state_data,
-			  unsigned int algo, const char **result_r)
-	ATTR_NULL(2);
- 
- int scram_verify(const struct hash_method *hmethod, const char *scheme_name,
- 		 const char *plaintext, const unsigned char *raw_password,
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c	2025-11-30 13:38:50.101711124 +0100
-@@ -107,7 +107,6 @@ static void test_password_schemes(void)
- 	test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test");
- 	test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test");
- 	test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test");
-	test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test");
- 	test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test");
- 	test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
- 	test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp	2025-11-30 13:39:54.210043386 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c	2025-11-30 13:39:54.217205256 +0100
-@@ -175,7 +175,6 @@ void dsasl_clients_init(void)
- 	dsasl_client_mech_register(&dsasl_client_mech_digest_md5);
- 	dsasl_client_mech_register(&dsasl_client_mech_cram_md5);
- 	dsasl_client_mech_register(&dsasl_client_mech_oauthbearer);
-	dsasl_client_mech_register(&dsasl_client_mech_otp);
- 	dsasl_client_mech_register(&dsasl_client_mech_xoauth2);
- 	dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1);
- 	dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1_plus);
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp	2025-11-30 13:40:22.269119732 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h	2025-11-30 13:40:22.275363043 +0100
-@@ -50,7 +50,6 @@ extern const struct dsasl_client_mech ds
- extern const struct dsasl_client_mech dsasl_client_mech_external;
- extern const struct dsasl_client_mech dsasl_client_mech_login;
- extern const struct dsasl_client_mech dsasl_client_mech_oauthbearer;
-extern const struct dsasl_client_mech dsasl_client_mech_otp;
- extern const struct dsasl_client_mech dsasl_client_mech_xoauth2;
- extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1;
- extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1_plus;
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp	2025-11-30 13:40:56.823727053 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c	2025-11-30 13:40:56.837864792 +0100
-@@ -635,7 +635,6 @@ static void fuzz_sasl_run(struct istream
- 	sasl_server_mech_register_cram_md5(server_inst);
- 	sasl_server_mech_register_digest_md5(server_inst);
- 	sasl_server_mech_register_login(server_inst);
-	sasl_server_mech_register_otp(server_inst);
- 	sasl_server_mech_register_plain(server_inst);
- 	sasl_server_mech_register_scram_sha1(server_inst);
- 	sasl_server_mech_register_scram_sha1_plus(server_inst);
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp	2025-11-30 13:41:24.035316421 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h	2025-11-30 13:41:24.050796571 +0100
-@@ -193,8 +193,6 @@ void sasl_server_mech_register_scram_sha
- void sasl_server_mech_register_scram_sha256_plus(
- 	struct sasl_server_instance *sinst);
- 
-void sasl_server_mech_register_otp(struct sasl_server_instance *sinst);
-
- /* Winbind */
- 
- struct sasl_server_winbind_settings {
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp	2025-11-30 13:42:08.741524883 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c	2025-11-30 13:42:08.757334395 +0100
-@@ -507,7 +507,6 @@ test_sasl_run(const struct test_sasl *te
- 	sasl_server_mech_register_digest_md5(server_inst);
- 	sasl_server_mech_register_external(server_inst);
- 	sasl_server_mech_register_login(server_inst);
-	sasl_server_mech_register_otp(server_inst);
- 	sasl_server_mech_register_plain(server_inst);
- 	sasl_server_mech_register_scram_sha1(server_inst);
- 	sasl_server_mech_register_scram_sha1_plus(server_inst);
-@@ -722,16 +721,6 @@ static const struct test_sasl success_te
- 			.password = "tokentokentoken",
- 		},
- 	},
-	/* OTP */
-	{
-		.mech = "OTP",
-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
-		.server = {
-			.authid = "user",
-			.password = "pass",
-		},
-		.repeat = 1050,
-	},
- 	/* EXTERNAL */
- 	{
- 		.mech = "EXTERNAL",
-@@ -1457,31 +1446,6 @@ static const struct test_sasl bad_creds_
- 		},
- 		.failure = TRUE,
- 	},
-	/* OTP */
-	{
-		.mech = "OTP",
-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
-		.server = {
-			.authid = "user",
-			.password = "pass",
-		},
-		.client = {
-			.authid = "userb",
-		},
-		.failure = TRUE,
-	},
-	{
-		.mech = "OTP",
-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
-		.server = {
-			.authid = "user",
-			.password = "pass",
-		},
-		.client = {
-			.password = "florp",
-		},
-		.failure = TRUE,
-	},
- 	/* EXTERNAL */
- 	{
- 		.mech = "EXTERNAL",
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2	2025-11-30 13:56:23.124460140 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c	2025-11-30 13:56:39.521935947 +0100
-@@ -472,7 +472,6 @@ MECH_SIMPLE_REGISTER__TEMPLATE(cram_md5)
- MECH_SIMPLE_REGISTER__TEMPLATE(digest_md5)
- MECH_SIMPLE_REGISTER__TEMPLATE(external)
- MECH_SIMPLE_REGISTER__TEMPLATE(login)
-MECH_SIMPLE_REGISTER__TEMPLATE(otp)
- MECH_SIMPLE_REGISTER__TEMPLATE(plain)
- MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1)
- MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1_plus)
-@@ -539,12 +538,6 @@ static const struct auth_sasl_mech_modul
- 	.mech_register = mech_login_register,
- };
- 
-static const struct auth_sasl_mech_module mech_otp = {
-	.mech_name = SASL_MECH_NAME_OTP,
-
-	.mech_register = mech_otp_register,
-};
-
- static const struct auth_sasl_mech_module mech_plain = {
- 	.mech_name = SASL_MECH_NAME_PLAIN,
- 
-@@ -612,7 +605,6 @@ static void auth_sasl_mechs_init(const s
- 	if (set->use_winbind)
- 		auth_sasl_mech_register_module(&mech_winbind_ntlm);
- 	auth_sasl_mech_oauth2_register();
-	auth_sasl_mech_register_module(&mech_otp);
- 	auth_sasl_mech_register_module(&mech_plain);
- 	auth_sasl_mech_register_module(&mech_scram_sha1);
- 	auth_sasl_mech_register_module(&mech_scram_sha1_plus);
--- a/dovecot-2.4.1-opensslhmac3.patch
+++ b/dovecot-2.4.1-opensslhmac3.patch
--- a/dovecot-2.4.2-fixbuild.patch
+++ b/dovecot-2.4.2-fixbuild.patch
@ -1,135 +0,0 @@
-diff -up dovecot-2.4.2/src/lib/istream.c.fixbuild dovecot-2.4.2/src/lib/istream.c
--- dovecot-2.4.2/src/lib/istream.c.fixbuild	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2/src/lib/istream.c	2025-11-30 11:40:37.739536137 +0100
-@@ -85,7 +85,7 @@ void i_stream_add_destroy_callback(struc
- }
- 
- void i_stream_remove_destroy_callback(struct istream *stream,
-				      void (*callback)())
-+				      istream_callback_t *callback)
- {
- 	io_stream_remove_destroy_callback(&stream->real_stream->iostream,
- 					  callback);
-diff -up dovecot-2.4.2/src/lib/istream.h.fixbuild dovecot-2.4.2/src/lib/istream.h
--- dovecot-2.4.2/src/lib/istream.h.fixbuild	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2/src/lib/istream.h	2025-11-30 11:40:37.739798710 +0100
-@@ -100,7 +100,7 @@ void i_stream_add_destroy_callback(struc
- 		(istream_callback_t *)callback, context)
- /* Remove the destroy callback. */
- void i_stream_remove_destroy_callback(struct istream *stream,
-				      void (*callback)());
-+				      istream_callback_t *callback);
- 
- /* Return file descriptor for stream, or -1 if none is available. */
- int i_stream_get_fd(struct istream *stream);
-diff -up dovecot-2.4.2/src/lib/ostream.c.fixbuild dovecot-2.4.2/src/lib/ostream.c
--- dovecot-2.4.2/src/lib/ostream.c.fixbuild	2025-11-30 11:42:21.434063550 +0100
-+++ dovecot-2.4.2/src/lib/ostream.c	2025-11-30 11:42:55.814100259 +0100
-@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
- }
- 
- void o_stream_remove_destroy_callback(struct ostream *stream,
-				      void (*callback)())
-+				      ostream_callback_t *callback)
- {
- 	io_stream_remove_destroy_callback(&stream->real_stream->iostream,
- 					  callback);
-diff -up dovecot-2.4.2/src/lib/ostream.h.fixbuild dovecot-2.4.2/src/lib/ostream.h
--- dovecot-2.4.2/src/lib/ostream.h.fixbuild	2025-11-30 11:42:29.639009602 +0100
-+++ dovecot-2.4.2/src/lib/ostream.h	2025-11-30 11:43:20.101652841 +0100
-@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
- 		(ostream_callback_t *)callback, context)
- /* Remove the destroy callback. */
- void o_stream_remove_destroy_callback(struct ostream *stream,
-				      void (*callback)());
-+				      ostream_callback_t *callback);
- 
- /* Mark the stream and all of its parent streams closed. Nothing will be
-    sent after this call. When using ostreams that require writing a trailer,
-diff -up dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild dovecot-2.4.2/src/lib-json/json-istream.c
--- dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2/src/lib-json/json-istream.c	2025-11-30 12:52:15.970430672 +0100
-@@ -706,7 +706,7 @@ static void json_istream_drop_value_stre
- 		if (stream->seekable_stream != NULL) {
- 			i_stream_remove_destroy_callback(
- 				stream->seekable_stream,
-				json_istream_drop_seekable_stream);
-+				(istream_callback_t *)json_istream_drop_seekable_stream);
- 			i_stream_unref(&stream->seekable_stream);
- 		}
- 	}
-@@ -720,12 +720,12 @@ static void json_istream_consumed_value_
- 	if (stream->seekable_stream != NULL) {
- 		i_stream_remove_destroy_callback(
- 			stream->seekable_stream,
-			json_istream_drop_seekable_stream);
-+			(istream_callback_t *)json_istream_drop_seekable_stream);
- 	}
- 	if (stream->value_stream != NULL) {
- 		i_stream_remove_destroy_callback(
- 			stream->value_stream,
-			json_istream_drop_value_stream);
-+			(istream_callback_t *)json_istream_drop_value_stream);
- 	}
- 	stream->value_stream = NULL;
- 	stream->seekable_stream = NULL;
- 		i_stream_remove_destroy_callback(conn->incoming_payload,
-						 http_client_payload_destroyed);
-+						 (istream_callback_t *)http_client_payload_destroyed);
- 		conn->incoming_payload = NULL;
- 	}
- 
-diff -up dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-server-connection.c
--- dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild	2025-11-30 13:02:24.337384848 +0100
-+++ dovecot-2.4.2/src/lib-http/http-server-connection.c	2025-11-30 13:03:14.477064608 +0100
-@@ -1066,7 +1066,7 @@ http_server_connection_disconnect(struct
- 	if (conn->incoming_payload != NULL) {
- 		/* The stream is still accessed by lib-http caller. */
- 		i_stream_remove_destroy_callback(conn->incoming_payload,
-						 http_server_payload_destroyed);
-+						 (istream_callback_t *)http_server_payload_destroyed);
- 		conn->incoming_payload = NULL;
- 	}
- 	if (conn->payload_handler != NULL)
-diff -up dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-client-connection.c
--- dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild	2025-11-30 12:57:42.670247695 +0100
-+++ dovecot-2.4.2/src/lib-http/http-client-connection.c	2025-11-30 13:00:54.862436490 +0100
-@@ -832,7 +832,7 @@ void http_client_connection_request_dest
- 	   is closed and we don't care about it anymore, so act as though it is
- 	   destroyed. */
- 	i_stream_remove_destroy_callback(payload,
-					 http_client_payload_destroyed);
-+					 (istream_callback_t *)http_client_payload_destroyed);
- 	http_client_payload_destroyed(req);
- }
- 
-@@ -888,7 +888,7 @@ http_client_connection_return_response(s
- 		if (response->payload != NULL) {
- 			i_stream_remove_destroy_callback(
- 				conn->incoming_payload,
-				http_client_payload_destroyed);
-+				(istream_callback_t *)http_client_payload_destroyed);
- 			i_stream_unref(&conn->incoming_payload);
- 			connection_input_resume(&conn->conn);
- 		}
-@@ -1731,7 +1731,7 @@ http_client_connection_disconnect(struct
- 	if (conn->incoming_payload != NULL) {
- 		/* The stream is still accessed by lib-http caller. */
- 		i_stream_remove_destroy_callback(conn->incoming_payload,
-						 http_client_payload_destroyed);
-+						 (istream_callback_t *)http_client_payload_destroyed);
- 		conn->incoming_payload = NULL;
- 	}
- 
-diff -up dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 dovecot-2.4.2/src/lib-storage/index/index-mail.c
--- dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2	2025-11-30 13:48:46.658539149 +0100
-+++ dovecot-2.4.2/src/lib-storage/index/index-mail.c	2025-11-30 13:49:47.178158024 +0100
-@@ -1840,7 +1840,7 @@ static void index_mail_close_streams_ful
- 			   allowed to have references until the mail is closed
- 			   (but we can't really check that) */
- 			i_stream_remove_destroy_callback(data->stream,
-				index_mail_stream_destroy_callback);
-+				(istream_callback_t *)index_mail_stream_destroy_callback);
- 		}
- 		i_stream_unref(&data->stream);
- 		/* there must be no references to the mail when the
--- a/dovecot.spec
+++ b/dovecot.spec
--- a/dovecot.sysusers
+++ b/dovecot.sysusers
@ -1,9 +0,0 @@
-#Type Name    ID    GECOS                       Home directory       Shell
-g     dovecot 97
-u     dovecot 97   "Dovecot IMAP server"        /usr/libexec/dovecot /sbin/nologin
-m     dovecot dovecot
-
-g     dovenull -
-u     dovenull -   "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin
-m     dovenull dovenull
-
--- a/plans/main.fmf
+++ b/plans/main.fmf
@ -1,6 +0,0 @@
-summary: Run all tests
-execute:
-  how: tmt
-discover:
-  how: fmf
-
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -1,7 +0,0 @@
---
-runpath:
-  allowed_paths:
-    # dovecot only plugins
-    - /usr/lib/dovecot/old-stats
-    - /usr/lib64/dovecot/old-stats
-
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (dovecot-2.4.2.tar.gz) = 0524695341abe711d3a811c56156889d6fef7a09becc684c6f1dc1e5add605969ca8794eb7d44bfbc49f70515f22e8640b5828443addecfe4798fb8b174670ae
-SHA512 (dovecot-pigeonhole-2.4.2.tar.gz) = 82c46c7ac2792aa5c211c8b66309f9f21c05ecd2fa8ab3abf98fb4e05831fd37aaa3edffcfbe1b3defbb9ac8ef9df1c33ece83cf7524e8b226c4deab8c250134
+SHA512 (dovecot-2.3.8.tar.gz) = f62439e2ea77ffb544a7752c07085582c5653c64671cb42dd7a7e5aa69eb87059c677aa1fa071efa1ddd2287ab621e9a264ec115be2aeb2f43ab4c685411eae3
+SHA512 (dovecot-2.3-pigeonhole-0.5.8.tar.gz) = ddf009c755cc87c362ddf1c17ac1403b0f6a504b039efef3244f2d5bd4d3963fb25baaaa4d98c089b3e8bddd4675d131765fee5499d9aaf01015e44f7d631d2d
--- a/tests/got-audit/got-audit.gdb
+++ b/tests/got-audit/got-audit.gdb
@ -1,2 +0,0 @@
-gef config gef.disable_color True
-got-audit --all
--- a/tests/got-audit/main.fmf
+++ b/tests/got-audit/main.fmf
@ -1,10 +0,0 @@
-summary: Audit the GOT for signs of tampering
-description: |
-  Pointers in the server process GOT will be checked to ensure that
-  each function pointer's value is within a shared object file
-  that exports a symbol of that name, and that no shared object
-  files export conflicting symbols.
-contact: Gordon Messmer <gordon.messmer@gmail.com>
-require+:
-  - gdb-gef           # needed to test got-audit
-
--- a/tests/got-audit/runtest.sh
+++ b/tests/got-audit/runtest.sh
@ -1,41 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/dovecot/Sanity/got-audit
-#   Description: Check pointers in the server process GOT for signs of tampering
-#   Author: Gordon Messmer <gordon.messmer@gmail.com>
-#
-
-# Include Beaker environment
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlServiceStart dovecot
-        rlRun "TestDir=\$(pwd)"
-        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-        rlRun "pushd $TmpDir"
-        rlRun "auditfile=\$(mktemp --tmpdir=${TmpDir})"
-    rlPhaseEnd
-
-    rlPhaseStartTest "Run GEF got-audit"
-        rlRun "SERVICE_PID=\$( systemctl show --property=MainPID dovecot.service | cut -f2 -d= )"
-        rlRun "echo SERVICE_PID is '$SERVICE_PID'"
-        [ -n "$SERVICE_PID" ] || rlFail "No service pid was found"
-        rlRun "gdb-gef --pid '$SERVICE_PID' --command='$TestDir'/got-audit.gdb --batch > '$auditfile'"
-        # Basic test: ensure that at least one symbol is found in libc.so,
-        #  to verify that the report looks plausible.
-        rlAssertGrep " : /.*/libc.so" "$auditfile"
-        # Ensure the got-audit did not report any errors
-        rlAssertNotGrep " :: ERROR" "$auditfile"
-        rlRun "cp '$auditfile' '$TMT_TEST_DATA'/got-audit.txt"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlServiceRestore dovecot
-        rlRun "popd"
-        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
--- a/tests/main.fmf
+++ b/tests/main.fmf
@ -1,2 +0,0 @@
-test: ./runtest.sh
-framework: beakerlib
Author	SHA1	Message	Date
Michal Hlavinka	3399f7ef35	dovecot updated to 2.3.8, pigeonhole 0.5.8	2019-10-10 14:33:13 +02:00
Michal Hlavinka	caa5c4be29	dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2 fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes	2019-08-29 11:04:23 +02:00
Michal Hlavinka	f88e108645	dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1	2019-08-19 17:35:29 +02:00
Michal Hlavinka	3802f416a1	disable gcc 9 stack reuse temporarily	2019-05-31 16:21:00 +02:00
Michal Hlavinka	1c3a9c4632	dovecot updated to 2.3.6, pigeonhole updated to 0.5.6	2019-05-02 17:01:44 +02:00
Michal Hlavinka	1763fadc5c	dovecot updated to 2.3.5.2 fixes CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled.	2019-04-18 15:03:30 +02:00
Michal Hlavinka	3fa61155d6	dovecot updated to 2.3.5.1 CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index.	2019-03-28 17:41:38 +01:00
Michal Hlavinka	6f247633b6	dovecot updated to 2.3.5, pigeonhole updated to 0.5.5	2019-03-06 18:19:56 +01:00
Michal Hlavinka	e77c4f7d51	dovecot updated to 2.3.4, pigeonhole updated to 0.5.4	2019-01-09 18:19:42 +01:00
Michal Hlavinka	cfb1172a13	dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3 doveconf hides more secrets now in the default output NUL bytes in mail headers can cause truncated replies when fetched. virtual plugin: Some searches used 100% CPU for many seconds dsync assert-crashed with acl plugin in some situations. imapc: Fixed various assert-crashes when reconnecting to server.	2018-10-03 16:22:49 +02:00