dovecot updated to 2.3.10.1

fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957
dovecot updated to 2.3.10, pigeonhole updated to 0.5.10
2020-05-19 11:50:18 +02:00 · 2020-04-21 20:07:35 +02:00 · 2020-02-12 16:39:09 +01:00 · 2019-12-19 23:10:15 +01:00 · 2019-10-10 14:32:54 +02:00 · 2019-08-29 11:04:04 +02:00
21 changed files with 2170 additions and 2000 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -1 +0,0 @@
-1
--- a/dovecot-2.0-defaultconfig.patch
+++ b/dovecot-2.0-defaultconfig.patch
@ -1,97 +1,33 @@
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in
--- dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in	2025-11-30 09:24:17.130246956 +0100
-@@ -16,24 +16,19 @@ dovecot_storage_version = @DOVECOT_CONFI
- # The configuration below is a minimal configuration file using system user authentication.
- # See https://@DOVECOT_ASSET_URL@/latest/core/config/quick.html
+diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
+--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf	2018-03-01 10:29:38.208368555 +0100
+@@ -322,6 +322,7 @@ protocol !indexer-worker {
+ # them simultaneously.
+ #mbox_read_locks = fcntl
+ #mbox_write_locks = dotlock fcntl
+mbox_write_locks = fcntl
 
-!include_try conf.d/*.conf
-
- # Enable wanted protocols:
- protocols {
-   imap = yes
-   lmtp = yes
- }
+ # Maximum time to wait for lock (all of them) before aborting.
+ #mbox_lock_timeout = 5 mins
+diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
+--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf	2018-03-01 10:33:54.779499044 +0100
+@@ -3,7 +3,9 @@
+ ##
 
-mail_home = /srv/mail/%{user}
-mail_driver = sdbox
-+mail_home = /home/%{user}
-+mail_driver = maildir
- mail_path = ~/mail
- 
-mail_uid = vmail
-mail_gid = vmail
-
-# By default first_valid_uid is 500. If your vmail user's UID is smaller,
-+# By default first_valid_uid is 1000. If your vmail user's UID is smaller,
- # you need to modify this:
-#first_valid_uid = uid-number-of-vmail-user
-+first_valid_uid = 1000
- 
- namespace inbox {
-   inbox = yes
-@@ -44,7 +39,15 @@ namespace inbox {
- passdb pam {
- }
- 
-+userdb passwd {
-+}
-+
+ # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+-#ssl = yes
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
+# plain imap and pop3 are still allowed for local connections
 +ssl = required
+ 
+ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+ # dropping root privileges, so keep the key file unreadable by anyone but
+@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
+ #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+ # To disable non-EC DH, use:
+ #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
 +ssl_cipher_list = PROFILE=SYSTEM
-+
- ssl_server {
-  cert_file = /etc/dovecot/ssl-cert.pem
-  key_file = /etc/dovecot/ssl-key.pem
-+  cert_file = /etc/pki/dovecot/certs/dovecot.pem
-+  key_file = /etc/pki/dovecot/private/dovecot.pem
- }
-+
-+!include_try conf.d/*.conf
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf
--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings	2025-10-29 08:00:30.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf	2025-11-30 09:18:17.667869864 +0100
-@@ -21,7 +21,6 @@
- # file or directory. Refer to Pigeonhole wiki or INSTALL file for more
- # information.
 
-plugin {
-   # The location of the user's main Sieve script or script storage. The LDA
-   # Sieve plugin uses this to find the active script for Sieve filtering at
-   # delivery. The "include" extension uses this location for retrieving
-@@ -36,7 +35,10 @@ plugin {
-   # active script symlink is located.
-   # For other types: use the ';name=' parameter to specify the name of the
-   # default/active script.
-  sieve = file:~/sieve;active=~/.dovecot.sieve
-+sieve_script personal {
-+  path = ~/sieve
-+  active_path = ~/.dovecot.sieve
-+}
- 
-   # The default Sieve script when the user has none. This is the location of a
-   # global sieve script file, which gets executed ONLY if user's personal Sieve
-@@ -202,4 +204,3 @@ plugin {
-   # Enables showing byte code addresses in the trace output, rather than only
-   # the source line numbers.
-   #sieve_trace_addresses = no 
-}
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf
--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings	2025-10-29 08:00:30.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf	2025-11-30 09:18:17.668131795 +0100
-@@ -6,7 +6,6 @@
- # sieve_extensions or sieve_global_extensions settings. Restricting these
- # extensions to a global context using sieve_global_extensions is recommended.
- 
-plugin {
- 
-   # The directory where the program sockets are located for the
-   # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
-@@ -23,7 +22,6 @@ plugin {
-   #sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
-   #sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
-   #sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
-}
- 
- # An example program service called 'do-something' to pipe messages to
- #service do-something {
+ # Colon separated list of elliptic curves to use. Empty value (the default)
+ # means use the defaults from the SSL library. P-521:P-384:P-256 would be an
--- a/dovecot-2.1.10-waitonline.patch
+++ b/dovecot-2.1.10-waitonline.patch
@ -1,11 +1,11 @@
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline	2025-06-02 23:29:29.141111228 +0200
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in	2025-06-02 23:31:27.124155453 +0200
-@@ -12,6 +12,7 @@ Description=Dovecot IMAP/POP3 email serv
- Documentation=man:dovecot(1)
- Documentation=https://doc.dovecot.org/
- After=local-fs.target network-online.target remote-fs.target time-sync.target
-+Wants=network-online.target
+diff -up dovecot-2.3.0.1/dovecot.service.in.waitonline dovecot-2.3.0.1/dovecot.service.in
+--- dovecot-2.3.0.1/dovecot.service.in.waitonline	2018-03-01 10:35:39.888371078 +0100
+++ dovecot-2.3.0.1/dovecot.service.in	2018-03-01 10:36:29.738784661 +0100
+@@ -12,6 +12,7 @@ After=local-fs.target network-online.tar
 
 [Service]
- Type=@systemdservicetype@
+ Type=simple
+ExecStartPre=/usr/libexec/dovecot/prestartscript
+ ExecStart=@sbindir@/dovecot -F
+ PIDFile=@rundir@/master.pid
+ ExecReload=@bindir@/doveadm reload
--- a/dovecot-2.2.20-initbysystemd.patch
+++ b/dovecot-2.2.20-initbysystemd.patch
@ -1,6 +1,6 @@
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd	2025-06-02 23:32:10.685053915 +0200
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service	2025-06-02 23:32:10.685053915 +0200
+diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dovecot-init.service
+--- dovecot-2.3.0.1/dovecot-init.service.initbysystemd	2018-03-01 10:38:22.059716008 +0100
+++ dovecot-2.3.0.1/dovecot-init.service	2018-03-01 10:38:22.059716008 +0100
@@ -0,0 +1,13 @@
 +[Unit]
 +Description=One-time Dovecot init service
@ -15,37 +15,32 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd
 +  SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
 +fi'
 +
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd	2025-06-02 23:32:10.685195261 +0200
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in	2025-06-02 23:34:03.123174934 +0200
-@@ -11,7 +11,8 @@
+diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in
+--- dovecot-2.3.0.1/dovecot.service.in.initbysystemd	2018-03-01 10:38:22.060716016 +0100
+++ dovecot-2.3.0.1/dovecot.service.in	2018-03-01 10:40:45.524901319 +0100
+@@ -8,7 +8,8 @@
 Description=Dovecot IMAP/POP3 email server
 Documentation=man:dovecot(1)
- Documentation=https://doc.dovecot.org/
-After=local-fs.target network-online.target remote-fs.target time-sync.target
-+After=local-fs.target network-online.target remote-fs.target time-sync.target dovecot-init.service
+ Documentation=http://wiki2.dovecot.org/
+-After=local-fs.target network-online.target
+After=local-fs.target network-online.target dovecot-init.service
 +Requires=dovecot-init.service
- Wants=network-online.target
 
 [Service]
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am
--- dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd	2025-03-28 12:32:27.000000000 +0100
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am	2025-06-02 23:33:22.221675050 +0200
-@@ -19,6 +19,7 @@ EXTRA_DIST = \
- 	update-version.sh \
- 	run-test-valgrind.supp \
- 	dovecot.service.in \
-+	dovecot-init.service \
- 	dovecot.socket \
- 	version \
- 	build-aux/git-abi-version-gen \
-@@ -67,7 +68,8 @@ dovecot-config: dovecot-config.in Makefi
- if WANT_SYSTEMD
+ Type=simple
+diff -up dovecot-2.3.0.1/Makefile.am.initbysystemd dovecot-2.3.0.1/Makefile.am
+--- dovecot-2.3.0.1/Makefile.am.initbysystemd	2018-02-28 15:28:57.000000000 +0100
+++ dovecot-2.3.0.1/Makefile.am	2018-03-01 10:38:22.060716016 +0100
+@@ -63,9 +63,10 @@ if HAVE_SYSTEMD
+ 
 systemdsystemunit_DATA = \
         dovecot.socket \
 -        dovecot.service
 +        dovecot.service \
 +        dovecot-init.service
+ else
+-EXTRA_DIST += dovecot.socket dovecot.service.in
+EXTRA_DIST += dovecot.socket dovecot.service.in dovecot-init.service
 endif
 
 install-exec-hook:
--- a/dovecot-2.3.0.1-libxcrypt.patch
+++ b/dovecot-2.3.0.1-libxcrypt.patch
@ -0,0 +1,11 @@
+diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c
+--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt       2018-02-28 15:28:58.000000000 +0100
+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
+@@ -14,6 +14,7 @@
+ #  define _XPG6 /* Some Solaris versions require this, some break with this */
+ #endif
+ #include <unistd.h>
+#include <crypt.h>
+ 
+ #include "mycrypt.h"
+ 
--- a/dovecot-2.3.11-bigkey.patch
+++ b/dovecot-2.3.11-bigkey.patch
@ -1,10 +0,0 @@
-diff -up dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey dovecot-2.3.15/doc/dovecot-openssl.cnf
--- dovecot-2.3.15/doc/dovecot-openssl.cnf.bigkey	2021-06-21 20:24:51.913456628 +0200
-+++ dovecot-2.3.15/doc/dovecot-openssl.cnf	2021-06-21 20:25:36.352912123 +0200
-@@ -1,5 +1,5 @@
- [ req ]
-default_bits = 2048
-+default_bits = 3072
- encrypt_key = yes
- distinguished_name = req_dn
- x509_extensions = cert_type
--- a/dovecot-2.3.15-fixvalcond.patch
+++ b/dovecot-2.3.15-fixvalcond.patch
@ -1,24 +0,0 @@
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond	2025-06-02 23:36:21.897399891 +0200
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c	2025-06-02 23:38:13.748569461 +0200
-@@ -102,7 +102,7 @@ sieve_dict_script_get_stream(struct siev
- 		container_of(script, struct sieve_dict_script, script);
- 	struct sieve_dict_storage *dstorage =
- 		container_of(storage, struct sieve_dict_storage, storage);
-	const char *path, *name = script->name, *data, *error;
-+	const char *path, *name = script->name, *data, *error = NULL;
- 	int ret;
- 
- 	dscript->data_pool =
-diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c
--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond	2025-03-28 12:32:27.000000000 +0100
-+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c	2025-06-02 23:36:21.897571934 +0200
-@@ -250,7 +250,7 @@ int index_storage_attribute_get(struct m
- 				struct mail_attribute_value *value_r)
- {
- 	struct dict *dict;
-	const char *mailbox_prefix, *error;
-+	const char *mailbox_prefix, *error = NULL;
- 	int ret;
- 
- 	i_zero(value_r);
--- a/dovecot-2.3.15-valbasherr.patch
+++ b/dovecot-2.3.15-valbasherr.patch
@ -1,20 +0,0 @@
-diff -up dovecot-2.3.15/run-test-valgrind.supp.valbasherr dovecot-2.3.15/run-test-valgrind.supp
--- dovecot-2.3.15/run-test-valgrind.supp.valbasherr	2021-06-21 22:52:53.272707239 +0200
-+++ dovecot-2.3.15/run-test-valgrind.supp	2021-06-21 22:54:19.786668430 +0200
-@@ -1,4 +1,16 @@
- {
-+   <bashagin>
-+   Memcheck:Leak
-+   match-leak-kinds: definite
-+   fun:malloc
-+   fun:make_if_command
-+   fun:yyparse
-+   fun:parse_command
-+   fun:read_command
-+   fun:reader_loop
-+   fun:main
-+}
-+{
-    <bash>
-    Memcheck:Leak
-    fun:malloc
--- a/dovecot-2.3.21.1-fixicu.patch
+++ b/dovecot-2.3.21.1-fixicu.patch
@ -1,13 +0,0 @@
-diff -up dovecot-2.3.20/m4/want_icu.m4.fixicu dovecot-2.3.20/m4/want_icu.m4
--- dovecot-2.3.20/m4/want_icu.m4.fixicu	2022-12-21 09:49:12.000000000 +0100
-+++ dovecot-2.3.20/m4/want_icu.m4	2025-01-29 10:47:25.765768562 +0100
-@@ -1,7 +1,7 @@
- AC_DEFUN([DOVECOT_WANT_ICU], [
-   if test "$want_icu" != "no"; then
-    if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n 2>/dev/null; then
-      PKG_CHECK_MODULES(LIBICU, icu-i18n)
-+    if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n icu-uc 2>/dev/null; then
-+      PKG_CHECK_MODULES(LIBICU, icu-i18n icu-uc)
-       have_icu=yes
-       AC_DEFINE(HAVE_LIBICU,, [Define if you want ICU normalization support for FTS])
-     elif test "$want_icu" = "yes"; then
--- a/dovecot-2.4.1-nolibotp.patch
+++ b/dovecot-2.4.1-nolibotp.patch
@ -1,285 +0,0 @@
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c	2025-11-30 13:38:50.100927373 +0100
-@@ -16,7 +16,7 @@
- static const char *const settings[] = {
- 	"base_dir", ".",
- 	"auth_mechanisms",
-		"ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN OTP "
-+		"ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN "
- 		"OAUTHBEARER SCRAM-SHA-1 SCRAM-SHA-256 XOAUTH2",
- 	"auth_username_chars", "",
- 	"auth_username_format", "",
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c	2025-11-30 13:38:50.101130654 +0100
-@@ -46,10 +46,7 @@ request_handler_reply_mock_callback(stru
- 
- 	if (request->passdb_result == PASSDB_RESULT_OK)
- 		request->failed = FALSE;
-	else if (strcmp(request->fields.mech_name, SASL_MECH_NAME_OTP) == 0) {
-		if (null_strcmp(request->fields.user, "otp_phase_2") == 0)
-			request->failed = FALSE;
-	} else if (strcmp(request->fields.mech_name,
-+	else if (strcmp(request->fields.mech_name,
- 			  SASL_MECH_NAME_OAUTHBEARER) == 0) {
- 	}
- };
-@@ -190,10 +187,6 @@ static void test_mechs(void)
- 		{"PLAIN", UCHAR_LEN("\0testuser\0testpass"), "testuser", TRUE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", TRUE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", TRUE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", TRUE, TRUE, FALSE},
-		{"OTP", UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", TRUE, TRUE, FALSE},
-		{"OTP", UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", TRUE, TRUE, FALSE},
-		{"OTP", UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", TRUE, TRUE, FALSE},
- 		{"OAUTHBEARER", UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", FALSE, TRUE, FALSE},
- 		{"SCRAM-SHA-1", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE},
- 		{"SCRAM-SHA-256", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser",  TRUE, FALSE, FALSE},
-@@ -208,8 +201,6 @@ static void test_mechs(void)
- 		{"EXTERNAL", UCHAR_LEN(""), "testuser", FALSE, TRUE, FALSE},
- 		{"EXTERNAL", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
- 		{"LOGIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN(""), "testuser", FALSE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
- 		{"OAUTHBEARER", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
- 		{"XOAUTH2", UCHAR_LEN(""), NULL,  FALSE, FALSE, FALSE},
-@@ -221,7 +212,6 @@ static void test_mechs(void)
- 		{"APOP", UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, FALSE, FALSE, FALSE},
- 		{"APOP", UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, FALSE, FALSE, FALSE},
- 		{"APOP", UCHAR_LEN("1.1.1"), NULL, FALSE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN("somebody\0testuser"), "testuser", FALSE, TRUE, FALSE},
- 		{"CRAM-MD5", UCHAR_LEN("testuser\0response"), "testuser",  FALSE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("testuser\0"), "testuser", FALSE, FALSE, FALSE},
- 
-@@ -264,9 +254,7 @@ static void test_mechs(void)
- 		{"PLAIN", UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, FALSE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("failingwiththis"), NULL, FALSE, FALSE, FALSE},
- 		{"PLAIN", UCHAR_LEN("failing\0withthis"), NULL, FALSE, FALSE, FALSE},
-		{"OTP", UCHAR_LEN("someb\0ody\0testuser"), NULL, FALSE, FALSE, FALSE},
- 		/* phase 2 */
-		{"OTP", UCHAR_LEN("someb\0ody\0testuser"), "testuser", FALSE, TRUE, FALSE},
- 		{"SCRAM-SHA-1", UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, FALSE, FALSE, FALSE},
- 		{"SCRAM-SHA-1", UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, FALSE, FALSE, FALSE},
- 		{"SCRAM-SHA-1", UCHAR_LEN("n,a=masteruser,,"), NULL, FALSE, FALSE, FALSE},
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp	2025-11-30 13:38:50.093609901 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c	2025-11-30 13:38:50.101359374 +0100
-@@ -13,7 +13,6 @@
- #include "randgen.h"
- #include "sha1.h"
- #include "sha2.h"
-#include "otp.h"
- #include "str.h"
- #include "auth-digest.h"
- #include "password-scheme.h"
-@@ -704,33 +703,6 @@ plain_md5_generate(const char *plaintext
- 	*size_r = MD5_RESULTLEN;
- }
- 
-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
-		      const unsigned char *raw_password, size_t size,
-		      const char **error_r)
-{
-	const char *password, *generated;
-
-	password = t_strndup(raw_password, size);
-	if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) {
-		*error_r = "Invalid OTP data in passdb";
-		return -1;
-	}
-
-	return strcasecmp(password, generated) == 0 ? 1 : 0;
-}
-
-static void
-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
-	     const unsigned char **raw_password_r, size_t *size_r)
-{
-	const char *password;
-
-	if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0)
-		i_unreached();
-	*raw_password_r = (const unsigned char *)password;
-	*size_r = strlen(password);
-}
-
- static const struct password_scheme builtin_schemes[] = {
- 	{
- 		.name = "MD5",
-@@ -894,13 +866,6 @@ static const struct password_scheme buil
- 		.password_generate = plain_md5_generate,
- 	},
- 	{
-		.name = "OTP",
-		.default_encoding = PW_ENCODING_NONE,
-		.raw_password_len = 0,
-		.password_verify = otp_verify,
-		.password_generate = otp_generate,
-	},
-	{
- 		.name = "PBKDF2",
- 		.default_encoding = PW_ENCODING_NONE,
- 		.raw_password_len = 0,
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h	2025-11-30 13:38:50.101549260 +0100
-@@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi
- /* INTERNAL: */
- const char *password_generate_salt(size_t len);
- const char *password_generate_md5_crypt(const char *pw, const char *salt);
-int password_generate_otp(const char *pw, const char *state_data,
-			  unsigned int algo, const char **result_r)
-	ATTR_NULL(2);
- 
- int scram_verify(const struct hash_method *hmethod, const char *scheme_name,
- 		 const char *plaintext, const unsigned char *raw_password,
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c	2025-11-30 13:38:50.101711124 +0100
-@@ -107,7 +107,6 @@ static void test_password_schemes(void)
- 	test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test");
- 	test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test");
- 	test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test");
-	test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test");
- 	test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test");
- 	test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
- 	test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp	2025-11-30 13:39:54.210043386 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c	2025-11-30 13:39:54.217205256 +0100
-@@ -175,7 +175,6 @@ void dsasl_clients_init(void)
- 	dsasl_client_mech_register(&dsasl_client_mech_digest_md5);
- 	dsasl_client_mech_register(&dsasl_client_mech_cram_md5);
- 	dsasl_client_mech_register(&dsasl_client_mech_oauthbearer);
-	dsasl_client_mech_register(&dsasl_client_mech_otp);
- 	dsasl_client_mech_register(&dsasl_client_mech_xoauth2);
- 	dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1);
- 	dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1_plus);
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp	2025-11-30 13:40:22.269119732 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h	2025-11-30 13:40:22.275363043 +0100
-@@ -50,7 +50,6 @@ extern const struct dsasl_client_mech ds
- extern const struct dsasl_client_mech dsasl_client_mech_external;
- extern const struct dsasl_client_mech dsasl_client_mech_login;
- extern const struct dsasl_client_mech dsasl_client_mech_oauthbearer;
-extern const struct dsasl_client_mech dsasl_client_mech_otp;
- extern const struct dsasl_client_mech dsasl_client_mech_xoauth2;
- extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1;
- extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1_plus;
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp	2025-11-30 13:40:56.823727053 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c	2025-11-30 13:40:56.837864792 +0100
-@@ -635,7 +635,6 @@ static void fuzz_sasl_run(struct istream
- 	sasl_server_mech_register_cram_md5(server_inst);
- 	sasl_server_mech_register_digest_md5(server_inst);
- 	sasl_server_mech_register_login(server_inst);
-	sasl_server_mech_register_otp(server_inst);
- 	sasl_server_mech_register_plain(server_inst);
- 	sasl_server_mech_register_scram_sha1(server_inst);
- 	sasl_server_mech_register_scram_sha1_plus(server_inst);
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp	2025-11-30 13:41:24.035316421 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h	2025-11-30 13:41:24.050796571 +0100
-@@ -193,8 +193,6 @@ void sasl_server_mech_register_scram_sha
- void sasl_server_mech_register_scram_sha256_plus(
- 	struct sasl_server_instance *sinst);
- 
-void sasl_server_mech_register_otp(struct sasl_server_instance *sinst);
-
- /* Winbind */
- 
- struct sasl_server_winbind_settings {
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp	2025-11-30 13:42:08.741524883 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c	2025-11-30 13:42:08.757334395 +0100
-@@ -507,7 +507,6 @@ test_sasl_run(const struct test_sasl *te
- 	sasl_server_mech_register_digest_md5(server_inst);
- 	sasl_server_mech_register_external(server_inst);
- 	sasl_server_mech_register_login(server_inst);
-	sasl_server_mech_register_otp(server_inst);
- 	sasl_server_mech_register_plain(server_inst);
- 	sasl_server_mech_register_scram_sha1(server_inst);
- 	sasl_server_mech_register_scram_sha1_plus(server_inst);
-@@ -722,16 +721,6 @@ static const struct test_sasl success_te
- 			.password = "tokentokentoken",
- 		},
- 	},
-	/* OTP */
-	{
-		.mech = "OTP",
-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
-		.server = {
-			.authid = "user",
-			.password = "pass",
-		},
-		.repeat = 1050,
-	},
- 	/* EXTERNAL */
- 	{
- 		.mech = "EXTERNAL",
-@@ -1457,31 +1446,6 @@ static const struct test_sasl bad_creds_
- 		},
- 		.failure = TRUE,
- 	},
-	/* OTP */
-	{
-		.mech = "OTP",
-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
-		.server = {
-			.authid = "user",
-			.password = "pass",
-		},
-		.client = {
-			.authid = "userb",
-		},
-		.failure = TRUE,
-	},
-	{
-		.mech = "OTP",
-		.authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
-		.server = {
-			.authid = "user",
-			.password = "pass",
-		},
-		.client = {
-			.password = "florp",
-		},
-		.failure = TRUE,
-	},
- 	/* EXTERNAL */
- 	{
- 		.mech = "EXTERNAL",
-diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2	2025-11-30 13:56:23.124460140 +0100
-+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c	2025-11-30 13:56:39.521935947 +0100
-@@ -472,7 +472,6 @@ MECH_SIMPLE_REGISTER__TEMPLATE(cram_md5)
- MECH_SIMPLE_REGISTER__TEMPLATE(digest_md5)
- MECH_SIMPLE_REGISTER__TEMPLATE(external)
- MECH_SIMPLE_REGISTER__TEMPLATE(login)
-MECH_SIMPLE_REGISTER__TEMPLATE(otp)
- MECH_SIMPLE_REGISTER__TEMPLATE(plain)
- MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1)
- MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1_plus)
-@@ -539,12 +538,6 @@ static const struct auth_sasl_mech_modul
- 	.mech_register = mech_login_register,
- };
- 
-static const struct auth_sasl_mech_module mech_otp = {
-	.mech_name = SASL_MECH_NAME_OTP,
-
-	.mech_register = mech_otp_register,
-};
-
- static const struct auth_sasl_mech_module mech_plain = {
- 	.mech_name = SASL_MECH_NAME_PLAIN,
- 
-@@ -612,7 +605,6 @@ static void auth_sasl_mechs_init(const s
- 	if (set->use_winbind)
- 		auth_sasl_mech_register_module(&mech_winbind_ntlm);
- 	auth_sasl_mech_oauth2_register();
-	auth_sasl_mech_register_module(&mech_otp);
- 	auth_sasl_mech_register_module(&mech_plain);
- 	auth_sasl_mech_register_module(&mech_scram_sha1);
- 	auth_sasl_mech_register_module(&mech_scram_sha1_plus);
--- a/dovecot-2.4.1-opensslhmac3.patch
+++ b/dovecot-2.4.1-opensslhmac3.patch
--- a/dovecot-2.4.2-fixbuild.patch
+++ b/dovecot-2.4.2-fixbuild.patch
@ -1,135 +0,0 @@
-diff -up dovecot-2.4.2/src/lib/istream.c.fixbuild dovecot-2.4.2/src/lib/istream.c
--- dovecot-2.4.2/src/lib/istream.c.fixbuild	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2/src/lib/istream.c	2025-11-30 11:40:37.739536137 +0100
-@@ -85,7 +85,7 @@ void i_stream_add_destroy_callback(struc
- }
- 
- void i_stream_remove_destroy_callback(struct istream *stream,
-				      void (*callback)())
-+				      istream_callback_t *callback)
- {
- 	io_stream_remove_destroy_callback(&stream->real_stream->iostream,
- 					  callback);
-diff -up dovecot-2.4.2/src/lib/istream.h.fixbuild dovecot-2.4.2/src/lib/istream.h
--- dovecot-2.4.2/src/lib/istream.h.fixbuild	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2/src/lib/istream.h	2025-11-30 11:40:37.739798710 +0100
-@@ -100,7 +100,7 @@ void i_stream_add_destroy_callback(struc
- 		(istream_callback_t *)callback, context)
- /* Remove the destroy callback. */
- void i_stream_remove_destroy_callback(struct istream *stream,
-				      void (*callback)());
-+				      istream_callback_t *callback);
- 
- /* Return file descriptor for stream, or -1 if none is available. */
- int i_stream_get_fd(struct istream *stream);
-diff -up dovecot-2.4.2/src/lib/ostream.c.fixbuild dovecot-2.4.2/src/lib/ostream.c
--- dovecot-2.4.2/src/lib/ostream.c.fixbuild	2025-11-30 11:42:21.434063550 +0100
-+++ dovecot-2.4.2/src/lib/ostream.c	2025-11-30 11:42:55.814100259 +0100
-@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
- }
- 
- void o_stream_remove_destroy_callback(struct ostream *stream,
-				      void (*callback)())
-+				      ostream_callback_t *callback)
- {
- 	io_stream_remove_destroy_callback(&stream->real_stream->iostream,
- 					  callback);
-diff -up dovecot-2.4.2/src/lib/ostream.h.fixbuild dovecot-2.4.2/src/lib/ostream.h
--- dovecot-2.4.2/src/lib/ostream.h.fixbuild	2025-11-30 11:42:29.639009602 +0100
-+++ dovecot-2.4.2/src/lib/ostream.h	2025-11-30 11:43:20.101652841 +0100
-@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
- 		(ostream_callback_t *)callback, context)
- /* Remove the destroy callback. */
- void o_stream_remove_destroy_callback(struct ostream *stream,
-				      void (*callback)());
-+				      ostream_callback_t *callback);
- 
- /* Mark the stream and all of its parent streams closed. Nothing will be
-    sent after this call. When using ostreams that require writing a trailer,
-diff -up dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild dovecot-2.4.2/src/lib-json/json-istream.c
--- dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild	2025-10-29 07:58:41.000000000 +0100
-+++ dovecot-2.4.2/src/lib-json/json-istream.c	2025-11-30 12:52:15.970430672 +0100
-@@ -706,7 +706,7 @@ static void json_istream_drop_value_stre
- 		if (stream->seekable_stream != NULL) {
- 			i_stream_remove_destroy_callback(
- 				stream->seekable_stream,
-				json_istream_drop_seekable_stream);
-+				(istream_callback_t *)json_istream_drop_seekable_stream);
- 			i_stream_unref(&stream->seekable_stream);
- 		}
- 	}
-@@ -720,12 +720,12 @@ static void json_istream_consumed_value_
- 	if (stream->seekable_stream != NULL) {
- 		i_stream_remove_destroy_callback(
- 			stream->seekable_stream,
-			json_istream_drop_seekable_stream);
-+			(istream_callback_t *)json_istream_drop_seekable_stream);
- 	}
- 	if (stream->value_stream != NULL) {
- 		i_stream_remove_destroy_callback(
- 			stream->value_stream,
-			json_istream_drop_value_stream);
-+			(istream_callback_t *)json_istream_drop_value_stream);
- 	}
- 	stream->value_stream = NULL;
- 	stream->seekable_stream = NULL;
- 		i_stream_remove_destroy_callback(conn->incoming_payload,
-						 http_client_payload_destroyed);
-+						 (istream_callback_t *)http_client_payload_destroyed);
- 		conn->incoming_payload = NULL;
- 	}
- 
-diff -up dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-server-connection.c
--- dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild	2025-11-30 13:02:24.337384848 +0100
-+++ dovecot-2.4.2/src/lib-http/http-server-connection.c	2025-11-30 13:03:14.477064608 +0100
-@@ -1066,7 +1066,7 @@ http_server_connection_disconnect(struct
- 	if (conn->incoming_payload != NULL) {
- 		/* The stream is still accessed by lib-http caller. */
- 		i_stream_remove_destroy_callback(conn->incoming_payload,
-						 http_server_payload_destroyed);
-+						 (istream_callback_t *)http_server_payload_destroyed);
- 		conn->incoming_payload = NULL;
- 	}
- 	if (conn->payload_handler != NULL)
-diff -up dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-client-connection.c
--- dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild	2025-11-30 12:57:42.670247695 +0100
-+++ dovecot-2.4.2/src/lib-http/http-client-connection.c	2025-11-30 13:00:54.862436490 +0100
-@@ -832,7 +832,7 @@ void http_client_connection_request_dest
- 	   is closed and we don't care about it anymore, so act as though it is
- 	   destroyed. */
- 	i_stream_remove_destroy_callback(payload,
-					 http_client_payload_destroyed);
-+					 (istream_callback_t *)http_client_payload_destroyed);
- 	http_client_payload_destroyed(req);
- }
- 
-@@ -888,7 +888,7 @@ http_client_connection_return_response(s
- 		if (response->payload != NULL) {
- 			i_stream_remove_destroy_callback(
- 				conn->incoming_payload,
-				http_client_payload_destroyed);
-+				(istream_callback_t *)http_client_payload_destroyed);
- 			i_stream_unref(&conn->incoming_payload);
- 			connection_input_resume(&conn->conn);
- 		}
-@@ -1731,7 +1731,7 @@ http_client_connection_disconnect(struct
- 	if (conn->incoming_payload != NULL) {
- 		/* The stream is still accessed by lib-http caller. */
- 		i_stream_remove_destroy_callback(conn->incoming_payload,
-						 http_client_payload_destroyed);
-+						 (istream_callback_t *)http_client_payload_destroyed);
- 		conn->incoming_payload = NULL;
- 	}
- 
-diff -up dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 dovecot-2.4.2/src/lib-storage/index/index-mail.c
--- dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2	2025-11-30 13:48:46.658539149 +0100
-+++ dovecot-2.4.2/src/lib-storage/index/index-mail.c	2025-11-30 13:49:47.178158024 +0100
-@@ -1840,7 +1840,7 @@ static void index_mail_close_streams_ful
- 			   allowed to have references until the mail is closed
- 			   (but we can't really check that) */
- 			i_stream_remove_destroy_callback(data->stream,
-				index_mail_stream_destroy_callback);
-+				(istream_callback_t *)index_mail_stream_destroy_callback);
- 		}
- 		i_stream_unref(&data->stream);
- 		/* there must be no references to the mail when the
--- a/dovecot.spec
+++ b/dovecot.spec
--- a/dovecot.sysusers
+++ b/dovecot.sysusers
@ -1,9 +0,0 @@
-#Type Name    ID    GECOS                       Home directory       Shell
-g     dovecot 97
-u     dovecot 97   "Dovecot IMAP server"        /usr/libexec/dovecot /sbin/nologin
-m     dovecot dovecot
-
-g     dovenull -
-u     dovenull -   "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin
-m     dovenull dovenull
-
--- a/plans/main.fmf
+++ b/plans/main.fmf
@ -1,6 +0,0 @@
-summary: Run all tests
-execute:
-  how: tmt
-discover:
-  how: fmf
-
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -1,7 +0,0 @@
---
-runpath:
-  allowed_paths:
-    # dovecot only plugins
-    - /usr/lib/dovecot/old-stats
-    - /usr/lib64/dovecot/old-stats
-
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (dovecot-2.4.2.tar.gz) = 0524695341abe711d3a811c56156889d6fef7a09becc684c6f1dc1e5add605969ca8794eb7d44bfbc49f70515f22e8640b5828443addecfe4798fb8b174670ae
-SHA512 (dovecot-pigeonhole-2.4.2.tar.gz) = 82c46c7ac2792aa5c211c8b66309f9f21c05ecd2fa8ab3abf98fb4e05831fd37aaa3edffcfbe1b3defbb9ac8ef9df1c33ece83cf7524e8b226c4deab8c250134
+SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06
+SHA512 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b
--- a/tests/got-audit/got-audit.gdb
+++ b/tests/got-audit/got-audit.gdb
@ -1,2 +0,0 @@
-gef config gef.disable_color True
-got-audit --all
--- a/tests/got-audit/main.fmf
+++ b/tests/got-audit/main.fmf
@ -1,10 +0,0 @@
-summary: Audit the GOT for signs of tampering
-description: |
-  Pointers in the server process GOT will be checked to ensure that
-  each function pointer's value is within a shared object file
-  that exports a symbol of that name, and that no shared object
-  files export conflicting symbols.
-contact: Gordon Messmer <gordon.messmer@gmail.com>
-require+:
-  - gdb-gef           # needed to test got-audit
-
--- a/tests/got-audit/runtest.sh
+++ b/tests/got-audit/runtest.sh
@ -1,41 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/dovecot/Sanity/got-audit
-#   Description: Check pointers in the server process GOT for signs of tampering
-#   Author: Gordon Messmer <gordon.messmer@gmail.com>
-#
-
-# Include Beaker environment
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlServiceStart dovecot
-        rlRun "TestDir=\$(pwd)"
-        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-        rlRun "pushd $TmpDir"
-        rlRun "auditfile=\$(mktemp --tmpdir=${TmpDir})"
-    rlPhaseEnd
-
-    rlPhaseStartTest "Run GEF got-audit"
-        rlRun "SERVICE_PID=\$( systemctl show --property=MainPID dovecot.service | cut -f2 -d= )"
-        rlRun "echo SERVICE_PID is '$SERVICE_PID'"
-        [ -n "$SERVICE_PID" ] || rlFail "No service pid was found"
-        rlRun "gdb-gef --pid '$SERVICE_PID' --command='$TestDir'/got-audit.gdb --batch > '$auditfile'"
-        # Basic test: ensure that at least one symbol is found in libc.so,
-        #  to verify that the report looks plausible.
-        rlAssertGrep " : /.*/libc.so" "$auditfile"
-        # Ensure the got-audit did not report any errors
-        rlAssertNotGrep " :: ERROR" "$auditfile"
-        rlRun "cp '$auditfile' '$TMT_TEST_DATA'/got-audit.txt"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlServiceRestore dovecot
-        rlRun "popd"
-        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
--- a/tests/main.fmf
+++ b/tests/main.fmf
@ -1,2 +0,0 @@
-test: ./runtest.sh
-framework: beakerlib
Author	SHA1	Message	Date
Michal Hlavinka	1afc1e1292	dovecot updated to 2.3.10.1 fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957	2020-05-19 11:50:18 +02:00
Michal Hlavinka	c29c757b29	dovecot updated to 2.3.10, pigeonhole updated to 0.5.10	2020-04-21 20:07:35 +02:00
Michal Hlavinka	3c47cbf802	dovecot updated to 2.3.9.3 fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.	2020-02-12 16:39:09 +01:00
Michal Hlavinka	90172f8205	CVE-2019-19722: Mails with group addresses in From or To fields caused crash in push notification drivers.	2019-12-19 23:10:15 +01:00
Michal Hlavinka	4f2d108a32	dovecot updated to 2.3.8, pigeonhole 0.5.8	2019-10-10 14:32:54 +02:00
Michal Hlavinka	104fb40bac	dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2 fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes	2019-08-29 11:04:04 +02:00
Michal Hlavinka	edd1a25a85	dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1	2019-08-19 17:35:12 +02:00
Michal Hlavinka	238fa40c98	disable gcc 9 stack reuse temporarily	2019-05-31 16:20:39 +02:00
Michal Hlavinka	aba67dc0a5	dovecot updated to 2.3.6, pigeonhole updated to 0.5.6	2019-05-02 16:38:01 +02:00
Michal Hlavinka	2bcf743ffe	dovecot updated to 2.3.5.2 fixes CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled.	2019-04-18 15:03:08 +02:00
Michal Hlavinka	bcb2bf83b7	dovecot updated to 2.3.5.1 CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index.	2019-03-28 17:41:20 +01:00
Michal Hlavinka	500aa846ae	dovecot updated to 2.3.5, pigeonhole updated to 0.5.5	2019-03-06 18:19:37 +01:00