Compare commits
6 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
73e1e2f9e1 | ||
|
|
b008fc5b27 | ||
|
|
46324d9786 | ||
|
|
1c41438458 | ||
|
|
2c92a0bb32 | ||
|
|
eb6cf88afc |
21 changed files with 2511 additions and 1292 deletions
|
|
@ -1 +0,0 @@
|
|||
1
|
||||
|
|
@ -1,97 +1,33 @@
|
|||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in 2025-11-30 09:24:17.130246956 +0100
|
||||
@@ -16,24 +16,19 @@ dovecot_storage_version = @DOVECOT_CONFI
|
||||
# The configuration below is a minimal configuration file using system user authentication.
|
||||
# See https://@DOVECOT_ASSET_URL@/latest/core/config/quick.html
|
||||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
|
||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf 2018-03-01 10:29:38.208368555 +0100
|
||||
@@ -322,6 +322,7 @@ protocol !indexer-worker {
|
||||
# them simultaneously.
|
||||
#mbox_read_locks = fcntl
|
||||
#mbox_write_locks = dotlock fcntl
|
||||
+mbox_write_locks = fcntl
|
||||
|
||||
-!include_try conf.d/*.conf
|
||||
-
|
||||
# Enable wanted protocols:
|
||||
protocols {
|
||||
imap = yes
|
||||
lmtp = yes
|
||||
}
|
||||
# Maximum time to wait for lock (all of them) before aborting.
|
||||
#mbox_lock_timeout = 5 mins
|
||||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
|
||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf 2018-03-01 10:33:54.779499044 +0100
|
||||
@@ -3,7 +3,9 @@
|
||||
##
|
||||
|
||||
-mail_home = /srv/mail/%{user}
|
||||
-mail_driver = sdbox
|
||||
+mail_home = /home/%{user}
|
||||
+mail_driver = maildir
|
||||
mail_path = ~/mail
|
||||
|
||||
-mail_uid = vmail
|
||||
-mail_gid = vmail
|
||||
-
|
||||
-# By default first_valid_uid is 500. If your vmail user's UID is smaller,
|
||||
+# By default first_valid_uid is 1000. If your vmail user's UID is smaller,
|
||||
# you need to modify this:
|
||||
-#first_valid_uid = uid-number-of-vmail-user
|
||||
+first_valid_uid = 1000
|
||||
|
||||
namespace inbox {
|
||||
inbox = yes
|
||||
@@ -44,7 +39,15 @@ namespace inbox {
|
||||
passdb pam {
|
||||
}
|
||||
|
||||
+userdb passwd {
|
||||
+}
|
||||
+
|
||||
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
|
||||
-#ssl = yes
|
||||
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
|
||||
+# plain imap and pop3 are still allowed for local connections
|
||||
+ssl = required
|
||||
|
||||
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
||||
# dropping root privileges, so keep the key file unreadable by anyone but
|
||||
@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
|
||||
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
# To disable non-EC DH, use:
|
||||
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
+ssl_cipher_list = PROFILE=SYSTEM
|
||||
+
|
||||
ssl_server {
|
||||
- cert_file = /etc/dovecot/ssl-cert.pem
|
||||
- key_file = /etc/dovecot/ssl-key.pem
|
||||
+ cert_file = /etc/pki/dovecot/certs/dovecot.pem
|
||||
+ key_file = /etc/pki/dovecot/private/dovecot.pem
|
||||
}
|
||||
+
|
||||
+!include_try conf.d/*.conf
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings 2025-10-29 08:00:30.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf 2025-11-30 09:18:17.667869864 +0100
|
||||
@@ -21,7 +21,6 @@
|
||||
# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
|
||||
# information.
|
||||
|
||||
-plugin {
|
||||
# The location of the user's main Sieve script or script storage. The LDA
|
||||
# Sieve plugin uses this to find the active script for Sieve filtering at
|
||||
# delivery. The "include" extension uses this location for retrieving
|
||||
@@ -36,7 +35,10 @@ plugin {
|
||||
# active script symlink is located.
|
||||
# For other types: use the ';name=' parameter to specify the name of the
|
||||
# default/active script.
|
||||
- sieve = file:~/sieve;active=~/.dovecot.sieve
|
||||
+sieve_script personal {
|
||||
+ path = ~/sieve
|
||||
+ active_path = ~/.dovecot.sieve
|
||||
+}
|
||||
|
||||
# The default Sieve script when the user has none. This is the location of a
|
||||
# global sieve script file, which gets executed ONLY if user's personal Sieve
|
||||
@@ -202,4 +204,3 @@ plugin {
|
||||
# Enables showing byte code addresses in the trace output, rather than only
|
||||
# the source line numbers.
|
||||
#sieve_trace_addresses = no
|
||||
-}
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings 2025-10-29 08:00:30.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf 2025-11-30 09:18:17.668131795 +0100
|
||||
@@ -6,7 +6,6 @@
|
||||
# sieve_extensions or sieve_global_extensions settings. Restricting these
|
||||
# extensions to a global context using sieve_global_extensions is recommended.
|
||||
|
||||
-plugin {
|
||||
|
||||
# The directory where the program sockets are located for the
|
||||
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
|
||||
@@ -23,7 +22,6 @@ plugin {
|
||||
#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
|
||||
#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
|
||||
#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
|
||||
-}
|
||||
|
||||
# An example program service called 'do-something' to pipe messages to
|
||||
#service do-something {
|
||||
# Colon separated list of elliptic curves to use. Empty value (the default)
|
||||
# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline 2025-06-02 23:29:29.141111228 +0200
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in 2025-06-02 23:31:27.124155453 +0200
|
||||
@@ -12,6 +12,7 @@ Description=Dovecot IMAP/POP3 email serv
|
||||
Documentation=man:dovecot(1)
|
||||
Documentation=https://doc.dovecot.org/
|
||||
After=local-fs.target network-online.target remote-fs.target time-sync.target
|
||||
+Wants=network-online.target
|
||||
diff -up dovecot-2.3.15/dovecot.service.in.waitonline dovecot-2.3.15/dovecot.service.in
|
||||
--- dovecot-2.3.15/dovecot.service.in.waitonline 2021-06-21 20:19:19.560494654 +0200
|
||||
+++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:21:17.443066248 +0200
|
||||
@@ -15,6 +15,7 @@ After=local-fs.target network-online.tar
|
||||
|
||||
[Service]
|
||||
Type=@systemdservicetype@
|
||||
+ExecStartPre=/usr/libexec/dovecot/prestartscript
|
||||
ExecStart=@sbindir@/dovecot -F
|
||||
ExecReload=@bindir@/doveadm reload
|
||||
ExecStop=@bindir@/doveadm stop
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd 2025-06-02 23:32:10.685053915 +0200
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service 2025-06-02 23:32:10.685053915 +0200
|
||||
diff -up dovecot-2.3.15/dovecot-init.service.initbysystemd dovecot-2.3.15/dovecot-init.service
|
||||
--- dovecot-2.3.15/dovecot-init.service.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
||||
+++ dovecot-2.3.15/dovecot-init.service 2021-06-21 20:21:49.250680889 +0200
|
||||
@@ -0,0 +1,13 @@
|
||||
+[Unit]
|
||||
+Description=One-time Dovecot init service
|
||||
|
|
@ -15,31 +15,31 @@ diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd
|
|||
+ SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
|
||||
+fi'
|
||||
+
|
||||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd 2025-06-02 23:32:10.685195261 +0200
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in 2025-06-02 23:34:03.123174934 +0200
|
||||
diff -up dovecot-2.3.15/dovecot.service.in.initbysystemd dovecot-2.3.15/dovecot.service.in
|
||||
--- dovecot-2.3.15/dovecot.service.in.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
||||
+++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:22:46.935981920 +0200
|
||||
@@ -11,7 +11,8 @@
|
||||
Description=Dovecot IMAP/POP3 email server
|
||||
Documentation=man:dovecot(1)
|
||||
Documentation=https://doc.dovecot.org/
|
||||
-After=local-fs.target network-online.target remote-fs.target time-sync.target
|
||||
+After=local-fs.target network-online.target remote-fs.target time-sync.target dovecot-init.service
|
||||
-After=local-fs.target network-online.target
|
||||
+After=local-fs.target network-online.target dovecot-init.service
|
||||
+Requires=dovecot-init.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd 2025-03-28 12:32:27.000000000 +0100
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am 2025-06-02 23:33:22.221675050 +0200
|
||||
@@ -19,6 +19,7 @@ EXTRA_DIST = \
|
||||
update-version.sh \
|
||||
Type=@systemdservicetype@
|
||||
diff -up dovecot-2.3.15/Makefile.am.initbysystemd dovecot-2.3.15/Makefile.am
|
||||
--- dovecot-2.3.15/Makefile.am.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
||||
+++ dovecot-2.3.15/Makefile.am 2021-06-21 20:24:26.676765849 +0200
|
||||
@@ -21,6 +21,7 @@ EXTRA_DIST = \
|
||||
run-test-valgrind.supp \
|
||||
dovecot.service.in \
|
||||
+ dovecot-init.service \
|
||||
dovecot.socket \
|
||||
version \
|
||||
build-aux/git-abi-version-gen \
|
||||
@@ -67,7 +68,8 @@ dovecot-config: dovecot-config.in Makefi
|
||||
+ dovecot-init.service \
|
||||
$(conf_DATA)
|
||||
|
||||
noinst_DATA = dovecot-config
|
||||
@@ -69,7 +70,8 @@ dovecot-config: dovecot-config.in Makefi
|
||||
if WANT_SYSTEMD
|
||||
systemdsystemunit_DATA = \
|
||||
dovecot.socket \
|
||||
|
|
|
|||
11
dovecot-2.3.0.1-libxcrypt.patch
Normal file
11
dovecot-2.3.0.1-libxcrypt.patch
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c
|
||||
--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
|
||||
@@ -14,6 +14,7 @@
|
||||
# define _XPG6 /* Some Solaris versions require this, some break with this */
|
||||
#endif
|
||||
#include <unistd.h>
|
||||
+#include <crypt.h>
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
34
dovecot-2.3.14-opensslv3.patch
Normal file
34
dovecot-2.3.14-opensslv3.patch
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c
|
||||
--- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 2021-06-03 18:56:52.573174433 +0200
|
||||
+++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c 2021-06-03 18:56:52.585174274 +0200
|
||||
@@ -73,10 +73,30 @@
|
||||
2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id
|
||||
**/
|
||||
|
||||
+#if OPENSSL_VERSION_MAJOR == 3
|
||||
+static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key)
|
||||
+{
|
||||
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
|
||||
+ EVP_PKEY_set1_EC_KEY(key, eck);
|
||||
+ EC_KEY_free(eck);
|
||||
+ return eck;
|
||||
+}
|
||||
+
|
||||
+static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key)
|
||||
+{
|
||||
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
|
||||
+ EVP_PKEY_set1_EC_KEY(key, eck);
|
||||
+ return eck;
|
||||
+}
|
||||
+
|
||||
+#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3
|
||||
+#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3
|
||||
+#else
|
||||
#ifndef HAVE_EVP_PKEY_get0
|
||||
#define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec
|
||||
#define EVP_PKEY_get0_RSA(x) x->pkey.rsa
|
||||
#endif
|
||||
+#endif
|
||||
|
||||
#ifndef HAVE_OBJ_LENGTH
|
||||
#define OBJ_length(o) ((o)->length)
|
||||
|
|
@ -1,19 +1,19 @@
|
|||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2025-06-02 23:36:21.897399891 +0200
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2025-06-02 23:38:13.748569461 +0200
|
||||
@@ -102,7 +102,7 @@ sieve_dict_script_get_stream(struct siev
|
||||
container_of(script, struct sieve_dict_script, script);
|
||||
diff -up dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17/src/lib-sieve/storage/dict/sieve-dict-script.c
|
||||
--- dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17.1/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100
|
||||
+++ dovecot-2.3.17/dovecot-2.3-pigeonhole-0.5.17.1/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100
|
||||
@@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream
|
||||
(struct sieve_dict_script *)script;
|
||||
struct sieve_dict_storage *dstorage =
|
||||
container_of(storage, struct sieve_dict_storage, storage);
|
||||
(struct sieve_dict_storage *)script->storage;
|
||||
- const char *path, *name = script->name, *data, *error;
|
||||
+ const char *path, *name = script->name, *data, *error = NULL;
|
||||
int ret;
|
||||
|
||||
dscript->data_pool =
|
||||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond 2025-03-28 12:32:27.000000000 +0100
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c 2025-06-02 23:36:21.897571934 +0200
|
||||
@@ -250,7 +250,7 @@ int index_storage_attribute_get(struct m
|
||||
diff -up dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.17/src/lib-storage/index/index-attribute.c
|
||||
--- dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond 2021-10-27 13:09:04.000000000 +0200
|
||||
+++ dovecot-2.3.17/src/lib-storage/index/index-attribute.c 2021-11-02 21:51:36.109032050 +0100
|
||||
@@ -248,7 +248,7 @@ int index_storage_attribute_get(struct m
|
||||
struct mail_attribute_value *value_r)
|
||||
{
|
||||
struct dict *dict;
|
||||
|
|
|
|||
53
dovecot-2.3.16-ftbfsbigend.patch
Normal file
53
dovecot-2.3.16-ftbfsbigend.patch
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
commit ec4595097067a736717ef202fe8542b1b4bc2dd5
|
||||
Author: Timo Sirainen <timo.sirainen@open-xchange.com>
|
||||
Date: Tue Aug 10 12:22:08 2021 +0300
|
||||
|
||||
lib-index: Fix storing cache fields' last_used with 64bit big endian CPUs
|
||||
|
||||
diff --git a/src/lib-index/mail-cache-fields.c b/src/lib-index/mail-cache-fields.c
|
||||
index e929fb559d..429e0d234c 100644
|
||||
--- a/src/lib-index/mail-cache-fields.c
|
||||
+++ b/src/lib-index/mail-cache-fields.c
|
||||
@@ -524,6 +524,19 @@ static void copy_to_buf_byte(struct mail_cache *cache, buffer_t *dest,
|
||||
}
|
||||
}
|
||||
|
||||
+static void
|
||||
+copy_to_buf_last_used(struct mail_cache *cache, buffer_t *dest, bool add_new)
|
||||
+{
|
||||
+ size_t offset = offsetof(struct mail_cache_field, last_used);
|
||||
+#if defined(WORDS_BIGENDIAN) && SIZEOF_VOID_P == 8
|
||||
+ /* 64bit time_t with big endian CPUs: copy the last 32 bits instead of
|
||||
+ the first 32 bits (that are always 0). The 32 bits are enough until
|
||||
+ year 2106, so we're not in a hurry to use 64 bits on disk. */
|
||||
+ offset += sizeof(uint32_t);
|
||||
+#endif
|
||||
+ copy_to_buf(cache, dest, add_new, offset, sizeof(uint32_t));
|
||||
+}
|
||||
+
|
||||
static int mail_cache_header_fields_update_locked(struct mail_cache *cache)
|
||||
{
|
||||
buffer_t *buffer;
|
||||
@@ -536,9 +549,7 @@ static int mail_cache_header_fields_update_locked(struct mail_cache *cache)
|
||||
|
||||
buffer = t_buffer_create(256);
|
||||
|
||||
- copy_to_buf(cache, buffer, FALSE,
|
||||
- offsetof(struct mail_cache_field, last_used),
|
||||
- sizeof(uint32_t));
|
||||
+ copy_to_buf_last_used(cache, buffer, FALSE);
|
||||
ret = mail_cache_write(cache, buffer->data, buffer->used,
|
||||
offset + MAIL_CACHE_FIELD_LAST_USED());
|
||||
if (ret == 0) {
|
||||
@@ -599,9 +610,7 @@ void mail_cache_header_fields_get(struct mail_cache *cache, buffer_t *dest)
|
||||
buffer_append(dest, &hdr, sizeof(hdr));
|
||||
|
||||
/* we have to keep the field order for the existing fields. */
|
||||
- copy_to_buf(cache, dest, TRUE,
|
||||
- offsetof(struct mail_cache_field, last_used),
|
||||
- sizeof(uint32_t));
|
||||
+ copy_to_buf_last_used(cache, dest, TRUE);
|
||||
copy_to_buf(cache, dest, TRUE,
|
||||
offsetof(struct mail_cache_field, field_size),
|
||||
sizeof(uint32_t));
|
||||
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
diff -up dovecot-2.3.20/m4/want_icu.m4.fixicu dovecot-2.3.20/m4/want_icu.m4
|
||||
--- dovecot-2.3.20/m4/want_icu.m4.fixicu 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/m4/want_icu.m4 2025-01-29 10:47:25.765768562 +0100
|
||||
@@ -1,7 +1,7 @@
|
||||
AC_DEFUN([DOVECOT_WANT_ICU], [
|
||||
if test "$want_icu" != "no"; then
|
||||
- if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n 2>/dev/null; then
|
||||
- PKG_CHECK_MODULES(LIBICU, icu-i18n)
|
||||
+ if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n icu-uc 2>/dev/null; then
|
||||
+ PKG_CHECK_MODULES(LIBICU, icu-i18n icu-uc)
|
||||
have_icu=yes
|
||||
AC_DEFINE(HAVE_LIBICU,, [Define if you want ICU normalization support for FTS])
|
||||
elif test "$want_icu" = "yes"; then
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c 2025-11-30 09:57:55.178213106 +0100
|
||||
@@ -162,17 +162,17 @@ void auth_token_deinit(void)
|
||||
diff -up dovecot-2.3.14/src/auth/auth-token.c.opensslhmac dovecot-2.3.14/src/auth/auth-token.c
|
||||
--- dovecot-2.3.14/src/auth/auth-token.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/auth-token.c 2021-03-22 20:44:13.022912242 +0100
|
||||
@@ -161,17 +161,17 @@ void auth_token_deinit(void)
|
||||
const char *auth_token_get(const char *service, const char *session_pid,
|
||||
const char *username, const char *session_id)
|
||||
{
|
||||
|
|
@ -26,130 +26,108 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c.opensslhmac3 do
|
|||
|
||||
return binary_to_hex(result, sizeof(result));
|
||||
}
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am 2025-11-30 09:57:55.178490134 +0100
|
||||
@@ -71,6 +71,7 @@ auth_LDFLAGS = -export-dynamic
|
||||
auth_libs = \
|
||||
../lib-auth/libauth-crypt.la \
|
||||
$(AUTH_LUA_LIBS) \
|
||||
+ $(SSL_LIBS) \
|
||||
$(LIBDOVECOT_SQL)
|
||||
diff -up dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.14/src/auth/mech-cram-md5.c
|
||||
--- dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/mech-cram-md5.c 2021-03-22 20:44:13.022912242 +0100
|
||||
@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr
|
||||
{
|
||||
|
||||
unsigned char digest[MD5_RESULTLEN];
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
const char *response_hex;
|
||||
|
||||
auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS)
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am 2025-11-30 09:57:55.179136544 +0100
|
||||
@@ -21,11 +21,13 @@ AM_CPPFLAGS = \
|
||||
$(BINARY_CFLAGS)
|
||||
if (size != CRAM_MD5_CONTEXTLEN) {
|
||||
@@ -60,10 +60,10 @@ static bool verify_credentials(struct cr
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
imap_LDFLAGS = -export-dynamic \
|
||||
+ $(SSL_LIBS) \
|
||||
$(BINARY_LDFLAGS)
|
||||
- hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
+ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
hmac_md5_set_cram_context(&ctx, credentials);
|
||||
- hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
- hmac_final(&ctx, digest);
|
||||
+ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
+ orig_hmac_final(&ctx, digest);
|
||||
|
||||
imap_LDADD = \
|
||||
../lib-imap-urlauth/libimap-urlauth.la \
|
||||
../lib-compression/libcompression.la \
|
||||
+ $(SSL_LIBS) \
|
||||
$(LIBDOVECOT_STORAGE) \
|
||||
$(LIBDOVECOT)
|
||||
imap_DEPENDENCIES = \
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am 2025-11-30 09:57:55.179268682 +0100
|
||||
@@ -23,6 +23,7 @@ imap_urlauth_CPPFLAGS = \
|
||||
imap_urlauth_LDFLAGS = -export-dynamic
|
||||
response_hex = binary_to_hex(digest, sizeof(digest));
|
||||
|
||||
imap_urlauth_LDADD = $(LIBDOVECOT) \
|
||||
+ $(SSL_LIBS)
|
||||
$(BINARY_LDFLAGS)
|
||||
|
||||
imap_urlauth_DEPENDENCIES = $(LIBDOVECOT_DEPS)
|
||||
@@ -53,7 +54,7 @@ imap_urlauth_worker_LDFLAGS = -export-dy
|
||||
urlauth_libs = \
|
||||
$(top_builddir)/src/lib-imap-urlauth/libimap-urlauth.la
|
||||
|
||||
-imap_urlauth_worker_LDADD = $(urlauth_libs) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT)
|
||||
+imap_urlauth_worker_LDADD = $(urlauth_libs) $(SSL_LIBS) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT)
|
||||
imap_urlauth_worker_DEPENDENCIES = $(urlauth_libs) $(LIBDOVECOT_STORAGE_DEPS) $(LIBDOVECOT_DEPS)
|
||||
|
||||
imap_urlauth_worker_SOURCES = \
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c 2025-11-30 09:57:55.179413002 +0100
|
||||
@@ -222,7 +222,7 @@ static string_t *auth_scram_get_client_f
|
||||
unsigned char client_signature[hmethod->digest_size];
|
||||
unsigned char client_proof[hmethod->digest_size];
|
||||
unsigned char server_key[hmethod->digest_size];
|
||||
diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/auth/mech-scram.c
|
||||
--- dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/mech-scram.c 2021-03-22 20:44:13.022912242 +0100
|
||||
@@ -78,7 +78,7 @@ static const char *get_scram_server_firs
|
||||
static const char *get_scram_server_final(struct scram_auth_request *request)
|
||||
{
|
||||
const struct hash_method *hmethod = request->hash_method;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const void *cbind_input;
|
||||
size_t cbind_input_size;
|
||||
string_t *auth_message, *str;
|
||||
@@ -281,9 +281,9 @@ static string_t *auth_scram_get_client_f
|
||||
client->iter, salted_password);
|
||||
const char *auth_message;
|
||||
unsigned char server_signature[hmethod->digest_size];
|
||||
string_t *str;
|
||||
@@ -87,9 +87,9 @@ static const char *get_scram_server_fina
|
||||
request->server_first_message, ",",
|
||||
request->client_final_message_without_proof, NULL);
|
||||
|
||||
/* ClientKey := HMAC(SaltedPassword, "Client Key") */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Client Key", 10);
|
||||
- hmac_final(&ctx, client_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
||||
+ openssl_hmac_final(&ctx, client_key);
|
||||
- hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
- hmac_final(&ctx, server_signature);
|
||||
+ openssl_hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, server_signature);
|
||||
|
||||
/* StoredKey := H(ClientKey) */
|
||||
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
||||
@@ -301,9 +301,9 @@ static string_t *auth_scram_get_client_f
|
||||
str_append_str(auth_message, str);
|
||||
str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(server_signature)));
|
||||
str_append(str, "v=");
|
||||
@@ -228,7 +228,7 @@ static bool parse_scram_client_first(str
|
||||
static bool verify_credentials(struct scram_auth_request *request)
|
||||
{
|
||||
const struct hash_method *hmethod = request->hash_method;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *auth_message;
|
||||
unsigned char client_key[hmethod->digest_size];
|
||||
unsigned char client_signature[hmethod->digest_size];
|
||||
@@ -239,9 +239,9 @@ static bool verify_credentials(struct sc
|
||||
request->server_first_message, ",",
|
||||
request->client_final_message_without_proof, NULL);
|
||||
|
||||
/* ClientSignature := HMAC(StoredKey, AuthMessage) */
|
||||
- hmac_init(&ctx, stored_key, sizeof(stored_key), hmethod);
|
||||
- hmac_update(&ctx, str_data(auth_message), str_len(auth_message));
|
||||
- hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
- hmac_final(&ctx, client_signature);
|
||||
+ openssl_hmac_init(&ctx, stored_key, sizeof(stored_key), hmethod);
|
||||
+ openssl_hmac_update(&ctx, str_data(auth_message), str_len(auth_message));
|
||||
+ openssl_hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, client_signature);
|
||||
|
||||
/* ClientProof := ClientKey XOR ClientSignature */
|
||||
for (k = 0; k < hmethod->digest_size; k++)
|
||||
@@ -314,16 +314,16 @@ static string_t *auth_scram_get_client_f
|
||||
safe_memset(client_signature, 0, sizeof(client_signature));
|
||||
const unsigned char *proof_data = request->proof->data;
|
||||
for (i = 0; i < sizeof(client_signature); i++)
|
||||
diff -up dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme.c
|
||||
--- dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/password-scheme.c 2021-03-22 20:44:13.022912242 +0100
|
||||
@@ -639,11 +639,11 @@ static void
|
||||
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
const unsigned char **raw_password_r, size_t *size_r)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
unsigned char *context_digest;
|
||||
|
||||
/* ServerKey := HMAC(SaltedPassword, "Server Key") */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Server Key", 10);
|
||||
- hmac_final(&ctx, server_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Server Key", 10);
|
||||
+ openssl_hmac_final(&ctx, server_key);
|
||||
context_digest = t_malloc_no0(CRAM_MD5_CONTEXTLEN);
|
||||
- hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
+ orig_hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
strlen(plaintext), &hash_method_md5);
|
||||
hmac_md5_get_cram_context(&ctx, context_digest);
|
||||
|
||||
/* ServerSignature := HMAC(ServerKey, AuthMessage) */
|
||||
client->server_signature =
|
||||
p_malloc(client->pool, hmethod->digest_size);
|
||||
- hmac_init(&ctx, server_key, sizeof(server_key), hmethod);
|
||||
- hmac_update(&ctx, str_data(auth_message), str_len(auth_message));
|
||||
- hmac_final(&ctx, client->server_signature);
|
||||
+ openssl_hmac_init(&ctx, server_key, sizeof(server_key), hmethod);
|
||||
+ openssl_hmac_update(&ctx, str_data(auth_message), str_len(auth_message));
|
||||
+ openssl_hmac_final(&ctx, client->server_signature);
|
||||
|
||||
safe_memset(salted_password, 0, sizeof(salted_password));
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c 2025-11-30 09:57:55.179729815 +0100
|
||||
@@ -31,7 +31,7 @@ void auth_scram_hi(const struct hash_met
|
||||
const unsigned char *salt, size_t salt_size, unsigned int i,
|
||||
unsigned char *result)
|
||||
diff -up dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme-scram.c
|
||||
--- dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/password-scheme-scram.c 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co
|
||||
const unsigned char *salt, size_t salt_size, unsigned int i,
|
||||
unsigned char *result)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char U[hmethod->digest_size];
|
||||
unsigned int j, k;
|
||||
|
||||
@@ -51,18 +51,18 @@ void auth_scram_hi(const struct hash_met
|
||||
*/
|
||||
|
||||
/* Calculate U1 */
|
||||
- hmac_init(&ctx, str, str_size, hmethod);
|
||||
- hmac_update(&ctx, salt, salt_size);
|
||||
|
|
@ -173,108 +151,7 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c.opensslhmac
|
|||
for (k = 0; k < hmethod->digest_size; k++)
|
||||
result[k] ^= U[k];
|
||||
}
|
||||
@@ -75,7 +75,7 @@ void auth_scram_generate_key_data(const
|
||||
unsigned char stored_key_r[],
|
||||
unsigned char server_key_r[])
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char salt[16];
|
||||
unsigned char salted_password[hmethod->digest_size];
|
||||
unsigned char client_key[hmethod->digest_size];
|
||||
@@ -97,18 +97,18 @@ void auth_scram_generate_key_data(const
|
||||
salt, sizeof(salt), rounds, salted_password);
|
||||
|
||||
/* Calculate ClientKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Client Key", 10);
|
||||
- hmac_final(&ctx, client_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
||||
+ openssl_hmac_final(&ctx, client_key);
|
||||
|
||||
/* Calculate StoredKey */
|
||||
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
||||
stored_key_r);
|
||||
|
||||
/* Calculate ServerKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Server Key", 10);
|
||||
- hmac_final(&ctx, server_key_r);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Server Key", 10);
|
||||
+ openssl_hmac_final(&ctx, server_key_r);
|
||||
|
||||
safe_memset(salted_password, 0, sizeof(salted_password));
|
||||
safe_memset(client_key, 0, sizeof(client_key));
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c 2025-11-30 09:57:55.179862473 +0100
|
||||
@@ -288,7 +288,7 @@ auth_scram_server_verify_credentials(str
|
||||
{
|
||||
const struct hash_method *hmethod = server->set.hash_method;
|
||||
struct auth_scram_key_data *kdata = &server->key_data;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *auth_message;
|
||||
unsigned char client_key[hmethod->digest_size];
|
||||
unsigned char client_signature[hmethod->digest_size];
|
||||
@@ -309,9 +309,9 @@ auth_scram_server_verify_credentials(str
|
||||
server->server_first_message, ",",
|
||||
server->client_final_message_without_proof, NULL);
|
||||
|
||||
- hmac_init(&ctx, kdata->stored_key, hmethod->digest_size, hmethod);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
- hmac_final(&ctx, client_signature);
|
||||
+ openssl_hmac_init(&ctx, kdata->stored_key, hmethod->digest_size, hmethod);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, client_signature);
|
||||
|
||||
/* ClientProof := ClientKey XOR ClientSignature */
|
||||
const unsigned char *proof_data = server->proof->data;
|
||||
@@ -440,7 +440,7 @@ auth_scram_get_server_final(struct auth_
|
||||
{
|
||||
const struct hash_method *hmethod = server->set.hash_method;
|
||||
struct auth_scram_key_data *kdata = &server->key_data;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *auth_message;
|
||||
unsigned char server_signature[hmethod->digest_size];
|
||||
string_t *str;
|
||||
@@ -456,9 +456,9 @@ auth_scram_get_server_final(struct auth_
|
||||
server->server_first_message, ",",
|
||||
server->client_final_message_without_proof, NULL);
|
||||
|
||||
- hmac_init(&ctx, kdata->server_key, hmethod->digest_size, hmethod);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
- hmac_final(&ctx, server_signature);
|
||||
+ openssl_hmac_init(&ctx, kdata->server_key, hmethod->digest_size, hmethod);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, server_signature);
|
||||
|
||||
/* RFC 5802, Section 7:
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c 2025-11-30 09:57:55.180035106 +0100
|
||||
@@ -633,11 +633,11 @@ static void
|
||||
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
const unsigned char **raw_password_r, size_t *size_r)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
unsigned char *context_digest;
|
||||
|
||||
context_digest = t_malloc_no0(CRAM_MD5_CONTEXTLEN);
|
||||
- hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
+ orig_hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
strlen(plaintext), &hash_method_md5);
|
||||
hmac_md5_get_cram_context(&ctx, context_digest);
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c 2025-11-30 09:57:55.180182392 +0100
|
||||
@@ -23,7 +23,7 @@ int scram_verify(const struct hash_metho
|
||||
@@ -102,7 +102,7 @@ int scram_verify(const struct hash_metho
|
||||
const char *plaintext, const unsigned char *raw_password,
|
||||
size_t size, const char **error_r)
|
||||
{
|
||||
|
|
@ -283,8 +160,8 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.
|
|||
const char *salt_base64;
|
||||
unsigned int iter_count;
|
||||
const unsigned char *salt;
|
||||
@@ -49,9 +49,9 @@ int scram_verify(const struct hash_metho
|
||||
salt, salt_len, iter_count, salted_password);
|
||||
@@ -126,9 +126,9 @@ int scram_verify(const struct hash_metho
|
||||
salt, salt_len, iter_count, salted_password);
|
||||
|
||||
/* Calculate ClientKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
|
|
@ -296,9 +173,44 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.
|
|||
|
||||
/* Calculate StoredKey */
|
||||
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c 2025-11-30 09:57:55.180318937 +0100
|
||||
@@ -147,7 +147,7 @@ void scram_generate(const struct hash_me
|
||||
const unsigned char **raw_password_r, size_t *size_r)
|
||||
{
|
||||
string_t *str;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char salt[16];
|
||||
unsigned char salted_password[hmethod->digest_size];
|
||||
unsigned char client_key[hmethod->digest_size];
|
||||
@@ -165,9 +165,9 @@ void scram_generate(const struct hash_me
|
||||
sizeof(salt), SCRAM_DEFAULT_ITERATE_COUNT, salted_password);
|
||||
|
||||
/* Calculate ClientKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Client Key", 10);
|
||||
- hmac_final(&ctx, client_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
||||
+ openssl_hmac_final(&ctx, client_key);
|
||||
|
||||
/* Calculate StoredKey */
|
||||
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
||||
@@ -176,9 +176,9 @@ void scram_generate(const struct hash_me
|
||||
base64_encode(stored_key, sizeof(stored_key), str);
|
||||
|
||||
/* Calculate ServerKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Server Key", 10);
|
||||
- hmac_final(&ctx, server_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Server Key", 10);
|
||||
+ openssl_hmac_final(&ctx, server_key);
|
||||
str_append_c(str, ',');
|
||||
base64_encode(server_key, sizeof(server_key), str);
|
||||
|
||||
diff -up dovecot-2.3.14/src/lib/hmac.c.opensslhmac dovecot-2.3.14/src/lib/hmac.c
|
||||
--- dovecot-2.3.14/src/lib/hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/hmac.c 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -7,6 +7,10 @@
|
||||
* This software is released under the MIT license.
|
||||
*/
|
||||
|
|
@ -310,7 +222,7 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
#include "lib.h"
|
||||
#include "hmac.h"
|
||||
#include "safe-memset.h"
|
||||
@@ -14,10 +18,103 @@
|
||||
@@ -14,10 +18,65 @@
|
||||
|
||||
#include "hex-binary.h"
|
||||
|
||||
|
|
@ -327,47 +239,11 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
+#endif
|
||||
+
|
||||
+
|
||||
+void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key, //DONE
|
||||
+ size_t key_len, const struct hash_method *meth)
|
||||
+{
|
||||
+#ifdef USE_OPENSSL3_METHODS
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+
|
||||
+
|
||||
+ const EVP_MD *md;
|
||||
+ const char *ebuf = NULL;
|
||||
+ const char **error_r = &ebuf;
|
||||
+ OSSL_PARAM params[2];
|
||||
+
|
||||
+ md = EVP_get_digestbyname(meth->name);
|
||||
+ if(md == NULL) {
|
||||
+ if (error_r != NULL) {
|
||||
+ *error_r = t_strdup_printf("Invalid digest %s",
|
||||
+ meth->name);
|
||||
+ }
|
||||
+ //return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ ctx->mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
|
||||
+
|
||||
+ ctx->ctx = EVP_MAC_CTX_new(ctx->mac);
|
||||
+ if (ctx->ctx == NULL) {
|
||||
+ EVP_MAC_free(ctx->mac);
|
||||
+ }
|
||||
+
|
||||
+ params[0] = OSSL_PARAM_construct_utf8_string("digest", (char *)meth->name, 0);
|
||||
+ params[1] = OSSL_PARAM_construct_end();
|
||||
+
|
||||
+ if (EVP_MAC_init(ctx->ctx, key, key_len,
|
||||
+ params) == 0) {
|
||||
+ if (error_r != NULL) {
|
||||
+ *error_r = t_strdup_printf("Invalid digest %s",
|
||||
+ meth->name);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+#else
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key,
|
||||
size_t key_len, const struct hash_method *meth)
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+
|
||||
+ const EVP_MD *md;
|
||||
+ const char *ebuf = NULL;
|
||||
|
|
@ -391,13 +267,11 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
+ dcrypt_openssl_error(error_r);*/
|
||||
+#endif
|
||||
+ /*ec = */HMAC_Init_ex(ctx->ctx, key, key_len, md, NULL);
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
+void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key, //DONE
|
||||
size_t key_len, const struct hash_method *meth)
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key,
|
||||
+ size_t key_len, const struct hash_method *meth)
|
||||
+{
|
||||
+ static int no_fips = -1;
|
||||
+ if (no_fips == -1) {
|
||||
+ int fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
|
||||
|
|
@ -416,29 +290,22 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
unsigned int i;
|
||||
unsigned char k_ipad[meth->block_size];
|
||||
unsigned char k_opad[meth->block_size];
|
||||
@@ -54,9 +151,33 @@ void hmac_init(struct hmac_context *_ctx
|
||||
@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx
|
||||
safe_memset(k_opad, 0, meth->block_size);
|
||||
}
|
||||
|
||||
-void hmac_final(struct hmac_context *_ctx, unsigned char *digest)
|
||||
+void openssl_hmac_final(struct openssl_hmac_context *_ctx, unsigned char *digest) //FIXME
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+void openssl_hmac_final(struct openssl_hmac_context *_ctx, unsigned char *digest)
|
||||
+{
|
||||
+ int ec;
|
||||
+ unsigned char buf[EVP_MAX_MD_SIZE];
|
||||
+ size_t outl;
|
||||
+ unsigned char buf[HMAC_MAX_MD_CBLOCK];
|
||||
+ unsigned int outl;
|
||||
+// const char *ebuf = NULL;
|
||||
+// const char **error_r = &ebuf;
|
||||
+
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+#ifdef USE_OPENSSL3_METHODS
|
||||
+ ec = EVP_MAC_final(ctx->ctx, buf, &outl, sizeof buf);
|
||||
+ EVP_MAC_CTX_free(ctx->ctx);
|
||||
+ EVP_MAC_free(ctx->mac);
|
||||
+#else
|
||||
+ ec = HMAC_Final(ctx->ctx, buf, &outl);
|
||||
+ HMAC_CTX_free(ctx->ctx);
|
||||
+#endif
|
||||
+ if (ec == 1)
|
||||
+ memcpy(digest, buf, outl);
|
||||
+// else
|
||||
|
|
@ -446,18 +313,19 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
+
|
||||
+}
|
||||
+
|
||||
+void orig_hmac_final(struct orig_hmac_context *_ctx, unsigned char *digest) //DONE
|
||||
+{
|
||||
+void orig_hmac_final(struct orig_hmac_context *_ctx, unsigned char *digest)
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
|
||||
ctx->hash->result(ctx->ctx, digest);
|
||||
|
||||
@@ -64,53 +185,50 @@ void hmac_final(struct hmac_context *_ct
|
||||
@@ -63,53 +140,50 @@ void hmac_final(struct hmac_context *_ct
|
||||
ctx->hash->result(ctx->ctxo, digest);
|
||||
}
|
||||
|
||||
-buffer_t *t_hmac_data(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_data(const struct hash_method *meth, //FIXME
|
||||
+buffer_t *openssl_t_hmac_data(const struct hash_method *meth,
|
||||
const unsigned char *key, size_t key_len,
|
||||
const void *data, size_t data_len)
|
||||
{
|
||||
|
|
@ -480,7 +348,7 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
}
|
||||
|
||||
-buffer_t *t_hmac_buffer(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth, //DONE
|
||||
+buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth,
|
||||
const unsigned char *key, size_t key_len,
|
||||
const buffer_t *data)
|
||||
{
|
||||
|
|
@ -489,7 +357,7 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
}
|
||||
|
||||
-buffer_t *t_hmac_str(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_str(const struct hash_method *meth, //DONE
|
||||
+buffer_t *openssl_t_hmac_str(const struct hash_method *meth,
|
||||
const unsigned char *key, size_t key_len,
|
||||
const char *data)
|
||||
{
|
||||
|
|
@ -498,7 +366,7 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
}
|
||||
|
||||
-void hmac_hkdf(const struct hash_method *method,
|
||||
+void openssl_hmac_hkdf(const struct hash_method *method, //FIXME
|
||||
+void openssl_hmac_hkdf(const struct hash_method *method,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
const unsigned char *ikm, size_t ikm_len,
|
||||
const unsigned char *info, size_t info_len,
|
||||
|
|
@ -520,10 +388,17 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
|
||||
/* salt and info can be NULL */
|
||||
i_assert(salt != NULL || salt_len == 0);
|
||||
@@ -126,28 +244,29 @@ void hmac_hkdf(const struct hash_method
|
||||
if (info == NULL)
|
||||
info = &uchar_nul;
|
||||
@@ -118,35 +192,30 @@ void hmac_hkdf(const struct hash_method
|
||||
i_assert(ikm != NULL && ikm_len > 0);
|
||||
i_assert(okm_r != NULL && okm_len > 0);
|
||||
|
||||
- /* but they still need valid pointer, reduces
|
||||
- complains from static analysers */
|
||||
- if (salt == NULL)
|
||||
- salt = &uchar_nul;
|
||||
- if (info == NULL)
|
||||
- info = &uchar_nul;
|
||||
-
|
||||
- /* extract */
|
||||
- hmac_init(&key_mac, salt, salt_len, method);
|
||||
- hmac_update(&key_mac, ikm, ikm_len);
|
||||
|
|
@ -544,6 +419,7 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
- hmac_final(&info_mac, okm);
|
||||
- buffer_append(okm_r, okm, amt);
|
||||
- remain -= amt;
|
||||
+
|
||||
+ md = EVP_get_digestbyname(method->name);
|
||||
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
||||
+ unsigned char *okm_buf = buffer_get_space_unsafe(okm_r, 0, okm_len);
|
||||
|
|
@ -572,9 +448,9 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2
|
|||
- safe_memset(prk, 0, sizeof(prk));
|
||||
- safe_memset(okm, 0, sizeof(okm));
|
||||
}
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c 2025-11-30 09:57:55.180461985 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.c
|
||||
--- dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.c 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -9,10 +9,10 @@
|
||||
#include "md5.h"
|
||||
#include "hmac-cram-md5.h"
|
||||
|
|
@ -601,9 +477,9 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c.opensslhmac3
|
|||
const unsigned char *cdp;
|
||||
|
||||
struct md5_context *ctx = (void*)hmac_ctx->ctx;
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h 2025-11-30 09:57:55.180563796 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.h
|
||||
--- dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.h 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -5,9 +5,9 @@
|
||||
|
||||
#define CRAM_MD5_CONTEXTLEN 32
|
||||
|
|
@ -616,10 +492,10 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h.opensslhmac3
|
|||
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
|
||||
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h 2025-11-30 09:57:55.180723505 +0100
|
||||
@@ -4,60 +4,108 @@
|
||||
diff -up dovecot-2.3.14/src/lib/hmac.h.opensslhmac dovecot-2.3.14/src/lib/hmac.h
|
||||
--- dovecot-2.3.14/src/lib/hmac.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/hmac.h 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -4,60 +4,97 @@
|
||||
#include "hash-method.h"
|
||||
#include "sha1.h"
|
||||
#include "sha2.h"
|
||||
|
|
@ -628,25 +504,18 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 dovecot-2
|
|||
+#include <openssl/kdf.h>
|
||||
+#include <openssl/err.h>
|
||||
|
||||
#define HMAC_MAX_CONTEXT_SIZE HASH_METHOD_MAX_CONTEXT_SIZE
|
||||
#define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx)
|
||||
|
||||
-struct hmac_context_priv {
|
||||
+
|
||||
+#define USE_OPENSSL3_METHODS 1
|
||||
+
|
||||
+struct openssl_hmac_context_priv {
|
||||
+#ifdef USE_OPENSSL3_METHODS
|
||||
+ EVP_MAC *mac;
|
||||
+ EVP_MAC_CTX *ctx;
|
||||
+#else
|
||||
+#ifdef HAVE_HMAC_CTX_NEW
|
||||
+ HMAC_CTX *ctx;
|
||||
+#else
|
||||
+ HMAC_CTX ctx;
|
||||
+#endif
|
||||
+#endif
|
||||
+ const struct hash_method *hash;
|
||||
+};
|
||||
+
|
||||
+struct orig_hmac_context_priv {
|
||||
char ctx[HMAC_MAX_CONTEXT_SIZE];
|
||||
char ctxo[HMAC_MAX_CONTEXT_SIZE];
|
||||
|
|
@ -655,21 +524,21 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 dovecot-2
|
|||
|
||||
-struct hmac_context {
|
||||
+struct openssl_hmac_context {
|
||||
+ union {
|
||||
+ struct openssl_hmac_context_priv priv;
|
||||
+ uint64_t padding_requirement;
|
||||
+ } u;
|
||||
+};
|
||||
+
|
||||
+struct orig_hmac_context {
|
||||
union {
|
||||
- struct hmac_context_priv priv;
|
||||
+ struct openssl_hmac_context_priv priv;
|
||||
+ struct orig_hmac_context_priv priv;
|
||||
uint64_t padding_requirement;
|
||||
} u;
|
||||
};
|
||||
|
||||
-void hmac_init(struct hmac_context *ctx, const unsigned char *key,
|
||||
+struct orig_hmac_context {
|
||||
+ union {
|
||||
+ struct orig_hmac_context_priv priv;
|
||||
+ uint64_t padding_requirement;
|
||||
+ } u;
|
||||
+};
|
||||
+
|
||||
+void openssl_hmac_init(struct openssl_hmac_context *ctx, const unsigned char *key,
|
||||
+ size_t key_len, const struct hash_method *meth);
|
||||
+void openssl_hmac_final(struct openssl_hmac_context *ctx, unsigned char *digest);
|
||||
|
|
@ -678,11 +547,7 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 dovecot-2
|
|||
+openssl_hmac_update(struct openssl_hmac_context *_ctx, const void *data, size_t size)
|
||||
+{
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+#ifdef USE_OPENSSL3_METHODS
|
||||
+ EVP_MAC_update(ctx->ctx, data, size);
|
||||
+#else
|
||||
+ HMAC_Update(ctx->ctx, data, size);
|
||||
+#endif
|
||||
+/* if (ec != 1)
|
||||
+ {
|
||||
+ const char *ebuf = NULL;
|
||||
|
|
@ -741,12 +606,12 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 dovecot-2
|
|||
okm_buffer, okm_len);
|
||||
return okm_buffer;
|
||||
}
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c 2025-11-30 09:57:55.180863807 +0100
|
||||
@@ -87,15 +87,15 @@ imap_urlauth_internal_generate(
|
||||
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
|
||||
size_t *token_len_r)
|
||||
diff -up dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c
|
||||
--- dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha
|
||||
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
|
||||
size_t *token_len_r)
|
||||
{
|
||||
- struct hmac_context hmac;
|
||||
+ struct openssl_hmac_context hmac;
|
||||
|
|
@ -764,10 +629,10 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c.o
|
|||
|
||||
*token_len_r = SHA1_RESULTLEN + 1;
|
||||
return token;
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am 2025-11-30 09:57:55.180990124 +0100
|
||||
@@ -414,6 +414,9 @@ headers = \
|
||||
diff -up dovecot-2.3.14/src/lib/Makefile.am.opensslhmac dovecot-2.3.14/src/lib/Makefile.am
|
||||
--- dovecot-2.3.14/src/lib/Makefile.am.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/Makefile.am 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -352,6 +352,9 @@ headers = \
|
||||
wildcard-match.h \
|
||||
write-full.h
|
||||
|
||||
|
|
@ -777,34 +642,34 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am.opensslhmac3 dove
|
|||
test_programs = test-lib
|
||||
noinst_PROGRAMS = $(test_programs)
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c 2025-11-30 09:57:55.181135306 +0100
|
||||
@@ -210,14 +210,14 @@ oauth2_validate_hmac(const struct oauth2
|
||||
diff -up dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c
|
||||
--- dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c 2021-03-22 20:44:13.024912217 +0100
|
||||
@@ -106,14 +106,14 @@ oauth2_validate_hmac(const struct oauth2
|
||||
if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0)
|
||||
return -1;
|
||||
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char digest[method->digest_size];
|
||||
|
||||
- hmac_init(&ctx, key->data, key->used, method);
|
||||
- hmac_update(&ctx, blobs[0], strlen(blobs[0]));
|
||||
- hmac_update(&ctx, ".", 1);
|
||||
- hmac_update(&ctx, blobs[1], strlen(blobs[1]));
|
||||
- hmac_final(&ctx, digest);
|
||||
+ struct openssl_hmac_context ctx;
|
||||
+ openssl_hmac_init(&ctx, key->data, key->used, method);
|
||||
+ openssl_hmac_update(&ctx, blobs[0], strlen(blobs[0]));
|
||||
+ openssl_hmac_update(&ctx, ".", 1);
|
||||
+ openssl_hmac_update(&ctx, blobs[1], strlen(blobs[1]));
|
||||
unsigned char digest[method->digest_size];
|
||||
|
||||
- hmac_final(&ctx, digest);
|
||||
+ openssl_hmac_final(&ctx, digest);
|
||||
|
||||
buffer_t *their_digest =
|
||||
t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]);
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c 2025-11-30 09:57:55.181290025 +0100
|
||||
@@ -250,7 +250,7 @@ static void save_key_azp_to(const char *
|
||||
diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c
|
||||
--- dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 20:46:09.524440794 +0100
|
||||
@@ -236,7 +236,7 @@ static void save_key_to(const char *algo
|
||||
static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key)
|
||||
{
|
||||
i_assert(key != NULL);
|
||||
|
|
@ -813,7 +678,7 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.open
|
|||
tokenbuf);
|
||||
buffer_append(tokenbuf, ".", 1);
|
||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||
@@ -260,7 +260,7 @@ static void sign_jwt_token_hs256(buffer_
|
||||
@@ -246,7 +246,7 @@ static void sign_jwt_token_hs256(buffer_
|
||||
static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key)
|
||||
{
|
||||
i_assert(key != NULL);
|
||||
|
|
@ -822,7 +687,7 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.open
|
|||
tokenbuf);
|
||||
buffer_append(tokenbuf, ".", 1);
|
||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||
@@ -270,7 +270,7 @@ static void sign_jwt_token_hs384(buffer_
|
||||
@@ -256,7 +256,7 @@ static void sign_jwt_token_hs384(buffer_
|
||||
static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key)
|
||||
{
|
||||
i_assert(key != NULL);
|
||||
|
|
@ -831,9 +696,9 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.open
|
|||
tokenbuf);
|
||||
buffer_append(tokenbuf, ".", 1);
|
||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c 2025-11-30 09:57:55.181492013 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac dovecot-2.3.14/src/lib/pkcs5.c
|
||||
--- dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/pkcs5.c 2021-03-22 20:44:13.024912217 +0100
|
||||
@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho
|
||||
size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
|
||||
unsigned char dk[l * hash->digest_size];
|
||||
|
|
@ -868,35 +733,9 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c.opensslhmac3 dovecot-
|
|||
for(i = 0; i < hash->digest_size; i++)
|
||||
block[i] ^= U_c[i];
|
||||
}
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c 2025-11-30 10:00:28.967795725 +0100
|
||||
@@ -53,7 +53,7 @@ verify_credentials(struct sasl_server_me
|
||||
container_of(auth_request, struct cram_auth_request,
|
||||
auth_request);
|
||||
unsigned char digest[MD5_RESULTLEN];
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
const char *response_hex;
|
||||
|
||||
if (size != CRAM_MD5_CONTEXTLEN) {
|
||||
@@ -62,10 +62,10 @@ verify_credentials(struct sasl_server_me
|
||||
return;
|
||||
}
|
||||
|
||||
- hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
+ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
hmac_md5_set_cram_context(&ctx, credentials);
|
||||
- hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
- hmac_final(&ctx, digest);
|
||||
+ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
+ orig_hmac_final(&ctx, digest);
|
||||
|
||||
response_hex = binary_to_hex(digest, sizeof(digest));
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c 2025-11-30 09:57:55.181656401 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac dovecot-2.3.14/src/lib/test-hmac.c
|
||||
--- dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/test-hmac.c 2021-03-22 20:44:13.024912217 +0100
|
||||
@@ -206,11 +206,11 @@ static void test_hmac_rfc(void)
|
||||
test_begin("hmac sha256 rfc4231 vectors");
|
||||
for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) {
|
||||
|
|
@ -972,54 +811,3 @@ diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c.opensslhmac3 dove
|
|||
vec->ikm_len, vec->info, vec->info_len,
|
||||
vec->okm_len);
|
||||
test_assert(tmp->used == vec->okm_len &&
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am 2025-11-30 09:58:11.669117030 +0100
|
||||
@@ -34,13 +34,13 @@ test_libs = \
|
||||
$(DLLIB)
|
||||
|
||||
test_var_expand_crypt_SOURCES = test-var-expand-crypt.c
|
||||
-test_var_expand_crypt_LDADD = $(test_libs)
|
||||
+test_var_expand_crypt_LDADD = $(test_libs) $(SSL_LIBS)
|
||||
test_var_expand_crypt_DEPENDENCIES = $(module_LTLIBRARIES)
|
||||
if HAVE_WHOLE_ARCHIVE
|
||||
test_var_expand_crypt_LDFLAGS = -export-dynamic -Wl,$(LD_WHOLE_ARCHIVE),../lib/.libs/liblib.a,../lib-json/.libs/libjson.a,../lib-ssl-iostream/.libs/libssl_iostream.a,$(LD_NO_WHOLE_ARCHIVE)
|
||||
endif
|
||||
|
||||
-test_var_expand_crypt_CFLAGS = $(AM_CFLAGS) \
|
||||
+test_var_expand_crypt_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) \
|
||||
-DDCRYPT_BUILD_DIR=\"$(top_builddir)/src/lib-dcrypt\"
|
||||
|
||||
check-local:
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am 2025-11-30 09:57:55.182137562 +0100
|
||||
@@ -29,6 +29,7 @@ submission_LDADD = \
|
||||
$(urlauth_libs) \
|
||||
$(LIBDOVECOT_STORAGE) \
|
||||
$(LIBDOVECOT) \
|
||||
+ $(SSL_LIBS) \
|
||||
$(MODULE_LIBS)
|
||||
submission_DEPENDENCIES = \
|
||||
$(urlauth_libs) \
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c.fixbuild2 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c.fixbuild2 2025-11-30 13:11:06.583413762 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c 2025-11-30 13:22:04.883307427 +0100
|
||||
@@ -81,13 +81,13 @@ mech_cram_md5_output(struct dsasl_client
|
||||
return DSASL_CLIENT_RESULT_OK;
|
||||
}
|
||||
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char digest[MD5_RESULTLEN];
|
||||
|
||||
- hmac_init(&ctx, (const unsigned char *)client->password,
|
||||
+ openssl_hmac_init(&ctx, (const unsigned char *)client->password,
|
||||
strlen(client->password), &hash_method_md5);
|
||||
- hmac_update(&ctx, cclient->challenge, strlen(cclient->challenge));
|
||||
- hmac_final(&ctx, digest);
|
||||
+ openssl_hmac_update(&ctx, cclient->challenge, strlen(cclient->challenge));
|
||||
+ openssl_hmac_final(&ctx, digest);
|
||||
|
||||
str = str_new(client->pool, 256);
|
||||
str_append(str, client->set.authid);
|
||||
|
|
@ -1,285 +0,0 @@
|
|||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c 2025-11-30 13:38:50.100927373 +0100
|
||||
@@ -16,7 +16,7 @@
|
||||
static const char *const settings[] = {
|
||||
"base_dir", ".",
|
||||
"auth_mechanisms",
|
||||
- "ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN OTP "
|
||||
+ "ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN "
|
||||
"OAUTHBEARER SCRAM-SHA-1 SCRAM-SHA-256 XOAUTH2",
|
||||
"auth_username_chars", "",
|
||||
"auth_username_format", "",
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c 2025-11-30 13:38:50.101130654 +0100
|
||||
@@ -46,10 +46,7 @@ request_handler_reply_mock_callback(stru
|
||||
|
||||
if (request->passdb_result == PASSDB_RESULT_OK)
|
||||
request->failed = FALSE;
|
||||
- else if (strcmp(request->fields.mech_name, SASL_MECH_NAME_OTP) == 0) {
|
||||
- if (null_strcmp(request->fields.user, "otp_phase_2") == 0)
|
||||
- request->failed = FALSE;
|
||||
- } else if (strcmp(request->fields.mech_name,
|
||||
+ else if (strcmp(request->fields.mech_name,
|
||||
SASL_MECH_NAME_OAUTHBEARER) == 0) {
|
||||
}
|
||||
};
|
||||
@@ -190,10 +187,6 @@ static void test_mechs(void)
|
||||
{"PLAIN", UCHAR_LEN("\0testuser\0testpass"), "testuser", TRUE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", TRUE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", TRUE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", TRUE, TRUE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", TRUE, TRUE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", TRUE, TRUE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", TRUE, TRUE, FALSE},
|
||||
{"OAUTHBEARER", UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", FALSE, TRUE, FALSE},
|
||||
{"SCRAM-SHA-1", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE},
|
||||
{"SCRAM-SHA-256", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE},
|
||||
@@ -208,8 +201,6 @@ static void test_mechs(void)
|
||||
{"EXTERNAL", UCHAR_LEN(""), "testuser", FALSE, TRUE, FALSE},
|
||||
{"EXTERNAL", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
{"LOGIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN(""), "testuser", FALSE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
{"OAUTHBEARER", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
{"XOAUTH2", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
@@ -221,7 +212,6 @@ static void test_mechs(void)
|
||||
{"APOP", UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, FALSE, FALSE, FALSE},
|
||||
{"APOP", UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, FALSE, FALSE, FALSE},
|
||||
{"APOP", UCHAR_LEN("1.1.1"), NULL, FALSE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("somebody\0testuser"), "testuser", FALSE, TRUE, FALSE},
|
||||
{"CRAM-MD5", UCHAR_LEN("testuser\0response"), "testuser", FALSE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("testuser\0"), "testuser", FALSE, FALSE, FALSE},
|
||||
|
||||
@@ -264,9 +254,7 @@ static void test_mechs(void)
|
||||
{"PLAIN", UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, FALSE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("failingwiththis"), NULL, FALSE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("failing\0withthis"), NULL, FALSE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("someb\0ody\0testuser"), NULL, FALSE, FALSE, FALSE},
|
||||
/* phase 2 */
|
||||
- {"OTP", UCHAR_LEN("someb\0ody\0testuser"), "testuser", FALSE, TRUE, FALSE},
|
||||
{"SCRAM-SHA-1", UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, FALSE, FALSE, FALSE},
|
||||
{"SCRAM-SHA-1", UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, FALSE, FALSE, FALSE},
|
||||
{"SCRAM-SHA-1", UCHAR_LEN("n,a=masteruser,,"), NULL, FALSE, FALSE, FALSE},
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp 2025-11-30 13:38:50.093609901 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c 2025-11-30 13:38:50.101359374 +0100
|
||||
@@ -13,7 +13,6 @@
|
||||
#include "randgen.h"
|
||||
#include "sha1.h"
|
||||
#include "sha2.h"
|
||||
-#include "otp.h"
|
||||
#include "str.h"
|
||||
#include "auth-digest.h"
|
||||
#include "password-scheme.h"
|
||||
@@ -704,33 +703,6 @@ plain_md5_generate(const char *plaintext
|
||||
*size_r = MD5_RESULTLEN;
|
||||
}
|
||||
|
||||
-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
- const unsigned char *raw_password, size_t size,
|
||||
- const char **error_r)
|
||||
-{
|
||||
- const char *password, *generated;
|
||||
-
|
||||
- password = t_strndup(raw_password, size);
|
||||
- if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) {
|
||||
- *error_r = "Invalid OTP data in passdb";
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- return strcasecmp(password, generated) == 0 ? 1 : 0;
|
||||
-}
|
||||
-
|
||||
-static void
|
||||
-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
- const unsigned char **raw_password_r, size_t *size_r)
|
||||
-{
|
||||
- const char *password;
|
||||
-
|
||||
- if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0)
|
||||
- i_unreached();
|
||||
- *raw_password_r = (const unsigned char *)password;
|
||||
- *size_r = strlen(password);
|
||||
-}
|
||||
-
|
||||
static const struct password_scheme builtin_schemes[] = {
|
||||
{
|
||||
.name = "MD5",
|
||||
@@ -894,13 +866,6 @@ static const struct password_scheme buil
|
||||
.password_generate = plain_md5_generate,
|
||||
},
|
||||
{
|
||||
- .name = "OTP",
|
||||
- .default_encoding = PW_ENCODING_NONE,
|
||||
- .raw_password_len = 0,
|
||||
- .password_verify = otp_verify,
|
||||
- .password_generate = otp_generate,
|
||||
- },
|
||||
- {
|
||||
.name = "PBKDF2",
|
||||
.default_encoding = PW_ENCODING_NONE,
|
||||
.raw_password_len = 0,
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h 2025-11-30 13:38:50.101549260 +0100
|
||||
@@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi
|
||||
/* INTERNAL: */
|
||||
const char *password_generate_salt(size_t len);
|
||||
const char *password_generate_md5_crypt(const char *pw, const char *salt);
|
||||
-int password_generate_otp(const char *pw, const char *state_data,
|
||||
- unsigned int algo, const char **result_r)
|
||||
- ATTR_NULL(2);
|
||||
|
||||
int scram_verify(const struct hash_method *hmethod, const char *scheme_name,
|
||||
const char *plaintext, const unsigned char *raw_password,
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c 2025-11-30 13:38:50.101711124 +0100
|
||||
@@ -107,7 +107,6 @@ static void test_password_schemes(void)
|
||||
test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test");
|
||||
test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test");
|
||||
test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test");
|
||||
- test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test");
|
||||
test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test");
|
||||
test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
|
||||
test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp 2025-11-30 13:39:54.210043386 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c 2025-11-30 13:39:54.217205256 +0100
|
||||
@@ -175,7 +175,6 @@ void dsasl_clients_init(void)
|
||||
dsasl_client_mech_register(&dsasl_client_mech_digest_md5);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_cram_md5);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_oauthbearer);
|
||||
- dsasl_client_mech_register(&dsasl_client_mech_otp);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_xoauth2);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1_plus);
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp 2025-11-30 13:40:22.269119732 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h 2025-11-30 13:40:22.275363043 +0100
|
||||
@@ -50,7 +50,6 @@ extern const struct dsasl_client_mech ds
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_external;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_login;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_oauthbearer;
|
||||
-extern const struct dsasl_client_mech dsasl_client_mech_otp;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_xoauth2;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1_plus;
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp 2025-11-30 13:40:56.823727053 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c 2025-11-30 13:40:56.837864792 +0100
|
||||
@@ -635,7 +635,6 @@ static void fuzz_sasl_run(struct istream
|
||||
sasl_server_mech_register_cram_md5(server_inst);
|
||||
sasl_server_mech_register_digest_md5(server_inst);
|
||||
sasl_server_mech_register_login(server_inst);
|
||||
- sasl_server_mech_register_otp(server_inst);
|
||||
sasl_server_mech_register_plain(server_inst);
|
||||
sasl_server_mech_register_scram_sha1(server_inst);
|
||||
sasl_server_mech_register_scram_sha1_plus(server_inst);
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp 2025-11-30 13:41:24.035316421 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h 2025-11-30 13:41:24.050796571 +0100
|
||||
@@ -193,8 +193,6 @@ void sasl_server_mech_register_scram_sha
|
||||
void sasl_server_mech_register_scram_sha256_plus(
|
||||
struct sasl_server_instance *sinst);
|
||||
|
||||
-void sasl_server_mech_register_otp(struct sasl_server_instance *sinst);
|
||||
-
|
||||
/* Winbind */
|
||||
|
||||
struct sasl_server_winbind_settings {
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp 2025-11-30 13:42:08.741524883 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c 2025-11-30 13:42:08.757334395 +0100
|
||||
@@ -507,7 +507,6 @@ test_sasl_run(const struct test_sasl *te
|
||||
sasl_server_mech_register_digest_md5(server_inst);
|
||||
sasl_server_mech_register_external(server_inst);
|
||||
sasl_server_mech_register_login(server_inst);
|
||||
- sasl_server_mech_register_otp(server_inst);
|
||||
sasl_server_mech_register_plain(server_inst);
|
||||
sasl_server_mech_register_scram_sha1(server_inst);
|
||||
sasl_server_mech_register_scram_sha1_plus(server_inst);
|
||||
@@ -722,16 +721,6 @@ static const struct test_sasl success_te
|
||||
.password = "tokentokentoken",
|
||||
},
|
||||
},
|
||||
- /* OTP */
|
||||
- {
|
||||
- .mech = "OTP",
|
||||
- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
|
||||
- .server = {
|
||||
- .authid = "user",
|
||||
- .password = "pass",
|
||||
- },
|
||||
- .repeat = 1050,
|
||||
- },
|
||||
/* EXTERNAL */
|
||||
{
|
||||
.mech = "EXTERNAL",
|
||||
@@ -1457,31 +1446,6 @@ static const struct test_sasl bad_creds_
|
||||
},
|
||||
.failure = TRUE,
|
||||
},
|
||||
- /* OTP */
|
||||
- {
|
||||
- .mech = "OTP",
|
||||
- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
|
||||
- .server = {
|
||||
- .authid = "user",
|
||||
- .password = "pass",
|
||||
- },
|
||||
- .client = {
|
||||
- .authid = "userb",
|
||||
- },
|
||||
- .failure = TRUE,
|
||||
- },
|
||||
- {
|
||||
- .mech = "OTP",
|
||||
- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
|
||||
- .server = {
|
||||
- .authid = "user",
|
||||
- .password = "pass",
|
||||
- },
|
||||
- .client = {
|
||||
- .password = "florp",
|
||||
- },
|
||||
- .failure = TRUE,
|
||||
- },
|
||||
/* EXTERNAL */
|
||||
{
|
||||
.mech = "EXTERNAL",
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 2025-11-30 13:56:23.124460140 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c 2025-11-30 13:56:39.521935947 +0100
|
||||
@@ -472,7 +472,6 @@ MECH_SIMPLE_REGISTER__TEMPLATE(cram_md5)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(digest_md5)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(external)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(login)
|
||||
-MECH_SIMPLE_REGISTER__TEMPLATE(otp)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(plain)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1_plus)
|
||||
@@ -539,12 +538,6 @@ static const struct auth_sasl_mech_modul
|
||||
.mech_register = mech_login_register,
|
||||
};
|
||||
|
||||
-static const struct auth_sasl_mech_module mech_otp = {
|
||||
- .mech_name = SASL_MECH_NAME_OTP,
|
||||
-
|
||||
- .mech_register = mech_otp_register,
|
||||
-};
|
||||
-
|
||||
static const struct auth_sasl_mech_module mech_plain = {
|
||||
.mech_name = SASL_MECH_NAME_PLAIN,
|
||||
|
||||
@@ -612,7 +605,6 @@ static void auth_sasl_mechs_init(const s
|
||||
if (set->use_winbind)
|
||||
auth_sasl_mech_register_module(&mech_winbind_ntlm);
|
||||
auth_sasl_mech_oauth2_register();
|
||||
- auth_sasl_mech_register_module(&mech_otp);
|
||||
auth_sasl_mech_register_module(&mech_plain);
|
||||
auth_sasl_mech_register_module(&mech_scram_sha1);
|
||||
auth_sasl_mech_register_module(&mech_scram_sha1_plus);
|
||||
|
|
@ -1,135 +0,0 @@
|
|||
diff -up dovecot-2.4.2/src/lib/istream.c.fixbuild dovecot-2.4.2/src/lib/istream.c
|
||||
--- dovecot-2.4.2/src/lib/istream.c.fixbuild 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2/src/lib/istream.c 2025-11-30 11:40:37.739536137 +0100
|
||||
@@ -85,7 +85,7 @@ void i_stream_add_destroy_callback(struc
|
||||
}
|
||||
|
||||
void i_stream_remove_destroy_callback(struct istream *stream,
|
||||
- void (*callback)())
|
||||
+ istream_callback_t *callback)
|
||||
{
|
||||
io_stream_remove_destroy_callback(&stream->real_stream->iostream,
|
||||
callback);
|
||||
diff -up dovecot-2.4.2/src/lib/istream.h.fixbuild dovecot-2.4.2/src/lib/istream.h
|
||||
--- dovecot-2.4.2/src/lib/istream.h.fixbuild 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2/src/lib/istream.h 2025-11-30 11:40:37.739798710 +0100
|
||||
@@ -100,7 +100,7 @@ void i_stream_add_destroy_callback(struc
|
||||
(istream_callback_t *)callback, context)
|
||||
/* Remove the destroy callback. */
|
||||
void i_stream_remove_destroy_callback(struct istream *stream,
|
||||
- void (*callback)());
|
||||
+ istream_callback_t *callback);
|
||||
|
||||
/* Return file descriptor for stream, or -1 if none is available. */
|
||||
int i_stream_get_fd(struct istream *stream);
|
||||
diff -up dovecot-2.4.2/src/lib/ostream.c.fixbuild dovecot-2.4.2/src/lib/ostream.c
|
||||
--- dovecot-2.4.2/src/lib/ostream.c.fixbuild 2025-11-30 11:42:21.434063550 +0100
|
||||
+++ dovecot-2.4.2/src/lib/ostream.c 2025-11-30 11:42:55.814100259 +0100
|
||||
@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
|
||||
}
|
||||
|
||||
void o_stream_remove_destroy_callback(struct ostream *stream,
|
||||
- void (*callback)())
|
||||
+ ostream_callback_t *callback)
|
||||
{
|
||||
io_stream_remove_destroy_callback(&stream->real_stream->iostream,
|
||||
callback);
|
||||
diff -up dovecot-2.4.2/src/lib/ostream.h.fixbuild dovecot-2.4.2/src/lib/ostream.h
|
||||
--- dovecot-2.4.2/src/lib/ostream.h.fixbuild 2025-11-30 11:42:29.639009602 +0100
|
||||
+++ dovecot-2.4.2/src/lib/ostream.h 2025-11-30 11:43:20.101652841 +0100
|
||||
@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
|
||||
(ostream_callback_t *)callback, context)
|
||||
/* Remove the destroy callback. */
|
||||
void o_stream_remove_destroy_callback(struct ostream *stream,
|
||||
- void (*callback)());
|
||||
+ ostream_callback_t *callback);
|
||||
|
||||
/* Mark the stream and all of its parent streams closed. Nothing will be
|
||||
sent after this call. When using ostreams that require writing a trailer,
|
||||
diff -up dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild dovecot-2.4.2/src/lib-json/json-istream.c
|
||||
--- dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2/src/lib-json/json-istream.c 2025-11-30 12:52:15.970430672 +0100
|
||||
@@ -706,7 +706,7 @@ static void json_istream_drop_value_stre
|
||||
if (stream->seekable_stream != NULL) {
|
||||
i_stream_remove_destroy_callback(
|
||||
stream->seekable_stream,
|
||||
- json_istream_drop_seekable_stream);
|
||||
+ (istream_callback_t *)json_istream_drop_seekable_stream);
|
||||
i_stream_unref(&stream->seekable_stream);
|
||||
}
|
||||
}
|
||||
@@ -720,12 +720,12 @@ static void json_istream_consumed_value_
|
||||
if (stream->seekable_stream != NULL) {
|
||||
i_stream_remove_destroy_callback(
|
||||
stream->seekable_stream,
|
||||
- json_istream_drop_seekable_stream);
|
||||
+ (istream_callback_t *)json_istream_drop_seekable_stream);
|
||||
}
|
||||
if (stream->value_stream != NULL) {
|
||||
i_stream_remove_destroy_callback(
|
||||
stream->value_stream,
|
||||
- json_istream_drop_value_stream);
|
||||
+ (istream_callback_t *)json_istream_drop_value_stream);
|
||||
}
|
||||
stream->value_stream = NULL;
|
||||
stream->seekable_stream = NULL;
|
||||
i_stream_remove_destroy_callback(conn->incoming_payload,
|
||||
- http_client_payload_destroyed);
|
||||
+ (istream_callback_t *)http_client_payload_destroyed);
|
||||
conn->incoming_payload = NULL;
|
||||
}
|
||||
|
||||
diff -up dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-server-connection.c
|
||||
--- dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild 2025-11-30 13:02:24.337384848 +0100
|
||||
+++ dovecot-2.4.2/src/lib-http/http-server-connection.c 2025-11-30 13:03:14.477064608 +0100
|
||||
@@ -1066,7 +1066,7 @@ http_server_connection_disconnect(struct
|
||||
if (conn->incoming_payload != NULL) {
|
||||
/* The stream is still accessed by lib-http caller. */
|
||||
i_stream_remove_destroy_callback(conn->incoming_payload,
|
||||
- http_server_payload_destroyed);
|
||||
+ (istream_callback_t *)http_server_payload_destroyed);
|
||||
conn->incoming_payload = NULL;
|
||||
}
|
||||
if (conn->payload_handler != NULL)
|
||||
diff -up dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-client-connection.c
|
||||
--- dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild 2025-11-30 12:57:42.670247695 +0100
|
||||
+++ dovecot-2.4.2/src/lib-http/http-client-connection.c 2025-11-30 13:00:54.862436490 +0100
|
||||
@@ -832,7 +832,7 @@ void http_client_connection_request_dest
|
||||
is closed and we don't care about it anymore, so act as though it is
|
||||
destroyed. */
|
||||
i_stream_remove_destroy_callback(payload,
|
||||
- http_client_payload_destroyed);
|
||||
+ (istream_callback_t *)http_client_payload_destroyed);
|
||||
http_client_payload_destroyed(req);
|
||||
}
|
||||
|
||||
@@ -888,7 +888,7 @@ http_client_connection_return_response(s
|
||||
if (response->payload != NULL) {
|
||||
i_stream_remove_destroy_callback(
|
||||
conn->incoming_payload,
|
||||
- http_client_payload_destroyed);
|
||||
+ (istream_callback_t *)http_client_payload_destroyed);
|
||||
i_stream_unref(&conn->incoming_payload);
|
||||
connection_input_resume(&conn->conn);
|
||||
}
|
||||
@@ -1731,7 +1731,7 @@ http_client_connection_disconnect(struct
|
||||
if (conn->incoming_payload != NULL) {
|
||||
/* The stream is still accessed by lib-http caller. */
|
||||
i_stream_remove_destroy_callback(conn->incoming_payload,
|
||||
- http_client_payload_destroyed);
|
||||
+ (istream_callback_t *)http_client_payload_destroyed);
|
||||
conn->incoming_payload = NULL;
|
||||
}
|
||||
|
||||
diff -up dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 dovecot-2.4.2/src/lib-storage/index/index-mail.c
|
||||
--- dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 2025-11-30 13:48:46.658539149 +0100
|
||||
+++ dovecot-2.4.2/src/lib-storage/index/index-mail.c 2025-11-30 13:49:47.178158024 +0100
|
||||
@@ -1840,7 +1840,7 @@ static void index_mail_close_streams_ful
|
||||
allowed to have references until the mail is closed
|
||||
(but we can't really check that) */
|
||||
i_stream_remove_destroy_callback(data->stream,
|
||||
- index_mail_stream_destroy_callback);
|
||||
+ (istream_callback_t *)index_mail_stream_destroy_callback);
|
||||
}
|
||||
i_stream_unref(&data->stream);
|
||||
/* there must be no references to the mail when the
|
||||
2366
dovecot.spec
2366
dovecot.spec
File diff suppressed because it is too large
Load diff
|
|
@ -1,9 +0,0 @@
|
|||
#Type Name ID GECOS Home directory Shell
|
||||
g dovecot 97
|
||||
u dovecot 97 "Dovecot IMAP server" /usr/libexec/dovecot /sbin/nologin
|
||||
m dovecot dovecot
|
||||
|
||||
g dovenull -
|
||||
u dovenull - "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin
|
||||
m dovenull dovenull
|
||||
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
summary: Run all tests
|
||||
execute:
|
||||
how: tmt
|
||||
discover:
|
||||
how: fmf
|
||||
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
runpath:
|
||||
allowed_paths:
|
||||
# dovecot only plugins
|
||||
- /usr/lib/dovecot/old-stats
|
||||
- /usr/lib64/dovecot/old-stats
|
||||
|
||||
4
sources
4
sources
|
|
@ -1,2 +1,2 @@
|
|||
SHA512 (dovecot-2.4.2.tar.gz) = 0524695341abe711d3a811c56156889d6fef7a09becc684c6f1dc1e5add605969ca8794eb7d44bfbc49f70515f22e8640b5828443addecfe4798fb8b174670ae
|
||||
SHA512 (dovecot-pigeonhole-2.4.2.tar.gz) = 82c46c7ac2792aa5c211c8b66309f9f21c05ecd2fa8ab3abf98fb4e05831fd37aaa3edffcfbe1b3defbb9ac8ef9df1c33ece83cf7524e8b226c4deab8c250134
|
||||
SHA512 (dovecot-2.3.17.1.tar.gz) = 976aa4f68e86f401e5766017e1702740d5b03892aff98f31f9ef0c6d242311d0f4b50d7faa426306bf1c902d7fc6d021438977bc887fa66ee360b069ec32ad79
|
||||
SHA512 (dovecot-2.3-pigeonhole-0.5.17.1.tar.gz) = 632a963d90a3fa052f314360d59ff25274d80952307ab5dd9193a2713ebf686500a7b2559b56f04b07e0a261066eed9b8525b14197f3be51728af09acb76e894
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
gef config gef.disable_color True
|
||||
got-audit --all
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
summary: Audit the GOT for signs of tampering
|
||||
description: |
|
||||
Pointers in the server process GOT will be checked to ensure that
|
||||
each function pointer's value is within a shared object file
|
||||
that exports a symbol of that name, and that no shared object
|
||||
files export conflicting symbols.
|
||||
contact: Gordon Messmer <gordon.messmer@gmail.com>
|
||||
require+:
|
||||
- gdb-gef # needed to test got-audit
|
||||
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/dovecot/Sanity/got-audit
|
||||
# Description: Check pointers in the server process GOT for signs of tampering
|
||||
# Author: Gordon Messmer <gordon.messmer@gmail.com>
|
||||
#
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlServiceStart dovecot
|
||||
rlRun "TestDir=\$(pwd)"
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlRun "auditfile=\$(mktemp --tmpdir=${TmpDir})"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Run GEF got-audit"
|
||||
rlRun "SERVICE_PID=\$( systemctl show --property=MainPID dovecot.service | cut -f2 -d= )"
|
||||
rlRun "echo SERVICE_PID is '$SERVICE_PID'"
|
||||
[ -n "$SERVICE_PID" ] || rlFail "No service pid was found"
|
||||
rlRun "gdb-gef --pid '$SERVICE_PID' --command='$TestDir'/got-audit.gdb --batch > '$auditfile'"
|
||||
# Basic test: ensure that at least one symbol is found in libc.so,
|
||||
# to verify that the report looks plausible.
|
||||
rlAssertGrep " : /.*/libc.so" "$auditfile"
|
||||
# Ensure the got-audit did not report any errors
|
||||
rlAssertNotGrep " :: ERROR" "$auditfile"
|
||||
rlRun "cp '$auditfile' '$TMT_TEST_DATA'/got-audit.txt"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlServiceRestore dovecot
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
test: ./runtest.sh
|
||||
framework: beakerlib
|
||||
Loading…
Add table
Add a link
Reference in a new issue