rpms/dovecot
6
0
Fork 0
Code Issues Pull Requests Releases Activity

dovecot updated to 2.3.14, pigeonhole to 0.5.14

Browse Source 
use OpenSSL's implementation of HMAC
Remove autocreate, expire, snarf and mail-filter plugins.
Remove cydir storage driver.
Remove XZ/LZMA write support. Read support will be removed in future release.
This commit is contained in:
Michal Hlavinka 2021-03-22 21:06:01 +01:00
parent 8550d54fac
commit 25d565523c
5 changed files with 125 additions and 106 deletions

2
dovecot-2.2.20-initbysystemd.patch
View File

@ -21,7 +21,7 @@ diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/doveco
@@ -8,7 +8,8 @@
Description=Dovecot IMAP/POP3 email server
Documentation=man:dovecot(1)
Documentation=http://wiki2.dovecot.org/
Documentation=https://doc.dovecot.org/
-After=local-fs.target network-online.target
+After=local-fs.target network-online.target dovecot-init.service
+Requires=dovecot-init.service

36
dovecot-2.3.13-bigtvsec.patch
View File

@ -1,36 +0,0 @@
diff -up dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec dovecot-2.3.13/src/lib/test-time-util.c
--- dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec 2021-01-06 11:27:06.793315308 +0100
+++ dovecot-2.3.13/src/lib/test-time-util.c 2021-01-06 11:27:06.815315088 +0100
@@ -358,7 +358,7 @@ static void test_str_to_timeval(void)
{
struct {
const char *str;
- unsigned int tv_sec, tv_usec;
+ long int tv_sec, tv_usec;
} tests[] = {
{ "0", 0, 0 },
{ "0.0", 0, 0 },
diff -up dovecot-2.3.13/src/lib/time-util.c.bigtvsec dovecot-2.3.13/src/lib/time-util.c
--- dovecot-2.3.13/src/lib/time-util.c.bigtvsec 2021-01-06 11:10:49.791094852 +0100
+++ dovecot-2.3.13/src/lib/time-util.c 2021-01-06 11:10:08.255501319 +0100
@@ -43,16 +43,16 @@ int timeval_cmp_margin(const struct time
if (tv1->tv_sec < tv2->tv_sec) {
sec_margin = ((int)usec_margin / 1000000) + 1;
- if ((tv2->tv_sec - tv1->tv_sec) > sec_margin)
+ if (((long long)tv2->tv_sec - tv1->tv_sec) > sec_margin)
return -1;
- usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL +
+ usecs_diff = ((long long)tv2->tv_sec - tv1->tv_sec) * 1000000LL +
(tv2->tv_usec - tv1->tv_usec);
ret = -1;
} else if (tv1->tv_sec > tv2->tv_sec) {
sec_margin = ((int)usec_margin / 1000000) + 1;
- if ((tv1->tv_sec - tv2->tv_sec) > sec_margin)
+ if (((long long)tv1->tv_sec - tv2->tv_sec) > sec_margin)
return 1;
- usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL +
+ usecs_diff = ((long long)tv1->tv_sec - tv2->tv_sec) * 1000000LL +
(tv1->tv_usec - tv2->tv_usec);
ret = 1;
} else if (tv1->tv_usec < tv2->tv_usec) {

168
dovecot-2.3.6-opensslhmac.patch
View File

@ -1,6 +1,6 @@
diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/auth/auth-token.c
--- dovecot-2.3.13/src/auth/auth-token.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/auth/auth-token.c 2021-03-22 18:44:06.946142422 +0100
diff -up dovecot-2.3.14/src/auth/auth-token.c.opensslhmac dovecot-2.3.14/src/auth/auth-token.c
--- dovecot-2.3.14/src/auth/auth-token.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/auth/auth-token.c 2021-03-22 20:44:13.022912242 +0100
@@ -161,17 +161,17 @@ void auth_token_deinit(void)
const char *auth_token_get(const char *service, const char *session_pid,
const char *username, const char *session_id)
@ -26,9 +26,9 @@ diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/aut
return binary_to_hex(result, sizeof(result));
}
diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/auth/mech-cram-md5.c
--- dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/auth/mech-cram-md5.c 2021-03-22 18:44:06.946142422 +0100
diff -up dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.14/src/auth/mech-cram-md5.c
--- dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/auth/mech-cram-md5.c 2021-03-22 20:44:13.022912242 +0100
@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr
{
@ -52,9 +52,9 @@ diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/
response_hex = binary_to_hex(digest, sizeof(digest));
diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/auth/mech-scram.c
--- dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/auth/mech-scram.c 2021-03-22 18:44:06.946142422 +0100
diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/auth/mech-scram.c
--- dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/auth/mech-scram.c 2021-03-22 20:44:13.022912242 +0100
@@ -78,7 +78,7 @@ static const char *get_scram_server_firs
static const char *get_scram_server_final(struct scram_auth_request *request)
{
@ -99,9 +99,9 @@ diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/aut
const unsigned char *proof_data = request->proof->data;
for (i = 0; i < sizeof(client_signature); i++)
diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme.c
--- dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/auth/password-scheme.c 2021-03-22 18:44:06.947142409 +0100
diff -up dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme.c
--- dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/auth/password-scheme.c 2021-03-22 20:44:13.022912242 +0100
@@ -639,11 +639,11 @@ static void
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
const unsigned char **raw_password_r, size_t *size_r)
@ -116,9 +116,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/sr
strlen(plaintext), &hash_method_md5);
hmac_md5_get_cram_context(&ctx, context_digest);
diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme-scram.c
--- dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/auth/password-scheme-scram.c 2021-03-22 18:44:06.947142409 +0100
diff -up dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme-scram.c
--- dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/auth/password-scheme-scram.c 2021-03-22 20:44:13.023912229 +0100
@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co
const unsigned char *salt, size_t salt_size, unsigned int i,
unsigned char *result)
@ -208,9 +208,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3
str_append_c(str, ',');
base64_encode(server_key, sizeof(server_key), str);
diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c
--- dovecot-2.3.13/src/lib/hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/lib/hmac.c 2021-03-22 18:44:06.947142409 +0100
diff -up dovecot-2.3.14/src/lib/hmac.c.opensslhmac dovecot-2.3.14/src/lib/hmac.c
--- dovecot-2.3.14/src/lib/hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib/hmac.c 2021-03-22 20:44:13.023912229 +0100
@@ -7,6 +7,10 @@
* This software is released under the MIT license.
*/
@ -287,11 +287,11 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c
+ }
+ i_assert(no_fips);
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
int i;
unsigned char k_ipad[64];
unsigned char k_opad[64];
unsigned int i;
unsigned char k_ipad[meth->block_size];
unsigned char k_opad[meth->block_size];
@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx
safe_memset(k_opad, 0, 64);
safe_memset(k_opad, 0, meth->block_size);
}
-void hmac_final(struct hmac_context *_ctx, unsigned char *digest)
@ -448,9 +448,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c
- safe_memset(prk, 0, sizeof(prk));
- safe_memset(okm, 0, sizeof(okm));
}
diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.c
--- dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/lib/hmac-cram-md5.c 2021-03-22 18:44:06.947142409 +0100
diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.c
--- dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.c 2021-03-22 20:44:13.023912229 +0100
@@ -9,10 +9,10 @@
#include "md5.h"
#include "hmac-cram-md5.h"
@ -477,9 +477,9 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/l
const unsigned char *cdp;
struct md5_context *ctx = (void*)hmac_ctx->ctx;
diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.h
--- dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/lib/hmac-cram-md5.h 2021-03-22 18:44:06.947142409 +0100
diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.h
--- dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.h 2021-03-22 20:44:13.023912229 +0100
@@ -5,9 +5,9 @@
#define CRAM_MD5_CONTEXTLEN 32
@ -492,19 +492,19 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/l
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h
--- dovecot-2.3.13/src/lib/hmac.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/lib/hmac.h 2021-03-22 18:44:06.947142409 +0100
@@ -3,60 +3,97 @@
diff -up dovecot-2.3.14/src/lib/hmac.h.opensslhmac dovecot-2.3.14/src/lib/hmac.h
--- dovecot-2.3.14/src/lib/hmac.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib/hmac.h 2021-03-22 20:44:13.023912229 +0100
@@ -4,60 +4,97 @@
#include "hash-method.h"
#include "sha1.h"
#include "sha2.h"
+#include <openssl/objects.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/err.h>
#define HMAC_MAX_CONTEXT_SIZE 256
#define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx)
-struct hmac_context_priv {
+struct openssl_hmac_context_priv {
@ -606,9 +606,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h
okm_buffer, okm_len);
return okm_buffer;
}
diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c
--- dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 18:44:06.948142396 +0100
diff -up dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c
--- dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 20:44:13.023912229 +0100
@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
size_t *token_len_r)
@ -629,9 +629,9 @@ diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-
*token_len_r = SHA1_RESULTLEN + 1;
return token;
diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/Makefile.am
--- dovecot-2.3.13/src/lib/Makefile.am.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/lib/Makefile.am 2021-03-22 18:44:06.948142396 +0100
diff -up dovecot-2.3.14/src/lib/Makefile.am.opensslhmac dovecot-2.3.14/src/lib/Makefile.am
--- dovecot-2.3.14/src/lib/Makefile.am.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib/Makefile.am 2021-03-22 20:44:13.023912229 +0100
@@ -352,6 +352,9 @@ headers = \
wildcard-match.h \
write-full.h
@ -642,13 +642,13 @@ diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/M
test_programs = test-lib
noinst_PROGRAMS = $(test_programs)
diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c
--- dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-22 18:46:42.645100171 +0100
+++ dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c 2021-03-22 18:46:42.657100014 +0100
@@ -96,14 +96,14 @@ static int oauth2_validate_hmac(const st
const buffer_t *key;
diff -up dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c
--- dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c 2021-03-22 20:44:13.024912217 +0100
@@ -106,14 +106,14 @@ oauth2_validate_hmac(const struct oauth2
if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0)
return -1;
- struct hmac_context ctx;
- hmac_init(&ctx, key->data, key->used, method);
- hmac_update(&ctx, blobs[0], strlen(blobs[0]));
@ -666,10 +666,10 @@ diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/s
buffer_t *their_digest =
t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]);
diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c
--- dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 18:44:06.948142396 +0100
@@ -219,7 +219,7 @@ static void save_key_to(const char *algo
diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c
--- dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 20:46:09.524440794 +0100
@@ -236,7 +236,7 @@ static void save_key_to(const char *algo
static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key)
{
i_assert(key != NULL);
@ -678,9 +678,27 @@ diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3
tokenbuf);
buffer_append(tokenbuf, ".", 1);
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5.c
--- dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/lib/pkcs5.c 2021-03-22 18:44:06.948142396 +0100
@@ -246,7 +246,7 @@ static void sign_jwt_token_hs256(buffer_
static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key)
{
i_assert(key != NULL);
- buffer_t *sig = t_hmac_buffer(&hash_method_sha384, key->data, key->used,
+ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha384, key->data, key->used,
tokenbuf);
buffer_append(tokenbuf, ".", 1);
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
@@ -256,7 +256,7 @@ static void sign_jwt_token_hs384(buffer_
static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key)
{
i_assert(key != NULL);
- buffer_t *sig = t_hmac_buffer(&hash_method_sha512, key->data, key->used,
+ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha512, key->data, key->used,
tokenbuf);
buffer_append(tokenbuf, ".", 1);
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
diff -up dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac dovecot-2.3.14/src/lib/pkcs5.c
--- dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib/pkcs5.c 2021-03-22 20:44:13.024912217 +0100
@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho
size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
unsigned char dk[l * hash->digest_size];
@ -715,10 +733,10 @@ diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5
for(i = 0; i < hash->digest_size; i++)
block[i] ^= U_c[i];
}
diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/test-hmac.c
--- dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
+++ dovecot-2.3.13/src/lib/test-hmac.c 2021-03-22 18:44:06.948142396 +0100
@@ -112,11 +112,11 @@ static void test_hmac_rfc(void)
diff -up dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac dovecot-2.3.14/src/lib/test-hmac.c
--- dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
+++ dovecot-2.3.14/src/lib/test-hmac.c 2021-03-22 20:44:13.024912217 +0100
@@ -206,11 +206,11 @@ static void test_hmac_rfc(void)
test_begin("hmac sha256 rfc4231 vectors");
for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) {
const struct test_vector *vec = &(test_vectors[i]);
@ -734,7 +752,39 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
}
test_end();
@@ -129,7 +129,7 @@ static void test_hmac_buffer(void)
@@ -221,11 +221,11 @@ static void test_hmac384_rfc(void)
test_begin("hmac sha384 rfc4231 vectors");
for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac384); i++) {
const struct test_vector *vec = &(test_vectors_hmac384[i]);
- struct hmac_context ctx;
- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
- hmac_update(&ctx, vec->data, vec->data_len);
+ struct openssl_hmac_context ctx;
+ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
+ openssl_hmac_update(&ctx, vec->data, vec->data_len);
unsigned char res[SHA384_RESULTLEN];
- hmac_final(&ctx, res);
+ openssl_hmac_final(&ctx, res);
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
}
test_end();
@@ -236,11 +236,11 @@ static void test_hmac512_rfc(void)
test_begin("hmac sha512 rfc4231 vectors");
for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac512); i++) {
const struct test_vector *vec = &(test_vectors_hmac512[i]);
- struct hmac_context ctx;
- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
- hmac_update(&ctx, vec->data, vec->data_len);
+ struct openssl_hmac_context ctx;
+ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
+ openssl_hmac_update(&ctx, vec->data, vec->data_len);
unsigned char res[SHA512_RESULTLEN];
- hmac_final(&ctx, res);
+ openssl_hmac_final(&ctx, res);
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
}
test_end();
@@ -253,7 +253,7 @@ static void test_hmac_buffer(void)
buffer_t *tmp;
@ -743,7 +793,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t
vec->data, vec->data_len);
test_assert(tmp->used == vec->res_len &&
@@ -146,7 +146,7 @@ static void test_hkdf_rfc(void)
@@ -270,7 +270,7 @@ static void test_hkdf_rfc(void)
buffer_set_used_size(res, 0);
const struct test_vector_5869 *vec = &(test_vectors_5869[i]);
const struct hash_method *m = hash_method_lookup(vec->prf);
@ -752,7 +802,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t
vec->info, vec->info_len, res, vec->okm_len);
test_assert_idx(memcmp(res->data, vec->okm, vec->okm_len) == 0, i);
}
@@ -159,7 +159,7 @@ static void test_hkdf_buffer(void)
@@ -283,7 +283,7 @@ static void test_hkdf_buffer(void)
test_begin("hkdf temporary buffer");
const struct test_vector_5869 *vec = &(test_vectors_5869[0]);
const struct hash_method *m = hash_method_lookup(vec->prf);

21
dovecot.spec
View File

@ -3,9 +3,9 @@
Summary: Secure imap and pop3 server
Name: dovecot
Epoch: 1
Version: 2.3.13
Version: 2.3.14
%global prever %{nil}
Release: 7%{?dist}
Release: 1%{?dist}
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
License: MIT and LGPLv2
@ -13,7 +13,7 @@ URL: http://www.dovecot.org/
Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
Source1: dovecot.init
Source2: dovecot.pam
%global pigeonholever 0.5.13
%global pigeonholever 0.5.14
Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
Source9: dovecot.sysconfig
Source10: dovecot.tmpfilesd
@ -33,12 +33,11 @@ Patch8: dovecot-2.2.20-initbysystemd.patch
Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
Patch10: dovecot-2.3.0.1-libxcrypt.patch
Patch15: dovecot-2.3.11-bigkey.patch
Patch16: dovecot-2.3.13-bigtvsec.patch
# do not use own implementation of HMAC, use OpenSSL for certification purposes
# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces
# hard to break circular dependency between lib and lib-dcrypt
Patch17: dovecot-2.3.6-opensslhmac.patch
Patch16: dovecot-2.3.6-opensslhmac.patch
Source15: prestartscript
@ -127,8 +126,7 @@ This package provides the development files for dovecot.
%patch8 -p1 -b .initbysystemd
%patch9 -p1 -b .systemd_w_protectsystem
%patch15 -p1 -b .bigkey
%patch16 -p1 -b .bigtvsec
%patch17 -p1 -b .opensslhmac
%patch16 -p1 -b .opensslhmac
#pushd dovecot-2*3-pigeonhole-%{pigeonholever}
#popd
@ -333,6 +331,7 @@ make check
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-logging.conf
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-mail.conf
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-master.conf
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-metrics.conf
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-ssl.conf
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-lda.conf
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-mailboxes.conf
@ -352,7 +351,6 @@ make check
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext
%config(noreplace) %{_sysconfdir}/pam.d/dovecot
%config(noreplace) %{ssldir}/dovecot-openssl.cnf
@ -454,6 +452,13 @@ make check
%{_libdir}/%{name}/dict/libdriver_pgsql.so
%changelog
* Mon Mar 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-1
- dovecot updated to 2.3.14, pigeonhole to 0.5.14
- use OpenSSL's implementation of HMAC
- Remove autocreate, expire, snarf and mail-filter plugins.
- Remove cydir storage driver.
- Remove XZ/LZMA write support. Read support will be removed in future release.
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7
- rebuild for libpq ABI fix rhbz#1908268

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (dovecot-2.3.13.tar.gz) = 758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95
SHA512 (dovecot-2.3-pigeonhole-0.5.13.tar.gz) = fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3
SHA512 (dovecot-2.3.14.tar.gz) = 69df234cb739c7ee7ae3acfb9756bc22481e94c95463d32bfac315c7ec4b1ba0dfbff552b769f2ab7ee554087ca2ebbe331aa008d3af26417016612dc7cad103
SHA512 (dovecot-2.3-pigeonhole-0.5.14.tar.gz) = c5d5d309769eabe2c0971646d0c14d166b6b524acf59e1069eca803f764544fa2535c09c9a630ca706aa70442b688ee26af831d29e674823bac7ea7c0e1f33cc