From 25d565523c37b64b947072151fa5afb928444d55 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 22 Mar 2021 21:06:01 +0100 Subject: [PATCH] dovecot updated to 2.3.14, pigeonhole to 0.5.14 use OpenSSL's implementation of HMAC Remove autocreate, expire, snarf and mail-filter plugins. Remove cydir storage driver. Remove XZ/LZMA write support. Read support will be removed in future release. --- dovecot-2.2.20-initbysystemd.patch | 2 +- dovecot-2.3.13-bigtvsec.patch | 36 ------- dovecot-2.3.6-opensslhmac.patch | 168 +++++++++++++++++++---------- dovecot.spec | 21 ++-- sources | 4 +- 5 files changed, 125 insertions(+), 106 deletions(-) delete mode 100644 dovecot-2.3.13-bigtvsec.patch diff --git a/dovecot-2.2.20-initbysystemd.patch b/dovecot-2.2.20-initbysystemd.patch index 7e3d94c..85327ee 100644 --- a/dovecot-2.2.20-initbysystemd.patch +++ b/dovecot-2.2.20-initbysystemd.patch @@ -21,7 +21,7 @@ diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/doveco @@ -8,7 +8,8 @@ Description=Dovecot IMAP/POP3 email server Documentation=man:dovecot(1) - Documentation=http://wiki2.dovecot.org/ + Documentation=https://doc.dovecot.org/ -After=local-fs.target network-online.target +After=local-fs.target network-online.target dovecot-init.service +Requires=dovecot-init.service diff --git a/dovecot-2.3.13-bigtvsec.patch b/dovecot-2.3.13-bigtvsec.patch deleted file mode 100644 index 3bd7ce6..0000000 --- a/dovecot-2.3.13-bigtvsec.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec dovecot-2.3.13/src/lib/test-time-util.c ---- dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec 2021-01-06 11:27:06.793315308 +0100 -+++ dovecot-2.3.13/src/lib/test-time-util.c 2021-01-06 11:27:06.815315088 +0100 -@@ -358,7 +358,7 @@ static void test_str_to_timeval(void) - { - struct { - const char *str; -- unsigned int tv_sec, tv_usec; -+ long int tv_sec, tv_usec; - } tests[] = { - { "0", 0, 0 }, - { "0.0", 0, 0 }, -diff -up dovecot-2.3.13/src/lib/time-util.c.bigtvsec dovecot-2.3.13/src/lib/time-util.c ---- dovecot-2.3.13/src/lib/time-util.c.bigtvsec 2021-01-06 11:10:49.791094852 +0100 -+++ dovecot-2.3.13/src/lib/time-util.c 2021-01-06 11:10:08.255501319 +0100 -@@ -43,16 +43,16 @@ int timeval_cmp_margin(const struct time - - if (tv1->tv_sec < tv2->tv_sec) { - sec_margin = ((int)usec_margin / 1000000) + 1; -- if ((tv2->tv_sec - tv1->tv_sec) > sec_margin) -+ if (((long long)tv2->tv_sec - tv1->tv_sec) > sec_margin) - return -1; -- usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL + -+ usecs_diff = ((long long)tv2->tv_sec - tv1->tv_sec) * 1000000LL + - (tv2->tv_usec - tv1->tv_usec); - ret = -1; - } else if (tv1->tv_sec > tv2->tv_sec) { - sec_margin = ((int)usec_margin / 1000000) + 1; -- if ((tv1->tv_sec - tv2->tv_sec) > sec_margin) -+ if (((long long)tv1->tv_sec - tv2->tv_sec) > sec_margin) - return 1; -- usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL + -+ usecs_diff = ((long long)tv1->tv_sec - tv2->tv_sec) * 1000000LL + - (tv1->tv_usec - tv2->tv_usec); - ret = 1; - } else if (tv1->tv_usec < tv2->tv_usec) { diff --git a/dovecot-2.3.6-opensslhmac.patch b/dovecot-2.3.6-opensslhmac.patch index a95202e..ba6453b 100644 --- a/dovecot-2.3.6-opensslhmac.patch +++ b/dovecot-2.3.6-opensslhmac.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/auth/auth-token.c ---- dovecot-2.3.13/src/auth/auth-token.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/auth-token.c 2021-03-22 18:44:06.946142422 +0100 +diff -up dovecot-2.3.14/src/auth/auth-token.c.opensslhmac dovecot-2.3.14/src/auth/auth-token.c +--- dovecot-2.3.14/src/auth/auth-token.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/auth-token.c 2021-03-22 20:44:13.022912242 +0100 @@ -161,17 +161,17 @@ void auth_token_deinit(void) const char *auth_token_get(const char *service, const char *session_pid, const char *username, const char *session_id) @@ -26,9 +26,9 @@ diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/aut return binary_to_hex(result, sizeof(result)); } -diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/auth/mech-cram-md5.c ---- dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/mech-cram-md5.c 2021-03-22 18:44:06.946142422 +0100 +diff -up dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.14/src/auth/mech-cram-md5.c +--- dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/mech-cram-md5.c 2021-03-22 20:44:13.022912242 +0100 @@ -51,7 +51,7 @@ static bool verify_credentials(struct cr { @@ -52,9 +52,9 @@ diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/ response_hex = binary_to_hex(digest, sizeof(digest)); -diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/auth/mech-scram.c ---- dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/mech-scram.c 2021-03-22 18:44:06.946142422 +0100 +diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/auth/mech-scram.c +--- dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/mech-scram.c 2021-03-22 20:44:13.022912242 +0100 @@ -78,7 +78,7 @@ static const char *get_scram_server_firs static const char *get_scram_server_final(struct scram_auth_request *request) { @@ -99,9 +99,9 @@ diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/aut const unsigned char *proof_data = request->proof->data; for (i = 0; i < sizeof(client_signature); i++) -diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme.c ---- dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/password-scheme.c 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme.c +--- dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/password-scheme.c 2021-03-22 20:44:13.022912242 +0100 @@ -639,11 +639,11 @@ static void cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED, const unsigned char **raw_password_r, size_t *size_r) @@ -116,9 +116,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/sr strlen(plaintext), &hash_method_md5); hmac_md5_get_cram_context(&ctx, context_digest); -diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme-scram.c ---- dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/auth/password-scheme-scram.c 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme-scram.c +--- dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/auth/password-scheme-scram.c 2021-03-22 20:44:13.023912229 +0100 @@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co const unsigned char *salt, size_t salt_size, unsigned int i, unsigned char *result) @@ -208,9 +208,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3 str_append_c(str, ','); base64_encode(server_key, sizeof(server_key), str); -diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c ---- dovecot-2.3.13/src/lib/hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/hmac.c 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/lib/hmac.c.opensslhmac dovecot-2.3.14/src/lib/hmac.c +--- dovecot-2.3.14/src/lib/hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/hmac.c 2021-03-22 20:44:13.023912229 +0100 @@ -7,6 +7,10 @@ * This software is released under the MIT license. */ @@ -287,11 +287,11 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c + } + i_assert(no_fips); + struct orig_hmac_context_priv *ctx = &_ctx->u.priv; - int i; - unsigned char k_ipad[64]; - unsigned char k_opad[64]; + unsigned int i; + unsigned char k_ipad[meth->block_size]; + unsigned char k_opad[meth->block_size]; @@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx - safe_memset(k_opad, 0, 64); + safe_memset(k_opad, 0, meth->block_size); } -void hmac_final(struct hmac_context *_ctx, unsigned char *digest) @@ -448,9 +448,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c - safe_memset(prk, 0, sizeof(prk)); - safe_memset(okm, 0, sizeof(okm)); } -diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.c ---- dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/hmac-cram-md5.c 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.c +--- dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/hmac-cram-md5.c 2021-03-22 20:44:13.023912229 +0100 @@ -9,10 +9,10 @@ #include "md5.h" #include "hmac-cram-md5.h" @@ -477,9 +477,9 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/l const unsigned char *cdp; struct md5_context *ctx = (void*)hmac_ctx->ctx; -diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.h ---- dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/hmac-cram-md5.h 2021-03-22 18:44:06.947142409 +0100 +diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.h +--- dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/hmac-cram-md5.h 2021-03-22 20:44:13.023912229 +0100 @@ -5,9 +5,9 @@ #define CRAM_MD5_CONTEXTLEN 32 @@ -492,19 +492,19 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/l const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]); -diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h ---- dovecot-2.3.13/src/lib/hmac.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/hmac.h 2021-03-22 18:44:06.947142409 +0100 -@@ -3,60 +3,97 @@ - +diff -up dovecot-2.3.14/src/lib/hmac.h.opensslhmac dovecot-2.3.14/src/lib/hmac.h +--- dovecot-2.3.14/src/lib/hmac.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/hmac.h 2021-03-22 20:44:13.023912229 +0100 +@@ -4,60 +4,97 @@ #include "hash-method.h" #include "sha1.h" + #include "sha2.h" +#include +#include +#include +#include - #define HMAC_MAX_CONTEXT_SIZE 256 + #define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx) -struct hmac_context_priv { +struct openssl_hmac_context_priv { @@ -606,9 +606,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h okm_buffer, okm_len); return okm_buffer; } -diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c ---- dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 18:44:06.948142396 +0100 +diff -up dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c +--- dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 20:44:13.023912229 +0100 @@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN], size_t *token_len_r) @@ -629,9 +629,9 @@ diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot- *token_len_r = SHA1_RESULTLEN + 1; return token; -diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/Makefile.am ---- dovecot-2.3.13/src/lib/Makefile.am.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/Makefile.am 2021-03-22 18:44:06.948142396 +0100 +diff -up dovecot-2.3.14/src/lib/Makefile.am.opensslhmac dovecot-2.3.14/src/lib/Makefile.am +--- dovecot-2.3.14/src/lib/Makefile.am.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/Makefile.am 2021-03-22 20:44:13.023912229 +0100 @@ -352,6 +352,9 @@ headers = \ wildcard-match.h \ write-full.h @@ -642,13 +642,13 @@ diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/M test_programs = test-lib noinst_PROGRAMS = $(test_programs) -diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c ---- dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-22 18:46:42.645100171 +0100 -+++ dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c 2021-03-22 18:46:42.657100014 +0100 -@@ -96,14 +96,14 @@ static int oauth2_validate_hmac(const st - const buffer_t *key; +diff -up dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c +--- dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c 2021-03-22 20:44:13.024912217 +0100 +@@ -106,14 +106,14 @@ oauth2_validate_hmac(const struct oauth2 if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0) return -1; + - struct hmac_context ctx; - hmac_init(&ctx, key->data, key->used, method); - hmac_update(&ctx, blobs[0], strlen(blobs[0])); @@ -666,10 +666,10 @@ diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/s buffer_t *their_digest = t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]); -diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c ---- dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 18:44:06.948142396 +0100 -@@ -219,7 +219,7 @@ static void save_key_to(const char *algo +diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c +--- dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 20:46:09.524440794 +0100 +@@ -236,7 +236,7 @@ static void save_key_to(const char *algo static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key) { i_assert(key != NULL); @@ -678,9 +678,27 @@ diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3 tokenbuf); buffer_append(tokenbuf, ".", 1); base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, -diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5.c ---- dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/pkcs5.c 2021-03-22 18:44:06.948142396 +0100 +@@ -246,7 +246,7 @@ static void sign_jwt_token_hs256(buffer_ + static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key) + { + i_assert(key != NULL); +- buffer_t *sig = t_hmac_buffer(&hash_method_sha384, key->data, key->used, ++ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha384, key->data, key->used, + tokenbuf); + buffer_append(tokenbuf, ".", 1); + base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, +@@ -256,7 +256,7 @@ static void sign_jwt_token_hs384(buffer_ + static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key) + { + i_assert(key != NULL); +- buffer_t *sig = t_hmac_buffer(&hash_method_sha512, key->data, key->used, ++ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha512, key->data, key->used, + tokenbuf); + buffer_append(tokenbuf, ".", 1); + base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX, +diff -up dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac dovecot-2.3.14/src/lib/pkcs5.c +--- dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/pkcs5.c 2021-03-22 20:44:13.024912217 +0100 @@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */ unsigned char dk[l * hash->digest_size]; @@ -715,10 +733,10 @@ diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5 for(i = 0; i < hash->digest_size; i++) block[i] ^= U_c[i]; } -diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/test-hmac.c ---- dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100 -+++ dovecot-2.3.13/src/lib/test-hmac.c 2021-03-22 18:44:06.948142396 +0100 -@@ -112,11 +112,11 @@ static void test_hmac_rfc(void) +diff -up dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac dovecot-2.3.14/src/lib/test-hmac.c +--- dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100 ++++ dovecot-2.3.14/src/lib/test-hmac.c 2021-03-22 20:44:13.024912217 +0100 +@@ -206,11 +206,11 @@ static void test_hmac_rfc(void) test_begin("hmac sha256 rfc4231 vectors"); for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) { const struct test_vector *vec = &(test_vectors[i]); @@ -734,7 +752,39 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i); } test_end(); -@@ -129,7 +129,7 @@ static void test_hmac_buffer(void) +@@ -221,11 +221,11 @@ static void test_hmac384_rfc(void) + test_begin("hmac sha384 rfc4231 vectors"); + for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac384); i++) { + const struct test_vector *vec = &(test_vectors_hmac384[i]); +- struct hmac_context ctx; +- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); +- hmac_update(&ctx, vec->data, vec->data_len); ++ struct openssl_hmac_context ctx; ++ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); ++ openssl_hmac_update(&ctx, vec->data, vec->data_len); + unsigned char res[SHA384_RESULTLEN]; +- hmac_final(&ctx, res); ++ openssl_hmac_final(&ctx, res); + test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i); + } + test_end(); +@@ -236,11 +236,11 @@ static void test_hmac512_rfc(void) + test_begin("hmac sha512 rfc4231 vectors"); + for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac512); i++) { + const struct test_vector *vec = &(test_vectors_hmac512[i]); +- struct hmac_context ctx; +- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); +- hmac_update(&ctx, vec->data, vec->data_len); ++ struct openssl_hmac_context ctx; ++ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf)); ++ openssl_hmac_update(&ctx, vec->data, vec->data_len); + unsigned char res[SHA512_RESULTLEN]; +- hmac_final(&ctx, res); ++ openssl_hmac_final(&ctx, res); + test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i); + } + test_end(); +@@ -253,7 +253,7 @@ static void test_hmac_buffer(void) buffer_t *tmp; @@ -743,7 +793,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t vec->data, vec->data_len); test_assert(tmp->used == vec->res_len && -@@ -146,7 +146,7 @@ static void test_hkdf_rfc(void) +@@ -270,7 +270,7 @@ static void test_hkdf_rfc(void) buffer_set_used_size(res, 0); const struct test_vector_5869 *vec = &(test_vectors_5869[i]); const struct hash_method *m = hash_method_lookup(vec->prf); @@ -752,7 +802,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t vec->info, vec->info_len, res, vec->okm_len); test_assert_idx(memcmp(res->data, vec->okm, vec->okm_len) == 0, i); } -@@ -159,7 +159,7 @@ static void test_hkdf_buffer(void) +@@ -283,7 +283,7 @@ static void test_hkdf_buffer(void) test_begin("hkdf temporary buffer"); const struct test_vector_5869 *vec = &(test_vectors_5869[0]); const struct hash_method *m = hash_method_lookup(vec->prf); diff --git a/dovecot.spec b/dovecot.spec index 7e769e6..aba275c 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.13 +Version: 2.3.14 %global prever %{nil} -Release: 7%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.13 +%global pigeonholever 0.5.14 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -33,12 +33,11 @@ Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch Patch15: dovecot-2.3.11-bigkey.patch -Patch16: dovecot-2.3.13-bigtvsec.patch # do not use own implementation of HMAC, use OpenSSL for certification purposes # not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces # hard to break circular dependency between lib and lib-dcrypt -Patch17: dovecot-2.3.6-opensslhmac.patch +Patch16: dovecot-2.3.6-opensslhmac.patch Source15: prestartscript @@ -127,8 +126,7 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem %patch15 -p1 -b .bigkey -%patch16 -p1 -b .bigtvsec -%patch17 -p1 -b .opensslhmac +%patch16 -p1 -b .opensslhmac #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -333,6 +331,7 @@ make check %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-logging.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-mail.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-master.conf +%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-metrics.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-ssl.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-lda.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-mailboxes.conf @@ -352,7 +351,6 @@ make check %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext - %config(noreplace) %{_sysconfdir}/pam.d/dovecot %config(noreplace) %{ssldir}/dovecot-openssl.cnf @@ -454,6 +452,13 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Mar 22 2021 Michal Hlavinka - 1:2.3.14-1 +- dovecot updated to 2.3.14, pigeonhole to 0.5.14 +- use OpenSSL's implementation of HMAC +- Remove autocreate, expire, snarf and mail-filter plugins. +- Remove cydir storage driver. +- Remove XZ/LZMA write support. Read support will be removed in future release. + * Mon Feb 08 2021 Pavel Raiskup - 1:2.3.13-7 - rebuild for libpq ABI fix rhbz#1908268 diff --git a/sources b/sources index a3e1632..a7b5e63 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.13.tar.gz) = 758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95 -SHA512 (dovecot-2.3-pigeonhole-0.5.13.tar.gz) = fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3 +SHA512 (dovecot-2.3.14.tar.gz) = 69df234cb739c7ee7ae3acfb9756bc22481e94c95463d32bfac315c7ec4b1ba0dfbff552b769f2ab7ee554087ca2ebbe331aa008d3af26417016612dc7cad103 +SHA512 (dovecot-2.3-pigeonhole-0.5.14.tar.gz) = c5d5d309769eabe2c0971646d0c14d166b6b524acf59e1069eca803f764544fa2535c09c9a630ca706aa70442b688ee26af831d29e674823bac7ea7c0e1f33cc