dovecot updated to 2.3.14, pigeonhole to 0.5.14

use OpenSSL's implementation of HMAC Remove autocreate, expire, snarf and mail-filter plugins. Remove cydir storage driver. Remove XZ/LZMA write support. Read support will be removed in future release.
2021-03-22 21:06:01 +01:00 · 2021-03-22 21:06:01 +01:00 · 25d565523c
commit 25d565523c
parent 8550d54fac
5 changed files with 125 additions and 106 deletions
--- a/dovecot-2.2.20-initbysystemd.patch
+++ b/dovecot-2.2.20-initbysystemd.patch
@ -21,7 +21,7 @@ diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/doveco
@@ -8,7 +8,8 @@
 Description=Dovecot IMAP/POP3 email server
 Documentation=man:dovecot(1)
- Documentation=http://wiki2.dovecot.org/
+ Documentation=https://doc.dovecot.org/
 -After=local-fs.target network-online.target
 +After=local-fs.target network-online.target dovecot-init.service
 +Requires=dovecot-init.service
--- a/dovecot-2.3.13-bigtvsec.patch
+++ b/dovecot-2.3.13-bigtvsec.patch
@ -1,36 +0,0 @@
 diff -up dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec dovecot-2.3.13/src/lib/test-time-util.c
 --- dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec	2021-01-06 11:27:06.793315308 +0100
 +++ dovecot-2.3.13/src/lib/test-time-util.c	2021-01-06 11:27:06.815315088 +0100
@@ -358,7 +358,7 @@ static void test_str_to_timeval(void)
 {
 	struct {
 		const char *str;
 -		unsigned int tv_sec, tv_usec;
 +		long int tv_sec, tv_usec;
 	} tests[] = {
 		{ "0", 0, 0 },
 		{ "0.0", 0, 0 },
 diff -up dovecot-2.3.13/src/lib/time-util.c.bigtvsec dovecot-2.3.13/src/lib/time-util.c
 --- dovecot-2.3.13/src/lib/time-util.c.bigtvsec	2021-01-06 11:10:49.791094852 +0100
 +++ dovecot-2.3.13/src/lib/time-util.c	2021-01-06 11:10:08.255501319 +0100
@@ -43,16 +43,16 @@ int timeval_cmp_margin(const struct time
 	if (tv1->tv_sec < tv2->tv_sec) {
 		sec_margin = ((int)usec_margin / 1000000) + 1;
 -		if ((tv2->tv_sec - tv1->tv_sec) > sec_margin)
 +		if (((long long)tv2->tv_sec - tv1->tv_sec) > sec_margin)
 			return -1;
 -		usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL +
 +		usecs_diff = ((long long)tv2->tv_sec - tv1->tv_sec) * 1000000LL +
 			(tv2->tv_usec - tv1->tv_usec);
 		ret = -1;
 	} else if (tv1->tv_sec > tv2->tv_sec) {
 		sec_margin = ((int)usec_margin / 1000000) + 1;
 -		if ((tv1->tv_sec - tv2->tv_sec) > sec_margin)
 +		if (((long long)tv1->tv_sec - tv2->tv_sec) > sec_margin)
 			return 1;
 -		usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL +
 +		usecs_diff = ((long long)tv1->tv_sec - tv2->tv_sec) * 1000000LL +
 			(tv1->tv_usec - tv2->tv_usec);
 		ret = 1;
 	} else if (tv1->tv_usec < tv2->tv_usec) {
--- a/dovecot-2.3.6-opensslhmac.patch
+++ b/dovecot-2.3.6-opensslhmac.patch
@ -1,6 +1,6 @@
-diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/auth/auth-token.c
+diff -up dovecot-2.3.14/src/auth/auth-token.c.opensslhmac dovecot-2.3.14/src/auth/auth-token.c
--- dovecot-2.3.13/src/auth/auth-token.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/auth/auth-token.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/auth/auth-token.c	2021-03-22 18:44:06.946142422 +0100
+++ dovecot-2.3.14/src/auth/auth-token.c	2021-03-22 20:44:13.022912242 +0100
@@ -161,17 +161,17 @@ void auth_token_deinit(void)
 const char *auth_token_get(const char *service, const char *session_pid,
 			   const char *username, const char *session_id)
@ -26,9 +26,9 @@ diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/aut
 	return binary_to_hex(result, sizeof(result));
 }
-diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/auth/mech-cram-md5.c
+diff -up dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.14/src/auth/mech-cram-md5.c
--- dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/auth/mech-cram-md5.c	2021-03-22 18:44:06.946142422 +0100
+++ dovecot-2.3.14/src/auth/mech-cram-md5.c	2021-03-22 20:44:13.022912242 +0100
@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr
 {
@ -52,9 +52,9 @@ diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/
 	response_hex = binary_to_hex(digest, sizeof(digest));
-diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/auth/mech-scram.c
+diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/auth/mech-scram.c
--- dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/auth/mech-scram.c	2021-03-22 18:44:06.946142422 +0100
+++ dovecot-2.3.14/src/auth/mech-scram.c	2021-03-22 20:44:13.022912242 +0100
@@ -78,7 +78,7 @@ static const char *get_scram_server_firs
 static const char *get_scram_server_final(struct scram_auth_request *request)
 {
@ -99,9 +99,9 @@ diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/aut
 	const unsigned char *proof_data = request->proof->data;
 	for (i = 0; i < sizeof(client_signature); i++)
-diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme.c
+diff -up dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme.c
--- dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/auth/password-scheme.c	2021-03-22 18:44:06.947142409 +0100
+++ dovecot-2.3.14/src/auth/password-scheme.c	2021-03-22 20:44:13.022912242 +0100
@@ -639,11 +639,11 @@ static void
 cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
 		  const unsigned char **raw_password_r, size_t *size_r)
@ -116,9 +116,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/sr
 		  strlen(plaintext), &hash_method_md5);
 	hmac_md5_get_cram_context(&ctx, context_digest);
-diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme-scram.c
+diff -up dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme-scram.c
--- dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/auth/password-scheme-scram.c	2021-03-22 18:44:06.947142409 +0100
+++ dovecot-2.3.14/src/auth/password-scheme-scram.c	2021-03-22 20:44:13.023912229 +0100
@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co
    const unsigned char *salt, size_t salt_size, unsigned int i,
    unsigned char *result)
@ -208,9 +208,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3
 	str_append_c(str, ',');
 	base64_encode(server_key, sizeof(server_key), str);
-diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c
+diff -up dovecot-2.3.14/src/lib/hmac.c.opensslhmac dovecot-2.3.14/src/lib/hmac.c
--- dovecot-2.3.13/src/lib/hmac.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/lib/hmac.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/lib/hmac.c	2021-03-22 18:44:06.947142409 +0100
+++ dovecot-2.3.14/src/lib/hmac.c	2021-03-22 20:44:13.023912229 +0100
@@ -7,6 +7,10 @@
  * This software is released under the MIT license.
  */
@ -287,11 +287,11 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c
 +    }
 +    i_assert(no_fips);
 +	struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
- 	int i;
+ 	unsigned int i;
- 	unsigned char k_ipad[64];
+ 	unsigned char k_ipad[meth->block_size];
- 	unsigned char k_opad[64];
+ 	unsigned char k_opad[meth->block_size];
@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx
- 	safe_memset(k_opad, 0, 64);
+ 	safe_memset(k_opad, 0, meth->block_size);
 }
 -void hmac_final(struct hmac_context *_ctx, unsigned char *digest)
@ -448,9 +448,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c
 -	safe_memset(prk, 0, sizeof(prk));
 -	safe_memset(okm, 0, sizeof(okm));
 }
-diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.c
+diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.c
--- dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/lib/hmac-cram-md5.c	2021-03-22 18:44:06.947142409 +0100
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.c	2021-03-22 20:44:13.023912229 +0100
@@ -9,10 +9,10 @@
 #include "md5.h"
 #include "hmac-cram-md5.h"
@ -477,9 +477,9 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/l
 	const unsigned char *cdp;
 	struct md5_context *ctx = (void*)hmac_ctx->ctx;
-diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.h
+diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.h
--- dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/lib/hmac-cram-md5.h	2021-03-22 18:44:06.947142409 +0100
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.h	2021-03-22 20:44:13.023912229 +0100
@@ -5,9 +5,9 @@
 #define CRAM_MD5_CONTEXTLEN 32
@ -492,19 +492,19 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/l
 		const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
-diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h
+diff -up dovecot-2.3.14/src/lib/hmac.h.opensslhmac dovecot-2.3.14/src/lib/hmac.h
--- dovecot-2.3.13/src/lib/hmac.h.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/lib/hmac.h.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/lib/hmac.h	2021-03-22 18:44:06.947142409 +0100
+++ dovecot-2.3.14/src/lib/hmac.h	2021-03-22 20:44:13.023912229 +0100
-@@ -3,60 +3,97 @@
+@@ -4,60 +4,97 @@
 #include "hash-method.h"
 #include "sha1.h"
 #include "sha2.h"
 +#include <openssl/objects.h>
 +#include <openssl/hmac.h>
 +#include <openssl/kdf.h>
 +#include <openssl/err.h>
- #define HMAC_MAX_CONTEXT_SIZE 256
+ #define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx)
 -struct hmac_context_priv {
 +struct openssl_hmac_context_priv {
@ -606,9 +606,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h
 		  okm_buffer, okm_len);
 	return okm_buffer;
 }
-diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c
+diff -up dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c
--- dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c	2021-03-22 18:44:06.948142396 +0100
+++ dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c	2021-03-22 20:44:13.023912229 +0100
@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha
 			       const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
 			       size_t *token_len_r)
@ -629,9 +629,9 @@ diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-
 	*token_len_r = SHA1_RESULTLEN + 1;
 	return token;
-diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/Makefile.am
+diff -up dovecot-2.3.14/src/lib/Makefile.am.opensslhmac dovecot-2.3.14/src/lib/Makefile.am
--- dovecot-2.3.13/src/lib/Makefile.am.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/lib/Makefile.am.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/lib/Makefile.am	2021-03-22 18:44:06.948142396 +0100
+++ dovecot-2.3.14/src/lib/Makefile.am	2021-03-22 20:44:13.023912229 +0100
@@ -352,6 +352,9 @@ headers = \
 	wildcard-match.h \
 	write-full.h
@ -642,13 +642,13 @@ diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/M
 test_programs = test-lib
 noinst_PROGRAMS = $(test_programs)
-diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c
+diff -up dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c
--- dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac	2021-03-22 18:46:42.645100171 +0100
+--- dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c	2021-03-22 18:46:42.657100014 +0100
+++ dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c	2021-03-22 20:44:13.024912217 +0100
-@@ -96,14 +96,14 @@ static int oauth2_validate_hmac(const st
+@@ -106,14 +106,14 @@ oauth2_validate_hmac(const struct oauth2
 	const buffer_t *key;
 	if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0)
 		return -1;
 -	struct hmac_context ctx;
 -	hmac_init(&ctx, key->data, key->used, method);
 -	hmac_update(&ctx, blobs[0], strlen(blobs[0]));
@ -666,10 +666,10 @@ diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/s
 	buffer_t *their_digest =
 		t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]);
-diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c
+diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c
--- dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c	2021-03-22 18:44:06.948142396 +0100
+++ dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c	2021-03-22 20:46:09.524440794 +0100
-@@ -219,7 +219,7 @@ static void save_key_to(const char *algo
+@@ -236,7 +236,7 @@ static void save_key_to(const char *algo
 static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key)
 {
 	i_assert(key != NULL);
@ -678,9 +678,27 @@ diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3
 				      tokenbuf);
 	buffer_append(tokenbuf, ".", 1);
 	base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
-diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5.c
+@@ -246,7 +246,7 @@ static void sign_jwt_token_hs256(buffer_
--- dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+ static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key)
-+++ dovecot-2.3.13/src/lib/pkcs5.c	2021-03-22 18:44:06.948142396 +0100
+ {
 	i_assert(key != NULL);
 -	buffer_t *sig = t_hmac_buffer(&hash_method_sha384, key->data, key->used,
 +	buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha384, key->data, key->used,
 				      tokenbuf);
 	buffer_append(tokenbuf, ".", 1);
 	base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
@@ -256,7 +256,7 @@ static void sign_jwt_token_hs384(buffer_
 static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key)
 {
 	i_assert(key != NULL);
 -	buffer_t *sig = t_hmac_buffer(&hash_method_sha512, key->data, key->used,
 +	buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha512, key->data, key->used,
 				      tokenbuf);
 	buffer_append(tokenbuf, ".", 1);
 	base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
 diff -up dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac dovecot-2.3.14/src/lib/pkcs5.c
 --- dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
 +++ dovecot-2.3.14/src/lib/pkcs5.c	2021-03-22 20:44:13.024912217 +0100
@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho
 	size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
 	unsigned char dk[l * hash->digest_size];
@ -715,10 +733,10 @@ diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5
 			for(i = 0; i < hash->digest_size; i++)
 				block[i] ^= U_c[i];
 		}
-diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/test-hmac.c
+diff -up dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac dovecot-2.3.14/src/lib/test-hmac.c
--- dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac	2020-12-22 14:26:52.000000000 +0100
+--- dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac	2021-03-04 09:38:06.000000000 +0100
-+++ dovecot-2.3.13/src/lib/test-hmac.c	2021-03-22 18:44:06.948142396 +0100
+++ dovecot-2.3.14/src/lib/test-hmac.c	2021-03-22 20:44:13.024912217 +0100
-@@ -112,11 +112,11 @@ static void test_hmac_rfc(void)
+@@ -206,11 +206,11 @@ static void test_hmac_rfc(void)
 	test_begin("hmac sha256 rfc4231 vectors");
 	for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) {
 		const struct test_vector *vec = &(test_vectors[i]);
@ -734,7 +752,39 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t
 		test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
 	}
 	test_end();
-@@ -129,7 +129,7 @@ static void test_hmac_buffer(void)
+@@ -221,11 +221,11 @@ static void test_hmac384_rfc(void)
 	test_begin("hmac sha384 rfc4231 vectors");
 	for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac384); i++) {
 		const struct test_vector *vec = &(test_vectors_hmac384[i]);
 -		struct hmac_context ctx;
 -		hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
 -		hmac_update(&ctx, vec->data, vec->data_len);
 +		struct openssl_hmac_context ctx;
 +		openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
 +		openssl_hmac_update(&ctx, vec->data, vec->data_len);
 		unsigned char res[SHA384_RESULTLEN];
 -		hmac_final(&ctx, res);
 +		openssl_hmac_final(&ctx, res);
 		test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
 	}
 	test_end();
@@ -236,11 +236,11 @@ static void test_hmac512_rfc(void)
 	test_begin("hmac sha512 rfc4231 vectors");
 	for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac512); i++) {
 		const struct test_vector *vec = &(test_vectors_hmac512[i]);
 -		struct hmac_context ctx;
 -		hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
 -		hmac_update(&ctx, vec->data, vec->data_len);
 +		struct openssl_hmac_context ctx;
 +		openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
 +		openssl_hmac_update(&ctx, vec->data, vec->data_len);
 		unsigned char res[SHA512_RESULTLEN];
 -		hmac_final(&ctx, res);
 +		openssl_hmac_final(&ctx, res);
 		test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
 	}
 	test_end();
@@ -253,7 +253,7 @@ static void test_hmac_buffer(void)
 	buffer_t *tmp;
@ -743,7 +793,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t
 			  vec->data, vec->data_len);
 	test_assert(tmp->used == vec->res_len &&
-@@ -146,7 +146,7 @@ static void test_hkdf_rfc(void)
+@@ -270,7 +270,7 @@ static void test_hkdf_rfc(void)
 		buffer_set_used_size(res, 0);
 		const struct test_vector_5869 *vec = &(test_vectors_5869[i]);
 		const struct hash_method *m = hash_method_lookup(vec->prf);
@ -752,7 +802,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t
 			  vec->info, vec->info_len, res, vec->okm_len);
 		test_assert_idx(memcmp(res->data, vec->okm, vec->okm_len) == 0, i);
 	}
-@@ -159,7 +159,7 @@ static void test_hkdf_buffer(void)
+@@ -283,7 +283,7 @@ static void test_hkdf_buffer(void)
 	test_begin("hkdf temporary buffer");
 	const struct test_vector_5869 *vec = &(test_vectors_5869[0]);
 	const struct hash_method *m = hash_method_lookup(vec->prf);
--- a/dovecot.spec
+++ b/dovecot.spec
@ -3,9 +3,9 @@
 Summary: Secure imap and pop3 server
 Name: dovecot
 Epoch: 1
-Version: 2.3.13
+Version: 2.3.14
 %global prever %{nil}
-Release: 7%{?dist}
+Release: 1%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
 License: MIT and LGPLv2
@ -13,7 +13,7 @@ URL: http://www.dovecot.org/
 Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
 Source1: dovecot.init
 Source2: dovecot.pam
-%global pigeonholever 0.5.13
+%global pigeonholever 0.5.14
 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
 Source9: dovecot.sysconfig
 Source10: dovecot.tmpfilesd
@ -33,12 +33,11 @@ Patch8: dovecot-2.2.20-initbysystemd.patch
 Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
 Patch10: dovecot-2.3.0.1-libxcrypt.patch
 Patch15: dovecot-2.3.11-bigkey.patch
 Patch16: dovecot-2.3.13-bigtvsec.patch
 # do not use own implementation of HMAC, use OpenSSL for certification purposes
 # not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces
 # hard to break circular dependency between lib and lib-dcrypt
-Patch17: dovecot-2.3.6-opensslhmac.patch
+Patch16: dovecot-2.3.6-opensslhmac.patch
 Source15: prestartscript
@ -127,8 +126,7 @@ This package provides the development files for dovecot.
 %patch8 -p1 -b .initbysystemd
 %patch9 -p1 -b .systemd_w_protectsystem
 %patch15 -p1 -b .bigkey
-%patch16 -p1 -b .bigtvsec
+%patch16 -p1 -b .opensslhmac
 %patch17 -p1 -b .opensslhmac
 #pushd dovecot-2*3-pigeonhole-%{pigeonholever}
 #popd
@ -333,6 +331,7 @@ make check
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-logging.conf
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-mail.conf
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-master.conf
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-metrics.conf
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-ssl.conf
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-lda.conf
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-mailboxes.conf
@ -352,7 +351,6 @@ make check
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext
 %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext
 %config(noreplace) %{_sysconfdir}/pam.d/dovecot
 %config(noreplace) %{ssldir}/dovecot-openssl.cnf
@ -454,6 +452,13 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 %changelog
 * Mon Mar 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-1
 - dovecot updated to 2.3.14, pigeonhole to 0.5.14
 - use OpenSSL's implementation of HMAC
 - Remove autocreate, expire, snarf and mail-filter plugins.
 - Remove cydir storage driver.
 - Remove XZ/LZMA write support. Read support will be removed in future release.
 * Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7
 - rebuild for libpq ABI fix rhbz#1908268
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (dovecot-2.3.13.tar.gz) = 758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95
+SHA512 (dovecot-2.3.14.tar.gz) = 69df234cb739c7ee7ae3acfb9756bc22481e94c95463d32bfac315c7ec4b1ba0dfbff552b769f2ab7ee554087ca2ebbe331aa008d3af26417016612dc7cad103
-SHA512 (dovecot-2.3-pigeonhole-0.5.13.tar.gz) = fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3
+SHA512 (dovecot-2.3-pigeonhole-0.5.14.tar.gz) = c5d5d309769eabe2c0971646d0c14d166b6b524acf59e1069eca803f764544fa2535c09c9a630ca706aa70442b688ee26af831d29e674823bac7ea7c0e1f33cc
`@ -1,2 +1,2 @@`
	`SHA512 (dovecot-2.3.13.tar.gz) = 758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95`	`SHA512 (dovecot-2.3.14.tar.gz) = 69df234cb739c7ee7ae3acfb9756bc22481e94c95463d32bfac315c7ec4b1ba0dfbff552b769f2ab7ee554087ca2ebbe331aa008d3af26417016612dc7cad103`
	`SHA512 (dovecot-2.3-pigeonhole-0.5.13.tar.gz) = fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3`	`SHA512 (dovecot-2.3-pigeonhole-0.5.14.tar.gz) = c5d5d309769eabe2c0971646d0c14d166b6b524acf59e1069eca803f764544fa2535c09c9a630ca706aa70442b688ee26af831d29e674823bac7ea7c0e1f33cc`