dovecot updated to 2.3.14, pigeonhole to 0.5.14
use OpenSSL's implementation of HMAC Remove autocreate, expire, snarf and mail-filter plugins. Remove cydir storage driver. Remove XZ/LZMA write support. Read support will be removed in future release.
This commit is contained in:
parent
8550d54fac
commit
25d565523c
@ -21,7 +21,7 @@ diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/doveco
|
|||||||
@@ -8,7 +8,8 @@
|
@@ -8,7 +8,8 @@
|
||||||
Description=Dovecot IMAP/POP3 email server
|
Description=Dovecot IMAP/POP3 email server
|
||||||
Documentation=man:dovecot(1)
|
Documentation=man:dovecot(1)
|
||||||
Documentation=http://wiki2.dovecot.org/
|
Documentation=https://doc.dovecot.org/
|
||||||
-After=local-fs.target network-online.target
|
-After=local-fs.target network-online.target
|
||||||
+After=local-fs.target network-online.target dovecot-init.service
|
+After=local-fs.target network-online.target dovecot-init.service
|
||||||
+Requires=dovecot-init.service
|
+Requires=dovecot-init.service
|
||||||
|
@ -1,36 +0,0 @@
|
|||||||
diff -up dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec dovecot-2.3.13/src/lib/test-time-util.c
|
|
||||||
--- dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec 2021-01-06 11:27:06.793315308 +0100
|
|
||||||
+++ dovecot-2.3.13/src/lib/test-time-util.c 2021-01-06 11:27:06.815315088 +0100
|
|
||||||
@@ -358,7 +358,7 @@ static void test_str_to_timeval(void)
|
|
||||||
{
|
|
||||||
struct {
|
|
||||||
const char *str;
|
|
||||||
- unsigned int tv_sec, tv_usec;
|
|
||||||
+ long int tv_sec, tv_usec;
|
|
||||||
} tests[] = {
|
|
||||||
{ "0", 0, 0 },
|
|
||||||
{ "0.0", 0, 0 },
|
|
||||||
diff -up dovecot-2.3.13/src/lib/time-util.c.bigtvsec dovecot-2.3.13/src/lib/time-util.c
|
|
||||||
--- dovecot-2.3.13/src/lib/time-util.c.bigtvsec 2021-01-06 11:10:49.791094852 +0100
|
|
||||||
+++ dovecot-2.3.13/src/lib/time-util.c 2021-01-06 11:10:08.255501319 +0100
|
|
||||||
@@ -43,16 +43,16 @@ int timeval_cmp_margin(const struct time
|
|
||||||
|
|
||||||
if (tv1->tv_sec < tv2->tv_sec) {
|
|
||||||
sec_margin = ((int)usec_margin / 1000000) + 1;
|
|
||||||
- if ((tv2->tv_sec - tv1->tv_sec) > sec_margin)
|
|
||||||
+ if (((long long)tv2->tv_sec - tv1->tv_sec) > sec_margin)
|
|
||||||
return -1;
|
|
||||||
- usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL +
|
|
||||||
+ usecs_diff = ((long long)tv2->tv_sec - tv1->tv_sec) * 1000000LL +
|
|
||||||
(tv2->tv_usec - tv1->tv_usec);
|
|
||||||
ret = -1;
|
|
||||||
} else if (tv1->tv_sec > tv2->tv_sec) {
|
|
||||||
sec_margin = ((int)usec_margin / 1000000) + 1;
|
|
||||||
- if ((tv1->tv_sec - tv2->tv_sec) > sec_margin)
|
|
||||||
+ if (((long long)tv1->tv_sec - tv2->tv_sec) > sec_margin)
|
|
||||||
return 1;
|
|
||||||
- usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL +
|
|
||||||
+ usecs_diff = ((long long)tv1->tv_sec - tv2->tv_sec) * 1000000LL +
|
|
||||||
(tv1->tv_usec - tv2->tv_usec);
|
|
||||||
ret = 1;
|
|
||||||
} else if (tv1->tv_usec < tv2->tv_usec) {
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/auth/auth-token.c
|
diff -up dovecot-2.3.14/src/auth/auth-token.c.opensslhmac dovecot-2.3.14/src/auth/auth-token.c
|
||||||
--- dovecot-2.3.13/src/auth/auth-token.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/auth/auth-token.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/auth/auth-token.c 2021-03-22 18:44:06.946142422 +0100
|
+++ dovecot-2.3.14/src/auth/auth-token.c 2021-03-22 20:44:13.022912242 +0100
|
||||||
@@ -161,17 +161,17 @@ void auth_token_deinit(void)
|
@@ -161,17 +161,17 @@ void auth_token_deinit(void)
|
||||||
const char *auth_token_get(const char *service, const char *session_pid,
|
const char *auth_token_get(const char *service, const char *session_pid,
|
||||||
const char *username, const char *session_id)
|
const char *username, const char *session_id)
|
||||||
@ -26,9 +26,9 @@ diff -up dovecot-2.3.13/src/auth/auth-token.c.opensslhmac dovecot-2.3.13/src/aut
|
|||||||
|
|
||||||
return binary_to_hex(result, sizeof(result));
|
return binary_to_hex(result, sizeof(result));
|
||||||
}
|
}
|
||||||
diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/auth/mech-cram-md5.c
|
diff -up dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.14/src/auth/mech-cram-md5.c
|
||||||
--- dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/auth/mech-cram-md5.c 2021-03-22 18:44:06.946142422 +0100
|
+++ dovecot-2.3.14/src/auth/mech-cram-md5.c 2021-03-22 20:44:13.022912242 +0100
|
||||||
@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr
|
@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr
|
||||||
{
|
{
|
||||||
|
|
||||||
@ -52,9 +52,9 @@ diff -up dovecot-2.3.13/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.13/src/
|
|||||||
|
|
||||||
response_hex = binary_to_hex(digest, sizeof(digest));
|
response_hex = binary_to_hex(digest, sizeof(digest));
|
||||||
|
|
||||||
diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/auth/mech-scram.c
|
diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/auth/mech-scram.c
|
||||||
--- dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/auth/mech-scram.c 2021-03-22 18:44:06.946142422 +0100
|
+++ dovecot-2.3.14/src/auth/mech-scram.c 2021-03-22 20:44:13.022912242 +0100
|
||||||
@@ -78,7 +78,7 @@ static const char *get_scram_server_firs
|
@@ -78,7 +78,7 @@ static const char *get_scram_server_firs
|
||||||
static const char *get_scram_server_final(struct scram_auth_request *request)
|
static const char *get_scram_server_final(struct scram_auth_request *request)
|
||||||
{
|
{
|
||||||
@ -99,9 +99,9 @@ diff -up dovecot-2.3.13/src/auth/mech-scram.c.opensslhmac dovecot-2.3.13/src/aut
|
|||||||
|
|
||||||
const unsigned char *proof_data = request->proof->data;
|
const unsigned char *proof_data = request->proof->data;
|
||||||
for (i = 0; i < sizeof(client_signature); i++)
|
for (i = 0; i < sizeof(client_signature); i++)
|
||||||
diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme.c
|
diff -up dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme.c
|
||||||
--- dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/auth/password-scheme.c 2021-03-22 18:44:06.947142409 +0100
|
+++ dovecot-2.3.14/src/auth/password-scheme.c 2021-03-22 20:44:13.022912242 +0100
|
||||||
@@ -639,11 +639,11 @@ static void
|
@@ -639,11 +639,11 @@ static void
|
||||||
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||||
const unsigned char **raw_password_r, size_t *size_r)
|
const unsigned char **raw_password_r, size_t *size_r)
|
||||||
@ -116,9 +116,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme.c.opensslhmac dovecot-2.3.13/sr
|
|||||||
strlen(plaintext), &hash_method_md5);
|
strlen(plaintext), &hash_method_md5);
|
||||||
hmac_md5_get_cram_context(&ctx, context_digest);
|
hmac_md5_get_cram_context(&ctx, context_digest);
|
||||||
|
|
||||||
diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.13/src/auth/password-scheme-scram.c
|
diff -up dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme-scram.c
|
||||||
--- dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/auth/password-scheme-scram.c 2021-03-22 18:44:06.947142409 +0100
|
+++ dovecot-2.3.14/src/auth/password-scheme-scram.c 2021-03-22 20:44:13.023912229 +0100
|
||||||
@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co
|
@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co
|
||||||
const unsigned char *salt, size_t salt_size, unsigned int i,
|
const unsigned char *salt, size_t salt_size, unsigned int i,
|
||||||
unsigned char *result)
|
unsigned char *result)
|
||||||
@ -208,9 +208,9 @@ diff -up dovecot-2.3.13/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3
|
|||||||
str_append_c(str, ',');
|
str_append_c(str, ',');
|
||||||
base64_encode(server_key, sizeof(server_key), str);
|
base64_encode(server_key, sizeof(server_key), str);
|
||||||
|
|
||||||
diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c
|
diff -up dovecot-2.3.14/src/lib/hmac.c.opensslhmac dovecot-2.3.14/src/lib/hmac.c
|
||||||
--- dovecot-2.3.13/src/lib/hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/lib/hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/lib/hmac.c 2021-03-22 18:44:06.947142409 +0100
|
+++ dovecot-2.3.14/src/lib/hmac.c 2021-03-22 20:44:13.023912229 +0100
|
||||||
@@ -7,6 +7,10 @@
|
@@ -7,6 +7,10 @@
|
||||||
* This software is released under the MIT license.
|
* This software is released under the MIT license.
|
||||||
*/
|
*/
|
||||||
@ -287,11 +287,11 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c
|
|||||||
+ }
|
+ }
|
||||||
+ i_assert(no_fips);
|
+ i_assert(no_fips);
|
||||||
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||||
int i;
|
unsigned int i;
|
||||||
unsigned char k_ipad[64];
|
unsigned char k_ipad[meth->block_size];
|
||||||
unsigned char k_opad[64];
|
unsigned char k_opad[meth->block_size];
|
||||||
@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx
|
@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx
|
||||||
safe_memset(k_opad, 0, 64);
|
safe_memset(k_opad, 0, meth->block_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
-void hmac_final(struct hmac_context *_ctx, unsigned char *digest)
|
-void hmac_final(struct hmac_context *_ctx, unsigned char *digest)
|
||||||
@ -448,9 +448,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.c.opensslhmac dovecot-2.3.13/src/lib/hmac.c
|
|||||||
- safe_memset(prk, 0, sizeof(prk));
|
- safe_memset(prk, 0, sizeof(prk));
|
||||||
- safe_memset(okm, 0, sizeof(okm));
|
- safe_memset(okm, 0, sizeof(okm));
|
||||||
}
|
}
|
||||||
diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.c
|
diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.c
|
||||||
--- dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/lib/hmac-cram-md5.c 2021-03-22 18:44:06.947142409 +0100
|
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.c 2021-03-22 20:44:13.023912229 +0100
|
||||||
@@ -9,10 +9,10 @@
|
@@ -9,10 +9,10 @@
|
||||||
#include "md5.h"
|
#include "md5.h"
|
||||||
#include "hmac-cram-md5.h"
|
#include "hmac-cram-md5.h"
|
||||||
@ -477,9 +477,9 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.13/src/l
|
|||||||
const unsigned char *cdp;
|
const unsigned char *cdp;
|
||||||
|
|
||||||
struct md5_context *ctx = (void*)hmac_ctx->ctx;
|
struct md5_context *ctx = (void*)hmac_ctx->ctx;
|
||||||
diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/lib/hmac-cram-md5.h
|
diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.h
|
||||||
--- dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/lib/hmac-cram-md5.h 2021-03-22 18:44:06.947142409 +0100
|
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.h 2021-03-22 20:44:13.023912229 +0100
|
||||||
@@ -5,9 +5,9 @@
|
@@ -5,9 +5,9 @@
|
||||||
|
|
||||||
#define CRAM_MD5_CONTEXTLEN 32
|
#define CRAM_MD5_CONTEXTLEN 32
|
||||||
@ -492,19 +492,19 @@ diff -up dovecot-2.3.13/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.13/src/l
|
|||||||
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
|
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
|
||||||
|
|
||||||
|
|
||||||
diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h
|
diff -up dovecot-2.3.14/src/lib/hmac.h.opensslhmac dovecot-2.3.14/src/lib/hmac.h
|
||||||
--- dovecot-2.3.13/src/lib/hmac.h.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/lib/hmac.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/lib/hmac.h 2021-03-22 18:44:06.947142409 +0100
|
+++ dovecot-2.3.14/src/lib/hmac.h 2021-03-22 20:44:13.023912229 +0100
|
||||||
@@ -3,60 +3,97 @@
|
@@ -4,60 +4,97 @@
|
||||||
|
|
||||||
#include "hash-method.h"
|
#include "hash-method.h"
|
||||||
#include "sha1.h"
|
#include "sha1.h"
|
||||||
|
#include "sha2.h"
|
||||||
+#include <openssl/objects.h>
|
+#include <openssl/objects.h>
|
||||||
+#include <openssl/hmac.h>
|
+#include <openssl/hmac.h>
|
||||||
+#include <openssl/kdf.h>
|
+#include <openssl/kdf.h>
|
||||||
+#include <openssl/err.h>
|
+#include <openssl/err.h>
|
||||||
|
|
||||||
#define HMAC_MAX_CONTEXT_SIZE 256
|
#define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx)
|
||||||
|
|
||||||
-struct hmac_context_priv {
|
-struct hmac_context_priv {
|
||||||
+struct openssl_hmac_context_priv {
|
+struct openssl_hmac_context_priv {
|
||||||
@ -606,9 +606,9 @@ diff -up dovecot-2.3.13/src/lib/hmac.h.opensslhmac dovecot-2.3.13/src/lib/hmac.h
|
|||||||
okm_buffer, okm_len);
|
okm_buffer, okm_len);
|
||||||
return okm_buffer;
|
return okm_buffer;
|
||||||
}
|
}
|
||||||
diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c
|
diff -up dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c
|
||||||
--- dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 18:44:06.948142396 +0100
|
+++ dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 20:44:13.023912229 +0100
|
||||||
@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha
|
@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha
|
||||||
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
|
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
|
||||||
size_t *token_len_r)
|
size_t *token_len_r)
|
||||||
@ -629,9 +629,9 @@ diff -up dovecot-2.3.13/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-
|
|||||||
|
|
||||||
*token_len_r = SHA1_RESULTLEN + 1;
|
*token_len_r = SHA1_RESULTLEN + 1;
|
||||||
return token;
|
return token;
|
||||||
diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/Makefile.am
|
diff -up dovecot-2.3.14/src/lib/Makefile.am.opensslhmac dovecot-2.3.14/src/lib/Makefile.am
|
||||||
--- dovecot-2.3.13/src/lib/Makefile.am.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/lib/Makefile.am.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/lib/Makefile.am 2021-03-22 18:44:06.948142396 +0100
|
+++ dovecot-2.3.14/src/lib/Makefile.am 2021-03-22 20:44:13.023912229 +0100
|
||||||
@@ -352,6 +352,9 @@ headers = \
|
@@ -352,6 +352,9 @@ headers = \
|
||||||
wildcard-match.h \
|
wildcard-match.h \
|
||||||
write-full.h
|
write-full.h
|
||||||
@ -642,13 +642,13 @@ diff -up dovecot-2.3.13/src/lib/Makefile.am.opensslhmac dovecot-2.3.13/src/lib/M
|
|||||||
test_programs = test-lib
|
test_programs = test-lib
|
||||||
noinst_PROGRAMS = $(test_programs)
|
noinst_PROGRAMS = $(test_programs)
|
||||||
|
|
||||||
diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c
|
diff -up dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c
|
||||||
--- dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-22 18:46:42.645100171 +0100
|
--- dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c 2021-03-22 18:46:42.657100014 +0100
|
+++ dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c 2021-03-22 20:44:13.024912217 +0100
|
||||||
@@ -96,14 +96,14 @@ static int oauth2_validate_hmac(const st
|
@@ -106,14 +106,14 @@ oauth2_validate_hmac(const struct oauth2
|
||||||
const buffer_t *key;
|
|
||||||
if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0)
|
if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
- struct hmac_context ctx;
|
- struct hmac_context ctx;
|
||||||
- hmac_init(&ctx, key->data, key->used, method);
|
- hmac_init(&ctx, key->data, key->used, method);
|
||||||
- hmac_update(&ctx, blobs[0], strlen(blobs[0]));
|
- hmac_update(&ctx, blobs[0], strlen(blobs[0]));
|
||||||
@ -666,10 +666,10 @@ diff -up dovecot-2.3.13/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.13/s
|
|||||||
|
|
||||||
buffer_t *their_digest =
|
buffer_t *their_digest =
|
||||||
t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]);
|
t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]);
|
||||||
diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c
|
diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c
|
||||||
--- dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 18:44:06.948142396 +0100
|
+++ dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 20:46:09.524440794 +0100
|
||||||
@@ -219,7 +219,7 @@ static void save_key_to(const char *algo
|
@@ -236,7 +236,7 @@ static void save_key_to(const char *algo
|
||||||
static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key)
|
static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key)
|
||||||
{
|
{
|
||||||
i_assert(key != NULL);
|
i_assert(key != NULL);
|
||||||
@ -678,9 +678,27 @@ diff -up dovecot-2.3.13/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3
|
|||||||
tokenbuf);
|
tokenbuf);
|
||||||
buffer_append(tokenbuf, ".", 1);
|
buffer_append(tokenbuf, ".", 1);
|
||||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||||
diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5.c
|
@@ -246,7 +246,7 @@ static void sign_jwt_token_hs256(buffer_
|
||||||
--- dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key)
|
||||||
+++ dovecot-2.3.13/src/lib/pkcs5.c 2021-03-22 18:44:06.948142396 +0100
|
{
|
||||||
|
i_assert(key != NULL);
|
||||||
|
- buffer_t *sig = t_hmac_buffer(&hash_method_sha384, key->data, key->used,
|
||||||
|
+ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha384, key->data, key->used,
|
||||||
|
tokenbuf);
|
||||||
|
buffer_append(tokenbuf, ".", 1);
|
||||||
|
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||||
|
@@ -256,7 +256,7 @@ static void sign_jwt_token_hs384(buffer_
|
||||||
|
static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key)
|
||||||
|
{
|
||||||
|
i_assert(key != NULL);
|
||||||
|
- buffer_t *sig = t_hmac_buffer(&hash_method_sha512, key->data, key->used,
|
||||||
|
+ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha512, key->data, key->used,
|
||||||
|
tokenbuf);
|
||||||
|
buffer_append(tokenbuf, ".", 1);
|
||||||
|
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||||
|
diff -up dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac dovecot-2.3.14/src/lib/pkcs5.c
|
||||||
|
--- dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
|
+++ dovecot-2.3.14/src/lib/pkcs5.c 2021-03-22 20:44:13.024912217 +0100
|
||||||
@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho
|
@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho
|
||||||
size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
|
size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
|
||||||
unsigned char dk[l * hash->digest_size];
|
unsigned char dk[l * hash->digest_size];
|
||||||
@ -715,10 +733,10 @@ diff -up dovecot-2.3.13/src/lib/pkcs5.c.opensslhmac dovecot-2.3.13/src/lib/pkcs5
|
|||||||
for(i = 0; i < hash->digest_size; i++)
|
for(i = 0; i < hash->digest_size; i++)
|
||||||
block[i] ^= U_c[i];
|
block[i] ^= U_c[i];
|
||||||
}
|
}
|
||||||
diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/test-hmac.c
|
diff -up dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac dovecot-2.3.14/src/lib/test-hmac.c
|
||||||
--- dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac 2020-12-22 14:26:52.000000000 +0100
|
--- dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||||
+++ dovecot-2.3.13/src/lib/test-hmac.c 2021-03-22 18:44:06.948142396 +0100
|
+++ dovecot-2.3.14/src/lib/test-hmac.c 2021-03-22 20:44:13.024912217 +0100
|
||||||
@@ -112,11 +112,11 @@ static void test_hmac_rfc(void)
|
@@ -206,11 +206,11 @@ static void test_hmac_rfc(void)
|
||||||
test_begin("hmac sha256 rfc4231 vectors");
|
test_begin("hmac sha256 rfc4231 vectors");
|
||||||
for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) {
|
for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) {
|
||||||
const struct test_vector *vec = &(test_vectors[i]);
|
const struct test_vector *vec = &(test_vectors[i]);
|
||||||
@ -734,7 +752,39 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t
|
|||||||
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
|
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
|
||||||
}
|
}
|
||||||
test_end();
|
test_end();
|
||||||
@@ -129,7 +129,7 @@ static void test_hmac_buffer(void)
|
@@ -221,11 +221,11 @@ static void test_hmac384_rfc(void)
|
||||||
|
test_begin("hmac sha384 rfc4231 vectors");
|
||||||
|
for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac384); i++) {
|
||||||
|
const struct test_vector *vec = &(test_vectors_hmac384[i]);
|
||||||
|
- struct hmac_context ctx;
|
||||||
|
- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
||||||
|
- hmac_update(&ctx, vec->data, vec->data_len);
|
||||||
|
+ struct openssl_hmac_context ctx;
|
||||||
|
+ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
||||||
|
+ openssl_hmac_update(&ctx, vec->data, vec->data_len);
|
||||||
|
unsigned char res[SHA384_RESULTLEN];
|
||||||
|
- hmac_final(&ctx, res);
|
||||||
|
+ openssl_hmac_final(&ctx, res);
|
||||||
|
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
|
||||||
|
}
|
||||||
|
test_end();
|
||||||
|
@@ -236,11 +236,11 @@ static void test_hmac512_rfc(void)
|
||||||
|
test_begin("hmac sha512 rfc4231 vectors");
|
||||||
|
for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac512); i++) {
|
||||||
|
const struct test_vector *vec = &(test_vectors_hmac512[i]);
|
||||||
|
- struct hmac_context ctx;
|
||||||
|
- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
||||||
|
- hmac_update(&ctx, vec->data, vec->data_len);
|
||||||
|
+ struct openssl_hmac_context ctx;
|
||||||
|
+ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
||||||
|
+ openssl_hmac_update(&ctx, vec->data, vec->data_len);
|
||||||
|
unsigned char res[SHA512_RESULTLEN];
|
||||||
|
- hmac_final(&ctx, res);
|
||||||
|
+ openssl_hmac_final(&ctx, res);
|
||||||
|
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
|
||||||
|
}
|
||||||
|
test_end();
|
||||||
|
@@ -253,7 +253,7 @@ static void test_hmac_buffer(void)
|
||||||
|
|
||||||
buffer_t *tmp;
|
buffer_t *tmp;
|
||||||
|
|
||||||
@ -743,7 +793,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t
|
|||||||
vec->data, vec->data_len);
|
vec->data, vec->data_len);
|
||||||
|
|
||||||
test_assert(tmp->used == vec->res_len &&
|
test_assert(tmp->used == vec->res_len &&
|
||||||
@@ -146,7 +146,7 @@ static void test_hkdf_rfc(void)
|
@@ -270,7 +270,7 @@ static void test_hkdf_rfc(void)
|
||||||
buffer_set_used_size(res, 0);
|
buffer_set_used_size(res, 0);
|
||||||
const struct test_vector_5869 *vec = &(test_vectors_5869[i]);
|
const struct test_vector_5869 *vec = &(test_vectors_5869[i]);
|
||||||
const struct hash_method *m = hash_method_lookup(vec->prf);
|
const struct hash_method *m = hash_method_lookup(vec->prf);
|
||||||
@ -752,7 +802,7 @@ diff -up dovecot-2.3.13/src/lib/test-hmac.c.opensslhmac dovecot-2.3.13/src/lib/t
|
|||||||
vec->info, vec->info_len, res, vec->okm_len);
|
vec->info, vec->info_len, res, vec->okm_len);
|
||||||
test_assert_idx(memcmp(res->data, vec->okm, vec->okm_len) == 0, i);
|
test_assert_idx(memcmp(res->data, vec->okm, vec->okm_len) == 0, i);
|
||||||
}
|
}
|
||||||
@@ -159,7 +159,7 @@ static void test_hkdf_buffer(void)
|
@@ -283,7 +283,7 @@ static void test_hkdf_buffer(void)
|
||||||
test_begin("hkdf temporary buffer");
|
test_begin("hkdf temporary buffer");
|
||||||
const struct test_vector_5869 *vec = &(test_vectors_5869[0]);
|
const struct test_vector_5869 *vec = &(test_vectors_5869[0]);
|
||||||
const struct hash_method *m = hash_method_lookup(vec->prf);
|
const struct hash_method *m = hash_method_lookup(vec->prf);
|
||||||
|
21
dovecot.spec
21
dovecot.spec
@ -3,9 +3,9 @@
|
|||||||
Summary: Secure imap and pop3 server
|
Summary: Secure imap and pop3 server
|
||||||
Name: dovecot
|
Name: dovecot
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.3.13
|
Version: 2.3.14
|
||||||
%global prever %{nil}
|
%global prever %{nil}
|
||||||
Release: 7%{?dist}
|
Release: 1%{?dist}
|
||||||
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
|
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
|
||||||
License: MIT and LGPLv2
|
License: MIT and LGPLv2
|
||||||
|
|
||||||
@ -13,7 +13,7 @@ URL: http://www.dovecot.org/
|
|||||||
Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
|
Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
|
||||||
Source1: dovecot.init
|
Source1: dovecot.init
|
||||||
Source2: dovecot.pam
|
Source2: dovecot.pam
|
||||||
%global pigeonholever 0.5.13
|
%global pigeonholever 0.5.14
|
||||||
Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
|
Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
|
||||||
Source9: dovecot.sysconfig
|
Source9: dovecot.sysconfig
|
||||||
Source10: dovecot.tmpfilesd
|
Source10: dovecot.tmpfilesd
|
||||||
@ -33,12 +33,11 @@ Patch8: dovecot-2.2.20-initbysystemd.patch
|
|||||||
Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
|
Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
|
||||||
Patch10: dovecot-2.3.0.1-libxcrypt.patch
|
Patch10: dovecot-2.3.0.1-libxcrypt.patch
|
||||||
Patch15: dovecot-2.3.11-bigkey.patch
|
Patch15: dovecot-2.3.11-bigkey.patch
|
||||||
Patch16: dovecot-2.3.13-bigtvsec.patch
|
|
||||||
|
|
||||||
# do not use own implementation of HMAC, use OpenSSL for certification purposes
|
# do not use own implementation of HMAC, use OpenSSL for certification purposes
|
||||||
# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces
|
# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces
|
||||||
# hard to break circular dependency between lib and lib-dcrypt
|
# hard to break circular dependency between lib and lib-dcrypt
|
||||||
Patch17: dovecot-2.3.6-opensslhmac.patch
|
Patch16: dovecot-2.3.6-opensslhmac.patch
|
||||||
|
|
||||||
Source15: prestartscript
|
Source15: prestartscript
|
||||||
|
|
||||||
@ -127,8 +126,7 @@ This package provides the development files for dovecot.
|
|||||||
%patch8 -p1 -b .initbysystemd
|
%patch8 -p1 -b .initbysystemd
|
||||||
%patch9 -p1 -b .systemd_w_protectsystem
|
%patch9 -p1 -b .systemd_w_protectsystem
|
||||||
%patch15 -p1 -b .bigkey
|
%patch15 -p1 -b .bigkey
|
||||||
%patch16 -p1 -b .bigtvsec
|
%patch16 -p1 -b .opensslhmac
|
||||||
%patch17 -p1 -b .opensslhmac
|
|
||||||
|
|
||||||
#pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
#pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
||||||
#popd
|
#popd
|
||||||
@ -333,6 +331,7 @@ make check
|
|||||||
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-logging.conf
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-logging.conf
|
||||||
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-mail.conf
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-mail.conf
|
||||||
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-master.conf
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-master.conf
|
||||||
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-metrics.conf
|
||||||
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-ssl.conf
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-ssl.conf
|
||||||
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-lda.conf
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-lda.conf
|
||||||
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-mailboxes.conf
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-mailboxes.conf
|
||||||
@ -352,7 +351,6 @@ make check
|
|||||||
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext
|
||||||
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext
|
||||||
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext
|
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext
|
||||||
|
|
||||||
%config(noreplace) %{_sysconfdir}/pam.d/dovecot
|
%config(noreplace) %{_sysconfdir}/pam.d/dovecot
|
||||||
%config(noreplace) %{ssldir}/dovecot-openssl.cnf
|
%config(noreplace) %{ssldir}/dovecot-openssl.cnf
|
||||||
|
|
||||||
@ -454,6 +452,13 @@ make check
|
|||||||
%{_libdir}/%{name}/dict/libdriver_pgsql.so
|
%{_libdir}/%{name}/dict/libdriver_pgsql.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-1
|
||||||
|
- dovecot updated to 2.3.14, pigeonhole to 0.5.14
|
||||||
|
- use OpenSSL's implementation of HMAC
|
||||||
|
- Remove autocreate, expire, snarf and mail-filter plugins.
|
||||||
|
- Remove cydir storage driver.
|
||||||
|
- Remove XZ/LZMA write support. Read support will be removed in future release.
|
||||||
|
|
||||||
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7
|
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7
|
||||||
- rebuild for libpq ABI fix rhbz#1908268
|
- rebuild for libpq ABI fix rhbz#1908268
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (dovecot-2.3.13.tar.gz) = 758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95
|
SHA512 (dovecot-2.3.14.tar.gz) = 69df234cb739c7ee7ae3acfb9756bc22481e94c95463d32bfac315c7ec4b1ba0dfbff552b769f2ab7ee554087ca2ebbe331aa008d3af26417016612dc7cad103
|
||||||
SHA512 (dovecot-2.3-pigeonhole-0.5.13.tar.gz) = fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3
|
SHA512 (dovecot-2.3-pigeonhole-0.5.14.tar.gz) = c5d5d309769eabe2c0971646d0c14d166b6b524acf59e1069eca803f764544fa2535c09c9a630ca706aa70442b688ee26af831d29e674823bac7ea7c0e1f33cc
|
||||||
|
Loading…
Reference in New Issue
Block a user