From b7a5210a80f05801b0fea9169010729abab70403 Mon Sep 17 00:00:00 2001
From: Michal Hlavinka <mhlavink@redhat.com>
Date: Mon, 27 Sep 2021 20:04:59 +0200
Subject: [PATCH] fix OpenSSLv3 issues 2005884

---
 dovecot-2.3.14-opensslv3.patch | 34 ++++++++++++++++++++++++++++++++++
 dovecot.spec                   |  7 ++++++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 dovecot-2.3.14-opensslv3.patch

diff --git a/dovecot-2.3.14-opensslv3.patch b/dovecot-2.3.14-opensslv3.patch
new file mode 100644
index 0000000..fa6c44f
--- /dev/null
+++ b/dovecot-2.3.14-opensslv3.patch
@@ -0,0 +1,34 @@
+diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c
+--- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3	2021-06-03 18:56:52.573174433 +0200
++++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c	2021-06-03 18:56:52.585174274 +0200
+@@ -73,10 +73,30 @@
+   2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id
+ **/
+ 
++#if OPENSSL_VERSION_MAJOR == 3
++static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key)
++{
++  EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
++  EVP_PKEY_set1_EC_KEY(key, eck);
++  EC_KEY_free(eck);
++  return eck;
++}
++
++static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key)
++{
++  EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
++  EVP_PKEY_set1_EC_KEY(key, eck);
++  return eck;
++}
++
++#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3 
++#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3
++#else
+ #ifndef HAVE_EVP_PKEY_get0
+ #define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec
+ #define EVP_PKEY_get0_RSA(x) x->pkey.rsa
+ #endif
++#endif
+ 
+ #ifndef HAVE_OBJ_LENGTH
+ #define OBJ_length(o) ((o)->length)
diff --git a/dovecot.spec b/dovecot.spec
index bf0e87c..f10ae50 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -10,7 +10,7 @@ Name: dovecot
 Epoch: 1
 Version: 2.3.16
 %global prever %{nil}
-Release: 2%{?dist}
+Release: 3%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
 License: MIT and LGPLv2
 
@@ -48,6 +48,7 @@ Patch16: dovecot-2.3.6-opensslhmac.patch
 Patch17: dovecot-2.3.15-fixvalcond.patch
 Patch18: dovecot-2.3.15-valbasherr.patch
 Patch19: dovecot-2.3.16-ftbfsbigend.patch
+Patch20: dovecot-2.3.14-opensslv3.patch
 
 Source15: prestartscript
 
@@ -145,6 +146,7 @@ This package provides the development files for dovecot.
 %patch17 -p1 -b .fixvalcond
 %patch18 -p1 -b .valbasherr
 %patch19 -p1 -b .ftbfsbigend
+%patch20 -p1 -b .opensslv3
 cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/
 # valgrind would fail with shell wrapper
 echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude
@@ -470,6 +472,9 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 
 %changelog
+* Mon Sep 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
+- fix OpenSSLv3 issues 2005884
+
 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:2.3.16-2
 - Rebuilt with OpenSSL 3.0.0