opt/dovecot/dovecot-2.3.21-openssl3_fixes-1.patch

Submitted By:            Douglas R. Reno <renodr at linuxfromscratch dot org>
Date:                    2022-02-12
Initial Package Version: 2.3.18
Upstream Status:         Not Applied
Origin:                  Red Hat (https://bugzilla-attachments.redhat.com/attachment.cgi?id=1788877)
Description:             Fixes a runtime issue with OpenSSL-3 when exchanging
                         certificates with another system during the initial
                         connection phase by implementing OpenSSL-3 compatible
                         versions of the EVP_PKEY_get0_EC_KEY and
                         EVP_PKEY_get1_EC_KEY functions.

diff -Naurp dovecot-2.3.18.orig/src/lib-dcrypt/dcrypt-openssl.c dovecot-2.3.18/src/lib-dcrypt/dcrypt-openssl.c
--- dovecot-2.3.18.orig/src/lib-dcrypt/dcrypt-openssl.c	2022-02-02 05:42:23.000000000 -0600
+++ dovecot-2.3.18/src/lib-dcrypt/dcrypt-openssl.c	2022-02-12 21:20:13.766911113 -0600
@@ -73,10 +73,30 @@
   2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id
 **/
 
+#if OPENSSL_VERSION_MAJOR == 3
+static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key)
+{
+   EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
+   EVP_PKEY_set1_EC_KEY(key, eck);
+   EC_KEY_free(eck);
+   return eck;
+}
+
+static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key)
+{
+   EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
+   EVP_PKEY_set1_EC_KEY(key, eck);
+   return eck;
+}
+
+#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3
+#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3
+#else
 #ifndef HAVE_EVP_PKEY_get0
 #define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec
 #define EVP_PKEY_get0_RSA(x) x->pkey.rsa
 #endif
+#endif
 
 #ifndef HAVE_OBJ_LENGTH
 #define OBJ_length(o) ((o)->length)
dovecot: added optional dependencies; added security patches; set correct rundir; enable sqlite and libtirpc by default (#8) Hi Jürgen, this is a bit bigger and if you are not opposed, I'll continue with openldap/krb5 👼 1. Included a few security patches 2. Add support for a bunch of optional dependencies 3. set the correct rundir with `configure` 4. Enables the use of core/libtirpc and core/libcap by default I have been running this in a productive environment and it works great (e.g. ldap support, argon password hashes and postgres backend). If you agree to the changes, a squash commit via gitea ui will suffice 😄 Thanks! Reviewed-on: https://git.crux.nu/ports/opt/pulls/8 Co-authored-by: Tim Biermann <tbier@posteo.de> Co-committed-by: Tim Biermann <tbier@posteo.de> 2024-08-05 10:50:13 +02:00			`Submitted By: Douglas R. Reno <renodr at linuxfromscratch dot org>`
			`Date: 2022-02-12`
			`Initial Package Version: 2.3.18`
			`Upstream Status: Not Applied`
			`Origin: Red Hat (https://bugzilla-attachments.redhat.com/attachment.cgi?id=1788877)`
			`Description: Fixes a runtime issue with OpenSSL-3 when exchanging`
			`certificates with another system during the initial`
			`connection phase by implementing OpenSSL-3 compatible`
			`versions of the EVP_PKEY_get0_EC_KEY and`
			`EVP_PKEY_get1_EC_KEY functions.`

			`diff -Naurp dovecot-2.3.18.orig/src/lib-dcrypt/dcrypt-openssl.c dovecot-2.3.18/src/lib-dcrypt/dcrypt-openssl.c`
			`--- dovecot-2.3.18.orig/src/lib-dcrypt/dcrypt-openssl.c 2022-02-02 05:42:23.000000000 -0600`
			`+++ dovecot-2.3.18/src/lib-dcrypt/dcrypt-openssl.c 2022-02-12 21:20:13.766911113 -0600`
			`@@ -73,10 +73,30 @@`
			`2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id`
			`**/`

			`+#if OPENSSL_VERSION_MAJOR == 3`
			`+static EC_KEY EVP_PKEY_get0_EC_KEYv3(EVP_PKEY key)`
			`+{`
			`+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);`
			`+ EVP_PKEY_set1_EC_KEY(key, eck);`
			`+ EC_KEY_free(eck);`
			`+ return eck;`
			`+}`
			`+`
			`+static EC_KEY EVP_PKEY_get1_EC_KEYv3(EVP_PKEY key)`
			`+{`
			`+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);`
			`+ EVP_PKEY_set1_EC_KEY(key, eck);`
			`+ return eck;`
			`+}`
			`+`
			`+#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3`
			`+#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3`
			`+#else`
			`#ifndef HAVE_EVP_PKEY_get0`
			`#define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec`
			`#define EVP_PKEY_get0_RSA(x) x->pkey.rsa`
			`#endif`
			`+#endif`

			`#ifndef HAVE_OBJ_LENGTH`
			`#define OBJ_length(o) ((o)->length)`