Accepting request 1328881 from server:mail

Forwarded request #1328735 from frispete

- dovecot will not compile with older gcc's. Force a newer one.

OBS-URL: https://build.opensuse.org/request/show/1328881
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot24?expand=0&rev=15

0001-auth-Fix-dashes-to-underscores-in-driver-names-in-fi.patch

@@ -0,0 +1,75 @@
+From d8e6aeb7c11d9d41ddc5f1058571e694e724b114 Mon Sep 17 00:00:00 2001
+From: Marco Bettini <marco.bettini@open-xchange.com>
+Date: Wed, 26 Nov 2025 17:35:58 +0000
+Subject: [PATCH 1/4] auth: Fix dashes to underscores in driver names in
+ filters
+
+Tbis is required specifically for passwd-file driver defaults to be properly picked up
+under the filter name passdb_passwd_filter, instead than passdb_passwd-filter
+---
+ src/auth/auth-common.h  | 5 +++++
+ src/auth/auth-request.c | 4 ++--
+ src/auth/auth.c         | 4 ++--
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/auth/auth-common.h b/src/auth/auth-common.h
+index f6b6aa9446..62e662f737 100644
+--- a/src/auth/auth-common.h
++++ b/src/auth/auth-common.h
+@@ -15,4 +15,9 @@ void auth_refresh_proctitle(void);
+ void auth_worker_refresh_proctitle(const char *state);
+ void auth_module_load(const char *name);
+ 
++static inline const char *auth_driver_filter(const char *prefix, const char *driver)
++{
++	return t_strconcat(prefix, "_", t_str_replace(driver, '-', '_'), NULL);
++}
++
+ #endif
+diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
+index 7af85e935c..d57fc4d16e 100644
+--- a/src/auth/auth-request.c
++++ b/src/auth/auth-request.c
+@@ -632,7 +632,7 @@ void auth_request_passdb_lookup_begin(struct auth_request *request)
+ 	const char *passdb_driver = request->passdb->passdb->iface.name;
+ 	event_add_str(event, "passdb_driver", passdb_driver);
+ 	settings_event_add_filter_name(event,
+-		t_strconcat("passdb_", passdb_driver, NULL));
++		auth_driver_filter("passdb", passdb_driver));
+ 	settings_event_add_list_filter_name(event, "passdb",
+ 					    request->passdb->name);
+ 	event_set_log_prefix_callback(event, FALSE,
+@@ -702,7 +702,7 @@ void auth_request_userdb_lookup_begin(struct auth_request *request)
+ 	const char *userdb_driver = request->userdb->userdb->iface->name;
+ 	event_add_str(event, "userdb_driver", userdb_driver);
+ 	settings_event_add_filter_name(event,
+-		t_strconcat("userdb_", userdb_driver, NULL));
++		auth_driver_filter("userdb", userdb_driver));
+ 	settings_event_add_list_filter_name(event, "userdb",
+ 					    request->userdb->name);
+ 	event_set_log_prefix_callback(event, FALSE,
+diff --git a/src/auth/auth.c b/src/auth/auth.c
+index 3486b4c18e..3892ac698a 100644
+--- a/src/auth/auth.c
++++ b/src/auth/auth.c
+@@ -83,7 +83,7 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *_set,
+ 	event_add_str(event, "protocol", auth->protocol);
+ 	event_add_str(event, "passdb", _set->name);
+ 	settings_event_add_filter_name(event,
+-		t_strconcat("passdb_", _set->driver, NULL));
++		auth_driver_filter("passdb", _set->driver));
+ 	settings_event_add_list_filter_name(event, "passdb", _set->name);
+ 	set = settings_get_or_fatal(event, &auth_passdb_setting_parser_info);
+ 
+@@ -155,7 +155,7 @@ auth_userdb_preinit(struct auth *auth, const struct auth_userdb_settings *_set)
+ 	event_add_str(event, "protocol", auth->protocol);
+ 	event_add_str(event, "userdb", _set->name);
+ 	settings_event_add_filter_name(event,
+-		t_strconcat("userdb_", _set->driver, NULL));
++		auth_driver_filter("userdb", _set->driver));
+ 	settings_event_add_list_filter_name(event, "userdb", _set->name);
+ 	if (_set == &userdb_dummy_set) {
+ 		/* If this is the dummy set do not try to lookup settings. */
+-- 
+2.52.0
+

0001-lib-regex-Separate-maximum-capture-groups-and-match-.patch

@@ -0,0 +1,56 @@
+From d96c98e08ca0d445bd46192829685fbeaf4014d1 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Mon, 22 Dec 2025 11:04:16 +0200
+Subject: [PATCH 1/3] lib-regex: Separate maximum capture groups and match
+ limit
+
+These are not related.
+---
+ src/lib-regex/regex.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib-regex/regex.c b/src/lib-regex/regex.c
+index e402e6a49d..51e7d6c513 100644
+--- a/src/lib-regex/regex.c
++++ b/src/lib-regex/regex.c
+@@ -15,6 +15,7 @@
+ 
+ #define DREGEX_MAX_DEPTH 100
+ #define DREGEX_MAX_MATCHES 100
++#define DREGEX_MAX_CAPTURE_GROUPS 100
+ #define DREGEX_MAX_CPU_SECONDS 1
+ 
+ struct dregex_code {
+@@ -85,7 +86,7 @@ static void dregex_code_init(struct dregex_code *code)
+ #endif
+ 
+ 	/* Set some limits */
+-	pcre2_set_match_limit(code->mctx, code->max_capture_groups);
++	pcre2_set_match_limit(code->mctx, DREGEX_MAX_MATCHES);
+ 	pcre2_set_depth_limit(code->mctx, code->max_depth);
+ }
+ 
+@@ -104,7 +105,7 @@ struct dregex_code *dregex_code_create_params(const struct dregex_params *params
+ static const struct dregex_params default_params = {
+ 	.max_depth = DREGEX_MAX_DEPTH,
+ 	.max_cpu_seconds = DREGEX_MAX_CPU_SECONDS,
+-	.max_capture_groups = DREGEX_MAX_MATCHES,
++	.max_capture_groups = DREGEX_MAX_CAPTURE_GROUPS,
+ };
+ 
+ struct dregex_code *dregex_code_create(void)
+@@ -337,7 +338,10 @@ int dregex_code_match_groups(struct dregex_code *code, const char *subject,
+ 		pcre2_match_data *mdata =
+ 			pcre2_match_data_create_from_pattern(code->pat, code->gctx);
+ 		ret = dregex_code_match_int(code, subject, mdata, error_r);
+-		if (ret > 1) {
++		/* Avoid extracting way too many capture groups */
++		if (ret > (int)code->max_capture_groups + 1)
++			ret = handle_error(PCRE2_ERROR_TOO_MANY_CAPTURES, error_r);
++		else if (ret > 1) {
+ 			bool skip_empty = HAS_ALL_BITS(code->flags, DREGEX_NO_EMPTY_SUB);
+ 			/* ret is number of groups */
+ 			extract_matches((uint32_t)ret, mdata, skip_empty, groups_r);
+-- 
+2.52.0
+

0002-auth-Fix-crypt-CRYPT-in-passdb_passwd-passdb_ldap-de.patch

@@ -0,0 +1,55 @@
+From 929133d81dc5fb9e69640e67728b824098a1bbd3 Mon Sep 17 00:00:00 2001
+From: Marco Bettini <marco.bettini@open-xchange.com>
+Date: Tue, 16 Dec 2025 09:49:16 +0000
+Subject: [PATCH 2/4] auth: Fix crypt -> CRYPT in passdb_passwd, passdb_ldap
+ defaults for passdb_default_password_scheme
+
+---
+ src/auth/db-ldap-settings.c | 8 +++++++-
+ src/auth/passdb-passwd.c    | 8 +++++++-
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/src/auth/db-ldap-settings.c b/src/auth/db-ldap-settings.c
+index d91fd7f4ea..d9d31ff791 100644
+--- a/src/auth/db-ldap-settings.c
++++ b/src/auth/db-ldap-settings.c
+@@ -52,9 +52,15 @@ static const struct ldap_settings ldap_default_settings = {
+ };
+ 
+ static const struct setting_keyvalue ldap_default_settings_keyvalue[] = {
+-	{ "passdb_ldap/passdb_default_password_scheme", "crypt" },
+ 	{ "passdb_ldap/passdb_fields_import_all", "no" },
+ 	{ "userdb_ldap/userdb_fields_import_all", "no" },
++
++	/* This now now the same as the default passdb_default_password_scheme,
++	   but it needs to be here explicitly as long as settings-history-core.txt
++	   supports dovecot_config_version with
++	   passdb_default_password_scheme=PLAIN default */
++	{ "passdb_ldap/passdb_default_password_scheme", "CRYPT" },
++
+ 	{ NULL, NULL }
+ };
+ 
+diff --git a/src/auth/passdb-passwd.c b/src/auth/passdb-passwd.c
+index 71f5800cf8..12210e6e0e 100644
+--- a/src/auth/passdb-passwd.c
++++ b/src/auth/passdb-passwd.c
+@@ -28,8 +28,14 @@ static const struct setting_define auth_passwd_setting_defines[] = {
+ 
+ static const struct setting_keyvalue auth_passwd_default_settings_keyvalue[] = {
+ 	{ "passdb_passwd/passdb_use_worker", "yes" },
+-	{ "passdb_passwd/passdb_default_password_scheme", "crypt" },
+ 	{ "userdb_passwd/userdb_use_worker", "yes" },
++
++	/* This now now the same as the default passdb_default_password_scheme,
++	   but it needs to be here explicitly as long as settings-history-core.txt
++	   supports dovecot_config_version with
++	   passdb_default_password_scheme=PLAIN default */
++	{ "passdb_passwd/passdb_default_password_scheme", "CRYPT" },
++
+ 	{ NULL, NULL }
+ };
+ 
+-- 
+2.52.0
+

0002-lib-regex-Set-DREGEX_MAX_MATCHES-to-library-default.patch

@@ -0,0 +1,56 @@
+From e704d9c72850684c1b82011c9550adbd4200f0eb Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Mon, 22 Dec 2025 11:05:31 +0200
+Subject: [PATCH 2/3] lib-regex: Set DREGEX_MAX_MATCHES to library default
+
+---
+ src/lib-regex/regex.c      |  2 +-
+ src/lib-regex/test-regex.c | 10 ++++++----
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/src/lib-regex/regex.c b/src/lib-regex/regex.c
+index 51e7d6c513..5ccf9d54be 100644
+--- a/src/lib-regex/regex.c
++++ b/src/lib-regex/regex.c
+@@ -14,7 +14,7 @@
+ #include "pcre2.h"
+ 
+ #define DREGEX_MAX_DEPTH 100
+-#define DREGEX_MAX_MATCHES 100
++#define DREGEX_MAX_MATCHES 10000000
+ #define DREGEX_MAX_CAPTURE_GROUPS 100
+ #define DREGEX_MAX_CPU_SECONDS 1
+ 
+diff --git a/src/lib-regex/test-regex.c b/src/lib-regex/test-regex.c
+index 10b393e409..4b68bca2ce 100644
+--- a/src/lib-regex/test-regex.c
++++ b/src/lib-regex/test-regex.c
+@@ -158,19 +158,21 @@ static void test_dregex_match(void)
+ 			"{1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]"
+ 			"{1}[a-z]{2,3}))$",
+ 			"thisisabstractly.andtotally.long.email@"
+-			REP10("a") "." REP10("a") "." REP10("a")
++			REP10(REP10("a") "." REP10("a") "." REP10("a") "." REP10("a"))
+ 			".has",
+-			"match limit exceeded",
++			"matching depth limit exceeded",
+ 			0,
+ 			-1
+ 		),
+ 		MATCH_CASE_FULL(
+ 			"(a|a?)+",
+-			REP10("a") REP10("a"),
+-			"match limit exceeded",
++			REP10(REP10("a") REP10("a") REP10("a")),
++			"matching depth limit exceeded",
+ 			0,
+ 			-1
+ 		),
++		/* Live test cases */
++		MATCH_CASE("\\[.*PATCH.*\\]", "Subject: Re: [PATCH v2 3/6] arm64: dts: qcom: qcm6490-shift-otter: Ad"),
+ 		/* IEEE.1003-2.1992 */
+ 		MATCH_CASE("me(\\+.*)?@company\\.com",
+ 			"me+hello@company.com"),
+-- 
+2.52.0
+

0003-auth-Make-the-default-passdb_static-passdb_default_p.patch

@@ -0,0 +1,36 @@
+From 26e6fbff9caff4f14dc41b3dac5b1c2ce08da026 Mon Sep 17 00:00:00 2001
+From: Marco Bettini <marco.bettini@open-xchange.com>
+Date: Tue, 16 Dec 2025 09:47:03 +0000
+Subject: [PATCH 3/4] auth: Make the default
+ passdb_static/passdb_default_password_scheme = PLAIN explicit
+
+in preperation for the change of the global passdb_default_password_scheme default
+---
+ src/auth/auth-settings.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c
+index fa94044df8..e6fb6a833d 100644
+--- a/src/auth/auth-settings.c
++++ b/src/auth/auth-settings.c
+@@ -268,11 +268,17 @@ static const struct auth_static_settings auth_static_default_settings = {
+ 	.userdb_static_allow_all_users = FALSE,
+ };
+ 
++static const struct setting_keyvalue auth_static_default_settings_keyvalue[] = {
++       { "passdb_static/passdb_default_password_scheme", "PLAIN" },
++       { NULL, NULL }
++};
++
+ const struct setting_parser_info auth_static_setting_parser_info = {
+ 	.name = "auth_static",
+ 
+ 	.defines = auth_static_setting_defines,
+ 	.defaults = &auth_static_default_settings,
++	.default_settings = auth_static_default_settings_keyvalue,
+ 
+ 	.struct_size = sizeof(struct auth_static_settings),
+ 	.pool_offset1 = 1 + offsetof(struct auth_static_settings, pool),
+-- 
+2.52.0
+

0003-lib-regex-Limit-number-of-capture-groups-correctly.patch

@@ -0,0 +1,32 @@
+From 7619375c605708414664e351bbab0f084e687e8f Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Mon, 22 Dec 2025 22:01:18 +0200
+Subject: [PATCH 3/3] lib-regex: Limit number of capture groups correctly
+
+We create at maximum max_capture_groups match groups.
+---
+ src/lib-regex/regex.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/lib-regex/regex.c b/src/lib-regex/regex.c
+index 5ccf9d54be..d48b48adf3 100644
+--- a/src/lib-regex/regex.c
++++ b/src/lib-regex/regex.c
+@@ -336,12 +336,9 @@ int dregex_code_match_groups(struct dregex_code *code, const char *subject,
+ 
+ 	T_BEGIN {
+ 		pcre2_match_data *mdata =
+-			pcre2_match_data_create_from_pattern(code->pat, code->gctx);
++			pcre2_match_data_create(code->max_capture_groups, code->gctx);
+ 		ret = dregex_code_match_int(code, subject, mdata, error_r);
+-		/* Avoid extracting way too many capture groups */
+-		if (ret > (int)code->max_capture_groups + 1)
+-			ret = handle_error(PCRE2_ERROR_TOO_MANY_CAPTURES, error_r);
+-		else if (ret > 1) {
++		if (ret > 1) {
+ 			bool skip_empty = HAS_ALL_BITS(code->flags, DREGEX_NO_EMPTY_SUB);
+ 			/* ret is number of groups */
+ 			extract_matches((uint32_t)ret, mdata, skip_empty, groups_r);
+-- 
+2.52.0
+

0004-auth-Set-CRYPT-as-default-passdb_default_password_sc.patch

@@ -0,0 +1,34 @@
+From 5831161b1eb27c78246ffff562a5c5c3eb3bbade Mon Sep 17 00:00:00 2001
+From: Marco Bettini <marco.bettini@open-xchange.com>
+Date: Tue, 9 Dec 2025 09:18:19 +0000
+Subject: [PATCH 4/4] auth: Set CRYPT as default passdb_default_password_scheme
+
+---
+ src/auth/auth-settings.c                   | 2 +-
+ src/lib-settings/settings-history-core.txt | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+Index: core/src/auth/auth-settings.c
+===================================================================
+--- core.orig/src/auth/auth-settings.c
++++ core/src/auth/auth-settings.c
+@@ -136,7 +136,7 @@ static const struct auth_passdb_settings
+ 	.mechanisms_filter = ARRAY_INIT,
+ 	.username_filter = "",
+ 
+-	.default_password_scheme = "PLAIN",
++	.default_password_scheme = "CRYPT",
+ 
+ 	.skip = "never:authenticated:unauthenticated",
+ 	.result_success = "return-ok:return:return-fail:continue:continue-ok:continue-fail",
+Index: core/src/lib-settings/settings-history-core.txt
+===================================================================
+--- core.orig/src/lib-settings/settings-history-core.txt
++++ core/src/lib-settings/settings-history-core.txt
+@@ -1,3 +1,6 @@
++default	passdb_ldap/passdb_default_password_scheme	CRYPT	2.4.2	3.2.0
++default	passdb_passwd/passdb_default_password_scheme	CRYPT	2.4.2	3.2.0
++default	passdb_default_password_scheme	PLAIN	2.4.2	3.2.0
+ default	mail_attachment_detection_options		2.4.2	3.2.0
+ default	@metric_defaults/proxy/metric	auth_successes,auth_failures,login_aborted	2.4.2	3.2.0
+ default	fts_search_read_fallback	yes	-	3.2.0

dovecot-fix-gssapi.patch

@@ -1,12 +0,0 @@
-diff -Naur dovecot-2.4.1-4/src/auth/mech-gssapi.c dovecot-2.4.1-4.new/src/auth/mech-gssapi.c
---- dovecot-2.4.1-4/src/auth/mech-gssapi.c	2025-03-28 12:32:27.000000000 +0100
-+++ dovecot-2.4.1-4.new/src/auth/mech-gssapi.c	2025-05-23 14:09:17.765742203 +0200
-@@ -672,7 +672,7 @@
- 
- 	if (data_size == 0) {
- 		/* The client should go first */
--		auth_request_handler_reply_continue(request, NULL, 0);
-+		auth_request_handler_reply_continue(request, uchar_empty_ptr, 0);
- 	} else {
- 		mech_gssapi_auth_continue(request, data, data_size);
- 	}

dovecot24-32bit-1.patch

@@ -0,0 +1,27 @@
+From 6535a1c5e1c992ed5e6171633e2bfbdd684fb411 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Wed, 29 Oct 2025 13:00:24 +0200
+Subject: [PATCH] lib: Fix signedness in assert in time_to_uint32()
+
+If time_t is signed and 32-bit, this can cause warnings.
+---
+ src/lib/lib.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/lib/lib.h b/src/lib/lib.h
+index 46b6776d79b..d933dc07adc 100644
+--- a/src/lib/lib.h
++++ b/src/lib/lib.h
+@@ -142,7 +142,9 @@ static inline uint32_t i_rand_minmax(uint32_t min_val, uint32_t max_val)
+ static inline uint32_t time_to_uint32(time_t ts)
+ {
+ 	i_assert(ts >= 0);
++#if TIME_T_MAX_BITS > 32
+ 	i_assert(ts <= UINT32_MAX);
++#endif
+ 	return (uint32_t)(ts & 0xffffffff);
+ }
+ /* Cast time_t to uint32_t, truncate the value if it does not fit. */
+-- 
+GitLab
+

dovecot24-32bit-2.patch

@@ -0,0 +1,27 @@
+From 82e3d905d68723f6477619ebb0a642ffe7f126bc Mon Sep 17 00:00:00 2001
+From: Timo Sirainen <timo.sirainen@open-xchange.com>
+Date: Wed, 29 Oct 2025 13:27:21 +0200
+Subject: [PATCH] lib-sieve: plugins: extlists: Fix max_lookup_size setting
+ type
+
+It failed with compiler error on 32bit systems.
+---
+ src/lib-sieve/plugins/extlists/ext-extlists-settings.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dovecot-pigeonhole-2.4.2/src/lib-sieve/plugins/extlists/ext-extlists-settings.h b/dovecot-pigeonhole-2.4.2/src/lib-sieve/plugins/extlists/ext-extlists-settings.h
+index 142598a66a..82ab593c75 100644
+--- a/dovecot-pigeonhole-2.4.2/src/lib-sieve/plugins/extlists/ext-extlists-settings.h
++++ b/dovecot-pigeonhole-2.4.2/src/lib-sieve/plugins/extlists/ext-extlists-settings.h
+@@ -12,7 +12,7 @@ struct ext_extlists_list_settings {
+ 
+ 	const char *name;
+ 	/* Maximum size of lookup value */
+-	size_t max_lookup_size;
++	uoff_t max_lookup_size;
+ 
+ 	struct {
+ 		const char *name;
+-- 
+GitLab
+

dovecot24.changes

@@ -1,3 +1,160 @@
+-------------------------------------------------------------------
+Thu Jan 22 18:04:34 UTC 2026 - Hans-Peter Jansen <hpj@urpla.net>
+
+- dovecot will not compile with older gcc's. Force a newer one.
+
+-------------------------------------------------------------------
+Tue Dec 23 08:21:20 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- While we are at it backport some fixes for the authentication
+  stack, after recommendation from upstream:
+  0001-auth-Fix-dashes-to-underscores-in-driver-names-in-fi.patch
+  0002-auth-Fix-crypt-CRYPT-in-passdb_passwd-passdb_ldap-de.patch
+  0003-auth-Make-the-default-passdb_static-passdb_default_p.patch
+  0004-auth-Set-CRYPT-as-default-passdb_default_password_sc.patch
+
+-------------------------------------------------------------------
+Tue Dec 23 08:11:59 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- backport patches to fix sieve regex support after the switch to
+  pcre2
+  0001-lib-regex-Separate-maximum-capture-groups-and-match-.patch
+  0002-lib-regex-Set-DREGEX_MAX_MATCHES-to-library-default.patch
+  0003-lib-regex-Limit-number-of-capture-groups-correctly.patch
+  
+- ------------------------------------------------------------------
+Wed Oct 29 12:16:37 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Add patches to fix the 32bit build failures:
+  dovecot24-32bit-1.patch
+  dovecot24-32bit-2.patch
+
+-------------------------------------------------------------------
+Wed Oct 29 09:39:55 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- drop dovecot-fix-gssapi.patch
+
+-------------------------------------------------------------------
+Wed Oct 29 09:33:52 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update dovecot to 2.4.2 (boo#1252839 CVE-2025-30189)
+  - Critical bug fixes
+    - CVE-2025-30189: Passdb oauth2 (not oauth2 mechanism), passdb
+      passwd, passdb bsdauth, and userdb passwd drivers would cause
+      users to be cached with same cache key when auth cache was
+      enabled.
+  - Changes
+    - auth: Remove proxy_always field.
+    - config: Change settings history parsing to use python3.
+    - doveadm: Print table formatter - Print empty values as "-".
+    - imapc: Propagate remote error codes properly.
+    - lda: Default mail_home=$HOME environment if not using userdb
+      lookup
+    - lib-dcrypt: Salt for new version 2 keys has been increased to
+      16 bytes.
+    - lib-dregex: Add libpcre2 based regular expression support to
+      Dovecot, if the library is missing, disable all regular
+      expressions. This adds libpcre2-32 as build dependency.
+    - lib-oauth2: jwt - Allow nbf and iat to point 1 second into
+      future.
+    - lib: Replace libicu with our own unicode library. Removes
+      libicu as build dependency.
+    - login-common: If proxying fails due to remote having invalid
+      SSL cert, don't reconnect.
+  - New features
+    - auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp
+      fields, see
+      https://doc.dovecot.org/latest/core/summaries/settings.html#ssl_peer_certificate_fingerprint_hash
+      for more information.
+    - config: Add support for $SET:filter/path/setting.
+    - config: Improve @group includes to work with overwriting
+      their settings.
+    - doveadm kick: Add support for kicking multiple usernames
+    - doveadm mailbox status: Add support for deleted status item.
+    - imap, imap-client: Add experimental partial IMAP4rev2
+      support.
+    - imap: Implement support for UTF8=ACCEPT for APPEND
+    - lib-oauth2, oauth2: Add oauth2_token_expire_grace setting.
+    - lmtp: lmtp-client - Support command pipelining.
+    - login-common: Support local/remote blocks better.
+    - master: accept() unix/inet connections before creating child
+      process to handle it. This reduces timeouts when child
+      processes are slow to spawn themselves.
+  - Bug fixes
+    - SMTPUTF8 was accepted even when it wasn't enabled.
+    - auth, *-login: Direct logging with -L parameter was not
+      working.
+    - auth: Crash occured when OAUTH token validation failed with
+      oauth2_use_worker_with_mech=yes.
+    - auth: Invalid field handling crashes were fixed.
+    - auth: ldap - Potential crash could happen at deinit.
+    - auth: mech-gssapi - Server sending empty initial response
+      would cause errors.
+    - auth: mech-winbind - GSS-SPNEGO mechanism was erroneously
+      marked as
+    - not accepting NUL.
+    - config: Multiple issues with $SET handling has been fixed.
+    - configure: Building without LDAP didn't work.
+    - doveadm: If source user didn't exist, a crash would occur.
+    - imap, pop3, submission, imap-urlauth: USER environment usage
+      was broken when running standalone.
+    - imap-hibernate: Statistics would get truncated on
+      unhibernation.
+    - imap: "SEARCH MIMEPART FILENAME ENDS" command could have
+      accessed memory outside allocated buffer, resulting in a
+      crash.
+    - imapc: Fetching partial headers would cause other cached
+      headers to be cached empty, breaking e.g. imap envelope
+      responses when caching to disk.
+    - imapc: Shared namespace's INBOX mailbox was not always
+      uppercased.
+    - imapc: imapc_features=guid-forced GUID generation was not
+      working correctly.
+    - lda: USER environment was not accepted if -d hasn't been
+      specified.
+    - lib-http: http-url - Significant path percent encoding
+      through parse and create was not preserved. This is mainly
+      important for Dovecot's Lua bindings for lib-http.
+    - lib-settings: Crash would occur when using %variables in
+      SET_FILE type settings.
+    - lib-storage: Attachment flags were attempted to be added for
+      readonly mailboxes with mail_attachment_flags=add-flags.
+    - lib-storage: Root directory for unusable shared namespaces
+      was unnecessarily attempted to be created.
+    - lib: Crash would occur when config was reloaded and logging
+      to syslog.
+    - login-common: Crash might have occured when login proxy was
+      destroyed.
+    - sqlite: The sqlite_journal_mode=wal setting didn't actually
+      do anything.
+    - Many other bugs have been fixed.
+- Update pigeonhole to 2.4.2
+  - Changes
+    - lib-sieve: Use new regular expression library in core.
+    - managesieve: Add default
+      service_extra_groups=$SET:default_internal_group.
+  - New features
+    - lib-sieve: Add support for "extlists" extension.
+    - lib-sieve: regex - Allow unicode comparator.
+  - Bug fixes
+    - lib-sieve-tool: sieve-tool - All sieve_script settings were
+      overriden.
+    - lib-sieve: storage: dict: sieve_script_dict filter was
+      missing from settings.
+    - sieve-ldap-storage: Fix compile without LDAP.
+
+-------------------------------------------------------------------
+Fri Aug 22 08:30:47 UTC 2025 - Giacomo Leidi <giacomo.leidi@suse.com>
+
+ - Allow for %is_opensuse to be unset, following up to
+  https://src.suse.de/products/SLFO/pulls/204 (bsc#1248485).
+
+-------------------------------------------------------------------
+Thu Aug 14 06:45:21 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Enable build for all arches again. The build failure on 32bit has
+  been addressed upstream.
+
 -------------------------------------------------------------------
 Tue Aug  5 10:57:55 UTC 2025 - Peter Varkoly <varkoly@suse.com>
 

dovecot24.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package dovecot24
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,8 +17,8 @@
 
 
 %define pkg_name dovecot
-%define dovecot_version 2.4.1-4
-%define dovecot_pigeonhole_version 2.4.1-4
+%define dovecot_version 2.4.2
+%define dovecot_pigeonhole_version 2.4.2
 %define dovecot_branch  2.4
 %define dovecot_pigeonhole_source_dir %{pkg_name}-pigeonhole-%{dovecot_pigeonhole_version}
 %define dovecot_pigeonhole_docdir     %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -34,7 +34,7 @@
 %bcond_without zstd
 %bcond_without xapian
 %bcond_without libstemmer
-%if %{is_opensuse}
+%if 0%{?is_opensuse}
 %bcond_without apparmor
 %bcond_without textcat
 %else
@@ -43,13 +43,15 @@
 %endif
 %bcond_with run_tests
 
+%if 0%{?suse_version} < 1600
+%global force_gcc_version   15
+%endif
+
 Name:           dovecot24
-Version:        2.4.1
+Version:        2.4.2
 Release:        0
 Summary:        IMAP and POP3 Server Written Primarily with Security in Mind
 License:        BSD-3-Clause AND LGPL-2.1-or-later AND MIT
-# https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/message/PCUTU3IE6RZXQQMWCAB7UP4XN6SPFPFX/
-ExcludeArch:    %ix86 %arm
 Group:          Productivity/Networking/Email/Servers
 URL:            https://www.dovecot.org
 Source:         https://www.dovecot.org/releases/%{dovecot_branch}/%{pkg_name}-%{dovecot_version}.tar.gz
@@ -64,13 +66,21 @@ Patch0:         dovecot-2.3.0-dont_use_etc_ssl_certs.patch
 Patch1:         dovecot-2.4.0-lua_json.patch
 # PATCH-FIX-OPENSUSE
 Patch2:         dovecot-2.3.17-env_script_interpreter.patch
-# PATCH-FIX-OPENSUSE
-Patch3:         dovecot-fix-gssapi.patch
+Patch3:         dovecot24-32bit-1.patch
+Patch4:         dovecot24-32bit-2.patch
+Patch11:        0001-lib-regex-Separate-maximum-capture-groups-and-match-.patch
+Patch12:        0002-lib-regex-Set-DREGEX_MAX_MATCHES-to-library-default.patch
+Patch13:        0003-lib-regex-Limit-number-of-capture-groups-correctly.patch
+Patch14:        0001-auth-Fix-dashes-to-underscores-in-driver-names-in-fi.patch
+Patch15:        0002-auth-Fix-crypt-CRYPT-in-passdb_passwd-passdb_ldap-de.patch
+Patch16:        0003-auth-Make-the-default-passdb_static-passdb_default_p.patch
+Patch17:        0004-auth-Set-CRYPT-as-default-passdb_default_password_sc.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
 BuildRequires:  fdupes
 BuildRequires:  flex
+BuildRequires:  gcc%{?force_gcc_version}-c++
 BuildRequires:  libtool
 BuildRequires:  lua-devel
 BuildRequires:  lua-dkjson
@@ -93,6 +103,7 @@ BuildRequires:  libmysqlclient-devel
 BuildRequires:  openldap2-devel >= 2.5.0
 BuildRequires:  pam-devel
 %endif
+BuildRequires:  pkgconfig(libpcre2-32)
 BuildRequires:  pkgconfig(libpq)
 BuildRequires:  pkgconfig(libsystemd)
 %ifnarch s390x
@@ -299,8 +310,13 @@ dovecot tree.
 gzip -9v ChangeLog
 
 %build
+%if 0%{?force_gcc_version}
+export CC="gcc-%{?force_gcc_version}"
+export CXX="g++-%{?force_gcc_version}"
+%endif
+
 # export CFLAGS="%%{optflags} -Wno-sign-compare"
-./autogen.sh
+# ./autogen.sh
 %configure                                          \
     --docdir=%{_docdir}/%{pkg_name}                 \
     --with-moduledir=%{_libdir}/%{pkg_name}/modules \
@@ -340,7 +356,7 @@ gzip -9v ChangeLog
 %make_build
 
 pushd %{dovecot_pigeonhole_source_dir}
-    ./autogen.sh
+    # ./autogen.sh
     %configure --with-dovecot=../ \
       --with-ldap=plugin \
       --docdir="%{dovecot_pigeonhole_docdir}"
@@ -490,6 +506,7 @@ fi
 %{_prefix}/lib/%{pkg_name}/quota-status
 %{_prefix}/lib/%{pkg_name}/managesieve
 %{_prefix}/lib/%{pkg_name}/managesieve-login
+%{_prefix}/lib/%{pkg_name}/settings-history.py
 %{_libdir}/%{pkg_name}/libdovecot.so.*
 %{_libdir}/%{pkg_name}/libdovecot-ldap.so.*
 %{_libdir}/%{pkg_name}/libdovecot-lua.so.*
@@ -503,6 +520,7 @@ fi
 %{_libdir}/%{pkg_name}/libdovecot-dsync.so.*
 %{_libdir}/%{pkg_name}/libdovecot-sieve.so.*
 %{_libdir}/%{pkg_name}/libdovecot-managesieve.so.*
+%{_libdir}/%{pkg_name}/libdovecot-gssapi.so.*
 # plugins
 %dir %{_libdir}/%{pkg_name}
 %dir %{_libdir}/%{pkg_name}/modules/
@@ -545,6 +563,7 @@ fi
 %{_libdir}/%{pkg_name}/modules/auth/libauthdb_ldap.so
 %{_libdir}/%{pkg_name}/modules/auth/libauthdb_lua.so
 %{_libdir}/%{pkg_name}/modules/auth/libmech_gssapi.so
+%{_libdir}/%{pkg_name}/modules/auth/libmech_gss_spnego.so
 %dir %{_libdir}/%{pkg_name}/modules/dict/
 %{_libdir}/%{pkg_name}/modules/dict/libdict_ldap.so
 # more dict modules are in the sql packages
@@ -686,5 +705,6 @@ fi
 %{_libdir}/%{pkg_name}/libdovecot-dsync.so
 %{_libdir}/%{pkg_name}/libdovecot-sieve.so
 %{_libdir}/%{pkg_name}/libdovecot-managesieve.so
+%{_libdir}/%{pkg_name}/libdovecot-gssapi.so
 
 %changelog