dovecot: upgrade 2.4.2 -> 2.4.3

Drop patch which is included in this release, and add a patch that adapts a lua api call to the lua version that is used in OE. License-Change: the unicode license text has been updated, there should be no material change. However while examining these changes, I noticed that some parts of the code are covered by licenses not mentined in the recipe. It should reflect all licenses now. Tis version contains fixes fox CVE-2025-59028, CVE-2025-59031, CVE-2026-24031, CVE-2026-27859, CVE-2026-27860, CVE-2026-27857, CVE-2026-27856 and CVE-2026-27855 Changelog: https://github.com/dovecot/core/blob/main/NEWS Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-02 02:49:12 +00:00 · 2026-03-31 13:13:36 +02:00 · 2026-03-31 13:13:36 +02:00 · 0c78085b36
commit 0c78085b36
parent 96fdcdd16a
3 changed files with 35 additions and 31 deletions
--- a/meta-networking/recipes-support/dovecot/dovecot/0001-adapt-lua_newstate-to-new-api.patch
+++ b/meta-networking/recipes-support/dovecot/dovecot/0001-adapt-lua_newstate-to-new-api.patch
@ -0,0 +1,29 @@
+From 5efcbab91b510f5a2495369b729248e8bf8a5d63 Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Tue, 31 Mar 2026 11:05:52 +0000
+Subject: [PATCH] adapt lua_newstate to new api
+
+lua_newstate() in lua 5.5 has gained a new, third argument, which made
+it not backwards compatible. This change adapts this call to the lua version
+used in OE.
+
+Upstream-Status: Pending
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/lib-lua/dlua-script.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib-lua/dlua-script.c b/src/lib-lua/dlua-script.c
+index 20f91ad..789d603 100644
+--- a/src/lib-lua/dlua-script.c
+++ b/src/lib-lua/dlua-script.c
+@@ -253,7 +253,7 @@ static struct dlua_script *dlua_create_script(const char *name,
+ 	/* lua API says that lua_newstate will return NULL only if it's out of
+ 	   memory. this cannot really happen with our allocator as it will
+ 	   call i_fatal_status anyways if it runs out of memory */
+-	script->L = lua_newstate(dlua_alloc, script);
+	script->L = lua_newstate(dlua_alloc, script, luaL_makeseed(NULL));
+ 	i_assert(script->L != NULL);
+ 	script->ref = 1;
+ 	lua_atpanic(script->L, dlua_atpanic);
--- a/meta-networking/recipes-support/dovecot/dovecot/0001-lib-regex-remove-LIBPCRE_LIBS-from.patch
+++ b/meta-networking/recipes-support/dovecot/dovecot/0001-lib-regex-remove-LIBPCRE_LIBS-from.patch
@ -1,26 +0,0 @@
-From fd3d65c65c778cf0a2fba6487c8d0eb30b6780b7 Mon Sep 17 00:00:00 2001
-From: Aki Tuomi <aki.tuomi@open-xchange.com>
-Date: Fri, 31 Oct 2025 12:53:33 +0200
-Subject: [PATCH] lib-regex: Remove LIBPCRE_LIBS from test dependencies
-
-Was accidentically added in 49ae6e798310e5c4b96709db435a3714ea6468a8
-
-Upstream-Status: Backport [https://github.com/dovecot/core/commit/fd3d65c65c778cf0a2fba6487c8d0eb30b6780b7]
-Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
- src/lib-regex/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lib-regex/Makefile.am b/src/lib-regex/Makefile.am
-index 60f43d9779..9d26d27fa1 100644
--- a/src/lib-regex/Makefile.am
-+++ b/src/lib-regex/Makefile.am
-@@ -34,7 +34,7 @@ test_regex_LDADD = libdregex.la \
- 		   ../lib-test/libtest.la \
- 		   ../lib/liblib.la \
- 		   $(LIBPCRE_LIBS)
-test_regex_DEPENDENCIES = libdregex.la $(LIBPCRE_LIBS)
-+test_regex_DEPENDENCIES = libdregex.la
- 
- check-local:
- 	for bin in $(test_programs); do \
--- a/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb
+++ b/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb
@ -6,17 +6,17 @@ in mind. Dovecot is an excellent choice for both small and large \
 installations. It's fast, simple to set up, requires no special \
 administration and it uses very little memory."
 SECTION = "mail"
-LICENSE = "LGPL-2.1-only & MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=2956560272e5b31d9d64f03111732048"
+LICENSE = "LGPL-2.1-only & MIT & Unicode-3.0 & BSD-3-Clause & PD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=cb805cc6bdb95ba8fc2398a55fd50877"

-SRC_URI = "http://dovecot.org/releases/2.4/dovecot-${PV}.tar.gz \
+SRC_URI = "https://dovecot.org/releases/2.4/dovecot-${PV}.tar.gz \
           file://0001-configure.ac-convert-AC_TRY_RUN-to-AC_TRY_LINK-state.patch \
           file://dovecot.service \
           file://dovecot.socket \
           file://0001-m4-Check-for-libunwind-instead-of-libunwind-generic.patch \
-           file://0001-lib-regex-remove-LIBPCRE_LIBS-from.patch \
+           file://0001-adapt-lua_newstate-to-new-api.patch \
           "
-SRC_URI[sha256sum] = "2cd62e4d22b9fc1c80bd38649739950f0dbda34fbc3e62624fb6842264e93c6e"
+SRC_URI[sha256sum] = "e0b30330fe51e47ecfcf641bc16041184d91bdd0ac3db789b7cef54e3a75ac9b"

 DEPENDS = "openssl xz zlib bzip2 libcap icu libtirpc bison-native"
 CFLAGS += "-I${STAGING_INCDIR}/tirpc"
@ -29,6 +29,7 @@ PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ldap pam systemd', d)}
 PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam,"
 PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd,"
 PACKAGECONFIG[ldap] = "--with-ldap=plugin,--without-ldap,openldap,"
+PACKAGECONFIG[lua] = "--with-lua=yes, --without-lua, lua"
 PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4,"

 # From native build in armv7a-hf/eglibc