dovecot: patch CVE-2025-30189

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189 Pick the patches referenced by the advisory[1] from the Full Disclosure list. [1]: https://seclists.org/fulldisclosure/2025/Oct/29 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-29 15:51:46 +0100
committer: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-01-06 18:07:48 +0530
commit: c0a63f52228549a4ae0ca2110cdae766fa350977 (patch)
tree: 2c014be1f7cb7ff07f223c15f946733764358043
parent: af7857e40c6d35e7ced41a08e4c4bfa17814f578 (diff)
download: meta-openembedded-c0a63f52228549a4ae0ca2110cdae766fa350977.tar.gz
8 files changed, 489 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-1.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-1.patch
new file mode 100644
index 0000000000..ee0d181b1e
--- /dev/null
+++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-1.patch
@@ -0,0 +1,128 @@
+From 2bd173264093021372506a89793456dcc42f4248 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Fri, 25 Jul 2025 08:16:52 +0300
+Subject: [PATCH] auth: Use AUTH_CACHE_KEY_USER instead of per-database
+ constants
+Fixes cache key issue where users would end up overwriting
+each other in cache due to cache key being essentially static
+string because we no longer support %u.
+Forgotten in 2e298e7ee98b6df61cf85117f000290d60a473b8
+CVE: CVE-2025-30189
+Upstream-Status: Backport [https://github.com/dovecot/core/commit/a70ce7d3e2f983979e971414c5892c4e30197231]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/auth/auth-settings.h  | 2 ++
+ src/auth/passdb-bsdauth.c | 4 +---
+ src/auth/passdb-oauth2.c  | 2 +-
+ src/auth/passdb-pam.c     | 3 ++-
+ src/auth/passdb-passwd.c  | 3 +--
+ src/auth/userdb-passwd.c  | 3 +--
+ 6 files changed, 8 insertions(+), 9 deletions(-)
+diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h
+index 1d420ec..90aba17 100644
+--- a/src/auth/auth-settings.h
+++ b/src/auth/auth-settings.h
+@@ -1,6 +1,8 @@
+ #ifndef AUTH_SETTINGS_H
+ #define AUTH_SETTINGS_H
+ 
+#define AUTH_CACHE_KEY_USER "%{user}"
+
+ struct master_service;
+ struct master_service_settings_output;
+ 
+diff --git a/src/auth/passdb-bsdauth.c b/src/auth/passdb-bsdauth.c
+index 6829267..1b86da4 100644
+--- a/src/auth/passdb-bsdauth.c
+++ b/src/auth/passdb-bsdauth.c
+@@ -14,8 +14,6 @@
+ #include <login_cap.h>
+ #include <bsd_auth.h>
+ 
+-#define BSDAUTH_CACHE_KEY "%u"
+-
+ struct passdb_bsdauth_settings {
+        pool_t pool;
+ };
+@@ -104,7 +102,7 @@ bsdauth_preinit(pool_t pool, struct event *event,
+                         &post_set, error_r) < 0)
+                return -1;
+        module->default_cache_key = auth_cache_parse_key_and_fields(
+-               pool, BSDAUTH_CACHE_KEY, &post_set->fields, "bsdauth");
+               pool, AUTH_CACHE_KEY_USER, &post_set->fields, "bsdauth");
+ 
+        settings_free(post_set);
+        *module_r = module;
+diff --git a/src/auth/passdb-oauth2.c b/src/auth/passdb-oauth2.c
+index 96d902d..91fed06 100644
+--- a/src/auth/passdb-oauth2.c
+++ b/src/auth/passdb-oauth2.c
+@@ -53,7 +53,7 @@ oauth2_preinit(pool_t pool, struct event *event, struct passdb_module **module_r
+        if (db_oauth2_init(event, TRUE, &module->db, error_r) < 0)
+                return -1;
+        module->module.default_pass_scheme = "PLAIN";
+-       module->module.default_cache_key = "%u";
+       module->module.default_cache_key = AUTH_CACHE_KEY_USER;
+        *module_r = &module->module;
+        return 0;
+ }
+diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c
+index 2acbceb..fdf0f57 100644
+--- a/src/auth/passdb-pam.c
+++ b/src/auth/passdb-pam.c
+@@ -415,7 +415,8 @@ static int pam_preinit(pool_t pool, struct event *event,
+        module = p_new(pool, struct pam_passdb_module, 1);
+        module->module.default_cache_key =
+                auth_cache_parse_key_and_fields(pool,
+-                                               t_strdup_printf("%%u/%s", set->service_name),
+                                               t_strdup_printf("%"AUTH_CACHE_KEY_USER"\t%s",
+                                                               set->service_name),
+                                                &post_set->fields, "pam");
+        module->requests_left = set->max_requests;
+        module->pam_setcred = set->setcred;
+diff --git a/src/auth/passdb-passwd.c b/src/auth/passdb-passwd.c
+index 1300315..22e2eae 100644
+--- a/src/auth/passdb-passwd.c
+++ b/src/auth/passdb-passwd.c
+@@ -10,7 +10,6 @@
+ #include "safe-memset.h"
+ #include "ipwd.h"
+ 
+-#define PASSWD_CACHE_KEY "%u"
+ #define PASSWD_PASS_SCHEME "CRYPT"
+ 
+ #undef DEF
+@@ -142,7 +141,7 @@ static int passwd_preinit(pool_t pool, struct event *event,
+                         &post_set, error_r) < 0)
+                return -1;
+        module->default_cache_key = auth_cache_parse_key_and_fields(pool,
+-                                                                   PASSWD_CACHE_KEY,
+                                                                   AUTH_CACHE_KEY_USER,
+                                                                    &post_set->fields,
+                                                                    "passwd");
+        settings_free(post_set);
+diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c
+index 5241129..14cf90a 100644
+--- a/src/auth/userdb-passwd.c
+++ b/src/auth/userdb-passwd.c
+@@ -9,7 +9,6 @@
+ #include "ipwd.h"
+ #include "time-util.h"
+ 
+-#define USER_CACHE_KEY "%u"
+ #define PASSWD_SLOW_WARN_MSECS (10*1000)
+ #define PASSWD_SLOW_MASTER_WARN_MSECS 50
+ #define PASSDB_SLOW_MASTER_WARN_COUNT_INTERVAL 100
+@@ -225,7 +224,7 @@ static int passwd_preinit(pool_t pool, struct event *event ATTR_UNUSED,
+        struct passwd_userdb_module *module =
+                p_new(pool, struct passwd_userdb_module, 1);
+ 
+-       module->module.default_cache_key = USER_CACHE_KEY;
+       module->module.default_cache_key = AUTH_CACHE_KEY_USER;
+        *module_r = &module->module;
+        return 0;
+ }
diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-2.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-2.patch
new file mode 100644
index 0000000000..fa1f6fc756
--- /dev/null
+++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-2.patch
@@ -0,0 +1,51 @@
+From ca932f18061b643c19bae839ba3990bb16e51837 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Wed, 30 Jul 2025 09:42:20 +0300
+Subject: [PATCH] auth: auth-cache - Refactor auth_cache_parse_key_and_fields()
+Call auth_cache_parse_key_exclude() at the function end,
+simplifies next commit.
+CVE: CVE-2025-30189
+Upstream-Status: Backport [https://github.com/dovecot/core/commit/c45ce2c073c9439a9d6366016cb4d41059d737f0]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/auth/auth-cache.c | 24 +++++++++++-------------
+ 1 file changed, 11 insertions(+), 13 deletions(-)
+diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
+index 360ad8b..3ccd45f 100644
+--- a/src/auth/auth-cache.c
+++ b/src/auth/auth-cache.c
+@@ -129,20 +129,18 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query,
+                                      const ARRAY_TYPE(const_string) *fields,
+                                      const char *exclude_driver)
+ {
+-       if (array_is_empty(fields))
+-               return auth_cache_parse_key_exclude(pool, query, exclude_driver);
+-
+-       string_t *full_query = t_str_new(128);
+-       str_append(full_query, query);
+-
+-       unsigned int i, count;
+-       const char *const *str = array_get(fields, &count);
+-       for (i = 0; i < count; i += 2) {
+-               str_append_c(full_query, '\t');
+-               str_append(full_query, str[i + 1]);
+       if (!array_is_empty(fields)) {
+               unsigned int i, count;
+               const char *const *str = array_get(fields, &count);
+               string_t *full_query = t_str_new(128);
+               str_append(full_query, query);
+               for (i = 0; i < count; i += 2) {
+                       str_append_c(full_query, '\t');
+                       str_append(full_query, str[i + 1]);
+               }
+               query = str_c(full_query);
+        }
+-       return auth_cache_parse_key_exclude(pool, str_c(full_query),
+-                                           exclude_driver);
+       return auth_cache_parse_key_exclude(pool, query, exclude_driver);
+ }
+ 
+ static void
diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-3.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-3.patch
new file mode 100644
index 0000000000..069a4e724f
--- /dev/null
+++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-3.patch
@@ -0,0 +1,36 @@
+From 74c526047ffcecc40485df784294b27cedf66136 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Fri, 25 Jul 2025 11:48:43 +0300
+Subject: [PATCH] auth: auth-cache - Deduplicate auth_cache_parse_key() to use
+ auth_cache_parse_key_and_fields()
+Simplifies following commit
+CVE: CVE-2025-30189
+Upstream-Status: Backport [https://github.com/dovecot/core/commit/759ee1af848480987d012de2f7135160156724b6]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/auth/auth-cache.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
+index 3ccd45f..ad8cbe5 100644
+--- a/src/auth/auth-cache.c
+++ b/src/auth/auth-cache.c
+@@ -122,14 +122,14 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query,
+ 
+ char *auth_cache_parse_key(pool_t pool, const char *query)
+ {
+-       return auth_cache_parse_key_exclude(pool, query, NULL);
+       return auth_cache_parse_key_and_fields(pool, query, NULL, NULL);
+ }
+ 
+ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query,
+                                      const ARRAY_TYPE(const_string) *fields,
+                                      const char *exclude_driver)
+ {
+-       if (!array_is_empty(fields)) {
+       if (fields != NULL && !array_is_empty(fields)) {
+                unsigned int i, count;
+                const char *const *str = array_get(fields, &count);
+                string_t *full_query = t_str_new(128);
diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-4.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-4.patch
new file mode 100644
index 0000000000..367debca52
--- /dev/null
+++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-4.patch
@@ -0,0 +1,72 @@
+From e0a7cb4b1e0ccdc95a717567818d924ce2888ca3 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Fri, 25 Jul 2025 11:51:16 +0300
+Subject: [PATCH] auth: auth-cache - Change auth_cache_parse_key_exclude() to
+ return error
+Simplifies following commit
+CVE: CVE-2025-30189
+Upstream-Status: Backport [https://github.com/dovecot/core/commit/d12bb78b5a235f31c9d5a655bd223c28d44bcadb]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/auth/auth-cache.c | 25 ++++++++++++++++++-------
+ 1 file changed, 18 insertions(+), 7 deletions(-)
+diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
+index ad8cbe5..407e5d4 100644
+--- a/src/auth/auth-cache.c
+++ b/src/auth/auth-cache.c
+@@ -64,8 +64,10 @@ static void auth_cache_key_add_tab_idx(string_t *str, unsigned int i)
+        str_append_c(str, '}');
+ }
+ 
+-static char *auth_cache_parse_key_exclude(pool_t pool, const char *query,
+-                                         const char *exclude_driver)
+static int auth_cache_parse_key_exclude(pool_t pool, const char *query,
+                                       const char *exclude_driver,
+                                       char **cache_key_r,
+                                       const char **error_r)
+ {
+        string_t *str;
+        bool key_seen[AUTH_REQUEST_VAR_TAB_COUNT];
+@@ -76,9 +78,9 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query,
+ 
+        struct var_expand_program *prog;
+        if (var_expand_program_create(query, &prog, &error) < 0) {
+-               e_debug(auth_event, "auth-cache: var_expand_program_create('%s') failed: %s",
+-                       query, error);
+-               return p_strdup(pool, "");
+               *error_r = t_strdup_printf("var_expand_program_create(%s) failed: %s",
+                                          query, error);
+               return -1;
+        }
+ 
+        const char *const *vars = var_expand_program_variables(prog);
+@@ -117,7 +119,8 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query,
+ 
+        var_expand_program_free(&prog);
+ 
+-       return p_strdup(pool, str_c(str));
+       *cache_key_r = p_strdup(pool, str_c(str));
+       return 0;
+ }
+ 
+ char *auth_cache_parse_key(pool_t pool, const char *query)
+@@ -140,7 +143,15 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query,
+                }
+                query = str_c(full_query);
+        }
+-       return auth_cache_parse_key_exclude(pool, query, exclude_driver);
+
+       char *cache_key;
+       const char *error;
+       if (auth_cache_parse_key_exclude(pool, query, exclude_driver,
+                                        &cache_key, &error) < 0) {
+               e_debug(auth_event, "auth-cache: %s", error);
+               cache_key = p_strdup(pool, "");
+       }
+       return cache_key;
+ }
+ 
+ static void
diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-5.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-5.patch
new file mode 100644
index 0000000000..8a7692efe2
--- /dev/null
+++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-5.patch
@@ -0,0 +1,31 @@
+From b2d817db6c2a7229c9e3c4ccf8565acdd6f9a4c0 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Fri, 25 Jul 2025 11:52:36 +0300
+Subject: [PATCH] auth: auth-cache - Treat cache key parsing errors as fatals
+Avoids accidentically turning off caching
+CVE: CVE-2025-30189
+Upstream-Status: Backport [https://github.com/dovecot/core/commit/20d15baa071747f91176eb3115235aa8c78a3d11]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/auth/auth-cache.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
+index 407e5d4..be56934 100644
+--- a/src/auth/auth-cache.c
+++ b/src/auth/auth-cache.c
+@@ -147,10 +147,8 @@ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query,
+        char *cache_key;
+        const char *error;
+        if (auth_cache_parse_key_exclude(pool, query, exclude_driver,
+-                                        &cache_key, &error) < 0) {
+-               e_debug(auth_event, "auth-cache: %s", error);
+-               cache_key = p_strdup(pool, "");
+-       }
+                                        &cache_key, &error) < 0)
+               i_fatal("auth-cache: %s", error);
+        return cache_key;
+ }
+ 
diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-6.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-6.patch
new file mode 100644
index 0000000000..58537ed768
--- /dev/null
+++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-6.patch
@@ -0,0 +1,88 @@
+From 73bf352efaf3ab5f685bc3b34c6780dca79b9318 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Fri, 25 Jul 2025 11:41:03 +0300
+Subject: [PATCH] auth: auth-cache - Require cache key to contain at least one
+ variable
+CVE: CVE-2025-30189
+Upstream-Status: Backport [https://github.com/dovecot/core/commit/0172f8e8c55aff42c688633b2891cf157641366b]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/auth/auth-cache.c      |  7 +++++++
+ src/auth/test-auth-cache.c | 37 ++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 43 insertions(+), 1 deletion(-)
+diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
+index be56934..32959f5 100644
+--- a/src/auth/auth-cache.c
+++ b/src/auth/auth-cache.c
+@@ -86,6 +86,13 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query,
+        const char *const *vars = var_expand_program_variables(prog);
+        str = t_str_new(32);
+ 
+       if (*vars == NULL && *query != '\0') {
+               var_expand_program_free(&prog);
+               *error_r = t_strdup_printf("%s: Cache key must contain at least one variable",
+                                          query);
+               return -1;
+       }
+
+        for (; *vars != NULL; vars++) {
+                /* ignore any providers */
+                if (strchr(*vars, ':') != NULL &&
+diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c
+index 46836de..b36d83e 100644
+--- a/src/auth/test-auth-cache.c
+++ b/src/auth/test-auth-cache.c
+@@ -97,7 +97,35 @@ static void test_auth_cache_parse_key(void)
+                                                 tests[i].in);
+                test_assert_strcmp_idx(cache_key, tests[i].out, i);
+        }
+
+       test_end();
+}
+
+static enum fatal_test_state test_cache_key_missing_variable(unsigned int i)
+{
+       if (i == 0)
+               test_begin("auth cache missing variable");
+
+       /* ensure that we do not accept static string */
+       static const struct {
+               const char *in, *out;
+       } tests_bad[] = {
+               { "%u", "auth-cache: %u: Cache key must contain at least one variable" },
+               { "foobar", "auth-cache: foobar: Cache key must contain at least one variable" },
+               { "%{test", "auth-cache: var_expand_program_create(%{test) " \
+                           "failed: syntax error, unexpected end of file, " \
+                           "expecting CCBRACE or PIPE" },
+       };
+
+       if (i < N_ELEMENTS(tests_bad)) {
+               test_expect_fatal_string(tests_bad[i].out);
+               (void)auth_cache_parse_key(pool_datastack_create(),
+                                          tests_bad[i].in);
+               return FATAL_TEST_FAILURE;
+       }
+
+        test_end();
+       return FATAL_TEST_FINISHED;
+ }
+ 
+ int main(void)
+@@ -108,7 +136,14 @@ int main(void)
+                test_auth_cache_parse_key,
+                NULL
+        };
+-       int ret = test_run(test_functions);
+
+       static test_fatal_func_t *const fatal_functions[] = {
+               test_cache_key_missing_variable,
+               NULL,
+       };
+
+       int ret = test_run_with_fatals(test_functions, fatal_functions);
+
+        event_unref(&auth_event);
+        return ret;
+ }
diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-7.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-7.patch
new file mode 100644
index 0000000000..2e00c79e91
--- /dev/null
+++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-7.patch
@@ -0,0 +1,76 @@
+From f9f3daf58d2fb43e3bb68bead0309ed41a6b6c40 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Fri, 25 Jul 2025 12:00:57 +0300
+Subject: [PATCH] auth: auth-cache - Drop auth_cache_parse_key()
+It's only used by tests and can now just call
+auth_cache_parse_key_and_fields().
+CVE: CVE-2025-30189
+Upstream-Status: Backport [https://github.com/dovecot/core/commit/34caed79b76a7b82a2a9c94cf35371bec6c2b826]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/auth/auth-cache.c      | 5 -----
+ src/auth/auth-cache.h      | 6 ++----
+ src/auth/test-auth-cache.c | 8 ++++----
+ 3 files changed, 6 insertions(+), 13 deletions(-)
+diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
+index 32959f5..82cc0d5 100644
+--- a/src/auth/auth-cache.c
+++ b/src/auth/auth-cache.c
+@@ -130,11 +130,6 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query,
+        return 0;
+ }
+ 
+-char *auth_cache_parse_key(pool_t pool, const char *query)
+-{
+-       return auth_cache_parse_key_and_fields(pool, query, NULL, NULL);
+-}
+-
+ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query,
+                                      const ARRAY_TYPE(const_string) *fields,
+                                      const char *exclude_driver)
+diff --git a/src/auth/auth-cache.h b/src/auth/auth-cache.h
+index 9bdb918..d63621b 100644
+--- a/src/auth/auth-cache.h
+++ b/src/auth/auth-cache.h
+@@ -16,10 +16,8 @@ struct auth_cache_node {
+ struct auth_cache;
+ struct auth_request;
+ 
+-/* Parses all %x variables from query and compresses them into tab-separated
+-   list, so it can be used as a cache key. */
+-char *auth_cache_parse_key(pool_t pool, const char *query);
+-/* Same as auth_cache_parse_key(), but add also variables from "fields",
+/* Parses all %variables from query and compresses them into tab-separated
+   list, so it can be used as a cache key. Adds also variables from "fields",
+    except variables prefixed with <exclude_driver>":" */
+ char *auth_cache_parse_key_and_fields(pool_t pool, const char *query,
+                                      const ARRAY_TYPE(const_string) *fields,
+diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c
+index b36d83e..f58c21f 100644
+--- a/src/auth/test-auth-cache.c
+++ b/src/auth/test-auth-cache.c
+@@ -93,8 +93,8 @@ static void test_auth_cache_parse_key(void)
+        test_begin("auth cache parse key");
+ 
+        for (i = 0; i < N_ELEMENTS(tests); i++) {
+-               cache_key = auth_cache_parse_key(pool_datastack_create(),
+-                                                tests[i].in);
+               cache_key = auth_cache_parse_key_and_fields(pool_datastack_create(),
+                                                           tests[i].in, NULL, NULL);
+                test_assert_strcmp_idx(cache_key, tests[i].out, i);
+        }
+ 
+@@ -119,8 +119,8 @@ static enum fatal_test_state test_cache_key_missing_variable(unsigned int i)
+ 
+        if (i < N_ELEMENTS(tests_bad)) {
+                test_expect_fatal_string(tests_bad[i].out);
+-               (void)auth_cache_parse_key(pool_datastack_create(),
+-                                          tests_bad[i].in);
+               (void)auth_cache_parse_key_and_fields(pool_datastack_create(),
+                                                     tests_bad[i].in, NULL, NULL);
+                return FATAL_TEST_FAILURE;
+        }
+ 
diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb b/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb
index 40cf991ae1..09583f1694 100644
--- a/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb
+++ b/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb
@@ -15,6 +15,13 @@ SRC_URI = "http://dovecot.org/releases/2.4/dovecot-${PV}.tar.gz \
           file://dovecot.socket \
           file://0001-m4-Check-for-libunwind-instead-of-libunwind-generic.patch \
           file://fix-musl-compilation.patch \
+           file://CVE-2025-30189-1.patch \
+           file://CVE-2025-30189-2.patch \
+           file://CVE-2025-30189-3.patch \
+           file://CVE-2025-30189-4.patch \
+           file://CVE-2025-30189-5.patch \
+           file://CVE-2025-30189-6.patch \
+           file://CVE-2025-30189-7.patch \
           "
 SRC_URI[sha256sum] = "fb188603f419ed7aaa07794a8692098c3ec2660bb9c67d0efe24948cbb32ae00"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-29 15:51:46 +0100
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:48 +0530
commit	c0a63f52228549a4ae0ca2110cdae766fa350977 (patch)
tree	2c014be1f7cb7ff07f223c15f946733764358043
parent	af7857e40c6d35e7ced41a08e4c4bfa17814f578 (diff)
download	meta-openembedded-c0a63f52228549a4ae0ca2110cdae766fa350977.tar.gz

diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-1.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-1.patch new file mode 100644 index 0000000000..ee0d181b1e --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-1.patch
@@ -0,0 +1,128 @@
		1	From 2bd173264093021372506a89793456dcc42f4248 Mon Sep 17 00:00:00 2001
		2	From: Aki Tuomi <aki.tuomi@open-xchange.com>
		3	Date: Fri, 25 Jul 2025 08:16:52 +0300
		4	Subject: [PATCH] auth: Use AUTH_CACHE_KEY_USER instead of per-database
		5	constants
		6
		7	Fixes cache key issue where users would end up overwriting
		8	each other in cache due to cache key being essentially static
		9	string because we no longer support %u.
		10
		11	Forgotten in 2e298e7ee98b6df61cf85117f000290d60a473b8
		12
		13	CVE: CVE-2025-30189
		14	Upstream-Status: Backport [https://github.com/dovecot/core/commit/a70ce7d3e2f983979e971414c5892c4e30197231]
		15	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		16	---
		17	src/auth/auth-settings.h \| 2 ++
		18	src/auth/passdb-bsdauth.c \| 4 +---
		19	src/auth/passdb-oauth2.c \| 2 +-
		20	src/auth/passdb-pam.c \| 3 ++-
		21	src/auth/passdb-passwd.c \| 3 +--
		22	src/auth/userdb-passwd.c \| 3 +--
		23	6 files changed, 8 insertions(+), 9 deletions(-)
		24
		25	diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h
		26	index 1d420ec..90aba17 100644
		27	--- a/src/auth/auth-settings.h
		28	+++ b/src/auth/auth-settings.h
		29	@@ -1,6 +1,8 @@
		30	#ifndef AUTH_SETTINGS_H
		31	#define AUTH_SETTINGS_H
		32
		33	+#define AUTH_CACHE_KEY_USER "%{user}"
		34	+
		35	struct master_service;
		36	struct master_service_settings_output;
		37
		38	diff --git a/src/auth/passdb-bsdauth.c b/src/auth/passdb-bsdauth.c
		39	index 6829267..1b86da4 100644
		40	--- a/src/auth/passdb-bsdauth.c
		41	+++ b/src/auth/passdb-bsdauth.c
		42	@@ -14,8 +14,6 @@
		43	#include <login_cap.h>
		44	#include <bsd_auth.h>
		45
		46	-#define BSDAUTH_CACHE_KEY "%u"
		47	-
		48	struct passdb_bsdauth_settings {
		49	pool_t pool;
		50	};
		51	@@ -104,7 +102,7 @@ bsdauth_preinit(pool_t pool, struct event *event,
		52	&post_set, error_r) < 0)
		53	return -1;
		54	module->default_cache_key = auth_cache_parse_key_and_fields(
		55	- pool, BSDAUTH_CACHE_KEY, &post_set->fields, "bsdauth");
		56	+ pool, AUTH_CACHE_KEY_USER, &post_set->fields, "bsdauth");
		57
		58	settings_free(post_set);
		59	*module_r = module;
		60	diff --git a/src/auth/passdb-oauth2.c b/src/auth/passdb-oauth2.c
		61	index 96d902d..91fed06 100644
		62	--- a/src/auth/passdb-oauth2.c
		63	+++ b/src/auth/passdb-oauth2.c
		64	@@ -53,7 +53,7 @@ oauth2_preinit(pool_t pool, struct event event, struct passdb_module *module_r
		65	if (db_oauth2_init(event, TRUE, &module->db, error_r) < 0)
		66	return -1;
		67	module->module.default_pass_scheme = "PLAIN";
		68	- module->module.default_cache_key = "%u";
		69	+ module->module.default_cache_key = AUTH_CACHE_KEY_USER;
		70	*module_r = &module->module;
		71	return 0;
		72	}
		73	diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c
		74	index 2acbceb..fdf0f57 100644
		75	--- a/src/auth/passdb-pam.c
		76	+++ b/src/auth/passdb-pam.c
		77	@@ -415,7 +415,8 @@ static int pam_preinit(pool_t pool, struct event *event,
		78	module = p_new(pool, struct pam_passdb_module, 1);
		79	module->module.default_cache_key =
		80	auth_cache_parse_key_and_fields(pool,
		81	- t_strdup_printf("%%u/%s", set->service_name),
		82	+ t_strdup_printf("%"AUTH_CACHE_KEY_USER"\t%s",
		83	+ set->service_name),
		84	&post_set->fields, "pam");
		85	module->requests_left = set->max_requests;
		86	module->pam_setcred = set->setcred;
		87	diff --git a/src/auth/passdb-passwd.c b/src/auth/passdb-passwd.c
		88	index 1300315..22e2eae 100644
		89	--- a/src/auth/passdb-passwd.c
		90	+++ b/src/auth/passdb-passwd.c
		91	@@ -10,7 +10,6 @@
		92	#include "safe-memset.h"
		93	#include "ipwd.h"
		94
		95	-#define PASSWD_CACHE_KEY "%u"
		96	#define PASSWD_PASS_SCHEME "CRYPT"
		97
		98	#undef DEF
		99	@@ -142,7 +141,7 @@ static int passwd_preinit(pool_t pool, struct event *event,
		100	&post_set, error_r) < 0)
		101	return -1;
		102	module->default_cache_key = auth_cache_parse_key_and_fields(pool,
		103	- PASSWD_CACHE_KEY,
		104	+ AUTH_CACHE_KEY_USER,
		105	&post_set->fields,
		106	"passwd");
		107	settings_free(post_set);
		108	diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c
		109	index 5241129..14cf90a 100644
		110	--- a/src/auth/userdb-passwd.c
		111	+++ b/src/auth/userdb-passwd.c
		112	@@ -9,7 +9,6 @@
		113	#include "ipwd.h"
		114	#include "time-util.h"
		115
		116	-#define USER_CACHE_KEY "%u"
		117	#define PASSWD_SLOW_WARN_MSECS (10*1000)
		118	#define PASSWD_SLOW_MASTER_WARN_MSECS 50
		119	#define PASSDB_SLOW_MASTER_WARN_COUNT_INTERVAL 100
		120	@@ -225,7 +224,7 @@ static int passwd_preinit(pool_t pool, struct event *event ATTR_UNUSED,
		121	struct passwd_userdb_module *module =
		122	p_new(pool, struct passwd_userdb_module, 1);
		123
		124	- module->module.default_cache_key = USER_CACHE_KEY;
		125	+ module->module.default_cache_key = AUTH_CACHE_KEY_USER;
		126	*module_r = &module->module;
		127	return 0;
		128	}


diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-2.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-2.patch new file mode 100644 index 0000000000..fa1f6fc756 --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-2.patch
@@ -0,0 +1,51 @@
		1	From ca932f18061b643c19bae839ba3990bb16e51837 Mon Sep 17 00:00:00 2001
		2	From: Aki Tuomi <aki.tuomi@open-xchange.com>
		3	Date: Wed, 30 Jul 2025 09:42:20 +0300
		4	Subject: [PATCH] auth: auth-cache - Refactor auth_cache_parse_key_and_fields()
		5
		6	Call auth_cache_parse_key_exclude() at the function end,
		7	simplifies next commit.
		8
		9	CVE: CVE-2025-30189
		10	Upstream-Status: Backport [https://github.com/dovecot/core/commit/c45ce2c073c9439a9d6366016cb4d41059d737f0]
		11	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		12	---
		13	src/auth/auth-cache.c \| 24 +++++++++++-------------
		14	1 file changed, 11 insertions(+), 13 deletions(-)
		15
		16	diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
		17	index 360ad8b..3ccd45f 100644
		18	--- a/src/auth/auth-cache.c
		19	+++ b/src/auth/auth-cache.c
		20	@@ -129,20 +129,18 @@ char auth_cache_parse_key_and_fields(pool_t pool, const char query,
		21	const ARRAY_TYPE(const_string) *fields,
		22	const char *exclude_driver)
		23	{
		24	- if (array_is_empty(fields))
		25	- return auth_cache_parse_key_exclude(pool, query, exclude_driver);
		26	-
		27	- string_t *full_query = t_str_new(128);
		28	- str_append(full_query, query);
		29	-
		30	- unsigned int i, count;
		31	- const char const str = array_get(fields, &count);
		32	- for (i = 0; i < count; i += 2) {
		33	- str_append_c(full_query, '\t');
		34	- str_append(full_query, str[i + 1]);
		35	+ if (!array_is_empty(fields)) {
		36	+ unsigned int i, count;
		37	+ const char const str = array_get(fields, &count);
		38	+ string_t *full_query = t_str_new(128);
		39	+ str_append(full_query, query);
		40	+ for (i = 0; i < count; i += 2) {
		41	+ str_append_c(full_query, '\t');
		42	+ str_append(full_query, str[i + 1]);
		43	+ }
		44	+ query = str_c(full_query);
		45	}
		46	- return auth_cache_parse_key_exclude(pool, str_c(full_query),
		47	- exclude_driver);
		48	+ return auth_cache_parse_key_exclude(pool, query, exclude_driver);
		49	}
		50
		51	static void


diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-3.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-3.patch new file mode 100644 index 0000000000..069a4e724f --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-3.patch
@@ -0,0 +1,36 @@
		1	From 74c526047ffcecc40485df784294b27cedf66136 Mon Sep 17 00:00:00 2001
		2	From: Aki Tuomi <aki.tuomi@open-xchange.com>
		3	Date: Fri, 25 Jul 2025 11:48:43 +0300
		4	Subject: [PATCH] auth: auth-cache - Deduplicate auth_cache_parse_key() to use
		5	auth_cache_parse_key_and_fields()
		6
		7	Simplifies following commit
		8
		9	CVE: CVE-2025-30189
		10	Upstream-Status: Backport [https://github.com/dovecot/core/commit/759ee1af848480987d012de2f7135160156724b6]
		11	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		12	---
		13	src/auth/auth-cache.c \| 4 ++--
		14	1 file changed, 2 insertions(+), 2 deletions(-)
		15
		16	diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
		17	index 3ccd45f..ad8cbe5 100644
		18	--- a/src/auth/auth-cache.c
		19	+++ b/src/auth/auth-cache.c
		20	@@ -122,14 +122,14 @@ static char auth_cache_parse_key_exclude(pool_t pool, const char query,
		21
		22	char auth_cache_parse_key(pool_t pool, const char query)
		23	{
		24	- return auth_cache_parse_key_exclude(pool, query, NULL);
		25	+ return auth_cache_parse_key_and_fields(pool, query, NULL, NULL);
		26	}
		27
		28	char auth_cache_parse_key_and_fields(pool_t pool, const char query,
		29	const ARRAY_TYPE(const_string) *fields,
		30	const char *exclude_driver)
		31	{
		32	- if (!array_is_empty(fields)) {
		33	+ if (fields != NULL && !array_is_empty(fields)) {
		34	unsigned int i, count;
		35	const char const str = array_get(fields, &count);
		36	string_t *full_query = t_str_new(128);


diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-4.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-4.patch new file mode 100644 index 0000000000..367debca52 --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-4.patch
@@ -0,0 +1,72 @@
		1	From e0a7cb4b1e0ccdc95a717567818d924ce2888ca3 Mon Sep 17 00:00:00 2001
		2	From: Aki Tuomi <aki.tuomi@open-xchange.com>
		3	Date: Fri, 25 Jul 2025 11:51:16 +0300
		4	Subject: [PATCH] auth: auth-cache - Change auth_cache_parse_key_exclude() to
		5	return error
		6
		7	Simplifies following commit
		8
		9	CVE: CVE-2025-30189
		10	Upstream-Status: Backport [https://github.com/dovecot/core/commit/d12bb78b5a235f31c9d5a655bd223c28d44bcadb]
		11	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		12	---
		13	src/auth/auth-cache.c \| 25 ++++++++++++++++++-------
		14	1 file changed, 18 insertions(+), 7 deletions(-)
		15
		16	diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
		17	index ad8cbe5..407e5d4 100644
		18	--- a/src/auth/auth-cache.c
		19	+++ b/src/auth/auth-cache.c
		20	@@ -64,8 +64,10 @@ static void auth_cache_key_add_tab_idx(string_t *str, unsigned int i)
		21	str_append_c(str, '}');
		22	}
		23
		24	-static char auth_cache_parse_key_exclude(pool_t pool, const char query,
		25	- const char *exclude_driver)
		26	+static int auth_cache_parse_key_exclude(pool_t pool, const char *query,
		27	+ const char *exclude_driver,
		28	+ char **cache_key_r,
		29	+ const char **error_r)
		30	{
		31	string_t *str;
		32	bool key_seen[AUTH_REQUEST_VAR_TAB_COUNT];
		33	@@ -76,9 +78,9 @@ static char auth_cache_parse_key_exclude(pool_t pool, const char query,
		34
		35	struct var_expand_program *prog;
		36	if (var_expand_program_create(query, &prog, &error) < 0) {
		37	- e_debug(auth_event, "auth-cache: var_expand_program_create('%s') failed: %s",
		38	- query, error);
		39	- return p_strdup(pool, "");
		40	+ *error_r = t_strdup_printf("var_expand_program_create(%s) failed: %s",
		41	+ query, error);
		42	+ return -1;
		43	}
		44
		45	const char const vars = var_expand_program_variables(prog);
		46	@@ -117,7 +119,8 @@ static char auth_cache_parse_key_exclude(pool_t pool, const char query,
		47
		48	var_expand_program_free(&prog);
		49
		50	- return p_strdup(pool, str_c(str));
		51	+ *cache_key_r = p_strdup(pool, str_c(str));
		52	+ return 0;
		53	}
		54
		55	char auth_cache_parse_key(pool_t pool, const char query)
		56	@@ -140,7 +143,15 @@ char auth_cache_parse_key_and_fields(pool_t pool, const char query,
		57	}
		58	query = str_c(full_query);
		59	}
		60	- return auth_cache_parse_key_exclude(pool, query, exclude_driver);
		61	+
		62	+ char *cache_key;
		63	+ const char *error;
		64	+ if (auth_cache_parse_key_exclude(pool, query, exclude_driver,
		65	+ &cache_key, &error) < 0) {
		66	+ e_debug(auth_event, "auth-cache: %s", error);
		67	+ cache_key = p_strdup(pool, "");
		68	+ }
		69	+ return cache_key;
		70	}
		71
		72	static void


diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-5.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-5.patch new file mode 100644 index 0000000000..8a7692efe2 --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-5.patch
@@ -0,0 +1,31 @@
		1	From b2d817db6c2a7229c9e3c4ccf8565acdd6f9a4c0 Mon Sep 17 00:00:00 2001
		2	From: Aki Tuomi <aki.tuomi@open-xchange.com>
		3	Date: Fri, 25 Jul 2025 11:52:36 +0300
		4	Subject: [PATCH] auth: auth-cache - Treat cache key parsing errors as fatals
		5
		6	Avoids accidentically turning off caching
		7
		8	CVE: CVE-2025-30189
		9	Upstream-Status: Backport [https://github.com/dovecot/core/commit/20d15baa071747f91176eb3115235aa8c78a3d11]
		10	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		11	---
		12	src/auth/auth-cache.c \| 6 ++----
		13	1 file changed, 2 insertions(+), 4 deletions(-)
		14
		15	diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
		16	index 407e5d4..be56934 100644
		17	--- a/src/auth/auth-cache.c
		18	+++ b/src/auth/auth-cache.c
		19	@@ -147,10 +147,8 @@ char auth_cache_parse_key_and_fields(pool_t pool, const char query,
		20	char *cache_key;
		21	const char *error;
		22	if (auth_cache_parse_key_exclude(pool, query, exclude_driver,
		23	- &cache_key, &error) < 0) {
		24	- e_debug(auth_event, "auth-cache: %s", error);
		25	- cache_key = p_strdup(pool, "");
		26	- }
		27	+ &cache_key, &error) < 0)
		28	+ i_fatal("auth-cache: %s", error);
		29	return cache_key;
		30	}
		31


diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-6.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-6.patch new file mode 100644 index 0000000000..58537ed768 --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-6.patch
@@ -0,0 +1,88 @@
		1	From 73bf352efaf3ab5f685bc3b34c6780dca79b9318 Mon Sep 17 00:00:00 2001
		2	From: Aki Tuomi <aki.tuomi@open-xchange.com>
		3	Date: Fri, 25 Jul 2025 11:41:03 +0300
		4	Subject: [PATCH] auth: auth-cache - Require cache key to contain at least one
		5	variable
		6
		7	CVE: CVE-2025-30189
		8	Upstream-Status: Backport [https://github.com/dovecot/core/commit/0172f8e8c55aff42c688633b2891cf157641366b]
		9	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		10	---
		11	src/auth/auth-cache.c \| 7 +++++++
		12	src/auth/test-auth-cache.c \| 37 ++++++++++++++++++++++++++++++++++++-
		13	2 files changed, 43 insertions(+), 1 deletion(-)
		14
		15	diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
		16	index be56934..32959f5 100644
		17	--- a/src/auth/auth-cache.c
		18	+++ b/src/auth/auth-cache.c
		19	@@ -86,6 +86,13 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query,
		20	const char const vars = var_expand_program_variables(prog);
		21	str = t_str_new(32);
		22
		23	+ if (vars == NULL && query != '\0') {
		24	+ var_expand_program_free(&prog);
		25	+ *error_r = t_strdup_printf("%s: Cache key must contain at least one variable",
		26	+ query);
		27	+ return -1;
		28	+ }
		29	+
		30	for (; *vars != NULL; vars++) {
		31	/* ignore any providers */
		32	if (strchr(*vars, ':') != NULL &&
		33	diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c
		34	index 46836de..b36d83e 100644
		35	--- a/src/auth/test-auth-cache.c
		36	+++ b/src/auth/test-auth-cache.c
		37	@@ -97,7 +97,35 @@ static void test_auth_cache_parse_key(void)
		38	tests[i].in);
		39	test_assert_strcmp_idx(cache_key, tests[i].out, i);
		40	}
		41	+
		42	+ test_end();
		43	+}
		44	+
		45	+static enum fatal_test_state test_cache_key_missing_variable(unsigned int i)
		46	+{
		47	+ if (i == 0)
		48	+ test_begin("auth cache missing variable");
		49	+
		50	+ /* ensure that we do not accept static string */
		51	+ static const struct {
		52	+ const char in, out;
		53	+ } tests_bad[] = {
		54	+ { "%u", "auth-cache: %u: Cache key must contain at least one variable" },
		55	+ { "foobar", "auth-cache: foobar: Cache key must contain at least one variable" },
		56	+ { "%{test", "auth-cache: var_expand_program_create(%{test) " \
		57	+ "failed: syntax error, unexpected end of file, " \
		58	+ "expecting CCBRACE or PIPE" },
		59	+ };
		60	+
		61	+ if (i < N_ELEMENTS(tests_bad)) {
		62	+ test_expect_fatal_string(tests_bad[i].out);
		63	+ (void)auth_cache_parse_key(pool_datastack_create(),
		64	+ tests_bad[i].in);
		65	+ return FATAL_TEST_FAILURE;
		66	+ }
		67	+
		68	test_end();
		69	+ return FATAL_TEST_FINISHED;
		70	}
		71
		72	int main(void)
		73	@@ -108,7 +136,14 @@ int main(void)
		74	test_auth_cache_parse_key,
		75	NULL
		76	};
		77	- int ret = test_run(test_functions);
		78	+
		79	+ static test_fatal_func_t *const fatal_functions[] = {
		80	+ test_cache_key_missing_variable,
		81	+ NULL,
		82	+ };
		83	+
		84	+ int ret = test_run_with_fatals(test_functions, fatal_functions);
		85	+
		86	event_unref(&auth_event);
		87	return ret;
		88	}


diff --git a/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-7.patch b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-7.patch new file mode 100644 index 0000000000..2e00c79e91 --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/CVE-2025-30189-7.patch
@@ -0,0 +1,76 @@
		1	From f9f3daf58d2fb43e3bb68bead0309ed41a6b6c40 Mon Sep 17 00:00:00 2001
		2	From: Aki Tuomi <aki.tuomi@open-xchange.com>
		3	Date: Fri, 25 Jul 2025 12:00:57 +0300
		4	Subject: [PATCH] auth: auth-cache - Drop auth_cache_parse_key()
		5
		6	It's only used by tests and can now just call
		7	auth_cache_parse_key_and_fields().
		8
		9	CVE: CVE-2025-30189
		10	Upstream-Status: Backport [https://github.com/dovecot/core/commit/34caed79b76a7b82a2a9c94cf35371bec6c2b826]
		11	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		12	---
		13	src/auth/auth-cache.c \| 5 -----
		14	src/auth/auth-cache.h \| 6 ++----
		15	src/auth/test-auth-cache.c \| 8 ++++----
		16	3 files changed, 6 insertions(+), 13 deletions(-)
		17
		18	diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
		19	index 32959f5..82cc0d5 100644
		20	--- a/src/auth/auth-cache.c
		21	+++ b/src/auth/auth-cache.c
		22	@@ -130,11 +130,6 @@ static int auth_cache_parse_key_exclude(pool_t pool, const char *query,
		23	return 0;
		24	}
		25
		26	-char auth_cache_parse_key(pool_t pool, const char query)
		27	-{
		28	- return auth_cache_parse_key_and_fields(pool, query, NULL, NULL);
		29	-}
		30	-
		31	char auth_cache_parse_key_and_fields(pool_t pool, const char query,
		32	const ARRAY_TYPE(const_string) *fields,
		33	const char *exclude_driver)
		34	diff --git a/src/auth/auth-cache.h b/src/auth/auth-cache.h
		35	index 9bdb918..d63621b 100644
		36	--- a/src/auth/auth-cache.h
		37	+++ b/src/auth/auth-cache.h
		38	@@ -16,10 +16,8 @@ struct auth_cache_node {
		39	struct auth_cache;
		40	struct auth_request;
		41
		42	-/* Parses all %x variables from query and compresses them into tab-separated
		43	- list, so it can be used as a cache key. */
		44	-char auth_cache_parse_key(pool_t pool, const char query);
		45	-/* Same as auth_cache_parse_key(), but add also variables from "fields",
		46	+/* Parses all %variables from query and compresses them into tab-separated
		47	+ list, so it can be used as a cache key. Adds also variables from "fields",
		48	except variables prefixed with <exclude_driver>":" */
		49	char auth_cache_parse_key_and_fields(pool_t pool, const char query,
		50	const ARRAY_TYPE(const_string) *fields,
		51	diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c
		52	index b36d83e..f58c21f 100644
		53	--- a/src/auth/test-auth-cache.c
		54	+++ b/src/auth/test-auth-cache.c
		55	@@ -93,8 +93,8 @@ static void test_auth_cache_parse_key(void)
		56	test_begin("auth cache parse key");
		57
		58	for (i = 0; i < N_ELEMENTS(tests); i++) {
		59	- cache_key = auth_cache_parse_key(pool_datastack_create(),
		60	- tests[i].in);
		61	+ cache_key = auth_cache_parse_key_and_fields(pool_datastack_create(),
		62	+ tests[i].in, NULL, NULL);
		63	test_assert_strcmp_idx(cache_key, tests[i].out, i);
		64	}
		65
		66	@@ -119,8 +119,8 @@ static enum fatal_test_state test_cache_key_missing_variable(unsigned int i)
		67
		68	if (i < N_ELEMENTS(tests_bad)) {
		69	test_expect_fatal_string(tests_bad[i].out);
		70	- (void)auth_cache_parse_key(pool_datastack_create(),
		71	- tests_bad[i].in);
		72	+ (void)auth_cache_parse_key_and_fields(pool_datastack_create(),
		73	+ tests_bad[i].in, NULL, NULL);
		74	return FATAL_TEST_FAILURE;
		75	}
		76


diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb b/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb index 40cf991ae1..09583f1694 100644 --- a/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb +++ b/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb
@@ -15,6 +15,13 @@ SRC_URI = "http://dovecot.org/releases/2.4/dovecot-${PV}.tar.gz \
15	file://dovecot.socket \	15	file://dovecot.socket \
16	file://0001-m4-Check-for-libunwind-instead-of-libunwind-generic.patch \	16	file://0001-m4-Check-for-libunwind-instead-of-libunwind-generic.patch \
17	file://fix-musl-compilation.patch \	17	file://fix-musl-compilation.patch \
		18	file://CVE-2025-30189-1.patch \
		19	file://CVE-2025-30189-2.patch \
		20	file://CVE-2025-30189-3.patch \
		21	file://CVE-2025-30189-4.patch \
		22	file://CVE-2025-30189-5.patch \
		23	file://CVE-2025-30189-6.patch \
		24	file://CVE-2025-30189-7.patch \
18	"	25	"
19	SRC_URI[sha256sum] = "fb188603f419ed7aaa07794a8692098c3ec2660bb9c67d0efe24948cbb32ae00"	26	SRC_URI[sha256sum] = "fb188603f419ed7aaa07794a8692098c3ec2660bb9c67d0efe24948cbb32ae00"
20		27