From 2719f73b6813d11d13a9650cdd2ab8ec6e69385d Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sat, 9 Jul 2022 15:43:36 +0100
Subject: gentoo resync : 09.07.2022

---
 net-mail/dovecot/Manifest                   |   2 +
 net-mail/dovecot/dovecot-2.3.19.1-r1.ebuild | 303 ++++++++++++++++++++++++++++
 net-mail/dovecot/files/CVE-2022-30550.patch | 155 ++++++++++++++
 3 files changed, 460 insertions(+)
 create mode 100644 net-mail/dovecot/dovecot-2.3.19.1-r1.ebuild
 create mode 100644 net-mail/dovecot/files/CVE-2022-30550.patch

(limited to 'net-mail/dovecot')

diff --git a/net-mail/dovecot/Manifest b/net-mail/dovecot/Manifest
index a6c8a517cfb9..91eb332dd940 100644
--- a/net-mail/dovecot/Manifest
+++ b/net-mail/dovecot/Manifest
@@ -1,3 +1,4 @@
+AUX CVE-2022-30550.patch 5745 BLAKE2B ae48938734cceefa05473fa1d055e5d85c27f8a73ac4ed24debb631d83efbd1a1c94dd3629514d193abf5810d9adbf609c6cfc077d2a9de3e37d7429311ef86e SHA512 b2ff67fd8b6c5cea93877651a1168ef1a5d399cc5f1a61d1cce407c7624f5b6d758996084c6a5714b6880de0ce11ce5eac74a1e02918758cb6983caedb651c58
 AUX dovecot-autoconf-lua-version-v2.patch 524 BLAKE2B a0cb51a21169e55fe0ae92ed7fad3ccc898585ed4b0c9ed3db243b6f41165d5a4ad6470a6a76f5a04a44d450068da1b7173707f272f65a72265d4b49a630ac2e SHA512 cc9319926f90a4c4aaf1d1e77944bfa5df9f7f15ee9581469ff8c1a069ef18e55addb69fcfe88e024cad8544c0efb90f5b83c2b6d803e0c68770467849d31f78
 AUX dovecot-socket-name-too-long.patch 356 BLAKE2B ada5007b620cd5eef5a950d64add7d83ac366f126e1a9a70268e528d44a0a036fec096015bee2421caeca8a052d118011c5911b3c432fa73e846c66781df4da9 SHA512 f362bad725c9e408830dc9d5908a2b35b8ee82cb05f3d58795079b32d5ac4712779e71bd0f479fe072906fcaf01e4e08f08cedb9fd5ee08931409887480b8349
 AUX dovecot.init-r6 1573 BLAKE2B 206318cbf7a6ef0276cb93237b091dd34dc2603a00f13ed288c787dc81f8902e770f7774c54eba90de49e9634eb93873046a043bd7825cfb65bab5b2ea9ce108 SHA512 982f9897e4a0a5a3957bb12785961c9cde72a2c941f55efdb23e9a26cec19efe89e3be4effe79522c297ea2b258d201db78c19b6e3f9cd5e68d3736c2a0f0063
@@ -6,5 +7,6 @@ DIST dovecot-2.3-pigeonhole-0.5.19.tar.gz 1954148 BLAKE2B 0c52293f9447260f3e95f3
 DIST dovecot-2.3.18.tar.gz 7763230 BLAKE2B ff3e0c2cad87d2e2632345a25825eebd0a6c1520376d85286453bde7505f22410d03911cd588a0d102b75f22cc1de051b01c43a57c90138340186e8cb024247a SHA512 b5eccf790a3960614876f122efb6296fe49ab7c523b08c10347fd4d10ed293fbd327279511c227b420f7c0786975186157eaa0fb5cd3aab1f3be9a4c5c3ad233
 DIST dovecot-2.3.19.1.tar.gz 7790851 BLAKE2B 6826977a0febfcb56eb99baf6e0dc0a130fc24a14f113ca7ce0f72b26b8c9755d8352999c5965e21320a62621787e02428c99dd6888768e8c35a46e4082ba071 SHA512 ceb87a5f76b6352d28fd030aae5ad2165a133e9a8a6309891e793911203fc0ada9fb254dc05d183eaaa7e2b9851d3f1755b33f08fa6ff5b4b415ac4272bfe150
 EBUILD dovecot-2.3.18-r1.ebuild 8859 BLAKE2B a022d5c3fb0da72559ecd071711ca2bbea7dbd999a75449f7b6e50047d74497895ad00a74de6c0653e61d78f76600d5aab9204133476558ee6c59b1628180438 SHA512 e3c1b3f2733a348344d3349091622b0e3827bdedd4575fef0ada44d13346f22bef33ef9817540c2cc5c15fd6142050a36bfdc32ecf905a64ee67e3283e6c6981
+EBUILD dovecot-2.3.19.1-r1.ebuild 8689 BLAKE2B a02875e7f8404cc3f404b66cfbce96c095c89e5ff83eb65a9104f02d81f524017eed3565bcd4b802ab119387956862dffbfa8e15d13e28e03f612fe09e1ad477 SHA512 b5d45fe0ce376eee7991f737b2e61dccb344683b924d1ec581cdf3d50c736d5a2904e71b332aca0453db17ff66bf796d4b93c2b34817d6a536ab08f016e36b46
 EBUILD dovecot-2.3.19.1.ebuild 8658 BLAKE2B d9edf93a3287d299403509f0991f1c0a976207a2693ee62404a323803c22574ced457503297c209432f0d2a942be60780a40e913f62c11e3d600449d63a481ff SHA512 85c3138977452eb8ef341d5c67c30694230606d47dccec99feea37efafb8d9e6fa956fbe6d43d3e3670cc3183e0a26cf390e264f634ed7e97d2acbe5a8a62f29
 MISC metadata.xml 1025 BLAKE2B 5e9309f0cf659eb51dbf908776fd0f6a97c06c305380ff0b66f969d92382c78e1460310b0d4dd323e1193d622f5bd9cc796d31e8bda304e833d5ab974b934992 SHA512 befdb4837de276d9a73a77a926d972dae9a6c5a39a28137d4ef8f1e9e51c4885b8df24b8a144b9ba5d9533af7430ea531cada49944d529651bf63bc98aeff92f
diff --git a/net-mail/dovecot/dovecot-2.3.19.1-r1.ebuild b/net-mail/dovecot/dovecot-2.3.19.1-r1.ebuild
new file mode 100644
index 000000000000..9d580a135e17
--- /dev/null
+++ b/net-mail/dovecot/dovecot-2.3.19.1-r1.ebuild
@@ -0,0 +1,303 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( lua5-1 lua5-3 )
+# do not add a ssl USE flag.  ssl is mandatory
+SSL_DEPS_SKIP=1
+inherit autotools flag-o-matic lua-single ssl-cert systemd toolchain-funcs
+
+MY_P="${P/_/.}"
+#MY_S="${PN}-ce-${PV}"
+major_minor="$(ver_cut 1-2)"
+sieve_version="0.5.19"
+if [[ ${PV} == *_rc* ]]; then
+	rc_dir="rc/"
+else
+	rc_dir=""
+fi
+SRC_URI="https://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz
+	sieve? (
+	https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+	)
+	managesieve? (
+	https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+	) "
+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind"
+HOMEPAGE="https://www.dovecot.org/"
+
+SLOT="0"
+LICENSE="LGPL-2.1 MIT"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
+
+IUSE_DOVECOT_AUTH="kerberos ldap lua mysql pam postgres sqlite"
+IUSE_DOVECOT_COMPRESS="lz4 zstd"
+IUSE_DOVECOT_OTHER="argon2 caps doc ipv6 lucene managesieve rpc
+	selinux sieve solr static-libs stemmer suid systemd tcpd textcat unwind"
+
+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}"
+
+REQUIRED_USE="lua? ( ${LUA_REQUIRED_USE} )"
+
+DEPEND="
+	app-arch/bzip2
+	app-arch/xz-utils
+	dev-libs/icu:=
+	dev-libs/openssl:0=
+	sys-libs/zlib:=
+	virtual/libiconv
+	argon2? ( dev-libs/libsodium:= )
+	caps? ( sys-libs/libcap )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap:= )
+	lua? ( ${LUA_DEPS} )
+	lucene? ( >=dev-cpp/clucene-2.3 )
+	lz4? ( app-arch/lz4 )
+	mysql? ( dev-db/mysql-connector-c:0= )
+	pam? ( sys-libs/pam:= )
+	postgres? ( dev-db/postgresql:* )
+	rpc? ( net-libs/libtirpc:= net-libs/rpcsvc-proto )
+	selinux? ( sec-policy/selinux-dovecot )
+	solr? ( net-misc/curl dev-libs/expat )
+	sqlite? ( dev-db/sqlite:* )
+	stemmer? ( dev-libs/snowball-stemmer:= )
+	suid? ( acct-group/mail )
+	systemd? ( sys-apps/systemd:= )
+	tcpd? ( sys-apps/tcp-wrappers )
+	textcat? ( app-text/libexttextcat )
+	unwind? ( sys-libs/libunwind:= )
+	zstd? ( app-arch/zstd:= )
+	virtual/libcrypt:=
+	"
+
+RDEPEND="
+	${DEPEND}
+	acct-group/dovecot
+	acct-group/dovenull
+	acct-user/dovecot
+	acct-user/dovenull
+	net-mail/mailbase
+	"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=(
+	"${FILESDIR}/${PN}"-autoconf-lua-version-v2.patch
+	"${FILESDIR}/${PN}"-socket-name-too-long.patch
+	"${FILESDIR}"/CVE-2022-30550.patch
+)
+
+pkg_setup() {
+	use lua && lua-single_pkg_setup
+	if use managesieve && ! use sieve; then
+		ewarn "managesieve USE flag selected but sieve USE flag unselected"
+		ewarn "sieve USE flag will be turned on"
+	fi
+}
+
+src_prepare() {
+	default
+	# bug 657108
+	#elibtoolize
+	eautoreconf
+
+	# Bug #727244
+	append-cflags -fasynchronous-unwind-tables
+}
+
+src_configure() {
+	local conf=""
+
+	if use postgres || use mysql || use sqlite; then
+		conf="${conf} --with-sql"
+	fi
+
+	# turn valgrind tests off. Bug #340791
+	VALGRIND=no \
+	LUAPC="${ELUA}" \
+	systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+	econf \
+		--with-rundir="${EPREFIX}/run/dovecot" \
+		--with-statedir="${EPREFIX}/var/lib/dovecot" \
+		--with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \
+		--disable-rpath \
+		--with-bzlib \
+		--without-libbsd \
+		--with-lzma \
+		--with-icu \
+		--with-ssl \
+		--with-zlib \
+		$( use_with argon2 sodium ) \
+		$( use_with caps libcap ) \
+		$( use_with kerberos gssapi ) \
+		$( use_with lua ) \
+		$( use_with ldap ) \
+		$( use_with lucene ) \
+		$( use_with lz4 ) \
+		$( use_with mysql ) \
+		$( use_with pam ) \
+		$( use_with postgres pgsql ) \
+		$( use_with sqlite ) \
+		$( use_with solr ) \
+		$( use_with stemmer ) \
+		$( use_with systemd ) \
+		$( use_with tcpd libwrap ) \
+		$( use_with textcat ) \
+		$( use_with unwind libunwind ) \
+		$( use_with zstd ) \
+		$( use_enable static-libs static ) \
+		${conf}
+
+	if use sieve || use managesieve; then
+		# The sieve plugin needs this file to be build to determine the plugin
+		# directory and the list of libraries to link to.
+		emake dovecot-config
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		econf \
+			$( use_enable static-libs static ) \
+			--localstatedir="${EPREFIX}/var" \
+			--enable-shared \
+			--with-dovecot="${S}" \
+			$( use_with ldap ) \
+			$( use_with managesieve )
+	fi
+}
+
+src_compile() {
+	default
+	if use sieve || use managesieve; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}"
+	fi
+}
+
+src_test() {
+	default
+	if use sieve || use managesieve; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		default
+	fi
+}
+
+src_install() {
+	default
+
+	if use suid; then
+		einfo "Changing perms to allow deliver to be suided"
+		fowners root:mail "/usr/libexec/dovecot/dovecot-lda"
+		fperms 4750 "/usr/libexec/dovecot/dovecot-lda"
+	fi
+
+	newinitd "${FILESDIR}"/dovecot.init-r6 dovecot
+
+	rm -rf "${ED}"/usr/share/doc/dovecot
+
+	dodoc AUTHORS NEWS README TODO
+	dodoc doc/*.{txt,cnf,xml,sh}
+	docinto example-config
+	dodoc doc/example-config/*.{conf,ext}
+	docinto example-config/conf.d
+	dodoc doc/example-config/conf.d/*.{conf,ext}
+	docinto wiki
+	dodoc doc/wiki/*
+	doman doc/man/*.{1,7}
+
+	# Create the dovecot.conf file from the dovecot-example.conf file that
+	# the dovecot folks nicely left for us....
+	local conf="${ED}/etc/dovecot/dovecot.conf"
+	local confd="${ED}/etc/dovecot/conf.d"
+
+	insinto /etc/dovecot
+	doins doc/example-config/*.{conf,ext}
+	insinto /etc/dovecot/conf.d
+	doins doc/example-config/conf.d/*.{conf,ext}
+	fperms 0600 /etc/dovecot/dovecot-{ldap,sql}.conf.ext
+	rm -f "${confd}/../README"
+
+	# .maildir is the Gentoo default
+	local mail_location="maildir:~/.maildir"
+	sed -i -e \
+		"s|#mail_location =|mail_location = ${mail_location}|" \
+		"${confd}/10-mail.conf" \
+		|| die "failed to update mail location settings in 10-mail.conf"
+
+	# We're using pam files (imap and pop3) provided by mailbase
+	if use pam; then
+		sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \
+			"${confd}/auth-system.conf.ext" \
+			|| die "failed to update PAM settings in auth-system.conf.ext"
+		# mailbase does not provide a sieve pam file
+		use managesieve && dosym imap /etc/pam.d/sieve
+		sed -i -e \
+			's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update PAM settings in 10-auth.conf"
+	fi
+
+	# Disable ipv6 if necessary
+	if ! use ipv6; then
+		sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \
+			|| die "failed to update listen settings in dovecot.conf"
+	fi
+
+	# Update ssl cert locations
+	sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \
+		|| die "ssl conf failed"
+	sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \
+		-e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \
+		"${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf"
+
+	# Install SQL configuration
+	if use mysql || use postgres; then
+		sed -i -e \
+			's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \
+			"${confd}/10-auth.conf" || die "failed to update SQL settings in \
+			10-auth.conf"
+	fi
+
+	# Install LDAP configuration
+	if use ldap; then
+		sed -i -e \
+			's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update ldap settings in 10-auth.conf"
+	fi
+
+	if use sieve || use managesieve; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		emake DESTDIR="${ED}" install
+		sed -i -e \
+			's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \
+			|| die "failed to update sieve settings in 15-lda.conf"
+		rm -rf "${ED}"/usr/share/doc/dovecot
+		docinto example-config/conf.d
+		dodoc doc/example-config/conf.d/*.conf
+		insinto /etc/dovecot/conf.d
+		doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf
+		use managesieve && doins doc/example-config/conf.d/20-managesieve.conf
+		docinto sieve/rfc
+		dodoc doc/rfc/*.txt
+		docinto sieve/devel
+		dodoc doc/devel/DESIGN
+		docinto plugins
+		dodoc doc/plugins/*.txt
+		docinto extensions
+		dodoc doc/extensions/*.txt
+		docinto locations
+		dodoc doc/locations/*.txt
+		doman doc/man/*.{1,7}
+	fi
+
+	use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete
+}
+
+pkg_postinst() {
+	# Let's not make a new certificate if we already have one
+	if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \
+		-e "${ROOT}"/etc/ssl/dovecot/server.key ]];	then
+		einfo "Creating SSL	certificate"
+		SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}"
+		install_cert /etc/ssl/dovecot/server
+	fi
+}
diff --git a/net-mail/dovecot/files/CVE-2022-30550.patch b/net-mail/dovecot/files/CVE-2022-30550.patch
new file mode 100644
index 000000000000..d7da1316f76f
--- /dev/null
+++ b/net-mail/dovecot/files/CVE-2022-30550.patch
@@ -0,0 +1,155 @@
+From 7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904 Mon Sep 17 00:00:00 2001
+From: Timo Sirainen <timo.sirainen@open-xchange.com>
+Date: Mon, 9 May 2022 15:23:33 +0300
+Subject: [PATCH 1/2] auth: Fix handling passdbs with identical driver/args but
+ different mechanisms/username_filter
+
+The passdb was wrongly deduplicated in this situation, causing wrong
+mechanisms or username_filter setting to be used. This would be a rather
+unlikely configuration though.
+
+Fixed by moving mechanisms and username_filter from struct passdb_module
+to struct auth_passdb, which is where they should have been in the first
+place.
+---
+ src/auth/auth-request.c |  6 +++---
+ src/auth/auth.c         | 18 ++++++++++++++++++
+ src/auth/auth.h         |  5 +++++
+ src/auth/passdb.c       | 15 ++-------------
+ src/auth/passdb.h       |  4 ----
+ 5 files changed, 28 insertions(+), 20 deletions(-)
+
+diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
+index cd08b1fa02..0ca29f3674 100644
+--- a/src/auth/auth-request.c
++++ b/src/auth/auth-request.c
+@@ -534,8 +534,8 @@ auth_request_want_skip_passdb(struct auth_request *request,
+ 			      struct auth_passdb *passdb)
+ {
+ 	/* if mechanism is not supported, skip */
+-	const char *const *mechs = passdb->passdb->mechanisms;
+-	const char *const *username_filter = passdb->passdb->username_filter;
++	const char *const *mechs = passdb->mechanisms;
++	const char *const *username_filter = passdb->username_filter;
+ 	const char *username;
+ 
+ 	username = request->fields.user;
+@@ -548,7 +548,7 @@ auth_request_want_skip_passdb(struct auth_request *request,
+ 		return TRUE;
+ 	}
+ 
+-	if (passdb->passdb->username_filter != NULL &&
++	if (passdb->username_filter != NULL &&
+ 	    !auth_request_username_accepted(username_filter, username)) {
+ 		auth_request_log_debug(request,
+ 				       request->mech != NULL ? AUTH_SUBSYS_MECH
+diff --git a/src/auth/auth.c b/src/auth/auth.c
+index f2f3fda20c..9f6c4ba60c 100644
+--- a/src/auth/auth.c
++++ b/src/auth/auth.c
+@@ -99,6 +99,24 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *set,
+ 	auth_passdb->override_fields_tmpl =
+ 		passdb_template_build(auth->pool, set->override_fields);
+ 
++	if (*set->mechanisms == '\0') {
++		auth_passdb->mechanisms = NULL;
++	} else if (strcasecmp(set->mechanisms, "none") == 0) {
++		auth_passdb->mechanisms = (const char *const[]){ NULL };
++	} else {
++		auth_passdb->mechanisms =
++			(const char *const *)p_strsplit_spaces(auth->pool,
++				set->mechanisms, " ,");
++	}
++
++	if (*set->username_filter == '\0') {
++		auth_passdb->username_filter = NULL;
++	} else {
++		auth_passdb->username_filter =
++			(const char *const *)p_strsplit_spaces(auth->pool,
++				set->username_filter, " ,");
++	}
++
+ 	/* for backwards compatibility: */
+ 	if (set->pass)
+ 		auth_passdb->result_success = AUTH_DB_RULE_CONTINUE;
+diff --git a/src/auth/auth.h b/src/auth/auth.h
+index f700e29d5c..460a179765 100644
+--- a/src/auth/auth.h
++++ b/src/auth/auth.h
+@@ -41,6 +41,11 @@ struct auth_passdb {
+ 	struct passdb_template *default_fields_tmpl;
+ 	struct passdb_template *override_fields_tmpl;
+ 
++	/* Supported authentication mechanisms, NULL is all, {NULL} is none */
++	const char *const *mechanisms;
++	/* Username filter, NULL is no filter */
++	const char *const *username_filter;
++
+ 	enum auth_passdb_skip skip;
+ 	enum auth_db_rule result_success;
+ 	enum auth_db_rule result_failure;
+diff --git a/src/auth/passdb.c b/src/auth/passdb.c
+index eb4ac8ae82..f5eed1af4f 100644
+--- a/src/auth/passdb.c
++++ b/src/auth/passdb.c
+@@ -224,19 +224,8 @@ passdb_preinit(pool_t pool, const struct auth_passdb_settings *set)
+ 	passdb->id = ++auth_passdb_id;
+ 	passdb->iface = *iface;
+ 	passdb->args = p_strdup(pool, set->args);
+-	if (*set->mechanisms == '\0') {
+-		passdb->mechanisms = NULL;
+-	} else if (strcasecmp(set->mechanisms, "none") == 0) {
+-		passdb->mechanisms = (const char *const[]){NULL};
+-	} else {
+-		passdb->mechanisms = (const char* const*)p_strsplit_spaces(pool, set->mechanisms, " ,");
+-	}
+-
+-	if (*set->username_filter == '\0') {
+-		passdb->username_filter = NULL;
+-	} else {
+-		passdb->username_filter = (const char* const*)p_strsplit_spaces(pool, set->username_filter, " ,");
+-	}
++	/* NOTE: if anything else than driver & args are added here,
++	   passdb_find() also needs to be updated. */
+ 	array_push_back(&passdb_modules, &passdb);
+ 	return passdb;
+ }
+diff --git a/src/auth/passdb.h b/src/auth/passdb.h
+index 2e95328e5c..e466a9fdb6 100644
+--- a/src/auth/passdb.h
++++ b/src/auth/passdb.h
+@@ -63,10 +63,6 @@ struct passdb_module {
+ 	/* Default password scheme for this module.
+ 	   If default_cache_key is set, must not be NULL. */
+ 	const char *default_pass_scheme;
+-	/* Supported authentication mechanisms, NULL is all, [NULL] is none*/
+-	const char *const *mechanisms;
+-	/* Username filter, NULL is no filter */
+-	const char *const *username_filter;
+ 
+ 	/* If blocking is set to TRUE, use child processes to access
+ 	   this passdb. */
+
+From a1022072e2ce36f853873d910287f466165b184b Mon Sep 17 00:00:00 2001
+From: Timo Sirainen <timo.sirainen@open-xchange.com>
+Date: Mon, 16 May 2022 14:58:45 +0200
+Subject: [PATCH 2/2] auth: Add a comment about updating userdb_find()
+
+---
+ src/auth/userdb.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/auth/userdb.c b/src/auth/userdb.c
+index 0849659102..830bc2dd64 100644
+--- a/src/auth/userdb.c
++++ b/src/auth/userdb.c
+@@ -158,7 +158,8 @@ userdb_preinit(pool_t pool, const struct auth_userdb_settings *set)
+ 	userdb->id = ++auth_userdb_id;
+ 	userdb->iface = iface;
+ 	userdb->args = p_strdup(pool, set->args);
+-
++	/* NOTE: if anything else than driver & args are added here,
++	   userdb_find() also needs to be updated. */
+ 	array_push_back(&userdb_modules, &userdb);
+ 	return userdb;
+ }
-- 
cgit v1.2.3