v2.2.26.0 released

Michael A. Peters mpeters at domblogger.net
Wed Nov 2 11:36:05 UTC 2016


They have stated they are going to remain API compatible with 1.0.1h (or 
g, forget which they forked) - their new stuff is outside of libcrypto.

On 11/02/2016 04:25 AM, Aki Tuomi wrote:
> It does work today, I am just bit worried that it will keep on breaking
> with libressl as they evolve their API. I would personally like to avoid
> more ifdef hell if possible...
>
> Aki
>
>
> On 02.11.2016 13:22, Michael A. Peters wrote:
>> Standard way to fix it (on the LibreSSL page) is to check for
>> LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think
>> catches them all where needed. Note the word think.
>>
>> It certainly appears to be working anyway with it.
>>
>> On 11/02/2016 04:07 AM, Aki Tuomi wrote:
>>> After doing some testing by myself, I noticed that libressl, for some
>>> unknown reason, defines
>>>
>>> #define OPENSSL_VERSION_NUMBER    0x20000000L
>>>
>>> No idea why they decided to advertise that they are OpenSSL v2.0.0. A
>>> local fix, if you need one, is to use
>>>
>>> #if OPENSSL_VERSION_NUMBER == 0x20000000L
>>> #define OPENSSL_VERSION_NUMBER 0x1000100L
>>> #endif
>>>
>>> in dcrypt-openssl.c after includes.
>>>
>>> Aki
>>>
>>>
>>> On 02.11.2016 12:39, Aki Tuomi wrote:
>>>> Hi!
>>>>
>>>> Those are used if
>>>>
>>>> #if OPENSSL_VERSION_NUMBER >= 0x10100000L
>>>>
>>>> So (your) libressl is providing this define. We compile our code using
>>>> GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently
>>>> officially supported one.
>>>>
>>>> Aki
>>>>
>>>>
>>>> On 02.11.2016 12:34, Ruga wrote:
>>>>> dovecot 2.2.26.0 uses the following functions, which are not
>>>>> available on libressl 2.4.3:
>>>>>
>>>>> HMAC_CTX_new
>>>>> HMAC_CTX_free
>>>>> EVP_PKEY_get0_EC_KEY
>>>>> EVP_PKEY_get0_RSA
>>>>> OBJ_length
>>>>> EVP_MD_CTX_new
>>>>> EVP_MD_CTX_free
>>>>>
>>>>> The result of calling a non-existent function is a runtime error,
>>>>> and we do not want that on production servers.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> There are additional problems. I recommend compiling with clang-llvm
>>>>> 3.9.0
>>>>> to see them all.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------- Original Message --------
>>>>> Subject: Re: v2.2.26.0 released
>>>>> Local Time: 1 November 2016 7:30 PM
>>>>> UTC Time: 1 November 2016 18:30
>>>>> From: aki.tuomi at dovecot.fi
>>>>> To: Dovecot Mailing List <dovecot at dovecot.org>, Ruga
>>>>> <ruga at protonmail.com>
>>>>>
>>>>> OpenSSL v1.0.1 is enough.
>>>>>
>>>>> Aki
>>>>>
>>>>>> On November 1, 2016 at 7:46 PM Ruga <ruga at protonmail.com> wrote:
>>>>>>
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> We cannot upgrade from 2.2.24, because we use libressl and the newer
>>>>>> dovecot versions demand openssl v1.1.
>>>>>>
>>>>>> Please add the new library requirement to the INSTALL file.
>>>>>>
>>>>>> All the best.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -------- Original Message --------
>>>>>> Subject: v2.2.26.0 released
>>>>>> Local Time: 28 October 2016 6:51 PM
>>>>>> UTC Time: 28 October 2016 16:51
>>>>>> From: tss at iki.fi
>>>>>> To: dovecot-news at dovecot.org, Dovecot Mailing List
>>>>>> <dovecot at dovecot.org>
>>>>>>
>>>>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz
>>>>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz.sig
>>>>>>
>>>>>> v2.2.26 had a couple of nasty bugs left in it, so here's a fixup
>>>>>> release. The version number is also a little bit weird, but had to
>>>>>> be done this way (although 2.2.26.0.1 could have been another
>>>>>> possibility).
>>>>>>
>>>>>> - Fixed some compiling issues.
>>>>>> - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
>>>>>> multiple passdbs.
>>>>>> - auth: Fixed crash when exporting to auth-worker passdb extra fields
>>>>>> that had empty values.
>>>>>> - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit
>>



More information about the dovecot mailing list