v2.2.26.0 released
Michael A. Peters
mpeters at domblogger.net
Wed Nov 2 11:39:17 UTC 2016
IMHO it would be acceptable to have a LibreSSL patch that is maintained
by the people who want it.
It's free software, and that kind of is the point of Open Source.
On 11/02/2016 04:36 AM, Michael A. Peters wrote:
> They have stated they are going to remain API compatible with 1.0.1h (or
> g, forget which they forked) - their new stuff is outside of libcrypto.
>
> On 11/02/2016 04:25 AM, Aki Tuomi wrote:
>> It does work today, I am just bit worried that it will keep on breaking
>> with libressl as they evolve their API. I would personally like to avoid
>> more ifdef hell if possible...
>>
>> Aki
>>
>>
>> On 02.11.2016 13:22, Michael A. Peters wrote:
>>> Standard way to fix it (on the LibreSSL page) is to check for
>>> LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think
>>> catches them all where needed. Note the word think.
>>>
>>> It certainly appears to be working anyway with it.
>>>
>>> On 11/02/2016 04:07 AM, Aki Tuomi wrote:
>>>> After doing some testing by myself, I noticed that libressl, for some
>>>> unknown reason, defines
>>>>
>>>> #define OPENSSL_VERSION_NUMBER 0x20000000L
>>>>
>>>> No idea why they decided to advertise that they are OpenSSL v2.0.0. A
>>>> local fix, if you need one, is to use
>>>>
>>>> #if OPENSSL_VERSION_NUMBER == 0x20000000L
>>>> #define OPENSSL_VERSION_NUMBER 0x1000100L
>>>> #endif
>>>>
>>>> in dcrypt-openssl.c after includes.
>>>>
>>>> Aki
>>>>
>>>>
>>>> On 02.11.2016 12:39, Aki Tuomi wrote:
>>>>> Hi!
>>>>>
>>>>> Those are used if
>>>>>
>>>>> #if OPENSSL_VERSION_NUMBER >= 0x10100000L
>>>>>
>>>>> So (your) libressl is providing this define. We compile our code using
>>>>> GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently
>>>>> officially supported one.
>>>>>
>>>>> Aki
>>>>>
>>>>>
>>>>> On 02.11.2016 12:34, Ruga wrote:
>>>>>> dovecot 2.2.26.0 uses the following functions, which are not
>>>>>> available on libressl 2.4.3:
>>>>>>
>>>>>> HMAC_CTX_new
>>>>>> HMAC_CTX_free
>>>>>> EVP_PKEY_get0_EC_KEY
>>>>>> EVP_PKEY_get0_RSA
>>>>>> OBJ_length
>>>>>> EVP_MD_CTX_new
>>>>>> EVP_MD_CTX_free
>>>>>>
>>>>>> The result of calling a non-existent function is a runtime error,
>>>>>> and we do not want that on production servers.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> There are additional problems. I recommend compiling with clang-llvm
>>>>>> 3.9.0
>>>>>> to see them all.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -------- Original Message --------
>>>>>> Subject: Re: v2.2.26.0 released
>>>>>> Local Time: 1 November 2016 7:30 PM
>>>>>> UTC Time: 1 November 2016 18:30
>>>>>> From: aki.tuomi at dovecot.fi
>>>>>> To: Dovecot Mailing List <dovecot at dovecot.org>, Ruga
>>>>>> <ruga at protonmail.com>
>>>>>>
>>>>>> OpenSSL v1.0.1 is enough.
>>>>>>
>>>>>> Aki
>>>>>>
>>>>>>> On November 1, 2016 at 7:46 PM Ruga <ruga at protonmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> We cannot upgrade from 2.2.24, because we use libressl and the newer
>>>>>>> dovecot versions demand openssl v1.1.
>>>>>>>
>>>>>>> Please add the new library requirement to the INSTALL file.
>>>>>>>
>>>>>>> All the best.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -------- Original Message --------
>>>>>>> Subject: v2.2.26.0 released
>>>>>>> Local Time: 28 October 2016 6:51 PM
>>>>>>> UTC Time: 28 October 2016 16:51
>>>>>>> From: tss at iki.fi
>>>>>>> To: dovecot-news at dovecot.org, Dovecot Mailing List
>>>>>>> <dovecot at dovecot.org>
>>>>>>>
>>>>>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz
>>>>>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz.sig
>>>>>>>
>>>>>>> v2.2.26 had a couple of nasty bugs left in it, so here's a fixup
>>>>>>> release. The version number is also a little bit weird, but had to
>>>>>>> be done this way (although 2.2.26.0.1 could have been another
>>>>>>> possibility).
>>>>>>>
>>>>>>> - Fixed some compiling issues.
>>>>>>> - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
>>>>>>> multiple passdbs.
>>>>>>> - auth: Fixed crash when exporting to auth-worker passdb extra
>>>>>>> fields
>>>>>>> that had empty values.
>>>>>>> - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit
>>>
More information about the dovecot
mailing list