openssl version Libressl 2.4.4
Patch for dovecot:
perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-dcrypt/dcrypt-openssl.c; perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c; perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER >= 0x10100000L\s*)$/$1 && !defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-dcrypt/dcrypt-openssl.c; perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER >= 0x10100000L\s*)$/$1 && !defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c;
Both configuration and compilation are OK.
The test fails as follows: [...]
test_load_v1_public_key .............................................. : ok
Panic: file randgen.c: line 21 (random_fill): assertion failed: (init_refcount > 0)
Error: Raw backtrace: 2 libdcrypt_openssl.so 0x0000000103413d24 default_fatal_finish + 36 -> 3 libdcrypt_openssl.so 0x0000000103413afd default_fatal_handler + 61 -> 4 libdcrypt_openssl.so 0x0000000103414069 i_panic + 169 -> 5 libdcrypt_openssl.so 0x000000010344110c random_fill + 220 -> 6 libdcrypt_openssl.so 0x000000010340a63d dcrypt_openssl_store_private_key + 1037 -> 7 test-crypto 0x0000000103387f54 test_load_v2_key + 580 -> 8 test-crypto 0x000000010338990e test_run + 142 -> 9 test-crypto 0x0000000103386921 main + 81 -> 10 libdyld.dylib 0x00007fff9da95255 start + 1
/bin/sh: line 1: 56954 Abort trap: 6 ./$bin
make[2]: *** [check-test] Error 1
make[1]: *** [check-recursive] Error 1
make: *** [check-recursive] Error 1
-------- Original Message -------- Subject: v2.2.27 released Local Time: 3 December 2016 6:48 PM UTC Time: 3 December 2016 17:48 From: tss@iki.fi To: dovecot-news@dovecot.org, Dovecot Mailing List dovecot@dovecot.org
https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz.sig
Note that the download URLs are now https with a certificate from Let's Encrypt.
- dovecot.list.index.log rotation sizes/times were changed so that the .log file stays smaller and .log.2 is deleted sooner.
- Added mail_crypt plugin that allows encryption of stored emails. See http://wiki2.dovecot.org/Plugins/MailCrypt
- stats: Global stats can be sent to Carbon server by setting stats_carbon_server=ip:port
- imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT
- Added generic hash modifier for %variables: %{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field} Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256. Also "pkcs5" is supported using SHA256. For example: %{sha256:user} or %{md5;truncate=32:user}.
- Added support for SHA3-256 and SHA3-512 hashes.
- config: Support DNS wildcards in local_name, e.g. local_name *.example.com { .. } matches anything.example.com, but not multiple.anything.example.com.
- config: Support multiple names in local_name, e.g. local_name "1.example.com 2.example.com" { .. }
- Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set.
- director: If two users had different tags but the same hash, the users may have been redirected to the wrong tag's hosts.
- Index files may have been thought incorrectly lost, causing "Missing middle file seq=.." to be logged and index rebuild. This happened more easily with IMAP hibernation enabled.
- Various fixes to restoring state correctly in un-hibernation.
- dovecot.index files were commonly 4 bytes per email too large. This is because 3 bytes per email were being wasted that could have been used for IMAP keywords.
- Various fixes to handle dovecot.list.index corruption better.
- lib-fts: Fixed assert-crash in address tokenizer with specific input.
- Fixed assert-crash in HTML to text parsing with specific input (e.g. for FTS indexing or snippet generation)
- doveadm sync -1: Fixed handling mailbox GUID conflicts.
- sdbox, mdbox: Perform full index rebuild if corruption is detected inside lib-index, which runs index fsck.
- quota: Don't skip quota checks when moving mails between different quota roots.
- search: Multiple sequence sets or UID sets in search parameters weren't handled correctly. They were incorrectly merged together.