v2.2.27 released --- libressl

Sun Dec 4 15:15:21 UTC 2016

>openssl version
Libressl 2.4.4

Patch for dovecot:

perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-dcrypt/dcrypt-openssl.c;
perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c;
perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER >= 0x10100000L\s*)$/$1 && !defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-dcrypt/dcrypt-openssl.c;
perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER >= 0x10100000L\s*)$/$1 && !defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c;

Both configuration and compilation are OK.

The test fails as follows:
[...]

test_load_v1_public_key .............................................. : ok

Panic: file randgen.c: line 21 (random_fill): assertion failed: (init_refcount > 0)

Error: Raw backtrace: 2 libdcrypt_openssl.so 0x0000000103413d24 default_fatal_finish + 36 -> 3 libdcrypt_openssl.so 0x0000000103413afd default_fatal_handler + 61 -> 4 libdcrypt_openssl.so 0x0000000103414069 i_panic + 169 -> 5 libdcrypt_openssl.so 0x000000010344110c random_fill + 220 -> 6 libdcrypt_openssl.so 0x000000010340a63d dcrypt_openssl_store_private_key + 1037 -> 7 test-crypto 0x0000000103387f54 test_load_v2_key + 580 -> 8 test-crypto 0x000000010338990e test_run + 142 -> 9 test-crypto 0x0000000103386921 main + 81 -> 10 libdyld.dylib 0x00007fff9da95255 start + 1

/bin/sh: line 1: 56954 Abort trap: 6 ./$bin

make[2]: *** [check-test] Error 1

make[1]: *** [check-recursive] Error 1

make: *** [check-recursive] Error 1

-------- Original Message --------
Subject: v2.2.27 released
Local Time: 3 December 2016 6:48 PM
UTC Time: 3 December 2016 17:48
From: tss at iki.fi
To: dovecot-news at dovecot.org, Dovecot Mailing List <dovecot at dovecot.org>

https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz.sig

Note that the download URLs are now https with a certificate from Let's Encrypt.

* dovecot.list.index.log rotation sizes/times were changed so that
the .log file stays smaller and .log.2 is deleted sooner.

+ Added mail_crypt plugin that allows encryption of stored emails.
See http://wiki2.dovecot.org/Plugins/MailCrypt
+ stats: Global stats can be sent to Carbon server by setting
stats_carbon_server=ip:port
+ imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send
ID/XCLIENT
+ Added generic hash modifier for %variables:
%{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field}
Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256.
Also "pkcs5" is supported using SHA256. For example: %{sha256:user}
or %{md5;truncate=32:user}.
+ Added support for SHA3-256 and SHA3-512 hashes.
+ config: Support DNS wildcards in local_name, e.g.
local_name *.example.com { .. } matches anything.example.com, but
not multiple.anything.example.com.
+ config: Support multiple names in local_name, e.g.
local_name "1.example.com 2.example.com" { .. }
- Fixed crash in auth process when auth-policy was configured and
authentication was aborted/failed without a username set.
- director: If two users had different tags but the same hash,
the users may have been redirected to the wrong tag's hosts.
- Index files may have been thought incorrectly lost, causing
"Missing middle file seq=.." to be logged and index rebuild.
This happened more easily with IMAP hibernation enabled.
- Various fixes to restoring state correctly in un-hibernation.
- dovecot.index files were commonly 4 bytes per email too large. This
is because 3 bytes per email were being wasted that could have been
used for IMAP keywords.
- Various fixes to handle dovecot.list.index corruption better.
- lib-fts: Fixed assert-crash in address tokenizer with specific input.
- Fixed assert-crash in HTML to text parsing with specific input
(e.g. for FTS indexing or snippet generation)
- doveadm sync -1: Fixed handling mailbox GUID conflicts.
- sdbox, mdbox: Perform full index rebuild if corruption is detected
inside lib-index, which runs index fsck.
- quota: Don't skip quota checks when moving mails between different
quota roots.
- search: Multiple sequence sets or UID sets in search parameters
weren't handled correctly. They were incorrectly merged together.