v2.2.26.0 released

Aki Tuomi aki.tuomi at dovecot.fi
Wed Nov 2 11:07:04 UTC 2016


After doing some testing by myself, I noticed that libressl, for some 
unknown reason, defines

#define OPENSSL_VERSION_NUMBER    0x20000000L

No idea why they decided to advertise that they are OpenSSL v2.0.0. A 
local fix, if you need one, is to use

#if OPENSSL_VERSION_NUMBER == 0x20000000L
#define OPENSSL_VERSION_NUMBER 0x1000100L
#endif

in dcrypt-openssl.c after includes.

Aki


On 02.11.2016 12:39, Aki Tuomi wrote:
> Hi!
>
> Those are used if
>
> #if OPENSSL_VERSION_NUMBER >= 0x10100000L
>
> So (your) libressl is providing this define. We compile our code using 
> GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently 
> officially supported one.
>
> Aki
>
>
> On 02.11.2016 12:34, Ruga wrote:
>> dovecot 2.2.26.0 uses the following functions, which are not 
>> available on libressl 2.4.3:
>>
>> HMAC_CTX_new
>> HMAC_CTX_free
>> EVP_PKEY_get0_EC_KEY
>> EVP_PKEY_get0_RSA
>> OBJ_length
>> EVP_MD_CTX_new
>> EVP_MD_CTX_free
>>
>> The result of calling a non-existent function is a runtime error,
>> and we do not want that on production servers.
>>
>>
>>
>>
>>
>>
>>
>> There are additional problems. I recommend compiling with clang-llvm 
>> 3.9.0
>> to see them all.
>>
>>
>>
>>
>>
>>
>>
>> -------- Original Message --------
>> Subject: Re: v2.2.26.0 released
>> Local Time: 1 November 2016 7:30 PM
>> UTC Time: 1 November 2016 18:30
>> From: aki.tuomi at dovecot.fi
>> To: Dovecot Mailing List <dovecot at dovecot.org>, Ruga 
>> <ruga at protonmail.com>
>>
>> OpenSSL v1.0.1 is enough.
>>
>> Aki
>>
>>> On November 1, 2016 at 7:46 PM Ruga <ruga at protonmail.com> wrote:
>>>
>>>
>>> Hello,
>>>
>>> We cannot upgrade from 2.2.24, because we use libressl and the newer
>>> dovecot versions demand openssl v1.1.
>>>
>>> Please add the new library requirement to the INSTALL file.
>>>
>>> All the best.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> -------- Original Message --------
>>> Subject: v2.2.26.0 released
>>> Local Time: 28 October 2016 6:51 PM
>>> UTC Time: 28 October 2016 16:51
>>> From: tss at iki.fi
>>> To: dovecot-news at dovecot.org, Dovecot Mailing List 
>>> <dovecot at dovecot.org>
>>>
>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz
>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz.sig
>>>
>>> v2.2.26 had a couple of nasty bugs left in it, so here's a fixup 
>>> release. The version number is also a little bit weird, but had to 
>>> be done this way (although 2.2.26.0.1 could have been another 
>>> possibility).
>>>
>>> - Fixed some compiling issues.
>>> - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
>>> multiple passdbs.
>>> - auth: Fixed crash when exporting to auth-worker passdb extra fields
>>> that had empty values.
>>> - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit



More information about the dovecot mailing list