v2.2.26.0 released

Aki Tuomi aki.tuomi at dovecot.fi
Wed Nov 2 11:25:17 UTC 2016


It does work today, I am just bit worried that it will keep on breaking 
with libressl as they evolve their API. I would personally like to avoid 
more ifdef hell if possible...

Aki


On 02.11.2016 13:22, Michael A. Peters wrote:
> Standard way to fix it (on the LibreSSL page) is to check for 
> LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think 
> catches them all where needed. Note the word think.
>
> It certainly appears to be working anyway with it.
>
> On 11/02/2016 04:07 AM, Aki Tuomi wrote:
>> After doing some testing by myself, I noticed that libressl, for some
>> unknown reason, defines
>>
>> #define OPENSSL_VERSION_NUMBER    0x20000000L
>>
>> No idea why they decided to advertise that they are OpenSSL v2.0.0. A
>> local fix, if you need one, is to use
>>
>> #if OPENSSL_VERSION_NUMBER == 0x20000000L
>> #define OPENSSL_VERSION_NUMBER 0x1000100L
>> #endif
>>
>> in dcrypt-openssl.c after includes.
>>
>> Aki
>>
>>
>> On 02.11.2016 12:39, Aki Tuomi wrote:
>>> Hi!
>>>
>>> Those are used if
>>>
>>> #if OPENSSL_VERSION_NUMBER >= 0x10100000L
>>>
>>> So (your) libressl is providing this define. We compile our code using
>>> GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently
>>> officially supported one.
>>>
>>> Aki
>>>
>>>
>>> On 02.11.2016 12:34, Ruga wrote:
>>>> dovecot 2.2.26.0 uses the following functions, which are not
>>>> available on libressl 2.4.3:
>>>>
>>>> HMAC_CTX_new
>>>> HMAC_CTX_free
>>>> EVP_PKEY_get0_EC_KEY
>>>> EVP_PKEY_get0_RSA
>>>> OBJ_length
>>>> EVP_MD_CTX_new
>>>> EVP_MD_CTX_free
>>>>
>>>> The result of calling a non-existent function is a runtime error,
>>>> and we do not want that on production servers.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> There are additional problems. I recommend compiling with clang-llvm
>>>> 3.9.0
>>>> to see them all.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: Re: v2.2.26.0 released
>>>> Local Time: 1 November 2016 7:30 PM
>>>> UTC Time: 1 November 2016 18:30
>>>> From: aki.tuomi at dovecot.fi
>>>> To: Dovecot Mailing List <dovecot at dovecot.org>, Ruga
>>>> <ruga at protonmail.com>
>>>>
>>>> OpenSSL v1.0.1 is enough.
>>>>
>>>> Aki
>>>>
>>>>> On November 1, 2016 at 7:46 PM Ruga <ruga at protonmail.com> wrote:
>>>>>
>>>>>
>>>>> Hello,
>>>>>
>>>>> We cannot upgrade from 2.2.24, because we use libressl and the newer
>>>>> dovecot versions demand openssl v1.1.
>>>>>
>>>>> Please add the new library requirement to the INSTALL file.
>>>>>
>>>>> All the best.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------- Original Message --------
>>>>> Subject: v2.2.26.0 released
>>>>> Local Time: 28 October 2016 6:51 PM
>>>>> UTC Time: 28 October 2016 16:51
>>>>> From: tss at iki.fi
>>>>> To: dovecot-news at dovecot.org, Dovecot Mailing List
>>>>> <dovecot at dovecot.org>
>>>>>
>>>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz
>>>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz.sig
>>>>>
>>>>> v2.2.26 had a couple of nasty bugs left in it, so here's a fixup
>>>>> release. The version number is also a little bit weird, but had to
>>>>> be done this way (although 2.2.26.0.1 could have been another
>>>>> possibility).
>>>>>
>>>>> - Fixed some compiling issues.
>>>>> - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
>>>>> multiple passdbs.
>>>>> - auth: Fixed crash when exporting to auth-worker passdb extra fields
>>>>> that had empty values.
>>>>> - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit
>



More information about the dovecot mailing list