v2.2.26.0 released

Ruga ruga at protonmail.com
Wed Nov 2 13:15:20 UTC 2016


Thank you.

Sent from ProtonMail Mobile


On Wed, Nov 2, 2016 at 12:22 PM, Michael A. Peters <'mpeters at domblogger.net'> wrote:
Standard way to fix it (on the LibreSSL page) is to check for
LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think catches
them all where needed. Note the word think.

It certainly appears to be working anyway with it.

On 11/02/2016 04:07 AM, Aki Tuomi wrote:
> After doing some testing by myself, I noticed that libressl, for some
> unknown reason, defines
>
> #define OPENSSL_VERSION_NUMBER 0x20000000L
>
> No idea why they decided to advertise that they are OpenSSL v2.0.0. A
> local fix, if you need one, is to use
>
> #if OPENSSL_VERSION_NUMBER == 0x20000000L
> #define OPENSSL_VERSION_NUMBER 0x1000100L
> #endif
>
> in dcrypt-openssl.c after includes.
>
> Aki
>
>
> On 02.11.2016 12:39, Aki Tuomi wrote:
>> Hi!
>>
>> Those are used if
>>
>> #if OPENSSL_VERSION_NUMBER >= 0x10100000L
>>
>> So (your) libressl is providing this define. We compile our code using
>> GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently
>> officially supported one.
>>
>> Aki
>>
>>
>> On 02.11.2016 12:34, Ruga wrote:
>>> dovecot 2.2.26.0 uses the following functions, which are not
>>> available on libressl 2.4.3:
>>>
>>> HMAC_CTX_new
>>> HMAC_CTX_free
>>> EVP_PKEY_get0_EC_KEY
>>> EVP_PKEY_get0_RSA
>>> OBJ_length
>>> EVP_MD_CTX_new
>>> EVP_MD_CTX_free
>>>
>>> The result of calling a non-existent function is a runtime error,
>>> and we do not want that on production servers.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> There are additional problems. I recommend compiling with clang-llvm
>>> 3.9.0
>>> to see them all.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> -------- Original Message --------
>>> Subject: Re: v2.2.26.0 released
>>> Local Time: 1 November 2016 7:30 PM
>>> UTC Time: 1 November 2016 18:30
>>> From: aki.tuomi at dovecot.fi
>>> To: Dovecot Mailing List <dovecot at dovecot.org>, Ruga
>>> <ruga at protonmail.com>
>>>
>>> OpenSSL v1.0.1 is enough.
>>>
>>> Aki
>>>
>>>> On November 1, 2016 at 7:46 PM Ruga <ruga at protonmail.com> wrote:
>>>>
>>>>
>>>> Hello,
>>>>
>>>> We cannot upgrade from 2.2.24, because we use libressl and the newer
>>>> dovecot versions demand openssl v1.1.
>>>>
>>>> Please add the new library requirement to the INSTALL file.
>>>>
>>>> All the best.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: v2.2.26.0 released
>>>> Local Time: 28 October 2016 6:51 PM
>>>> UTC Time: 28 October 2016 16:51
>>>> From: tss at iki.fi
>>>> To: dovecot-news at dovecot.org, Dovecot Mailing List
>>>> <dovecot at dovecot.org>
>>>>
>>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz
>>>> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz.sig
>>>>
>>>> v2.2.26 had a couple of nasty bugs left in it, so here's a fixup
>>>> release. The version number is also a little bit weird, but had to
>>>> be done this way (although 2.2.26.0.1 could have been another
>>>> possibility).
>>>>
>>>> - Fixed some compiling issues.
>>>> - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
>>>> multiple passdbs.
>>>> - auth: Fixed crash when exporting to auth-worker passdb extra fields
>>>> that had empty values.
>>>> - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit


More information about the dovecot mailing list