OpenSSL v1.0.1 is enough. Aki> On November 1, 2016 at 7:46 PM Ruga <ruga at protonmail.com> wrote: > > > Hello, > > We cannot upgrade from 2.2.24, because we use libressl and the newer > dovecot versions demand openssl v1.1. > > Please add the new library requirement to the INSTALL file. > > All the best. > > > > > > > > > > -------- Original Message -------- > Subject: v2.2.26.0 released > Local Time: 28 October 2016 6:51 PM > UTC Time: 28 October 2016 16:51 > From: tss at iki.fi > To: dovecot-news at dovecot.org, Dovecot Mailing List <dovecot at dovecot.org> > > http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz.sig > > v2.2.26 had a couple of nasty bugs left in it, so here's a fixup release. The version number is also a little bit weird, but had to be done this way (although 2.2.26.0.1 could have been another possibility). > > - Fixed some compiling issues. > - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and > multiple passdbs. > - auth: Fixed crash when exporting to auth-worker passdb extra fields > that had empty values. > - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit
dovecot 2.2.26.0 uses the following functions, which are not available on libressl 2.4.3: HMAC_CTX_new HMAC_CTX_free EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_RSA OBJ_length EVP_MD_CTX_new EVP_MD_CTX_free The result of calling a non-existent function is a runtime error, and we do not want that on production servers. There are additional problems. I recommend compiling with clang-llvm 3.9.0 to see them all. -------- Original Message -------- Subject: Re: v2.2.26.0 released Local Time: 1 November 2016 7:30 PM UTC Time: 1 November 2016 18:30 From: aki.tuomi at dovecot.fi To: Dovecot Mailing List <dovecot at dovecot.org>, Ruga <ruga at protonmail.com> OpenSSL v1.0.1 is enough. Aki> On November 1, 2016 at 7:46 PM Ruga <ruga at protonmail.com> wrote: > > > Hello, > > We cannot upgrade from 2.2.24, because we use libressl and the newer > dovecot versions demand openssl v1.1. > > Please add the new library requirement to the INSTALL file. > > All the best. > > > > > > > > > > -------- Original Message -------- > Subject: v2.2.26.0 released > Local Time: 28 October 2016 6:51 PM > UTC Time: 28 October 2016 16:51 > From: tss at iki.fi > To: dovecot-news at dovecot.org, Dovecot Mailing List <dovecot at dovecot.org> > > http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz.sig > > v2.2.26 had a couple of nasty bugs left in it, so here's a fixup release. The version number is also a little bit weird, but had to be done this way (although 2.2.26.0.1 could have been another possibility). > > - Fixed some compiling issues. > - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and > multiple passdbs. > - auth: Fixed crash when exporting to auth-worker passdb extra fields > that had empty values. > - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit
Hi! Those are used if #if OPENSSL_VERSION_NUMBER >= 0x10100000L So (your) libressl is providing this define. We compile our code using GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently officially supported one. Aki On 02.11.2016 12:34, Ruga wrote:> dovecot 2.2.26.0 uses the following functions, which are not available on libressl 2.4.3: > > HMAC_CTX_new > HMAC_CTX_free > EVP_PKEY_get0_EC_KEY > EVP_PKEY_get0_RSA > OBJ_length > EVP_MD_CTX_new > EVP_MD_CTX_free > > The result of calling a non-existent function is a runtime error, > and we do not want that on production servers. > > > > > > > > There are additional problems. I recommend compiling with clang-llvm 3.9.0 > to see them all. > > > > > > > > -------- Original Message -------- > Subject: Re: v2.2.26.0 released > Local Time: 1 November 2016 7:30 PM > UTC Time: 1 November 2016 18:30 > From: aki.tuomi at dovecot.fi > To: Dovecot Mailing List <dovecot at dovecot.org>, Ruga <ruga at protonmail.com> > > OpenSSL v1.0.1 is enough. > > Aki > >> On November 1, 2016 at 7:46 PM Ruga <ruga at protonmail.com> wrote: >> >> >> Hello, >> >> We cannot upgrade from 2.2.24, because we use libressl and the newer >> dovecot versions demand openssl v1.1. >> >> Please add the new library requirement to the INSTALL file. >> >> All the best. >> >> >> >> >> >> >> >> >> >> -------- Original Message -------- >> Subject: v2.2.26.0 released >> Local Time: 28 October 2016 6:51 PM >> UTC Time: 28 October 2016 16:51 >> From: tss at iki.fi >> To: dovecot-news at dovecot.org, Dovecot Mailing List <dovecot at dovecot.org> >> >> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz >> http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz.sig >> >> v2.2.26 had a couple of nasty bugs left in it, so here's a fixup release. The version number is also a little bit weird, but had to be done this way (although 2.2.26.0.1 could have been another possibility). >> >> - Fixed some compiling issues. >> - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and >> multiple passdbs. >> - auth: Fixed crash when exporting to auth-worker passdb extra fields >> that had empty values. >> - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit