On Fri, Dec 23, 2022 at 11:59:54AM +0200, Aki Tuomi
wrote:> > On 23/12/2022 11:47 EET Eray Aslan <eraya at a21an.org> wrote:
> > On Thu, Dec 22, 2022 at 10:06:16AM +0200, Aki Tuomi wrote:
> > > We are pleased to release v2.3.20 of Dovecot.
> >
> > Can you confirm that CVE-2022-30550 is patched in dovecot-2.3.20?
Thank
> > you.
>
> We've decided to fix it for 2.4 release only, so it's not fixed in
2.3.20.
That is a surprising decision.
One more question regarding openssl. I am getting test failures when
building against openssl-3 but not when building against openssl-1.1.1s.
Can you confirm if openssl-3 is supported?
[...]
test-crypto.c:827: Assert failed: ret == TRUE
Panic: file dcrypt-openssl.c: line 2639 (dcrypt_openssl_private_to_public_key):
assertion failed: (priv_key != NULL && pub_key_r != NULL)
Error: Raw backtrace: ./test-crypto(backtrace_append+0x42) [0x560ff72000b2]
-> ./test-crypto(backtrace_get+0x1e) [0x560ff72001fe] ->
./test-crypto(+0x26952) [0x560ff71dd952] -> ./test-crypto(+0x26991)
[0x560ff71dd991] -> ./test-crypto(+0x14e03) [0x560ff71cbe03] ->
.libs/libdcrypt_openssl.so(+0x5f25) [0x7f5b1b499f25] ->
./test-crypto(+0x1f071) [0x560ff71d6071] -> ./test-crypto(+0x227cf)
[0x560ff71d97cf] -> ./test-crypto(test_run+0x4a) [0x560ff71da2da] ->
./test-crypto(main+0x4f) [0x560ff71d032f] -> /lib64/libc.so.6(+0x232ca)
[0x7f5b1b5322ca] -> /lib64/libc.so.6(__libc_start_main+0x85) [0x7f5b1b532385]
-> ./test-crypto(_start+0x21) [0x560ff71d0451]
make[3]: *** [Makefile:1137: check-local] Error 1
[...]
$ openssl version
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
Thank you
--
Eray