similar to: ssl_curve_list seems to be ignored with Dovecot 2.3

Hello, I've set up dsync replication on 2 nodes and mail replication is working flawlessly, however it seems that replicating the sieve scripts won't work. Managesieve and sieve filter in gerneral seems to work on both nodes, however in order to have a synchronized state, I have to log onto both nodes with managesieve and save & activate the script. What's funny about this is

Hello, After I configured a SQLite backed dict quota backend, the dict process crashes every time a quota operation is happening. SQLite: 3.26.0 Dovecot: 2.3.4 (0ecbaf23d) Linux: 4.20.4.a-1-hardened #1 SMP PREEMPT Fri Jan 25 01:24:51 CET 2019 x86_64 GNU/Linux (Arch Linux) Filesystem: BTRFS I can't get any debug output from Dovecot, even after setting log_debug = cat:* event:* source:*

On 31.07.2018 03:32, ????? wrote: >> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: >> >> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >> >> And thus t1 would not work anyway. However, having tested r1 the result >> was just the same. >> >> A tcpdump during the openssl test [ s_server | s_client ] then revealed

See attached: (1) patch against 7.9p1, tested with openssl 1.1.0j and openssl 1.1.1a on linux/i386; passes regression test and connects to unpatched sshd without problems; I hacked a bit regress/unittests/kex, and benchmarked do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256); Before: 0.3295s per call After: 0.2183s per call That is, 50% speedup; assuming

> >>> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: >>> >>> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >>> >>> And thus t1 would not work anyway. However, having tested r1 the result >>> was just the same. >>> >>> A tcpdump during the openssl test [ s_server | s_client ] then revealed

On 31.07.2018 09:30, ????? wrote: >>>> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: >>>> >>>> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >>>> >>>> And thus t1 would not work anyway. However, having tested r1 the result >>>> was just the same. >>>> >>>> A tcpdump

...and then I found the commit I was looking for. It's fixed in https://github.com/dovecot/core/commit/ab80122c68bfe5c3dbae2b4d782f4181122710a1.patch Aki > On 03 February 2019 at 20:06 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > Can you try out the attached patch? > > Aki > > > On 03 February 2019 at 17:17 Marcel Menzel <mail at mcl.gg>

All I did was ??? - create a sqlite database with: # sqlite3 /tmp/storage.db (/run only to test for perm issues in other folders) ??? - change it's owner to mail (that's the user owning the mail files): # chown mail:mail /tmp/storage.db ??? - point dovecot to the file in "dovecot-dict-sql.conf.ext" with "connect = /tmp/storage.db" ??? - enable quota in

Can you try out the attached patch? Aki > On 03 February 2019 at 17:17 Marcel Menzel <mail at mcl.gg> wrote: > > > All I did was > > ??? - create a sqlite database with: # sqlite3 /tmp/storage.db (/run > only to test for perm issues in other folders) > > ??? - change it's owner to mail (that's the user owning the mail files): > # chown mail:mail

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Right it was already in 2.3.4. Looking more closely this looks like use after free. We'll look into this. </div> <div> <br> </div> <div> Aki </div> <blockquote type="cite"> <div>

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Can you provide steps on how to reproduce this? Tracked as DOP-899 </div> <blockquote type="cite"> <div> On 03 February 2019 at 16:50 Aki Tuomi < <a

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Can you try if applying </div> <div> <br> </div> <div> <a

Hello Aki, unfortunately, this patch is already in my source files, as patch refuses to apply it: ? -> Applying patch fix-sqlite.patch patching file src/lib-sql/driver-sqlite.c Reversed (or previously applied) patch detected!? Skipping patch. 2 out of 2 hunks ignored -- saving rejects to file src/lib-sql/driver-sqlite.c.rej I verified it by looking in the source code and indeed, this patch

Hello Aki, Arch Linux doesn't have install-able debug symbols for Dovecot. That's why I just compiled the package for myself with enabled debug symbols (by editing the makepkg.conf). I've attached the output from gdb's bt full. - Marcel Am 03.02.2019 um 14:45 schrieb Aki Tuomi: > You need to install debug symbols. Not sure how this is done in arch > linux though. >

My opinion is that security by RFC is not security, it's mommy medicine. Standards have had a terrible time keeping up with security realities. NITS's curves leak side channel information all over the place. I don't have details on what implementations are set to calculate the NIST curves in constant time, and that's not an easy feat to do anyway so I don't want to depend

>>>> I did some local testing and it seems that you are using a curve >>>> that is not acceptable for openssl as a server key. >>>> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem >>>> -port 5555 >>>> using cert generated with brainpool. Everything works if I use >>>> prime256v1 or secp521r1. This is a

On 11/10/2019 10:06, Hativ via dovecot wrote: > Hello Aki, > > I have this problem just with 2.3.8, my self-compiled 2.3.3 works > fine. I have previously tried to update from 2.3.3 to higher versions > (possibly 2.3.5 or so), but always had this error, which is why I am > always back to 2.3.3. > This bug was already known. It is tracked internally as DOV-3600. Looks like

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> You need to install debug symbols. Not sure how this is done in arch linux though. </div> <div> <br> </div> <div> Aki </div> <blockquote type="cite"> <div> On 03 February 2019 at

Hello John, I tried (until now) to get a valuable backtrace, but it seems that GDB can't resolve all symbols. This is what systemd-coredump is giving me: Stack trace of thread 22359: #0? 0x0000638167eaf062 event_unref (libdovecot.so.0) #1? 0x000004a58a212151 n/a (dict) #2? 0x000004a58a211333 n/a (dict) #3? 0x000004a58a20514d n/a (dict) #4? 0x0000638167e556f2 dict_transaction_begin

Trying to connect to a Dell iDRAC 6. The iDRAC reports it is running OpenSSH 5.2. From Fedora Linux 20 with OpenSSH 6.4p1, connections succeed. From Fedora Linux 23 with OpenSSH 7.2p2, connections succeed. From Fedora Linux 27 with OpenSSH 7.6p1, connections fail prior to prompting for a password. The message is, "Received disconnect from (IP address) port 22:11: Logged out." Trying