>openssl version Libressl 2.4.4 Patch for dovecot:
perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-dcrypt/dcrypt-openssl.c; perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c; perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER >= 0x10100000L\s*)$/$1 && !defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-dcrypt/dcrypt-openssl.c; perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER >= 0x10100000L\s*)$/$1 && !defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c; Both configuration and compilation are OK. The test fails as follows: [...] test_load_v1_public_key .............................................. : ok Panic: file randgen.c: line 21 (random_fill): assertion failed: (init_refcount > 0) Error: Raw backtrace: 2 libdcrypt_openssl.so 0x0000000103413d24 default_fatal_finish + 36 -> 3 libdcrypt_openssl.so 0x0000000103413afd default_fatal_handler + 61 -> 4 libdcrypt_openssl.so 0x0000000103414069 i_panic + 169 -> 5 libdcrypt_openssl.so 0x000000010344110c random_fill + 220 -> 6 libdcrypt_openssl.so 0x000000010340a63d dcrypt_openssl_store_private_key + 1037 -> 7 test-crypto 0x0000000103387f54 test_load_v2_key + 580 -> 8 test-crypto 0x000000010338990e test_run + 142 -> 9 test-crypto 0x0000000103386921 main + 81 -> 10 libdyld.dylib 0x00007fff9da95255 start + 1 /bin/sh: line 1: 56954 Abort trap: 6 ./$bin make[2]: *** [check-test] Error 1 make[1]: *** [check-recursive] Error 1 make: *** [check-recursive] Error 1 -------- Original Message -------- Subject: v2.2.27 released Local Time: 3 December 2016 6:48 PM UTC Time: 3 December 2016 17:48 From: t...@iki.fi To: dovecot-n...@dovecot.org, Dovecot Mailing List <dovecot@dovecot.org> https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz.sig Note that the download URLs are now https with a certificate from Let's Encrypt. * dovecot.list.index.log rotation sizes/times were changed so that the .log file stays smaller and .log.2 is deleted sooner. + Added mail_crypt plugin that allows encryption of stored emails. See http://wiki2.dovecot.org/Plugins/MailCrypt + stats: Global stats can be sent to Carbon server by setting stats_carbon_server=ip:port + imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT + Added generic hash modifier for %variables: %{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field} Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256. Also "pkcs5" is supported using SHA256. For example: %{sha256:user} or %{md5;truncate=32:user}. + Added support for SHA3-256 and SHA3-512 hashes. + config: Support DNS wildcards in local_name, e.g. local_name *.example.com { .. } matches anything.example.com, but not multiple.anything.example.com. + config: Support multiple names in local_name, e.g. local_name "1.example.com 2.example.com" { .. } - Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set. - director: If two users had different tags but the same hash, the users may have been redirected to the wrong tag's hosts. - Index files may have been thought incorrectly lost, causing "Missing middle file seq=.." to be logged and index rebuild. This happened more easily with IMAP hibernation enabled. - Various fixes to restoring state correctly in un-hibernation. - dovecot.index files were commonly 4 bytes per email too large. This is because 3 bytes per email were being wasted that could have been used for IMAP keywords. - Various fixes to handle dovecot.list.index corruption better. - lib-fts: Fixed assert-crash in address tokenizer with specific input. - Fixed assert-crash in HTML to text parsing with specific input (e.g. for FTS indexing or snippet generation) - doveadm sync -1: Fixed handling mailbox GUID conflicts. - sdbox, mdbox: Perform full index rebuild if corruption is detected inside lib-index, which runs index fsck. - quota: Don't skip quota checks when moving mails between different quota roots. - search: Multiple sequence sets or UID sets in search parameters weren't handled correctly. They were incorrectly merged together.
