> On 23/12/2022 14:23 EET Eray Aslan <er...@a21an.org> wrote: > > > On Fri, Dec 23, 2022 at 11:59:54AM +0200, Aki Tuomi wrote: > > > On 23/12/2022 11:47 EET Eray Aslan <er...@a21an.org> wrote: > > > On Thu, Dec 22, 2022 at 10:06:16AM +0200, Aki Tuomi wrote: > > > > We are pleased to release v2.3.20 of Dovecot. > > > > > > Can you confirm that CVE-2022-30550 is patched in dovecot-2.3.20? Thank > > > you. > > > > We've decided to fix it for 2.4 release only, so it's not fixed in 2.3.20. > > That is a surprising decision. >
The bug does not, in fact, affect that many setups, and we do not consider it to be practically that severe bug. > One more question regarding openssl. I am getting test failures when > building against openssl-3 but not when building against openssl-1.1.1s. > Can you confirm if openssl-3 is supported? > > [...] > test-crypto.c:827: Assert failed: ret == TRUE > Panic: file dcrypt-openssl.c: line 2639 > (dcrypt_openssl_private_to_public_key): assertion failed: (priv_key != NULL > && pub_key_r != NULL) > Error: Raw backtrace: ./test-crypto(backtrace_append+0x42) [0x560ff72000b2] > -> ./test-crypto(backtrace_get+0x1e) [0x560ff72001fe] -> > ./test-crypto(+0x26952) [0x560ff71dd952] -> ./test-crypto(+0x26991) > [0x560ff71dd991] -> ./test-crypto(+0x14e03) [0x560ff71cbe03] -> > .libs/libdcrypt_openssl.so(+0x5f25) [0x7f5b1b499f25] -> > ./test-crypto(+0x1f071) [0x560ff71d6071] -> ./test-crypto(+0x227cf) > [0x560ff71d97cf] -> ./test-crypto(test_run+0x4a) [0x560ff71da2da] -> > ./test-crypto(main+0x4f) [0x560ff71d032f] -> /lib64/libc.so.6(+0x232ca) > [0x7f5b1b5322ca] -> /lib64/libc.so.6(__libc_start_main+0x85) [0x7f5b1b532385] > -> ./test-crypto(_start+0x21) [0x560ff71d0451] > make[3]: *** [Makefile:1137: check-local] Error 1 > [...] > $ openssl version > OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022) > > Thank you > -- > Eray OpenSSL 3.0 support is also planned for 2.4. Aki
