date:20151207

EVP_PKEY_get1_EC_KEY:expecting a ec key

2015-12-07 Thread Oliver Riesen-Mallmann

Hi,

since my last update from the Dovecot Prebuilt Binary for Debian I get a
lot of messages like this in mail.log:

dovecot: imap-login: Error: SSL: Stacked error: error:0608308E:digital
envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key

Nevertheless Dovecot seems to work normally. Email client doesn't
mention any error.

This was my last update:

Start-Date: 2015-12-04  14:00:31
Commandline: apt-get upgrade
Upgrade: dovecot-core:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
dovecot-managesieved:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
dovecot-sieve:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
dovecot-imapd:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
dovecot-pop3d:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
openssl:amd64 (1.0.1e-2+deb7u17, 1.0.1e-2+deb7u18),
libssl1.0.0:amd64 (1.0.1e-2+deb7u17, 1.0.1e-2+deb7u18)
End-Date: 2015-12-04  14:00:53

My current Dovecot version: 2.2.20.rc1 (0b81127e53da)
on Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64

Is it a bug in Dovecot or in openssl/libssl?

Regards
Oliver

Re: EVP_PKEY_get1_EC_KEY:expecting a ec key

2015-12-07 Thread Teemu Huovila



On 07.12.2015 12:23, Oliver Riesen-Mallmann wrote:
> Hi,
> 
> since my last update from the Dovecot Prebuilt Binary for Debian I get a
> lot of messages like this in mail.log:
> 
> dovecot: imap-login: Error: SSL: Stacked error: error:0608308E:digital
> envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key
> 
> Nevertheless Dovecot seems to work normally. Email client doesn't
> mention any error.
> 
> This was my last update:
> 
> Start-Date: 2015-12-04  14:00:31
> Commandline: apt-get upgrade
> Upgrade: dovecot-core:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
> dovecot-managesieved:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
> dovecot-sieve:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
> dovecot-imapd:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
> dovecot-pop3d:amd64 (2.2.19-1~auto+98, 2.2.20~rc1-1~auto+3),
> openssl:amd64 (1.0.1e-2+deb7u17, 1.0.1e-2+deb7u18),
> libssl1.0.0:amd64 (1.0.1e-2+deb7u17, 1.0.1e-2+deb7u18)
> End-Date: 2015-12-04  14:00:53
> 
> My current Dovecot version: 2.2.20.rc1 (0b81127e53da)
> on Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64
> 
> Is it a bug in Dovecot or in openssl/libssl?
Could you post your doveconf -n output?

br,
Teemu Huovila

Released Pigeonhole v0.4.10.rc2 for Dovecot v2.2.20

2015-12-07 Thread Stephan Bosch

Hello Dovecot users,

Here's the Pigeonhole RC that goes with Dovecot v2.2.20. Due to the
earlier described conflict, RC1 will not compile with the new Dovecot
release.

I am not really in hurry to make a definitive release of Pigeonhole,
since v0.4.9 still compiles fine with Dovecot v2.2.20. Still, if no big
bugs emerge in the next few days, I will make a final release. So,
please test this new RC and especially the new features.

Changelog v0.4.10:

+ Implemented the Sieve mime and foreverypart extensions (RFC 5703).
These are fully implemented. The interaction with the editheader
extension needs some work, but this should not influence most uses;
i.e., changes by the editheader extension are not always visible
using foreverypart/mime.
+ Sieve body extension: Properly implemented the `:text' body
transform. It now extracts text for HTML message parts.
+ Sieve enotify extension: mailto method: Implemented the
sieve_notify_mailto_envelope_from setting. This allows configuring
the source of the notification sender address for e-mail
notifications. This is similar to what already can be configured for
redirect.
+ Added a sieve_enabled (defaults to 'yes') setting that allows
explicitly disabling Sieve processing for particular users. This used
to be possible by setting `sieve=', but ever since the sieve_before,
sieve_after and sieve_default settings were added, this method was
not reliable anymore.
- variables extension: Fixed handling of empty string by the `:length'
set modifier. An empty string yielded an empty string rather than "0".
- Fixed memory leak in the Sieve script byte code dumping facility.
Extension contexts were never actually freed.
- Fixed handling of implicit keep when the last Sieve script is a
global one. In that case the implicit keep action was executed in
global context, which could mean that trivial (quota) errors ended up
in the system log file, rather than the user log file.
- doveadm sieve plugin: Fixed crashes caused by incorrect context
allocation in the sieve command implementations.

The release is available as follows:

http://pigeonhole.dovecot.org/releases/2.2/rc/dovecot-2.2-pigeonhole-0.4.10.rc2.tar.gz
http://pigeonhole.dovecot.org/releases/2.2/rc/dovecot-2.2-pigeonhole-0.4.10.rc2.tar.gz.sig

Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for
more information. Have fun testing this release candidate and don't
hesitate to notify me when there are any problems.

Regards,

--
Stephan Bosch
step...@rename-it.nl

v2.2.20 released

2015-12-07 Thread Timo Sirainen

http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig

This could be (one of) the last v2.2.x release. We're starting v2.3 development 
soon.

 + Added mailbox { autoexpunge= } setting. See
   http://wiki2.dovecot.org/MailboxSettings for details.
 + ssl_options: Added support for no_ticket
 + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra
   field. This allows replacing the default service
   imap/pop3/managesieve {} settings for specific users (e.g. running
   their imap process via valgrind or strace).
 + doveadm fetch: Added date.sent/received/saved.unixtime
 + fs-posix: Added mode=auto parameter to set the created files' and
   directories' mode based on the parent dir if it has setgid-bit.
 + director: Support backends having hostnames, which makes it possible
   to verify their SSL certificates.
 - director: Directors' state became desynchronized if doveadm director
   commands were used to modify the same backend in multiple directors
   at the same time with conflicting changes. This fix includes some
   extra checks, which makes sure that if such a conflict still happens
   it's automatically fixed. In some situations such an automatic fix
   may now be unnecessarily triggered and an error logged.
 - director: Backend tags weren't working correctly.
 - ldap: tls_* settings weren't used for ldaps URIs.
 - ldap, mysql: Fixed setting connect timeout.
 - auth: userdb lookups via auth-worker couldn't change username
 - dsync: Fixed handling deleted directories. Make sure we don't go to
   infinite mailbox renaming loop.
 - imap: Fixed crash in NOTIFY when there were watched namespaces that
   didn't support NOTIFY.
 - imap: After SETMETADATA was used, various commands (especially FETCH)
   could have started hanging when their output was large.
 - stats: Idle sessions weren't refreshed often enough, causing stats
   process to forget them and log errors about unknown sessions when
   they were updated later.
 - stats: Fixed "Duplicate session ID" errors when LMTP delivered to
   multiple recipients and fts_autoindex=yes.
 - zlib plugin: Fixed copying causing cache corruption when zlib_save
   wasn't set, but the source message was compressed.
 - fts-solr: Fixed escaping Solr query parameters.
 - lmtp: quota_full_tempfail=yes was ignored with
   lmtp_rcpt_check_quota=yes

[Dovecot-news] Released Pigeonhole v0.4.10.rc2 for Dovecot v2.2.20