Re: [exim] [exim-dev] Exim 4.87 RC3 uploaded

Top Page
Delete this message
Reply to this message
Author: The Doctor
Date:  
To: Jeremy Harris
CC: exim users, exim-dev@exim.org, exim-maintainers
Subject: Re: [exim] [exim-dev] Exim 4.87 RC3 uploaded
On Mon, Jan 18, 2016 at 06:00:09PM +0000, Jeremy Harris wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> The ftp site:
>
> ftp://ftp.exim.org/pub/exim/exim4/test/
>
> now has RC3 of Exim 4.87 available. Built and
> signed by myself.
>
> Changes of interest since RC2:
> - - DKIM: fix quoted-printable decode
> - - Malware: Fix potential spin-on-read-error with kavdaemon
> - - dnslists: permit use with explicit key(s) in nonsmtp ACLs. Bug 1748
> - - Pretty print for -bP config
> - - Consolidate base64 encode/decode routines
> - - New expansion operator base64d, and base64 as synonym for str2b64. Bug 1746
> - - Support certificates in base64 expansion operator. Bug 1762
> - - DKIM: use TLS library where possible in preference to embedded PolarSSL copy
> - - add requirement on good HELO in the example configuration
> - - OpenSSL: Default the SINGLE_DH_USE option flag set
> - - Expansions: fix memory-usage bug in ${run }. Bug 1778
> - - Permit an ACL to override the default 252 VRFY response. Bug 1769
> - - Restrict line lengths in bounces. Bug 1760
>
>
> No feature-introductions will be accepted in the mainline code branch
> between now and 4.87 final release. Bug fixes are still welcome.
>
> Please report issues here in the exim-dev or
> exim-users mailinglist, or by raising bugs
> on http://bugs.exim/org
>
>



openssl 1.1 concern

gcc tls.c
In file included from tls.c:124:
tls-openssl.c: In function `rsa_callback':
tls-openssl.c:247: warning: `RSA_generate_key' is deprecated (declared at /usr/contrib/include/openssl/rsa.h:322)
tls-openssl.c: In function `tls_client_stapling_cb':
tls-openssl.c:1191: dereferencing pointer to incomplete type
In file included from tls.c:124:
tls-openssl.c: In function `vaguely_random_number':
tls-openssl.c:2560: warning: `RAND_pseudo_bytes' is deprecated (declared at /usr/contrib/include/openssl/rand.h:98)
*** Error code 1

Stop.
*** Error code 1

Stop.

concern 3 RAND_pseudo_bytes should be replaced by RAND_bytes in OpenSSL 1.1

concern 1

man RSA_generate_key_ex
man: Formatting manual page...

RSA_generate_key(3)          OpenSSL          RSA_generate_key(3)


NAME
       RSA_generate_key_ex, RSA_generate_key - generate RSA key
       pair


SYNOPSIS
        #include <openssl/rsa.h>


        int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);


       Deprecated:


        #if OPENSSL_API_COMPAT < 0x00908000L
        RSA *RSA_generate_key(int num, unsigned long e,
           void (*callback)(int,int,void *), void *cb_arg);
        #endif


DESCRIPTION
       RSA_generate_key_ex() generates a key pair and stores it
       in the RSA structure provided in rsa. The pseudo-random
       number generator must be seeded prior to calling
       RSA_generate_key_ex().


       The modulus size will be of length bits, and the public
       exponent will be e. Key sizes with num < 1024 should be
       considered insecure.  The exponent is an odd number,
       typically 3, 17 or 65537.


       A callback function may be used to provide feedback about
       the progress of the key generation. If cb is not NULL, it
       will be called as follows using the BN_GENCB_call()
       function described on the BN_generate_prime(3) page.


       o   While a random prime number is generated, it is called
           as described in BN_generate_prime(3).


       o   When the n-th randomly generated prime is rejected as
           not suitable for the key, BN_GENCB_call(cb, 2, n) is
           called.


       o   When a random p has been found with p-1 relatively
           prime to e, it is called as BN_GENCB_call(cb, 3, 0).


       The process is then repeated for prime q with
       BN_GENCB_call(cb, 3, 1).


       RSA_generate_key is deprecated (new applications should
       use RSA_generate_key_ex instead). RSA_generate_key works
       in the same was as RSA_generate_key_ex except it uses "old    
       style" call backs. See BN_generate_prime(3) for further
       details.


RETURN VALUE
       If key generation fails, RSA_generate_key() returns NULL.


1.1.0-pre3-dev              2016-01-18                          1


RSA_generate_key(3)          OpenSSL          RSA_generate_key(3)


       The error codes can be obtained by ERR_get_error(3).


BUGS
       BN_GENCB_call(cb, 2, x) is used with two different
       meanings.


       RSA_generate_key() goes into an infinite loop for illegal
       input values.


SEE ALSO
       ERR_get_error(3), rand(3), rsa(3), RSA_free(3),
       BN_generate_prime(3)


1.1.0-pre3-dev              2016-01-18                          2    


Any work around?

Concern 2

STACK_OF(OCSP_SINGLERESP) * sresp = bs->tbsResponseData->responses;

Why does this happen under OpenSSL 1.1 ?

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Birthdate 29 Jan 1969 Redhill, Surrey, UK