Heartbleed: dovecot2 is still vulnerable after upgrade of OpenSSL library
Clemens Lang
cal at macports.org
Tue Apr 22 12:23:07 PDT 2014
Hi Winfried,
> > What's the output of `sudo env DYLD_PRINT_LIBRARIES=1 dovecot -F`
> > on your system?
I should have realized not even the output on my system for that command
referenced libssl.dylib or libcrypto.dylib…
Instead, please set `import_environment = DYLD_PRINT_LIBRARIES` in your
dovecot.conf and restart dovecot with
$> sudo env DYLD_PRINT_LIBRARIES=1 dovecot -F.
Then, run cardiac-arrest.py and check your dovecot logfile. It should
contain the lines printed by the loader due to the DYLD_* variable. Mine
looks like this:
Apr 22 21:16:25 cSchlepptop.local dovecot[4788]: imap-login: Error: dyld: loaded: /opt/local/lib/libssl.1.0.0.dylib
Apr 22 21:16:25 cSchlepptop.local dovecot[4788]: imap-login: Error: dyld: loaded: /opt/local/lib/libcrypto.1.0.0.dylib
If the path is different for you we have found the problem. If it is missing
completely, OpenSSL was likely statically linked, and we've also found the
problem (even though we still wouldn't know why the rebuild didn't fix it).
If the path is the same, please run
$> strings /opt/local/lib/libssl.1.0.0.dylib | grep 'OpenSSL'
and paste the output. It should contain five lines with the version number
at 1.0.1g.
HTH,
--
Clemens Lang
More information about the macports-users
mailing list