1. Forum
  2. USENET
  3. comp.mail.pine

  • Re: uw-imapd crashes in ptext < pbodypartstring < fetch_body_part_contents

    From Thorsten Glaser@tg@mirbsd.de to comp.mail.pine on Sun Jul 13 22:38:42 2025
    From Newsgroup: comp.mail.pine

    Eduardo Chappa dixit:

    you seem to be using an old version of imapd.c. From the current bits
    ptext is between lines 3878 and 3883, so it seems you are using an old version.
    The advice in these cases is to upgrade your version to a newer version.

    AFAICT I have the latest known version, perhaps did the distribution
    site change? Can you point me to the latest?

    Thanks,
    //mirabilos
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Eduardo Chappa@chappa@washington.edu to comp.mail.pine on Mon Jul 14 11:11:13 2025
    From Newsgroup: comp.mail.pine

    On Sun, 13 Jul 2025, Thorsten Glaser wrote:

    Eduardo Chappa dixit:

    you seem to be using an old version of imapd.c. From the current bits
    ptext is between lines 3878 and 3883, so it seems you are using an old
    version. The advice in these cases is to upgrade your version to a
    newer version.

    AFAICT I have the latest known version, perhaps did the distribution
    site change? Can you point me to the latest?

    Tough question to answer, since there is no official distribution of
    imapd. This is what I can tell you.

    The latest bits created by Mark Crispin are located at

    https://github.com/jonabbey/panda-imap

    I do not know if they have ever been updated. For example to update the
    code based on changes in the openssl library API.

    The bits for imapd in the source code of alpine have been updated for
    changes in the openssl library API, but I have never updated the imapd
    code, so it is probably the same as in github, but I have updated the underlying c-client library to work with Alpine, no testing of the imapd
    code has ever been done, so if you go that way, use it at your own risk.

    I hope this helps.
    --
    Eduardo
    https://alpineapp.email (web)
    http://repo.or.cz/alpine.git (Git)
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Gary R. Schmidt@grschmidt@acm.org to comp.mail.pine on Tue Jul 15 17:46:08 2025
    From Newsgroup: comp.mail.pine

    On 15/7/25 03:11, Eduardo Chappa wrote:
    On Sun, 13 Jul 2025, Thorsten Glaser wrote:

    Eduardo Chappa dixit:

    you seem to be using an old version of imapd.c. From the current bits
    ptext is between lines 3878 and 3883, so it seems you are using an
    old version. The advice in these cases is to upgrade your version to
    a newer version.

    AFAICT I have the latest known version, perhaps did the distribution
    site change? Can you point me to the latest?

    Tough question to answer, since there is no official distribution of
    imapd. This is what I can tell you.

    The latest bits created by Mark Crispin are located at

    https://github.com/jonabbey/panda-imap

    I do not know if they have ever been updated. For example to update the
    code based on changes in the openssl library API.

    The bits for imapd in the source code of alpine have been updated for changes in the openssl library API, but I have never updated the imapd
    code, so it is probably the same as in github, but I have updated the underlying c-client library to work with Alpine, no testing of the imapd code has ever been done, so if you go that way, use it at your own risk.

    I hope this helps.

    Someone - Erik Kangas - did the OpenSSL 1.1.x changes to Panda-IMAP,
    and they may have been checked in to that repository.

    If they haven't, here's the email from the IMAP mailing list: ======================================================================
    1. There is only 1 critical change. There are a lot of fatal compile
    errors around use of "cert->name". Openssl-ano longer exposes the
    contents of the X509 structure. The solution seems to be to replace
    this with something like:

    cert->name

    replace with

    X509_NAME_oneline(X509_get_subject_name(cert),NULL,0)


    which extracts the name from the cert object and returns it as a newly allocated char*. This could be a very small memory leak; but for most purposes each imapd and ipop3d only exist for the single connection --
    so its probably not a concern, just a few bytes. You could fix by
    adding a few more lines to create a buffer and have
    X509_NAME_oneline-asave to your buffer, etc.

    2. There are a couple deprecated functions that should be updated:

    TLSv1_client_method
    TLS_client_method

    RSA_generate_key
    RSA_generate_key_ex

    That is it -- things seem to be compiling and tests (so far) show things
    are working properly. There are still compile warnings here and there
    (as there always have been with imapd) but they seem OK. I will still
    be testing for some time before I push out. Also, linking to
    openssl-av1.1.1 also seems to have cleared up some issues with C-Client
    using STARTTLS-awith TLS 1.2-only servers (we already have support for
    DHE and ECDHE-abuilt in). ======================================================================

    Cheers,
    Gary B-)
    --- Synchronet 3.21a-Linux NewsLink 1.2