From owner-freebsd-security@FreeBSD.ORG Wed Mar 11 19:18:45 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D9564802 for ; Wed, 11 Mar 2015 19:18:45 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AA576E07 for ; Wed, 11 Mar 2015 19:18:45 +0000 (UTC) Received: from Julian-MBP3.local (50-196-156-133-static.hfc.comcastbusiness.net [50.196.156.133]) (authenticated bits=0) by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id t2BJIhBw016882 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Wed, 11 Mar 2015 12:18:44 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <5500950E.9070905@freebsd.org> Date: Wed, 11 Mar 2015 12:18:38 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: sendmail broken by libssl in current References: <54FFE774.50103@freebsd.org> <20150311161549.GB16749@C02KM089FFRR.corp.proofpoint.com> In-Reply-To: <20150311161549.GB16749@C02KM089FFRR.corp.proofpoint.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2015 19:18:45 -0000 On 3/11/15 9:15 AM, Gregory Shapiro wrote: > First, thank you Philip for jumping on this. Much appreciated. > >> This wonderful change (cough) to include SSL_OP_TLSEXT_PADDING in >> SSL_OP_ALL was addressed in sendmail 8.15.1, which explicitly removes >> SSL_OP_TLSEXT_PADDING from the default ClientSSLOptions value if that >> #define exists. I believe Greg is working on importing that to FreeBSD. > sendmail 8.15.1 is imported into the vendor area but not merged due to an incompatible change that is being moved into a run-time configuration variable in 8.15.2. Rather than expose the FreeBSD populate to the churn from that change, I am skipping 8.15.1 and will import 8.15.2. > > That being said, I can certainly make the local fix that Philip mention to take care of the padding issue. Is the new libssl in 11-CURRENT going to be/already been MFC'ed to other branches? > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > the change is in libssl1.0.1g and later so, yes it's already in 10