From owner-freebsd-security@FreeBSD.ORG  Wed Mar 11 19:49:07 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 47AC831F;
 Wed, 11 Mar 2015 19:49:07 +0000 (UTC)
Received: from proper.com (Opus1.Proper.COM [207.182.41.91])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1FA1E1A9;
 Wed, 11 Mar 2015 19:49:06 +0000 (UTC)
Received: from [10.20.30.101] (50-1-99-2.dsl.dynamic.fusionbroadband.com
 [50.1.99.2]) (authenticated bits=0)
 by proper.com (8.15.1/8.14.9) with ESMTPSA id t2BJmK01029216
 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Wed, 11 Mar 2015 12:49:05 -0700 (MST)
 (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host
 50-1-99-2.dsl.dynamic.fusionbroadband.com [50.1.99.2] claimed to be
 [10.20.30.101]
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Subject: Re: sendmail broken by libssl in current
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <20150311192514.GS16749@C02KM089FFRR.corp.proofpoint.com>
Date: Wed, 11 Mar 2015 12:49:05 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <3FEBF8E9-BB5B-403F-9648-A5F7CB60F9AB@vpnc.org>
References: <54FFE774.50103@freebsd.org>
 <alpine.BSO.2.20.1503110042030.28688@morgaine.local>
 <20150311161549.GB16749@C02KM089FFRR.corp.proofpoint.com>
 <F4FA7F6D-BB64-41CB-A6E1-3670C0F17870@vpnc.org>
 <20150311192514.GS16749@C02KM089FFRR.corp.proofpoint.com>
To: Gregory Shapiro <gshapiro@freebsd.org>
X-Mailer: Apple Mail (2.2070.6)
X-Mailman-Approved-At: Wed, 11 Mar 2015 20:12:16 +0000
Cc: freebsd security <freebsd-security@freebsd.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 19:49:07 -0000

On Mar 11, 2015, at 12:25 PM, Gregory Shapiro <gshapiro@freebsd.org> =
wrote:
>=20
>>> sendmail 8.15.1 is imported into the vendor area but not merged due =
to an incompatible change that is being moved into a run-time =
configuration variable in 8.15.2.  Rather than expose the FreeBSD =
populate to the churn from that change, I am skipping 8.15.1 and will =
import 8.15.2.
>>>=20
>>> That being said, I can certainly make the local fix that Philip =
mention to take care of the padding issue.  Is the new libssl in =
11-CURRENT going to be/already been MFC'ed to other branches?
>>=20
>> I'm still *really* hesitant for us to be patching OpenSSL for a bug =
on a middlebox vendor's system that already has a fix.
>=20
> My intent is to patch sendmail, not OpenSSL, with a change that is =
already part of a newer sendmail release.

Ah, that wasn't clear from the thread, sorry. Sure, patching Sendmail =
for this seems fine. Thanks!

--Paul Hoffman=