From owner-freebsd-stable@freebsd.org  Thu Jun 25 18:19:29 2015
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A980A98C46C
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Thu, 25 Jun 2015 18:19:29 +0000 (UTC)
 (envelope-from gshapiro@gshapiro.net)
Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9298B1C37
 for <freebsd-stable@freebsd.org>; Thu, 25 Jun 2015 18:19:29 +0000 (UTC)
 (envelope-from gshapiro@gshapiro.net)
Received: from C02N93Y5G3QT.corp.proofpoint.com (mx2.proofpoint.com
 [208.86.202.10]) (authenticated bits=0)
 by zim.gshapiro.net (8.15.1.36/8.15.1.36) with ESMTPSA id t5PIJMaH044335
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Thu, 25 Jun 2015 11:19:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net;
 s=gatsby.dkim; t=1435256369;
 bh=rqXV0LSJRPfuIkzuwhpygdQeAo1vxhEDI3ixo0/AQ7k=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=GH3M6L9ANNPd9yaRThDD9KC0guqFFsH4RARlU0R8lOVyjFQ01K2VXzzR5JZx9QBzJ
 SBiWdvGH0BA1JOMT5bIWiwmA0XmqO0gWQLcswKap56mfVOoyzIkUCYg6GEzxaKT8Yb
 BHGuYYopzs71BE70/9C2Wz68JeeYvR+IN1hbULII=
Date: Thu, 25 Jun 2015 11:19:22 -0700
From: Gregory Shapiro <gshapiro@gshapiro.net>
To: Marko =?utf-8?B?Q3VwYcSH?= <marko.cupac@mimar.rs>
Cc: freebsd-stable@freebsd.org
Subject: Re: Last openssl update brakes localhost email sending
Message-ID: <20150625181921.GI85100@C02N93Y5G3QT.corp.proofpoint.com>
References: <CAAoTqft7wRi9Ov_oiCk64HwbT+rXn-AvkOd-+VeFhq_s8bE7NA@mail.gmail.com>
 <CAAoTqfvchXndzgCRDyJXCz+UOi93w1v-vvKvoLMgPLk6cHh4Dw@mail.gmail.com>
 <5582C749.9060801@sentex.net> <20150618150404.GA42082@minime.local>
 <20150625104051.06decfa6@efreet>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150625104051.06decfa6@efreet>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2015 18:19:29 -0000

> All of my 10.1-RELEASE-p13 systems are affected, some 20 boxes. Sendmail
> is used only for sending daily and security run outputs, but I am
> starting to feel unconfortable as it will soon be two weeks since I
> received them.
> 
> All those systems are without source code on them, and it is quite
> inconvenient for me to rebuild from source. Is binary update for this
> coming soon? Is it coming at all?

It is coming, the commit for the stable branches was last night.  The
Security and RE teams are working on the releng branches next to
produce the binary patches.

A workaround is available:

openssl dhparam -out /etc/mail/certs/dh.param 2048
cd /etc/mail/; make restart