From owner-freebsd-stable@freebsd.org Thu Jun 25 18:19:29 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A980A98C46C for ; Thu, 25 Jun 2015 18:19:29 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9298B1C37 for ; Thu, 25 Jun 2015 18:19:29 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from C02N93Y5G3QT.corp.proofpoint.com (mx2.proofpoint.com [208.86.202.10]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.36/8.15.1.36) with ESMTPSA id t5PIJMaH044335 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 25 Jun 2015 11:19:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1435256369; bh=rqXV0LSJRPfuIkzuwhpygdQeAo1vxhEDI3ixo0/AQ7k=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=GH3M6L9ANNPd9yaRThDD9KC0guqFFsH4RARlU0R8lOVyjFQ01K2VXzzR5JZx9QBzJ SBiWdvGH0BA1JOMT5bIWiwmA0XmqO0gWQLcswKap56mfVOoyzIkUCYg6GEzxaKT8Yb BHGuYYopzs71BE70/9C2Wz68JeeYvR+IN1hbULII= Date: Thu, 25 Jun 2015 11:19:22 -0700 From: Gregory Shapiro To: Marko =?utf-8?B?Q3VwYcSH?= Cc: freebsd-stable@freebsd.org Subject: Re: Last openssl update brakes localhost email sending Message-ID: <20150625181921.GI85100@C02N93Y5G3QT.corp.proofpoint.com> References: <5582C749.9060801@sentex.net> <20150618150404.GA42082@minime.local> <20150625104051.06decfa6@efreet> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150625104051.06decfa6@efreet> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2015 18:19:29 -0000 > All of my 10.1-RELEASE-p13 systems are affected, some 20 boxes. Sendmail > is used only for sending daily and security run outputs, but I am > starting to feel unconfortable as it will soon be two weeks since I > received them. > > All those systems are without source code on them, and it is quite > inconvenient for me to rebuild from source. Is binary update for this > coming soon? Is it coming at all? It is coming, the commit for the stable branches was last night. The Security and RE teams are working on the releng branches next to produce the binary patches. A workaround is available: openssl dhparam -out /etc/mail/certs/dh.param 2048 cd /etc/mail/; make restart