pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/48566: getpwnam() fix and ECDH for sendmail from upstream
>Number: 48566
>Category: pkg
>Synopsis: getpwnam() fix and ECDH for sendmail from upstream
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Feb 02 17:40:00 +0000 2014
>Originator: Emmanuel Dreyfus
>Release: NetBSD 6.1.2
>Organization:
>Environment:
NetBSD lego 6.1.2 NetBSD 6.1.2 (XEN3_DOMU) amd64
>Description:
I would like to have two patches from upstream available in pkgsrc. The
pkgsrc change is here:
http://ftp.espci.fr/shadow/manu/sendmail.patch
We have the ffr_tls_ec option to enable ECDH, which I already proposed
before. This helps a lot of clients negociating with PFS enabled.
I recall we talk about enabling it uncondtionnaly with ffr_tls_1. I can
do that if it is confirmed to be the way to go. But please note it
changes the default behavior, as OpenSSL sets a high priority by default
on ECDH ciphers, which tend to be picked first if they are available.
They can be disabled with an appropriate O CipherList setting in
sendmail.cf, though.
Next, we have the getpwnam patch, which fixes a long standing bug in
sendmail, where an unreachable LDAP directory can cause a mail to be
rejected just like if there was aun unknown sender.
>How-To-Repeat:
>Fix:
Just commit it:
http://ftp.espci.fr/shadow/manu/sendmail.patch
Home |
Main Index |
Thread Index |
Old Index