pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/48566: getpwnam() fix and ECDH for sendmail from upstream

>Number:         48566
>Category:       pkg
>Synopsis:       getpwnam() fix and ECDH for sendmail from upstream
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Feb 02 17:40:00 +0000 2014
>Originator:     Emmanuel Dreyfus
>Release:        NetBSD 6.1.2
NetBSD lego 6.1.2 NetBSD 6.1.2 (XEN3_DOMU) amd64
I would like to have two patches from upstream available in pkgsrc. The
pkgsrc change is here:

We have the ffr_tls_ec option to enable ECDH, which I already proposed
before. This helps a lot of clients negociating with PFS enabled. 

I recall we talk about enabling it uncondtionnaly with ffr_tls_1. I can
do that if it is confirmed to be the way to go. But please note it
changes the default behavior, as OpenSSL sets a high priority by default
on ECDH ciphers, which tend to be picked first if they are available.
They can be disabled with an appropriate O CipherList setting in, though.

Next, we have the getpwnam patch, which fixes a long standing bug in
sendmail, where an unreachable LDAP directory can cause a mail to be
rejected just like if there was aun unknown sender.

Just commit it:

Home | Main Index | Thread Index | Old Index