Package: sendmail
Version: 8.14.4-4
Severity: wishlist
Tags: patch
-- Package-specific info:
-- System Information:
Debian Release: 7.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
-- Patch:
The latest sendmail release (sendmail-8.14.8) has this patch included
(but it's not mentioned nor documented in the source / docs)
diff -ruN sendmail-8.14.4/debian/changelog sendmail-8.14.4-1/debian/changelog
--- sendmail-8.14.4/debian/changelog 2014-03-04 23:27:44.000000000 +0100
+++ sendmail-8.14.4-1/debian/changelog 2014-03-04 22:55:41.000000000 +0100
@@ -1,3 +1,10 @@
+sendmail (8.14.4-4.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * Add _FFR_TLS_EC support
+
+ -- Fredrik Pettai <pet...@e-mailfilter-test.nordu.net> Tue, 04 Mar 2014
22:52:36 +0100
+
sendmail (8.14.4-4) unstable; urgency=low
* New maintainer. (Closes: #699117)
diff -ruN sendmail-8.14.4/debian/configure sendmail-8.14.4-1/debian/configure
--- sendmail-8.14.4/debian/configure 2014-03-04 23:27:44.000000000 +0100
+++ sendmail-8.14.4-1/debian/configure 2014-03-04 22:43:12.000000000 +0100
@@ -7260,6 +7260,7 @@
sm_sendmail_envdef="$sm_sendmail_envdef -DSTARTTLS";
sm_sendmail_libs="$sm_sendmail_libs -lcrypto -lssl";
sm_ffr="$sm_ffr -D_FFR_TLS_1";
+ sm_ffr="$sm_ffr -D_FFR_TLS_EC";
sm_ffr="$sm_ffr -D_FFR_DEAL_WITH_ERROR_SSL";
: fi;
v2i 8.13.0;
diff -ruN sendmail-8.14.4/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch
sendmail-8.14.4-1/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch
--- sendmail-8.14.4/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch
1970-01-01 01:00:00.000000000 +0100
+++ sendmail-8.14.4-1/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch
2014-03-04 22:55:26.000000000 +0100
@@ -0,0 +1,42 @@
+--- sendmail-8.14.4/sendmail/conf.c.orig 2014-03-04 22:44:56.000000000
+0100
++++ sendmail-8.14.4/sendmail/conf.c 2014-03-04 22:45:28.000000000 +0100
+@@ -6411,6 +6411,9 @@
+ /* More STARTTLS options, e.g., secondary certs. */
+ "_FFR_TLS_1",
+ #endif /* _FFR_TLS_1 */
++#if _FFR_TLS_EC
++ "_FFR_TLS_EC",
++#endif /* _FFR_TLS_EC */
+ #if _FFR_TRUSTED_QF
+ /*
+ ** If we don't own the file mark it as unsafe.
+--- sendmail-8.14.4/sendmail/tls.c.orig 2014-03-04 22:45:42.000000000
+0100
++++ sendmail-8.14.4/sendmail/tls.c 2014-03-04 22:48:38.000000000 +0100
+@@ -944,6 +944,9 @@
+ /* Diffie-Hellman initialization */
+ if (bitset(TLS_I_TRY_DH, req))
+ {
++#if _FFR_TLS_EC
++ EC_KEY *ecdh;
++#endif /* _FFR_TLS_EC */
+ if (bitset(TLS_S_DHPAR_OK, status))
+ {
+ BIO *bio;
+@@ -1018,6 +1021,17 @@
+ who, 8 * DH_size(dh), *dhparam);
+ DH_free(dh);
+ }
++
++#if _FFR_TLS_EC
++ ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
++ if (ecdh != NULL)
++ {
++ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
++ SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
++ EC_KEY_free(ecdh);
++ }
++#endif /* _FFR_TLS_EC */
++
+ }
+ # endif /* !NO_DH */
+
diff -ruN sendmail-8.14.4/debian/patches/8.14/8.14.4/series
sendmail-8.14.4-1/debian/patches/8.14/8.14.4/series
--- sendmail-8.14.4/debian/patches/8.14/8.14.4/series 2014-03-04
23:27:44.000000000 +0100
+++ sendmail-8.14.4-1/debian/patches/8.14/8.14.4/series 2014-03-04
22:50:39.000000000 +0100
@@ -10,3 +10,4 @@
rmail.odi
hard-code-lockf.patch
lock-mail-local.diff
+_ffr_tls_ec.patch
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
