Package: sendmail Version: 8.14.4-4 Severity: wishlist Tags: patch -- Package-specific info:
-- System Information: Debian Release: 7.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash -- Patch: The latest sendmail release (sendmail-8.14.8) has this patch included (but it's not mentioned nor documented in the source / docs) diff -ruN sendmail-8.14.4/debian/changelog sendmail-8.14.4-1/debian/changelog --- sendmail-8.14.4/debian/changelog 2014-03-04 23:27:44.000000000 +0100 +++ sendmail-8.14.4-1/debian/changelog 2014-03-04 22:55:41.000000000 +0100 @@ -1,3 +1,10 @@ +sendmail (8.14.4-4.1) UNRELEASED; urgency=low + + * Non-maintainer upload. + * Add _FFR_TLS_EC support + + -- Fredrik Pettai <pet...@e-mailfilter-test.nordu.net> Tue, 04 Mar 2014 22:52:36 +0100 + sendmail (8.14.4-4) unstable; urgency=low * New maintainer. (Closes: #699117) diff -ruN sendmail-8.14.4/debian/configure sendmail-8.14.4-1/debian/configure --- sendmail-8.14.4/debian/configure 2014-03-04 23:27:44.000000000 +0100 +++ sendmail-8.14.4-1/debian/configure 2014-03-04 22:43:12.000000000 +0100 @@ -7260,6 +7260,7 @@ sm_sendmail_envdef="$sm_sendmail_envdef -DSTARTTLS"; sm_sendmail_libs="$sm_sendmail_libs -lcrypto -lssl"; sm_ffr="$sm_ffr -D_FFR_TLS_1"; + sm_ffr="$sm_ffr -D_FFR_TLS_EC"; sm_ffr="$sm_ffr -D_FFR_DEAL_WITH_ERROR_SSL"; : fi; v2i 8.13.0; diff -ruN sendmail-8.14.4/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch sendmail-8.14.4-1/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch --- sendmail-8.14.4/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch 1970-01-01 01:00:00.000000000 +0100 +++ sendmail-8.14.4-1/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch 2014-03-04 22:55:26.000000000 +0100 @@ -0,0 +1,42 @@ +--- sendmail-8.14.4/sendmail/conf.c.orig 2014-03-04 22:44:56.000000000 +0100 ++++ sendmail-8.14.4/sendmail/conf.c 2014-03-04 22:45:28.000000000 +0100 +@@ -6411,6 +6411,9 @@ + /* More STARTTLS options, e.g., secondary certs. */ + "_FFR_TLS_1", + #endif /* _FFR_TLS_1 */ ++#if _FFR_TLS_EC ++ "_FFR_TLS_EC", ++#endif /* _FFR_TLS_EC */ + #if _FFR_TRUSTED_QF + /* + ** If we don't own the file mark it as unsafe. +--- sendmail-8.14.4/sendmail/tls.c.orig 2014-03-04 22:45:42.000000000 +0100 ++++ sendmail-8.14.4/sendmail/tls.c 2014-03-04 22:48:38.000000000 +0100 +@@ -944,6 +944,9 @@ + /* Diffie-Hellman initialization */ + if (bitset(TLS_I_TRY_DH, req)) + { ++#if _FFR_TLS_EC ++ EC_KEY *ecdh; ++#endif /* _FFR_TLS_EC */ + if (bitset(TLS_S_DHPAR_OK, status)) + { + BIO *bio; +@@ -1018,6 +1021,17 @@ + who, 8 * DH_size(dh), *dhparam); + DH_free(dh); + } ++ ++#if _FFR_TLS_EC ++ ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ++ if (ecdh != NULL) ++ { ++ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); ++ SSL_CTX_set_tmp_ecdh(*ctx, ecdh); ++ EC_KEY_free(ecdh); ++ } ++#endif /* _FFR_TLS_EC */ ++ + } + # endif /* !NO_DH */ + diff -ruN sendmail-8.14.4/debian/patches/8.14/8.14.4/series sendmail-8.14.4-1/debian/patches/8.14/8.14.4/series --- sendmail-8.14.4/debian/patches/8.14/8.14.4/series 2014-03-04 23:27:44.000000000 +0100 +++ sendmail-8.14.4-1/debian/patches/8.14/8.14.4/series 2014-03-04 22:50:39.000000000 +0100 @@ -10,3 +10,4 @@ rmail.odi hard-code-lockf.patch lock-mail-local.diff +_ffr_tls_ec.patch -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org