aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2015-06-18 05:36:45 +0000
committerXin LI <delphij@FreeBSD.org>2015-06-18 05:36:45 +0000
commit3cc4b903a1e368c5629f2d887255c5a57890e9d0 (patch)
tree62914b25cf84aafa5bee350c10409cd5c149a1df
parentcc0676581f14047fe0bfb77fd7bd07ece29ac0dd (diff)
Notes
-rw-r--r--UPDATING3
-rw-r--r--contrib/sendmail/src/tls.c6
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 7 insertions, 4 deletions
diff --git a/UPDATING b/UPDATING
index ade4d5303760..1c0be982aef8 100644
--- a/UPDATING
+++ b/UPDATING
@@ -11,6 +11,9 @@ handbook:
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20150618: p17 FreeBSD-EN-15:08.sendmail
+ Improvements to sendmail TLS/DH interoperability. [EN-15:08]
+
20150612: p16 FreeBSD-SA-15:10.openssl
Fix multiple vulnerabilities in OpenSSL. [SA-15:10]
diff --git a/contrib/sendmail/src/tls.c b/contrib/sendmail/src/tls.c
index 75207ee4a1f0..ca93ee8b730f 100644
--- a/contrib/sendmail/src/tls.c
+++ b/contrib/sendmail/src/tls.c
@@ -650,7 +650,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
** 1024 generate 1024 bit parameters
** 2048 generate 2048 bit parameters
** /file/name read parameters from /file/name
- ** default is: 1024 for server, 512 for client (OK? XXX)
+ ** default is: 1024
*/
if (bitset(TLS_I_TRY_DH, req))
@@ -676,8 +676,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
}
if (dhparam == NULL)
{
- dhparam = srv ? "1" : "5";
- req |= (srv ? TLS_I_DH1024 : TLS_I_DH512);
+ dhparam = "1";
+ req |= TLS_I_DH1024;
}
else if (*dhparam == '/')
{
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 7561a45f6298..4c4debea728a 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="9.3"
-BRANCH="RELEASE-p16"
+BRANCH="RELEASE-p17"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi