diff --git a/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch b/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch new file mode 100644 index 0000000..b470358 --- /dev/null +++ b/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch @@ -0,0 +1,20 @@ +diff --git a/sendmail/tls.c b/sendmail/tls.c +index 16cb93f..9338380 100644 +--- a/sendmail/tls.c ++++ b/sendmail/tls.c +@@ -1329,13 +1329,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar + } + + #if _FFR_TLS_EC +- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +- if (ecdh != NULL) +- { +- SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); +- SSL_CTX_set_tmp_ecdh(*ctx, ecdh); +- EC_KEY_free(ecdh); +- } ++ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); ++ SSL_CTX_set_ecdh_auto(*ctx, 1); + #endif /* _FFR_TLS_EC */ + + } diff --git a/sendmail.spec b/sendmail.spec index b5c36a3..34e18d7 100644 --- a/sendmail.spec +++ b/sendmail.spec @@ -17,7 +17,7 @@ Summary: A widely used Mail Transport Agent (MTA) Name: sendmail Version: 8.15.2 -Release: 15%{?dist} +Release: 16%{?dist} License: Sendmail Group: System Environment/Daemons URL: http://www.sendmail.org/ @@ -88,6 +88,8 @@ Patch26: sendmail-8.15.2-libmilter-socket-activation.patch Patch27: sendmail-8.15.2-smtp-session-reuse-fix.patch Patch28: sendmail-8.15.2-openssl-1.1.0-fix.patch Patch29: sendmail-8.15.2-compile-fix.patch +# rhbz#1473971 +Patch30: sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: tcp_wrappers-devel BuildRequires: libdb-devel @@ -215,6 +217,7 @@ cp devtools/M4/UNIX/{,shared}library.m4 %patch27 -p1 -b .smtp-session-reuse-fix %patch28 -p1 -b .openssl-1.1.0-fix %patch29 -p1 -b .compile-fix +%patch30 -p1 -b .openssl-1.1.0-ecdhe-fix for f in RELEASE_NOTES contrib/etrn.0; do iconv -f iso8859-1 -t utf8 -o ${f}{_,} && @@ -733,6 +736,10 @@ fi %endif %changelog +* Thu Jul 27 2017 Jaroslav Škarvada - 8.15.2-16 +- Fixed ECDHE to work with all curves (openssl-1.1.0-ecdhe-fix patch) + Resolves: rhbz#1473971 + * Thu Mar 23 2017 Jaroslav Škarvada - 8.15.2-15 - Explicitly enabled sm-client statistics Related: rhbz#890585