You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2011/05/19 19:41:57 UTC
[Bug 6595] New: "Disable SSLv2 support due to its removal from
OpenSSL" - Debian patch
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6595
Bug #: 6595
Summary: "Disable SSLv2 support due to its removal from
OpenSSL" - Debian patch
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: spamc/spamd
AssignedTo: dev@spamassassin.apache.org
ReportedBy: Darxus@ChaosReigns.com
Classification: Unclassified
Created attachment 4898
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=4898
Disable SSLv2 support due to its removal from OpenSSL
Patch attached. I'm not sure what version it should be applied to. I think it
fixes a build breakage with the latest version of SSL. Description of change
from Debian:
>From debian/changelog:
spamassassin (3.3.1-2) unstable; urgency=low
* Disable SSLv2 support due to its removal from OpenSSL (Closes: 622053)
...
-- Noah Meyerhans <no...@debian.org> Sun, 10 Apr 2011 20:58:34 -0700
>From debian/NEWS:
spamassassin (3.3.1-2) unstable; urgency=low
This version of spamassassin introduces a change in behavior when
using SSL to encrypt communication between spamc and spamd. This
change only affects usage of spamc or spamd with the --ssl option.
Due to protocol insecurity, OpenSSL has removed support for SSL
version 2. Consequently, the "sslv2" and "sslv23" options have been
removed from spamc and spamd. The default option is sslv3.
This change should be transparent unless you are using spamc or spamd
with a peer that is explicitly configured to use only sslv2
-- Noah Meyerhans <no...@debian.org> Sun, 10 Apr 2011 18:27:36 -0700
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6595] "Disable SSLv2 support due to its removal from OpenSSL" -
Debian patch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6595
--- Comment #1 from Mark Martinec <Ma...@ijs.si> 2011-05-20 00:21:51 UTC ---
Thank you for the information and the patch, makes sense.
For starters we can apply it to trunk and let people try it.
Possibly too much of a change just before the 3.3.2 wrapup
(but don't take my word for it, we are not using spamc/spamd
here, so my voice doesn't count much on this topic).
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6595] [review] "Disable SSLv2 support due to its removal from
OpenSSL" - Debian patch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6595
--- Comment #7 from Darxus <Da...@ChaosReigns.com> 2011-05-26 19:52:20 UTC ---
(In reply to comment #6)
> Already marked as resolved/fixed as well.
That was an explanation, not a request, for a status change :)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6595] [review] "Disable SSLv2 support due to its removal from
OpenSSL" - Debian patch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6595
--- Comment #6 from Kevin A. McGrail <km...@pccc.com> 2011-05-26 19:12:44 UTC ---
(In reply to comment #5)
> Already committed to target (3.4.0 / trunk).
Already marked as resolved/fixed as well.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6595] [review] "Disable SSLv2 support due to its removal from
OpenSSL" - Debian patch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6595
Darxus <Da...@ChaosReigns.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Darxus@ChaosReigns.com
Summary|"Disable SSLv2 support due |[review] "Disable SSLv2
|to its removal from |support due to its removal
|OpenSSL" - Debian patch |from OpenSSL" - Debian
| |patch
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6595] [review] "Disable SSLv2 support due to its removal from
OpenSSL" - Debian patch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6595
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
Status Whiteboard| |needs 2 votes for 3.3.2
--- Comment #2 from Kevin A. McGrail <km...@pccc.com> 2011-05-24 21:41:05 UTC ---
I am running this on devel and production servers running RH and it's a
long-standing downstream patch from debian. +1 for 3.3.2.
Committed to trunk and will notify Debian package maintainer so they can be
prepared for this issue.
Sending spamc/libspamc.c
Sending spamc/libspamc.h
Sending spamc/spamc.c
Sending spamc/spamc.pod
Sending spamd/spamd.raw
Transmitting file data .....
Committed revision 1127260.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6595] [review] "Disable SSLv2 support due to its removal from
OpenSSL" - Debian patch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6595
--- Comment #3 from Darxus <Da...@ChaosReigns.com> 2011-05-24 21:53:18 UTC ---
It's not a "long-standing downstream patch from debian". They only created it
44 days ago. It's currently in their unstable and testing releases, and Ubuntu
Oneric (scheduled to be released in October). So it probably hasn't seen a lot
of use on production mail servers.
Not saying there's anything wrong with it, just that it hasn't actually seen
extensive end user testing in stable releases.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6595] [review] "Disable SSLv2 support due to its removal from
OpenSSL" - Debian patch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6595
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|3.3.2 |3.4.0
Status Whiteboard|needs 2 votes for 3.3.2 |
--- Comment #4 from Kevin A. McGrail <km...@pccc.com> 2011-05-24 22:06:17 UTC ---
(In reply to comment #3)
> It's not a "long-standing downstream patch from debian". They only created it
> 44 days ago. It's currently in their unstable and testing releases, and Ubuntu
> Oneric (scheduled to be released in October). So it probably hasn't seen a lot
> of use on production mail servers.
>
> Not saying there's anything wrong with it, just that it hasn't actually seen
> extensive end user testing in stable releases.
Thanks for the catch. I mixed it up in the debian changelog with a 2003 patch.
Retargeting to 3.4.0.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6595] [review] "Disable SSLv2 support due to its removal from
OpenSSL" - Debian patch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6595
Darxus <Da...@ChaosReigns.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #5 from Darxus <Da...@ChaosReigns.com> 2011-05-26 19:06:25 UTC ---
Already committed to target (3.4.0 / trunk).
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.