1 files changed, 0 insertions, 165 deletions
diff --git a/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc b/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc
deleted file mode 100644
index e5e333fae4..0000000000
--- a/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc
+++ /dev/null
@@ -1,165 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
-=============================================================================
-FreeBSD-EN-15:08.sendmail                                       Errata Notice
-                                                          The FreeBSD Project
-
-Topic:          sendmail TLS/DH Interoperability Improvement
-
-Category:       contrib
-Module:         sendmail
-Announced:      2015-06-18; Last revised on 2015-06-30.
-Credits:        Frank Seltzer, Gregory Shapiro
-Affects:        All supported versions of FreeBSD.
-Corrected:      2015-06-25 01:49:44 UTC (stable/10, 10.1-STABLE)
-                2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
-                2015-06-25 01:53:45 UTC (stable/9, 9.3-STABLE)
-                2015-06-30 23:21:48 UTC (releng/9.3, 9.3-RELEASE-p18)
-                2015-06-25 01:56:36 UTC (stable/8, 8.4-STABLE)
-                2015-06-30 23:21:59 UTC (releng/8.4, 8.4-RELEASE-p32)
-
-For general information regarding FreeBSD Errata Notices and Security
-Advisories, including descriptions of the fields above, security
-branches, and the following sections, please visit
-<URL:https://security.freebsd.org/>.
-
-0.   Revision history
-
-v1.0  2015-06-18 Initial release.
-v1.1  2015-06-30 Revised patch for non-existent DH parameter file.
-
-I.   Background
-
-Sendmail supports STARTTLS encrypted connections using DHE_EXPORT
-ciphers.  As part of that support, by default, Sendmail employs 1024-bit
-DH parameters for server connections but 512-bit DH parameters if
-configured to use a DH parameter file that does not exist.
-
-II.  Problem Description
-
-In response to CVE-2015-4000 ("Logjam TLS vulnerability"), OpenSSL and
-other encryption packages have begun rejecting 512-bit and lower DH
-parameters during negotiation, thereby reducing interoperability.
-
-III. Impact
-
-In its default FreeBSD configuration, client connections from Sendmail
-to other SMTP servers will not be able to negotiate a STARTTLS encrypted
-session with SMTP servers that reject 512-bit DH parameters.  This may
-cause mail deliverability issues for outbound mail.
-
-IV.  Workaround
-
-Systems that do not use Sendmail are not affected.
-
-To work around this interoperability, Sendmail can be configured to use
-a 1024 or 2048 bit DH parameter using these steps:
-
-        1. Edit /etc/mail/`hostname`.mc
-        2. If a setting for confDH_PARAMETERS does not exist or
-           exists and is set to a string beginning with '5',
-           replace it with '1' for 1024-bit or '2' for 2048-bit.
-        3. If a setting for confDH_PARAMETERS exists and is set to
-           a file path, create a new file with:
-                openssl dhparam -out /path/to/file 2048
-           for 2048-bit or:
-                openssl dhparam -out /path/to/file 1024
-           for 1024-bit.
-
-        4. Rebuild the .cf file:
-                 cd /etc/mail/; make; make install
-        5. Restart sendmail:
-                 cd /etc/mail/; make restart
-
-V.   Solution
-
-A change to the raise the default for Sendmail connections to use
-1024-bit DH parameters if the configured DH parameters file does not
-exist has been committed.
-
-Perform one of the following:
-
-1) Upgrade your system to a supported FreeBSD stable or release / security
-branch (releng) dated after the correction date.
-
-2) To update your present system via a binary patch:
-
-Systems running a RELEASE version of FreeBSD on the i386 or amd64
-platforms can be updated via the freebsd-update(8) utility:
-
-# freebsd-update fetch
-# freebsd-update install
-
-3) To update your present system via a source code patch:
-
-The following patches have been verified to apply to the applicable
-FreeBSD release branches.
-
-a) Download the relevant patch from the location below, and verify the
-detached PGP signature using your PGP utility.
-
-# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail.patch
-# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail.patch.asc
-# gpg --verify sendmail.patch.asc
-
-# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch
-# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch.asc
-# gpg --verify sendmail.patch.asc
-
-b) Apply the patch.  Execute the following commands as root:
-
-# cd /usr/src
-# patch < /path/to/patch
-
-c) Recompile the operating system using buildworld and installworld as
-described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
-
-Restart the Sendmail daemon(s), or reboot the system.
-
-VI.  Correction details
-
-The following list contains the correction revision numbers for each
-affected branch.
-
-Branch/path                                                      Revision
-- -------------------------------------------------------------------------
-stable/8/                                                         r284790
-releng/8.4/                                                       r284987
-stable/9/                                                         r284788
-releng/9.3/                                                       r284986
-stable/10/                                                        r284786
-releng/10.1/                                                      r284985
-- -------------------------------------------------------------------------
-
-To see which files were modified by a particular revision, run the
-following command, replacing NNNNNN with the revision number, on a
-machine with Subversion installed:
-
-# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
-
-Or visit the following URL, replacing NNNNNN with the revision number:
-
-<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
-
-VII. References
-
-The latest revision of this Errata Notice is available at
-https://security.FreeBSD.org/advisories/FreeBSD-EN-15:08.sendmail.asc
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.1.5 (FreeBSD)
-
-iQIcBAEBCgAGBQJVkyZLAAoJEO1n7NZdz2rnsdsP/2+xJUiaNWialSFlTwE75sHC
-vN/CrkceLw6QrUi5U0PpQdI7xP/y8Cspj/vDCNUbHlkK8WfA5G8J6WhyyaVxMREG
-aZTPHFBn0/IeP2vxlyf0PLq6hL1KtasOQNjDEasUMb4uclaE+hn3QxrWk+KGoe8B
-8rZHYS6Y9gOfWLJj7Rvf6T6TEtKf8Mz1cBfn7lRQbF7yDwkvNDpmNv7BhTQOM5rw
-/2q2i4ZjuZT4AX0IaSzZLC1dEyxuUKqAxMV1D+F1WYBQqMUwnoJLMAETmWXphuSa
-QGDNU0w3PbAJrgK06qeLSswVo/r/5h+kjra5eL17MPKZPO+sWHv9E1jS7wUsbsFB
-RE7kcafgWcN9S0TBldyuFo9g8nwjsWq4uooSLrf8pG8y7U6FtXbgyitS3BNVKT7i
-9GqzTi89HKPefnPQR5wfJIl9YXgKvWJ/FNei7MpGTl2LGKHSd2P/21+OoIjfNeQl
-hYOP9uWDrk3Uf7gJVrJOobMfme5Zb1/LDSQegTIFjzQ0Iac1p4nqj53rzG2Nufyx
-/Y93rKOz280NCS193buARcl4KmFp9oGaJTjVG9Cthu8FUFlCkCeZl13ZrhDufKBS
-z2ZEwkIYFamOFjbhCUJ5wm3gsozV7bzAOSRQEFEzzLDlYGPv2RPDAlgREcuzxr8N
-OhK1HFcIqXbXRthWN7Sp
-=ibhZ
------END PGP SIGNATURE-----