OpenSMTPD 5.7.3 has just been released. OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.
It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, OSX and Linux. The archives are now available from the main site at www.OpenSMTPD.org We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems. This is a minor release with security and reliability fixes only. You are encouraged to update as soon as possible. Issues fixed in this release (since 5.7.2): =========================================== - fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda [0] - fix remote buffer overflow in unprivileged pony process [1] - reworked offline enqueue to better protect against hardlink attacks [2] [0] reported by Holger Jahn [1] reported by Jason A. Donenfeld [2] reported by Qualys Security Checksums: ========== SHA256 (opensmtpd-5.7.3.tar.gz) = a922dcf75804d700c2d83aa0b4121b0fc11d6ccbc729c71bf519279a24e9d39f SHA256 (opensmtpd-5.7.3p1.tar.gz) = 848a3c72dd22b216bb924b69dc356fc297e8b3671ec30856978950208cba74dd Verify: ======= Starting with version 5.7.1, releases are signed with signify(1). You can obtain the public key from our website, check with our community that it has not been altered on its way to your machine. Once you are confident the key is correct, you can verify the release as described below: 1- get the signature file corresponding to the tarball you're installing $ wget https://www.opensmtpd.org/archives/opensmtpd-5.7.3.sum.sig 2- check that the tarball matches the checksum: $ sha256 opensmtpd-5.7.3.tar.gz SHA256 (opensmtpd-5.7.3.tar.gz) = a922dcf75804d700c2d83aa0b4121b0fc11d6ccbc729c71bf519279a24e9d39f $ cat opensmtpd-5.7.3.sum.sig |tail -1 | cut -d= -f2 a922dcf75804d700c2d83aa0b4121b0fc11d6ccbc729c71bf519279a24e9d39f 3- verify that the signature file was not forged: $ signify -V -e -p opensmtpd.pub -m opensmtpd-5.7.3.sum Signature Verified Support: ======== You are encouraged to register to our general purpose mailing-list: http://www.opensmtpd.org/list.html The "Official" IRC channel for the project is at: #OpenSMTPD @ irc.freenode.net Reporting Bugs: =============== Please read http://www.opensmtpd.org/report.html Security bugs should be reported directly to [email protected] Other bugs may be reported to [email protected] OpenSMTPD is brought to you by Gilles Chehade, Eric Faurot and Sunil Nimmagadda. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
