Hello, OpenBSD 7.3 ships with the code used to build OpenSMTPD 7.3.0 portable, so you're not "affected" by this release: releases announced here are a port of OpenSMTPD for other systems.
Gilles June 17, 2023 6:21 PM, latin...@vcn.bc.ca wrote: > Hello > > Please excuse my question, if i am lost! > > I have 3 e-mail servers using OpenSMTPD that come with OpenBSD 7.3. > > Does this complicated thing that you mentioned is going to affect my servers? > > I use OpenBSD because its simplicity! > > Thanks. > >> OpenSMTPD 7.3.0p0 has just been released. >> >> OpenSMTPD is a FREE implementation of the SMTP protocol with some common >> extensions. It allows ordinary machines to exchange e-mails with systems >> speaking the SMTP protocol. It implements a fairly large part of RFC5321 >> and can already cover a large range of use-cases. >> >> It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX. >> >> The archives are now available from the main site at www.OpenSMTPD.org >> >> We would like to thank the OpenSMTPD community for their help in testing >> the snapshots, reporting bugs, contributing code and packaging for other >> systems. >> >> This is a major release with multiple bug fixes and new features. >> >> Dependencies note: >> ================== >> >> This release builds with LibreSSL, or OpenSSL > 1.1.1 optionally with >> LibreTLS. >> >> LibreTLS 3.7.0 has a known regression with OpenSSL 3+, so please use >> the bundled one using the `--with-bundled-libtls' configure flag until >> it is updated. >> >> It's preferable to depend on LibreSSL as OpenSMTPD is written and tested >> with that dependency. OpenSSL library is considered as a best effort >> target TLS library and provided as a commodity, LibreSSL has become our >> target TLS library. >> >> Changes in this release: >> ======================== >> >> Includes the following security fixes: >> - OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a >> connection from a local, scoped ipv6 address" >> - OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver" >> >> Configuration changes: >> - The certificate to use is now selected by looking at the names >> found in the certificates themselves rather than the `pki` name. >> The set of certificates for a TLS listener must be defined >> explicitly by using the `pki` listener option multiple times. >> >> Synced with OpenBSD 7.3: >> - OpenBSD 6.9: >> * Introduced smtp(1) `-a` to perform authentication before sending >> a message. >> * Fixed a memory leak in smtpd(8) resolver. >> * Prevented a crash due to premature release of resources by the >> smtpd(8) filter state machine. >> * Switch to libtls internally. >> * Change the way SNI works in smtpd.conf(5). TLS listeners may be >> configured with multiple certificates. The matching is based on >> the names included in the certificates. >> * Allow to specify TLS protocols and ciphers per listener and >> relay action. >> - OpenBSD 7.0: >> * Fixed incorrect status code for expired mails resulting in >> misleading bounce report in smtpd(8). >> * Added TLS options `cafile=(path)`, `nosni`, `noverify` and >> `servername=(name)` to smtp(1). >> * Allowed specification of TLS ciphers and protocols in smtp(1). >> - OpenBSD 7.1: >> * Stop verifying the cert or CA for a relay using opportunistic TLS. >> * Enabled TLS verify by default for outbound "smtps://" and >> "smtp+tls://", restoring documented smtpd(8) behavior. >> - OpenBSD 7.3: >> * Prevented smtpd(8) abort due to a connection from a local, >> scoped ipv6 address. >> >> Portable layer changes: >> - libbsd and libtls are now optionally used if found. >> + Added `--with-libbsd`/`--without-libbsd` configure flag to enable >> linking to libbsd-overlay. >> + Added `--with-bundled-libtls` to force the usage of the bundled >> libtls. >> >> LibreTLS 3.7.0 (last version at the time of writing) and previous >> have a regression with OpenSSL 3+, so please use the bundled one. >> See the GitHub issue #1171 for more info. >> >> - Updated and cleanup of the OpenBSD compats. >> + Ported `res_randomid()` from OpenBSD. >> >> - The configure option `--with-path-CAfile` shouldn't be required >> anymore in most systems but it is retained since it could be useful in >> some configuration when using the bundled libtls. >> >> - Various minor portability fixes. >> >> Checksums: >> ========== >> >> SHA256 (opensmtpd-7.3.0p0.tar.gz) = >> 2dd7a5a8ca127be7eb491540405684acb3dd04d93ad23d7709accd2b0450cae6 >> >> Verify: >> ======= >> >> Starting with version 5.7.1, releases are signed with signify(1). >> >> You can obtain the public key from our website, check with our community >> that it has not been altered on its way to your machine. >> >> $ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub >> >> Once you are confident the key is correct, you can verify the release as >> described below: >> >> 1- download both release tarball and matching signature file to same >> directory: >> >> $ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.sum.sig >> $ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.tar.gz >> >> 2- use `signify` to verify that signature file is properly signed and that >> the >> checksum matches the release tarball you downloaded: >> >> for portable version: >> $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.3.0p0.sum.sig >> Signature Verified >> opensmtpd-7.3.0p0.tar.gz: OK >> >> If you don't get an OK message, then something is not right and you should >> not >> install without first understanding why it failed. >> >> Support: >> ======== >> >> You are encouraged to register to our general purpose mailing-list: >> http://www.opensmtpd.org/list.html >> >> The "Official" IRC channel for the project is at: >> #opensmtpd @ irc.libera.chat >> >> Support us: >> ======== >> >> The project is maintained by volunteers, you can support us by: >> >> - donating time to help test development branch during development cycle >> - donating money to either one of the OpenBSD or OpenSMTPD project >> - sponsoring developers through direct donations or patreon >> - sponsoring developers through contracts to write features >> >> Get in touch with us by e-mail or on IRC for more informations. >> >> Reporting Bugs: >> =============== >> >> Please read http://www.opensmtpd.org/report.html >> Security bugs should be reported directly to secur...@opensmtpd.org >> Other bugs may be reported to b...@opensmtpd.org
