thanks \o/ June 17, 2023 9:50 AM, "Omar Polo" <[email protected]> wrote:
> OpenSMTPD 7.3.0p0 has just been released. > > OpenSMTPD is a FREE implementation of the SMTP protocol with some common > extensions. It allows ordinary machines to exchange e-mails with systems > speaking the SMTP protocol. It implements a fairly large part of RFC5321 > and can already cover a large range of use-cases. > > It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX. > > The archives are now available from the main site at www.OpenSMTPD.org > > We would like to thank the OpenSMTPD community for their help in testing > the snapshots, reporting bugs, contributing code and packaging for other > systems. > > This is a major release with multiple bug fixes and new features. > > Dependencies note: > ================== > > This release builds with LibreSSL, or OpenSSL > 1.1.1 optionally with > LibreTLS. > > LibreTLS 3.7.0 has a known regression with OpenSSL 3+, so please use > the bundled one using the `--with-bundled-libtls' configure flag until > it is updated. > > It's preferable to depend on LibreSSL as OpenSMTPD is written and tested > with that dependency. OpenSSL library is considered as a best effort > target TLS library and provided as a commodity, LibreSSL has become our > target TLS library. > > Changes in this release: > ======================== > > Includes the following security fixes: > - OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a > connection from a local, scoped ipv6 address" > - OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver" > > Configuration changes: > - The certificate to use is now selected by looking at the names > found in the certificates themselves rather than the `pki` name. > The set of certificates for a TLS listener must be defined > explicitly by using the `pki` listener option multiple times. > > Synced with OpenBSD 7.3: > - OpenBSD 6.9: > * Introduced smtp(1) `-a` to perform authentication before sending > a message. > * Fixed a memory leak in smtpd(8) resolver. > * Prevented a crash due to premature release of resources by the > smtpd(8) filter state machine. > * Switch to libtls internally. > * Change the way SNI works in smtpd.conf(5). TLS listeners may be > configured with multiple certificates. The matching is based on > the names included in the certificates. > * Allow to specify TLS protocols and ciphers per listener and > relay action. > - OpenBSD 7.0: > * Fixed incorrect status code for expired mails resulting in > misleading bounce report in smtpd(8). > * Added TLS options `cafile=(path)`, `nosni`, `noverify` and > `servername=(name)` to smtp(1). > * Allowed specification of TLS ciphers and protocols in smtp(1). > - OpenBSD 7.1: > * Stop verifying the cert or CA for a relay using opportunistic TLS. > * Enabled TLS verify by default for outbound "smtps://" and > "smtp+tls://", restoring documented smtpd(8) behavior. > - OpenBSD 7.3: > * Prevented smtpd(8) abort due to a connection from a local, > scoped ipv6 address. > > Portable layer changes: > - libbsd and libtls are now optionally used if found. > + Added `--with-libbsd`/`--without-libbsd` configure flag to enable > linking to libbsd-overlay. > + Added `--with-bundled-libtls` to force the usage of the bundled > libtls. > > LibreTLS 3.7.0 (last version at the time of writing) and previous > have a regression with OpenSSL 3+, so please use the bundled one. > See the GitHub issue #1171 for more info. > > - Updated and cleanup of the OpenBSD compats. > + Ported `res_randomid()` from OpenBSD. > > - The configure option `--with-path-CAfile` shouldn't be required > anymore in most systems but it is retained since it could be useful in > some configuration when using the bundled libtls. > > - Various minor portability fixes. > > Checksums: > ========== > > SHA256 (opensmtpd-7.3.0p0.tar.gz) = > 2dd7a5a8ca127be7eb491540405684acb3dd04d93ad23d7709accd2b0450cae6 > > Verify: > ======= > > Starting with version 5.7.1, releases are signed with signify(1). > > You can obtain the public key from our website, check with our community > that it has not been altered on its way to your machine. > > $ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub > > Once you are confident the key is correct, you can verify the release as > described below: > > 1- download both release tarball and matching signature file to same > directory: > > $ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.sum.sig > $ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.tar.gz > > 2- use `signify` to verify that signature file is properly signed and that the > checksum matches the release tarball you downloaded: > > for portable version: > $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.3.0p0.sum.sig > Signature Verified > opensmtpd-7.3.0p0.tar.gz: OK > > If you don't get an OK message, then something is not right and you should not > install without first understanding why it failed. > > Support: > ======== > > You are encouraged to register to our general purpose mailing-list: > http://www.opensmtpd.org/list.html > > The "Official" IRC channel for the project is at: > #opensmtpd @ irc.libera.chat > > Support us: > ======== > > The project is maintained by volunteers, you can support us by: > > - donating time to help test development branch during development cycle > - donating money to either one of the OpenBSD or OpenSMTPD project > - sponsoring developers through direct donations or patreon > - sponsoring developers through contracts to write features > > Get in touch with us by e-mail or on IRC for more informations. > > Reporting Bugs: > =============== > > Please read http://www.opensmtpd.org/report.html > Security bugs should be reported directly to [email protected] > Other bugs may be reported to [email protected]
