diff options
author | Gilles Chehade <gilles@poolp.org> | 2019-11-11 19:15:14 +0100 |
---|---|---|
committer | Gilles Chehade <gilles@poolp.org> | 2019-11-11 19:15:14 +0100 |
commit | 1b7bdc7f06667bdb81be43d1344398f7f73b8470 (patch) | |
tree | 9419f59a8e37e9fa7cc086a2d238dfedf5beb53f | |
parent | Merge branch 'master' into libtls (diff) | |
parent | Merge pull request #981 from ngortheone/master (diff) | |
download | OpenSMTPD-1b7bdc7f06667bdb81be43d1344398f7f73b8470.tar.xz OpenSMTPD-1b7bdc7f06667bdb81be43d1344398f7f73b8470.zip |
Merge branch 'master' into libtls
-rw-r--r-- | CHANGES.md | 52 | ||||
-rw-r--r-- | smtpd/ruleset.c | 10 | ||||
-rw-r--r-- | smtpd/smtpd.h | 4 | ||||
-rw-r--r-- | smtpd/ssl_verify.c | 10 |
4 files changed, 67 insertions, 9 deletions
diff --git a/CHANGES.md b/CHANGES.md new file mode 100644 index 00000000..ef87ca6f --- /dev/null +++ b/CHANGES.md @@ -0,0 +1,52 @@ +# Release 6.6.1 (2019-11-06) + +## Changes in this release (since 6.6.0) + +This is a bugfix release. No new features were added. + +- Fixed crash on recipient expansion [#968](https://github.com/OpenSMTPD/OpenSMTPD/issues/968) +- Fixed broken build with LibreSSL [#944](https://github.com/OpenSMTPD/OpenSMTPD/issues/944) +- Fixed crash in `arc4random` caused by differences in OpenSSL vs LibreSSL compatibility layer plumbing [#958](https://github.com/OpenSMTPD/OpenSMTPD/issues/958) +- Fixed issue where `from any` rules never matched by IPv6 sources [#969](https://github.com/OpenSMTPD/OpenSMTPD/issues/969) +- Fixed crash that happened during mail relay on musl distros [#929](https://github.com/OpenSMTPD/OpenSMTPD/issues/929) +- Fixed multiple compilation warnings +[#965](https://github.com/OpenSMTPD/OpenSMTPD/issues/965) +[#966](https://github.com/OpenSMTPD/OpenSMTPD/issues/966) +[#967](https://github.com/OpenSMTPD/OpenSMTPD/issues/967) +[#978](https://github.com/OpenSMTPD/OpenSMTPD/issues/978) +[#977](https://github.com/OpenSMTPD/OpenSMTPD/issues/977) +[#975](https://github.com/OpenSMTPD/OpenSMTPD/issues/975) + + + +# Release 6.6.0 (2019-10-26) + +## Dependencies note: + +This release builds with LibreSSL > 3.0.2 or OpenSSL > 1.1.0. + +It's preferable to depend on LibreSSL as OpenSMTPD is written and tested +with that dependency. In addition, the features parity is not respected, +some features will not be available with OpenSSL, like ECDSA server-side +certificates support in this release. OpenSSL library is considered as a +best effort target TLS library and provided as a commodity, LibreSSL has +become our target TLS library. + + +## Changes in this release (since 6.4.0): + +- various improvements to documentation and code +- reverse dns session matching criteria added to smtpd.conf(5) +- regex table lookup support added to smtpd.conf(5) +- introduced support for ECDSA certificates with an ECDSA privsep engine +- introduced builtin filters for basic filtering of incoming sessions +- introduced option to deliver junk to a Junk folder in mail.maildir(8) +- fixed the smtp(1) client so it uses correct default port for SMTPS +- fixed an smtpd(8) crash on excessively large input +- ensured mail rejected by an LMTP server stay queued + + +## Experimental features: + +- introduced a filters API to allow writing standalone filters for smtpd +- introduced proxy-v2 support allowing smtpd to operate behind a proxy diff --git a/smtpd/ruleset.c b/smtpd/ruleset.c index 2e282367..0468ddb3 100644 --- a/smtpd/ruleset.c +++ b/smtpd/ruleset.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ruleset.c,v 1.44 2019/08/11 17:23:12 gilles Exp $ */ +/* $OpenBSD: ruleset.c,v 1.45 2019/11/04 00:05:38 gilles Exp $ */ /* * Copyright (c) 2009 Gilles Chehade <gilles@poolp.org> @@ -66,8 +66,14 @@ ruleset_match_from(struct rule *r, const struct envelope *evp) if (!r->flag_from) return 1; - if (evp->flags & EF_INTERNAL) + if (evp->flags & EF_INTERNAL) { + /* if expanded from an empty table_from, skip rule + * if no table + */ + if (r->table_from == NULL) + return 0; key = "local"; + } else if (r->flag_from_rdns) { has_rdns = strcmp(evp->hostname, "<unknown>") != 0; if (r->table_from == NULL) diff --git a/smtpd/smtpd.h b/smtpd/smtpd.h index c71b6264..6ce2ecf7 100644 --- a/smtpd/smtpd.h +++ b/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.641 2019/09/30 08:31:41 martijn Exp $ */ +/* $OpenBSD: smtpd.h,v 1.642 2019/11/03 23:58:51 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -51,7 +51,7 @@ #define SMTPD_QUEUE_EXPIRY (4 * 24 * 60 * 60) #define SMTPD_SOCKET "/var/run/smtpd.sock" #define SMTPD_NAME "OpenSMTPD" -#define SMTPD_VERSION "6.6.0" +#define SMTPD_VERSION "6.6.1" #define SMTPD_SESSION_TIMEOUT 300 #define SMTPD_BACKLOG 5 diff --git a/smtpd/ssl_verify.c b/smtpd/ssl_verify.c index ebc79870..02148862 100644 --- a/smtpd/ssl_verify.c +++ b/smtpd/ssl_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_verify.c,v 1.1 2019/09/18 11:26:30 eric Exp $ */ +/* $OpenBSD: ssl_verify.c,v 1.2 2019/11/02 03:16:45 gilles Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * @@ -142,12 +142,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name, continue; if (type == GEN_DNS) { - unsigned char *data; + const unsigned char *data; int format, len; format = ASN1_STRING_type(altname->d.dNSName); if (format == V_ASN1_IA5STRING) { - data = ASN1_STRING_data(altname->d.dNSName); + data = ASN1_STRING_get0_data(altname->d.dNSName); len = ASN1_STRING_length(altname->d.dNSName); if (len < 0 || (size_t)len != strlen(data)) { @@ -187,11 +187,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name, } } else if (type == GEN_IPADD) { - unsigned char *data; + const unsigned char *data; int datalen; datalen = ASN1_STRING_length(altname->d.iPAddress); - data = ASN1_STRING_data(altname->d.iPAddress); + data = ASN1_STRING_get0_data(altname->d.iPAddress); if (datalen < 0) { tls_set_errorx(ctx, |