- 🛠 fixes a packaging issue causing asr.h to be installed in target system
- 🛠 fixes a possible crash in the MTA when establishing IPv6 connections
v6.7.0.p1May 13, 2020
🚀 SECURITY RELEASE
An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
🚀 Following the 6.6.2p1 release, various improvements were done in OpenBSD -current to mitigate the risk of similar bugs.
🚀 This release back-ports them to the portable version of OpenSMTPD.
v6.6.2January 28, 2020
🚀 release synchronized to 6.6.1 bump in the OpenBSD tree.
🚀 Changes in this release (since 6.6.0p1)
🛠 This is a bugfix release. No new features were added.
- 🛠 Fixed crash on recipient expansion #968
- 🛠 Fixed broken build with LibreSSL #944
- 🛠 Fixed crash in
arc4randomcaused by differences in OpenSSL vs LibreSSL compatibility layer plumbing #958
- 🛠 Fixed issue where
from anyrules never matched by IPv6 sources #969
- 🛠 Fixed crash that happened during mail relay on musl distros #929
- 🛠 Fixed multiple compilation warnings
#965 #966 #967 #978 #977 #975
v6.6.0October 13, 2019