Re: Install OpenSMTPD from source or use the Debian packages?
Hi.
On Wed, Feb 12, 2020 at 11:53:09AM -0600, Tom Browder wrote:
> In the process of reading a blog article by the current developer I
> discovered the upstream is now at version 6.6.2p1+ after some serious
> security issues were discovered by SSL Labs (Qualys). Note that Debian
> 10 is only at version 6.0.3p1!
It's a common mistake to look at the beginning of the version of Debian
package, disregarding the rest.
Debian package is actually 6.0.3p1-5+deb10u3, and that deb10u3 part
contains the patches that fixed CVE-2020-7247 you're referring to.
> I would like to install from source but I wonder if that is such a
> smart move,
No, it does not. Specifically, if you're aiming at version 6.6.2p1 -
install opensmtpd from the backports.
> especially when we now use systemd and the source is set
> up with the traditional GNU automake system and I don't see any
> provision for systemd. I don't grok systemd very well and usually
> rely on others for the proper setup.
And that's why the lazy among us use Debian packages - because packages
tend to fix such problems.
> I have asked for help on the OpenSMTPD mailing list,
But you'll likely to get OpenBSD-specific answer.
Reco
Reply to: