-
Notifications
You must be signed in to change notification settings - Fork 164
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Changes since 1.4.0 from the RELEASE_NOTES file NOTE: In response to CVE-2019-20790, opendmarc has changed how it evaluates headers added by previous SPF milters. Users are encouraged to read the CVE-2019-20790 file in the "SECURITY" folder for more details. (#49, #158). Originally reported by Jianjun Chen, feedback by Simon Wilson and David Bürgin <dbuergin@gluet.ch>. NOTE: OpenDMARC's internal SPF handling will be removed in a future version. Users are encouraged to build linked against libspf2. Many pre-built packages provided by OS packagers already do this. (See https://www.libspf2.org) Addition of defines for MUSL C Library. (#129/#133). Patches by Marco Rebhan. Updated opendmarc.conf manpage and opendmarc.conf.sample to point to https://publicsuffix.org/list/. Added a CONTRIBUTING document. Fix two #ifdefs in arc functions for strlcpy. (#138). Reported by Leo Bicknell. Fixes to MySQL Schema (#98/#99). Patch by Bond Keevil. LIBSPF2 calls would not compile on OpenBSD due to OpenBSD not having the ns_type definition in arpa/resolv.h. Added detection to configure script. (#134) Reworked hcreate_r calls to use hcreate, to compile natively on OpenBSD and MacOS. (Part of #94) Reported by Rupert Gallagher. Add compatibility with AutoConf 2.70. (#95) Documentation updates about SourceForge being deprecated. (#101) Only accept results from Received-SPF fields that indicate clearly which identifier was being evaluated, since DMARC specifically only wants results based on MAIL FROM. Many build-time fixes (#100, #91, #90, #86, #85, #84, #83, #82, #81) Patches provided by Rupert Gallagher (ruga@protonmail.com) Added config option HoldQuarantinedMessages (default false), which controls if messages with p=quarantine will be passed on to the mail stream (if False) or placed in the MTA's "hold" queue (if True). Issue #105. Patch by Marcos Moraes, on the OpenDMARC mailing list. Remove "--with-wall" from "configure". Suggested by Leo Bicknell. LIBOPENDMARC: Fix bug #50: Ignore all RRTYPEs other than TXT. Problem reported by Jan Bouwhuis. LIBOPENDMARC: Fix bug #89: Repair absurd RRTYPE test in SPF code. LIBOPENDMARC: Fix bug #104: Fix bogus header field parsing code. LIBOPENDMARC: Fix bug #161: Don't pass the client IP address through htonl() since it's already in network byte order. This was causing SPF errors when the internal SPF implementation was in use. LIBOPENDMARC: Fix numerous problems with the internal SPF implementation.
- Loading branch information
manu
committed
May 27, 2021
1 parent
400b528
commit 473b25f
Showing
10 changed files
with
85 additions
and
173 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,11 @@ | ||
$NetBSD: distinfo,v 1.10 2021/03/29 09:30:59 manu Exp $ | ||
$NetBSD: distinfo,v 1.11 2021/05/27 16:52:00 manu Exp $ | ||
|
||
SHA1 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = 74ad1ef9f9a12b5fadef5919807cd55f7655d8d8 | ||
RMD160 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = e8dda5350a734509843a04329777478d9410b796 | ||
SHA512 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = d562050da9c4b96e7707157fbbf385ab3ac551cf07754b45deb6a010b4c47e7f478dfe35bc2c8625f6553af4fbf120820bf2a9f0ce246b26cabf81e7d1174405 | ||
Size (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = 1247386 bytes | ||
SHA1 (patch-RequiredFrom) = a21d77abbe93c806c6abee55e77e477c9c435c00 | ||
SHA1 (patch-configure.ac) = d174911e4de37d3b50b525469cbe410bb7ae119f | ||
SHA1 (patch-libopendmarc_opendmarc__dns.c) = e76ca13707677525b72609b4a5268d77efcfba84 | ||
SHA1 (patch-libopendmarc_opendmarc__spf__dns.c) = b6e1311be8e9ef44c333be57fef474f6b080a199 | ||
SHA1 (patch-opendmarc_opendmarc-arcares.c) = 6bf207d9984341fe13120ff8d25a77ff7f6ae1e5 | ||
SHA1 (patch-opendmarc_opendmarc-arcseal.c) = a2ace25f687736876ea4299a0177d3c3ed1e247b | ||
SHA1 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 2983653fa076f3843f3ef064d58f35d39e21a3fe | ||
RMD160 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 6bb61ad0e1e1a8cb3ce23cbe4eb61fb02be26610 | ||
SHA512 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = ee034386c70c75b87ca2fce0849a1a3538e10e0aebfb0fc9dcba6817d2cf71f52aa5586ccaacdee620190c5fbb81498419fb8e8db9fac15d7c71a61a7da396a6 | ||
Size (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 426618 bytes | ||
SHA1 (patch-RequiredFrom) = c89853a3fabcc48653b94169f49ea3c5923254d3 | ||
SHA1 (patch-libopendmarc_opendmarc__dns.c) = b1f697c930808b5c5724331dead3cf29c024d69b | ||
SHA1 (patch-opendmarc_opendmarc-arcares.c) = 0984b42e943d6a17eeb5725508dfbcf107b23169 | ||
SHA1 (patch-opendmarc_opendmarc-arcseal.c) = 98edb0d22e7c693d327ba98ba186605060d36e2f | ||
SHA1 (patch-opendmarc_parse.c) = c4b521a4542a4dc7db8baf088bb297493bf46a83 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
82 changes: 0 additions & 82 deletions
82
mail/opendmarc/patches/patch-libopendmarc_opendmarc__spf__dns.c
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
$NetBSD: patch-opendmarc_parse.c,v 1.1 2021/05/27 16:52:00 manu Exp $ | ||
|
||
Make sure a trailing brackets corresponds to a leading one | ||
aaa98f5 | ||
|
||
This fixes the case where the sender e-mail address is user@example.net> | ||
Without this fix, OpenDMARC parses the domain as example.net> and skip | ||
DMARC processing since there is no policy for the domain. | ||
|
||
Unfortunately, the MTA or MUA tend to fix the trailing bracket on their | ||
own, letting forged e-mail passing through to user mailboxes. | ||
|
||
Submitted upstream https://github.com/trusteddomainproject/OpenDMARC/pull/174 | ||
|
||
--- opendmarc/parse.c.orig 2021-05-27 09:45:40.873727663 +0200 | ||
+++ opendmarc/parse.c 2021-05-27 09:45:27.545312746 +0200 | ||
@@ -444,8 +444,13 @@ | ||
*w++ = '\0'; | ||
*domain_out = w; | ||
ws = 0; | ||
} | ||
+ else if (type == '>') | ||
+ { | ||
+ err = MAILPARSE_ERR_SUNBALANCED; | ||
+ return err; | ||
+ } | ||
else | ||
{ | ||
|
||
if (*user_out == NULL) |