Currently opensmtpd has a high level remote CVE and several others from the
release listed. I have tried to compile the updated version but
1. It is a major upgrade with a different config syntax than what is in
EPEL.
2. It requires libressl to compile which we do not ship.
3. It might be possible to fix that one known CVE but there seem to have
been others but I do not have any knowledge what is needed to fix all of
them.
I would like to remove opensmtpd from EPEL. If someone wants to fix/patch
it that would be great also but it might become a long war of attrition.
--
Stephen J Smoogen.
Show replies by date