Upstream version 1.4.2 includes fixes: - Fix issue #175: Don't reject a multi-valued From when all of the domains match. - Fix issue #179: Don't crash when a value in a multi-valued From field is missing a domain name. Resolves CVE-2021-34555. Packaging fixes - Use systemd type=simple and no PID file to avoid PID file startup races. - Use systemd RuntimeDirectory when available, fall back to tmpfiles.d - Use systemd Restart on-failure to ensure it stays running - Use systemd ProtectSystem and ProtectHome for increased security
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2022-9baec62c1dPlease log in to add feedback.
This update has been submitted for testing by mdomsch.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
Not going to give negative karma, because I was able to make this package work, but it seems to me that
ReadWritePaths=/var/spool/opendmarcmay be a bit too restrictive, given the default in the config file which is pointing to:Socket local:/run/opendmarc/opendmarc.sock.I've been running this configuration for 6 months with no ill effect. I had the same concern initially, but it's been working fine.
Okay, +1 then.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.
@bojan my testing rig was incorrectly set up, and you were of course correct that the systemd lockdowns were too restrictive (and had a typo). I've removed all of those at this point and repushed 1.4.2-8 to testing. I'd appreciate your continued review and testing.