The deaddrop 4.8.0 release

Upgrade to Sysctl Linux 43

  • Deaddrop is now based on Sysctl Linux 43.

Features

  • New admin.conf/ddadm settings force_perm_account_dispatch_ttl and force_temp_account_dispatch_ttl. To disable the time-to-live slider for permanent and temporary accounts separately.
  • SMS delivery replaced with new Go-based smsd service, replaces legacy Perl sendsms.pl, slc.pl & sls.pl.

Bug fixes

  • Many confirmation mails were missing the recipient email in the text body.
  • Upstream bug causing writing to the Freshclam log-file to fail, now it instead just logs to the journal.
  • Permission issue rendering Freschlam unable to directly notify Clamd of updates (Clamd would still detect an update eventually).
  • Freshclam would only run once and exit. Now it properly runs as a daemon again.
  • Fix many common spelling mistakes.
  • /etc/logrotate.d/01-defaults.rpmnew would sometimes get written on upgrade, causing conflicting behaviour in how logs are rotated. Any previously written .rpmnew file will be cleaned up upon this update.

Security Hardening

  • Blacklisting of kernel modules (rxrpc, psnap, tipc, esp4, esp6, ah4, ah6, can, krb5 and algif_aead)
  • Systemd hardening applied to: rdispatch, passwdd, mscd, watermarkd, memcached, metadataservice, deaddrop-passwdd, ddadm-httpd.
  • Remove unused Apache modules in ddadm-httpd
  • Smsd sandboxed with Linux Landlock (filesystem access restriction).

Information

Operating system packages

All system components have been updated to their latest respective version.

Update Instructions

Deaddrop releases will be automatically installed as part of the regular update process. No manual steps are required from administrators or users. The system will apply the update seamlessly in the background, ensuring that the latest fixes are in place without any interruption to normal operations.

Documentation

Further details and configuration guidance are available in the official documentation:

https://sysctl.se/deaddrop/documentation/

SBOM

Each ISO and VHD release has a software bill of materials (SBOM), to make introspection of the release easy to integrate with a number of security tools.

Sysctl portal

https://portal.sysctl.se/

Sysctl rss/atom

https://sysctl.se/feed.xml