Number of commits found: 79

mail/exim: upgrade to 4.77

New stuff (from ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.77):
 1. New options for the ratelimit ACL condition: /count= and /unique=.
    The /noupdate option has been replaced by a /readonly option.

 2. The SMTP transport's protocol option may now be set to "smtps", to
    use SSL-on-connect outbound.

 3. New variable $av_failed, set true if the AV scanner deferred; ie, when
    there is a problem talking to the AV scanner, or the AV scanner running.

 4. New expansion conditions, "inlist" and "inlisti", which take simple lists
    and check if the search item is a member of the list.  This does not
    support named lists, but does subject the list part to string expansion.

(Only the first 15 lines of the commit message are shown above )

mail/exim: upgrade to 4.76

4.76 is the security release that fixes CVE-2011-1764, format string
attack and information leak, both inside the DKIM code.

List of changes (ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.76):

PP/01 The new ldap_require_cert option would segfault if used.  Fixed.

PP/02 Harmonised TLS library version reporting; only show if
      debugging.  Layout now matches that introduced for other
      libraries in 4.74 PP/03.

PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1

(Only the first 15 lines of the commit message are shown above )

mail/exim: upgrade to 4.75

From NewStuff-4.75:

 1. In addition to the existing LDAP and LDAP/SSL ("ldaps") support,
 there is now LDAP/TLS support, given sufficiently modern OpenLDAP
 client libraries.  The following global options have been added in
 support of this: ldap_ca_cert_dir, ldap_ca_cert_file, ldap_cert_file,
 ldap_cert_key, ldap_cipher_suite, ldap_require_cert, ldap_start_tls.

 2. The pipe transport now takes a boolean option, "freeze_signal",
 default false.  When true, if the external delivery command exits on
 a signal then Exim will freeze the message in the queue, instead of
 generating a bounce.

(Only the first 15 lines of the commit message are shown above )

mail/exim: update to 4.74

Changelog is at
  http://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74
Please, note that CVE-2011-0017 is not applicable to FreeBSD,
because setuid() doesn't check RLIMIT_NPROC.

Also fixed the periodic script for tidying the databases: now it won't
produce errors if the lockfile is here, but the actual database file
is gone. [2]

And finally, synced the mirror list to the current one and
pruned old unusable mirrors:
 - ftp.csx.cam.ac.uk: not synced anymore;
 - www.no.exim.org: no DNS record;
 - ftp.demon.nl: no longer mirrors Exim;
 - ftp.freenet.de: mirror of ftp.csx.cam.ac.uk;
 - ftp.esat.net: not synced anymore;
 - ftp.mirrorservice.org: mirror of ftp.csx.cam.ac.uk.

Feature safe: yes
PR: 154323 [1]
Submitted by: Geraint Edwards <gedge@yadn.org> [2],
              Alexander Wittig <alexander@wittig.name> [1]
Approved by: erwin (mentor), renato (mentor)

mail/exim: update to 4.73

Most notably, this version fixes local exim -> root escalation,
CVE-2010-4345.

Port had also gained configurable knob for disabling -D option
and make variables TRUSTED_CONFIG_LIST and WHITELIST_D_MACROS
to fine tune the behaviour of options -C and -D.

New items are documented at
  ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.73
Changelog is available at
  ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.73

Security: e4fcf020-0447-11e0-becc-0022156e8794 / CVE-2010-4345
PR: 152963 [1], 153711 [2]
Submitted by: Alexander Wittig <alexander@wittig.name> [1]
Approved by: garga (mentor)

Update to 4.72

The changes from the previous release are:

1. TWO SECURITY FIXES: one relating to mail-spools which are
globally writable, the other to locking of MBX folders (not mbox).
These have CVE identifiers CVE-2010-2023 and CVE-2010-2024

2. MySQL stored procedures are now supported.

3. The dkim_domain transport option is now a list, not a single
string, and messages will be signed for each element in the list
(discarding duplicates).

4. The 4.70 release unexpectedly changed the behaviour of dnsdb TXT

(Only the first 15 lines of the commit message are shown above )

"Spamooborona 1024" software by Yandex allows to filter up to 1024
good messages per day for any mailhost. It is to note: 1024 - it is
not the total amount of messages scanned but the only good ones,
which aren't considered as spam. Once 1024 good messages get passed
through the filter, the rest of mail traffic will be passed without
considering spam or ham until the end of the day.

http://so.yandex.ru/companies/so1024.xml

The patch allows use of "Spamooborona 1024" with Exim by using
Local_scan()'s functionality provided by Yandex LLC.

PR:             ports/146215
Submitted by:   Alexey V.Degtyarev <alexey@renatasystems.org>

Update to 4.71
ChangeLog: http://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.71

Submitted by:   Alexey V. Degtyarev <alexey@renatasystems.org>

Update to version 4.70
 - Add devel/pcre dependency
 - Add option for checking ACL in DCC
 - Add WITH_DEBUG option
 - Remove Domain Keys option
 - Remove DKIM option

Submitted by:   "Alexey V. Degtyarev" <alexey@renatasystems.org>

Update to 4.69

Update to 4.68

Update to 4.67

Remove FAQ since file was deleted from master sites.
Fix build with gcc41.

Update to 4.66

Update to 4.65

Update to 4.64

Update to 4.63

Update to 4.62.

Update to 4.61

Add md5/sha256/size info for mail/exim-sa-exim

Reported by:    pointyhat via kris

Philip has rerolled the tarball to include documentaion
modifications, the only file that that has changed is doc/spec.txt,
the announcement is available on:

http://www.exim.org/mail-archives/exim-announce/2006/msg00000.html

Update to 4.60

Update to 4.54

Update to 4.53

Update to 4.52

Update to version 4.51

Fix build if WITH_SA_EXIM is defined.

Reported by:    Mike Sturdee <sturdee at pathwaynet.com>

Update to 4.50

* Remove WITH/WITHOUT_EXISCAN variable, since exiscan code was
  merged into exim-4.50

* Introduce two new variables: WITH_CONTENT_SCAN and WITH_OLD_DEMIME.

* Enable WITH_OLD_DEMIME by default to preserve backward
  compatibility with deprecated "demime" ACL condition.  For Exim
  itself, setting WITH_OLD_DEMIME forces WITH_CONTENT_SCAN to be set.

* Remove POST-INSTALL-NOTES.exiscan-acl and xpatch-exiscan2 patches.

* Add experimental-spec.txt into docs, to inform about experimental
  features.

PR:             ports/78168
Submitted by:   krion
Approved by:    maintainer is currently MIA

- update SA-Exim to 4.2
- add support for Berkeley DB 4.3

Thanks to Sergey Matveychuk <sem@FreeBSD.org> for committing PR 76273.

- Update to 4.44
  Mostly bugfix release

PR:             ports/76273
Submitted by:   self
Approved by:    eik (timeout: 2 weeks)

- update to Exim 4.43 and exiscan 28
- add support for the SA-Exim local_scan function
  + http://marc.merlins.org/linux/exim/sa.html
- new options WITH_SA_EXIM, WITH_AUTH_SASL, WITH_RADIUS_TYPE

- fix 150.exim-tidydb.sh when Exim is installed, but not run [1]

Submitted by:   Brian Somers <brian@Awfulhak.org> [1]

update to version 4.42+27

update to exiscan-acl 25

- Added expansion of av_scanner global variable
  when it starts with a dollar sign. This is useful
  for implementing multiple malware scanners.

- Added support for adding ACL headers at the beginning
  and in the "middle" of the message header block.
  (This is a preliminary solution, see comment in SPF
   section of exiscan-acl-spec).

Update to Exim 4.41 + exiscan-acl 24

Note that this port uses libsrs2, not libsrs_alt as documented in
exiscan-acl-spec

- Update to version 4.40

- Support for WITH_SPF and WITH_SRS via libspf2/libsrs2, needs exiscan

- Note for 5.x users: the default location of the start/stop file has changed.
  Build WITH_RCORDER=yes when you depend on the old behaviour

- WITH_OPENLDAP_VER and WITH_MYSQL_VER does no longer imply the corresponding
WITH_ variable.

- experimental support for optionsng from devel/portmk

- update exiscan-acl to version 22, with SPF support.
  enabled when build with WITH_SPF=yes

- fix connection drop handling in a data-acl

Upgrade to exim 4.34 + exiscan-acl 21

update to exim 4.33 + exiscan 20

  /usr/local/share/doc/exim/ChangeLog
  /usr/local/share/doc/exim/NewStuff
  http://duncanthrax.net/exiscan-acl/CHANGELOG

upgrade to exiscan-acl version 19:
  <http://duncanthrax.net/exiscan-acl/CHANGELOG>

nuke OpenLDAP 1.2 while I'm here.

- update to exiscan-acl version 18
- change `WITH_EXIMON' to include exim-monitor in this package
- remove WITHOUT_WILDLSEARCH, it was non-functional
- add fix for race condition in MBX locking
- add fix for rewrite bug
- add iplsearch wishlist patch

Update to Exim release 4.32 + exiscan 17
- ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/ChangeLogs/ChangeLog-4.32
- http://duncanthrax.net/exiscan-acl/CHANGELOG

- update to Exim 4.31:
  A surprisingly large number of minor bugs have been fixed.
  Support for maildirsize files has been completely rewritten.
  A limited number of feature enhancements are included.
  For instance, TLS now supports Certificate Revocation Lists (CRL),
  and the dnslookup router now (optionally) supports the use of SRV
  records (see RFC 2782) in addition to MX and address records.
  - /usr/local/share/doc/exim/NewStuff
  - /usr/local/share/doc/exim/ChangeLog
  - /usr/local/share/doc/exim/README.UPDATING

- update exiscan-acl to version -16

Read /usr/local/share/doc/exim/exiscan-acl-spec.txt for
information about the new MIME ACL.

Update to 4.30.

This release includes bugfixes and new features, but should be backward
compatible with 4.2x.

Update to exiscan-acl-4.24-13, which is a bugfix release.

Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

WARNING: See caution at the end of this bullet list.

* Update to exim-4.24 (bugfix release).
* Wishlist patch for "eqi" incorporated.
* Mark exim-{ldap2,mysql,postgresql,} as conflicting.
* Substitute PORTREVISION for build number so that the version string
  hints at which version of the port the binary comes from.
* Clean up POST-INSTALL-NOTES.
* Install example scripts, especially upgrade converters, now that exim-old
  has been retired.
* Enable DNSDB-style lookup support by default; it can be disabled with
  WITHOUT_DNSDB.
* Simplify LDAP support, using various versions of OpenLDAP only.
  The old WITH_OPENLDAP[0-9][0-9] options are now invalid; use
  WITH_OPENLDAP and/or WITH_OPENLDAP_VER instead.

(Only the first 15 lines of the commit message are shown above )

Update to exiscan-acl patch -12:

        When discard is the last verb for an ACL, ensure that cleanup
        occurs.  Failure to reach cleanup was introduced in -11.

Bump PORTREVISION accordingly.

Exim updates:

1) Update to exiscan-acl patch revision 11.
2) Spin info files off into their own port, exim-doc-info.
3) Pet portlint.

PR:             ports/56291
Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

Update to exim-4.22:

* IPv6 bug fix incorporated.
* Catch up with changes in makefiles.
* Make portlint happier with respect to DOCSDIR, INFO and spaces.
* Use the new INFO macro.
* Use PATCHFILES instead of patching by hand, now that we don't support
  the non-ACL exiscan patch.

This release fixes a few last minute release mistakes from 4.21.

PR:             ports/55701
Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

Roll forward over the last revision's backout.

This reinstates exim-4.21, but with PORTREVISION bumped so that folks
unlucky enough to get the bum version can easily upgrade.

Include a patch to fix the reported IPv6 bug.

Revert previous delta, which updated to exim-4.21.

The update causes segfaults during remote delivery for at least one
IPv6 user, and I don't have an IPv6 testbed to work with yet.

Requested by:   Suresh Ramasubramanian <suresh@outblaze.com>

Update to exim-4.21:

* This is a mostly maintenance release, although some new features have
  been added (including Sieve support).

!!!WARNING!!!

The non-ACL exiscan patch is no longer supported.  The exiscan-acl patch
is now used by default, unless WITHOUT_EXISCAN is given.

This means that existing installations that rely on non-ACL exiscan
CAN NOT be upgraded without changes to the configure file.

(null delta)

The previous revision updated to patch-level 10 of the exiscan-acl patch,
not the exiscan patch as advertised.

Update to exiscan patch level 10.

Submitted by:   Jacques Marneweck <jm@ataris.co.za>

1) Update exiscan-acl patch to -09:
   Improved clamd support.
   New FAQ/example documentation.

2) Enable wildlsearch lookups by default and add new
   WITHOUT_WILDLSEARCH knob for disabling them.

3) Issue a fat warning if 127.0.0.1 is found in the relay_from_hosts
   hostlist of an existing configure file on upgrade.  This is important
   for IPv6 users and doesn't hurt IPv4-only users.

4) Attempt local deliveries as the owner of the mailbox (still group
   mail) and don't fail if the existing mailbox permissions are narrower
   than those with which we would have created it.  This works around
   pw(8) creating mailboxes with 0600 permission (instead of 0660).

(Only the first 15 lines of the commit message are shown above )

* Update to exiscan-acl patch 08, which fixes wrong defaults for sophie
  antivirus and adds clamd support.

* Use the bz2 patch for exiscan-acl.

* Add a CVS Id tag to exim.sh
  Add a reload command to exim.sh.

Bump PORTREVISION accordingly.

Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

Update to exiscan-acl-4.20-07, which handles blank lines in reports from
p5-Mail-SpamAssassin-2.54.

Submitted:      Oliver Eikemeier <eikemeier@fillmore-labs.com>

Update to exiscan-acl-4.20-06, which fixes a problem handling multiple
messages on one SMTP connection.

Again, no PORTREVISION bump, because WITH_EXISCAN_ACL is not the default.

If I get hit by a bus, please hand this port over to the submitter.

Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

Previous delta lost the checksum for exim/exiscan-4.20-26.tar.bz2.
Never use the makesum target to update distinfo for ports with
conditional distfiles and patches.

Update to exiscan-acl-4.20-04.

PORTREVISION has not been bumped, because WITH_EXISCAN_ACL is not the
default case.

* Update to exim-4.20, featuring host of minor bugfixes and some feature
  enhancements.  Non-critical upgrade.
* Distribution site fixes and cleanups (somehow ommitted in prev delta).
* Put distribution files in a subdirectory.
* Optional support for exiscan-acl; exiscan is still the default.

I think the submitter is doing a great job.

PR:             ports/52228
Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

* Update exim-4.12 -> exim-4.14:

  This is a maintenance release, but there are a few edge cases where
  backward compatibikity in the configure file was broken.

  While upgrading is recommended, administrators are encouraged to
  Update exim-4.12 -> exim-4.14:

  This is a maintenance release, but there are a few edge cases where
  backward compatibikity in the configure file was broken.

  While upgrading is recommended, administrators are encouraged to
  examine the README.UPDATING file in the distribution.

* Catch up to changes in the ports tree with respect to available
  OpenLDAP releases.  While backward compatibility is preserved,
  administrators may use WITH_OPENLDAP1, WITH_OPENLDAP20 and
  WITH_OPENLDAP21 for more fine-grained control of the OpenLDAP
  release on which to depend.

Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

Update to exiscan patch -25, which fixes a crash bug handling single-part
base64 mime messages, introduced in patch -24.

Bump PORTREVISION accordingly.

Update exiscan patch to -24, to catch up with the protocol change in
p5-Mail-SpamAssassin-2.50.

That port update may have been ill-advised so close to a ports freeze,
but this new version of the exiscan patch is backward compatible to
the original protocol, so if the maintainer of p5-Mail-SpamAssassin
rolls back, this port will not require a change.

Bump PORTREVISION accordingly.

Requested by:   "David Haworth" <dave@fyonn.net>

* Update to exiscan-4.12-23a:

  + Reverts non-backward compatible change in output handling of
    CLI AV scanners.

  + Makes a number of options expandable, allowing lookups to determine
    their values.

  + Fixes various edge case bugs.

  + Adds MKS AV daemon support.

* Bump PORTREVISION accordingly.

1) Update to exiscan-4.12-22, which closes a number of buffer overflows
   and incorporates a lot of fixes.

   WARNING, this version of exiscan is not entirely backward-compatible
   with the previous one:

   *    The following configuration options have been replaced with
        compile-time definitions and thus must be removed from your
        Exim configure file if specified there:

        exiscan_spamd_buffer_max_chunks
        exiscan_spamd_buffer_init_chunk
        exiscan_av_buffer_max_chunks
        exiscan_av_buffer_init_chunk

(Only the first 15 lines of the commit message are shown above )

Update 4.10 -> 4.12:

For Exim, this includes an enormous number of fixes.  Most of these are
for esoteric configurations, although if you're bitten by them, you're
bitten hard.

The fixes also include closing up a buffer overflow that is not believed
to be exploitable, and a format string vulnerability that was only
exploitable by an Exim admin user, but then provided root access.

For Eximon, this just rationalizes a patch we carried locally for ages.

Update to rev 16 of the exiscan patch (exiscan-4.10-16).  The maintainer
has graciously agreed to make a bzip2 version of the exiscan distfile
available, so use that instead of the gzip version.  This allows
us to remove the post-patch target and associated rubbish.

Bump PORTREVISION accordingly.

Enable exiscan content scanning unless the new knob WITHOUT_EXISCAN
is defined.

Bump PORTREVISION accordingly.

I agree with the Exim community that the exim-4.xx has reached production
quality.

Move exim to exim-old for folks who need exim-3.xx, because the
configuration file for exim-4.xx is not backward compatible.  Move
exim-devel to exim, removing NO_LATEST_LINK:

        repo-copy       exim            -> exim-old
        copy over       exim-devel      -> exim
        retire          exim-devel

Slave ports are intended for use with the exim port, as before, so they
now build and install for exim-4.xx.

Update to exim-3.36:

* Incorporates some patches.

* Fix pretty obscure queue handling bug.

* Update exim-4 spool file format forward-compatibility.

Update to exim-3.35:    

Update to exim-3.34:    

* Update to exim-3.33:    

Update to exim-3.32:    

Update to exim-3.31:    

Update 3.22 -> 3.30:    

Update 3.20 -> 3.22, which fixes a number of bugs.    

Update to exim-3.20.    

Number of commits found: 79

12 vulnerabilities affecting 17 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities