head 1.26; access; symbols pkgsrc-2023Q4:1.26.0.12 pkgsrc-2023Q4-base:1.26 pkgsrc-2023Q3:1.26.0.10 pkgsrc-2023Q3-base:1.26 pkgsrc-2023Q2:1.26.0.8 pkgsrc-2023Q2-base:1.26 pkgsrc-2023Q1:1.26.0.6 pkgsrc-2023Q1-base:1.26 pkgsrc-2022Q4:1.26.0.4 pkgsrc-2022Q4-base:1.26 pkgsrc-2022Q3:1.26.0.2 pkgsrc-2022Q3-base:1.26 pkgsrc-2022Q2:1.25.0.22 pkgsrc-2022Q2-base:1.25 pkgsrc-2022Q1:1.25.0.20 pkgsrc-2022Q1-base:1.25 pkgsrc-2021Q4:1.25.0.18 pkgsrc-2021Q4-base:1.25 pkgsrc-2021Q3:1.25.0.16 pkgsrc-2021Q3-base:1.25 pkgsrc-2021Q2:1.25.0.14 pkgsrc-2021Q2-base:1.25 pkgsrc-2021Q1:1.25.0.12 pkgsrc-2021Q1-base:1.25 pkgsrc-2020Q4:1.25.0.10 pkgsrc-2020Q4-base:1.25 pkgsrc-2020Q3:1.25.0.8 pkgsrc-2020Q3-base:1.25 pkgsrc-2020Q2:1.25.0.6 pkgsrc-2020Q2-base:1.25 pkgsrc-2020Q1:1.25.0.2 pkgsrc-2020Q1-base:1.25 pkgsrc-2019Q4:1.25.0.4 pkgsrc-2019Q4-base:1.25 pkgsrc-2019Q3:1.23.0.4 pkgsrc-2019Q3-base:1.23 pkgsrc-2019Q2:1.23.0.2 pkgsrc-2019Q2-base:1.23 pkgsrc-2019Q1:1.22.0.26 pkgsrc-2019Q1-base:1.22 pkgsrc-2018Q4:1.22.0.24 pkgsrc-2018Q4-base:1.22 pkgsrc-2018Q3:1.22.0.22 pkgsrc-2018Q3-base:1.22 pkgsrc-2018Q2:1.22.0.20 pkgsrc-2018Q2-base:1.22 pkgsrc-2018Q1:1.22.0.18 pkgsrc-2018Q1-base:1.22 pkgsrc-2017Q4:1.22.0.16 pkgsrc-2017Q4-base:1.22 pkgsrc-2017Q3:1.22.0.14 pkgsrc-2017Q3-base:1.22 pkgsrc-2017Q2:1.22.0.10 pkgsrc-2017Q2-base:1.22 pkgsrc-2017Q1:1.22.0.8 pkgsrc-2017Q1-base:1.22 pkgsrc-2016Q4:1.22.0.6 pkgsrc-2016Q4-base:1.22 pkgsrc-2016Q3:1.22.0.4 pkgsrc-2016Q3-base:1.22 pkgsrc-2016Q2:1.22.0.2 pkgsrc-2016Q2-base:1.22 pkgsrc-2016Q1:1.21.0.16 pkgsrc-2016Q1-base:1.21 pkgsrc-2015Q4:1.21.0.14 pkgsrc-2015Q4-base:1.21 pkgsrc-2015Q3:1.21.0.12 pkgsrc-2015Q3-base:1.21 pkgsrc-2015Q2:1.21.0.10 pkgsrc-2015Q2-base:1.21 pkgsrc-2015Q1:1.21.0.8 pkgsrc-2015Q1-base:1.21 pkgsrc-2014Q4:1.21.0.6 pkgsrc-2014Q4-base:1.21 pkgsrc-2014Q3:1.21.0.4 pkgsrc-2014Q3-base:1.21 pkgsrc-2014Q2:1.21.0.2 pkgsrc-2014Q2-base:1.21 pkgsrc-2014Q1:1.20.0.6 pkgsrc-2014Q1-base:1.20 pkgsrc-2013Q4:1.20.0.4 pkgsrc-2013Q4-base:1.20 pkgsrc-2013Q3:1.20.0.2 pkgsrc-2013Q3-base:1.20 pkgsrc-2013Q2:1.19.0.10 pkgsrc-2013Q2-base:1.19 pkgsrc-2013Q1:1.19.0.8 pkgsrc-2013Q1-base:1.19 pkgsrc-2012Q4:1.19.0.6 pkgsrc-2012Q4-base:1.19 pkgsrc-2012Q3:1.19.0.4 pkgsrc-2012Q3-base:1.19 pkgsrc-2012Q2:1.19.0.2 pkgsrc-2012Q2-base:1.19 pkgsrc-2012Q1:1.18.0.14 pkgsrc-2012Q1-base:1.18 pkgsrc-2011Q4:1.18.0.12 pkgsrc-2011Q4-base:1.18 pkgsrc-2011Q3:1.18.0.10 pkgsrc-2011Q3-base:1.18 pkgsrc-2011Q2:1.18.0.8 pkgsrc-2011Q2-base:1.18 pkgsrc-2011Q1:1.18.0.6 pkgsrc-2011Q1-base:1.18 pkgsrc-2010Q4:1.18.0.4 pkgsrc-2010Q4-base:1.18 pkgsrc-2010Q3:1.18.0.2 pkgsrc-2010Q3-base:1.18 pkgsrc-2010Q2:1.17.0.2 pkgsrc-2010Q2-base:1.17 pkgsrc-2010Q1:1.15.0.24 pkgsrc-2010Q1-base:1.15 pkgsrc-2009Q4:1.15.0.22 pkgsrc-2009Q4-base:1.15 pkgsrc-2009Q3:1.15.0.20 pkgsrc-2009Q3-base:1.15 pkgsrc-2009Q2:1.15.0.18 pkgsrc-2009Q2-base:1.15 pkgsrc-2009Q1:1.15.0.16 pkgsrc-2009Q1-base:1.15 pkgsrc-2008Q4:1.15.0.14 pkgsrc-2008Q4-base:1.15 pkgsrc-2008Q3:1.15.0.12 pkgsrc-2008Q3-base:1.15 cube-native-xorg:1.15.0.10 cube-native-xorg-base:1.15 pkgsrc-2008Q2:1.15.0.8 pkgsrc-2008Q2-base:1.15 cwrapper:1.15.0.6 pkgsrc-2008Q1:1.15.0.4 pkgsrc-2008Q1-base:1.15 pkgsrc-2007Q4:1.15.0.2 pkgsrc-2007Q4-base:1.15 pkgsrc-2007Q3:1.14.0.2 pkgsrc-2007Q3-base:1.14 pkgsrc-2007Q2:1.12.0.2 pkgsrc-2007Q2-base:1.12 pkgsrc-2007Q1:1.11.0.4 pkgsrc-2007Q1-base:1.11 pkgsrc-2006Q4:1.11.0.2 pkgsrc-2006Q4-base:1.11 pkgsrc-2006Q3:1.9.0.4 pkgsrc-2006Q3-base:1.9 pkgsrc-2006Q2:1.9.0.2 pkgsrc-2006Q2-base:1.9 pkgsrc-2006Q1:1.6.0.4 pkgsrc-2006Q1-base:1.6 pkgsrc-2005Q4:1.6.0.2 pkgsrc-2005Q4-base:1.6 pkgsrc-2005Q3:1.1.0.2 pkgsrc-2005Q3-base:1.1; locks; strict; comment @# @; 1.26 date 2022.07.11.10.52.29; author abs; state Exp; branches; next 1.25; commitid CLtkNGlaIGdUXsLD; 1.25 date 2019.12.09.18.46.00; author adam; state Exp; branches; next 1.24; commitid 5pSLddULU7EBX3OB; 1.24 date 2019.11.02.16.25.20; author rillig; state Exp; branches; next 1.23; commitid 07isqwBcIbu6niJB; 1.23 date 2019.06.07.12.20.32; author tm; state Exp; branches; next 1.22; commitid g6fGnd6KRCJeMfqB; 1.22 date 2016.06.11.00.37.24; author wiedi; state Exp; branches; next 1.21; commitid Ti7qwZDEVcGYWY9z; 1.21 date 2014.04.02.17.36.00; author wiedi; state Exp; branches; next 1.20; commitid 10bA4Vn3SHn5k8vx; 1.20 date 2013.07.15.02.02.25; author ryoon; state Exp; branches; next 1.19; commitid aGblgSa9xp3HyvXw; 1.19 date 2012.06.12.15.45.57; author wiz; state Exp; branches; next 1.18; 1.18 date 2010.09.17.12.01.37; author adam; state Exp; branches; next 1.17; 1.17 date 2010.06.06.14.15.30; author adam; state Exp; branches; next 1.16; 1.16 date 2010.06.02.13.04.04; author adam; state Exp; branches; next 1.15; 1.15 date 2007.12.15.16.04.41; author adam; state Exp; branches; next 1.14; 1.14 date 2007.09.11.18.16.01; author abs; state Exp; branches; next 1.13; 1.13 date 2007.08.17.22.55.52; author joerg; state Exp; branches; next 1.12; 1.12 date 2007.05.18.14.24.17; author abs; state Exp; branches; next 1.11; 1.11 date 2006.12.22.21.04.14; author joerg; state Exp; branches; next 1.10; 1.10 date 2006.11.20.11.56.42; author abs; state Exp; branches; next 1.9; 1.9 date 2006.05.31.18.22.24; author ghen; state Exp; branches; next 1.8; 1.8 date 2006.04.13.21.45.13; author wiz; state Exp; branches; next 1.7; 1.7 date 2006.04.01.22.02.19; author abs; state Exp; branches; next 1.6; 1.6 date 2005.10.23.20.07.19; author rillig; state Exp; branches; next 1.5; 1.5 date 2005.10.16.14.10.57; author abs; state Exp; branches; next 1.4; 1.4 date 2005.10.07.10.28.34; author abs; state Exp; branches; next 1.3; 1.3 date 2005.10.03.20.20.18; author abs; state Exp; branches; next 1.2; 1.2 date 2005.10.03.18.45.50; author abs; state Exp; branches; next 1.1; 1.1 date 2005.09.10.23.11.40; author abs; state Exp; branches; next ; desc @@ 1.26 log @Fix exim build on NetBSD (support for bdb 1.x dropped) Bump PKGREVISION @ text @# $NetBSD: options.mk,v 1.25 2019/12/09 18:46:00 adam Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.exim PKG_SUPPORTED_OPTIONS= exim-appendfile-maildir exim-appendfile-mailstore PKG_SUPPORTED_OPTIONS+= exim-appendfile-mbx exim-auth-dovecot exim-build-eximon PKG_SUPPORTED_OPTIONS+= exim-content-scan exim-lookup-cdb exim-lookup-dnsdb PKG_SUPPORTED_OPTIONS+= exim-lookup-dsearch exim-lookup-ldap exim-lookup-mysql PKG_SUPPORTED_OPTIONS+= exim-lookup-pgsql exim-lookup-redis exim-lookup-sqlite PKG_SUPPORTED_OPTIONS+= exim-lookup-whoson exim-old-demime exim-router-iplookup PKG_SUPPORTED_OPTIONS+= exim-tcp-wrappers exim-tls exim-transport-lmtp gdbm PKG_SUPPORTED_OPTIONS+= inet6 opendmarc saslauthd spf readline PKG_SUGGESTED_OPTIONS= exim-appendfile-maildir exim-appendfile-mailstore PKG_SUGGESTED_OPTIONS+= exim-appendfile-mbx exim-content-scan PKG_SUGGESTED_OPTIONS+= exim-lookup-dsearch exim-old-demime exim-tcp-wrappers PKG_SUGGESTED_OPTIONS+= exim-tls inet6 .include "../../mk/bsd.options.mk" .if !empty(PKG_OPTIONS:Mexim-appendfile-maildir) LOCAL_MAKEFILE_OPTIONS+= SUPPORT_MAILDIR=yes .endif .if !empty(PKG_OPTIONS:Mexim-appendfile-mailstore) LOCAL_MAKEFILE_OPTIONS+= SUPPORT_MAILSTORE=yes .endif .if !empty(PKG_OPTIONS:Mexim-auth-dovecot) LOCAL_MAKEFILE_OPTIONS+= AUTH_DOVECOT=yes .endif .if !empty(PKG_OPTIONS:Mexim-appendfile-mbx) LOCAL_MAKEFILE_OPTIONS+= SUPPORT_MBX=yes .endif .if !empty(PKG_OPTIONS:Mexim-build-eximon) LOCAL_MAKEFILE_OPTIONS+=EXIM_MONITOR=eximon.bin LOCAL_MAKEFILE_OPTIONS+=X11=${X11BASE} PLIST_SRC+=${PKGDIR}/PLIST.eximon . include "../../x11/libXaw/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mexim-content-scan) LOCAL_MAKEFILE_OPTIONS+= WITH_CONTENT_SCAN=YES .endif .if !empty(PKG_OPTIONS:Mexim-lookup-cdb) LOCAL_MAKEFILE_OPTIONS+= LOOKUP_CDB=YES DEPENDS+= cdb-[0-9]*:../../databases/cdb .endif .if !empty(PKG_OPTIONS:Mexim-lookup-dnsdb) LOCAL_MAKEFILE_OPTIONS+= LOOKUP_DNSDB=YES .endif .if !empty(PKG_OPTIONS:Mexim-lookup-dsearch) LOCAL_MAKEFILE_OPTIONS+= LOOKUP_DSEARCH=YES .endif .if !empty(PKG_OPTIONS:Mexim-lookup-ldap) LOCAL_MAKEFILE_OPTIONS+=LOOKUP_LDAP=YES LOCAL_MAKEFILE_OPTIONS+=LDAP_LIB_TYPE=OPENLDAP2 LOOKUP_LIBS+=-lldap -llber . include "../../databases/openldap-client/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mexim-lookup-mysql) LOCAL_MAKEFILE_OPTIONS+=LOOKUP_MYSQL=YES LOOKUP_LIBS+=-lmysqlclient . include "../../mk/mysql.buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mexim-lookup-pgsql) LOCAL_MAKEFILE_OPTIONS+=LOOKUP_PGSQL=YES LOOKUP_LIBS+=-lpq . include "../../mk/pgsql.buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mexim-lookup-redis) LOCAL_MAKEFILE_OPTIONS+=LOOKUP_REDIS=YES LOOKUP_LIBS+=-lhiredis . include "../../databases/hiredis/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mexim-lookup-sqlite) LOCAL_MAKEFILE_OPTIONS+=LOOKUP_SQLITE=YES LOOKUP_LIBS+=-lsqlite3 . include "../../databases/sqlite3/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mexim-lookup-whoson) LOCAL_MAKEFILE_OPTIONS+=LOOKUP_WHOSON=YES LOOKUP_LIBS+=-lwhoson . include "../../net/whoson/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mexim-old-demime) LOCAL_MAKEFILE_OPTIONS+= WITH_OLD_DEMIME=YES .endif .if !empty(PKG_OPTIONS:Mexim-router-iplookup) LOCAL_MAKEFILE_OPTIONS+= ROUTER_IPLOOKUP=yes .endif .if !empty(PKG_OPTIONS:Mexim-tcp-wrappers) LOCAL_MAKEFILE_OPTIONS+=USE_TCP_WRAPPERS=yes LOOKUP_LIBS+=-lwrap . include "../../security/tcp_wrappers/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mexim-tls) LOCAL_MAKEFILE_OPTIONS+=SUPPORT_TLS=yes LOCAL_MAKEFILE_OPTIONS+=USE_OPENSSL=yes LOOKUP_LIBS+=-lssl -lcrypto . include "../../security/openssl/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mexim-transport-lmtp) LOCAL_MAKEFILE_OPTIONS+= TRANSPORT_LMTP=yes .endif .if !empty(PKG_OPTIONS:Minet6) LOCAL_MAKEFILE_OPTIONS+= HAVE_IPV6=YES .else LOCAL_MAKEFILE_OPTIONS+= HAVE_IPV6=NO .endif .if !empty(PKG_OPTIONS:Mopendmarc) LOCAL_MAKEFILE_OPTIONS+=EXPERIMENTAL_DMARC=yes LOOKUP_LIBS+= -lopendmarc . include "../../mail/opendmarc/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mgdbm) . include "../../databases/gdbm/buildlink3.mk" EXIM_USE_DB_CONFIG= USE_GDBM=yes EXIM_DBMLIB= DBMLIB=${LDFLAGS} -lgdbm EXIM_INCLUDE= -I${PREFIX}/include .else # use Berkeley DB as defined by BDB_DEFAULT and BDB_ACCEPTED BDB_ACCEPTED?=db2 db3 db4 db5 db6 . include "../../mk/bdb.buildlink3.mk" EXIM_USE_DB_CONFIG= USE_DB=yes # the default EXIM_DBMLIB= DBMLIB=${LDFLAGS} ${BDB_LIBS} EXIM_INCLUDE= -I${PREFIX}/${BUILDLINK_INCDIRS.${BDB_TYPE}} .endif .if !empty(PKG_OPTIONS:Msaslauthd) LOCAL_MAKEFILE_OPTIONS+=AUTH_CYRUS_SASL=YES LOCAL_MAKEFILE_OPTIONS+=CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.cyrus-sasl} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.cyrus-sasl} -lsasl2 . include "../../security/cyrus-sasl/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mspf) LOCAL_MAKEFILE_OPTIONS+=SUPPORT_SPF=yes LOOKUP_LIBS+= -lspf2 . include "../../mail/libspf2/buildlink3.mk" .endif .if !empty(PKG_OPTIONS:Mreadline) LOCAL_MAKEFILE_OPTIONS+=USE_READLINE=yes LOOKUP_LIBS+= -lreadline . include "../../devel/readline/buildlink3.mk" .endif @ 1.25 log @exim: updated to 4.93 Exim version 4.93 ----------------- JH/01 OpenSSL: With debug enabled output keying information sufficient, server side, to decode a TLS 1.3 packet capture. JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets. Previously the default library behaviour applied, sending two, each in its own TCP segment. JH/03 Debug output for ACL now gives the config file name and line number for each verb. JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause. JH/05 DKIM: ensure that dkim_domain elements are lowercased before use. JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible buffer overrun for (non-chunking) other transports. JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under TLS1.3, means that a server rejecting a client certificate is not visible to the client until the first read of encrypted data (typically the response to EHLO). Add detection for that case and treat it as a failed TLS connection attempt, so that the normal retry-in-clear can work (if suitably configured). JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part and/or domain. Found and fixed by Jason Betts. JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid configuration). If a CNAME target was not a wellformed name pattern, a crash could result. JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when the OS reports them interleaved with other addresses. JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was used both for input and for a verify callout, both encrypted, SMTP responses being sent by the server could be lost. This resulted in dropped connections and sometimes bounces generated by a peer sending to this system. JH/11 Harden plaintext authenticator against a badly misconfigured client-send string. Previously it was possible to cause undefined behaviour in a library routine (usually a crash). Found by "zerons". JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no output. JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old API was removed, so update to use the newer ones. JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without any timeout set, is taking a long time. Previously we would hang on to a rotated logfile "forever" if the input was arriving with long gaps (a previous attempt to fix addressed lack, for a long time, of initial input). HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. The length of the tempfile name is now 4 + 16 ("hdr.$message_exim_id") which might break on file systems which restrict the file name length to lower values. (It was "hdr.$pid".) HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors on some platforms for bit 31. JH/16 GnuTLS: rework ciphersuite strings under recent library versions. Thanks to changes apparently associated with TLS1.3 handling some of the APIs previously used were either nonfunctional or inappropriate. Strings like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256 and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 . This affects log line X= elements, the $tls_{in,out}_cipher variables, and the use of specific cipher names in the encrypted= ACL condition. JH/17 OpenSSL: the default openssl_options now disables ssl_v3. JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the verification result was not updated unless hosts_require_ocsp applied. JH/19 Bug 2398: fix listing of a named-queue. Previously, even with the option queue_list_requires_admin set to false, non-admin users were denied the facility. JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in directory-of-certs mode. Previously they were advertised despite the documentation. JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default. A single TCP connection by a client will now hold a TLS connection open for multiple message deliveries, by default. Previoud the default was to not do so. JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by default. If built with the facility, DANE will be used. The facility SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME". JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define is replaced with DISABLE_TLS. Either USE_GNUTLS or (the new) USE_OPENSSL must be defined and you must still, unless you define DISABLE_TLS, manage the the include-dir and library-file requirements that go with that choice. Non-TLS builds are still supported. JH/24 Fix duplicated logging of peer name/address, on a transport connection- reject under TFO. JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by default. If the platform supports and has the facility enabled, it will be requested on all coneections. JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now controlled by the build-time option SUPPORT_PIPE_CONNECT. PP/01 Unbreak heimdal_gssapi, broken in 4.92. JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for success-DSN messages. Previously the From: header was always the default one for these; the option was ignored. JH/28 Fix the timeout on smtp response to apply to the whole response. Previously it was reset for every read, so a teergrubing peer sending single bytes within the time limit could extend the connection for a long time. Credit to Qualsys Security Advisory Team for the discovery. JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing delivery address, which leaked information of the results of local forwarding. Change to the original envelope recipient address, per standards. JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is requested. Previously not bounce was generated and a log entry of error ignored was made. JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917) JH/32 Introduce a general tainting mechanism for values read from the input channel, and values derived from them. Refuse to expand any tainted values, to catch one form of exploit. JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result was unused and the unexpanded text used for the test. Found and fixed by Ruben Jenster. JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open, an attempt to use a TLS library read routine dereffed a nul pointer, causing a segfault. JH/35 Bug 2409: filter out-of-spec chars from callout response before using them in our smtp response. JH/36 Have the general router option retry_use_local_part default to true when any of the restrictive preconditions are set (to anything). Previously it was only for check_local user. The change removes one item of manual configuration which is required for proper retries when a remote router handles a subset of addresses for a domain. JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file link count into consideration. HS/04 Fix handling of very log lines in -H files. If a - line caused the extension of big_buffer, the following lines were ignored. JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in accordance with RFC 2308. Previously there was no expiry, so a longlived receive process (eg. due to ACL delays) versus a short SOA value could surprise. HS/05 Handle trailing backslash gracefully. (CVE-2019-15846) JH/39 Promote DMARC support to mainline. JH/40 Bug 2452: Add a References: header to DSNs. JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman parameters. The relevant library call is documented as "Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since 3.6.0, DH parameters are negotiated following RFC7919." HS/06 Change the default of dnssec_request_domains to "*" JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected. Previously we carried on and emitted a BDAT command, even when PIPELINING was not active. JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted buffer was used for the filename, resulting in a trap when tainted arguments (eg. $domain) were used. JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below; recommended to avoid a possible server-load attack. The feature can be re-enabled via the openssl_options main cofiguration option. JH/45 local_scan API: documented the current smtp_printf() call. This changed for version 4.90 - adding a "more data" boolean to the arguments. Bumped the ABI version number also, this having been missed previously; release versions 4.90 to 4.92.3 inclusive were effectively broken in respect of usage of smtp_printf() by either local_scan code or libraries accessed via the ${dlfunc } expansion item. Both will need coding adjustment for any calls to smtp_printf() to match the new function signature; a FALSE value for the new argument is always safe. JH/46 FreeBSD: fix use of the sendfile() syscall. The shim was not updating the file-offset (which the Linux syscall does, and exim expects); this resulted in an indefinite loop. JH/47 ARC: fix crash in signing, triggered when a configuration error failed to do ARC verification. The Authentication-Results: header line added by the configuration then had no ARC item. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.24 2019/11/02 16:25:20 rillig Exp $ d139 2 a140 1 .else # use native or Berkeley DB as defined by BDB_DEFAULT and BDB_ACCEPTED a142 5 . if ${BDB_TYPE} == "db1" EXIM_DBMLIB= # empty so use defaults EXIM_USE_DB_CONFIG= # empty so use defaults EXIM_INCLUDE= -I/usr/${BUILDLINK_INCDIRS.db-native} . else a144 1 . endif @ 1.24 log @mail: align variable assignments pkglint -Wall -F --only aligned -r No manual corrections. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.23 2019/06/07 12:20:32 tm Exp $ d113 1 @ 1.23 log @exim: change local makefile options name for SPF The local makefile option need to be adjusted because SPF is no longer an experimental feature in exim. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.22 2016/06/11 00:37:24 wiedi Exp $ d21 1 a21 1 LOCAL_MAKEFILE_OPTIONS+=SUPPORT_MAILDIR=yes d25 1 a25 1 LOCAL_MAKEFILE_OPTIONS+=SUPPORT_MAILSTORE=yes d29 1 a29 1 LOCAL_MAKEFILE_OPTIONS+=AUTH_DOVECOT=yes d33 1 a33 1 LOCAL_MAKEFILE_OPTIONS+=SUPPORT_MBX=yes d44 1 a44 1 LOCAL_MAKEFILE_OPTIONS+=WITH_CONTENT_SCAN=YES d48 2 a49 2 LOCAL_MAKEFILE_OPTIONS+=LOOKUP_CDB=YES DEPENDS+=cdb-[0-9]*:../../databases/cdb d53 1 a53 1 LOCAL_MAKEFILE_OPTIONS+=LOOKUP_DNSDB=YES d57 1 a57 1 LOCAL_MAKEFILE_OPTIONS+=LOOKUP_DSEARCH=YES d98 1 a98 1 LOCAL_MAKEFILE_OPTIONS+=WITH_OLD_DEMIME=YES d102 1 a102 1 LOCAL_MAKEFILE_OPTIONS+=ROUTER_IPLOOKUP=yes d118 1 a118 1 LOCAL_MAKEFILE_OPTIONS+=TRANSPORT_LMTP=yes d122 1 a122 1 LOCAL_MAKEFILE_OPTIONS+=HAVE_IPV6=YES d124 1 a124 1 LOCAL_MAKEFILE_OPTIONS+=HAVE_IPV6=NO @ 1.22 log @since 4.87 redis lookup is no longer experimental @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.21 2014/04/02 17:36:00 wiedi Exp $ d159 1 a159 1 LOCAL_MAKEFILE_OPTIONS+=EXPERIMENTAL_SPF=yes @ 1.21 log @Add two new options for exim: - exim-lookup-redis: allow quering redis from within the exim config, needs hiredis - opendmarc: enables DMARC support Both are disabled by default. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.20 2013/07/15 02:02:25 ryoon Exp $ d80 1 a80 1 LOCAL_MAKEFILE_OPTIONS+=EXPERIMENTAL_REDIS=YES @ 1.20 log @* .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes are replaced with .include "../../devel/readline/buildlink3.mk", and USE_GNU_READLINE are removed, * .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE are replaced with .include "../../mk/readline.buildlink3.mk". @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.19 2012/06/12 15:45:57 wiz Exp $ d8 4 a11 4 PKG_SUPPORTED_OPTIONS+= exim-lookup-pgsql exim-lookup-sqlite exim-lookup-whoson PKG_SUPPORTED_OPTIONS+= exim-old-demime exim-router-iplookup exim-tcp-wrappers PKG_SUPPORTED_OPTIONS+= exim-tls exim-transport-lmtp gdbm inet6 saslauthd spf PKG_SUPPORTED_OPTIONS+= readline d79 6 d127 6 @ 1.19 log @Add inet6 to default suggested options. It's 2012. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.18 2010/09/17 12:01:37 adam Exp $ a154 1 USE_GNU_READLINE= yes @ 1.18 log @Added optional support for SPF @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.17 2010/06/06 14:15:30 adam Exp $ d16 1 a16 1 PKG_SUGGESTED_OPTIONS+= exim-tls @ 1.17 log @Changes 4.72: * installed exipick 20100104.1, adding $max_received_linelength, $data_path, and $header_path variables; fixed documentation bugs and typos * installed exipick 20100222.0, added --input-dir and --finput to allow exipick to access non-standard spools, including the "frozen" queue (Finput) * Support mysql stored procedures. * Spacing fix (syntax error) on Makefile directives for NetBSD * Documentation fix for max_rcpts. * Fix for unknown responses from Dovecot authenticator. * Added umask to procmail example. * installed exipick 20100323.0, fixing doc bug * CVE-2010-2023 - prevent hardlink attack on sticky mail directory. * Upgrade PolarSSL files to upstream version 0.12.1. * Improve log output when DKIM signing operation fails. * Treat the transport option dkim_domain as a colon separated list, not as a single string, and sign the message with each element, omitting multiple occurences of the same signer. * Null terminate DKIM strings, Null initialise DKIM variable * dnsdb DNS TXT record bug fix (DKIM-related) * CVE-2010-2024 - work round race condition on MBX locking. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.16 2010/06/02 13:04:04 adam Exp $ d10 1 a10 1 PKG_SUPPORTED_OPTIONS+= exim-tls exim-transport-lmtp gdbm inet6 saslauthd d146 6 @ 1.16 log @Fix building with db5; revision bump for db4 update @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.15 2007/12/15 16:04:41 adam Exp $ a19 2 PLIST_SRC=${PKGDIR}/PLIST @ 1.15 log @Added 'readline' option, and MAKE_JOBS_SAFE=no @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.14 2007/09/11 18:16:01 abs Exp $ d131 1 a131 10 . if ${BDB_TYPE} == "db4" EXIM_DBMLIB= DBMLIB=${LDFLAGS} ${BDB_LIBS} EXIM_INCLUDE= -I${PREFIX}/${BUILDLINK_INCDIRS.db4} . elif ${BDB_TYPE} == "db3" EXIM_DBMLIB= DBMLIB=${LDFLAGS} ${BDB_LIBS} EXIM_INCLUDE= -I${PREFIX}/${BUILDLINK_INCDIRS.db3} . elif ${BDB_TYPE} == "db2" EXIM_DBMLIB= DBMLIB=${LDFLAGS} ${BDB_LIBS} EXIM_INCLUDE= -I${PREFIX}/${BUILDLINK_INCDIRS.db2} . else # using native d135 3 @ 1.14 log @Update to exim-4.67nb1: - When -inet6, explicitly set HAVE_IPV6=NO to avoid use of any inet6 APIs Note: For entertainment purposes build a NetBSD distribution with 'MKINET=no' and see what breaks in pkgsrc @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.13 2007/08/17 22:55:52 joerg Exp $ d4 13 a16 12 PKG_SUPPORTED_OPTIONS= exim-appendfile-maildir exim-appendfile-mailstore PKG_SUPPORTED_OPTIONS+= exim-appendfile-mbx exim-auth-dovecot exim-build-eximon PKG_SUPPORTED_OPTIONS+= exim-content-scan exim-lookup-cdb exim-lookup-dnsdb PKG_SUPPORTED_OPTIONS+= exim-lookup-dsearch exim-lookup-ldap exim-lookup-mysql PKG_SUPPORTED_OPTIONS+= exim-lookup-pgsql exim-lookup-sqlite exim-lookup-whoson PKG_SUPPORTED_OPTIONS+= exim-old-demime exim-router-iplookup exim-tcp-wrappers PKG_SUPPORTED_OPTIONS+= exim-tls exim-transport-lmtp gdbm inet6 saslauthd PKG_SUGGESTED_OPTIONS= exim-appendfile-maildir exim-appendfile-mailstore PKG_SUGGESTED_OPTIONS+= exim-appendfile-mbx exim-content-scan PKG_SUGGESTED_OPTIONS+= exim-lookup-dsearch exim-old-demime exim-tcp-wrappers PKG_SUGGESTED_OPTIONS+= exim-tls d153 7 @ 1.13 log @Fix modular Xorg support. Untested though, as it doesn't fully build on NetBSD/current. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.12 2007/05/18 14:24:17 abs Exp $ d118 2 @ 1.12 log @add exim-auth-dovecot and EXIM_MAX_INCLUDE_SIZE. both disabled by default @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.11 2006/12/22 21:04:14 joerg Exp $ d41 1 a41 1 . include "../../mk/x11.buildlink3.mk" @ 1.11 log @Fix spelling of saslauthd option in PKG_SUGGESTED_OPTIONS. From Peter Avalos. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.10 2006/11/20 11:56:42 abs Exp $ d5 1 a5 1 PKG_SUPPORTED_OPTIONS+= exim-appendfile-mbx exim-build-eximon d29 4 @ 1.10 log @Update mail/exim to 4.63nb1 - Add options exim-appendfile-maildir exim-appendfile-mailstore exim-appendfile-mbx exim-lookup-cdb exim-tcp-wrappers exim-tls All but exim-lookup-cdb default to off, to preserve previous defaults. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.9 2006/05/31 18:22:24 ghen Exp $ d10 1 a10 1 PKG_SUPPORTED_OPTIONS+= exim-tls exim-transport-lmtp gdbm inet6 saslauth @ 1.9 log @The databases/openldap package has been split in -client and -server component packages. Convert LDAP-based applications to depend on openldap-client, and bump PKGREVISION for those that depend on it by default. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.8 2006/04/13 21:45:13 wiz Exp $ d4 12 a15 5 PKG_SUPPORTED_OPTIONS= exim-build-eximon exim-content-scan exim-lookup-dnsdb PKG_SUPPORTED_OPTIONS+= exim-lookup-dsearch exim-lookup-ldap exim-lookup-mysql PKG_SUPPORTED_OPTIONS+= exim-lookup-pgsql exim-lookup-sqlite exim-lookup-whoson PKG_SUPPORTED_OPTIONS+= exim-old-demime gdbm inet6 saslauthd PKG_SUGGESTED_OPTIONS= exim-content-scan exim-lookup-dsearch exim-old-demime d21 12 d37 1 a37 1 .include "../../mk/x11.buildlink3.mk" d44 5 d60 1 a60 1 LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.openldap-client} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.openldap-client} -lldap -llber d66 1 a66 1 LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.mysql} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.mysql} -lmysqlclient d72 1 a72 1 LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.pgsql} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.mysql} -lpq d78 1 a78 1 LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.sqlite3} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.sqlite3} -lsqlite3 d84 1 a84 1 LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.whoson} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.whoson} -lwhoson d92 20 @ 1.8 log @Update path from cyrus-sasl2 to cyrus-sasl. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.7 2006/04/01 22:02:19 abs Exp $ d36 2 a37 2 LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.openldap} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.openldap} -lldap -llber . include "../../databases/openldap/buildlink3.mk" @ 1.7 log @Add exim-lookup-pgsql and exim-lookup-sqlite - as provided by Geert Hendrickx. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.6 2005/10/23 20:07:19 rillig Exp $ d99 2 a100 2 LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.cyrus-sasl2} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.cyrus-sasl2} -lsasl2 . include "../../security/cyrus-sasl2/buildlink3.mk" @ 1.6 log @Added RCS Id to patch-aa. Removed trailing white-space from options.mk. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.5 2005/10/16 14:10:57 abs Exp $ d6 2 a7 1 PKG_SUPPORTED_OPTIONS+= exim-lookup-whoson exim-old-demime gdbm inet6 saslauthd d46 12 @ 1.5 log @Update exim to 4.54nb1 - Enable IPv6 based on inet6 settings @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.4 2005/10/07 10:28:34 abs Exp $ d35 1 a35 1 LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.openldap} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.openldap} -lldap -llber @ 1.4 log @update exim to exim-4.52nb5 - if exim-build-eximon: also work with xorg and fix PLIST @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.3 2005/10/03 20:20:18 abs Exp $ d6 1 a6 1 PKG_SUPPORTED_OPTIONS+= exim-lookup-whoson exim-old-demime gdbm saslauthd d55 4 @ 1.3 log @Update exim to exim-4.52nb4: Fix PLIST for eximon option - from Sven Hartge @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.2 2005/10/03 18:45:50 abs Exp $ d11 2 d15 1 d17 1 a17 1 USE_X11BASE=yes @ 1.2 log @Update exim to exim-4.52nb3: - Add rmail, rsmtp, & runq as exim mailer.conf aliases (from Sergey Svishchev) - Add lookup options for openldap, mysql, eximon and dnsdb (from Sven Hartge in PR pkg/27242) - Change 'exim' specific options to be prefixed with exim- (suggsted by Dieter Baron) @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.1 2005/09/10 23:11:40 abs Exp $ d13 1 @ 1.1 log @Update exim to 4.52nb2 - Fix NetBSD statvfs check for NetBSD 2.1 - Move options into options.mk, - breakout lookup_dsearch (default on) - add saslauthd (Requested by Peter Avalos) @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.2 2005/05/31 10:01:38 dillo Exp $ d4 4 a7 3 PKG_SUPPORTED_OPTIONS= content_scan gdmb lookup_dsearch lookup_whoson PKG_SUPPORTED_OPTIONS+= old_demime saslauthd PKG_SUGGESTED_OPTIONS= content_scan lookup_dsearch old_demime d11 14 a24 1 .if !empty(PKG_OPTIONS:Mlookup_dsearch) d28 5 a32 4 .if !empty(PKG_OPTIONS:Mlookup_whoson) LOCAL_MAKEFILE_OPTIONS+=WITH_LOOKUP_WHOSON=YES LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.whoson} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.whoson} -lwhoson . include "../../net/whoson/buildlink3.mk" d35 4 a38 2 .if !empty(PKG_OPTIONS:Mcontent_scan) LOCAL_MAKEFILE_OPTIONS+=WITH_CONTENT_SCAN=YES d41 4 a44 2 .if !empty(PKG_OPTIONS:Mold_demime) LOCAL_MAKEFILE_OPTIONS+=WITH_OLD_DEMIME=YES d47 2 a48 5 .if !empty(PKG_OPTIONS:Msaslauthd) LOCAL_MAKEFILE_OPTIONS+=AUTH_CYRUS_SASL=YES LOCAL_MAKEFILE_OPTIONS+=CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux LOOKUP_LIBS+=${COMPILER_RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.cyrus-sasl2} -L${LOCALBASE}/${BUILDLINK_LIBDIRS.cyrus-sasl2} -lsasl2 . include "../../security/cyrus-sasl2/buildlink3.mk" d74 7 @