head 1.24; access; symbols pkgsrc-2023Q4:1.24.0.18 pkgsrc-2023Q4-base:1.24 pkgsrc-2023Q3:1.24.0.16 pkgsrc-2023Q3-base:1.24 pkgsrc-2023Q2:1.24.0.14 pkgsrc-2023Q2-base:1.24 pkgsrc-2023Q1:1.24.0.12 pkgsrc-2023Q1-base:1.24 pkgsrc-2022Q4:1.24.0.10 pkgsrc-2022Q4-base:1.24 pkgsrc-2022Q3:1.24.0.8 pkgsrc-2022Q3-base:1.24 pkgsrc-2022Q2:1.24.0.6 pkgsrc-2022Q2-base:1.24 pkgsrc-2022Q1:1.24.0.4 pkgsrc-2022Q1-base:1.24 pkgsrc-2021Q4:1.24.0.2 pkgsrc-2021Q4-base:1.24 pkgsrc-2021Q3:1.23.0.12 pkgsrc-2021Q3-base:1.23 pkgsrc-2021Q2:1.23.0.10 pkgsrc-2021Q2-base:1.23 pkgsrc-2021Q1:1.23.0.8 pkgsrc-2021Q1-base:1.23 pkgsrc-2020Q4:1.23.0.6 pkgsrc-2020Q4-base:1.23 pkgsrc-2020Q3:1.23.0.4 pkgsrc-2020Q3-base:1.23 pkgsrc-2020Q2:1.23.0.2 pkgsrc-2020Q2-base:1.23 pkgsrc-2020Q1:1.22.0.2 pkgsrc-2020Q1-base:1.22 pkgsrc-2019Q4:1.22.0.4 pkgsrc-2019Q4-base:1.22 pkgsrc-2019Q3:1.21.0.2 pkgsrc-2019Q3-base:1.21 pkgsrc-2019Q2:1.19.0.4 pkgsrc-2019Q2-base:1.19 pkgsrc-2019Q1:1.19.0.2 pkgsrc-2019Q1-base:1.19 pkgsrc-2018Q4:1.18.0.6 pkgsrc-2018Q4-base:1.18 pkgsrc-2018Q3:1.18.0.4 pkgsrc-2018Q3-base:1.18 pkgsrc-2018Q2:1.18.0.2 pkgsrc-2018Q2-base:1.18 pkgsrc-2018Q1:1.17.0.2 pkgsrc-2018Q1-base:1.17 pkgsrc-2017Q4:1.16.0.10 pkgsrc-2017Q4-base:1.16 pkgsrc-2017Q3:1.16.0.8 pkgsrc-2017Q3-base:1.16 pkgsrc-2017Q2:1.16.0.4 pkgsrc-2017Q2-base:1.16 pkgsrc-2017Q1:1.16.0.2 pkgsrc-2017Q1-base:1.16 pkgsrc-2016Q4:1.15.0.6 pkgsrc-2016Q4-base:1.15 pkgsrc-2016Q3:1.15.0.4 pkgsrc-2016Q3-base:1.15 pkgsrc-2016Q2:1.15.0.2 pkgsrc-2016Q2-base:1.15 pkgsrc-2016Q1:1.14.0.2 pkgsrc-2016Q1-base:1.14 pkgsrc-2015Q4:1.13.0.18 pkgsrc-2015Q4-base:1.13 pkgsrc-2015Q3:1.13.0.16 pkgsrc-2015Q3-base:1.13 pkgsrc-2015Q2:1.13.0.14 pkgsrc-2015Q2-base:1.13 pkgsrc-2015Q1:1.13.0.12 pkgsrc-2015Q1-base:1.13 pkgsrc-2014Q4:1.13.0.10 pkgsrc-2014Q4-base:1.13 pkgsrc-2014Q3:1.13.0.8 pkgsrc-2014Q3-base:1.13 pkgsrc-2014Q2:1.13.0.6 pkgsrc-2014Q2-base:1.13 pkgsrc-2014Q1:1.13.0.4 pkgsrc-2014Q1-base:1.13 pkgsrc-2013Q4:1.13.0.2 pkgsrc-2013Q4-base:1.13 pkgsrc-2013Q3:1.12.0.22 pkgsrc-2013Q3-base:1.12 pkgsrc-2013Q2:1.12.0.20 pkgsrc-2013Q2-base:1.12 pkgsrc-2013Q1:1.12.0.18 pkgsrc-2013Q1-base:1.12 pkgsrc-2012Q4:1.12.0.16 pkgsrc-2012Q4-base:1.12 pkgsrc-2012Q3:1.12.0.14 pkgsrc-2012Q3-base:1.12 pkgsrc-2012Q2:1.12.0.12 pkgsrc-2012Q2-base:1.12 pkgsrc-2012Q1:1.12.0.10 pkgsrc-2012Q1-base:1.12 pkgsrc-2011Q4:1.12.0.8 pkgsrc-2011Q4-base:1.12 pkgsrc-2011Q3:1.12.0.6 pkgsrc-2011Q3-base:1.12 pkgsrc-2011Q2:1.12.0.4 pkgsrc-2011Q2-base:1.12 pkgsrc-2011Q1:1.12.0.2 pkgsrc-2011Q1-base:1.12 pkgsrc-2010Q4:1.11.0.2 pkgsrc-2010Q4-base:1.11 pkgsrc-2010Q3:1.10.0.12 pkgsrc-2010Q3-base:1.10 pkgsrc-2010Q2:1.10.0.10 pkgsrc-2010Q2-base:1.10 pkgsrc-2010Q1:1.10.0.8 pkgsrc-2010Q1-base:1.10 pkgsrc-2009Q4:1.10.0.6 pkgsrc-2009Q4-base:1.10 pkgsrc-2009Q3:1.10.0.4 pkgsrc-2009Q3-base:1.10 pkgsrc-2009Q2:1.10.0.2 pkgsrc-2009Q2-base:1.10 pkgsrc-2009Q1:1.9.0.14 pkgsrc-2009Q1-base:1.9 pkgsrc-2008Q4:1.9.0.12 pkgsrc-2008Q4-base:1.9 pkgsrc-2008Q3:1.9.0.10 pkgsrc-2008Q3-base:1.9 cube-native-xorg:1.9.0.8 cube-native-xorg-base:1.9 pkgsrc-2008Q2:1.9.0.6 pkgsrc-2008Q2-base:1.9 cwrapper:1.9.0.4 pkgsrc-2008Q1:1.9.0.2 pkgsrc-2008Q1-base:1.9 pkgsrc-2007Q4:1.8.0.4 pkgsrc-2007Q4-base:1.8 pkgsrc-2007Q3:1.8.0.2 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.7.0.18 pkgsrc-2007Q2-base:1.7 pkgsrc-2007Q1:1.7.0.16 pkgsrc-2007Q1-base:1.7 pkgsrc-2006Q4:1.7.0.14 pkgsrc-2006Q4-base:1.7 pkgsrc-2006Q3:1.7.0.12 pkgsrc-2006Q3-base:1.7 pkgsrc-2006Q2:1.7.0.10 pkgsrc-2006Q2-base:1.7 pkgsrc-2006Q1:1.7.0.8 pkgsrc-2006Q1-base:1.7 pkgsrc-2005Q4:1.7.0.6 pkgsrc-2005Q4-base:1.7 pkgsrc-2005Q3:1.7.0.4 pkgsrc-2005Q3-base:1.7 pkgsrc-2005Q2:1.7.0.2 pkgsrc-2005Q2-base:1.7 pkgsrc-2005Q1:1.6.0.4 pkgsrc-2005Q1-base:1.6 pkgsrc-2004Q4:1.6.0.2 pkgsrc-2004Q4-base:1.6 pkgsrc-2004Q3:1.5.0.4 pkgsrc-2004Q3-base:1.5 pkgsrc-2004Q2:1.5.0.2 pkgsrc-2004Q2-base:1.5 pkgsrc-2004Q1:1.4.0.4 pkgsrc-2004Q1-base:1.4 pkgsrc-2003Q4:1.4.0.2 pkgsrc-2003Q4-base:1.4 netbsd-1-6-1:1.3.0.2 netbsd-1-6-1-base:1.3 netbsd-1-6:1.2.0.6 netbsd-1-6-RELEASE-base:1.2 pkgviews:1.2.0.2 pkgviews-base:1.2 buildlink2:1.1.0.2 buildlink2-base:1.2 netbsd-1-5-PATCH003:1.1; locks; strict; comment @# @; 1.24 date 2021.11.14.20.19.08; author adam; state Exp; branches; next 1.23; commitid 0JDQibYDvDKDMNgD; 1.23 date 2020.06.01.19.42.48; author adam; state Exp; branches; next 1.22; commitid bbrw4GbeRWQnEyaC; 1.22 date 2019.12.09.18.46.01; author adam; state Exp; branches; next 1.21; commitid 5pSLddULU7EBX3OB; 1.21 date 2019.09.30.19.25.58; author wiedi; state Exp; branches; next 1.20; commitid f0Ex1xeQOr50r4FB; 1.20 date 2019.09.06.13.21.35; author adam; state Exp; branches; next 1.19; commitid VLaeVyrcjMtIbXBB; 1.19 date 2019.02.24.20.31.00; author adam; state Exp; branches; next 1.18; commitid NXttGJJWATKBN3dB; 1.18 date 2018.04.23.07.28.18; author adam; state Exp; branches; next 1.17; commitid b5cnALq8nKFYkxzA; 1.17 date 2018.03.07.08.24.47; author adam; state Exp; branches; next 1.16; commitid 9RWJBrDT5SVY9vtA; 1.16 date 2017.03.18.07.08.23; author adam; state Exp; branches 1.16.10.1; next 1.15; commitid wn8hiY0Mb2Zl70Kz; 1.15 date 2016.04.09.10.49.39; author adam; state Exp; branches; next 1.14; commitid v3BPkwoTlXoOmW1z; 1.14 date 2016.01.11.08.35.31; author adam; state Exp; branches; next 1.13; commitid WhBBBRUkC7GduuQy; 1.13 date 2013.10.30.07.30.03; author adam; state Exp; branches 1.13.18.1; next 1.12; commitid 735RzrN9CSMIVhbx; 1.12 date 2011.01.12.09.26.24; author adam; state Exp; branches; next 1.11; 1.11 date 2010.11.08.07.52.46; author adam; state Exp; branches 1.11.2.1; next 1.10; 1.10 date 2009.06.14.18.04.33; author joerg; state Exp; branches; next 1.9; 1.9 date 2008.01.14.18.57.40; author adam; state Exp; branches; next 1.8; 1.8 date 2007.09.05.10.36.43; author rillig; state Exp; branches; next 1.7; 1.7 date 2005.05.17.17.06.12; author abs; state Exp; branches; next 1.6; 1.6 date 2004.10.07.17.29.16; author abs; state Exp; branches; next 1.5; 1.5 date 2004.05.07.18.08.29; author abs; state Exp; branches; next 1.4; 1.4 date 2003.09.02.12.16.19; author abs; state Exp; branches; next 1.3; 1.3 date 2002.12.09.11.40.49; author ad; state Exp; branches; next 1.2; 1.2 date 2002.06.19.16.10.51; author ad; state Exp; branches; next 1.1; 1.1 date 2001.11.01.00.59.58; author zuntum; state Exp; branches 1.1.2.1; next ; 1.16.10.1 date 2018.03.08.20.22.05; author spz; state Exp; branches; next ; commitid 1z5xemMwUu0c6HtA; 1.13.18.1 date 2016.03.03.20.22.52; author bsiegert; state Exp; branches; next ; commitid oE0xishnFuifJeXy; 1.11.2.1 date 2011.01.22.10.59.16; author tron; state Exp; branches; next ; 1.1.2.1 date 2002.06.23.18.51.14; author jlam; state Exp; branches; next ; desc @@ 1.24 log @exim exim-html: updated to 4.95 Version 4.95 ------------ 1. The fast-ramp two phase queue run support, previously experimental, is now supported by default. 2. The native SRS support, previously experimental, is now supported. It is not built unless specified in the Local/Makefile. 3. TLS resumption support, previously experimental, is now supported and included in default builds. 4. Single-key LMDB lookups, previously experimental, are now supported. The support is not built unless specified in the Local/Makefile. 5. Option "message_linelength_limit" on the smtp transport to enforce (by default) the RFC 998 character limit. 6. An option to ignore the cache on a lookup. 7. Quota checking during reception (i.e. at SMTP time) for appendfile- transport-managed quotas. 8. Sqlite lookups accept a "file=" option to specify a per-operation db file, replacing the previous prefix to the SQL string (which had issues when the SQL used tainted values). 9. Lsearch lookups accept a "ret=full" option, to return both the portion of the line matching the key, and the remainder. 10. A command-line option to have a daemon not create a notifier socket. 11. Faster TLS startup. When various configuration options contain no expandable elements, the information can be preloaded and cached rather than the previous behaviour of always loading at startup time for every connection. This helps particularly for the CA bundle. 12. Proxy Protocol Timeout is configurable via "proxy_protocol_timeout" main config option. 13. Option "smtp_accept_max_per_connection" is now expanded. 14. Log selector "queue_size_exclusive", enabled by default, to exclude the time taken for reception from QT log elements. 15. Main option "smtp_backlog_monitor", to set a level above which listen socket backlogs are logged. 16. Main option "hosts_require_helo", requiring HELO or EHLO before MAIL. 17. A main config option "allow_insecure_tainted_data" allows to turn 18. TLS ALPN handling. By default, refuse TLS connections that try to specify a non-smtp (eg. http) use. Options for customising. 19. Support for MacOS (darwin) has been dropped. @ text @@@comment $NetBSD: PLIST,v 1.23 2020/06/01 19:42:48 adam Exp $ share/doc/exim/html/spec_html/ch-access_control_lists.html share/doc/exim/html/spec_html/ch-adding_a_local_scan_function_to_exim.html share/doc/exim/html/spec_html/ch-adding_new_drivers_or_lookup_types.html share/doc/exim/html/spec_html/ch-address_batching_in_local_transports.html share/doc/exim/html/spec_html/ch-address_rewriting.html share/doc/exim/html/spec_html/ch-building_and_installing_exim.html share/doc/exim/html/spec_html/ch-concept_index.html share/doc/exim/html/spec_html/ch-content_scanning_at_acl_time.html share/doc/exim/html/spec_html/ch-customizing_bounce_and_warning_messages.html share/doc/exim/html/spec_html/ch-dkim_spf_srs_and_dmarc.html share/doc/exim/html/spec_html/ch-domain_host_address_and_local_part_lists.html share/doc/exim/html/spec_html/ch-embedded_perl.html share/doc/exim/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html share/doc/exim/html/spec_html/ch-environment_for_running_local_transports.html share/doc/exim/html/spec_html/ch-events.html share/doc/exim/html/spec_html/ch-exim_utilities.html share/doc/exim/html/spec_html/ch-file_and_database_lookups.html share/doc/exim/html/spec_html/ch-format_of_spool_files.html share/doc/exim/html/spec_html/ch-generic_options_for_routers.html share/doc/exim/html/spec_html/ch-generic_options_for_transports.html share/doc/exim/html/spec_html/ch-how_exim_receives_and_delivers_mail.html share/doc/exim/html/spec_html/ch-incorporated_code.html share/doc/exim/html/spec_html/ch-internationalisation.html share/doc/exim/html/spec_html/ch-introduction.html share/doc/exim/html/spec_html/ch-log_files.html share/doc/exim/html/spec_html/ch-main_configuration.html share/doc/exim/html/spec_html/ch-message_processing.html share/doc/exim/html/spec_html/ch-option_index.html share/doc/exim/html/spec_html/ch-proxies.html share/doc/exim/html/spec_html/ch-regular_expressions.html share/doc/exim/html/spec_html/ch-retry_configuration.html share/doc/exim/html/spec_html/ch-security_considerations.html share/doc/exim/html/spec_html/ch-smtp_authentication.html share/doc/exim/html/spec_html/ch-smtp_processing.html share/doc/exim/html/spec_html/ch-some_common_configuration_settings.html share/doc/exim/html/spec_html/ch-starting_the_daemon_and_the_use_of_network_interfaces.html share/doc/exim/html/spec_html/ch-string_expansions.html share/doc/exim/html/spec_html/ch-systemwide_message_filtering.html share/doc/exim/html/spec_html/ch-the_accept_router.html share/doc/exim/html/spec_html/ch-the_appendfile_transport.html share/doc/exim/html/spec_html/ch-the_autoreply_transport.html share/doc/exim/html/spec_html/ch-the_crammd5_authenticator.html share/doc/exim/html/spec_html/ch-the_cyrussasl_authenticator.html share/doc/exim/html/spec_html/ch-the_default_configuration_file.html share/doc/exim/html/spec_html/ch-the_dnslookup_router.html share/doc/exim/html/spec_html/ch-the_dovecot_authenticator.html share/doc/exim/html/spec_html/ch-the_exim_command_line.html share/doc/exim/html/spec_html/ch-the_exim_monitor.html share/doc/exim/html/spec_html/ch-the_exim_runtime_configuration_file.html share/doc/exim/html/spec_html/ch-the_external_authenticator.html share/doc/exim/html/spec_html/ch-the_gsasl_authenticator.html share/doc/exim/html/spec_html/ch-the_heimdalgssapi_authenticator.html share/doc/exim/html/spec_html/ch-the_ipliteral_router.html share/doc/exim/html/spec_html/ch-the_iplookup_router.html share/doc/exim/html/spec_html/ch-the_lmtp_transport.html share/doc/exim/html/spec_html/ch-the_manualroute_router.html share/doc/exim/html/spec_html/ch-the_pipe_transport.html share/doc/exim/html/spec_html/ch-the_plaintext_authenticator.html share/doc/exim/html/spec_html/ch-the_queryprogram_router.html share/doc/exim/html/spec_html/ch-the_redirect_router.html share/doc/exim/html/spec_html/ch-the_smtp_transport.html share/doc/exim/html/spec_html/ch-the_spa_authenticator.html share/doc/exim/html/spec_html/ch-the_tls_authenticator.html share/doc/exim/html/spec_html/ch-using_exim_as_a_nonqueueing_client.html share/doc/exim/html/spec_html/ch-variable_index.html share/doc/exim/html/spec_html/ch01.html share/doc/exim/html/spec_html/ch02.html share/doc/exim/html/spec_html/ch03.html share/doc/exim/html/spec_html/ch04.html share/doc/exim/html/spec_html/ch05.html share/doc/exim/html/spec_html/ch06.html share/doc/exim/html/spec_html/ch07.html share/doc/exim/html/spec_html/ch08.html share/doc/exim/html/spec_html/ch09.html share/doc/exim/html/spec_html/ch10.html share/doc/exim/html/spec_html/ch11.html share/doc/exim/html/spec_html/ch12.html share/doc/exim/html/spec_html/ch13.html share/doc/exim/html/spec_html/ch14.html share/doc/exim/html/spec_html/ch15.html share/doc/exim/html/spec_html/ch16.html share/doc/exim/html/spec_html/ch17.html share/doc/exim/html/spec_html/ch18.html share/doc/exim/html/spec_html/ch19.html share/doc/exim/html/spec_html/ch20.html share/doc/exim/html/spec_html/ch21.html share/doc/exim/html/spec_html/ch22.html share/doc/exim/html/spec_html/ch23.html share/doc/exim/html/spec_html/ch24.html share/doc/exim/html/spec_html/ch25.html share/doc/exim/html/spec_html/ch26.html share/doc/exim/html/spec_html/ch27.html share/doc/exim/html/spec_html/ch28.html share/doc/exim/html/spec_html/ch29.html share/doc/exim/html/spec_html/ch30.html share/doc/exim/html/spec_html/ch31.html share/doc/exim/html/spec_html/ch32.html share/doc/exim/html/spec_html/ch33.html share/doc/exim/html/spec_html/ch34.html share/doc/exim/html/spec_html/ch35.html share/doc/exim/html/spec_html/ch36.html share/doc/exim/html/spec_html/ch37.html share/doc/exim/html/spec_html/ch38.html share/doc/exim/html/spec_html/ch39.html share/doc/exim/html/spec_html/ch40.html share/doc/exim/html/spec_html/ch41.html share/doc/exim/html/spec_html/ch42.html share/doc/exim/html/spec_html/ch43.html share/doc/exim/html/spec_html/ch44.html share/doc/exim/html/spec_html/ch45.html share/doc/exim/html/spec_html/ch46.html share/doc/exim/html/spec_html/ch47.html share/doc/exim/html/spec_html/ch48.html share/doc/exim/html/spec_html/ch49.html share/doc/exim/html/spec_html/ch50.html share/doc/exim/html/spec_html/ch51.html share/doc/exim/html/spec_html/ch52.html share/doc/exim/html/spec_html/ch53.html share/doc/exim/html/spec_html/ch54.html share/doc/exim/html/spec_html/ch55.html share/doc/exim/html/spec_html/ch56.html share/doc/exim/html/spec_html/ch57.html share/doc/exim/html/spec_html/ch58.html share/doc/exim/html/spec_html/ch59.html share/doc/exim/html/spec_html/ch60.html share/doc/exim/html/spec_html/ch61.html share/doc/exim/html/spec_html/ch62.html share/doc/exim/html/spec_html/ch63.html share/doc/exim/html/spec_html/ch64.html share/doc/exim/html/spec_html/ch65.html share/doc/exim/html/spec_html/filter.html share/doc/exim/html/spec_html/filter_ch-exim_filter_files.html share/doc/exim/html/spec_html/filter_ch-forwarding_and_filtering_in_exim.html share/doc/exim/html/spec_html/filter_ch-sieve_filter_files.html share/doc/exim/html/spec_html/filter_ch01.html share/doc/exim/html/spec_html/filter_ch02.html share/doc/exim/html/spec_html/filter_ch03.html share/doc/exim/html/spec_html/filter_toc.xml share/doc/exim/html/spec_html/index.html share/doc/exim/html/spec_html/index_toc.xml share/doc/exim/html/static/css/common.css share/doc/exim/html/static/css/index.css share/doc/exim/html/static/doc/CVE-2016-1531.txt share/doc/exim/html/static/doc/CVE-2016-9963.txt share/doc/exim/html/static/doc/chapter.css share/doc/exim/html/static/doc/chapter.js share/doc/exim/html/static/doc/contents.png share/doc/exim/html/static/doc/index.css share/doc/exim/html/static/doc/index.js share/doc/exim/html/static/doc/minus-12x12.png share/doc/exim/html/static/doc/plus-12x12.png share/doc/exim/html/static/doc/security/CVE-2016-1531.txt share/doc/exim/html/static/doc/security/CVE-2016-9963.txt share/doc/exim/html/static/doc/security/CVE-2018-6789.txt share/doc/exim/html/static/doc/security/CVE-2019-10149.txt share/doc/exim/html/static/doc/security/CVE-2019-13917.txt share/doc/exim/html/static/doc/security/CVE-2019-15846.txt share/doc/exim/html/static/doc/security/CVE-2019-16928.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/21nails.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28010-SLCWD.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28011-SPRSS.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28016-PFPZA.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28021-MAUTH.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28022-EXOPT.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28024-UNGET.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-2021-27216-DELETE-PID-FILE.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/CVE-assigments.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/minor-issues.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/patches-4.94+fixes.tar.gz share/doc/exim/html/static/doc/security/CVE-2020-qualys/patches1.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/patches2.txt share/doc/exim/html/static/doc/security/CVE-2020-qualys/patches3.txt share/doc/exim/html/static/js/common.js @ 1.23 log @exim exim-html: updated to 4.94 Exim version 4.94 ----------------- JH/01 Avoid costly startup code when not strictly needed. This reduces time for some exim process initialisations. It does mean that the logging of TLS configuration problems is only done for the daemon startup. JH/02 Early-pipelining support code is now included unless disabled in Makefile. JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to RFC 8301. They can still be enabled, using the dkim_verify_hashes main option. JH/04 Support CHUNKING from an smtp transport using a transport_filter, when DKIM signing is being done. Previously a transport_filter would always disable CHUNKING, falling back to traditional DATA. JH/05 Regard command-line receipients as tainted. JH/06 Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. JH/07 Bug 2489: Fix crash in the "pam" expansion condition. It seems that the PAM library frees one of the arguments given to it, despite the documentation. Therefore a plain malloc must be used. JH/08 Bug 2491: Use tainted buffers for the transport smtp context. Previously on-stack buffers were used, resulting in a taint trap when DSN information copied from a received message was written into the buffer. JH/09 Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix the ordering of its ARC headers. This caused a crash. JH/10 Bug 2492: Use tainted memory for retry record when needed. Previously when a new record was being constructed with information from the peer, a trap was taken. JH/11 Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive installation would get error messages from DMARC verify, when it hit the nonexistent file indicated by the default. Distros wanting DMARC enabled should both provide the file and set the option. Also enforce no DMARC verification for command-line sourced messages. JH/12 Fix an uninitialised flag in early-pipelining. Previously connections could, depending on the platform, hang at the STARTTLS response. JH/13 Bug 2498: Reset a counter used for ARC verify before handling another message on a connection. Previously if one message had ARC headers and the following one did not, a crash could result when adding an Authentication-Results: header. JH/14 Bug 2500: Rewind some of the common-coding in string handling between the Exim main code and Exim-related utities. The introduction of taint tracking also did many adjustments to string handling. Since then, eximon frequently terminated with an assert failure. JH/15 When PIPELINING, synch after every hundred or so RCPT commands sent and check for 452 responses. This slightly helps the inefficieny of doing a large alias-expansion into a recipient-limited target. The max_rcpt transport option still applies (and at the current default, will override the new feature). The check is done for either cause of synch, and forces a fast-retry of all 452'd recipients using a new MAIL FROM on the same connection. The new facility is not tunable at this time. JH/16 Fix the variables set by the gsasl authenticator. Previously a pointer to library live data was being used, so the results became garbage. Make copies while it is still usable. JH/17 Logging: when the deliver_time selector ise set, include the DT= field on delivery deferred (==) and failed (**) lines (if a delivery was attemtped). Previously it was only on completion (=>) lines. JH/18 Authentication: the gsasl driver not provides the $authN variables in time for the expansion of the server_scram_iter and server_scram_salt options. WB/01 SPF: DNS lookups for the obsolete SPF RR type done by the libspf2 library are now specifically given a NO_DATA response without hitting the system resolver. The library goes on to do the now-standard TXT lookup. Use of dnsdb lookups is not affected. JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, only retrieve the errormessage once. Previously two calls to dlerror() were used, and the second one (for mainlog/paniclog) retrieved null information. JH/20 Taint checking: disallow use of tainted data for - the appendfile transport file and directory options - the pipe transport command - the autoreply transport file, log and once options - file names used by the redirect router (including filter files) - named-queue names - paths used by single-key lookups Previously this was permitted. JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it adjusted the size of a major service buffer; this failed because the buffer was in use at the time. Change to a compile-time increase in the buffer size, when this authenticator is compiled into exim. JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The previous fast-mode was untenable in the face of glibs using mmap to support larger malloc requests. PP/01 Update the openssl_options possible values through OpenSSL 1.1.1c. New values supported, if defined on system where compiled: allow_no_dhe_kex, cryptopro_tlsext_bug, enable_middlebox_compat, no_anti_replay, no_encrypt_then_mac, prioritize_chacha, tlsext_padding JH/23 Performance improvement in the initial phase of a two-pass queue run. By running a limited number of proceses in parallel, a benefit is gained. The amount varies with the platform hardware and load. The use of the option queue_run_in_order means we cannot do this, as ordering becomes indeterminate. JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix had introduced a string-copy (for ensuring NUL-termination) which was not appropriate for that case, which can include embedded NUL bytes in the block of data. Investigation showed the copy to actually be needless, the data being length-specified. JH/25 Fix use of concurrent TLS connections under GnuTLS. When a callout was done during a receiving connection, and both used TLS, global info was used rather than per-connection info for tracking the state of data queued for transmission. This could result in a connection hang. JH/26 Fix use of the SIZE parameter on MAIL commands, on continued connections. Previously, when delivering serveral messages down a single connection only the first would provide a SIZE. This was due to the size information not being properly tracked. JH/27 Bug 2530: When operating in a timezone with sub-minute offset, such as TAI (at 37 seconds currently), pretend to be in UTC for time-related expansion and logging. Previously, spurious values such as a future minute could be seen. JH/28 Bug 2533: Fix expansion of ${tr } item. When called in some situations it could crash from a null-deref. This could also affect the ${addresses: } operator and ${readsock } item. JH/29 Bug 2537: Fix $mime_part_count. When a single connection had a non-mime message following a mime one, the variable was not reset. JH/30 When an pipelined-connect fails at the first response, assume incorrect cached capability (perhaps the peer reneged?) and immediately retry in non-pipelined mode. JH/31 Fix spurious detection of timeout while writing to transport filter. JH/32 Bug 2541: Fix segfault on bad cmdline -f (sender) argument. Previously an attempt to copy the string was made before checking it. JH/33 Fix the dsearch lookup to return an untainted result. Previously the taint of the lookup key was maintained; we now regard the presence in the filesystem as sufficient validation. JH/34 Fix the readsocket expansion to not segfault when an empty "options" argument is supplied. JH/35 The dsearch lookup now requires that the directory is an absolute path. Previously this was not checked, and nonempty relative paths made an access under Exim's current working directory. JH/36 Bug 2554: Fix msg:defer event for the hosts_max_try_hardlimit case. Previously no event was raised. JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE parameter supplied by the sender MAIL FROM command. Previously it was ignored, and only the check_spool_space option value for the required leeway checked. JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present the size of the signing public-key. Previously it was instead giving the size of the signature hash. JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now the default. See the (new) dkim_verify_min_keysizes option. JH/40 Fix a memory-handling bug: when a connection carried multiple messages and an ACL use a lookup for checking either the local_part or domain, stale data could be accessed. Ensure that variable references are dropped between messages. JH/41 Bug 2571: Fix SPA authenticator. Running as a server, an offset supplied by the client was not checked as pointing within response data before being used. A malicious client could thus cause an out-of-bounds read and possibly gain authentication. Fix by adding the check. JH/42 Internationalisation: change the default for downconversion in the smtp transport to be "if needed". Previously it was "as previously set" for the message, which usually meant "if needed" for message-submission but "no" for everything else. However, MTAs have been seen using SMTPUTF8 even when the envelope addresses did not need it, resulting in forwarding failures to non-supporting MTAs. A downconvert in such cases will be a no-op on the addresses, merely dropping the use of SMTPUTF8 by the transport. The change does mean that addresses needing conversion will be converted when previously a delivery failure would occur. JH/43 Fix possible long line in DSN. Previously when a very long SMTP error response was received it would be used unchecked in a fail-DSN, violating standards on line-length limits. Truncate if needed. HS/01 Remove parameters of the link to www.open-spf.org. The linked form doesn't work. (Additionally add a new main config option to configure the spf_smtp_comment) @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.22 2019/12/09 18:46:01 adam Exp $ d11 1 a11 1 share/doc/exim/html/spec_html/ch-dkim_spf_and_dmarc.html d160 28 @ 1.22 log @exim: updated to 4.93 Exim version 4.93 ----------------- JH/01 OpenSSL: With debug enabled output keying information sufficient, server side, to decode a TLS 1.3 packet capture. JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets. Previously the default library behaviour applied, sending two, each in its own TCP segment. JH/03 Debug output for ACL now gives the config file name and line number for each verb. JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause. JH/05 DKIM: ensure that dkim_domain elements are lowercased before use. JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible buffer overrun for (non-chunking) other transports. JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under TLS1.3, means that a server rejecting a client certificate is not visible to the client until the first read of encrypted data (typically the response to EHLO). Add detection for that case and treat it as a failed TLS connection attempt, so that the normal retry-in-clear can work (if suitably configured). JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part and/or domain. Found and fixed by Jason Betts. JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid configuration). If a CNAME target was not a wellformed name pattern, a crash could result. JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when the OS reports them interleaved with other addresses. JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was used both for input and for a verify callout, both encrypted, SMTP responses being sent by the server could be lost. This resulted in dropped connections and sometimes bounces generated by a peer sending to this system. JH/11 Harden plaintext authenticator against a badly misconfigured client-send string. Previously it was possible to cause undefined behaviour in a library routine (usually a crash). Found by "zerons". JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no output. JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old API was removed, so update to use the newer ones. JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without any timeout set, is taking a long time. Previously we would hang on to a rotated logfile "forever" if the input was arriving with long gaps (a previous attempt to fix addressed lack, for a long time, of initial input). HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. The length of the tempfile name is now 4 + 16 ("hdr.$message_exim_id") which might break on file systems which restrict the file name length to lower values. (It was "hdr.$pid".) HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors on some platforms for bit 31. JH/16 GnuTLS: rework ciphersuite strings under recent library versions. Thanks to changes apparently associated with TLS1.3 handling some of the APIs previously used were either nonfunctional or inappropriate. Strings like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256 and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 . This affects log line X= elements, the $tls_{in,out}_cipher variables, and the use of specific cipher names in the encrypted= ACL condition. JH/17 OpenSSL: the default openssl_options now disables ssl_v3. JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the verification result was not updated unless hosts_require_ocsp applied. JH/19 Bug 2398: fix listing of a named-queue. Previously, even with the option queue_list_requires_admin set to false, non-admin users were denied the facility. JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in directory-of-certs mode. Previously they were advertised despite the documentation. JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default. A single TCP connection by a client will now hold a TLS connection open for multiple message deliveries, by default. Previoud the default was to not do so. JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by default. If built with the facility, DANE will be used. The facility SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME". JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define is replaced with DISABLE_TLS. Either USE_GNUTLS or (the new) USE_OPENSSL must be defined and you must still, unless you define DISABLE_TLS, manage the the include-dir and library-file requirements that go with that choice. Non-TLS builds are still supported. JH/24 Fix duplicated logging of peer name/address, on a transport connection- reject under TFO. JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by default. If the platform supports and has the facility enabled, it will be requested on all coneections. JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now controlled by the build-time option SUPPORT_PIPE_CONNECT. PP/01 Unbreak heimdal_gssapi, broken in 4.92. JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for success-DSN messages. Previously the From: header was always the default one for these; the option was ignored. JH/28 Fix the timeout on smtp response to apply to the whole response. Previously it was reset for every read, so a teergrubing peer sending single bytes within the time limit could extend the connection for a long time. Credit to Qualsys Security Advisory Team for the discovery. JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing delivery address, which leaked information of the results of local forwarding. Change to the original envelope recipient address, per standards. JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is requested. Previously not bounce was generated and a log entry of error ignored was made. JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917) JH/32 Introduce a general tainting mechanism for values read from the input channel, and values derived from them. Refuse to expand any tainted values, to catch one form of exploit. JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result was unused and the unexpanded text used for the test. Found and fixed by Ruben Jenster. JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open, an attempt to use a TLS library read routine dereffed a nul pointer, causing a segfault. JH/35 Bug 2409: filter out-of-spec chars from callout response before using them in our smtp response. JH/36 Have the general router option retry_use_local_part default to true when any of the restrictive preconditions are set (to anything). Previously it was only for check_local user. The change removes one item of manual configuration which is required for proper retries when a remote router handles a subset of addresses for a domain. JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file link count into consideration. HS/04 Fix handling of very log lines in -H files. If a - line caused the extension of big_buffer, the following lines were ignored. JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in accordance with RFC 2308. Previously there was no expiry, so a longlived receive process (eg. due to ACL delays) versus a short SOA value could surprise. HS/05 Handle trailing backslash gracefully. (CVE-2019-15846) JH/39 Promote DMARC support to mainline. JH/40 Bug 2452: Add a References: header to DSNs. JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman parameters. The relevant library call is documented as "Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since 3.6.0, DH parameters are negotiated following RFC7919." HS/06 Change the default of dnssec_request_domains to "*" JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected. Previously we carried on and emitted a BDAT command, even when PIPELINING was not active. JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted buffer was used for the filename, resulting in a trap when tainted arguments (eg. $domain) were used. JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below; recommended to avoid a possible server-load attack. The feature can be re-enabled via the openssl_options main cofiguration option. JH/45 local_scan API: documented the current smtp_printf() call. This changed for version 4.90 - adding a "more data" boolean to the arguments. Bumped the ABI version number also, this having been missed previously; release versions 4.90 to 4.92.3 inclusive were effectively broken in respect of usage of smtp_printf() by either local_scan code or libraries accessed via the ${dlfunc } expansion item. Both will need coding adjustment for any calls to smtp_printf() to match the new function signature; a FALSE value for the new argument is always safe. JH/46 FreeBSD: fix use of the sendfile() syscall. The shim was not updating the file-offset (which the Linux syscall does, and exim expects); this resulted in an indefinite loop. JH/47 ARC: fix crash in signing, triggered when a configuration error failed to do ARC verification. The Authentication-Results: header line added by the configuration then had no ARC item. @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.21 2019/09/30 19:25:58 wiedi Exp $ a160 3 share/doc/exim/html/static/keys/hs@@schlittermann.de.asc share/doc/exim/html/static/keys/jgh@@wizmail.org.asc share/doc/exim/html/static/keys/phil.pennock@@spodhuis.org.asc @ 1.21 log @exim: update to 4.92.3 Fix for CVE-2019-16928 @ text @d1 1 a1 1 @@comment $NetBSD$ d11 1 a11 1 share/doc/exim/html/spec_html/ch-dkim_and_spf.html d51 1 d131 1 d161 3 @ 1.20 log @exim-html: updated to 4.92.2 keep up with exim @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.19 2019/02/24 20:31:00 adam Exp $ d156 2 @ 1.19 log @exim: updated to 4.92 4.92: New features include: - ${l_header:} expansion - ${readsocket} now supports TLS - "utf8_downconvert" option (if built with SUPPORT_I18N) - "pipelining" log_selector - JSON variants for ${extract } expansion - "noutf8" debug option - TCP Fast Open support on MacOS @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.18 2018/04/23 07:28:18 adam Exp $ d154 2 @ 1.18 log @exim: updated to 4.91 Version 4.91 1. Dual-certificate stacks on servers now support OCSP stapling, under GnuTLS version 3.5.6 or later. 2. DANE is now supported under GnuTLS version 3.0.0 or later. Both GnuTLS and OpenSSL versions are moved to mainline support from Experimental. New SMTP transport option "dane_require_tls_ciphers". 3. Feature macros for the compiled-in set of malware scanner interfaces. 4. SPF support is promoted from Experimental to mainline status. The template src/EDITME makefile does not enable its inclusion. 5. Logging control for DKIM verification. The existing DKIM log line is controlled by a "dkim_verbose" selector which is _not_ enabled by default. A new tag "DKIM=" is added to <= lines by default, controlled by a "dkim" log_selector. 6. Receive duration on <= lines, under a new log_selector "receive_time". 7. Options "ipv4_only" and "ipv4_prefer" on the dnslookup router and on routing rules in the manualroute router. 8. Expansion item ${sha3:} / ${sha3_:} now also supported under OpenSSL version 1.1.1 or later. 9. DKIM operations can now use the Ed25519 algorithm in addition to RSA, under GnuTLS 3.6.0 or OpenSSL 1.1.1 or later. 10. Builtin feature-macros _CRYPTO_HASH_SHA3 and _CRYPTO_SIGN_ED25519, library version dependent. 11. "exim -bP macro " returns caller-usable status. 12. Expansion item ${authresults {}} for creating an Authentication-Results: header. 13. EXPERIMENTAL_ARC. See the experimental.spec file. See also new util/renew-opendmarc-tlds.sh script for use with DMARC/ARC. 14: A dane:fail event, intended to facilitate reporting. 15. "Lightweight" support for Redis Cluster. Requires redis_servers list to contain all the servers in the cluster, all of which must be reachable from the running exim instance. If the cluster has master/slave replication, the list must contain all the master and slave servers. 16. Add an option to the Avast scanner interface: "pass_unscanned". This allows to treat unscanned files as clean. Files may be unscanned for several reasons: decompression bombs, broken archives. @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.17 2018/03/07 08:24:47 adam Exp $ d50 1 a50 1 share/doc/exim/html/spec_html/ch-the_exim_run_time_configuration_file.html d151 3 @ 1.17 log @exim: updated to 4.90.1 Exim version 4.90.1 JH/03 Fix pgsql lookup for multiple result-tuples with a single column. Previously only the last row was returned. JH/04 Bug 2217: Tighten up the parsing of DKIM signature headers. Previously we assumed that tags in the header were well-formed, and parsed the element content after inspecting only the first char of the tag. Assumptions at that stage could crash the receive process on malformed input. JH/05 Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL. While running the DKIM ACL we operate on the Permanent memory pool so that variables created with "set" persist to the DATA ACL. Also (at any time) DNS lookups that fail create cache records using the Permanent pool. But expansions release any allocations made on the current pool - so a dnsdb lookup expansion done in the DKIM ACL releases the memory used for the DNS negative-cache, and bad things result. Solution is to switch to the Main pool for expansions. While we're in that code, add checks on the DNS cache during store_reset, active in the testsuite. Problem spotted, and debugging aided, by Wolfgang Breyha. JH/06 Fix issue with continued-connections when the DNS shifts unreliably. When none of the hosts presented to a transport match an already-open connection, close it and proceed with the list. Previously we would queue the message. Spotted by Lena with Yahoo, probably involving round-robin DNS. JH/07 Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL. Previously a spurious "250 OK id=" response was appended to the proper failure response. JH/10 Bug 2223: Fix mysql lookup returns for the no-data case (when the number of rows affected is given instead). JH/12 Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating SMTP connection. Previously, when one had more receipients than the first, an abortive onward connection was made. Move to full support for multiple onward connections in sequence, handling cutthrough connection for all multi-message initiating connections. JH/13 Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by routers. Previously, a multi-recipient message would fail to match the onward-connection opened for the first recipient, and cause its closure. JH/14 Bug 2174: A timeout on connect for a callout was also erroneously seen as a timeout on read on a GnuTLS initiating connection, resulting in the initiating connection being dropped. This mattered most when the callout was marked defer_ok. Fix to keep the two timeout-detection methods separate. HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789) JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc metadata, resulting in a crash in free(). PP/01 Fix broken Heimdal GSSAPI authenticator integration. Broken in f2ed27cf5, missing an equals sign for specified-initialisers. Broken also in d185889f4, with init system revamp. @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.16 2017/03/18 07:08:23 adam Exp $ d11 1 a38 1 share/doc/exim/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html a150 3 share/doc/exim/html/static/doc/security/CVE-2016-1531.txt share/doc/exim/html/static/doc/security/CVE-2016-9963.txt share/doc/exim/html/static/doc/security/CVE-2018-6789.txt @ 1.16 log @Version 4.89 ------------ 1. Allow relative config file names for ".include" 2. A main-section config option "debug_store" to control the checks on variable locations during store-reset. Normally false but can be enabled when a memory corrution issue is suspected on a production system. @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.15 2016/04/09 10:49:39 adam Exp $ d151 3 @ 1.16.10.1 log @Pullup ticket #5719 - requested by maya mail/exim-html: security update Revisions pulled up: - mail/exim-html/Makefile 1.36 - mail/exim-html/PLIST 1.17 - mail/exim-html/distinfo 1.29 - mail/exim/Makefile 1.158 - mail/exim/distinfo 1.68 - mail/exim/files/Makefile-DragonFly deleted - mail/exim/files/os.h-DragonFly deleted ------------------------------------------------------------------- Module Name: pkgsrc Committed By: adam Date: Wed Mar 7 08:24:47 UTC 2018 Modified Files: pkgsrc/mail/exim: Makefile distinfo pkgsrc/mail/exim-html: Makefile PLIST distinfo Removed Files: pkgsrc/mail/exim/files: Makefile-DragonFly os.h-DragonFly Log Message: exim: updated to 4.90.1 Exim version 4.90.1 JH/03 Fix pgsql lookup for multiple result-tuples with a single column. Previously only the last row was returned. JH/04 Bug 2217: Tighten up the parsing of DKIM signature headers. Previously we assumed that tags in the header were well-formed, and parsed the element content after inspecting only the first char of the tag. Assumptions at that stage could crash the receive process on malformed input. JH/05 Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL. While running the DKIM ACL we operate on the Permanent memory pool so that variables created with "set" persist to the DATA ACL. Also (at any time) DNS lookups that fail create cache records using the Permanent pool. But expansions release any allocations made on the current pool - so a dnsdb lookup expansion done in the DKIM ACL releases the memory used for the DNS negative-cache, and bad things result. Solution is to switch to the Main pool for expansions. While we're in that code, add checks on the DNS cache during store_reset, active in the testsuite. Problem spotted, and debugging aided, by Wolfgang Breyha. JH/06 Fix issue with continued-connections when the DNS shifts unreliably. When none of the hosts presented to a transport match an already-open connection, close it and proceed with the list. Previously we would queue the message. Spotted by Lena with Yahoo, probably involving round-robin DNS. JH/07 Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL. Previously a spurious "250 OK id=" response was appended to the proper failure response. JH/10 Bug 2223: Fix mysql lookup returns for the no-data case (when the number of rows affected is given instead). JH/12 Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating SMTP connection. Previously, when one had more receipients than the first, an abortive onward connection was made. Move to full support for multiple onward connections in sequence, handling cutthrough connection for all multi-message initiating connections. JH/13 Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by routers. Previously, a multi-recipient message would fail to match the onward-connection opened for the first recipient, and cause its closure. JH/14 Bug 2174: A timeout on connect for a callout was also erroneously seen as a timeout on read on a GnuTLS initiating connection, resulting in the initiating connection being dropped. This mattered most when the callout was marked defer_ok. Fix to keep the two timeout-detection methods separate. HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789) JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc metadata, resulting in a crash in free(). PP/01 Fix broken Heimdal GSSAPI authenticator integration. Broken in f2ed27cf5, missing an equals sign for specified-initialisers. Broken also in d185889f4, with init system revamp. To generate a diff of this commit: cvs rdiff -u -r1.157 -r1.158 pkgsrc/mail/exim/Makefile cvs rdiff -u -r1.67 -r1.68 pkgsrc/mail/exim/distinfo cvs rdiff -u -r1.35 -r1.36 pkgsrc/mail/exim-html/Makefile cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/exim-html/PLIST cvs rdiff -u -r1.28 -r1.29 pkgsrc/mail/exim-html/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/mail/exim/files/Makefile-DragonFly \ pkgsrc/mail/exim/files/os.h-DragonFly @ text @d1 1 a1 1 @@comment $NetBSD$ a150 3 share/doc/exim/html/static/doc/security/CVE-2016-1531.txt share/doc/exim/html/static/doc/security/CVE-2016-9963.txt share/doc/exim/html/static/doc/security/CVE-2018-6789.txt @ 1.15 log @Version 4.87 1. The ACL conditions regex and mime_regex now capture substrings into numeric variables $regex1 to 9, like the "match" expansion condition. 2. New $callout_address variable records the address used for a spam=, malware= or verify= callout. 3. Transports now take a "max_parallel" option, to limit concurrency. 4. Expansion operators ${ipv6norm:} and ${ipv6denorm:}. The latter expands to a 8-element colon-sep set of hex digits including leading zeroes. A trailing ipv4-style dotted-decimal set is converted to hex. Pure ipv4 addresses are converted to IPv4-mapped IPv6. The former operator strips leading zeroes and collapses the longest set of 0-groups to a double-colon. 5. New "-bP config" support, to dump the effective configuration. 6. New $dkim_key_length variable. 7. New base64d and base64 expansion items (the existing str2b64 being a synonym of the latter). Add support in base64 for certificates. 8. New main configuration option "bounce_return_linesize_limit" to avoid oversize bodies in bounces. The dafault value matches RFC limits. 9. New $initial_cwd expansion variable. @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.14 2016/01/11 08:35:31 adam Exp $ d143 1 @ 1.14 log @Match mail/exim version @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.13 2013/10/30 07:30:03 adam Exp $ d15 1 d23 1 d29 1 d127 3 d142 1 @ 1.13 log @Version 4.82 1. New command-line option -bI:sieve will list all supported sieve extensions of this Exim build on standard output, one per line. ManageSieve (RFC 5804) providers managing scripts for use by Exim should query this to establish the correct list to include in the protocol's SIEVE capability line. 2. If the -n option is combined with the -bP option, then the name of an emitted option is not output, only the value (if visible to you). For instance, "exim -n -bP pid_file_path" should just emit a pathname followed by a newline, and no other text. 3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now has a "tls_dh_min_bits" option, to set the minimum acceptable number of bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites) acceptable for security. (Option accepted but ignored if using OpenSSL). Defaults to 1024, the old value. May be lowered only to 512, or raised as far as you like. Raising this may hinder TLS interoperability with other sites and is not currently recommended. Lowering this will permit you to establish a TLS session which is not as secure as you might like. Unless you really know what you are doing, leave it alone. 4. If not built with DISABLE_DNSSEC, Exim now has the main option dns_dnssec_ok; if set to 1 then Exim will initialise the resolver library to send the DO flag to your recursive resolver. If you have a recursive resolver, which can set the Authenticated Data (AD) flag in results, Exim can now detect this. Exim does not perform validation itself, instead relying upon a trusted path to the resolver. Current status: work-in-progress; $sender_host_dnssec variable added. 5. DSCP support for outbound connections: on a transport using the smtp driver, set "dscp = ef", for instance, to cause the connections to have the relevant DSCP (IPv4 TOS or IPv6 TCLASS) value in the header. Similarly for inbound connections, there is a new control modifier, dscp, so "warn control = dscp/ef" in the connect ACL, or after authentication. Supported values depend upon system libraries. "exim -bI:dscp" to list the ones Exim knows of. You can also set a raw number 0..0x3F. 6. The -G command-line flag is no longer ignored; it is now equivalent to an ACL setting "control = suppress_local_fixups". The -L command-line flag is now accepted and forces use of syslog, with the provided tag as the process name. A few other flags used by Sendmail are now accepted and ignored. 7. New cutthrough routing feature. Requested by a "control = cutthrough_delivery" ACL modifier; works for single-recipient mails which are recieved on and deliverable via SMTP. Using the connection made for a recipient verify, if requested before the verify, or a new one made for the purpose while the inbound connection is still active. The bulk of the mail item is copied direct from the inbound socket to the outbound (as well as the spool file). When the source notifies the end of data, the data acceptance by the destination is negociated before the acceptance is sent to the source. If the destination does not accept the mail item, for example due to content-scanning, the item is not accepted from the source and therefore there is no need to generate a bounce mail. This is of benefit when providing a secondary-MX service. The downside is that delays are under the control of the ultimate destination system not your own. The Recieved-by: header on items delivered by cutthrough is generated early in reception rather than at the end; this will affect any timestamp included. The log line showing delivery is recorded before that showing reception; it uses a new ">>" tag instead of "=>". To support the feature, verify-callout connections can now use ESMTP and TLS. The usual smtp transport options are honoured, plus a (new, default everything) hosts_verify_avoid_tls. New variable families named tls_in_cipher, tls_out_cipher etc. are introduced for specific access to the information for each connection. The old names are present for now but deprecated. Not yet supported: IGNOREQUOTA, SIZE, PIPELINING. 8. New expansion operators ${listnamed:name} to get the content of a named list and ${listcount:string} to count the items in a list. 9. New global option "gnutls_allow_auto_pkcs11", defaults false. The GnuTLS rewrite in 4.80 combines with GnuTLS 2.12.0 or later, to autoload PKCS11 modules. For some situations this is desirable, but we expect admin in those situations to know they want the feature. More commonly, it means that GUI user modules get loaded and are broken by the setuid Exim being unable to access files specified in environment variables and passed through, thus breakage. So we explicitly inhibit the PKCS11 initialisation unless this new option is set. Some older OS's with earlier versions of GnuTLS might not have pkcs11 ability, so have also added a build option which can be used to build Exim with GnuTLS but without trying to use any kind of PKCS11 support. Uncomment this in the Local/Makefile: AVOID_GNUTLS_PKCS11=yes 10. The "acl = name" condition on an ACL now supports optional arguments. New expansion item "${acl {name}{arg}...}" and expansion condition "acl {{name}{arg}...}" are added. In all cases up to nine arguments can be used, appearing in $acl_arg1 to $acl_arg9 for the called ACL. Variable $acl_narg contains the number of arguments. If the ACL sets a "message =" value this becomes the result of the expansion item, or the value of $value for the expansion condition. If the ACL returns accept the expansion condition is true; if reject, false. A defer return results in a forced fail. 11. Routers and transports can now have multiple headers_add and headers_remove option lines. The concatenated list is used. 12. New ACL modifier "remove_header" can remove headers before message gets handled by routers/transports. 13. New dnsdb lookup pseudo-type "a+". A sequence of "a6" (if configured), "aaaa" and "a" lookups is done and the full set of results returned. 14. New expansion variable $headers_added with content from ACL add_header modifier (but not yet added to messsage). 15. New 8bitmime status logging option for received messages. Log field "M8S". 16. New authenticated_sender logging option, adding to log field "A". 17. New expansion variables $router_name and $transport_name. Useful particularly for debug_print as -bt commandline option does not require privilege whereas -d does. 18. If built with EXPERIMENTAL_PRDR, per-recipient data responses per a proposed extension to SMTP from Eric Hall. 19. The pipe transport has gained the force_command option, to allow decorating commands from user .forward pipe aliases with prefix wrappers, for instance. 20. Callout connections can now AUTH; the same controls as normal delivery connections apply. 21. Support for DMARC, using opendmarc libs, can be enabled. It adds new options: dmarc_forensic_sender, dmarc_history_file, and dmarc_tld_file. It adds new expansion variables $dmarc_ar_header, $dmarc_status, $dmarc_status_text, and $dmarc_used_domain. It adds a new acl modifier dmarc_status. It adds new control flags dmarc_disable_verify and dmarc_enable_forensic. 22. Add expansion variable $authenticated_fail_id, which is the username provided to the authentication method which failed. It is available for use in subsequent ACL processing (typically quit or notquit ACLs). 23. New ACL modifer "udpsend" can construct a UDP packet to send to a given UDP host and port. 24. New ${hexquote:..string..} expansion operator converts non-printable characters in the string to \xNN form. 25. Experimental TPDA (Transport Post Delivery Action) function added. Patch provided by Axel Rau. 26. Experimental Redis lookup added. Patch provided by Warren Baker. @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.12 2011/01/12 09:26:24 adam Exp $ d60 1 d123 1 @ 1.13.18.1 log @Pullup ticket #4942 - requested by wiedi mail/exim: security fix Revisions pulled up: - mail/exim-html/Makefile 1.30-1.31 - mail/exim-html/PLIST 1.14 - mail/exim-html/distinfo 1.25-1.26 - mail/exim/Makefile 1.142-1.143 - mail/exim/distinfo 1.63-1.64 - mail/exim/patches/patch-aa 1.24 --- Module Name: pkgsrc Committed By: bsiegert Date: Sun Jan 10 20:55:57 UTC 2016 Modified Files: pkgsrc/mail/exim: Makefile distinfo pkgsrc/mail/exim/patches: patch-aa Log Message: Update exim to 4.86. Exim version 4.86 ----------------- JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now expanded. JH/02 The smtp transport option "multi_domain" is now expanded. JH/03 The smtp transport now requests PRDR by default, if the server offers it. JH/04 Certificate name checking on server certificates, when exim is a client, is now done by default. The transport option tls_verify_cert_hostnames can be used to disable this per-host. The build option EXPERIMENTAL_CERTNAMES is withdrawn. JH/05 The value of the tls_verify_certificates smtp transport and main options default to the word "system" to access the system default CA bundle. For GnuTLS, only version 3.0.20 or later. JH/06 Verification of the server certificate for a TLS connection is now tried (but not required) by default. The verification status is now logged by default, for both outbound TLS and client-certificate supplying inbound TLS connections JH/07 Changed the default rfc1413 lookup settings to disable calls. Few sites use this now. JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery Status Notification (bounce) messages are now MIME format per RFC 3464. Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised under the control of the dsn_advertise_hosts option, and routers may have a dsn_lasthop option. JH/09 A timeout of 2 minutes is now applied to all malware scanner types by default, modifiable by a malware= option. The list separator for the options can now be changed in the usual way. Bug 68. JH/10 The smtp_receive_timeout main option is now expanded before use. JH/11 The incoming_interface log option now also enables logging of the local interface on delivery outgoing connections. JH/12 The cutthrough-routing facility now supports multi-recipient mails, if the interface and destination host and port all match. JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a /defer_ok option. JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd. Patch from Andrew Lewis. JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition) now supports optional time-restrictions, weighting, and priority modifiers per server. Patch originally by . JH/16 The spamd_address main option now supports a mixed list of local and remote servers. Remote servers can be IPv6 addresses, and specify a port-range. JH/17 Bug 68: The spamd_address main option now supports an optional timeout value per server. JH/18 Bug 1581: Router and transport options headers_add/remove can now have the list separator specified. JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry option values. JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails under OpenSSL. JH/21 Support for the A6 type of dns record is withdrawn. JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters rather than the verbs used. JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size from 255 to 1024 chars. JH/24 Verification callouts now attempt to use TLS by default. HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains) are generic router options now. The defaults didn't change. JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames. Original patch from Alexander Shikoff, worked over by JH. HS/02 Bug 1575: exigrep falls back to autodetection of compressed files if ZCAT_COMMAND is not executable. JH/26 Bug 1539: Add timout/retry options on dnsdb lookups. JH/27 Bug 286: Support SOA lookup in dnsdb lookups. JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN. Normally benign, it bites when the pair was led to by a CNAME; modern usage is to not canoicalize the domain to a CNAME target (and we were inconsistent anyway for A-only vs AAAA+A). JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards. JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse, when evaluating $sender_host_dnssec. JH/31 Check the HELO verification lookup for DNSSEC, adding new $sender_helo_dnssec variable. JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve. JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log. JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues. JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was documented as working, but never had. Support all but $spam_report. JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command added for tls authenticator. --- Module Name: pkgsrc Committed By: adam Date: Mon Jan 11 08:35:32 UTC 2016 Modified Files: pkgsrc/mail/exim-html: Makefile PLIST distinfo Log Message: Match mail/exim version --- Module Name: pkgsrc Committed By: wiedi Date: Wed Mar 2 20:13:18 UTC 2016 Modified Files: pkgsrc/mail/exim: Makefile distinfo pkgsrc/mail/exim-html: Makefile distinfo Log Message: Update mail/exim and mail/exim-html to 4.86.2 Exim version 4.86.2 ------------------- Portability relase of 4.86.1 Exim version 4.86.1 ------------------- HS/04 Add support for keep_environment and add_environment options. This fixes CVE-2016-1531. All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally *any* user) can gain root privileges. If you do not use 'perl_startup' you *should* be safe. New options ----------- We had to introduce two new configuration options: keep_environment = add_environment = Both options are empty per default. That is, Exim cleans the complete environment on startup. This affects Exim itself and any subprocesses, as transports, that may call other programs via some alias mechanisms, as routers (queryprogram), lookups, and so on. This may affect used libraries (e.g. LDAP). ** THIS MAY BREAK your existing installation ** If both options are not used in the configuration, Exim issues a warning on startup. This warning disappears if at least one of these options is used (even if set to an empty value). keep_environment should contain a list of trusted environment variables. (Do you trust PATH?). This may be a list of names and REs. keep_environment = ^LDAP_ : FOO_PATH To add (or override) variables, you can use add_environment: add_environment = <; PATH=/sbin:/usr/sbin New behaviour ------------- Now Exim changes it's working directory to / right after startup, even before reading it's configuration. (Later Exim changes it's working directory to $spool_directory, as usual.) Exim only accepts an absolute configuration file path now, when using the -C option. @ text @d1 1 a1 1 @@comment $NetBSD$ a59 1 share/doc/exim/html/spec_html/ch-the_tls_authenticator.html a121 1 share/doc/exim/html/spec_html/ch61.html @ 1.12 log @Documentation updated for Exim 4.73. @ text @d1 61 a61 1 @@comment $NetBSD: PLIST,v 1.11 2010/11/08 07:52:46 adam Exp $ d120 2 d123 3 d132 10 @ 1.11 log @Updated documentation to Exim 4.72 @ text @d1 1 a1 5 @@comment $NetBSD: PLIST,v 1.10 2009/06/14 18:04:33 joerg Exp $ share/doc/exim/html/filter-txt.html share/doc/exim/html/filter.html share/doc/exim/html/index.html share/doc/exim/html/spec-txt.html d57 8 d66 1 a66 1 share/doc/exim/html/spec_html/ix01.html @ 1.11.2.1 log @Pullup ticket #3329 - requested by gls mail/exim-html: security update Revisions pulled up: - mail/exim-html/Makefile 1.19 - mail/exim-html/PLIST 1.12 - mail/exim-html/distinfo 1.14 --- Module Name: pkgsrc Committed By: adam Date: Wed Jan 12 07:52:45 UTC 2011 Modified Files: pkgsrc/mail/exim: Makefile distinfo pkgsrc/mail/exim/patches: patch-aa Added Files: pkgsrc/mail/exim/patches: patch-ba patch-bb patch-bc patch-bd Log Message: Changes 4.73: * Date: & Message-Id: revert to normally being appended to a message, only prepend for the Resent-* case. Fixes regression introduced in Exim 4.70 by NM/22 for Bugzilla 607. * Include check_rfc2047_length in configure.default because we're seeing increasing numbers of administrators be bitten by this. * Added DISABLE_DKIM and comment to src/EDITME * Bugzilla 994: added openssl_options main configuration option. * Bugzilla 995: provide better SSL diagnostics on failed reads. * Bugzilla 834: provide a permit_coredump option for pipe transports. * Adjust NTLM authentication to handle SASL Initial Response. * If TLS negotiated an anonymous cipher, we could end up with SSL but without a peer certificate, leading to a segfault because of an assumption that peers always have certificates. Be a little more paranoid. * Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes NB: ClamAV planning to remove STREAM in "middle of 2010". CL also introduces -bmalware, various -d+acl logging additions and more caution in buffer sizes. * Implemented reverse_ip expansion operator. * Bugzilla 937: provide a "debug" ACL control. * Bugzilla 922: Documentation dusting, patch provided by John Horne. * Bugzilla 973: Implement --version. * Bugzilla 752: Refuse to build/run if Exim user is root/0. * Build without WITH_CONTENT_SCAN. Path from Andreas Metzler. * Bugzilla 816: support multiple condition rules on Routers. * Add bool_lax{} expansion operator and use that for combining multiple condition rules, instead of bool{}. Make both bool{} and bool_lax{} ignore trailing whitespace. * prevent non-panic DKIM error from being sent to paniclog * added tcp_wrappers_daemon_name to allow host entries other than "exim" to be used * Fix malware regression for cmdline scanner introduced in PP/08. Notification from Dr Andrew Aitchison. * Change ClamAV response parsing to be more robust and to handle ClamAV's ExtendedDetectionInfo response format. * OpenSSL 1.0.0a compatibility const-ness change, should be backwards compatible. @ text @d1 5 a5 1 @@comment $NetBSD$ a60 8 share/doc/exim/html/spec_html/ch56.html share/doc/exim/html/spec_html/ch57.html share/doc/exim/html/spec_html/ch58.html share/doc/exim/html/spec_html/filter.html share/doc/exim/html/spec_html/filter_ch01.html share/doc/exim/html/spec_html/filter_ch02.html share/doc/exim/html/spec_html/filter_ch03.html share/doc/exim/html/spec_html/filter_toc.xml d62 1 a62 1 share/doc/exim/html/spec_html/index_toc.xml @ 1.10 log @Remove @@dirrm entries from PLISTs @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.9 2008/01/14 18:57:40 adam Exp $ d60 1 @ 1.9 log @Changes 4.69: * Add preliminary DKIM support. * Bugzilla 592: --help option is handled incorrectly if exim is invoked as mailq or other aliases. Changed the --help handling significantly to do whats expected. exim_usage() emits usage/help information. * Added the -bylocaldomain option to eximstats. * Bugzilla 619: Defended against bad data coming back from gethostbyaddr * Bugzilla 613: Documentation fix for acl_not_smtp * Bugzilla 628: PCRE update to 7.4 (work done by John Hall) @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.8 2007/09/05 10:36:43 rillig Exp $ a61 2 @@dirrm share/doc/exim/html/spec_html @@dirrm share/doc/exim/html @ 1.8 log @Updated the exim documentation to 4.67. @ text @d1 2 a2 1 @@comment $NetBSD: PLIST,v 1.7 2005/05/17 17:06:12 abs Exp $ d5 1 a5 2 share/doc/exim/html/pcrepattern.html share/doc/exim/html/pcretest.html @ 1.7 log @Update exim from 4.44 to 4.51. The main change is the incorporation of the content scanning from the exiscan patch. (There are over 650 lines of Changes) Retire exim-exiscan Update exim-html from 4.40 to 4.50 @ text @d1 63 a63 145 @@comment $NetBSD: PLIST,v 1.6 2004/10/07 17:29:16 abs Exp $ share/doc/html/exim/C002.txt share/doc/html/exim/C006.txt share/doc/html/exim/C022.txt share/doc/html/exim/C037.txt share/doc/html/exim/C042.txt share/doc/html/exim/C043.txt share/doc/html/exim/C044.txt share/doc/html/exim/C045.txt share/doc/html/exim/C046.txt share/doc/html/exim/C047.txt share/doc/html/exim/C049.txt share/doc/html/exim/C050.txt share/doc/html/exim/C051.txt share/doc/html/exim/F001.txt share/doc/html/exim/F002.txt share/doc/html/exim/F003.txt share/doc/html/exim/F004.txt share/doc/html/exim/FAQ-KWIC_A.html share/doc/html/exim/FAQ-KWIC_B.html share/doc/html/exim/FAQ-KWIC_C.html share/doc/html/exim/FAQ-KWIC_D.html share/doc/html/exim/FAQ-KWIC_E.html share/doc/html/exim/FAQ-KWIC_F.html share/doc/html/exim/FAQ-KWIC_G.html share/doc/html/exim/FAQ-KWIC_H.html share/doc/html/exim/FAQ-KWIC_I.html share/doc/html/exim/FAQ-KWIC_K.html share/doc/html/exim/FAQ-KWIC_L.html share/doc/html/exim/FAQ-KWIC_M.html share/doc/html/exim/FAQ-KWIC_N.html share/doc/html/exim/FAQ-KWIC_O.html share/doc/html/exim/FAQ-KWIC_P.html share/doc/html/exim/FAQ-KWIC_Q.html share/doc/html/exim/FAQ-KWIC_R.html share/doc/html/exim/FAQ-KWIC_S.html share/doc/html/exim/FAQ-KWIC_T.html share/doc/html/exim/FAQ-KWIC_U.html share/doc/html/exim/FAQ-KWIC_V.html share/doc/html/exim/FAQ-KWIC_W.html share/doc/html/exim/FAQ-KWIC_X.html share/doc/html/exim/FAQ-KWIC_Y.html share/doc/html/exim/FAQ-KWIC_Z.html share/doc/html/exim/FAQ.html share/doc/html/exim/FAQ_0.html share/doc/html/exim/FAQ_1.html share/doc/html/exim/FAQ_10.html share/doc/html/exim/FAQ_11.html share/doc/html/exim/FAQ_12.html share/doc/html/exim/FAQ_13.html share/doc/html/exim/FAQ_14.html share/doc/html/exim/FAQ_15.html share/doc/html/exim/FAQ_16.html share/doc/html/exim/FAQ_17.html share/doc/html/exim/FAQ_18.html share/doc/html/exim/FAQ_19.html share/doc/html/exim/FAQ_2.html share/doc/html/exim/FAQ_20.html share/doc/html/exim/FAQ_21.html share/doc/html/exim/FAQ_22.html share/doc/html/exim/FAQ_23.html share/doc/html/exim/FAQ_24.html share/doc/html/exim/FAQ_25.html share/doc/html/exim/FAQ_26.html share/doc/html/exim/FAQ_27.html share/doc/html/exim/FAQ_28.html share/doc/html/exim/FAQ_3.html share/doc/html/exim/FAQ_4.html share/doc/html/exim/FAQ_5.html share/doc/html/exim/FAQ_6.html share/doc/html/exim/FAQ_7.html share/doc/html/exim/FAQ_8.html share/doc/html/exim/FAQ_9.html share/doc/html/exim/L001.txt share/doc/html/exim/S001.txt share/doc/html/exim/S002.txt share/doc/html/exim/filter_0.html share/doc/html/exim/filter_1.html share/doc/html/exim/filter_2.html share/doc/html/exim/filter_3.html share/doc/html/exim/filter_toc.html share/doc/html/exim/index.html share/doc/html/exim/pcrepattern.html share/doc/html/exim/pcretest.html share/doc/html/exim/relaying.gif share/doc/html/exim/routing.gif share/doc/html/exim/spec.html share/doc/html/exim/spec_1.html share/doc/html/exim/spec_10.html share/doc/html/exim/spec_11.html share/doc/html/exim/spec_12.html share/doc/html/exim/spec_13.html share/doc/html/exim/spec_14.html share/doc/html/exim/spec_15.html share/doc/html/exim/spec_16.html share/doc/html/exim/spec_17.html share/doc/html/exim/spec_18.html share/doc/html/exim/spec_19.html share/doc/html/exim/spec_2.html share/doc/html/exim/spec_20.html share/doc/html/exim/spec_21.html share/doc/html/exim/spec_22.html share/doc/html/exim/spec_23.html share/doc/html/exim/spec_24.html share/doc/html/exim/spec_25.html share/doc/html/exim/spec_26.html share/doc/html/exim/spec_27.html share/doc/html/exim/spec_28.html share/doc/html/exim/spec_29.html share/doc/html/exim/spec_3.html share/doc/html/exim/spec_30.html share/doc/html/exim/spec_31.html share/doc/html/exim/spec_32.html share/doc/html/exim/spec_33.html share/doc/html/exim/spec_34.html share/doc/html/exim/spec_35.html share/doc/html/exim/spec_36.html share/doc/html/exim/spec_37.html share/doc/html/exim/spec_38.html share/doc/html/exim/spec_39.html share/doc/html/exim/spec_4.html share/doc/html/exim/spec_40.html share/doc/html/exim/spec_41.html share/doc/html/exim/spec_42.html share/doc/html/exim/spec_43.html share/doc/html/exim/spec_44.html share/doc/html/exim/spec_45.html share/doc/html/exim/spec_46.html share/doc/html/exim/spec_47.html share/doc/html/exim/spec_48.html share/doc/html/exim/spec_49.html share/doc/html/exim/spec_5.html share/doc/html/exim/spec_50.html share/doc/html/exim/spec_51.html share/doc/html/exim/spec_52.html share/doc/html/exim/spec_53.html share/doc/html/exim/spec_6.html share/doc/html/exim/spec_7.html share/doc/html/exim/spec_8.html share/doc/html/exim/spec_9.html share/doc/html/exim/spec_cindex.html share/doc/html/exim/spec_oindex.html share/doc/html/exim/spec_toc.html share/doc/html/exim/spectop.html @@dirrm share/doc/html/exim @ 1.6 log @Update exim to 4.43 from 4.42 Update exim-exiscan to 4.43_28 from 4.42_27 Update exim-html to 4.40 from 4.30 exim-exiscan: 28 - Added F-Secure support, thanks to Johan Thelmen . - Upgraded SRS support to libsrs_alt 0.5 via Miles Wilton's patch. - REMOVED exiscan-acl implementation of custom header placement in favor of Philip Hazel's native implementation. However, a new option option was added for it to mimic the behaviour of the old header_pos_middle option. Read section 10 of exiscan-acl-spec.txt. exim: 1. Fixed a longstanding but relatively impotent bug: a long time ago, before PIPELINING, the function smtp_write_command() used to return TRUE or FALSE. Now it returns an integer. A number of calls were still expecting a T/F return. Fortuitously, in all cases, the tests worked in OK situations, which is the norm. However, things would have gone wrong on any write failures on the smtp file descriptor. This function is used when sending messages over SMTP and also when doing verify callouts. 2. When Exim is called to do synchronous delivery of a locally submitted message (the -odf or -odi options), it no longer closes stderr before doing the delivery. 3. Implemented the mua_wrapper option. 4. Implemented mx_fail_domains and srv_fail_domains for the dnslookup router. 5. Implemented the functions header_remove(), header_testname(), header_add_at_position(), and receive_remove_recipient(), and exported them to local_scan(). 6. If an ACL "warn" statement specified the addition of headers, Exim already inserted X-ACL-Warn: at the start if there was no header name. However, it was not making this test for the second and subsequent header lines if there were newlines in the string. This meant that an invalid header could be inserted if Exim was badly configured. 7. Allow an ACL "warn" statement to add header lines at the start or after all the Received: headers, as well as at the end. 8. Added the rcpt_4xx retry error code. 9. Added postmaster_mailfrom=xxx to callout verification option. 10. Added mailfrom=xxxx to the callout verification option, for verify= header_sender only. 11. ${substr_1_:xxxx} and ${substr__3:xxxx} are now diagnosed as syntax errors (they previously behaved as ${substr_1_0:xxxx} and ${substr:_0_3:xxxx}). 12. Inserted some casts to stop certain compilers warning when using pointer differences as field lengths or precisions in printf-type calls (mostly affecting debugging statements). 13. Added optional readline() support for -be (dynamically loaded). 14. Obscure bug fix: if a message error (e.g. 4xx to MAIL) happened within the same clock tick as a message's arrival, so that its received time was the same as the "first fail" time on the retry record, and that message remained on the queue past the ultimate address timeout, every queue runner would try a delivery (because it was past the ultimate address timeout) but after another failure, the ultimate address timeout, which should have then bounced the address, did not kick in. This was a "< instead of <=" error; in most cases the first failure would have been in the next clock tick after the received time, and all would be well. 15. The special items beginning with @@ in domain lists (e.g. @@mx_any) were not being recognized when the domain list was tested by the match_domain condition in an expansion string. 16. Added the ${str2b64: operator. 17. Exim was always calling setrlimit() to set a large limit for the number of processes, without checking whether the existing limit was already adequate. (It did check for the limit on file descriptors.) Furthermore, 18. Imported PCRE 5.0. 19. Trivial typo in log message " temporarily refused connection" (the leading space). 20. If the log selector return_path_on_delivery was set and an address was redirected to /dev/null, the delivery process crashed because it assumed that a return path would always be set for a "successful" delivery. In this case, the whole delivery is bypassed as an optimization, and therefore no return path is set. 21. Internal re-arrangement: the function for sending a challenge and reading a response while authentication was assuming a zero-terminated challenge string. It's now changed to take a pointer and a length, to allow for binary data in such strings. 22. Added the cyrus_sasl authenticator (code supplied by MBM). 23. Exim was not respecting finduser_retries when seeking the login of the uid under which it was called; it was always trying 10 times. (The default setting of finduser_retries is zero.) Also, it was sleeping after the final failure, which is pointless. 24. Implemented tls_on_connect_ports. 25. Implemented acl_smtp_predata. 26. If the domain in control=submission is set empty, Exim assumes that the authenticated id is a complete email address when it generates From: or Sender: header lines. 27. Added "#define SOCKLEN_T int" to OS/os.h-SCO and OS/os.h-SCO_SV. Also added definitions to OS/Makefile-SCO and OS/Makefile-SCO_SV that put basename, chown and chgrp in /bin and hostname in /usr/bin. 28. Exim was keeping the "process log" file open after each use, just as it does for the main log. This opens the possibility of it remaining open for long periods when the USR1 signal hits a daemon. Occasional processlog errors were reported, that could have been caused by this. Anyway, it seems much more sensible not to leave this file open at all, so that is what now happens. 29. The long-running daemon process does not normally write to the log once it has entered its main loop, and it closes the log before doing so. This is so that log files can straightforwardly be renamed and moved. However, there are a couple of unusual error situations where the daemon does write log entries, and I had neglected to close the log afterwards. 30. The text of an SMTP error response that was received during a remote delivery was being truncated at 512 bytes. This is too short for some of the long messages that one sometimes sees. I've increased the limit to 1024. 31. It is now possible to make retry rules that apply only when a message has a specific sender, in particular, an empty sender. 32. Added "control = enforce_sync" and "control = no_enforce_sync". This makes it possible to be selective about when SMTP synchronization is enforced. 33. Added "control = caseful_local_part" and "control = "caselower_local_part". 32. Implemented hosts_connection_nolog. 33. Added an ACL for QUIT. 34. Setting "delay_warning=" to disable warnings was not working; it gave a syntax error. 35. Added mailbox_size and mailbox_filecount to appendfile. 36. Added control = no_multiline_responses to ACLs. 37. There was a bug in the logic of the code that waits for the clock to tick in the case where the clock went backwards by a substantial amount such that the microsecond fraction of "now" was more than the microsecond fraction of "then" (but the whole seconds number was less). 38. Added support for the libradius Radius client library this is found on FreeBSD (previously only the radiusclient library was supported). @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.5 2004/05/07 18:08:29 abs Exp $ d14 1 d134 3 @ 1.5 log @Commit PLIST missed in 4.20 -> 4.30 change @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.4 2003/09/02 12:16:19 abs Exp $ a11 1 share/doc/html/exim/C048.txt d13 1 d74 2 @ 1.4 log @Update exim-html to 4.20 (latest copy of exim html docs) @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.3 2002/12/09 11:40:49 ad Exp $ d11 3 d74 1 a74 1 share/doc/html/exim/filter.html a75 10 share/doc/html/exim/filter_10.html share/doc/html/exim/filter_11.html share/doc/html/exim/filter_12.html share/doc/html/exim/filter_13.html share/doc/html/exim/filter_14.html share/doc/html/exim/filter_15.html share/doc/html/exim/filter_16.html share/doc/html/exim/filter_17.html share/doc/html/exim/filter_18.html share/doc/html/exim/filter_19.html a76 10 share/doc/html/exim/filter_20.html share/doc/html/exim/filter_21.html share/doc/html/exim/filter_22.html share/doc/html/exim/filter_23.html share/doc/html/exim/filter_24.html share/doc/html/exim/filter_25.html share/doc/html/exim/filter_26.html share/doc/html/exim/filter_27.html share/doc/html/exim/filter_28.html share/doc/html/exim/filter_29.html a77 10 share/doc/html/exim/filter_30.html share/doc/html/exim/filter_31.html share/doc/html/exim/filter_32.html share/doc/html/exim/filter_33.html share/doc/html/exim/filter_4.html share/doc/html/exim/filter_5.html share/doc/html/exim/filter_6.html share/doc/html/exim/filter_7.html share/doc/html/exim/filter_8.html share/doc/html/exim/filter_9.html d130 1 @ 1.3 log @Update to exim-html-4.10. Provied by dawszy at arhea.net in pkg/19231. @ text @d1 1 a1 1 @@comment $NetBSD$ d7 4 d62 1 d98 1 d107 1 a107 1 share/doc/html/exim/pcre.html @ 1.2 log @Update exim-html to 4.0, to match exim. @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.1 2001/11/01 00:59:58 zuntum Exp $ d6 1 d57 1 d65 1 d101 2 @ 1.1 log @Move pkg/ files into package's toplevel directory @ text @d1 62 a62 2 @@comment $NetBSD: PLIST,v 1.1.1.1 2001/07/11 13:21:07 ad Exp $ share/doc/html/exim/drivers.gif a89 2 share/doc/html/exim/filter_33.html share/doc/html/exim/filter_34.html d97 1 a97 1 share/doc/html/exim/oview.html d99 1 a145 10 share/doc/html/exim/spec_50.html share/doc/html/exim/spec_51.html share/doc/html/exim/spec_52.html share/doc/html/exim/spec_53.html share/doc/html/exim/spec_54.html share/doc/html/exim/spec_55.html share/doc/html/exim/spec_56.html share/doc/html/exim/spec_57.html share/doc/html/exim/spec_58.html share/doc/html/exim/spec_59.html d151 1 a151 1 share/doc/html/exim/spec_findex.html @ 1.1.2.1 log @Merge from pkgsrc-current to buildlink2 branch. @ text @d1 2 a2 62 @@comment $NetBSD: PLIST,v 1.2 2002/06/19 16:10:51 ad Exp $ share/doc/html/exim/C002.txt share/doc/html/exim/C006.txt share/doc/html/exim/C022.txt share/doc/html/exim/C037.txt share/doc/html/exim/F001.txt share/doc/html/exim/F002.txt share/doc/html/exim/F003.txt share/doc/html/exim/F004.txt share/doc/html/exim/FAQ-KWIC_A.html share/doc/html/exim/FAQ-KWIC_B.html share/doc/html/exim/FAQ-KWIC_C.html share/doc/html/exim/FAQ-KWIC_D.html share/doc/html/exim/FAQ-KWIC_E.html share/doc/html/exim/FAQ-KWIC_F.html share/doc/html/exim/FAQ-KWIC_G.html share/doc/html/exim/FAQ-KWIC_H.html share/doc/html/exim/FAQ-KWIC_I.html share/doc/html/exim/FAQ-KWIC_K.html share/doc/html/exim/FAQ-KWIC_L.html share/doc/html/exim/FAQ-KWIC_M.html share/doc/html/exim/FAQ-KWIC_N.html share/doc/html/exim/FAQ-KWIC_O.html share/doc/html/exim/FAQ-KWIC_P.html share/doc/html/exim/FAQ-KWIC_Q.html share/doc/html/exim/FAQ-KWIC_R.html share/doc/html/exim/FAQ-KWIC_S.html share/doc/html/exim/FAQ-KWIC_T.html share/doc/html/exim/FAQ-KWIC_U.html share/doc/html/exim/FAQ-KWIC_V.html share/doc/html/exim/FAQ-KWIC_W.html share/doc/html/exim/FAQ-KWIC_X.html share/doc/html/exim/FAQ-KWIC_Y.html share/doc/html/exim/FAQ-KWIC_Z.html share/doc/html/exim/FAQ.html share/doc/html/exim/FAQ_0.html share/doc/html/exim/FAQ_1.html share/doc/html/exim/FAQ_10.html share/doc/html/exim/FAQ_11.html share/doc/html/exim/FAQ_12.html share/doc/html/exim/FAQ_13.html share/doc/html/exim/FAQ_14.html share/doc/html/exim/FAQ_15.html share/doc/html/exim/FAQ_16.html share/doc/html/exim/FAQ_17.html share/doc/html/exim/FAQ_18.html share/doc/html/exim/FAQ_19.html share/doc/html/exim/FAQ_2.html share/doc/html/exim/FAQ_20.html share/doc/html/exim/FAQ_21.html share/doc/html/exim/FAQ_22.html share/doc/html/exim/FAQ_23.html share/doc/html/exim/FAQ_24.html share/doc/html/exim/FAQ_25.html share/doc/html/exim/FAQ_26.html share/doc/html/exim/FAQ_3.html share/doc/html/exim/FAQ_4.html share/doc/html/exim/FAQ_5.html share/doc/html/exim/FAQ_6.html share/doc/html/exim/FAQ_7.html share/doc/html/exim/FAQ_8.html share/doc/html/exim/FAQ_9.html d30 2 d39 1 a39 1 share/doc/html/exim/index.html a40 1 share/doc/html/exim/routing.gif d87 10 d102 1 a102 1 share/doc/html/exim/spec_oindex.html @