Update to 4.83.

Changes in the port:
- Added new options:
 * DNSSEC: validate peers using TLSA records
 * PRDR: Per-Recipient-Data-Response support
 * CERTNAMES: Check certiticates ownership
 * DSN: Delivery Status Notifications
 * PROXY: Experimental Proxy Protocol
- Enable OCSP stapling by default
- Disable NIS by default
- SRS support is now radio group
- DNSSEC and PRDR are now enabled by default

Changes in exim itself:
This release contains the following enhancements and bugfixes:
+ PRDR was promoted from Experimental to mainline
+ OCSP Stapling was promoted from Experimental to mainline
+ new Experimental feature Proxy Protocol
+ new Experimental feature DSN (Delivery Status Notifications)
+ TLS session improvements
+ TLS SNI fixes
+ LDAP enhancements
+ DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy
+ several new operations (listextract, utf8clean, md5, sha1)
+ enforce header formatting with verify=header_names_ascii
+ new commandline option -oMm
+ new TLSA dns lookup
+ new malware "sock" type
+ cutthrough routing enhancements
+ logging enhancements
+ DNSSEC enhancements
+ exiqgrep enhancements
+ deprecating non-standard SPF results
+ build and portability fixes
+ documentation fixes and enhancements

Uncompatible changes:
This release of Exim includes one incompatible fix: the behavior of
expansion of arguments to math comparison functions (<, <=, =, =>, >)
was unexpected, expanding the values twice. This fix also addresses a
security advisory, CVE-2014-2972. This is not a remote exploit, but if
content that is searched by the above math comparison functions is under
the control of an attacker, specially crafted data can be inserted that
will cause the Exim mail server to perform various file-system functions
as the exim user.

5 files changed, 51 insertions, 24 deletions

diff --git a/mail/exim-doc-html/Makefile b/mail/exim-doc-html/Makefile
index 0e0d651873a3..cdf6fbc01e3d 100644
--- a/mail/exim-doc-html/Makefile
+++ b/mail/exim-doc-html/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	exim
-PORTVERSION=	4.82.1
+PORTVERSION=	4.83
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_EXIM:S/$/:exim/}
 MASTER_SITE_SUBDIR=	exim4/:exim
diff --git a/mail/exim-doc-html/distinfo b/mail/exim-doc-html/distinfo
index 80f67147bd00..15688c5f2783 100644
--- a/mail/exim-doc-html/distinfo
+++ b/mail/exim-doc-html/distinfo
@@ -1,6 +1,6 @@
-SHA256 (exim/exim-html-4.82.1.tar.bz2) = 81d0237cff64b259d47c758d5c82da93bd2e7b8ce048974d53d90e597eee122e
-SIZE (exim/exim-html-4.82.1.tar.bz2) = 458569
-SHA256 (exim/exim-pdf-4.82.1.tar.bz2) = 2e3705504f22633a14d417ffcb72c6beddc2f142e38ff4f01394b83ae583ff42
-SIZE (exim/exim-pdf-4.82.1.tar.bz2) = 1835284
-SHA256 (exim/exim-postscript-4.82.1.tar.bz2) = f9c69153b1da3ef854c73ac98ec5bcef842438c5630819bc2287dec869bd039d
-SIZE (exim/exim-postscript-4.82.1.tar.bz2) = 1008574
+SHA256 (exim/exim-html-4.83.tar.bz2) = d7b38922f2aedd9eb4db7aa0e1e1c0fcd948777a4c8bac7971eaf4b2959bf0de
+SIZE (exim/exim-html-4.83.tar.bz2) = 464789
+SHA256 (exim/exim-pdf-4.83.tar.bz2) = 478fca2c13fbda403fb0c373dc61e82aa434e7167c0341f24b83195afd294b82
+SIZE (exim/exim-pdf-4.83.tar.bz2) = 1856787
+SHA256 (exim/exim-postscript-4.83.tar.bz2) = 7f8ef825a832debdab54173bfb4e86acaaa6eb139a64e8b87a785183354375cf
+SIZE (exim/exim-postscript-4.83.tar.bz2) = 1019858
diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index 9aa8e8387547..ae86747dba11 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -3,7 +3,6 @@
 
 PORTNAME=	exim
 PORTVERSION?=	${EXIM_VERSION}
-PORTREVISION=	7
 CATEGORIES=	mail ipv6
 MASTER_SITES=	${MASTER_SITE_EXIM:S/$/:exim/}
 MASTER_SITE_SUBDIR=	exim4/:exim
@@ -75,7 +74,7 @@ IGNORE=	You cannot enable OCSP stapling with gnutls
 .endif
 
 # DMARC implies SPF
-.if ${PORT_OPTIONS:MOCSP}
+.if ${PORT_OPTIONS:MDMARC}
 .if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM}
 IGNORE=	You cannot enable DMARC without SPF and DKIM support
 .endif
@@ -93,7 +92,7 @@ MASTER_SITES+=	ftp://ftp.renatasystems.org/pub/FreeBSD/ports/distfiles/:so_1024
 DISTFILES+=	spamooborona1024-src-${SO_1024_VERSION}.tar.gz:so_1024
 .endif
 
-EXIM_VERSION=	4.82.1
+EXIM_VERSION=	4.83
 SA_EXIM_VERSION=4.2
 SO_1024_VERSION=3.2
 EXIM_INSTALL_ARG+=	"-no_chown" "-no_symlink"
@@ -199,8 +198,28 @@ SEDLIST+=	-e 's,^\# (EXPAND_LISTMATCH_RHS=),\1,'
 SEDLIST+=	-e 's,^\# (EXPERIMENTAL_DCC=),\1,'
 .endif
 
-.if ${PORT_OPTIONS:MOCSP}
-SEDLIST+=	-e 's,^\# (EXPERIMENTAL_OCSP=),\1,'
+.if ${PORT_OPTIONS:MPROXY}
+SEDLIST+=	-e 's,^\# (EXPERIMENTAL_PROXY=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MCERTNAMES}
+SEDLIST+=	-e 's,^\# (EXPERIMENTAL_CERTNAMES=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MDSN}
+SEDLIST+=	-e 's,^\# (EXPERIMENTAL_DSN=),\1,'
+.endif
+
+.if !${PORT_OPTIONS:MPRDR}
+SEDLIST+=	-e 's,^\# (DISABLE_PRDR=),\1,'
+.endif
+
+.if !${PORT_OPTIONS:MOCSP}
+SEDLIST+=	-e 's,^\# (DISABLE_OCSP=),\1,'
+.endif
+
+.if !${PORT_OPTIONS:MDNSSEC}
+SEDLIST+=	-e 's,^\# (DISABLE_DNSSEC=),\1,'
 .endif
 
 .if ${PORT_OPTIONS:MDMARC}
@@ -210,7 +229,6 @@ SEDLIST+= -e 's,XX_DMARC_LIBS_XX,-L${LOCALBASE}/lib -lopendmarc,' \
 SEDLIST+= -e 's,XX_DMARC_LIBS_XX,,'
 .endif
 
-
 .if ${PORT_OPTIONS:MWISHLIST}
 EXTRA_PATCHES+=	`${FIND} ${PATCHDIR} -name 'wishlist-*.patch'`
 .endif
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index 750ee94c2a1e..3c9ca47bf80b 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,5 +1,5 @@
-SHA256 (exim/exim-4.82.1.tar.bz2) = 51798cead70b9ca03df88afb63f7a0cabedee8ef82c02bd18d67591c08b14500
-SIZE (exim/exim-4.82.1.tar.bz2) = 1722912
+SHA256 (exim/exim-4.83.tar.bz2) = efa031b89ffb2ab844a4bf9d3a5d7ca4d587d82b62ae233d68c4f26e079a6a02
+SIZE (exim/exim-4.83.tar.bz2) = 1761169
 SHA256 (exim/sa-exim-4.2.tar.gz) = 72e0a735547f18b05785e6c58a71d24623858f0f5234a5dc0e24cb453999e99a
 SIZE (exim/sa-exim-4.2.tar.gz) = 66575
 SHA256 (exim/spamooborona1024-src-3.2.tar.gz) = ab22a430f3860460045f6b213c68c89700a0cd10cbb6c7a808ece326c53787ee
diff --git a/mail/exim/options b/mail/exim/options
index 029f3f1984de..71a2b03af182 100644
--- a/mail/exim/options
+++ b/mail/exim/options
@@ -1,11 +1,10 @@
 OPTIONS_DEFINE+=	ALT_CONFIG_PREFIX \
 			CONTENT_SCAN \
 			DAEMON \
-			DCC \
 			DEBUG \
 			DISABLE_D_OPT \
 			DKIM \
-			DMARC \
+			DNSSEC \
 			DOCS \
 			EMBEDDED_PERL \
 			EXIMON \
@@ -13,12 +12,11 @@ OPTIONS_DEFINE+=	ALT_CONFIG_PREFIX \
 			IPV6 \
 			LISTMATCH_RHS \
 			LMTP \
+			NIS \
 			OCSP \
 			OLD_DEMIME \
+			PRDR \
 			READLINE \
-			SPF \
-			SRS \
-			SRS_ALT \
 			SUID \
 			TCP_WRAPPERS \
 			WISHLIST \
@@ -33,6 +31,7 @@ OPTIONS_DEFAULT+=	AUTH_CRAM_MD5 \
 			DISABLE_D_OPT \
 			DKIM \
 			DNSDB \
+			DNSSEC \
 			DSEARCH \
 			EMBEDDED_PERL \
 			ICONV \
@@ -41,10 +40,11 @@ OPTIONS_DEFAULT+=	AUTH_CRAM_MD5 \
 			MAILDIR \
 			MAILSTORE \
 			MBX \
-			NIS \
+			OCSP \
 			OLD_DEMIME \
 			PAM \
 			PASSWD \
+			PRDR \
 			SUID \
 			TLS
 
@@ -52,7 +52,9 @@ OPTIONS_RADIO_TLS=	TLS GNUTLS
 TLS_DESC=	TLS support
 OPTIONS_RADIO_LS=	SA_EXIM SO_1024 KAS
 LS_DESC=	Local scan patch
-OPTIONS_RADIO=	TLS LS
+OPTIONS_RADIO_SRSR=	SRS SRS_ALT
+SRSR_DESC=	Sender Rewriting Scheme
+OPTIONS_RADIO=	TLS LS SRSR
 
 OPTIONS_GROUP_AUTH=	AUTH_CRAM_MD5 AUTH_DOVECOT AUTH_PLAINTEXT AUTH_RADIUS AUTH_SASL AUTH_SPA SASLAUTHD PAM PASSWD
 AUTH_DESC=	SMTP Authorization
@@ -60,7 +62,9 @@ OPTIONS_GROUP_LOOKUP=	CDB BDB DNSDB DSEARCH LSEARCH MYSQL NIS OPENLDAP PGSQL RED
 LOOKUP_DESC=	Lookup support
 OPTIONS_GROUP_STORAGE=	MAILDIR MAILSTORE MBX
 STORAGE_DESC=	Supported storage formats
-OPTIONS_GROUP=	AUTH LOOKUP STORAGE
+OPTIONS_GROUP_EXPERIMENTAL= CERTNAMES DCC DMARC DSN PROXY SPF
+EXPERIMENTAL_DESC=	Experimental options
+OPTIONS_GROUP=	AUTH LOOKUP STORAGE EXPERIMENTAL
 
 ALT_CONFIG_PREFIX_DESC=	Restrict the set of configuration files
 AUTH_CRAM_MD5_DESC=	Enable CRAM-MD5 authentication mechanisms
@@ -69,6 +73,8 @@ AUTH_PLAINTEXT_DESC=	Enable plaintext authentication
 AUTH_RADIUS_DESC=	Enable radius (RFC 2865) authentication
 AUTH_SASL_DESC=		Enable use of Cyrus SASL auth library
 AUTH_SPA_DESC=		Enable Secure Password Authentication
+CERTNAMES_DESC=		Check certiticates ownership
+DSN_DESC=		Enable Delivery Status Notifications
 BDB_DESC=		Enable Berkeley DB lookups
 CDB_DESC=		Enable CDB-style lookups
 CONTENT_SCAN_DESC=	Enable exiscan email content scanner
@@ -78,6 +84,7 @@ DISABLE_D_OPT_DESC=	Disable macros overrides using option -D
 DKIM_DESC=		Enable support for DKIM
 DMARC_DESC=		Enable DMARC support
 DNSDB_DESC=		Enable DNS-style lookups
+DNSSEC_DESC=	Enable DNSSEC validation
 DSEARCH_DESC=		Enable directory-list lookups
 EMBEDDED_PERL_DESC=	Enable embedded Perl interpreter
 EXIMON_DESC=		Build eximon monitor (requires X libraries)
@@ -97,8 +104,10 @@ OCSP_DESC=		Enable OCSP stapling
 PAM_DESC=		Enable PAM authentication mechanisms
 PASSWD_DESC=		Enable /etc/passwd lookups
 PGSQL_DESC=		Enable postgresql lookups
+PRDR_DESC=		Enable Per-Recipient-Data-Response support
+PROXY_DESC=		Enable Experimental Proxy Protocol
 READLINE_DESC=		Enable readline(3) library
-REDIS_DESC=		Enable redis lookups
+REDIS_DESC=		Enable redis lookups (experimental)
 SASLAUTHD_DESC=		Enable use of Cyrus SASL auth daemon
 SA_EXIM_DESC=		Build with Spamassassin local scan
 SO_1024_DESC=		Build with Spamooborona-1024 local scan