6 files changed, 91 insertions, 36 deletions
diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index 5e9acb4e1b0c..b4deae79b01a 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -7,7 +7,6 @@
 
 PORTNAME=	exim
 PORTVERSION?=	${EXIM_VERSION}
-PORTREVISION=	1
 CATEGORIES=	mail ipv6
 MASTER_SITES=	${MASTER_SITE_EXIM:S/$/:exim/}
 MASTER_SITE_SUBDIR=	exim4/:exim
@@ -79,7 +78,7 @@ PLIST_SUB+=	SO_1024=""
 PLIST_SUB+=	SO_1024="@comment "
 .endif
 
-EXIM_VERSION=	4.77
+EXIM_VERSION=	4.80
 SA_EXIM_VERSION=4.2
 SO_1024_VERSION=3.2
 
@@ -167,6 +166,10 @@ WITH_DEFAULT_CHARSET?=	ISO-8859-1
 
 LIB_DEPENDS+=	pcre.1:${PORTSDIR}/devel/pcre
 
+.if defined(WITHOUT_DKIM)
+SEDLIST+=	-e 's,^\# (DISABLE_DKIM=),\1,'
+.endif
+
 .if defined(WITH_LISTMATCH_RHS)
 SEDLIST+=	-e 's,^\# (EXPAND_LISTMATCH_RHS=),\1,'
 .endif
@@ -210,10 +213,15 @@ PLIST_SUB+=	EXIMON="@comment "
 .endif
 
 .if !defined(WITHOUT_TLS)
-.include "${PORTSDIR}/Mk/bsd.openssl.mk"
 SEDLIST+=	-e 's,^\# (SUPPORT_TLS=),\1,'
+.if !defined(WITH_GNUTLS)
+.include "${PORTSDIR}/Mk/bsd.openssl.mk"
+SEDLIST+=	-e 's,^\# (TLS_LIBS=.*-lssl[[:space:]]),\1,'
 .else
-SEDLIST+=	-e 's,^(TLS_LIBS=),\# \1,'
+LIB_DEPENDS+=	gnutls:${PORTSDIR}/security/gnutls
+SEDLIST+=	-e 's,^\# (USE_GNUTLS=),\1,'
+SEDLIST+=	-e 's,^\# (TLS_LIBS=.*-lgnutls[[:space:]]),\1,'
+.endif
 .endif
 
 .if !defined(WITHOUT_EMBEDDED_PERL)
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index 8f4c5dc612d1..69a1ee5a7ec6 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,5 +1,5 @@
-SHA256 (exim/exim-4.77.tar.bz2) = 0ccc13cf2f052b1163fcdf71c55a3578765050848ba413a6473d3ab5d20b1475
-SIZE (exim/exim-4.77.tar.bz2) = 1576148
+SHA256 (exim/exim-4.80.tar.bz2) = 787b6defd37fa75311737bcfc42e9e2b2cc62c5d027eed35bb7d800b2d9a0984
+SIZE (exim/exim-4.80.tar.bz2) = 1649827
 SHA256 (exim/sa-exim-4.2.tar.gz) = 72e0a735547f18b05785e6c58a71d24623858f0f5234a5dc0e24cb453999e99a
 SIZE (exim/sa-exim-4.2.tar.gz) = 66575
 SHA256 (exim/spamooborona1024-src-3.2.tar.gz) = ab22a430f3860460045f6b213c68c89700a0cd10cbb6c7a808ece326c53787ee
diff --git a/mail/exim/files/patch-pass-fd-to-tcpwrappers b/mail/exim/files/patch-pass-fd-to-tcpwrappers
new file mode 100644
index 000000000000..46156f260c98
--- /dev/null
+++ b/mail/exim/files/patch-pass-fd-to-tcpwrappers
@@ -0,0 +1,37 @@
+This patch passes output filedescriptor argument (stdout in the
+case of SMTP sessions) to the tcp_wrappers code in order to allow
+statements like 'twist' (that output anything instead of the daemon)
+to work.  Bare hosts_ctl() is too dumb to handle such usage of tcp
+wrappers.
+
+--- src/smtp_in.c.orig	2012-06-28 19:52:46.000000000 +0400
++++ src/smtp_in.c	2012-06-28 20:08:00.000000000 +0400
+@@ -1357,6 +1357,9 @@
+ uschar *user_msg, *log_msg;
+ uschar *code, *esc;
+ uschar *p, *s, *ss;
++#ifdef USE_TCP_WRAPPERS
++struct request_info tcpwrap_ri;
++#endif
+ 
+ smtp_connection_start = time(NULL);
+ for (smtp_ch_index = 0; smtp_ch_index < SMTP_HBUFF_SIZE; smtp_ch_index++)
+@@ -1706,10 +1709,14 @@
+       "(tcp_wrappers_name) failed: %s", string_printing(tcp_wrappers_name),
+         expand_string_message);
+     }
+-  if (!hosts_ctl(tcp_wrappers_name,
+-         (sender_host_name == NULL)? STRING_UNKNOWN : CS sender_host_name,
+-         (sender_host_address == NULL)? STRING_UNKNOWN : CS sender_host_address,
+-         (sender_ident == NULL)? STRING_UNKNOWN : CS sender_ident))
++  request_init(&tcpwrap_ri,
++         RQ_DAEMON, tcp_wrappers_name,
++         RQ_FILE, fileno(smtp_out),
++         RQ_CLIENT_NAME, (sender_host_name == NULL)? STRING_UNKNOWN : CS sender_host_name,
++         RQ_CLIENT_ADDR, (sender_host_address == NULL)? STRING_UNKNOWN : CS sender_host_address,
++         RQ_USER, (sender_ident == NULL)? STRING_UNKNOWN : CS sender_ident,
++         0);
++  if (!hosts_access(&tcpwrap_ri))
+     {
+     if (errno == 0 || errno == ENOENT)
+       {
diff --git a/mail/exim/files/patch-src::EDITME b/mail/exim/files/patch-src::EDITME
index 2e4e5eb43009..624dbcf026c2 100644
--- a/mail/exim/files/patch-src::EDITME
+++ b/mail/exim/files/patch-src::EDITME
@@ -1,6 +1,6 @@
---- src/EDITME.orig	2010-12-26 21:17:23.000000000 +0300
-+++ src/EDITME	2011-01-06 11:25:01.000000000 +0300
-@@ -100,7 +100,7 @@
+--- src/EDITME.orig	2012-05-31 04:40:15.000000000 +0400
++++ src/EDITME	2012-06-28 18:43:50.000000000 +0400
+@@ -98,7 +98,7 @@
  # /usr/local/sbin. The installation script will try to create this directory,
  # and any superior directories, if they do not exist.
  
@@ -9,7 +9,7 @@
  
  
  #------------------------------------------------------------------------------
-@@ -116,7 +116,7 @@
+@@ -114,7 +114,7 @@
  # don't exist. It will also install a default runtime configuration if this
  # file does not exist.
  
@@ -18,7 +18,7 @@
  
  # It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
  # In this case, Exim will use the first of them that exists when it is run.
-@@ -133,7 +133,7 @@
+@@ -131,7 +131,7 @@
  # deliveries. (Local deliveries run as various non-root users, typically as the
  # owner of a local mailbox.) Specifying these values as root is not supported.
  
@@ -27,7 +27,7 @@
  
  # If you specify EXIM_USER as a name, this is looked up at build time, and the
  # uid number is built into the binary. However, you can specify that this
-@@ -154,7 +154,7 @@
+@@ -152,7 +152,7 @@
  # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
  # you want to use a group other than the default group for the given user.
  
@@ -36,7 +36,7 @@
  
  # Many sites define a user called "exim", with an appropriate default group,
  # and use
-@@ -294,6 +294,7 @@
+@@ -330,6 +330,7 @@
  # LDAP_LIB_TYPE=OPENLDAP2
  # LDAP_LIB_TYPE=NETSCAPE
  # LDAP_LIB_TYPE=SOLARIS
@@ -44,9 +44,9 @@
  
  # If you don't set any of these, Exim assumes the original University of
  # Michigan (OpenLDAP 1) library.
-@@ -320,8 +321,10 @@
- # specified in INCLUDE. The settings below are just examples; -lpq is for
- # PostgreSQL, -lgds is for Interbase, -lsqlite3 is for SQLite.
+@@ -361,8 +362,10 @@
+ #
+ # You do not need to use this for any lookup information added via pkg-config.
  
 -# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include
 -# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3
@@ -57,7 +57,7 @@
  
  
  #------------------------------------------------------------------------------
-@@ -332,7 +335,7 @@
+@@ -373,7 +376,7 @@
  # files are defaulted in the OS/Makefile-Default file, but can be overridden in
  # local OS-specific make files.
  
@@ -66,7 +66,7 @@
  
  
  #------------------------------------------------------------------------------
-@@ -403,6 +406,7 @@
+@@ -454,6 +457,7 @@
  
  
  
@@ -74,7 +74,7 @@
  ###############################################################################
  #                 THESE ARE THINGS YOU MIGHT WANT TO SPECIFY                  #
  ###############################################################################
-@@ -470,6 +474,7 @@
+@@ -521,6 +525,7 @@
  
  # ALT_CONFIG_PREFIX=/some/directory/
  # ALT_CONFIG_PREFIX=/some/directory/exim.conf-
@@ -82,7 +82,7 @@
  
  
  #------------------------------------------------------------------------------
-@@ -548,7 +553,7 @@
+@@ -607,7 +612,7 @@
  # one that is set in the headers_charset option. The default setting is
  # defined by this setting:
  
@@ -91,16 +91,7 @@
  
  # If you are going to make use of $header_xxx expansions in your configuration
  # file, or if your users are going to use them in filter files, and the normal
-@@ -633,7 +638,7 @@
- # SUPPORT_TLS=yes
- 
- # Uncomment this setting if you are using OpenSSL
--# TLS_LIBS=-lssl -lcrypto
-+TLS_LIBS=-lssl -lcrypto
- 
- # Uncomment these settings if you are using GnuTLS
- # USE_GNUTLS=yes
-@@ -684,7 +689,7 @@
+@@ -751,7 +756,7 @@
  # Once you have done this, "make install" will build the info files and
  # install them in the directory you have defined.
  
@@ -109,7 +100,7 @@
  
  
  #------------------------------------------------------------------------------
-@@ -697,7 +702,7 @@
+@@ -764,7 +769,7 @@
  # %s. This will be replaced by one of the strings "main", "panic", or "reject"
  # to form the final file names. Some installations may want something like this:
  
@@ -118,7 +109,7 @@
  
  # which results in files with names /var/log/exim_mainlog, etc. The directory
  # in which the log files are placed must exist; Exim does not try to create
-@@ -773,7 +778,7 @@
+@@ -840,7 +845,7 @@
  # that the local_scan API is made available by the linker. You may also need
  # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
  
@@ -127,7 +118,7 @@
  
  
  #------------------------------------------------------------------------------
-@@ -870,6 +875,8 @@
+@@ -937,6 +942,8 @@
  #
  # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
  # as well.
@@ -136,7 +127,7 @@
  #
  # To use a name other than exim in the tcpwrappers config file,
  # e.g. if you're running multiple daemons with different access lists,
-@@ -878,6 +885,14 @@
+@@ -945,6 +952,14 @@
  #
  # TCP_WRAPPERS_DAEMON_NAME="exim"
  
@@ -151,7 +142,7 @@
  
  #------------------------------------------------------------------------------
  # The default action of the exim_install script (which is run by "make
-@@ -1145,7 +1160,7 @@
+@@ -1222,7 +1237,7 @@
  # (process id) to a file so that it can easily be identified. The path of the
  # file can be specified here. Some installations may want something like this:
  
diff --git a/mail/exim/options b/mail/exim/options
index cef4d9b3f9aa..1edf88d8a19d 100644
--- a/mail/exim/options
+++ b/mail/exim/options
@@ -12,6 +12,7 @@ OPTIONS+= \
 	DCC "Enable DCC at ACL support via dccifd" off \
 	DEBUG "Build with debugging symbols" off \
 	DISABLE_D_OPT "Disable macros overrides using option -D" on \
+	DKIM "Enable support for DKIM" on \
 	DNSDB "Enable DNS-style lookups" on \
 	DSEARCH "Enable directory-list lookups" on \
 	EMBEDDED_PERL "Enable embedded Perl interpreter" on \
@@ -42,6 +43,7 @@ OPTIONS+= \
 	SRS_ALT "Enable alternative SRS library" off \
 	SUID "Install the exim binary suid root" on \
 	TCP_WRAPPERS "Enable /etc/hosts.allow access control" off \
-	TLS "Link against OpenSSL" on \
+	TLS "Enable TLS support" on \
+	GNUTLS "Use GnuTLS instead of OpenSSL for TLS" off \
 	WISHLIST "Include the unsupported patches" off \
 	XCLIENT "Enable XCLIENT command in exim" off
diff --git a/mail/exim/pkg-message b/mail/exim/pkg-message
index cbd7c03007de..032d56d302a1 100644
--- a/mail/exim/pkg-message
+++ b/mail/exim/pkg-message
@@ -18,3 +18,20 @@ Just two steps to do it:
     and carefully review your configuration for untrusted
     right-hand sides in match_* operations.
 
+
+Upgrades to Exim 4.80
+=====================
+
+Exim 4.80 contains some backward-incompatible changes.
+
+OpenSSL default options have changed to be more secure, including
+disabling of SSLv2 by default (and adding support for TLSv1.1 and
+TLSv1.2 if using OpenSSL 1.0.1 or newer); GnuTLS has been updated to use
+a new API and stop honouring some options starting gnutls_*; users of
+LDAP can now distinguish "comma in data" from "multi-valued attribute".
+There are more details, covering more changes, in README.UPDATING.
+
+We now enable accept_8bitmime by default, as the Exim maintainers agree
+with Dan Bernstein about the best way to deal with the 8BITMIME
+extension.
+