From e0da321c1bd198034dbdf5e91d6aa5a736a5cddb Mon Sep 17 00:00:00 2001 From: vsevolod Date: Tue, 22 Jul 2014 15:39:44 +0000 Subject: Update to 4.83. Changes in the port: - Added new options: * DNSSEC: validate peers using TLSA records * PRDR: Per-Recipient-Data-Response support * CERTNAMES: Check certiticates ownership * DSN: Delivery Status Notifications * PROXY: Experimental Proxy Protocol - Enable OCSP stapling by default - Disable NIS by default - SRS support is now radio group - DNSSEC and PRDR are now enabled by default Changes in exim itself: This release contains the following enhancements and bugfixes: + PRDR was promoted from Experimental to mainline + OCSP Stapling was promoted from Experimental to mainline + new Experimental feature Proxy Protocol + new Experimental feature DSN (Delivery Status Notifications) + TLS session improvements + TLS SNI fixes + LDAP enhancements + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy + several new operations (listextract, utf8clean, md5, sha1) + enforce header formatting with verify=header_names_ascii + new commandline option -oMm + new TLSA dns lookup + new malware "sock" type + cutthrough routing enhancements + logging enhancements + DNSSEC enhancements + exiqgrep enhancements + deprecating non-standard SPF results + build and portability fixes + documentation fixes and enhancements Uncompatible changes: This release of Exim includes one incompatible fix: the behavior of expansion of arguments to math comparison functions (<, <=, =, =>, >) was unexpected, expanding the values twice. This fix also addresses a security advisory, CVE-2014-2972. This is not a remote exploit, but if content that is searched by the above math comparison functions is under the control of an attacker, specially crafted data can be inserted that will cause the Exim mail server to perform various file-system functions as the exim user. --- mail/exim-doc-html/Makefile | 2 +- mail/exim-doc-html/distinfo | 12 ++++++------ mail/exim/Makefile | 30 ++++++++++++++++++++++++------ mail/exim/distinfo | 4 ++-- mail/exim/options | 27 ++++++++++++++++++--------- 5 files changed, 51 insertions(+), 24 deletions(-) diff --git a/mail/exim-doc-html/Makefile b/mail/exim-doc-html/Makefile index 0e0d651873a3..cdf6fbc01e3d 100644 --- a/mail/exim-doc-html/Makefile +++ b/mail/exim-doc-html/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= exim -PORTVERSION= 4.82.1 +PORTVERSION= 4.83 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_EXIM:S/$/:exim/} MASTER_SITE_SUBDIR= exim4/:exim diff --git a/mail/exim-doc-html/distinfo b/mail/exim-doc-html/distinfo index 80f67147bd00..15688c5f2783 100644 --- a/mail/exim-doc-html/distinfo +++ b/mail/exim-doc-html/distinfo @@ -1,6 +1,6 @@ -SHA256 (exim/exim-html-4.82.1.tar.bz2) = 81d0237cff64b259d47c758d5c82da93bd2e7b8ce048974d53d90e597eee122e -SIZE (exim/exim-html-4.82.1.tar.bz2) = 458569 -SHA256 (exim/exim-pdf-4.82.1.tar.bz2) = 2e3705504f22633a14d417ffcb72c6beddc2f142e38ff4f01394b83ae583ff42 -SIZE (exim/exim-pdf-4.82.1.tar.bz2) = 1835284 -SHA256 (exim/exim-postscript-4.82.1.tar.bz2) = f9c69153b1da3ef854c73ac98ec5bcef842438c5630819bc2287dec869bd039d -SIZE (exim/exim-postscript-4.82.1.tar.bz2) = 1008574 +SHA256 (exim/exim-html-4.83.tar.bz2) = d7b38922f2aedd9eb4db7aa0e1e1c0fcd948777a4c8bac7971eaf4b2959bf0de +SIZE (exim/exim-html-4.83.tar.bz2) = 464789 +SHA256 (exim/exim-pdf-4.83.tar.bz2) = 478fca2c13fbda403fb0c373dc61e82aa434e7167c0341f24b83195afd294b82 +SIZE (exim/exim-pdf-4.83.tar.bz2) = 1856787 +SHA256 (exim/exim-postscript-4.83.tar.bz2) = 7f8ef825a832debdab54173bfb4e86acaaa6eb139a64e8b87a785183354375cf +SIZE (exim/exim-postscript-4.83.tar.bz2) = 1019858 diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 9aa8e8387547..ae86747dba11 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -3,7 +3,6 @@ PORTNAME= exim PORTVERSION?= ${EXIM_VERSION} -PORTREVISION= 7 CATEGORIES= mail ipv6 MASTER_SITES= ${MASTER_SITE_EXIM:S/$/:exim/} MASTER_SITE_SUBDIR= exim4/:exim @@ -75,7 +74,7 @@ IGNORE= You cannot enable OCSP stapling with gnutls .endif # DMARC implies SPF -.if ${PORT_OPTIONS:MOCSP} +.if ${PORT_OPTIONS:MDMARC} .if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM} IGNORE= You cannot enable DMARC without SPF and DKIM support .endif @@ -93,7 +92,7 @@ MASTER_SITES+= ftp://ftp.renatasystems.org/pub/FreeBSD/ports/distfiles/:so_1024 DISTFILES+= spamooborona1024-src-${SO_1024_VERSION}.tar.gz:so_1024 .endif -EXIM_VERSION= 4.82.1 +EXIM_VERSION= 4.83 SA_EXIM_VERSION=4.2 SO_1024_VERSION=3.2 EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink" @@ -199,8 +198,28 @@ SEDLIST+= -e 's,^\# (EXPAND_LISTMATCH_RHS=),\1,' SEDLIST+= -e 's,^\# (EXPERIMENTAL_DCC=),\1,' .endif -.if ${PORT_OPTIONS:MOCSP} -SEDLIST+= -e 's,^\# (EXPERIMENTAL_OCSP=),\1,' +.if ${PORT_OPTIONS:MPROXY} +SEDLIST+= -e 's,^\# (EXPERIMENTAL_PROXY=),\1,' +.endif + +.if ${PORT_OPTIONS:MCERTNAMES} +SEDLIST+= -e 's,^\# (EXPERIMENTAL_CERTNAMES=),\1,' +.endif + +.if ${PORT_OPTIONS:MDSN} +SEDLIST+= -e 's,^\# (EXPERIMENTAL_DSN=),\1,' +.endif + +.if !${PORT_OPTIONS:MPRDR} +SEDLIST+= -e 's,^\# (DISABLE_PRDR=),\1,' +.endif + +.if !${PORT_OPTIONS:MOCSP} +SEDLIST+= -e 's,^\# (DISABLE_OCSP=),\1,' +.endif + +.if !${PORT_OPTIONS:MDNSSEC} +SEDLIST+= -e 's,^\# (DISABLE_DNSSEC=),\1,' .endif .if ${PORT_OPTIONS:MDMARC} @@ -210,7 +229,6 @@ SEDLIST+= -e 's,XX_DMARC_LIBS_XX,-L${LOCALBASE}/lib -lopendmarc,' \ SEDLIST+= -e 's,XX_DMARC_LIBS_XX,,' .endif - .if ${PORT_OPTIONS:MWISHLIST} EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name 'wishlist-*.patch'` .endif diff --git a/mail/exim/distinfo b/mail/exim/distinfo index 750ee94c2a1e..3c9ca47bf80b 100644 --- a/mail/exim/distinfo +++ b/mail/exim/distinfo @@ -1,5 +1,5 @@ -SHA256 (exim/exim-4.82.1.tar.bz2) = 51798cead70b9ca03df88afb63f7a0cabedee8ef82c02bd18d67591c08b14500 -SIZE (exim/exim-4.82.1.tar.bz2) = 1722912 +SHA256 (exim/exim-4.83.tar.bz2) = efa031b89ffb2ab844a4bf9d3a5d7ca4d587d82b62ae233d68c4f26e079a6a02 +SIZE (exim/exim-4.83.tar.bz2) = 1761169 SHA256 (exim/sa-exim-4.2.tar.gz) = 72e0a735547f18b05785e6c58a71d24623858f0f5234a5dc0e24cb453999e99a SIZE (exim/sa-exim-4.2.tar.gz) = 66575 SHA256 (exim/spamooborona1024-src-3.2.tar.gz) = ab22a430f3860460045f6b213c68c89700a0cd10cbb6c7a808ece326c53787ee diff --git a/mail/exim/options b/mail/exim/options index 029f3f1984de..71a2b03af182 100644 --- a/mail/exim/options +++ b/mail/exim/options @@ -1,11 +1,10 @@ OPTIONS_DEFINE+= ALT_CONFIG_PREFIX \ CONTENT_SCAN \ DAEMON \ - DCC \ DEBUG \ DISABLE_D_OPT \ DKIM \ - DMARC \ + DNSSEC \ DOCS \ EMBEDDED_PERL \ EXIMON \ @@ -13,12 +12,11 @@ OPTIONS_DEFINE+= ALT_CONFIG_PREFIX \ IPV6 \ LISTMATCH_RHS \ LMTP \ + NIS \ OCSP \ OLD_DEMIME \ + PRDR \ READLINE \ - SPF \ - SRS \ - SRS_ALT \ SUID \ TCP_WRAPPERS \ WISHLIST \ @@ -33,6 +31,7 @@ OPTIONS_DEFAULT+= AUTH_CRAM_MD5 \ DISABLE_D_OPT \ DKIM \ DNSDB \ + DNSSEC \ DSEARCH \ EMBEDDED_PERL \ ICONV \ @@ -41,10 +40,11 @@ OPTIONS_DEFAULT+= AUTH_CRAM_MD5 \ MAILDIR \ MAILSTORE \ MBX \ - NIS \ + OCSP \ OLD_DEMIME \ PAM \ PASSWD \ + PRDR \ SUID \ TLS @@ -52,7 +52,9 @@ OPTIONS_RADIO_TLS= TLS GNUTLS TLS_DESC= TLS support OPTIONS_RADIO_LS= SA_EXIM SO_1024 KAS LS_DESC= Local scan patch -OPTIONS_RADIO= TLS LS +OPTIONS_RADIO_SRSR= SRS SRS_ALT +SRSR_DESC= Sender Rewriting Scheme +OPTIONS_RADIO= TLS LS SRSR OPTIONS_GROUP_AUTH= AUTH_CRAM_MD5 AUTH_DOVECOT AUTH_PLAINTEXT AUTH_RADIUS AUTH_SASL AUTH_SPA SASLAUTHD PAM PASSWD AUTH_DESC= SMTP Authorization @@ -60,7 +62,9 @@ OPTIONS_GROUP_LOOKUP= CDB BDB DNSDB DSEARCH LSEARCH MYSQL NIS OPENLDAP PGSQL RED LOOKUP_DESC= Lookup support OPTIONS_GROUP_STORAGE= MAILDIR MAILSTORE MBX STORAGE_DESC= Supported storage formats -OPTIONS_GROUP= AUTH LOOKUP STORAGE +OPTIONS_GROUP_EXPERIMENTAL= CERTNAMES DCC DMARC DSN PROXY SPF +EXPERIMENTAL_DESC= Experimental options +OPTIONS_GROUP= AUTH LOOKUP STORAGE EXPERIMENTAL ALT_CONFIG_PREFIX_DESC= Restrict the set of configuration files AUTH_CRAM_MD5_DESC= Enable CRAM-MD5 authentication mechanisms @@ -69,6 +73,8 @@ AUTH_PLAINTEXT_DESC= Enable plaintext authentication AUTH_RADIUS_DESC= Enable radius (RFC 2865) authentication AUTH_SASL_DESC= Enable use of Cyrus SASL auth library AUTH_SPA_DESC= Enable Secure Password Authentication +CERTNAMES_DESC= Check certiticates ownership +DSN_DESC= Enable Delivery Status Notifications BDB_DESC= Enable Berkeley DB lookups CDB_DESC= Enable CDB-style lookups CONTENT_SCAN_DESC= Enable exiscan email content scanner @@ -78,6 +84,7 @@ DISABLE_D_OPT_DESC= Disable macros overrides using option -D DKIM_DESC= Enable support for DKIM DMARC_DESC= Enable DMARC support DNSDB_DESC= Enable DNS-style lookups +DNSSEC_DESC= Enable DNSSEC validation DSEARCH_DESC= Enable directory-list lookups EMBEDDED_PERL_DESC= Enable embedded Perl interpreter EXIMON_DESC= Build eximon monitor (requires X libraries) @@ -97,8 +104,10 @@ OCSP_DESC= Enable OCSP stapling PAM_DESC= Enable PAM authentication mechanisms PASSWD_DESC= Enable /etc/passwd lookups PGSQL_DESC= Enable postgresql lookups +PRDR_DESC= Enable Per-Recipient-Data-Response support +PROXY_DESC= Enable Experimental Proxy Protocol READLINE_DESC= Enable readline(3) library -REDIS_DESC= Enable redis lookups +REDIS_DESC= Enable redis lookups (experimental) SASLAUTHD_DESC= Enable use of Cyrus SASL auth daemon SA_EXIM_DESC= Build with Spamassassin local scan SO_1024_DESC= Build with Spamooborona-1024 local scan -- cgit