From owner-svn-ports-all@FreeBSD.ORG Tue Jul 22 15:39:46 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3D271CC4; Tue, 22 Jul 2014 15:39:46 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 29E0B236F; Tue, 22 Jul 2014 15:39:46 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s6MFdkwe049304; Tue, 22 Jul 2014 15:39:46 GMT (envelope-from vsevolod@svn.freebsd.org) Received: (from vsevolod@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s6MFdj05049299; Tue, 22 Jul 2014 15:39:45 GMT (envelope-from vsevolod@svn.freebsd.org) Message-Id: <201407221539.s6MFdj05049299@svn.freebsd.org> From: Vsevolod Stakhov Date: Tue, 22 Jul 2014 15:39:45 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r362549 - in head/mail: exim exim-doc-html X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jul 2014 15:39:46 -0000 Author: vsevolod Date: Tue Jul 22 15:39:44 2014 New Revision: 362549 URL: http://svnweb.freebsd.org/changeset/ports/362549 QAT: https://qat.redports.org/buildarchive/r362549/ Log: Update to 4.83. Changes in the port: - Added new options: * DNSSEC: validate peers using TLSA records * PRDR: Per-Recipient-Data-Response support * CERTNAMES: Check certiticates ownership * DSN: Delivery Status Notifications * PROXY: Experimental Proxy Protocol - Enable OCSP stapling by default - Disable NIS by default - SRS support is now radio group - DNSSEC and PRDR are now enabled by default Changes in exim itself: This release contains the following enhancements and bugfixes: + PRDR was promoted from Experimental to mainline + OCSP Stapling was promoted from Experimental to mainline + new Experimental feature Proxy Protocol + new Experimental feature DSN (Delivery Status Notifications) + TLS session improvements + TLS SNI fixes + LDAP enhancements + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy + several new operations (listextract, utf8clean, md5, sha1) + enforce header formatting with verify=header_names_ascii + new commandline option -oMm + new TLSA dns lookup + new malware "sock" type + cutthrough routing enhancements + logging enhancements + DNSSEC enhancements + exiqgrep enhancements + deprecating non-standard SPF results + build and portability fixes + documentation fixes and enhancements Uncompatible changes: This release of Exim includes one incompatible fix: the behavior of expansion of arguments to math comparison functions (<, <=, =, =>, >) was unexpected, expanding the values twice. This fix also addresses a security advisory, CVE-2014-2972. This is not a remote exploit, but if content that is searched by the above math comparison functions is under the control of an attacker, specially crafted data can be inserted that will cause the Exim mail server to perform various file-system functions as the exim user. Modified: head/mail/exim-doc-html/Makefile head/mail/exim-doc-html/distinfo head/mail/exim/Makefile head/mail/exim/distinfo head/mail/exim/options Modified: head/mail/exim-doc-html/Makefile ============================================================================== --- head/mail/exim-doc-html/Makefile Tue Jul 22 15:25:13 2014 (r362548) +++ head/mail/exim-doc-html/Makefile Tue Jul 22 15:39:44 2014 (r362549) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= exim -PORTVERSION= 4.82.1 +PORTVERSION= 4.83 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_EXIM:S/$/:exim/} MASTER_SITE_SUBDIR= exim4/:exim Modified: head/mail/exim-doc-html/distinfo ============================================================================== --- head/mail/exim-doc-html/distinfo Tue Jul 22 15:25:13 2014 (r362548) +++ head/mail/exim-doc-html/distinfo Tue Jul 22 15:39:44 2014 (r362549) @@ -1,6 +1,6 @@ -SHA256 (exim/exim-html-4.82.1.tar.bz2) = 81d0237cff64b259d47c758d5c82da93bd2e7b8ce048974d53d90e597eee122e -SIZE (exim/exim-html-4.82.1.tar.bz2) = 458569 -SHA256 (exim/exim-pdf-4.82.1.tar.bz2) = 2e3705504f22633a14d417ffcb72c6beddc2f142e38ff4f01394b83ae583ff42 -SIZE (exim/exim-pdf-4.82.1.tar.bz2) = 1835284 -SHA256 (exim/exim-postscript-4.82.1.tar.bz2) = f9c69153b1da3ef854c73ac98ec5bcef842438c5630819bc2287dec869bd039d -SIZE (exim/exim-postscript-4.82.1.tar.bz2) = 1008574 +SHA256 (exim/exim-html-4.83.tar.bz2) = d7b38922f2aedd9eb4db7aa0e1e1c0fcd948777a4c8bac7971eaf4b2959bf0de +SIZE (exim/exim-html-4.83.tar.bz2) = 464789 +SHA256 (exim/exim-pdf-4.83.tar.bz2) = 478fca2c13fbda403fb0c373dc61e82aa434e7167c0341f24b83195afd294b82 +SIZE (exim/exim-pdf-4.83.tar.bz2) = 1856787 +SHA256 (exim/exim-postscript-4.83.tar.bz2) = 7f8ef825a832debdab54173bfb4e86acaaa6eb139a64e8b87a785183354375cf +SIZE (exim/exim-postscript-4.83.tar.bz2) = 1019858 Modified: head/mail/exim/Makefile ============================================================================== --- head/mail/exim/Makefile Tue Jul 22 15:25:13 2014 (r362548) +++ head/mail/exim/Makefile Tue Jul 22 15:39:44 2014 (r362549) @@ -3,7 +3,6 @@ PORTNAME= exim PORTVERSION?= ${EXIM_VERSION} -PORTREVISION= 7 CATEGORIES= mail ipv6 MASTER_SITES= ${MASTER_SITE_EXIM:S/$/:exim/} MASTER_SITE_SUBDIR= exim4/:exim @@ -75,7 +74,7 @@ IGNORE= You cannot enable OCSP stapling .endif # DMARC implies SPF -.if ${PORT_OPTIONS:MOCSP} +.if ${PORT_OPTIONS:MDMARC} .if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM} IGNORE= You cannot enable DMARC without SPF and DKIM support .endif @@ -93,7 +92,7 @@ MASTER_SITES+= ftp://ftp.renatasystems.o DISTFILES+= spamooborona1024-src-${SO_1024_VERSION}.tar.gz:so_1024 .endif -EXIM_VERSION= 4.82.1 +EXIM_VERSION= 4.83 SA_EXIM_VERSION=4.2 SO_1024_VERSION=3.2 EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink" @@ -199,8 +198,28 @@ SEDLIST+= -e 's,^\# (EXPAND_LISTMATCH_RH SEDLIST+= -e 's,^\# (EXPERIMENTAL_DCC=),\1,' .endif -.if ${PORT_OPTIONS:MOCSP} -SEDLIST+= -e 's,^\# (EXPERIMENTAL_OCSP=),\1,' +.if ${PORT_OPTIONS:MPROXY} +SEDLIST+= -e 's,^\# (EXPERIMENTAL_PROXY=),\1,' +.endif + +.if ${PORT_OPTIONS:MCERTNAMES} +SEDLIST+= -e 's,^\# (EXPERIMENTAL_CERTNAMES=),\1,' +.endif + +.if ${PORT_OPTIONS:MDSN} +SEDLIST+= -e 's,^\# (EXPERIMENTAL_DSN=),\1,' +.endif + +.if !${PORT_OPTIONS:MPRDR} +SEDLIST+= -e 's,^\# (DISABLE_PRDR=),\1,' +.endif + +.if !${PORT_OPTIONS:MOCSP} +SEDLIST+= -e 's,^\# (DISABLE_OCSP=),\1,' +.endif + +.if !${PORT_OPTIONS:MDNSSEC} +SEDLIST+= -e 's,^\# (DISABLE_DNSSEC=),\1,' .endif .if ${PORT_OPTIONS:MDMARC} @@ -210,7 +229,6 @@ SEDLIST+= -e 's,XX_DMARC_LIBS_XX,-L${LOC SEDLIST+= -e 's,XX_DMARC_LIBS_XX,,' .endif - .if ${PORT_OPTIONS:MWISHLIST} EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name 'wishlist-*.patch'` .endif Modified: head/mail/exim/distinfo ============================================================================== --- head/mail/exim/distinfo Tue Jul 22 15:25:13 2014 (r362548) +++ head/mail/exim/distinfo Tue Jul 22 15:39:44 2014 (r362549) @@ -1,5 +1,5 @@ -SHA256 (exim/exim-4.82.1.tar.bz2) = 51798cead70b9ca03df88afb63f7a0cabedee8ef82c02bd18d67591c08b14500 -SIZE (exim/exim-4.82.1.tar.bz2) = 1722912 +SHA256 (exim/exim-4.83.tar.bz2) = efa031b89ffb2ab844a4bf9d3a5d7ca4d587d82b62ae233d68c4f26e079a6a02 +SIZE (exim/exim-4.83.tar.bz2) = 1761169 SHA256 (exim/sa-exim-4.2.tar.gz) = 72e0a735547f18b05785e6c58a71d24623858f0f5234a5dc0e24cb453999e99a SIZE (exim/sa-exim-4.2.tar.gz) = 66575 SHA256 (exim/spamooborona1024-src-3.2.tar.gz) = ab22a430f3860460045f6b213c68c89700a0cd10cbb6c7a808ece326c53787ee Modified: head/mail/exim/options ============================================================================== --- head/mail/exim/options Tue Jul 22 15:25:13 2014 (r362548) +++ head/mail/exim/options Tue Jul 22 15:39:44 2014 (r362549) @@ -1,11 +1,10 @@ OPTIONS_DEFINE+= ALT_CONFIG_PREFIX \ CONTENT_SCAN \ DAEMON \ - DCC \ DEBUG \ DISABLE_D_OPT \ DKIM \ - DMARC \ + DNSSEC \ DOCS \ EMBEDDED_PERL \ EXIMON \ @@ -13,12 +12,11 @@ OPTIONS_DEFINE+= ALT_CONFIG_PREFIX \ IPV6 \ LISTMATCH_RHS \ LMTP \ + NIS \ OCSP \ OLD_DEMIME \ + PRDR \ READLINE \ - SPF \ - SRS \ - SRS_ALT \ SUID \ TCP_WRAPPERS \ WISHLIST \ @@ -33,6 +31,7 @@ OPTIONS_DEFAULT+= AUTH_CRAM_MD5 \ DISABLE_D_OPT \ DKIM \ DNSDB \ + DNSSEC \ DSEARCH \ EMBEDDED_PERL \ ICONV \ @@ -41,10 +40,11 @@ OPTIONS_DEFAULT+= AUTH_CRAM_MD5 \ MAILDIR \ MAILSTORE \ MBX \ - NIS \ + OCSP \ OLD_DEMIME \ PAM \ PASSWD \ + PRDR \ SUID \ TLS @@ -52,7 +52,9 @@ OPTIONS_RADIO_TLS= TLS GNUTLS TLS_DESC= TLS support OPTIONS_RADIO_LS= SA_EXIM SO_1024 KAS LS_DESC= Local scan patch -OPTIONS_RADIO= TLS LS +OPTIONS_RADIO_SRSR= SRS SRS_ALT +SRSR_DESC= Sender Rewriting Scheme +OPTIONS_RADIO= TLS LS SRSR OPTIONS_GROUP_AUTH= AUTH_CRAM_MD5 AUTH_DOVECOT AUTH_PLAINTEXT AUTH_RADIUS AUTH_SASL AUTH_SPA SASLAUTHD PAM PASSWD AUTH_DESC= SMTP Authorization @@ -60,7 +62,9 @@ OPTIONS_GROUP_LOOKUP= CDB BDB DNSDB DSEA LOOKUP_DESC= Lookup support OPTIONS_GROUP_STORAGE= MAILDIR MAILSTORE MBX STORAGE_DESC= Supported storage formats -OPTIONS_GROUP= AUTH LOOKUP STORAGE +OPTIONS_GROUP_EXPERIMENTAL= CERTNAMES DCC DMARC DSN PROXY SPF +EXPERIMENTAL_DESC= Experimental options +OPTIONS_GROUP= AUTH LOOKUP STORAGE EXPERIMENTAL ALT_CONFIG_PREFIX_DESC= Restrict the set of configuration files AUTH_CRAM_MD5_DESC= Enable CRAM-MD5 authentication mechanisms @@ -69,6 +73,8 @@ AUTH_PLAINTEXT_DESC= Enable plaintext au AUTH_RADIUS_DESC= Enable radius (RFC 2865) authentication AUTH_SASL_DESC= Enable use of Cyrus SASL auth library AUTH_SPA_DESC= Enable Secure Password Authentication +CERTNAMES_DESC= Check certiticates ownership +DSN_DESC= Enable Delivery Status Notifications BDB_DESC= Enable Berkeley DB lookups CDB_DESC= Enable CDB-style lookups CONTENT_SCAN_DESC= Enable exiscan email content scanner @@ -78,6 +84,7 @@ DISABLE_D_OPT_DESC= Disable macros overr DKIM_DESC= Enable support for DKIM DMARC_DESC= Enable DMARC support DNSDB_DESC= Enable DNS-style lookups +DNSSEC_DESC= Enable DNSSEC validation DSEARCH_DESC= Enable directory-list lookups EMBEDDED_PERL_DESC= Enable embedded Perl interpreter EXIMON_DESC= Build eximon monitor (requires X libraries) @@ -97,8 +104,10 @@ OCSP_DESC= Enable OCSP stapling PAM_DESC= Enable PAM authentication mechanisms PASSWD_DESC= Enable /etc/passwd lookups PGSQL_DESC= Enable postgresql lookups +PRDR_DESC= Enable Per-Recipient-Data-Response support +PROXY_DESC= Enable Experimental Proxy Protocol READLINE_DESC= Enable readline(3) library -REDIS_DESC= Enable redis lookups +REDIS_DESC= Enable redis lookups (experimental) SASLAUTHD_DESC= Enable use of Cyrus SASL auth daemon SA_EXIM_DESC= Build with Spamassassin local scan SO_1024_DESC= Build with Spamooborona-1024 local scan