Log message:
exim: update to 4.92.3

Fix for CVE-2019-16928

Log message:
exim-html: updated to 4.92.2

keep up with exim

Log message:
exim: updated to 4.92

4.92:
New features include:
- ${l_header:<name>} expansion
- ${readsocket} now supports TLS
- "utf8_downconvert" option (if built with SUPPORT_I18N)
- "pipelining" log_selector
- JSON variants for ${extract } expansion
- "noutf8" debug option
- TCP Fast Open support on MacOS

Log message:
exim: updated to 4.91

Version 4.91

 1. Dual-certificate stacks on servers now support OCSP stapling, under GnuTLS
    version 3.5.6 or later.

 2. DANE is now supported under GnuTLS version 3.0.0 or later.  Both GnuTLS and
    OpenSSL versions are moved to mainline support from Experimental.
    New SMTP transport option "dane_require_tls_ciphers".

 3. Feature macros for the compiled-in set of malware scanner interfaces.

 4. SPF support is promoted from Experimental to mainline status.  The template
    src/EDITME makefile does not enable its inclusion.

 5. Logging control for DKIM verification.  The existing DKIM log line is
    controlled by a "dkim_verbose" selector which is _not_ enabled by \ 
default.
    A new tag "DKIM=<domain>" is added to <= lines by \ 
default, controlled by
    a "dkim" log_selector.

 6. Receive duration on <= lines, under a new log_selector \ 
"receive_time".

 7. Options "ipv4_only" and "ipv4_prefer" on the dnslookup \ 
router and on
    routing rules in the manualroute router.

 8. Expansion item ${sha3:<string>} / ${sha3_<N>:<string>} now \ 
also supported
    under OpenSSL version 1.1.1 or later.

 9. DKIM operations can now use the Ed25519 algorithm in addition to RSA, under
    GnuTLS 3.6.0 or OpenSSL 1.1.1 or later.

10. Builtin feature-macros _CRYPTO_HASH_SHA3 and _CRYPTO_SIGN_ED25519, library
    version dependent.

11. "exim -bP macro <name>" returns caller-usable status.

12. Expansion item ${authresults {<machine>}} for creating an
    Authentication-Results: header.

13. EXPERIMENTAL_ARC.  See the experimental.spec file.
    See also new util/renew-opendmarc-tlds.sh script for use with DMARC/ARC.

14: A dane:fail event, intended to facilitate reporting.

15. "Lightweight" support for Redis Cluster. Requires redis_servers list to
    contain all the servers in the cluster, all of which must be reachable from
    the running exim instance. If the cluster has master/slave replication, the
    list must contain all the master and slave servers.

16. Add an option to the Avast scanner interface: "pass_unscanned". This
    allows to treat unscanned files as clean. Files may be unscanned for
    several reasons: decompression bombs, broken archives.

Log message:
exim: updated to 4.90.1

Exim version 4.90.1

JH/03 Fix pgsql lookup for multiple result-tuples with a single column.
      Previously only the last row was returned.

JH/04 Bug 2217: Tighten up the parsing of DKIM signature headers. Previously
      we assumed that tags in the header were well-formed, and parsed the
      element content after inspecting only the first char of the tag.
      Assumptions at that stage could crash the receive process on malformed
      input.

JH/05 Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
      While running the DKIM ACL we operate on the Permanent memory pool so that
      variables created with "set" persist to the DATA ACL.  Also (at \ 
any time)
      DNS lookups that fail create cache records using the Permanent pool.  But
      expansions release any allocations made on the current pool - so a dnsdb
      lookup expansion done in the DKIM ACL releases the memory used for the
      DNS negative-cache, and bad things result.  Solution is to switch to the
      Main pool for expansions.
      While we're in that code, add checks on the DNS cache during store_reset,
      active in the testsuite.
      Problem spotted, and debugging aided, by Wolfgang Breyha.

JH/06 Fix issue with continued-connections when the DNS shifts unreliably.
      When none of the hosts presented to a transport match an already-open
      connection, close it and proceed with the list.  Previously we would
      queue the message.  Spotted by Lena with Yahoo, probably involving
      round-robin DNS.

JH/07 Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
      Previously a spurious "250 OK id=" response was appended to the \ 
proper
      failure response.

JH/10 Bug 2223: Fix mysql lookup returns for the no-data case (when the number of
      rows affected is given instead).

JH/12 Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
      SMTP connection.  Previously, when one had more receipients than the
      first, an abortive onward connection was made.  Move to full support for
      multiple onward connections in sequence, handling cutthrough connection
      for all multi-message initiating connections.

JH/13 Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by
      routers.  Previously, a multi-recipient message would fail to match the
      onward-connection opened for the first recipient, and cause its closure.

JH/14 Bug 2174: A timeout on connect for a callout was also erroneously seen as
      a timeout on read on a GnuTLS initiating connection, resulting in the
      initiating connection being dropped.  This mattered most when the callout
      was marked defer_ok.  Fix to keep the two timeout-detection methods
      separate.

HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789)

JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
      metadata, resulting in a crash in free().

PP/01 Fix broken Heimdal GSSAPI authenticator integration.
      Broken in f2ed27cf5, missing an equals sign for specified-initialisers.
      Broken also in d185889f4, with init system revamp.

Log message:
Version 4.89
------------

 1. Allow relative config file names for ".include"

 2. A main-section config option "debug_store" to control the checks on
    variable locations during store-reset.  Normally false but can be enabled
    when a memory corrution issue is suspected on a production system.

Log message:
Convert all occurrences (353 by my count) of

	MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.

Log message:
Remove non-working mirror.

Log message:
Version 4.87

 1. The ACL conditions regex and mime_regex now capture substrings
    into numeric variables $regex1 to 9, like the "match" expansion \ 
condition.

 2. New $callout_address variable records the address used for a spam=,
    malware= or verify= callout.

 3. Transports now take a "max_parallel" option, to limit concurrency.

 4. Expansion operators ${ipv6norm:<string>} and ${ipv6denorm:<string>}.
    The latter expands to a 8-element colon-sep set of hex digits including
    leading zeroes. A trailing ipv4-style dotted-decimal set is converted
    to hex.  Pure ipv4 addresses are converted to IPv4-mapped IPv6.
    The former operator strips leading zeroes and collapses the longest
    set of 0-groups to a double-colon.

 5. New "-bP config" support, to dump the effective configuration.

 6. New $dkim_key_length variable.

 7. New base64d and base64 expansion items (the existing str2b64 being a
    synonym of the latter).  Add support in base64 for certificates.

 8. New main configuration option "bounce_return_linesize_limit" to
    avoid oversize bodies in bounces. The dafault value matches RFC
    limits.

 9. New $initial_cwd expansion variable.

Log message:
Update mail/exim and mail/exim-html to 4.86.2

Exim version 4.86.2
-------------------
Portability relase of 4.86.1

Exim version 4.86.1
-------------------
HS/04 Add support for keep_environment and add_environment options.
      This fixes CVE-2016-1531.

All installations having Exim set-uid root and using 'perl_startup' are
vulnerable to a local privilege escalation. Any user who can start an
instance of Exim (and this is normally *any* user) can gain root
privileges. If you do not use 'perl_startup' you *should* be safe.

New options
-----------

We had to introduce two new configuration options:

   keep_environment =
   add_environment =

Both options are empty per default. That is, Exim cleans the complete
environment on startup. This affects Exim itself and any subprocesses,
as transports, that may call other programs via some alias mechanisms,
as routers (queryprogram), lookups, and so on. This may affect used
libraries (e.g. LDAP).

** THIS MAY BREAK your existing installation **

If both options are not used in the configuration, Exim issues a warning
on startup. This warning disappears if at least one of these options is
used (even if set to an empty value).

keep_environment should contain a list of trusted environment variables.
(Do you trust PATH?). This may be a list of names and REs.

   keep_environment = ^LDAP_ : FOO_PATH

To add (or override) variables, you can use add_environment:

   add_environment = <; PATH=/sbin:/usr/sbin

New behaviour
-------------

Now Exim changes it's working directory to / right after startup,
even before reading it's configuration. (Later Exim changes it's working
directory to $spool_directory, as usual.)

Exim only accepts an absolute configuration file path now, when using
the -C option.