Subject: CVS commit: [pkgsrc-2015Q4] pkgsrc/mail
From: Benny Siegert
Date: 2016-03-03 21:22:52
Message id: 20160303202252.86FBDFBB7@cvs.NetBSD.org

Log Message:
Pullup ticket #4942 - requested by wiedi
mail/exim: security fix

Revisions pulled up:
- mail/exim-html/Makefile                                       1.30-1.31
- mail/exim-html/PLIST                                          1.14
- mail/exim-html/distinfo                                       1.25-1.26
- mail/exim/Makefile                                            1.142-1.143
- mail/exim/distinfo                                            1.63-1.64
- mail/exim/patches/patch-aa                                    1.24

---
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Sun Jan 10 20:55:57 UTC 2016

   Modified Files:
           pkgsrc/mail/exim: Makefile distinfo
           pkgsrc/mail/exim/patches: patch-aa

   Log Message:
   Update exim to 4.86.

   Exim version 4.86
   -----------------
   JH/01 Bug 1545: The smtp transport option \ 
"retry_include_ip_address" is now
         expanded.

   JH/02 The smtp transport option "multi_domain" is now expanded.

   JH/03 The smtp transport now requests PRDR by default, if the server offers
         it.

   JH/04 Certificate name checking on server certificates, when exim is a client,
         is now done by default.  The transport option tls_verify_cert_hostnames
         can be used to disable this per-host.  The build option
         EXPERIMENTAL_CERTNAMES is withdrawn.

   JH/05 The value of the tls_verify_certificates smtp transport and main options
         default to the word "system" to access the system default CA \ 
bundle.
         For GnuTLS, only version 3.0.20 or later.

   JH/06 Verification of the server certificate for a TLS connection is now tried
         (but not required) by default.  The verification status is now logged by
         default, for both outbound TLS and client-certificate supplying inbound
         TLS connections

   JH/07 Changed the default rfc1413 lookup settings to disable calls.  Few
         sites use this now.

   JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
         Status Notification (bounce) messages are now MIME format per RFC 3464.
         Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
         under the control of the dsn_advertise_hosts option, and routers may
         have a dsn_lasthop option.

   JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
         default, modifiable by a malware= option.  The list separator for
         the options can now be changed in the usual way.  Bug 68.

   JH/10 The smtp_receive_timeout main option is now expanded before use.

   JH/11 The incoming_interface log option now also enables logging of the
         local interface on delivery outgoing connections.

   JH/12 The cutthrough-routing facility now supports multi-recipient mails,
         if the interface and destination host and port all match.

   JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
         /defer_ok option.

   JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
         Patch from Andrew Lewis.

   JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
         now supports optional time-restrictions, weighting, and priority
         modifiers per server.  Patch originally by \ 
<rommer%active.by@localhost>.

   JH/16 The spamd_address main option now supports a mixed list of local
         and remote servers.  Remote servers can be IPv6 addresses, and
         specify a port-range.

   JH/17 Bug 68: The spamd_address main option now supports an optional
         timeout value per server.

   JH/18 Bug 1581: Router and transport options headers_add/remove can
         now have the list separator specified.

   JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
         option values.

   JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
         under OpenSSL.

   JH/21 Support for the A6 type of dns record is withdrawn.

   JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
         rather than the verbs used.

   JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
         from 255 to 1024 chars.

   JH/24 Verification callouts now attempt to use TLS by default.

   HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
         are generic router options now. The defaults didn't change.

   JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
         Original patch from Alexander Shikoff, worked over by JH.

   HS/02 Bug 1575: exigrep falls back to autodetection of compressed
         files if ZCAT_COMMAND is not executable.

   JH/26 Bug 1539: Add timout/retry options on dnsdb lookups.

   JH/27 Bug 286: Support SOA lookup in dnsdb lookups.

   JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
         Normally benign, it bites when the pair was led to by a CNAME;
         modern usage is to not canoicalize the domain to a CNAME target
         (and we were inconsistent anyway for A-only vs AAAA+A).

   JH/29 Bug 1632: Removed the word "rejected" from line logged for \ 
ACL discards.

   JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
         when evaluating $sender_host_dnssec.

   JH/31 Check the HELO verification lookup for DNSSEC, adding new
         $sender_helo_dnssec variable.

   JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.

   JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.

   JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.

   JH/35 Bug 1642: Fix support of $spam_ variables at delivery time.  Was
         documented as working, but never had.  Support all but $spam_report.

   JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
         added for tls authenticator.

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Mon Jan 11 08:35:32 UTC 2016

   Modified Files:
           pkgsrc/mail/exim-html: Makefile PLIST distinfo

   Log Message:
   Match mail/exim version

---
   Module Name:    pkgsrc
   Committed By:   wiedi
   Date:           Wed Mar  2 20:13:18 UTC 2016

   Modified Files:
           pkgsrc/mail/exim: Makefile distinfo
           pkgsrc/mail/exim-html: Makefile distinfo

   Log Message:
   Update mail/exim and mail/exim-html to 4.86.2

   Exim version 4.86.2
   -------------------
   Portability relase of 4.86.1

   Exim version 4.86.1
   -------------------
   HS/04 Add support for keep_environment and add_environment options.
         This fixes CVE-2016-1531.

   All installations having Exim set-uid root and using 'perl_startup' are
   vulnerable to a local privilege escalation. Any user who can start an
   instance of Exim (and this is normally *any* user) can gain root
   privileges. If you do not use 'perl_startup' you *should* be safe.

   New options
   -----------

   We had to introduce two new configuration options:

      keep_environment =
      add_environment =

   Both options are empty per default. That is, Exim cleans the complete
   environment on startup. This affects Exim itself and any subprocesses,
   as transports, that may call other programs via some alias mechanisms,
   as routers (queryprogram), lookups, and so on. This may affect used
   libraries (e.g. LDAP).

   ** THIS MAY BREAK your existing installation **

   If both options are not used in the configuration, Exim issues a warning
   on startup. This warning disappears if at least one of these options is
   used (even if set to an empty value).

   keep_environment should contain a list of trusted environment variables.
   (Do you trust PATH?). This may be a list of names and REs.

      keep_environment = ^LDAP_ : FOO_PATH

   To add (or override) variables, you can use add_environment:

      add_environment = <; PATH=/sbin:/usr/sbin

   New behaviour
   -------------

   Now Exim changes it's working directory to / right after startup,
   even before reading it's configuration. (Later Exim changes it's working
   directory to $spool_directory, as usual.)

   Exim only accepts an absolute configuration file path now, when using
   the -C option.

Files:
RevisionActionfile
1.141.2.1modifypkgsrc/mail/exim/Makefile
1.62.2.1modifypkgsrc/mail/exim/distinfo
1.29.8.1modifypkgsrc/mail/exim-html/Makefile
1.13.18.1modifypkgsrc/mail/exim-html/PLIST
1.24.2.1modifypkgsrc/mail/exim-html/distinfo
1.23.30.1modifypkgsrc/mail/exim/patches/patch-aa