summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoradam <adam@pkgsrc.org>2012-06-11 11:41:24 +0000
committeradam <adam@pkgsrc.org>2012-06-11 11:41:24 +0000
commit92d45ea7f99349204630af27a437cc196d9417ed (patch)
tree7a304d02e43e45708b71994302159b8e71df4c4c
parent976b80d50b053f95089d232d9d97ccea1475a1f2 (diff)
downloadpkgsrc-92d45ea7f99349204630af27a437cc196d9417ed.tar.gz
Changes 4.80:
1. New authenticator driver, "gsasl". Server-only (at present). This is a SASL interface, licensed under GPL, which can be found at http://www.gnu.org/software/gsasl/. This system does not provide sources of data for authentication, so careful use needs to be made of the conditions in Exim. 2. New authenticator driver, "heimdal_gssapi". Server-only. A replacement for using cyrus_sasl with Heimdal, now that $KRB5_KTNAME is no longer honoured for setuid programs by Heimdal. Use the "server_keytab" option to point to the keytab. 3. The "pkg-config" system can now be used when building Exim to reference cflags and library information for lookups and authenticators, rather than having to update "CFLAGS", "AUTH_LIBS", "LOOKUP_INCLUDE" and "LOOKUP_LIBS" directly. Similarly for handling the TLS library support without adjusting "TLS_INCLUDE" and "TLS_LIBS". In addition, setting PCRE_CONFIG=yes will query the pcre-config tool to find the headers and libraries for PCRE. 4. New expansion variable $tls_bits. 5. New lookup type, "dbmjz". Key is an Exim list, the elements of which will be joined together with ASCII NUL characters to construct the key to pass into the DBM library. Can be used with gsasl to access sasldb2 files as used by Cyrus SASL. 6. OpenSSL now supports TLS1.1 and TLS1.2 with OpenSSL 1.0.1. Avoid release 1.0.1a if you can. Note that the default value of "openssl_options" is no longer "+dont_insert_empty_fragments", as that increased susceptibility to attack. This may still have interoperability implications for very old clients (see version 4.31 change 37) but administrators can choose to make the trade-off themselves and restore compatibility at the cost of session security. 7. Use of the new expansion variable $tls_sni in the main configuration option tls_certificate will cause Exim to re-expand the option, if the client sends the TLS Server Name Indication extension, to permit choosing a different certificate; tls_privatekey will also be re-expanded. You must still set these options to expand to valid files when $tls_sni is not set. The SMTP Transport has gained the option tls_sni, which will set a hostname for outbound TLS sessions, and set $tls_sni too. A new log_selector, +tls_sni, has been added, to log received SNI values for Exim as a server. 8. The existing "accept_8bitmime" option now defaults to true. This means that Exim is deliberately not strictly RFC compliant. We're following Dan Bernstein's advice in http://cr.yp.to/smtp/8bitmime.html by default. Those who disagree, or know that they are talking to mail servers that, even today, are not 8-bit clean, need to turn off this option. 9. Exim can now be started with -bw (with an optional timeout, given as -bw<timespec>). With this, stdin at startup is a socket that is already listening for connections. This has a more modern name of "socket activation", but forcing the activated socket to fd 0. We're interested in adding more support for modern variants. 10. ${eval } now uses 64-bit values on supporting platforms. A new "G" suffix for numbers indicates multiplication by 1024^3. 11. The GnuTLS support has been revamped; the three options gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols are no longer supported. tls_require_ciphers is now parsed by gnutls_priority_init(3) as a priority string, documentation for which is at: http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html SNI support has been added to Exim's GnuTLS integration too. For sufficiently recent GnuTLS libraries, ${randint:..} will now use gnutls_rnd(), asking for GNUTLS_RND_NONCE level randomness. 12. With OpenSSL, if built with EXPERIMENTAL_OCSP, a new option tls_ocsp_file is now available. If the contents of the file are valid, then Exim will send that back in response to a TLS status request; this is OCSP Stapling. Exim will not maintain the contents of the file in any way: administrators are responsible for ensuring that it is up-to-date. 13. ${lookup dnsdb{ }} supports now SPF record types. They are handled identically to TXT record lookups. 14. New expansion variable $tod_epoch_l for higher-precision time. 15. New global option tls_dh_max_bits, defaulting to current value of NSS hard-coded limit of DH ephemeral bits, to fix interop problems caused by GnuTLS 2.12 library recommending a bit count higher than NSS supports. 16. tls_dhparam now used by both OpenSSL and GnuTLS, can be path or identifier. Option can now be a path or an identifier for a standard prime. If unset, we use the DH prime from section 2.2 of RFC 5114, "ike23". Set to "historic" to get the old GnuTLS behaviour of auto-generated DH primes. 17. SSLv2 now disabled by default in OpenSSL. (Never supported by GnuTLS). Use "openssl_options -no_sslv2" to re-enable support, if your OpenSSL install was not built with OPENSSL_NO_SSL2 ("no-ssl2").
-rw-r--r--mail/exim/Makefile5
-rw-r--r--mail/exim/distinfo17
-rw-r--r--mail/exim/patches/patch-aa30
-rw-r--r--mail/exim/patches/patch-ab8
-rw-r--r--mail/exim/patches/patch-ac103
-rw-r--r--mail/exim/patches/patch-ae10
-rw-r--r--mail/exim/patches/patch-ag4
7 files changed, 38 insertions, 139 deletions
diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index eaa492d73cd..69196e63008 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.114 2012/04/27 12:31:53 obache Exp $
+# $NetBSD: Makefile,v 1.115 2012/06/11 11:41:24 adam Exp $
-DISTNAME= exim-4.77
-PKGREVISION= 3
+DISTNAME= exim-4.80
CATEGORIES= mail net
MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/ \
http://dl.ambiweb.de/mirrors/ftp.exim.org/exim/exim4/
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index 147cdac1138..f14b735ad4d 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.52 2011/10/10 12:20:49 adam Exp $
+$NetBSD: distinfo,v 1.53 2012/06/11 11:41:24 adam Exp $
-SHA1 (exim-4.77.tar.bz2) = 0aad2cf08d03ad9e809d86521eac8f3f31398a1d
-RMD160 (exim-4.77.tar.bz2) = b70ced4c6323ccc167db68f3a7d30163287b2240
-Size (exim-4.77.tar.bz2) = 1576148 bytes
-SHA1 (patch-aa) = 5b9b5f459151912b936bf91d393072b872d48d5c
-SHA1 (patch-ab) = ffb9fb28e4e5548777db31b3de34673a08a1c0fa
-SHA1 (patch-ac) = 84bb4c01868fc28b7b00bcd9aacab0dddf4c01c8
-SHA1 (patch-ae) = 4a9d2fde403cfd6386742b31f062e7801ef081b9
-SHA1 (patch-ag) = 8512795060ad913f4699c277867fd24e7a785519
+SHA1 (exim-4.80.tar.bz2) = ba9b78b9dfab48f45409ab7c1c94ad085347899d
+RMD160 (exim-4.80.tar.bz2) = d81fd5ec876b27faef46dff7aba7804e16af986b
+Size (exim-4.80.tar.bz2) = 1649827 bytes
+SHA1 (patch-aa) = 24a12631b7df17930349b8a0d03adc80d27efbe2
+SHA1 (patch-ab) = 6af17f036ed02a3bc37c1f303269eea447fcb691
+SHA1 (patch-ae) = 7daf63727e222bbaa7e5b8289c4fcb6a8c0272cf
+SHA1 (patch-ag) = dd93bb718c996f18b4e985806eb6d4ff5f25a67f
diff --git a/mail/exim/patches/patch-aa b/mail/exim/patches/patch-aa
index 20d4ce8f1af..0c65753d9e5 100644
--- a/mail/exim/patches/patch-aa
+++ b/mail/exim/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
+$NetBSD: patch-aa,v 1.23 2012/06/11 11:41:25 adam Exp $
---- Local/Makefile.pkgsrc.orig 2011-05-09 13:16:39.000000000 +0000
+--- Local/Makefile.pkgsrc.orig 2012-06-11 11:27:45.000000000 +0000
+++ Local/Makefile.pkgsrc
-@@ -100,7 +100,7 @@
+@@ -98,7 +98,7 @@
# /usr/local/sbin. The installation script will try to create this directory,
# and any superior directories, if they do not exist.
@@ -11,7 +11,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
#------------------------------------------------------------------------------
-@@ -116,7 +116,7 @@ BIN_DIRECTORY=/usr/exim/bin
+@@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin
# don't exist. It will also install a default runtime configuration if this
# file does not exist.
@@ -20,7 +20,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
# In this case, Exim will use the first of them that exists when it is run.
-@@ -133,7 +133,7 @@ CONFIGURE_FILE=/usr/exim/configure
+@@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure
# deliveries. (Local deliveries run as various non-root users, typically as the
# owner of a local mailbox.) Specifying these values as root is not supported.
@@ -29,7 +29,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
# If you specify EXIM_USER as a name, this is looked up at build time, and the
# uid number is built into the binary. However, you can specify that this
-@@ -154,7 +154,7 @@ EXIM_USER=
+@@ -152,7 +152,7 @@ EXIM_USER=
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
# you want to use a group other than the default group for the given user.
@@ -38,7 +38,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
# Many sites define a user called "exim", with an appropriate default group,
# and use
-@@ -175,7 +175,7 @@ EXIM_USER=
+@@ -173,7 +173,7 @@ EXIM_USER=
# Almost all installations choose this:
@@ -47,7 +47,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
-@@ -357,7 +357,7 @@ PCRE_LIBS=-lpcre
+@@ -373,7 +373,7 @@ PCRE_CONFIG=yes
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
# local OS-specific make files.
@@ -56,7 +56,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
#------------------------------------------------------------------------------
-@@ -552,11 +552,11 @@ FIXED_NEVER_USERS=root
+@@ -578,15 +578,15 @@ FIXED_NEVER_USERS=root
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
@@ -64,6 +64,10 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
+AUTH_CRAM_MD5=yes
# AUTH_CYRUS_SASL=yes
# AUTH_DOVECOT=yes
+ # AUTH_GSASL=yes
+ # AUTH_GSASL_PC=libgsasl
+ # AUTH_HEIMDAL_GSSAPI=yes
+ # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
-# AUTH_PLAINTEXT=yes
-# AUTH_SPA=yes
+AUTH_PLAINTEXT=yes
@@ -71,7 +75,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
#------------------------------------------------------------------------------
-@@ -722,7 +722,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -764,7 +764,7 @@ HEADERS_CHARSET="ISO-8859-1"
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this:
@@ -80,7 +84,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
-@@ -970,13 +970,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1016,13 +1016,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
@@ -101,7 +105,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
#------------------------------------------------------------------------------
-@@ -1170,7 +1170,7 @@ TMPDIR="/tmp"
+@@ -1222,7 +1222,7 @@ TMPDIR="/tmp"
# (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this:
@@ -110,7 +114,7 @@ $NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
-@@ -1222,3 +1222,10 @@ TMPDIR="/tmp"
+@@ -1294,3 +1294,10 @@ TMPDIR="/tmp"
# ENABLE_DISABLE_FSYNC=yes
# End of EDITME for Exim 4.
diff --git a/mail/exim/patches/patch-ab b/mail/exim/patches/patch-ab
index a7a8486ecc0..e35047d778b 100644
--- a/mail/exim/patches/patch-ab
+++ b/mail/exim/patches/patch-ab
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.15 2010/11/08 13:59:11 adam Exp $
+$NetBSD: patch-ab,v 1.16 2012/06/11 11:41:25 adam Exp $
---- OS/Makefile-Default.orig 2009-10-16 07:30:54.000000000 +0000
+--- OS/Makefile-Default.orig 2012-05-31 00:40:15.000000000 +0000
+++ OS/Makefile-Default
-@@ -73,7 +73,7 @@ PERL_COMMAND=/usr/bin/perl
+@@ -71,7 +71,7 @@ PERL_COMMAND=/usr/bin/perl
# CC contains the name of the C compiler to be used.
@@ -11,7 +11,7 @@ $NetBSD: patch-ab,v 1.15 2010/11/08 13:59:11 adam Exp $
# CFLAGS contains flags to be passed to the compiler. Nothing is defaulted
-@@ -86,7 +86,7 @@ CC=gcc
+@@ -84,7 +84,7 @@ CC=gcc
# here; instead each OS-dependent Makefile contains a default setting if one
# is needed.
diff --git a/mail/exim/patches/patch-ac b/mail/exim/patches/patch-ac
deleted file mode 100644
index 3f4a036a1b7..00000000000
--- a/mail/exim/patches/patch-ac
+++ /dev/null
@@ -1,103 +0,0 @@
-$NetBSD: patch-ac,v 1.15 2011/05/09 13:30:47 adam Exp $
-
---- src/dns.c.orig 2011-05-09 08:36:25.000000000 +0000
-+++ src/dns.c
-@@ -168,26 +168,39 @@ Returns: nothing
- void
- dns_init(BOOL qualify_single, BOOL search_parents)
- {
--if ((_res.options & RES_INIT) == 0)
-+struct __res_state *rs;
-+#ifdef __NetBSD__
-+rs = __res_get_state();
-+#else
-+rs = &_res;
-+#endif
-+
-+if ((rs->options & RES_INIT) == 0)
- {
-- DEBUG(D_resolver) _res.options |= RES_DEBUG; /* For Cygwin */
-+ DEBUG(D_resolver) rs->options |= RES_DEBUG; /* For Cygwin */
-+ #ifdef __NetBSD__
-+ __res_put_state(rs);
-+ #endif
- res_init();
-- DEBUG(D_resolver) _res.options |= RES_DEBUG;
-+ DEBUG(D_resolver) rs->options |= RES_DEBUG;
-+ #ifdef __NetBSD__
-+ __res_put_state(rs);
-+ #endif
- }
-
--_res.options &= ~(RES_DNSRCH | RES_DEFNAMES);
--_res.options |= (qualify_single? RES_DEFNAMES : 0) |
-+rs->options &= ~(RES_DNSRCH | RES_DEFNAMES);
-+rs->options |= (qualify_single? RES_DEFNAMES : 0) |
- (search_parents? RES_DNSRCH : 0);
--if (dns_retrans > 0) _res.retrans = dns_retrans;
--if (dns_retry > 0) _res.retry = dns_retry;
-+if (dns_retrans > 0) rs->retrans = dns_retrans;
-+if (dns_retry > 0) rs->retry = dns_retry;
-
- #ifdef RES_USE_EDNS0
- if (dns_use_edns0 >= 0)
- {
- if (dns_use_edns0)
-- _res.options |= RES_USE_EDNS0;
-+ rs->options |= RES_USE_EDNS0;
- else
-- _res.options &= ~RES_USE_EDNS0;
-+ rs->options &= ~RES_USE_EDNS0;
- DEBUG(D_resolver)
- debug_printf("Coerced resolver EDNS0 support %s.\n",
- dns_use_edns0 ? "on" : "off");
-@@ -198,6 +211,10 @@ if (dns_use_edns0 >= 0)
- debug_printf("Unable to %sset EDNS0 without resolver support.\n",
- dns_use_edns0 ? "" : "un");
- #endif
-+
-+#ifdef __NetBSD__
-+__res_put_state(rs);
-+#endif
- }
-
-
-@@ -442,9 +459,15 @@ Returns: the return code
- static int
- dns_return(uschar *name, int type, int rc)
- {
-+struct __res_state *rs;
-+#ifdef __NetBSD__
-+rs = __res_get_state();
-+#else
-+rs = &_res;
-+#endif
- tree_node *node = store_get_perm(sizeof(tree_node) + 290);
- sprintf(CS node->name, "%.255s-%s-%lx", name, dns_text_type(type),
-- _res.options);
-+ rs->options);
- node->data.val = rc;
- (void)tree_insertnode(&tree_dns_fails, node);
- return rc;
-@@ -484,6 +507,12 @@ dns_basic_lookup(dns_answer *dnsa, uscha
- int rc = -1;
- uschar *save;
- #endif
-+struct __res_state *rs;
-+#ifdef __NetBSD__
-+rs = __res_get_state();
-+#else
-+rs = &_res;
-+#endif
-
- tree_node *previous;
- uschar node_name[290];
-@@ -494,7 +523,7 @@ have many addresses in the same domain.
- caching for successful lookups. */
-
- sprintf(CS node_name, "%.255s-%s-%lx", name, dns_text_type(type),
-- _res.options);
-+ rs->options);
- previous = tree_search(tree_dns_fails, node_name);
- if (previous != NULL)
- {
diff --git a/mail/exim/patches/patch-ae b/mail/exim/patches/patch-ae
index 8ef6eeb2352..d70cd07bd31 100644
--- a/mail/exim/patches/patch-ae
+++ b/mail/exim/patches/patch-ae
@@ -1,8 +1,8 @@
-$NetBSD: patch-ae,v 1.11 2010/01/31 21:06:29 heinz Exp $
+$NetBSD: patch-ae,v 1.12 2012/06/11 11:41:25 adam Exp $
---- scripts/exim_install.orig 2009-10-30 16:14:04.000000000 +0100
+--- scripts/exim_install.orig 2012-05-31 00:40:15.000000000 +0000
+++ scripts/exim_install
-@@ -84,6 +84,8 @@ if [ "${SYSTEM_ALIASES_FILE}" = "" ] ; t
+@@ -83,6 +83,8 @@ if [ "${SYSTEM_ALIASES_FILE}" = "" ] ; t
SYSTEM_ALIASES_FILE=/etc/aliases
fi
@@ -11,7 +11,7 @@ $NetBSD: patch-ae,v 1.11 2010/01/31 21:06:29 heinz Exp $
# Allow INST_xx to over-ride xx
case "$INST_BIN_DIRECTORY" in ?*) BIN_DIRECTORY="$INST_BIN_DIRECTORY";; esac
case "$INST_CONFIGURE_FILE" in ?*) CONFIGURE_FILE="$INST_CONFIGURE_FILE";; esac
-@@ -220,6 +222,9 @@ while [ $# -gt 0 ]; do
+@@ -219,6 +221,9 @@ while [ $# -gt 0 ]; do
if [ $name = exim${EXE} ]; then
version=exim-`./exim -bV -C /dev/null | \
awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE}
@@ -21,7 +21,7 @@ $NetBSD: patch-ae,v 1.11 2010/01/31 21:06:29 heinz Exp $
if [ "${version}" = "exim-${EXE}" ]; then
echo $com ""
-@@ -415,15 +420,8 @@ elif [ ! -f ${CONFIGURE_FILE} ]; then
+@@ -414,15 +419,8 @@ elif [ ! -f ${CONFIGURE_FILE} ]; then
echo $com "*** Exim installation ${ver}failed ***"
exit 1
fi
diff --git a/mail/exim/patches/patch-ag b/mail/exim/patches/patch-ag
index cf2cd59591e..d1bbc6f0201 100644
--- a/mail/exim/patches/patch-ag
+++ b/mail/exim/patches/patch-ag
@@ -1,8 +1,8 @@
-$NetBSD: patch-ag,v 1.6 2006/08/08 15:24:01 abs Exp $
+$NetBSD: patch-ag,v 1.7 2012/06/11 11:41:25 adam Exp $
--- src/spam.h.orig 2006-04-28 11:32:23.000000000 +0100
+++ src/spam.h
-@@ -12,7 +12,7 @@
+@@ -10,7 +10,7 @@
#ifdef WITH_CONTENT_SCAN
/* timeout for reading and writing spamd */