summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoradam <adam@pkgsrc.org>2019-12-09 18:46:00 +0000
committeradam <adam@pkgsrc.org>2019-12-09 18:46:00 +0000
commita5eb031b0930fa84bb72b61da50a52545590a570 (patch)
tree2e082c7a0ee35bb4d18d33c1e3f0b2c3e85b6ce9
parent42a27a352c2d61c1053115de04d90b0d83c18b6e (diff)
downloadpkgsrc-a5eb031b0930fa84bb72b61da50a52545590a570.tar.gz
exim: updated to 4.93
Exim version 4.93 ----------------- JH/01 OpenSSL: With debug enabled output keying information sufficient, server side, to decode a TLS 1.3 packet capture. JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets. Previously the default library behaviour applied, sending two, each in its own TCP segment. JH/03 Debug output for ACL now gives the config file name and line number for each verb. JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause. JH/05 DKIM: ensure that dkim_domain elements are lowercased before use. JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible buffer overrun for (non-chunking) other transports. JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under TLS1.3, means that a server rejecting a client certificate is not visible to the client until the first read of encrypted data (typically the response to EHLO). Add detection for that case and treat it as a failed TLS connection attempt, so that the normal retry-in-clear can work (if suitably configured). JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part and/or domain. Found and fixed by Jason Betts. JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid configuration). If a CNAME target was not a wellformed name pattern, a crash could result. JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when the OS reports them interleaved with other addresses. JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was used both for input and for a verify callout, both encrypted, SMTP responses being sent by the server could be lost. This resulted in dropped connections and sometimes bounces generated by a peer sending to this system. JH/11 Harden plaintext authenticator against a badly misconfigured client-send string. Previously it was possible to cause undefined behaviour in a library routine (usually a crash). Found by "zerons". JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no output. JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old API was removed, so update to use the newer ones. JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without any timeout set, is taking a long time. Previously we would hang on to a rotated logfile "forever" if the input was arriving with long gaps (a previous attempt to fix addressed lack, for a long time, of initial input). HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. The length of the tempfile name is now 4 + 16 ("hdr.$message_exim_id") which might break on file systems which restrict the file name length to lower values. (It was "hdr.$pid".) HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors on some platforms for bit 31. JH/16 GnuTLS: rework ciphersuite strings under recent library versions. Thanks to changes apparently associated with TLS1.3 handling some of the APIs previously used were either nonfunctional or inappropriate. Strings like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256 and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 . This affects log line X= elements, the $tls_{in,out}_cipher variables, and the use of specific cipher names in the encrypted= ACL condition. JH/17 OpenSSL: the default openssl_options now disables ssl_v3. JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the verification result was not updated unless hosts_require_ocsp applied. JH/19 Bug 2398: fix listing of a named-queue. Previously, even with the option queue_list_requires_admin set to false, non-admin users were denied the facility. JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in directory-of-certs mode. Previously they were advertised despite the documentation. JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default. A single TCP connection by a client will now hold a TLS connection open for multiple message deliveries, by default. Previoud the default was to not do so. JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by default. If built with the facility, DANE will be used. The facility SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME". JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define is replaced with DISABLE_TLS. Either USE_GNUTLS or (the new) USE_OPENSSL must be defined and you must still, unless you define DISABLE_TLS, manage the the include-dir and library-file requirements that go with that choice. Non-TLS builds are still supported. JH/24 Fix duplicated logging of peer name/address, on a transport connection- reject under TFO. JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by default. If the platform supports and has the facility enabled, it will be requested on all coneections. JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now controlled by the build-time option SUPPORT_PIPE_CONNECT. PP/01 Unbreak heimdal_gssapi, broken in 4.92. JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for success-DSN messages. Previously the From: header was always the default one for these; the option was ignored. JH/28 Fix the timeout on smtp response to apply to the whole response. Previously it was reset for every read, so a teergrubing peer sending single bytes within the time limit could extend the connection for a long time. Credit to Qualsys Security Advisory Team for the discovery. JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing delivery address, which leaked information of the results of local forwarding. Change to the original envelope recipient address, per standards. JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is requested. Previously not bounce was generated and a log entry of error ignored was made. JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917) JH/32 Introduce a general tainting mechanism for values read from the input channel, and values derived from them. Refuse to expand any tainted values, to catch one form of exploit. JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result was unused and the unexpanded text used for the test. Found and fixed by Ruben Jenster. JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open, an attempt to use a TLS library read routine dereffed a nul pointer, causing a segfault. JH/35 Bug 2409: filter out-of-spec chars from callout response before using them in our smtp response. JH/36 Have the general router option retry_use_local_part default to true when any of the restrictive preconditions are set (to anything). Previously it was only for check_local user. The change removes one item of manual configuration which is required for proper retries when a remote router handles a subset of addresses for a domain. JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file link count into consideration. HS/04 Fix handling of very log lines in -H files. If a -<key> <value> line caused the extension of big_buffer, the following lines were ignored. JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in accordance with RFC 2308. Previously there was no expiry, so a longlived receive process (eg. due to ACL delays) versus a short SOA value could surprise. HS/05 Handle trailing backslash gracefully. (CVE-2019-15846) JH/39 Promote DMARC support to mainline. JH/40 Bug 2452: Add a References: header to DSNs. JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman parameters. The relevant library call is documented as "Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since 3.6.0, DH parameters are negotiated following RFC7919." HS/06 Change the default of dnssec_request_domains to "*" JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected. Previously we carried on and emitted a BDAT command, even when PIPELINING was not active. JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted buffer was used for the filename, resulting in a trap when tainted arguments (eg. $domain) were used. JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below; recommended to avoid a possible server-load attack. The feature can be re-enabled via the openssl_options main cofiguration option. JH/45 local_scan API: documented the current smtp_printf() call. This changed for version 4.90 - adding a "more data" boolean to the arguments. Bumped the ABI version number also, this having been missed previously; release versions 4.90 to 4.92.3 inclusive were effectively broken in respect of usage of smtp_printf() by either local_scan code or libraries accessed via the ${dlfunc } expansion item. Both will need coding adjustment for any calls to smtp_printf() to match the new function signature; a FALSE value for the new argument is always safe. JH/46 FreeBSD: fix use of the sendfile() syscall. The shim was not updating the file-offset (which the Linux syscall does, and exim expects); this resulted in an indefinite loop. JH/47 ARC: fix crash in signing, triggered when a configuration error failed to do ARC verification. The Authentication-Results: header line added by the configuration then had no ARC item.
-rw-r--r--mail/exim-html/Makefile4
-rw-r--r--mail/exim-html/PLIST9
-rw-r--r--mail/exim-html/distinfo10
-rw-r--r--mail/exim/Makefile4
-rw-r--r--mail/exim/distinfo12
-rw-r--r--mail/exim/options.mk3
-rw-r--r--mail/exim/patches/patch-Local_Makefile.pkgsrc46
7 files changed, 44 insertions, 44 deletions
diff --git a/mail/exim-html/Makefile b/mail/exim-html/Makefile
index 20404d8dfe6..3ed8f4e9255 100644
--- a/mail/exim-html/Makefile
+++ b/mail/exim-html/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.40 2019/09/30 19:25:58 wiedi Exp $
+# $NetBSD: Makefile,v 1.41 2019/12/09 18:46:01 adam Exp $
-DISTNAME= exim-html-4.92.3
+DISTNAME= exim-html-4.93
CATEGORIES= mail net
MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/
MASTER_SITES+= ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/
diff --git a/mail/exim-html/PLIST b/mail/exim-html/PLIST
index bd46611f861..d2f99e51066 100644
--- a/mail/exim-html/PLIST
+++ b/mail/exim-html/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.21 2019/09/30 19:25:58 wiedi Exp $
+@comment $NetBSD: PLIST,v 1.22 2019/12/09 18:46:01 adam Exp $
share/doc/exim/html/spec_html/ch-access_control_lists.html
share/doc/exim/html/spec_html/ch-adding_a_local_scan_function_to_exim.html
share/doc/exim/html/spec_html/ch-adding_new_drivers_or_lookup_types.html
@@ -8,7 +8,7 @@ share/doc/exim/html/spec_html/ch-building_and_installing_exim.html
share/doc/exim/html/spec_html/ch-concept_index.html
share/doc/exim/html/spec_html/ch-content_scanning_at_acl_time.html
share/doc/exim/html/spec_html/ch-customizing_bounce_and_warning_messages.html
-share/doc/exim/html/spec_html/ch-dkim_and_spf.html
+share/doc/exim/html/spec_html/ch-dkim_spf_and_dmarc.html
share/doc/exim/html/spec_html/ch-domain_host_address_and_local_part_lists.html
share/doc/exim/html/spec_html/ch-embedded_perl.html
share/doc/exim/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html
@@ -48,6 +48,7 @@ share/doc/exim/html/spec_html/ch-the_dovecot_authenticator.html
share/doc/exim/html/spec_html/ch-the_exim_command_line.html
share/doc/exim/html/spec_html/ch-the_exim_monitor.html
share/doc/exim/html/spec_html/ch-the_exim_runtime_configuration_file.html
+share/doc/exim/html/spec_html/ch-the_external_authenticator.html
share/doc/exim/html/spec_html/ch-the_gsasl_authenticator.html
share/doc/exim/html/spec_html/ch-the_heimdalgssapi_authenticator.html
share/doc/exim/html/spec_html/ch-the_ipliteral_router.html
@@ -127,6 +128,7 @@ share/doc/exim/html/spec_html/ch61.html
share/doc/exim/html/spec_html/ch62.html
share/doc/exim/html/spec_html/ch63.html
share/doc/exim/html/spec_html/ch64.html
+share/doc/exim/html/spec_html/ch65.html
share/doc/exim/html/spec_html/filter.html
share/doc/exim/html/spec_html/filter_ch-exim_filter_files.html
share/doc/exim/html/spec_html/filter_ch-forwarding_and_filtering_in_exim.html
@@ -156,3 +158,6 @@ share/doc/exim/html/static/doc/security/CVE-2019-13917.txt
share/doc/exim/html/static/doc/security/CVE-2019-15846.txt
share/doc/exim/html/static/doc/security/CVE-2019-16928.txt
share/doc/exim/html/static/js/common.js
+share/doc/exim/html/static/keys/hs@schlittermann.de.asc
+share/doc/exim/html/static/keys/jgh@wizmail.org.asc
+share/doc/exim/html/static/keys/phil.pennock@spodhuis.org.asc
diff --git a/mail/exim-html/distinfo b/mail/exim-html/distinfo
index bfc851e9d35..7b1787db3d3 100644
--- a/mail/exim-html/distinfo
+++ b/mail/exim-html/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.33 2019/09/30 19:25:58 wiedi Exp $
+$NetBSD: distinfo,v 1.34 2019/12/09 18:46:01 adam Exp $
-SHA1 (exim-html-4.92.3.tar.xz) = 489027cf9c444b33e67e791b12a37ea6a4a03897
-RMD160 (exim-html-4.92.3.tar.xz) = 87f0d44cb58d9fe8f57c05d6199087fe26160ddc
-SHA512 (exim-html-4.92.3.tar.xz) = 8c8888b132820e03bcfd71a875d5a16f71411b56594ea9cb6d4e86ae495cd323b3c1c15d39d5997e248922edbaf1999b2f0eb6444ea62d76b7b0b834223758f0
-Size (exim-html-4.92.3.tar.xz) = 494692 bytes
+SHA1 (exim-html-4.93.tar.xz) = 2bb7a3c37f53114b81425a6a60179811c1afe5ba
+RMD160 (exim-html-4.93.tar.xz) = d4796d9137d9e0fa3e7cc3b1097daf0288c087d1
+SHA512 (exim-html-4.93.tar.xz) = 0dfd9249bc9853214847892bc068d04f20ab1b1613b038806cd5fb241f1597b6a94ccf0670d79560e352593fd075f9de04d5234b1ae26af479b5ca3dd09c86c4
+Size (exim-html-4.93.tar.xz) = 562424 bytes
diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index b29a42994de..90e931632af 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.171 2019/09/30 19:25:58 wiedi Exp $
+# $NetBSD: Makefile,v 1.172 2019/12/09 18:46:00 adam Exp $
-DISTNAME= exim-4.92.3
+DISTNAME= exim-4.93
CATEGORIES= mail net
MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/
MASTER_SITES+= https://ftp.exim.org/pub/exim/exim4/
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index a3c7e75b995..f04daaece7d 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.73 2019/09/30 19:25:58 wiedi Exp $
+$NetBSD: distinfo,v 1.74 2019/12/09 18:46:00 adam Exp $
-SHA1 (exim-4.92.3.tar.xz) = 60651ccbd4098a194914e06b71764c21a201a140
-RMD160 (exim-4.92.3.tar.xz) = c174866102dbe6b5585412ca4a16d08ca2d0d50d
-SHA512 (exim-4.92.3.tar.xz) = ca6d6f50653502345511b683859b33aa02faa48454fb2100ff89fed3dcb8af8933e7bce68939365fdee42f96eec0c3b135cf748f4581e92a62be0f0ab093868a
-Size (exim-4.92.3.tar.xz) = 1773156 bytes
-SHA1 (patch-Local_Makefile.pkgsrc) = de19076443c4d89a7ead97a0cabdec9bb784dd9f
+SHA1 (exim-4.93.tar.xz) = 1fd4eeefacbb51648f578b91f49561b29e5679cc
+RMD160 (exim-4.93.tar.xz) = aeee8a593c1866f4816946772a3ecba7b4e43496
+SHA512 (exim-4.93.tar.xz) = 556c7fe75042739c3e92346b96c40960680fe2838589add5fad1f69f18600dd9ed128f367627c812051b3a3a1a64e740488d5ce8c198bf87b59fa84ab8a0eb5b
+Size (exim-4.93.tar.xz) = 1803660 bytes
+SHA1 (patch-Local_Makefile.pkgsrc) = 7d6971cfe6f6fecf854926e90460b1a8bcd6a79d
SHA1 (patch-OS_Makefile-Default) = 6af17f036ed02a3bc37c1f303269eea447fcb691
SHA1 (patch-lookups_Makefile) = cfc40dba3f75ef37b9887f7767139ad50cf9d4e5
SHA1 (patch-scripts_exim__install) = aa0a31e77d5f76e33bc92140c14d39c79f710b95
diff --git a/mail/exim/options.mk b/mail/exim/options.mk
index 8d03837f32c..52b086e4bf2 100644
--- a/mail/exim/options.mk
+++ b/mail/exim/options.mk
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.24 2019/11/02 16:25:20 rillig Exp $
+# $NetBSD: options.mk,v 1.25 2019/12/09 18:46:00 adam Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.exim
PKG_SUPPORTED_OPTIONS= exim-appendfile-maildir exim-appendfile-mailstore
@@ -110,6 +110,7 @@ LOOKUP_LIBS+=-lwrap
.if !empty(PKG_OPTIONS:Mexim-tls)
LOCAL_MAKEFILE_OPTIONS+=SUPPORT_TLS=yes
+LOCAL_MAKEFILE_OPTIONS+=USE_OPENSSL=yes
LOOKUP_LIBS+=-lssl -lcrypto
. include "../../security/openssl/buildlink3.mk"
.endif
diff --git a/mail/exim/patches/patch-Local_Makefile.pkgsrc b/mail/exim/patches/patch-Local_Makefile.pkgsrc
index 62341c84ca7..e42ad10610f 100644
--- a/mail/exim/patches/patch-Local_Makefile.pkgsrc
+++ b/mail/exim/patches/patch-Local_Makefile.pkgsrc
@@ -1,8 +1,8 @@
-$NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
+$NetBSD: patch-Local_Makefile.pkgsrc,v 1.2 2019/12/09 18:46:00 adam Exp $
---- Local/Makefile.pkgsrc.orig 2017-03-18 06:47:43.000000000 +0000
+--- Local/Makefile.pkgsrc.orig 2019-12-09 08:46:14.000000000 +0000
+++ Local/Makefile.pkgsrc
-@@ -98,7 +98,7 @@
+@@ -100,7 +100,7 @@
# /usr/local/sbin. The installation script will try to create this directory,
# and any superior directories, if they do not exist.
@@ -11,7 +11,7 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
#------------------------------------------------------------------------------
-@@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin
+@@ -116,7 +116,7 @@ BIN_DIRECTORY=/usr/exim/bin
# don't exist. It will also install a default runtime configuration if this
# file does not exist.
@@ -20,7 +20,7 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
# In this case, Exim will use the first of them that exists when it is run.
-@@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure
+@@ -133,7 +133,7 @@ CONFIGURE_FILE=/usr/exim/configure
# deliveries. (Local deliveries run as various non-root users, typically as the
# owner of a local mailbox.) Specifying these values as root is not supported.
@@ -29,7 +29,7 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
# If you specify EXIM_USER as a name, this is looked up at build time, and the
# uid number is built into the binary. However, you can specify that this
-@@ -152,7 +152,7 @@ EXIM_USER=
+@@ -154,7 +154,7 @@ EXIM_USER=
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
# you want to use a group other than the default group for the given user.
@@ -38,7 +38,7 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
# Many sites define a user called "exim", with an appropriate default group,
# and use
-@@ -173,7 +173,7 @@ EXIM_USER=
+@@ -175,7 +175,7 @@ EXIM_USER=
# Almost all installations choose this:
@@ -47,16 +47,7 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
-@@ -380,7 +380,7 @@ PCRE_CONFIG=yes
- # files are defaulted in the OS/Makefile-Default file, but can be overridden in
- # local OS-specific make files.
-
--EXIM_MONITOR=eximon.bin
-+# EXIM_MONITOR=eximon.bin
-
-
- #------------------------------------------------------------------------------
-@@ -622,7 +622,7 @@ FIXED_NEVER_USERS=root
+@@ -752,7 +752,7 @@ FIXED_NEVER_USERS=root
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
@@ -64,8 +55,8 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
+AUTH_CRAM_MD5=yes
# AUTH_CYRUS_SASL=yes
# AUTH_DOVECOT=yes
- # AUTH_GSASL=yes
-@@ -630,8 +630,8 @@ FIXED_NEVER_USERS=root
+ # AUTH_EXTERNAL=yes
+@@ -761,8 +761,8 @@ FIXED_NEVER_USERS=root
# AUTH_HEIMDAL_GSSAPI=yes
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
@@ -76,7 +67,7 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
# AUTH_TLS=yes
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
-@@ -831,7 +831,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -896,7 +896,7 @@ HEADERS_CHARSET="ISO-8859-1"
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this:
@@ -85,7 +76,7 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
-@@ -1119,13 +1119,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1201,13 +1201,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
@@ -106,7 +97,7 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
#------------------------------------------------------------------------------
-@@ -1327,7 +1327,7 @@ EXIM_TMPDIR="/tmp"
+@@ -1409,7 +1409,7 @@ EXIM_TMPDIR="/tmp"
# (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this:
@@ -115,14 +106,17 @@ $NetBSD: patch-Local_Makefile.pkgsrc,v 1.1 2017/03/18 07:08:23 adam Exp $
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
-@@ -1399,3 +1399,10 @@ EXIM_TMPDIR="/tmp"
- # ENABLE_DISABLE_FSYNC=yes
+@@ -1465,6 +1465,13 @@ EXIM_TMPDIR="/tmp"
+
+ # EXPAND_LISTMATCH_RHS=yes
- # End of EDITME for Exim 4.
-+
+EXTRALIBS_EXIM=-liconv
+
+@EXIM_USE_DB_CONFIG@
+@EXIM_DBMLIB@
+INCLUDE=@EXIM_INCLUDE@
+LOOKUP_LIBS=@LOOKUP_LIBS@
++
+ #------------------------------------------------------------------------------
+ # Disabling the use of fsync(): DO NOT UNCOMMENT THE FOLLOWING LINE unless you
+ # really, really, really know what you are doing. And even then, think again.