Download raw body.
I already proposed it during last release I think. OK to remove renaud@ On 4/15/26 12:26 PM, Stuart Henderson wrote: > Since we're coming up to release (where we have to maintain it for > another 6 months), I thought I'd revisit this. History of security > issues + setuid root is a terrible combo. > > Are there any strong reasons to keep exim in ports? > > If not, ok to remove? > > > ----- Forwarded message from Stuart Henderson <stu@spacehopper.org> ----- > > From: Stuart Henderson <stu@spacehopper.org> > Date: Mon, 19 Aug 2024 15:13:40 +0100 > Subject: Re: exim SIGSEGV on TLS connections on latest amd64 snapshot > > On 2024/08/19 15:26, Theo Buehler wrote: > <snip> >> While it is impossible to be sure where exactly the bug lies, it sure >> looks as if exim had another pretty bad bug in a release. The diff >> doesn't show much information since it's mostly pointless churn. >> >> I think it is about time to seriously consider removing exim from the >> ports tree for good. > > That would be OK with me. Of course people can still fetch from the > Attic and build themselves if they really need it, but the extra > steps needed for that (+ OS updates) will increase the motivation > to port the config across to another MTA. > <snip> > > > ----- End forwarded message ----- > > > --------------------- > PatchSet 215 > Date: 2025/12/18 21:39:26 > Author: tb > Branch: HEAD > Tag: (none) > Log: > Security update to exim 4.99.1 from maintainer > > 1. Incomplete SQL injection fix - CVE-2025-26794's patch doesn't escape single quotes > 2. Heap buffer overflow - Unvalidated database field used as array bound (NEW) > https://code.exim.org/exim/exim/src/commit/d46a6727798fc48d1756190a6d46d19216348c25/doc/doc-txt/exim-security-2025-12-09.1/report.txt > > Is it finally time to take this behind the barn? > > Members: > Makefile:1.156->1.157 > distinfo:1.52->1.53 > > ---------------------