On 4/15/26 12:26 PM, Stuart Henderson wrote:
> Since we're coming up to release (where we have to maintain it for
> another 6 months), I thought I'd revisit this. History of security
> issues + setuid root is a terrible combo.
> 
> Are there any strong reasons to keep exim in ports?
> 
> If not, ok to remove?
> 
ok for me.
  Giovanni

> 
> ----- Forwarded message from Stuart Henderson <stu@spacehopper.org> -----
> 
> From: Stuart Henderson <stu@spacehopper.org>
> Date: Mon, 19 Aug 2024 15:13:40 +0100
> Subject: Re: exim SIGSEGV on TLS connections on latest amd64 snapshot
> 
> On 2024/08/19 15:26, Theo Buehler wrote:
> <snip>
>> While it is impossible to be sure where exactly the bug lies, it sure
>> looks as if exim had another pretty bad bug in a release. The diff
>> doesn't show much information since it's mostly pointless churn.
>>
>> I think it is about time to seriously consider removing exim from the
>> ports tree for good.
> 
> That would be OK with me. Of course people can still fetch from the
> Attic and build themselves if they really need it, but the extra
> steps needed for that (+ OS updates) will increase the motivation
> to port the config across to another MTA.
> <snip>
> 
> 
> ----- End forwarded message -----
> 
> 
> ---------------------
> PatchSet 215
> Date: 2025/12/18 21:39:26
> Author: tb
> Branch: HEAD
> Tag: (none)
> Log:
> Security update to exim 4.99.1 from maintainer
> 
> 1. Incomplete SQL injection fix - CVE-2025-26794's patch doesn't escape single quotes
> 2. Heap buffer overflow - Unvalidated database field used as array bound (NEW)
> https://code.exim.org/exim/exim/src/commit/d46a6727798fc48d1756190a6d46d19216348c25/doc/doc-txt/exim-security-2025-12-09.1/report.txt
> 
> Is it finally time to take this behind the barn?
> 
> Members:
> 	Makefile:1.156->1.157
> 	distinfo:1.52->1.53
> 
> ---------------------
>