Download raw body.
On Thu, Apr 30, 2026 at 01:26:56PM +0100, Stuart Henderson wrote:
> From: Stuart Henderson <stu@spacehopper.org>
> To: renaud@openbsd.org
> Cc: ports@openbsd.org
> Subject: Re: exim
> Date: Thu, 30 Apr 2026 13:26:56 +0100
>
> Thoughts on a last update for 7.8-stable? (It is removed in -current/7.9
> so, unlike most changes in 7.8-stable at this time, this doesn't conflict
> with updating from 7.8 to 7.9).
>
> I also changed MESSAGE to add a note about removal.
>
It seems fine to me, the release is mostly CVE (2 don't apply to us).
But having the MESSAGE is the biggest win for me.
OK
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/exim/Attic/Makefile,v
> diff -u -p -r1.154 Makefile
> --- Makefile 22 Jul 2025 12:50:55 -0000 1.154
> +++ Makefile 30 Apr 2026 12:25:10 -0000
> @@ -1,8 +1,7 @@
> COMMENT-main = flexible mail transfer agent
> COMMENT-eximon = X11 monitor tool for Exim MTA
>
> -VERSION = 4.98.2
> -REVISION-main = 0
> +VERSION = 4.99.2
> DISTNAME = exim-${VERSION}
> PKGNAME-main = exim-${VERSION}
> FULLPKGNAME-eximon = exim-eximon-${VERSION}
> @@ -27,6 +26,10 @@ SITES = https://ftp.exim.org/pub/exim/
> ftp://ftp.exim.org/pub/exim/exim4/ \
> ftp://ftp.exim.org/pub/exim/exim4/fixes/ \
> ftp://ftp.exim.org/pub/exim/exim4/old/
> +
> +# needs C11 _Generic
> +COMPILER = base-clang ports-gcc
> +COMPILER_LANGS = c
>
> # only used for exim_id_update (which is run as part of the build,
> # ./exim_id_update -v 2>&1 >/dev/null)
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/mail/exim/Attic/distinfo,v
> diff -u -p -r1.51 distinfo
> --- distinfo 26 Mar 2025 14:22:49 -0000 1.51
> +++ distinfo 30 Apr 2026 12:25:10 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (exim-4.98.2.tar.gz) = BFAB/kcK4xLkApX0j3p2i6BhEMhlxxWU5GyCW0PZ1uA=
> -SIZE (exim-4.98.2.tar.gz) = 2655163
> +SHA256 (exim-4.99.2.tar.gz) = 6eM8jN6d3cEX6qtArlKe1wNTexThJXoGuYRgc4912oQ=
> +SIZE (exim-4.99.2.tar.gz) = 2696883
> Index: patches/patch-Local_Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/exim/patches/Attic/patch-Local_Makefile,v
> diff -u -p -r1.11 patch-Local_Makefile
> --- patches/patch-Local_Makefile 20 Aug 2024 19:53:09 -0000 1.11
> +++ patches/patch-Local_Makefile 30 Apr 2026 12:25:10 -0000
> @@ -1,7 +1,7 @@
> Index: Local/Makefile
> --- Local/Makefile.orig
> +++ Local/Makefile
> -@@ -103,7 +103,7 @@
> +@@ -104,7 +104,7 @@
> # /usr/local/sbin. The installation script will try to create this directory,
> # and any superior directories, if they do not exist.
>
> @@ -10,7 +10,7 @@ Index: Local/Makefile
>
>
> #------------------------------------------------------------------------------
> -@@ -119,7 +119,7 @@ BIN_DIRECTORY=/usr/exim/bin
> +@@ -120,7 +120,7 @@ BIN_DIRECTORY=/usr/exim/bin
> # don't exist. It will also install a default runtime configuration if this
> # file does not exist.
>
> @@ -19,7 +19,7 @@ Index: Local/Makefile
>
> # It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
> # In this case, Exim will use the first of them that exists when it is run.
> -@@ -136,7 +136,7 @@ CONFIGURE_FILE=/usr/exim/configure
> +@@ -137,7 +137,7 @@ CONFIGURE_FILE=/usr/exim/configure
> # deliveries. (Local deliveries run as various non-root users, typically as the
> # owner of a local mailbox.) Specifying these values as root is not supported.
>
> @@ -28,7 +28,7 @@ Index: Local/Makefile
>
> # If you specify EXIM_USER as a name, this is looked up at build time, and the
> # uid number is built into the binary. However, you can specify that this
> -@@ -214,11 +214,11 @@ SPOOL_DIRECTORY=/var/spool/exim
> +@@ -215,11 +215,11 @@ SPOOL_DIRECTORY=/var/spool/exim
> # If you are building with TLS, the library configuration must be done:
>
> # Uncomment this if you are using OpenSSL
> @@ -42,7 +42,7 @@ Index: Local/Makefile
> # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
>
> # Uncomment this if you are using GnuTLS
> -@@ -344,7 +344,7 @@ TRANSPORT_SMTP=yes
> +@@ -362,7 +362,7 @@ TRANSPORT_SMTP=yes
> # This one is special-purpose, and commonly not required, so it is not
> # included by default.
>
> @@ -51,7 +51,7 @@ Index: Local/Makefile
>
>
> #------------------------------------------------------------------------------
> -@@ -353,9 +353,9 @@ TRANSPORT_SMTP=yes
> +@@ -371,9 +371,9 @@ TRANSPORT_SMTP=yes
> # MBX, is included only when requested. If you do not know what this is about,
> # leave these settings commented out.
>
> @@ -64,7 +64,7 @@ Index: Local/Makefile
>
>
> #------------------------------------------------------------------------------
> -@@ -413,8 +413,8 @@ LOOKUP_DBM=yes
> +@@ -434,8 +434,8 @@ LOOKUP_DBM=yes
> LOOKUP_LSEARCH=yes
> LOOKUP_DNSDB=yes
>
> @@ -75,7 +75,7 @@ Index: Local/Makefile
> # LOOKUP_IBASE=yes
> # LOOKUP_JSON=yes
> # LOOKUP_LDAP=yes
> -@@ -422,10 +422,10 @@ LOOKUP_DNSDB=yes
> +@@ -443,10 +443,10 @@ LOOKUP_DNSDB=yes
>
> # LOOKUP_MYSQL=yes
> # LOOKUP_MYSQL_PC=mariadb
> @@ -88,7 +88,7 @@ Index: Local/Makefile
> # LOOKUP_PGSQL=yes
> # LOOKUP_REDIS=yes
> # LOOKUP_SQLITE=yes
> -@@ -525,7 +525,7 @@ SUPPORT_DANE=yes
> +@@ -583,7 +583,7 @@ SUPPORT_DANE=yes
> # and the MIME ACL. Please read the documentation to learn more about these
> # features.
>
> @@ -97,7 +97,7 @@ Index: Local/Makefile
>
> # If you have content scanning you may wish to only include some of the scanner
> # interfaces. Uncomment any of these lines to remove that code.
> -@@ -566,7 +566,7 @@ DISABLE_MAL_MKS=yes
> +@@ -628,7 +628,7 @@ DISABLE_MAL_MKS=yes
> # from Exim. Note it can only be supported when built with
> # GnuTLS 3.1.3 or later, or OpenSSL
>
> @@ -106,9 +106,9 @@ Index: Local/Makefile
>
> #------------------------------------------------------------------------------
> # By default, Exim has support for checking the AD bit in a DNS response, to
> -@@ -794,18 +794,18 @@ FIXED_NEVER_USERS=root
> - # included in the Exim binary. You will then need to set up the run time
> - # configuration to make use of the mechanism(s) selected.
> +@@ -879,18 +879,18 @@ FIXED_NEVER_USERS=root
> + # core exim build. This gets them linked with the module instead.
> + # The heimdal does build but we have no test coverage so it is not know to work.
>
> -# AUTH_CRAM_MD5=yes
> +AUTH_CRAM_MD5=yes
> @@ -129,7 +129,7 @@ Index: Local/Makefile
>
> # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
> # requires multiple pkg-config files to work with Exim, so the second example
> -@@ -852,7 +852,7 @@ HEADERS_CHARSET="ISO-8859-1"
> +@@ -937,7 +937,7 @@ HEADERS_CHARSET="ISO-8859-1"
> # the Sieve filter support. For those OS where iconv() is known to be installed
> # as standard, the file in OS/Makefile-xxxx contains
> #
> @@ -138,7 +138,7 @@ Index: Local/Makefile
> #
> # If you are not using one of those systems, but have installed iconv(), you
> # need to uncomment that line above. In some cases, you may find that iconv()
> -@@ -941,7 +941,7 @@ HEADERS_CHARSET="ISO-8859-1"
> +@@ -1026,7 +1026,7 @@ HEADERS_CHARSET="ISO-8859-1"
> # %s. This will be replaced by one of the strings "main", "panic", or "reject"
> # to form the final file names. Some installations may want something like this:
>
> @@ -147,16 +147,16 @@ Index: Local/Makefile
>
> # which results in files with names /var/log/exim_mainlog, etc. The directory
> # in which the log files are placed must exist; Exim does not try to create
> -@@ -1013,7 +1013,7 @@ ZCAT_COMMAND=/usr/bin/zcat
> - # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
> +@@ -1099,7 +1099,7 @@ ZCAT_COMMAND=/usr/bin/zcat
> # Perl costs quite a lot of resources. Only do this if you really need it.
> + #
>
> -# EXIM_PERL=perl.o
> +EXIM_PERL=perl.o
>
> -
> - #------------------------------------------------------------------------------
> -@@ -1141,7 +1141,7 @@ ZCAT_COMMAND=/usr/bin/zcat
> + # For a dynamic module build add also SUPPORT_PERL=2 and SUPPORT_PAM_(INCLUED,LIBS)
> + #SUPPORT_PERL=2
> +@@ -1246,7 +1246,7 @@ ZCAT_COMMAND=/usr/bin/zcat
> # group. Once you have installed saslauthd, you should arrange for it to be
> # started by root at boot time.
>
> @@ -165,7 +165,7 @@ Index: Local/Makefile
>
>
> #------------------------------------------------------------------------------
> -@@ -1189,7 +1189,7 @@ ZCAT_COMMAND=/usr/bin/zcat
> +@@ -1269,7 +1269,7 @@ ZCAT_COMMAND=/usr/bin/zcat
> # aliases). The following setting can be changed to specify a different
> # location for the system alias file.
>
> @@ -174,7 +174,7 @@ Index: Local/Makefile
>
>
> #------------------------------------------------------------------------------
> -@@ -1454,7 +1454,7 @@ EXIM_TMPDIR="/tmp"
> +@@ -1534,7 +1534,7 @@ EXIM_TMPDIR="/tmp"
> # (process id) to a file so that it can easily be identified. The path of the
> # file can be specified here. Some installations may want something like this:
>
> Index: patches/patch-src_tlscert-openssl_c
> ===================================================================
> RCS file: patches/patch-src_tlscert-openssl_c
> diff -N patches/patch-src_tlscert-openssl_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_tlscert-openssl_c 30 Apr 2026 12:25:10 -0000
> @@ -0,0 +1,12 @@
> +Index: src/tlscert-openssl.c
> +--- src/tlscert-openssl.c.orig
> ++++ src/tlscert-openssl.c
> +@@ -29,7 +29,7 @@ library. It is #included into the tls.c file when that
> + # endif
> + #endif
> +
> +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090000fL)
> + # define ASN1_STRING_get0_data ASN1_STRING_data
> + #endif
> +
> Index: pkg/MESSAGE-main
> ===================================================================
> RCS file: /cvs/ports/mail/exim/pkg/Attic/MESSAGE-main,v
> diff -u -p -r1.3 MESSAGE-main
> --- pkg/MESSAGE-main 13 Mar 2014 14:50:41 -0000 1.3
> +++ pkg/MESSAGE-main 30 Apr 2026 12:25:10 -0000
> @@ -1,7 +1,4 @@
> -To replace smtpd with exim, install a new mailer.conf using the
> -following command:
> -
> - ${PREFIX}/sbin/exim-enable
> +** NOTE: Exim will be removed from packages in OpenBSD 7.9 **
>
> If you want to restore smtpd, this is done using the following
> command: