From: Renaud Allard <renaud@allard.it>
Subject: [security] mail/exim 4.99.1
To: ports <ports@openbsd.org>
Date: Wed, 17 Dec 2025 17:14:27 +0100

Hello,

Here is a short diff for exim 4.99.1

This is a security release. It fixes CVE-2025-67896 (aka
EXIM-Security-2025-12-09.1), which was introduced with 4.99. Older Exim
versions may or may not be vulnerable and are not activly maintained
anymore by the Exim maintainers. (To the best of our knowledge, 4.98.1
should be safe.)

Configurations using SQlite for lookups and hintdb were vulnerable.
Details: 
https://code.exim.org/exim/exim/src/branch/exim-4.99+fixes/doc/doc-txt/exim-security-2025-12-09.1/report.txt

Best Regards
Index: Makefile
===================================================================
RCS file: /cvs/ports/mail/exim/Makefile,v
diff -u -p -r1.156 Makefile
--- Makefile	16 Dec 2025 15:48:27 -0000	1.156
+++ Makefile	17 Dec 2025 16:12:00 -0000
@@ -1,7 +1,7 @@
 COMMENT-main =		flexible mail transfer agent
 COMMENT-eximon =	X11 monitor tool for Exim MTA
 
-VERSION =		4.99
+VERSION =		4.99.1
 DISTNAME =		exim-${VERSION}
 PKGNAME-main =		exim-${VERSION}
 FULLPKGNAME-eximon =	exim-eximon-${VERSION}
Index: distinfo
===================================================================
RCS file: /cvs/ports/mail/exim/distinfo,v
diff -u -p -r1.52 distinfo
--- distinfo	26 Nov 2025 09:19:30 -0000	1.52
+++ distinfo	17 Dec 2025 16:12:00 -0000
@@ -1,2 +1,2 @@
-SHA256 (exim-4.99.tar.gz) = 5dURoxB7qkInHaA6jCz6BkxLak7APrEBHClXLbI2m8o=
-SIZE (exim-4.99.tar.gz) = 2664019
+SHA256 (exim-4.99.1.tar.gz) = btX9g2mGlKVFASBYYvJ6XFAAJW2J07gpW29QMMIYo7Q=
+SIZE (exim-4.99.1.tar.gz) = 2695661