From: renaud@openbsd.org Subject: Re: exim To: ports@openbsd.org Date: Thu, 30 Apr 2026 14:39:33 +0200 On Thu, Apr 30, 2026 at 01:26:56PM +0100, Stuart Henderson wrote: > From: Stuart Henderson > To: renaud@openbsd.org > Cc: ports@openbsd.org > Subject: Re: exim > Date: Thu, 30 Apr 2026 13:26:56 +0100 > > Thoughts on a last update for 7.8-stable? (It is removed in -current/7.9 > so, unlike most changes in 7.8-stable at this time, this doesn't conflict > with updating from 7.8 to 7.9). > > I also changed MESSAGE to add a note about removal. > It seems fine to me, the release is mostly CVE (2 don't apply to us). But having the MESSAGE is the biggest win for me. OK > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/mail/exim/Attic/Makefile,v > diff -u -p -r1.154 Makefile > --- Makefile 22 Jul 2025 12:50:55 -0000 1.154 > +++ Makefile 30 Apr 2026 12:25:10 -0000 > @@ -1,8 +1,7 @@ > COMMENT-main = flexible mail transfer agent > COMMENT-eximon = X11 monitor tool for Exim MTA > > -VERSION = 4.98.2 > -REVISION-main = 0 > +VERSION = 4.99.2 > DISTNAME = exim-${VERSION} > PKGNAME-main = exim-${VERSION} > FULLPKGNAME-eximon = exim-eximon-${VERSION} > @@ -27,6 +26,10 @@ SITES = https://ftp.exim.org/pub/exim/ > ftp://ftp.exim.org/pub/exim/exim4/ \ > ftp://ftp.exim.org/pub/exim/exim4/fixes/ \ > ftp://ftp.exim.org/pub/exim/exim4/old/ > + > +# needs C11 _Generic > +COMPILER = base-clang ports-gcc > +COMPILER_LANGS = c > > # only used for exim_id_update (which is run as part of the build, > # ./exim_id_update -v 2>&1 >/dev/null) > Index: distinfo > =================================================================== > RCS file: /cvs/ports/mail/exim/Attic/distinfo,v > diff -u -p -r1.51 distinfo > --- distinfo 26 Mar 2025 14:22:49 -0000 1.51 > +++ distinfo 30 Apr 2026 12:25:10 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (exim-4.98.2.tar.gz) = BFAB/kcK4xLkApX0j3p2i6BhEMhlxxWU5GyCW0PZ1uA= > -SIZE (exim-4.98.2.tar.gz) = 2655163 > +SHA256 (exim-4.99.2.tar.gz) = 6eM8jN6d3cEX6qtArlKe1wNTexThJXoGuYRgc4912oQ= > +SIZE (exim-4.99.2.tar.gz) = 2696883 > Index: patches/patch-Local_Makefile > =================================================================== > RCS file: /cvs/ports/mail/exim/patches/Attic/patch-Local_Makefile,v > diff -u -p -r1.11 patch-Local_Makefile > --- patches/patch-Local_Makefile 20 Aug 2024 19:53:09 -0000 1.11 > +++ patches/patch-Local_Makefile 30 Apr 2026 12:25:10 -0000 > @@ -1,7 +1,7 @@ > Index: Local/Makefile > --- Local/Makefile.orig > +++ Local/Makefile > -@@ -103,7 +103,7 @@ > +@@ -104,7 +104,7 @@ > # /usr/local/sbin. The installation script will try to create this directory, > # and any superior directories, if they do not exist. > > @@ -10,7 +10,7 @@ Index: Local/Makefile > > > #------------------------------------------------------------------------------ > -@@ -119,7 +119,7 @@ BIN_DIRECTORY=/usr/exim/bin > +@@ -120,7 +120,7 @@ BIN_DIRECTORY=/usr/exim/bin > # don't exist. It will also install a default runtime configuration if this > # file does not exist. > > @@ -19,7 +19,7 @@ Index: Local/Makefile > > # It is possible to specify a colon-separated list of files for CONFIGURE_FILE. > # In this case, Exim will use the first of them that exists when it is run. > -@@ -136,7 +136,7 @@ CONFIGURE_FILE=/usr/exim/configure > +@@ -137,7 +137,7 @@ CONFIGURE_FILE=/usr/exim/configure > # deliveries. (Local deliveries run as various non-root users, typically as the > # owner of a local mailbox.) Specifying these values as root is not supported. > > @@ -28,7 +28,7 @@ Index: Local/Makefile > > # If you specify EXIM_USER as a name, this is looked up at build time, and the > # uid number is built into the binary. However, you can specify that this > -@@ -214,11 +214,11 @@ SPOOL_DIRECTORY=/var/spool/exim > +@@ -215,11 +215,11 @@ SPOOL_DIRECTORY=/var/spool/exim > # If you are building with TLS, the library configuration must be done: > > # Uncomment this if you are using OpenSSL > @@ -42,7 +42,7 @@ Index: Local/Makefile > # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto > > # Uncomment this if you are using GnuTLS > -@@ -344,7 +344,7 @@ TRANSPORT_SMTP=yes > +@@ -362,7 +362,7 @@ TRANSPORT_SMTP=yes > # This one is special-purpose, and commonly not required, so it is not > # included by default. > > @@ -51,7 +51,7 @@ Index: Local/Makefile > > > #------------------------------------------------------------------------------ > -@@ -353,9 +353,9 @@ TRANSPORT_SMTP=yes > +@@ -371,9 +371,9 @@ TRANSPORT_SMTP=yes > # MBX, is included only when requested. If you do not know what this is about, > # leave these settings commented out. > > @@ -64,7 +64,7 @@ Index: Local/Makefile > > > #------------------------------------------------------------------------------ > -@@ -413,8 +413,8 @@ LOOKUP_DBM=yes > +@@ -434,8 +434,8 @@ LOOKUP_DBM=yes > LOOKUP_LSEARCH=yes > LOOKUP_DNSDB=yes > > @@ -75,7 +75,7 @@ Index: Local/Makefile > # LOOKUP_IBASE=yes > # LOOKUP_JSON=yes > # LOOKUP_LDAP=yes > -@@ -422,10 +422,10 @@ LOOKUP_DNSDB=yes > +@@ -443,10 +443,10 @@ LOOKUP_DNSDB=yes > > # LOOKUP_MYSQL=yes > # LOOKUP_MYSQL_PC=mariadb > @@ -88,7 +88,7 @@ Index: Local/Makefile > # LOOKUP_PGSQL=yes > # LOOKUP_REDIS=yes > # LOOKUP_SQLITE=yes > -@@ -525,7 +525,7 @@ SUPPORT_DANE=yes > +@@ -583,7 +583,7 @@ SUPPORT_DANE=yes > # and the MIME ACL. Please read the documentation to learn more about these > # features. > > @@ -97,7 +97,7 @@ Index: Local/Makefile > > # If you have content scanning you may wish to only include some of the scanner > # interfaces. Uncomment any of these lines to remove that code. > -@@ -566,7 +566,7 @@ DISABLE_MAL_MKS=yes > +@@ -628,7 +628,7 @@ DISABLE_MAL_MKS=yes > # from Exim. Note it can only be supported when built with > # GnuTLS 3.1.3 or later, or OpenSSL > > @@ -106,9 +106,9 @@ Index: Local/Makefile > > #------------------------------------------------------------------------------ > # By default, Exim has support for checking the AD bit in a DNS response, to > -@@ -794,18 +794,18 @@ FIXED_NEVER_USERS=root > - # included in the Exim binary. You will then need to set up the run time > - # configuration to make use of the mechanism(s) selected. > +@@ -879,18 +879,18 @@ FIXED_NEVER_USERS=root > + # core exim build. This gets them linked with the module instead. > + # The heimdal does build but we have no test coverage so it is not know to work. > > -# AUTH_CRAM_MD5=yes > +AUTH_CRAM_MD5=yes > @@ -129,7 +129,7 @@ Index: Local/Makefile > > # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 > # requires multiple pkg-config files to work with Exim, so the second example > -@@ -852,7 +852,7 @@ HEADERS_CHARSET="ISO-8859-1" > +@@ -937,7 +937,7 @@ HEADERS_CHARSET="ISO-8859-1" > # the Sieve filter support. For those OS where iconv() is known to be installed > # as standard, the file in OS/Makefile-xxxx contains > # > @@ -138,7 +138,7 @@ Index: Local/Makefile > # > # If you are not using one of those systems, but have installed iconv(), you > # need to uncomment that line above. In some cases, you may find that iconv() > -@@ -941,7 +941,7 @@ HEADERS_CHARSET="ISO-8859-1" > +@@ -1026,7 +1026,7 @@ HEADERS_CHARSET="ISO-8859-1" > # %s. This will be replaced by one of the strings "main", "panic", or "reject" > # to form the final file names. Some installations may want something like this: > > @@ -147,16 +147,16 @@ Index: Local/Makefile > > # which results in files with names /var/log/exim_mainlog, etc. The directory > # in which the log files are placed must exist; Exim does not try to create > -@@ -1013,7 +1013,7 @@ ZCAT_COMMAND=/usr/bin/zcat > - # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded > +@@ -1099,7 +1099,7 @@ ZCAT_COMMAND=/usr/bin/zcat > # Perl costs quite a lot of resources. Only do this if you really need it. > + # > > -# EXIM_PERL=perl.o > +EXIM_PERL=perl.o > > - > - #------------------------------------------------------------------------------ > -@@ -1141,7 +1141,7 @@ ZCAT_COMMAND=/usr/bin/zcat > + # For a dynamic module build add also SUPPORT_PERL=2 and SUPPORT_PAM_(INCLUED,LIBS) > + #SUPPORT_PERL=2 > +@@ -1246,7 +1246,7 @@ ZCAT_COMMAND=/usr/bin/zcat > # group. Once you have installed saslauthd, you should arrange for it to be > # started by root at boot time. > > @@ -165,7 +165,7 @@ Index: Local/Makefile > > > #------------------------------------------------------------------------------ > -@@ -1189,7 +1189,7 @@ ZCAT_COMMAND=/usr/bin/zcat > +@@ -1269,7 +1269,7 @@ ZCAT_COMMAND=/usr/bin/zcat > # aliases). The following setting can be changed to specify a different > # location for the system alias file. > > @@ -174,7 +174,7 @@ Index: Local/Makefile > > > #------------------------------------------------------------------------------ > -@@ -1454,7 +1454,7 @@ EXIM_TMPDIR="/tmp" > +@@ -1534,7 +1534,7 @@ EXIM_TMPDIR="/tmp" > # (process id) to a file so that it can easily be identified. The path of the > # file can be specified here. Some installations may want something like this: > > Index: patches/patch-src_tlscert-openssl_c > =================================================================== > RCS file: patches/patch-src_tlscert-openssl_c > diff -N patches/patch-src_tlscert-openssl_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_tlscert-openssl_c 30 Apr 2026 12:25:10 -0000 > @@ -0,0 +1,12 @@ > +Index: src/tlscert-openssl.c > +--- src/tlscert-openssl.c.orig > ++++ src/tlscert-openssl.c > +@@ -29,7 +29,7 @@ library. It is #included into the tls.c file when that > + # endif > + #endif > + > +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) > ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090000fL) > + # define ASN1_STRING_get0_data ASN1_STRING_data > + #endif > + > Index: pkg/MESSAGE-main > =================================================================== > RCS file: /cvs/ports/mail/exim/pkg/Attic/MESSAGE-main,v > diff -u -p -r1.3 MESSAGE-main > --- pkg/MESSAGE-main 13 Mar 2014 14:50:41 -0000 1.3 > +++ pkg/MESSAGE-main 30 Apr 2026 12:25:10 -0000 > @@ -1,7 +1,4 @@ > -To replace smtpd with exim, install a new mailer.conf using the > -following command: > - > - ${PREFIX}/sbin/exim-enable > +** NOTE: Exim will be removed from packages in OpenBSD 7.9 ** > > If you want to restore smtpd, this is done using the following > command: