From owner-freebsd-security@freebsd.org Fri May 7 15:49:26 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A723B63331D for ; Fri, 7 May 2021 15:49:26 +0000 (UTC) (envelope-from vince@unsane.co.uk) Received: from unsane.co.uk (tunnel7249-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:110::2]) by mx1.freebsd.org (Postfix) with ESMTP id 4FcFHm5VShz4mSW for ; Fri, 7 May 2021 15:49:24 +0000 (UTC) (envelope-from vince@unsane.co.uk) Received: from MacBook-Air.local (vhoffman.plus.com [81.174.148.213]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by unsane.co.uk (Postfix) with ESMTPSA id DCE4930013 for ; Fri, 7 May 2021 16:49:17 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=unsane.co.uk; s=251017; t=1620402558; bh=PXU/kYdwXwWiHVXzoZ4igI1RLJ1fcJ9wrofOJVwQ8oM=; h=Subject:To:References:From:Date:In-Reply-To; b=nLxkC/x9MRjtbQU594/goYj3+JDD4avur13e0NvFY1JXIM1eIczNyoMhzh6AzY2Xg XAjd69p4wuLquo7vT0cw4/c25A4d7M/0IvahdAz+/rJxRZKuI7ecr3NNUlznDEgHyX QynZfmwPxctB5bEt5EsvaUR5FW7UPzLRPjHRkjqc= Subject: Re: Exim security release To: freebsd-security@freebsd.org References: From: Vincent Hoffman-Kazlauskas Message-ID: <65808f91-fbf7-ec98-64d9-b9405bf943b0@unsane.co.uk> Date: Fri, 7 May 2021 16:49:17 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4FcFHm5VShz4mSW X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=unsane.co.uk header.s=251017 header.b=nLxkC/x9; dmarc=pass (policy=none) header.from=unsane.co.uk; spf=fail (mx1.freebsd.org: domain of vince@unsane.co.uk does not designate 2001:470:1f08:110::2 as permitted sender) smtp.mailfrom=vince@unsane.co.uk X-Spamd-Result: default: False [0.80 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[unsane.co.uk:+]; DMARC_POLICY_ALLOW(0.00)[unsane.co.uk,none]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2001:470:1f08:110::2:from]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all]; R_DKIM_ALLOW(-0.20)[unsane.co.uk:s=251017]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2001:470:1f08:110::2:from:127.0.2.255]; VIOLATED_DIRECT_SPF(3.50)[]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 May 2021 15:49:26 -0000 On 07/05/2021 16:41, P via freebsd-security wrote: > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Thursday, May 6, 2021 2:41 AM, Gordon Tetlow wrote: > >> The port maintainer (CC'd) has already included an update for the new >> Exim release. It should be available in the port system already. Pkg's >> are usually built a couple of times a week. >> >> Gordon > > Thank you for taking the time to reply, and apologies for my delay in > getting back to this. > > I was looking here [0] and saw the last activity still points to the > +fixes branch of November 2020, which is what prompted my question. If > you don't mind, where did you see the included update so I know where > to look the next time. > > I also did pkg update yesterday, including exim-postgresql. exim -bV > now shows v4.94.2 which seems to match the patched version from the > Exim mailing list. But not sure how to confirm that either. I may be wrong but I suspect https://svnweb.FreeBSD.org isnt valid any more since the move to git. https://cgit.freebsd.org/ports/log/mail/exim/Makefile shows 'update to 4.94.2 security release' 3 days ago. Vince > > Appreciate the help! > P > > [0] > https://svnweb.FreeBSD.org/ports/head/mail/exim > >> >> On Wed, May 5, 2021 at 7:02 PM Patrick via freebsd-security >> freebsd-security@freebsd.org wrote: >> >>> Hello, and apologies if this is not the right place to be asking this >>> question. >>> A major security release was announced yesterday by the Exim dev team >>> [0]. I see some Linux distros have already released patched versions of >>> Exim in their package repos. Is there any chance the FreeBSD Exim port >>> will be updated to reflect these patches? >>> Thanks, >>> P >>> [0] >>> https://lists.exim.org/lurker/message/20210504.134007.ce022df3.en.html >>> >>> freebsd-security@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-security >>> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >