From owner-freebsd-security@freebsd.org Fri May 7 19:28:04 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DE5F2639BA0 for ; Fri, 7 May 2021 19:28:04 +0000 (UTC) (envelope-from cli_junkie@protonmail.com) Received: from mail-40140.protonmail.ch (mail-40140.protonmail.ch [185.70.40.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "SwissSign Server Gold CA 2014 - G22" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FcL833sQJz3GWj for ; Fri, 7 May 2021 19:28:02 +0000 (UTC) (envelope-from cli_junkie@protonmail.com) Date: Fri, 07 May 2021 19:27:53 +0000 To: Vincent Hoffman-Kazlauskas From: Patrick Cc: "freebsd-security@freebsd.org" Reply-To: Patrick Subject: Re: Exim security release Message-ID: In-Reply-To: <65808f91-fbf7-ec98-64d9-b9405bf943b0@unsane.co.uk> References: <65808f91-fbf7-ec98-64d9-b9405bf943b0@unsane.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Rspamd-Queue-Id: 4FcL833sQJz3GWj X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.28 / 15.00]; HAS_REPLYTO(0.00)[cli_junkie@protonmail.com]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[protonmail.com]; R_SPF_ALLOW(-0.20)[+ip4:185.70.40.0/24]; DKIM_TRACE(0.00)[protonmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[protonmail.com,quarantine]; NEURAL_HAM_SHORT(-0.18)[-0.182]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[protonmail.com]; ASN(0.00)[asn:62371, ipnet:185.70.40.0/24, country:CH]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[185.70.40.140:from]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[protonmail.com:s=protonmail]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; FREEMAIL_REPLYTO(0.00)[protonmail.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RWL_MAILSPIKE_VERYGOOD(0.00)[185.70.40.140:from]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 May 2021 19:28:04 -0000 =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On Friday, May 7, 2021 3:49 PM, Vincent Hoffman-Kazlauskas wrote: > > > On 07/05/2021 16:41, P via freebsd-security wrote: > > > =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Origina= l Message =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80= =90 > > On Thursday, May 6, 2021 2:41 AM, Gordon Tetlow gordon@tetlows.org wrot= e: > > > > > The port maintainer (CC'd) has already included an update for the new > > > Exim release. It should be available in the port system already. Pkg'= s > > > are usually built a couple of times a week. > > > Gordon > > > > Thank you for taking the time to reply, and apologies for my delay in > > getting back to this. > > I was looking here [0] and saw the last activity still points to the > > +fixes branch of November 2020, which is what prompted my question. If > > you don't mind, where did you see the included update so I know where > > to look the next time. > > I also did pkg update yesterday, including exim-postgresql. exim -bV > > now shows v4.94.2 which seems to match the patched version from the > > Exim mailing list. But not sure how to confirm that either. > > I may be wrong but I suspecthttps://svnweb.FreeBSD.org isnt valid any > more since the move to git. > > https://cgit.freebsd.org/ports/log/mail/exim/Makefile > shows 'update to 4.94.2 security release' 3 days ago. > > Vince Now that makes perfect sense, but I didn't know about https://cgit.freebsd.org/ports/tree/mail/exim I got to the SVN repo by starting at https://www.freebsd.org, clicking the Ports link under Shortcuts, and searching for exim. Up until I submitted my reply this morning, that took me to the SVN repo. I did verify that before replying. But now it goes to the cgit page. :) So it looks like all is good. Thanks everyone! P > > > Appreciate the help! > > P > > [0] > > https://svnweb.FreeBSD.org/ports/head/mail/exim > > > > > On Wed, May 5, 2021 at 7:02 PM Patrick via freebsd-security > > > freebsd-security@freebsd.org wrote: > > > > > > > Hello, and apologies if this is not the right place to be asking th= is > > > > question. > > > > A major security release was announced yesterday by the Exim dev te= am > > > > [0]. I see some Linux distros have already released patched version= s of > > > > Exim in their package repos. Is there any chance the FreeBSD Exim p= ort > > > > will be updated to reflect these patches? > > > > Thanks, > > > > P > > > > [0] > > > > https://lists.exim.org/lurker/message/20210504.134007.ce022df3.en.h= tml > > > > freebsd-security@freebsd.org mailing list > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@free= bsd.org" > > > > freebsd-security@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.= org" > > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g"