Please update
Created attachment 246118 [details] update 4.96.2 -> 4.97 Testbuild on current looks OK. TODO: testbuild on other versions, testruns.
simple run-test was fine. Needs more testing.
More complex run-test was successful.
Created attachment 246125 [details] patch-to-4.97-v2 This version of the patch builds on 150,140,15i,132,124
13.2-RELEASE-p4 Can't build In file included from tls.c:473: ./tls-openssl.c:2407:36: warning: invalid conversion specifier 'Y' [-Wformat-invalid-specifier] log_write(0, LOG_MAIN, "TLS ALPN (%Y) rejected", g); ~^ ./tls-openssl.c:2611:19: error: no member named 'dane_verified' in 'tls_support' if ( tls_out.dane_verified ~~~~~~~ ^ 1 warning and 1 error generated. *** Error code 1
(In reply to Igor Zabelin from comment #5) Can you show the output of make showconfig ? Thanks!
(In reply to Kurt Jaeger from comment #6) my showconfig: https://people.freebsd.org/~pi/exim-showconfig.txt I tried both with or without DANE, no problems to build on 13.2.
(In reply to Kurt Jaeger from comment #6) ===> The following configuration options are available for exim-4.97: ALT_CONFIG_PREFIX=off: Restrict the set of configuration files CONTENT_SCAN=on: Enable exiscan email content scanner DAEMON=on: Install scripts to run as a daemon DANE=off: Enable experimental DANE support DEBUG=off: Build with debugging support DISABLE_D_OPT=on: Disable macros overrides using option -D DKIM=on: Enable support for DKIM DNSSEC=on: Enable DNSSEC validation DOCS=off: Build and/or install documentation EMBEDDED_PERL=on: Enable embedded Perl interpreter EVENT=on: Messages events support (TPDA namely) EXIMON=off: Build eximon monitor (requires X libraries) ICONV=on: Enable header charset conversion INTERNATIONAL=on: Enable support for the transmission of UTF-8 envelope addresses IPV6=on: IPv6 protocol support LISTMATCH_RHS=off: Enable pre-4.77 behaviour for match_* LMTP=on: RFC2033 SMTP over command pipe transport OCSP=on: Enable OCSP stapling PRDR=on: Enable Per-Recipient-Data-Response support PROXY=off: Enable Experimental Proxy Protocol READLINE=off: Enable readline(3) library SOCKS=off: Enable smtp transport via socks5 proxies SPF=on: Enable Sender Policy Framework checking SUID=on: Install the exim binary suid root TCP_WRAPPERS=off: Enable /etc/hosts.allow access control WISHLIST=off: Include the unsupported patches ====> SMTP Authorization AUTH_CRAM_MD5=on: Enable CRAM-MD5 authentication mechanisms AUTH_DOVECOT=on: Enable Dovecot authentication mechanisms AUTH_PLAINTEXT=on: Enable plaintext authentication AUTH_RADIUS=off: Enable radius (RFC 2865) authentication AUTH_SASL=off: Enable use of Cyrus SASL auth library AUTH_SPA=on: Enable Secure Password Authentication AUTH_TLS=off: Enable TLS client certificate authentication SASLAUTHD=off: Enable use of Cyrus SASL auth daemon PAM=on: Enable PAM authentication mechanisms PASSWD=on: Enable /etc/passwd lookups ====> Lookup support CDB=on: Enable CDB-style lookups BDB=off: Enable Berkeley DB lookups DNSDB=on: Enable DNS-style lookups DSEARCH=on: Enable directory-list lookups LSEARCH=on: Enable wildcarded-file lookups MYSQL=off: Enable mysql lookups NIS=off: Enable NIS-style lookups OPENLDAP=off: Enable LDAP lookups PGSQL=off: Enable postgresql lookups REDIS=off: Enable redis lookups SQLITE=off: Enable SQLite lookups ====> Supported storage formats MAILDIR=on: Enable Maildir mailbox format MAILSTORE=on: Enable Mailstore mailbox format MBX=on: Enable MBX mailbox format ====> Experimental options CERTNAMES=off: Check certiticates ownership DCC=off: Enable DCC at ACL support via dccifd DMARC=off: Enable DMARC support DSN=off: Enable Delivery Status Notifications ARC=off: Enable experimental ARC support LMDB=off: Enable LMDB lookups QUEUEFILE=off: Enable queuefile transport ====> TLS support: you can only select none or one of them TLS=on: TLS support GNUTLS=off: Use GnuTLS instead of OpenSSL for TLS ====> Local scan patch: you can only select none or one of them SA_EXIM=off: Build with Spamassassin local scan ====> Sender Rewriting Scheme: you can only select none or one of them SRS=off: Enable Sender Rewriting Scheme ===> Use 'make config' to modify these settings
(In reply to Igor Zabelin from comment #8) Did you try with DANE=on ?
(In reply to Kurt Jaeger from comment #9) With DANE=on no error everything is built
(In reply to Igor Zabelin from comment #10) Thanks -- I have no idea why my combination of options works on both cases and your combination does not work in both cases.
There are no problems with 4.9.2 in the same environment
(In reply to Kurt Jaeger from comment #7) Affecting difference here: < OCSP=on: Enable OCSP stapling --- > OCSP=off: Enable OCSP stapling With OCSP=on no problem, everything is Ok. With or without DANE. Вy default OCSP=off
(In reply to Igor Zabelin from comment #13) https://git.exim.org/exim.git/commitdiff/37b849dca4dfd855212a763662825e967a4d77b1 is supposed to fix that issue.
Kurt, feel free to update port
Committed, thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=0c138bb78cfaf00bc66ca21a645b471460c0609f commit 0c138bb78cfaf00bc66ca21a645b471460c0609f Author: Kurt Jaeger <pi@FreeBSD.org> AuthorDate: 2023-11-08 15:10:54 +0000 Commit: Kurt Jaeger <pi@FreeBSD.org> CommitDate: 2023-11-08 15:10:54 +0000 mail/exim: update 4.96.2 -> 4.97 Notable changes: - The internal (but exposed in logs, Received: headers and Message-ID: headers) identifier used for messages is longer than in the previous release PR: 274909 Changes: https://lists.exim.org/lurker/message/20231104.135832.37148bbd.en.html Reported-by: doctor@doctor.nl2k.ab.ca Approved-by: fluffy (maintainer) Reviewed-by: Igor Zabelin <igorz@yandex.ru> mail/exim/Makefile | 34 +-- mail/exim/distinfo | 6 +- ...t-to-rewrite-a-malformed-address.-.patch (gone) | 39 ---- ...x-memory-accounting-for-error-case.patch (gone) | 25 --- ...x-regex-n-use-after-free.-Bug-2915.patch (gone) | 167 --------------- ...09-Fix-non-WITH_CONTENT_SCAN-build.patch (gone) | 58 ------ ...-Fix-non-WITH_CONTENT_SCAN-build-2.patch (gone) | 135 ------------ ...-Fix-non-WITH_CONTENT_SCAN-build-3.patch (gone) | 45 ---- ...clients-offering-no-TLS-extensions.patch (gone) | 96 --------- ...with-libopendmarc-1.4.x-fixes-2728.patch (gone) | 71 ------- ...use-after-free-in-dmarc_dns_lookup.patch (gone) | 39 ---- ...75_22-Fix-daemon-startup.-Bug-2930.patch (gone) | 50 ----- ...-reccipients-after-run.-.-Bug-2929.patch (gone) | 28 --- ...ng-capture-variables-for-null-matc.patch (gone) | 60 ------ ...g-capture-variables-for-null-match.patch (gone) | 94 --------- ...tring-capture-commentary.-Bug-2933.patch (gone) | 48 ----- ...ading-creds-do-the-server-certs-be.patch (gone) | 232 --------------------- ...-expansion-of-tls_verify_certifica.patch (gone) | 217 ------------------- ...0-Fix-logging-of-max-size-log-line.patch (gone) | 63 ------ ...dns_again_means_nonexist.-Bug-2911.patch (gone) | 54 ----- ...socket-explicitly-on-connect-ACL-d.patch (gone) | 50 ----- ...curve-setting-explicit-curve-group.patch (gone) | 166 --------------- ...curve-on-earlier-versions-than-3.0.patch (gone) | 42 ---- ...rejected-for-bad-ALPN-with-the-off.patch (gone) | 99 --------- ...dns_again_means_nonexist-for-TLSA-.patch (gone) | 78 ------- .../75_66-Fix-crash-in-expansions.patch (gone) | 66 ------ mail/exim/files/patch-src_tls-openssl.c (new) | 11 + mail/exim/pkg-plist | 2 + 28 files changed, 23 insertions(+), 2052 deletions(-)
(In reply to Dima Panov from comment #15) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271767 This is also important. The current script 150.exim-tidydb is not working.
At the same time may apply patch and close bugs 266465 272754.