From nobody Sat Jul 20 19:15:03 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WRGTC2fzvz5Myhg for ; Sat, 20 Jul 2024 19:15:11 +0000 (UTC) (envelope-from mirror176@hotmail.com) Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12olkn2080f.outbound.protection.outlook.com [IPv6:2a01:111:f403:2c18::80f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WRGTB2p72z4pDs for ; Sat, 20 Jul 2024 19:15:10 +0000 (UTC) (envelope-from mirror176@hotmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hotmail.com header.s=selector1 header.b=oOUefKEI; dmarc=pass (policy=none) header.from=hotmail.com; spf=pass (mx1.freebsd.org: domain of mirror176@hotmail.com designates 2a01:111:f403:2c18::80f as permitted sender) smtp.mailfrom=mirror176@hotmail.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BlVgLPklyOVcqTxE4pZYMZ9XEBLm7GSZOaqv/lACGWFVue1n1gSVUQPTnLgxOIsbXLqskY4p9fgaaDOcslCJfmkq1g+1O7KfNAT/ik7DqhPDaW0BZuo4IPcfYmsuyCn6sHCSWDyJuOrp3RfoCoRpqea9xnAmJUPdcD7qQkytjTOmI/Cxyr261rHJ+Pm6DY66EQQQmHL0WrbcIbL3Cj/cmsy8B3yUDs4u8BiK682xTQt6ksRo7m+ZqEcyB35HUNSeP6GnjrnqF5ftKgQ1LT9iHoTnL9ySpBK3s2ETKDb2xM+tDwyCitPWyZbrvh4IlcBGdsXrDqs51kspUnD4BIVrzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p7RiWCwNvaYahEWDGxrTBjt1oEv6miqusxaLd7MvYtM=; b=S8yET2qJUTqK52saxEsqV7zUi3Tv33sttmMVE5aFSwIAJXhPO1k7IE9T6Eos1pXJ47V+qAb4HVMbWscejD3nCYgg/3QNBKjnN4D0m/x8mV0U4UK8A/zSrEpzP+ezvBu2hVZRByvUPX9gb42mruPrWRaz7wiXMj0gksyE2uqp7uQUbZtTkKVlPfVop9GYjc+iGGnx5kYOQ1+9mwdxNX92sNgD/KGMXiPZhly80YiVQQAMfXXnb17SFN8mlREmh/nYrDEERIP5pljQAgj4J9ZsqQHi4cConn+PCX9QQKpqy2T2biosKqDtNecM2Z3UCRjiXjvWItB4whE3OGSMReWHnQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p7RiWCwNvaYahEWDGxrTBjt1oEv6miqusxaLd7MvYtM=; b=oOUefKEIfBDi/2cJvW4IASp+O/+J8g09AwNfTElMmwM/7+DSPNrI/92eF9ra99S/GGVlrslNN1psKWEl14fHk163TVudRXHxujhbHVdyg2jsEKU4Vdkx2AlMpGKb9E15n6712g0XxsfYfiOzwBlJS2IWu92JDJP9uhxFruHX+jJ57tRJCIt5xMcU53AK1gjZ+awdx1FuWCIm1M8PZq2o2CeXhG+dluJvJN/8MVUxJqLu0Sb8/2bQV8UFJqgNO9I3/Si9nTfcHYOOkuVikUVC+nuoLlmklKH2dYZsGu5YyLa3lY190NTwfcMOUqaFbT0bPr+kBO6sMnPQdI3Vu2gUDg== Received: from CO1PR11MB4770.namprd11.prod.outlook.com (2603:10b6:303:94::19) by PH0PR11MB7165.namprd11.prod.outlook.com (2603:10b6:510:1e9::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.14; Sat, 20 Jul 2024 19:15:07 +0000 Received: from CO1PR11MB4770.namprd11.prod.outlook.com ([fe80::bffd:9e35:4afa:a747]) by CO1PR11MB4770.namprd11.prod.outlook.com ([fe80::bffd:9e35:4afa:a747%6]) with mapi id 15.20.7762.027; Sat, 20 Jul 2024 19:15:07 +0000 Message-ID: Date: Sat, 20 Jul 2024 12:15:03 -0700 User-Agent: Mozilla Thunderbird Subject: Re: Quarterly branch ports question To: questions@freebsd.org References: Content-Language: en-US From: "Edward Sanford Sutton, III" In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-TMN: [of+PXNcbmEClcneJ4RPdjRak/hVBgM2Q] X-ClientProxiedBy: CH0P221CA0039.NAMP221.PROD.OUTLOOK.COM (2603:10b6:610:11d::21) To CO1PR11MB4770.namprd11.prod.outlook.com (2603:10b6:303:94::19) X-Microsoft-Original-Message-ID: List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PR11MB4770:EE_|PH0PR11MB7165:EE_ X-MS-Office365-Filtering-Correlation-Id: 354723cb-1876-403c-150c-08dca8f043e8 X-Microsoft-Antispam: BCL:0;ARA:14566002|8060799006|19110799003|461199028|3412199025|440099028|4302099013|1602099012; X-Microsoft-Antispam-Message-Info: c129z5dD/9p5XZRm0Txzv+sB0ZNhBkhEHIszpl4eLlH6xx8rjy2zJ0zLi8Fj+yBVIUN2oy6LYgMMeLUI3LVuxZi5SAri8NIToX8tu0WriufLBe1/B98Eq4XdOjLEXsjjs5SlPVcAleXT1lfugv03w1E9gQhQMTE8xXGQVyI5B9NFdB1cEoQbd+z4OiXMzXIQOzBjwerXiY9tsVleSkpbheJcMejkZ81ZArJuIhl7PppbLOtr0RjytmSEDCDxMMRZFeQvMl4TLp0/yckvC9EWIg3NAqObVktLqtv7RQ/pfhWlxDaN3wXNlw3jEY0ml7xP/QTxHW79BVgb8xZuEmrh/wDDVLU9WsH81obbFg/aCyDXPonhg2Ft7bfWHU7ZqQFaIlfGkuSU/AyhQ4CJQ+Lz2+AMNxJB0buRDC5/FT5sJWQUZUewD3Hccju3LZA1pkalC8Ux3DV2JdQRs7IuTEkwD2IPu7rIFb15OUe9GpwPHhgJQ/2+SHuI1szVMHYprjnF/R30PknSEenNnsoiEVQckngQJXqNduAZmhHA+6Rv/cDOuXPgVOauFlWMzhFAuR/z5OGfCQ2L7PhYBJ9qhJsbtT9ti89goD6hwbaskilKenhuv40PYuwmTpz/KcnbyFdstTaraNVy8WbaOygeEDHGfhVnUiHKjFV9dw/+SfI9VK+YFt4tnJmDPJl1e4DckQjfYxqiipEc7Ykv/Cz+xZjUwWnnAZM0rwOkrk4ovlVLo5YQUityO2y9srWdBQEgh2iP X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RGJBNHRleW1ZTmU4ZEpGMDBVWDEyRDgzSGZDY2ZUTFhuWFBtTUI2TkhRek1Y?= =?utf-8?B?M2xkYkRFQnc0UitHNFpVMEhXbDNUeUJQTmNSMVBsdmEvZEJkRVpWVjcwek1N?= =?utf-8?B?UFYvK082aWNmeUNzVitxZkN6cStqRTBRMEliMHpQSTg0SENYb1FOcHFtS0RE?= =?utf-8?B?TGRtS2xVUGQzbFRsb0pBR2Z3eXY3c1hmK2J1aGVQMU5QSlJaRkF1VXNSK05w?= =?utf-8?B?QnVUREFZcTg5eUtqYlgwVk1oRERXQ0NTQUdMaW15T2hUMk5oaXFtR2JRNkxv?= =?utf-8?B?MHBHbm1jaldpODZNZzVOOUpwdzJuNTQ0L2dROGhoTW5KQWwzd1pBczZBbUox?= =?utf-8?B?dVhJWEFsd0NVbUdJTVgxdi90TkVWaG5HUUZWRDlsVWRZYzJzODFrcFkzbkhF?= =?utf-8?B?T0VQREpTQjRHUmFsQm5lN0p4TE9CQytaeTZjMEdxSm1EUGl6SWp5MFJUQy9l?= =?utf-8?B?WkFrTE9rU3I0Ly9Ba2czeHVqclZ0TlJYb0xnMWxGSHcrZllzdDYyOWJsOTNz?= =?utf-8?B?dkppSnRSQlI3aVBUd0dvbmZoZnlOYXpzVzhZbkExYnZtNVZPZW9pb0V5MDZl?= =?utf-8?B?N3pTUTdUVGI0RXBlRDlCc1BZSmVTbVV0ZjNXQ2dNL3NVZ3JSeHNTejVvTzVy?= =?utf-8?B?QjhyNHdzWHlXdWxZTWs3WXU1cjJ2U294b0orYnUwVUpzUG1DU0JUUnlhbmVI?= =?utf-8?B?alpHaExqbzZVbG5XTWpxc1VUTGd4cnd5UGZUSmFFSjRsUDRjOXQyUWQwR1Z3?= =?utf-8?B?dURRQnR2UzU3YmJKVVVQb2MxRTJuVzVSMDF6VkpoRkJBMnBqWXFuOTNYM0VY?= =?utf-8?B?RjM1bHdqRWQrSHRnclBEY2ZDYlhHQ1QwYXBIalVhV09uTlhvZkk2MzRrWThm?= =?utf-8?B?NjQ1SFh3RzROTFRBUEZHaEYybGRpcnFjbERrdXMwQzRXYWVhYkRjWkdJUVlH?= =?utf-8?B?MXl3SWRGMVVXaFVpK0FSSHl2RkRoWEFJVkZ2RjczSnNtQTliRkl5Y2xLR0FX?= =?utf-8?B?aDNUTE1sVWlmVTladS9odGJBelE2K0laZ1ZOc0pqUURsd2l1QTQzdXE1YXND?= =?utf-8?B?UFp4cXZHRDBCL29XNVhHcnBMaUNoOTY3TEZaK0RsUGFqK056cFIxS3JwWUo4?= =?utf-8?B?ME02ZjBUUXA1eGd1M21vQjQzRnFRM29kL2lUOTRvNnlNdi9jeE9tenhLcEZG?= =?utf-8?B?LzFxM29sRDE0Zy96YU9CU2dqcWJKdkR1ZGt0eTBHNGlSS2JxQUNZVUIwWDNX?= =?utf-8?B?bHFVRk11NTE5ZlFjdzdhYmhwZDhmV21hOWRFajg5RjQ5QkxQRFlaQ1kzUTJJ?= =?utf-8?B?d0tZK29OWGQ0NERBMEU2VVJGZW5iN29NdnpvRm5jM1BQN1UwclFXUzVkYXNJ?= =?utf-8?B?K3VGeXdITHlqMUZQRTNTOU1YNzA5YXluYlg4S0V1SWpjRFVvazRmNjFrNnUx?= =?utf-8?B?WU80dXlvOHZmTWdWL1ZRWmRzeUdkcVkxVUZFaEhyZTY1VE5VbFM5WTBRRkZz?= =?utf-8?B?WkpRSi9lZ01UMDRTb1VRTDkxZHVFbjNLK09FRkVtY3lteFhXK0hPcld5WC9N?= =?utf-8?B?RUo1NzdoRStvbjgyUkw3bWNaQUtEcFo3M0V6c1ZjNWN0a3JlQlhidW1lZ1Mv?= =?utf-8?Q?QGKVtPZHRQMsaLBX61HynbpJlYZlrzmPfYpRqWL8j0qY=3D?= X-OriginatorOrg: sct-15-20-7719-20-msonline-outlook-1ce3f.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 354723cb-1876-403c-150c-08dca8f043e8 X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4770.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2024 19:15:06.7661 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB7165 X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.43 / 15.00]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector10001:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.94)[-0.940]; DMARC_POLICY_ALLOW(-0.50)[hotmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a01:111:f403::/49]; R_DKIM_ALLOW(-0.20)[hotmail.com:s=selector1]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; ASN(0.00)[asn:8075, ipnet:2a01:111:f000::/36, country:US]; FREEMAIL_FROM(0.00)[hotmail.com]; MIME_TRACE(0.00)[0:+]; DWL_DNSWL_NONE(0.00)[hotmail.com:dkim]; FREEMAIL_ENVFROM(0.00)[hotmail.com]; RCPT_COUNT_ONE(0.00)[1]; MLMMJ_DEST(0.00)[questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DKIM_TRACE(0.00)[hotmail.com:+] X-Rspamd-Queue-Id: 4WRGTB2p72z4pDs On 7/20/24 11:43, Pat wrote: > Hello all, > > I maintain a FreeBSD 13 server that acts as an MTA on an > internal network. It rums Exim, and is configured to update > from the URL "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly". > > Today pkg upgrade installed version exim-4.97.1_5. I do not > recall that version being available last week, so I assume this > is a security release? Changelog shows 4.95.1_5 was to bump to consumers of its dependency dns/libidn: https://cgit.freebsd.org/ports/commit/mail/exim?h=2024Q3&id=bae03bdd17b294e3354848e123f3ec4bd9b7592a . That change is a version bump just to guarantee that if rebuilding installed ports with tools like portupgrade/portmaster that exim will also get rebuilt. It does not change anything about the exim program's code/buildsteps. Refer to https://docs.freebsd.org/en/books/porters-handbook/makefiles/#makefile-portrevision for further clarification of the use of this variable that was modified in the port. > How can I find the changes introduced since version > exim-4.97.1_4, which is what the server was at until the > upgrade? Easiest way I do it in a web browser is navigate to cgit.freebsd.org, click on ports, click on the branch you want (the newest quarterly branch), switch the view to 'tree', click the desired category (mail), click on the port (exim). From here you can click on log at the top for changes to the port as a whole or click on other links for log and changes to individual files. > In particular I'm curious to know if this version addresses > CVE-2024-39929 (https://bugs.exim.org/show_bug.cgi?id=3099 > ) by any > chance. This is just an exercise in curiosity, and a chance to learn > more about FreeBSD ports and packages. Skimming over that bug report, it looks like fixes on 7/1 and 7/2 went into exim's codebase but I only see notes of fixing it on 4.98. https://git.exim.org/exim.git/shortlog/refs/heads/exim-4.97+security was last updated 6 months ago so it does not look like the exim project has fixed 4.97 themselves. If this gets fixed for 4.97, I'd expect the change to the FreeBSD port to either include a distinfo change about the file it downloads to be for a fixed archive, download the patch separately, or have the ./files/ updated to include the patch or have the Makefile modified to include the patch. I don't follow how security is decided too well but I presume that the deswcription would apply to any platform running exim so it could be a candidate to maybe be a vuxml database entry. > Thanks! > Pat