Update exim to 4.86.

Exim version 4.86
-----------------
JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
      expanded.

JH/02 The smtp transport option "multi_domain" is now expanded.

JH/03 The smtp transport now requests PRDR by default, if the server offers
      it.

JH/04 Certificate name checking on server certificates, when exim is a client,
      is now done by default.  The transport option tls_verify_cert_hostnames
      can be used to disable this per-host.  The build option
      EXPERIMENTAL_CERTNAMES is withdrawn.

JH/05 The value of the tls_verify_certificates smtp transport and main options
      default to the word "system" to access the system default CA bundle.
      For GnuTLS, only version 3.0.20 or later.

JH/06 Verification of the server certificate for a TLS connection is now tried
      (but not required) by default.  The verification status is now logged by
      default, for both outbound TLS and client-certificate supplying inbound
      TLS connections

JH/07 Changed the default rfc1413 lookup settings to disable calls.  Few
      sites use this now.

JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
      Status Notification (bounce) messages are now MIME format per RFC 3464.
      Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
      under the control of the dsn_advertise_hosts option, and routers may
      have a dsn_lasthop option.

JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
      default, modifiable by a malware= option.  The list separator for
      the options can now be changed in the usual way.  Bug 68.

JH/10 The smtp_receive_timeout main option is now expanded before use.

JH/11 The incoming_interface log option now also enables logging of the
      local interface on delivery outgoing connections.

JH/12 The cutthrough-routing facility now supports multi-recipient mails,
      if the interface and destination host and port all match.

JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
      /defer_ok option.

JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
      Patch from Andrew Lewis.

JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
      now supports optional time-restrictions, weighting, and priority
      modifiers per server.  Patch originally by <rommer@active.by>.

JH/16 The spamd_address main option now supports a mixed list of local
      and remote servers.  Remote servers can be IPv6 addresses, and
      specify a port-range.

JH/17 Bug 68: The spamd_address main option now supports an optional
      timeout value per server.

JH/18 Bug 1581: Router and transport options headers_add/remove can
      now have the list separator specified.

JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
      option values.

JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
      under OpenSSL.

JH/21 Support for the A6 type of dns record is withdrawn.

JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
      rather than the verbs used.

JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
      from 255 to 1024 chars.

JH/24 Verification callouts now attempt to use TLS by default.

HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
      are generic router options now. The defaults didn't change.

JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
      Original patch from Alexander Shikoff, worked over by JH.

HS/02 Bug 1575: exigrep falls back to autodetection of compressed
      files if ZCAT_COMMAND is not executable.

JH/26 Bug 1539: Add timout/retry options on dnsdb lookups.

JH/27 Bug 286: Support SOA lookup in dnsdb lookups.

JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
      Normally benign, it bites when the pair was led to by a CNAME;
      modern usage is to not canoicalize the domain to a CNAME target
      (and we were inconsistent anyway for A-only vs AAAA+A).

JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.

JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
      when evaluating $sender_host_dnssec.

JH/31 Check the HELO verification lookup for DNSSEC, adding new
      $sender_helo_dnssec variable.

JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.

JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.

JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.

JH/35 Bug 1642: Fix support of $spam_ variables at delivery time.  Was
      documented as working, but never had.  Support all but $spam_report.

JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
      added for tls authenticator.

mail/exim/Makefile

@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.141 2015/10/10 01:58:12 ryoon Exp $
+# $NetBSD: Makefile,v 1.142 2016/01/10 20:55:56 bsiegert Exp $
 
-DISTNAME=	exim-4.85
-PKGREVISION=	3
+DISTNAME=	exim-4.86
 CATEGORIES=	mail net
 MASTER_SITES=	ftp://ftp.exim.org/pub/exim/exim4/ \
 		http://dl.ambiweb.de/mirrors/ftp.exim.org/exim/exim4/

mail/exim/distinfo

@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.62 2015/11/03 23:27:05 agc Exp $
+$NetBSD: distinfo,v 1.63 2016/01/10 20:55:56 bsiegert Exp $
 
-SHA1 (exim-4.85.tar.bz2) = 6b40d5a6ae59f86b4780ad50aaf0d930330d7b67
-RMD160 (exim-4.85.tar.bz2) = 334e5eeb9242b3fff49bd581b8cb22c12c0e8215
-SHA512 (exim-4.85.tar.bz2) = 2c5846528ee98e4aff5dbabe49dfa5ba6753fa64154b9671a7849db8a17773917fe13bcb9e5f732c43d7479debfadd8012b8650823eb12504a6b1b28be456161
-Size (exim-4.85.tar.bz2) = 1784150 bytes
-SHA1 (patch-aa) = 24a12631b7df17930349b8a0d03adc80d27efbe2
+SHA1 (exim-4.86.tar.bz2) = 5e2c2e5fcc83646e7d7dd308f1d13da0e49db924
+RMD160 (exim-4.86.tar.bz2) = bbcf683eb1397f350ff5b8789869ad8c34ff28ea
+SHA512 (exim-4.86.tar.bz2) = 0b90cd1b4d99bbb976336ccf9c2c3375f453a74bb306f1b0215f7ecca80fbda83cf5cc38c502516c2903c5d753f1f559c534fc4f4b1b32ee3300db86de6610ab
+Size (exim-4.86.tar.bz2) = 1804807 bytes
+SHA1 (patch-aa) = 4df21c2497e9fee8dfbcd4386bb1b70d69ca2932
 SHA1 (patch-ab) = 6af17f036ed02a3bc37c1f303269eea447fcb691
 SHA1 (patch-ae) = 7daf63727e222bbaa7e5b8289c4fcb6a8c0272cf
 SHA1 (patch-ag) = dd93bb718c996f18b4e985806eb6d4ff5f25a67f

mail/exim/patches/patch-aa

@@ -1,6 +1,6 @@
-$NetBSD: patch-aa,v 1.23 2012/06/11 11:41:25 adam Exp $
+$NetBSD: patch-aa,v 1.24 2016/01/10 20:55:56 bsiegert Exp $
 
---- Local/Makefile.pkgsrc.orig	2012-06-11 11:27:45.000000000 +0000
+--- Local/Makefile.pkgsrc.orig	2016-01-10 20:50:29.000000000 +0000
 +++ Local/Makefile.pkgsrc
 @@ -98,7 +98,7 @@
  # /usr/local/sbin. The installation script will try to create this directory,
@@ -56,7 +56,7 @@ $NetBSD: patch-aa,v 1.23 2012/06/11 11:41:25 adam Exp $
  
  
  #------------------------------------------------------------------------------
-@@ -578,15 +578,15 @@ FIXED_NEVER_USERS=root
+@@ -628,16 +628,16 @@ FIXED_NEVER_USERS=root
  # included in the Exim binary. You will then need to set up the run time
  # configuration to make use of the mechanism(s) selected.
  
@@ -72,10 +72,11 @@ $NetBSD: patch-aa,v 1.23 2012/06/11 11:41:25 adam Exp $
 -# AUTH_SPA=yes
 +AUTH_PLAINTEXT=yes
 +AUTH_SPA=yes
+ # AUTH_TLS=yes
  
  
  #------------------------------------------------------------------------------
-@@ -764,7 +764,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -822,7 +822,7 @@ HEADERS_CHARSET="ISO-8859-1"
  # %s. This will be replaced by one of the strings "main", "panic", or "reject"
  # to form the final file names. Some installations may want something like this:
  
@@ -84,7 +85,7 @@ $NetBSD: patch-aa,v 1.23 2012/06/11 11:41:25 adam Exp $
  
  # which results in files with names /var/log/exim_mainlog, etc. The directory
  # in which the log files are placed must exist; Exim does not try to create
-@@ -1016,13 +1016,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1080,13 +1080,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
  # haven't got Perl, Exim will still build and run; you just won't be able to
  # use those utilities.
  
@@ -105,7 +106,7 @@ $NetBSD: patch-aa,v 1.23 2012/06/11 11:41:25 adam Exp $
  
  
  #------------------------------------------------------------------------------
-@@ -1222,7 +1222,7 @@ TMPDIR="/tmp"
+@@ -1286,7 +1286,7 @@ TMPDIR="/tmp"
  # (process id) to a file so that it can easily be identified. The path of the
  # file can be specified here. Some installations may want something like this:
  
@@ -114,7 +115,7 @@ $NetBSD: patch-aa,v 1.23 2012/06/11 11:41:25 adam Exp $
  
  # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
  # using the name "exim-daemon.pid".
-@@ -1294,3 +1294,10 @@ TMPDIR="/tmp"
+@@ -1358,3 +1358,10 @@ TMPDIR="/tmp"
  # ENABLE_DISABLE_FSYNC=yes
  
  # End of EDITME for Exim 4.