diff --git a/exim-4.68.tar.bz2 b/exim-4.68.tar.bz2
new file mode 100644
index 0000000..fbc960d
--- /dev/null
+++ b/exim-4.68.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:31e79e045bfbb730dbe86fdfc7793055d21b78367bae5b8e7bb9494c6ea760b0
+size 1641636
diff --git a/exim.changes b/exim.changes
index 1f90c8f..387a2f5 100644
--- a/exim.changes
+++ b/exim.changes
@@ -1,3 +1,77 @@
+-------------------------------------------------------------------
+Thu Aug 30 17:37:17 CEST 2007 - poeml@suse.de
+
+- update to 4.68
+  PH/01 Another patch from the Sieve maintainer.
+  PH/02 When an IPv6 address is converted to a string for single-key lookup
+        in an address list (e.g. for an item such as "net24-dbm;/net/works"), 
+        dots are used instead of colons so that keys in lsearch files need not
+        contain colons. This was done some time before quoting was made available
+        in lsearch files. However, iplsearch files do require colons in IPv6 keys
+        (notated using the quote facility) so as to distinguish them from IPv4
+        keys. This meant that lookups for IP addresses in host lists did not work
+        for iplsearch lookups.
+        This has been fixed by arranging for IPv6 addresses to be expressed with
+        colons if the lookup type is iplsearch. This is not incompatible, because
+        previously such lookups could never work.
+        The situation is now rather anomolous, since one *can* have colons in
+        ordinary lsearch keys. However, making the change in all cases is
+        incompatible and would probably break a number of configurations.
+  TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
+        version.
+  MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
+        conversion specification without a maximum field width, thereby enabling
+        a rogue spamd server to cause a buffer overflow. While nobody in their
+        right mind would setup Exim to query an untrusted spamd server, an
+        attacker that gains access to a server running spamd could potentially
+        exploit this vulnerability to run arbitrary code as the Exim user.
+  TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
+        $primary_hostname instead of what libspf2 thinks the hosts name is.
+  MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
+        a directory entry by the name of the lookup key. Previously, if a   
+        symlink pointed to a non-existing file or a file in a directory that
+        Exim lacked permissions to read, a lookup for a key matching that
+        symlink would fail. Now it is enough that a matching directory entry
+        exists, symlink or not. (Bugzilla 503.)
+  PH/03 The body_linecount and body_zerocount variables are now exported in the
+        local_scan API.
+  PH/04 Added the $dnslist_matched variable.
+  PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
+        This means they are set thereafter only if the connection becomes
+        encrypted.
+  PH/06 Added the client_condition to authenticators so that some can be skipped
+        by clients under certain conditions.
+  PH/07 The error message for a badly-placed control=no_multiline_responses left
+        "_responses" off the end of the name.
+  PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
+  PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
+        (without spaces) instead of just copying the configuration text.
+  PH/10 Added the /noupdate option to the ratelimit ACL condition.
+  PH/11 Added $max_received_linelength.
+  PH/12 Added +ignore_defer and +include_defer to host lists.
+  PH/13 Installed PCRE version 7.2. This needed some changes because of the new
+        way in which PCRE > 7.0 is built.
+  PH/14 Implemented queue_only_load_latch.
+  PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
+        MAIL command. The effect was to mangle the value on 64-bit systems.
+  PH/16 Another patch from the Sieve maintainer.
+  PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
+  PH/18 If a system quota error occurred while trying to create the file for
+        a maildir delivery, the message "Mailbox is full" was not appended to the
+        bounce if the delivery eventually timed out. Change 4.67/27 below applied
+        only to a quota excession during the actual writing of the file.
+  PH/19 It seems that peer DN values may contain newlines (and other non-printing
+        characters?) which causes problems in log lines. The DN values are now
+        passed through string_printing() before being added to log lines.
+  PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
+        and InterBase are left for another time.)
+  PH/21 Added message_body_newlines option.
+  PH/22 Guard against possible overflow in moan_check_errorcopy().
+  PH/23 POSIX allows open() to be a macro; guard against that.
+  PH/24 If the recipient of an error message contained an @ in the local part
+        (suitably quoted, of course), incorrect values were put in $domain and
+        $local_part during the evaluation of errors_copy.
+
 -------------------------------------------------------------------
 Fri Aug 24 08:33:24 CEST 2007 - poeml@suse.de
 
diff --git a/exim.spec b/exim.spec
index 62e2090..ed9463a 100644
--- a/exim.spec
+++ b/exim.spec
@@ -36,7 +36,7 @@ provides:     smtp_daemon
 Requires:       logrotate
 PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils
 %endif
-Version:        4.67
+Version:        4.68
 Release:        1
 Summary:        The Exim Mail Transfer Agent, a Replacement for sendmail
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build