public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2015-10-19 10:52 Sergey Popov
  0 siblings, 0 replies; 26+ messages in thread
From: Sergey Popov @ 2015-10-19 10:52 UTC (permalink / raw
  To: gentoo-commits

commit:     2091c3a9d7ceccca564d8277d4de8e0e934615d7
Author:     Alexander Tsoy <alexander <AT> tsoy <DOT> me>
AuthorDate: Sat Oct 17 21:44:31 2015 +0000
Commit:     Sergey Popov <pinkbyte <AT> gentoo <DOT> org>
CommitDate: Mon Oct 19 10:52:50 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2091c3a9

mail-mta/exim: use freeradius-client instead of radiusclient

Also fix compilation with USE=radius. It was broken since
4.86 release.

Acked-by: Sergey Popov <pinkbyte <AT> gentoo.org>
Gentoo-Bug: 563356

 mail-mta/exim/exim-4.86-r2.ebuild                  | 513 +++++++++++++++++++++
 mail-mta/exim/files/exim-4.86-radius-include.patch |  15 +
 .../exim/files/exim-4.86-radius-type-fix.patch     |  25 +
 3 files changed, 553 insertions(+)

diff --git a/mail-mta/exim/exim-4.86-r2.ebuild b/mail-mta/exim/exim-4.86-r2.ebuild
new file mode 100644
index 0000000..ef5243c
--- /dev/null
+++ b/mail-mta/exim/exim-4.86-r2.ebuild
@@ -0,0 +1,513 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
+REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+	mirror://gentoo/system_filter.exim.gz
+	doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+	>=sys-libs/db-3.2
+	dev-libs/libpcre
+	perl? ( dev-lang/perl:= )
+	pam? ( virtual/pam )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gnutls? ( net-libs/gnutls[pkcs11?]
+			  dev-libs/libtasn1 )
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	mysql? ( virtual/mysql )
+	postgres? ( dev-db/postgresql )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+	redis? ( dev-libs/hiredis )
+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+	dmarc? ( mail-filter/opendmarc )
+	srs? ( mail-filter/libsrs_alt )
+	X? ( x11-proto/xproto
+		x11-libs/libX11
+		x11-libs/libXmu
+		x11-libs/libXt
+		x11-libs/libXaw
+	)
+	sqlite? ( dev-db/sqlite )
+	radius? ( net-dialup/freeradius-client )
+	virtual/libiconv
+	"
+	# added X check for #57206
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/mini-qmail
+	!<mail-mta/msmtp-1.4.19-r1
+	!>=mail-mta/msmtp-1.4.19-r1[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!<mail-mta/ssmtp-2.64-r2
+	!>=mail-mta/ssmtp-2.64-r2[mta]
+	!net-mail/mailwrapper
+	>=net-mail/mailbase-0.00-r5
+	virtual/logger
+	dcc? ( mail-filter/dcc )
+	selinux? ( sec-policy/selinux-exim )
+	"
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+	epatch "${FILESDIR}"/exim-4.14-tail.patch
+	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+	epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
+	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+	epatch "${FILESDIR}"/exim-4.86-radius-type-fix.patch
+	epatch "${FILESDIR}"/exim-4.86-radius-include.patch
+
+	if use maildir ; then
+		epatch "${FILESDIR}"/exim-4.20-maildir.patch
+	else
+		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+	fi
+
+	# user Exim believes it should be
+	MAILUSER=mail
+	MAILGROUP=mail
+	if use prefix && [[ ${EUID} != 0 ]] ; then
+		MAILUSER=$(id -un)
+		MAILGROUP=$(id -gn)
+	fi
+}
+
+src_configure() {
+	# general config and paths
+
+	sed -i.orig \
+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+		"${S}"/src/configure.default || die
+
+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+		src/EDITME > Local/Makefile
+
+	cd Local
+
+	cat >> Makefile <<- EOC
+		INFO_DIRECTORY=${EPREFIX}/usr/share/info
+		PID_FILE_PATH=${EPREFIX}/run/exim.pid
+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+		HAVE_ICONV=yes
+	EOC
+
+	# if we use libiconv, now is the time to tell so
+	use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+	# support for IPv6
+	if use ipv6; then
+		cat >> Makefile <<- EOC
+			HAVE_IPV6=YES
+		EOC
+	fi
+
+	#
+	# mail storage formats
+
+	# mailstore is Exim's traditional storage format
+	cat >> Makefile <<- EOC
+		SUPPORT_MAILSTORE=yes
+	EOC
+
+	# mbox
+	if use mbx; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MBX=yes
+		EOC
+	fi
+
+	# maildir
+	if use maildir; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MAILDIR=yes
+		EOC
+	fi
+
+	#
+	# lookup methods
+
+	# use the "native" interfaces to the DBM and CDB libraries, support
+	# passwd and directory lookups by default
+	cat >> Makefile <<- EOC
+		USE_DB=yes
+		DBMLIB=-ldb
+		LOOKUP_CDB=yes
+		LOOKUP_PASSWD=yes
+		LOOKUP_DSEARCH=yes
+	EOC
+
+	if ! use dnsdb; then
+		# DNSDB lookup is enabled by default
+		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+	fi
+
+	if use ldap; then
+		cat >> Makefile <<- EOC
+			LOOKUP_LDAP=yes
+			LDAP_LIB_TYPE=OPENLDAP2
+			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+			LOOKUP_LIBS += -lldap -llber
+		EOC
+	fi
+
+	if use mysql; then
+		cat >> Makefile <<- EOC
+			LOOKUP_MYSQL=yes
+			LOOKUP_INCLUDE += $(mysql_config --include)
+			LOOKUP_LIBS += $(mysql_config --libs)
+		EOC
+	fi
+
+	if use nis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_NIS=yes
+			LOOKUP_NISPLUS=yes
+		EOC
+	fi
+
+	if use postgres; then
+		cat >> Makefile <<- EOC
+			LOOKUP_PGSQL=yes
+			LOOKUP_INCLUDE += -I$(pg_config --includedir)
+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+		EOC
+	fi
+
+	if use sqlite; then
+		cat >> Makefile <<- EOC
+			LOOKUP_SQLITE=yes
+			LOOKUP_SQLITE_PC=sqlite3
+		EOC
+	fi
+
+	if use redis; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_REDIS=yes
+			LOOKUP_LIBS += -lhiredis
+		EOC
+	fi
+
+	#
+	# Exim monitor, enabled by default, controlled via X USE-flag,
+	# disable if not requested, bug #46778
+	if use X; then
+		cp ../exim_monitor/EDITME eximon.conf || die
+	else
+		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+	fi
+
+	#
+	# features
+
+	# content scanning support
+	if use exiscan-acl; then
+		cat >> Makefile <<- EOC
+			WITH_CONTENT_SCAN=yes
+			WITH_OLD_DEMIME=yes
+		EOC
+	fi
+
+	# DomainKeys Identified Mail, RFC4871
+	if ! use dkim; then
+		# DKIM is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_DKIM=yes
+		EOC
+	fi
+
+	# Per-Recipient-Data-Response
+	if ! use prdr; then
+		# PRDR is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_PRDR=yes
+		EOC
+	fi
+
+	# log to syslog
+	if use syslog; then
+		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=syslog
+		EOC
+	else
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+		EOC
+	fi
+
+	# starttls support (ssl)
+	if use ssl; then
+		echo "SUPPORT_TLS=yes" >> Makefile
+		if use gnutls; then
+			echo "USE_GNUTLS=yes" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls" >> Makefile
+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+		else
+			echo "USE_OPENSSL_PC=openssl" >> Makefile
+		fi
+	fi
+
+	# TCP wrappers
+	if use tcpd; then
+		cat >> Makefile <<- EOC
+			USE_TCP_WRAPPERS=yes
+			EXTRALIBS_EXIM += -lwrap
+		EOC
+	fi
+
+	# Light Mail Transport Protocol
+	if use lmtp; then
+		cat >> Makefile <<- EOC
+			TRANSPORT_LMTP=yes
+		EOC
+	fi
+
+	# embedded Perl
+	if use perl; then
+		cat >> Makefile <<- EOC
+			EXIM_PERL=perl.o
+		EOC
+	fi
+
+	# dlfunc
+	if use dlfunc; then
+		cat >> Makefile <<- EOC
+			EXPAND_DLFUNC=yes
+		EOC
+	fi
+
+	#
+	# experimental features
+
+	# Distributed Checksum Clearinghouse
+	if use dcc; then
+		echo "EXPERIMENTAL_DCC=yes">> Makefile
+	fi
+
+	# Sender Policy Framework
+	if use spf; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SPF=yes
+			EXTRALIBS_EXIM += -lspf2
+		EOC
+	fi
+
+	# Sender Rewriting Scheme
+	if use srs; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SRS=yes
+			EXTRALIBS_EXIM += -lsrs_alt
+		EOC
+	fi
+
+	# DMARC
+	if use dmarc; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DMARC=yes
+			EXTRALIBS_EXIM += -lopendmarc
+		EOC
+	fi
+
+	# Transport post-delivery actions
+	if use tpda; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_EVENT=yes
+		EOC
+	fi
+
+	# Proxy Protocol
+	if use proxy; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_PROXY=yes
+		EOC
+	fi
+
+	# Delivery Sender Notifications
+	if use dsn; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DSN=yes
+		EOC
+	fi
+
+	#
+	# authentication (SMTP AUTH)
+
+	# standard bits
+	cat >> Makefile <<- EOC
+		AUTH_SPA=yes
+		AUTH_CRAM_MD5=yes
+		AUTH_PLAINTEXT=yes
+	EOC
+
+	# Cyrus SASL
+	if use sasl; then
+		cat >> Makefile <<- EOC
+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+			AUTH_CYRUS_SASL=yes
+			AUTH_LIBS += -lsasl2
+		EOC
+	fi
+
+	# Dovecot
+	if use dovecot-sasl; then
+		cat >> Makefile <<- EOC
+			AUTH_DOVECOT=yes
+		EOC
+	fi
+
+	# Pluggable Authentication Modules
+	if use pam; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PAM=yes
+			AUTH_LIBS += -lpam
+		EOC
+	fi
+
+	# Radius
+	if use radius; then
+		cat >> Makefile <<- EOC
+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+			AUTH_LIBS += -lfreeradius-client
+		EOC
+	fi
+}
+
+src_compile() {
+	emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+		|| die "make failed"
+}
+
+src_install () {
+	cd "${S}"/build-exim-gentoo || die
+	dosbin exim
+	if use X; then
+		dosbin eximon.bin
+		dosbin eximon
+	fi
+	fperms 4755 /usr/sbin/exim
+
+	dosym exim /usr/sbin/sendmail
+	dosym exim /usr/sbin/rsmtp
+	dosym exim /usr/sbin/rmail
+	dosym /usr/sbin/exim /usr/bin/mailq
+	dosym /usr/sbin/exim /usr/bin/newaliases
+	dosym /usr/sbin/sendmail /usr/lib/sendmail
+
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+		convert4r3 convert4r4 exipick
+	do
+		dosbin $i
+	done
+
+	dodoc "${S}"/doc/*
+	doman "${S}"/doc/exim.8
+	use dsn && dodoc "${S}"/README.DSN
+	use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
+
+	# conf files
+	insinto /etc/exim
+	newins "${S}"/src/configure.default exim.conf.dist
+	if use exiscan-acl; then
+		newins "${S}"/src/configure.default exim.conf.exiscan-acl
+	fi
+	doins "${WORKDIR}"/system_filter.exim
+	doins "${FILESDIR}"/auth_conf.sub
+
+	pamd_mimic system-auth exim auth account
+
+	# headers, #436406
+	if use dlfunc ; then
+		# fixup includes so they actually can be found when including
+		sed -i \
+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+			local_scan.h || die
+		insinto /usr/include/exim
+		doins {config,local_scan}.h ../src/{mytypes,store}.h
+	fi
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/exim.logrotate" exim
+
+	newinitd "${FILESDIR}"/exim.rc9 exim
+	newconfd "${FILESDIR}"/exim.confd exim
+
+	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+	DIROPTIONS="-m 0750 -o ${MAILUSER} -g ${MAILGROUP}"
+	dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+	fi
+	if use dcc ; then
+		einfo "DCC support is experimental, you can find some limited"
+		einfo "documentation at the bottom of this prerelease message:"
+		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+	fi
+	use spf && einfo "SPF support is experimental"
+	use srs && einfo "SRS support is experimental"
+	if use dmarc ; then
+		einfo "DMARC support is experimental.  See global settings to"
+		einfo "configure DMARC, for usage see the documentation at "
+		einfo "experimental-spec.txt."
+	fi
+	use tpda && einfo "TPDA/EVENT support is experimental"
+	use proxy && einfo "proxy support is experimental"
+	if use dsn ; then
+		einfo "Starting from Exim 4.83, DSN support comes from upstream."
+		einfo "DSN support is an experimental feature.  If you used DSN"
+		einfo "support prior to 4.83, make sure to remove all dsn_process"
+		einfo "switches from your routers, see https://bugs.gentoo.org/511818"
+	fi
+	einfo "Exim maintains some db files under its spool directory that need"
+	einfo "cleaning from time to time.  (${EROOT}var/spool/exim/db)"
+	einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
+	einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
+}

diff --git a/mail-mta/exim/files/exim-4.86-radius-include.patch b/mail-mta/exim/files/exim-4.86-radius-include.patch
new file mode 100644
index 0000000..acff7fc
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.86-radius-include.patch
@@ -0,0 +1,15 @@
+diff -urN exim-4.86.orig/src/auths/call_radius.c exim-4.86/src/auths/call_radius.c
+--- exim-4.86.orig/src/auths/call_radius.c	2015-07-24 00:20:37.000000000 +0300
++++ exim-4.86/src/auths/call_radius.c	2015-10-17 20:05:31.581240956 +0300
+@@ -38,7 +38,11 @@
+   #if !defined(RADIUS_LIB_RADIUSCLIENT) && !defined(RADIUS_LIB_RADIUSCLIENTNEW)
+   #define RADIUS_LIB_RADIUSCLIENT
+   #endif
++  #ifdef RADIUS_LIB_RADIUSCLIENTNEW
++  #include <freeradius-client.h>
++  #else
+   #include <radiusclient.h>
++  #endif
+ #endif
+ 
+ 

diff --git a/mail-mta/exim/files/exim-4.86-radius-type-fix.patch b/mail-mta/exim/files/exim-4.86-radius-type-fix.patch
new file mode 100644
index 0000000..3ff4722
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.86-radius-type-fix.patch
@@ -0,0 +1,25 @@
+commit 1b2adaee621f520aa640669a35c089c448294e9e
+Author: Alexander Tsoy <alexander@tsoy.me>
+Date:   Sat Oct 17 20:39:10 2015 +0300
+
+    Fix conflicting types errors in radius auth
+    
+    Was broken by commits 93a6fce2 and 55414b25
+
+diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c
+index 2064ed2..1201078 100644
+--- a/src/src/auths/call_radius.c
++++ b/src/src/auths/call_radius.c
+@@ -60,10 +60,10 @@ Returns:   OK if authentication succeeded
+ */
+ 
+ int
+-auth_call_radius(uschar *s, uschar **errptr)
++auth_call_radius(const uschar *s, uschar **errptr)
+ {
+ uschar *user;
+-uschar *radius_args = s;
++const uschar *radius_args = s;
+ int result;
+ int sep = 0;
+ 


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2015-12-11  9:23 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2015-12-11  9:23 UTC (permalink / raw
  To: gentoo-commits

commit:     173a12d5c7db64de27086e6ac64c47bd3432bb81
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 11 09:21:06 2015 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Dec 11 09:21:06 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=173a12d5

mail-mta/exim: version bump to 4.87 RC1

Package-Manager: portage-2.2.20.1

 mail-mta/exim/Manifest                             |   2 +
 mail-mta/exim/exim-4.87_rc1.ebuild                 | 511 +++++++++++++++++++++
 .../exim/files/exim-4.87-as-needed-ldflags.patch   | 145 ++++++
 3 files changed, 658 insertions(+)

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index ba03148..2168cd0 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,7 +1,9 @@
 DIST exim-4.84.tar.bz2 1761790 SHA256 78ea22be87fb6df880e7fd482f3bec9ef6ceca0c9dedd50f8a26cae0b38b9e9c SHA512 3cd41af6d57e5f0377fc93367753eae6cb6bf835803e8608c44e1da5acefce1ed8886f4fe7536950de072bfed6e927afe1536c1e6466cf3121dd352b69a68039 WHIRLPOOL 9e840aa6afa0db68455b4ab458706eedd7ea57b084999c9e85eaaec0530ed93958731d934ff1d7830d9b5cd086e36cb56dc8a2f78dad85bdba9ae6573510e840
 DIST exim-4.85.tar.bz2 1784150 SHA256 13211f2bbc5400d095a9b4be075eb1347e0d98676fdfe4be8a3b4d56281daaa4 SHA512 2c5846528ee98e4aff5dbabe49dfa5ba6753fa64154b9671a7849db8a17773917fe13bcb9e5f732c43d7479debfadd8012b8650823eb12504a6b1b28be456161 WHIRLPOOL 4057cd745f12ff62e956838406544060d3d2d7383027959f3c1ca12eff43bddb9be63e284767245b271e53bef92596c1241f5e90e9ed611d02e95b7a30adc7c8
 DIST exim-4.86.tar.bz2 1804807 SHA256 f1ccf2ce2ea51b7fbbf160e7e0e41d24ca401cf44a185128ad99ea04635fc456 SHA512 0b90cd1b4d99bbb976336ccf9c2c3375f453a74bb306f1b0215f7ecca80fbda83cf5cc38c502516c2903c5d753f1f559c534fc4f4b1b32ee3300db86de6610ab WHIRLPOOL a7e938cfaeb92af1b81c8a113752914b61e49d7fd71c39460b944716725b1e98b50a7c9ef1699569cd031ee7cac210639d9ef9bd21280e5ce7682eb40db91726
+DIST exim-4.87_RC1.tar.bz2 1818628 SHA256 cec26ecd7879cd04ab30fc1c152c4967549c8499a4432754ec97c6ecbc712911 SHA512 a97eb31ea612fb19f5fe2da23a51e248beb4faa5a378939207d52207254f50c54b97047a83e6995214ec5e58beeee1540dc12fb4c865ba81b7013c923342d2e0 WHIRLPOOL 4a57f87c84b83853892c400042a221992d9d4a3049195059feb6735ddb848482eac00d1f429da0dbcca2ca3cf984b4ba23f5645ebd1eab5ea92b31ed7cc4aa0b
 DIST exim-html-4.84.tar.bz2 465281 SHA256 7ee7e9015b853915604b7806be93d56e9ba1fb915b63f0d6828c47f2228fd45b SHA512 7de8513476b6abcdfd36b0121a2a9d6decf1ccf94ef51b8363e544066cc05670e6f2b4d03d5fbc49071b1431183dfd9badde5cbcc65f51d55ec6b25ebcb070b9 WHIRLPOOL 88c376fd399e17b2bc06d2d0fad19f8c6485807118a81e0c200f6c39defe7155fa920489481a8b82e629951766ce0222b85956f387d22d22549303bd3dff7f82
 DIST exim-html-4.85.tar.bz2 467069 SHA256 fd91946369626e74842a0799b93d0d9e4a201fe640af84e1b5349fe6ff204167 SHA512 8214576300827f79c0880e2d2163f71d7f1b3fe2aff714b591a011e48816965de5a773c3509137b085fec3d4d2128931f8398768c24dad6c92b7df27cbcafe74 WHIRLPOOL a7edffd7124c4920708616d3e59c0db5159dee5f7e4fd62ce29fdba769d39781a3826d4e3e39cdc97669941bb9a5c977defe280feb73cbe159b23df4cb6fe95f
 DIST exim-html-4.86.tar.bz2 471159 SHA256 02226a9fbb6d5aaa9d35f3e2a3bd9077e2307463de6baf6e3e2e938c1fe39146 SHA512 0c15fbccaf9b744fb8b7990d2b2bd0555a04ef5ed82ffbf2e32372a539bae6d7cebad96960f5570a2f8f27d31ebdf2467c51cb053b059996bb9122bc02fa741b WHIRLPOOL d9fbaa73491ab1657afb6ba59da5adea26144b58b358aeb9829731d3f35d6c1d8c7021c5243cb989e7c704cc346cde2a330f9eedc5b357326c1d56d7caa4a6c5
+DIST exim-html-4.87_RC1.tar.bz2 475376 SHA256 37303fbca2282e86328e2b3bab84526b920ac54e0d4b96d3597639a495ef70db SHA512 1d338abda79aa49968ded992cfa60e4c791bd647783095991be9d7eaf144e4b20460915585af78b498def4a8d3f160937eef85f767adb4512f28384e9ab620db WHIRLPOOL e12e97e1cd0d9b6648377f298c478e5fa2f060ebd004b4726e100414c83f53e6b8e294a8b102357ac15a3868f34ae299edc4213a46851bb78c6e62415999a1ef
 DIST system_filter.exim.gz 3075 SHA256 3a3471b486a09e0a0153f7b520e1eaf26d21b97d73ea8348bdc593c00eb1e437 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 WHIRLPOOL ce68d9c18b24eca3ef97ea810964cc1ada5f85b795a7c432ad39b5788188a16419101c92fb52b418738d760e1d658f7a41485e5561079a667d84d276c71be5a4

diff --git a/mail-mta/exim/exim-4.87_rc1.ebuild b/mail-mta/exim/exim-4.87_rc1.ebuild
new file mode 100644
index 0000000..99e8dde
--- /dev/null
+++ b/mail-mta/exim/exim-4.87_rc1.ebuild
@@ -0,0 +1,511 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
+REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+	mirror://gentoo/system_filter.exim.gz
+	doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~hppa ~ppc64 ~x86"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+	>=sys-libs/db-3.2
+	dev-libs/libpcre
+	perl? ( dev-lang/perl:= )
+	pam? ( virtual/pam )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gnutls? ( net-libs/gnutls[pkcs11?]
+			  dev-libs/libtasn1 )
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	mysql? ( virtual/mysql )
+	postgres? ( dev-db/postgresql )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+	redis? ( dev-libs/hiredis )
+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+	dmarc? ( mail-filter/opendmarc )
+	srs? ( mail-filter/libsrs_alt )
+	X? ( x11-proto/xproto
+		x11-libs/libX11
+		x11-libs/libXmu
+		x11-libs/libXt
+		x11-libs/libXaw
+	)
+	sqlite? ( dev-db/sqlite )
+	radius? ( net-dialup/freeradius-client )
+	virtual/libiconv
+	"
+	# added X check for #57206
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/mini-qmail
+	!<mail-mta/msmtp-1.4.19-r1
+	!>=mail-mta/msmtp-1.4.19-r1[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!<mail-mta/ssmtp-2.64-r2
+	!>=mail-mta/ssmtp-2.64-r2[mta]
+	!net-mail/mailwrapper
+	>=net-mail/mailbase-0.00-r5
+	virtual/logger
+	dcc? ( mail-filter/dcc )
+	selinux? ( sec-policy/selinux-exim )
+	"
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+	epatch "${FILESDIR}"/exim-4.14-tail.patch
+	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+	epatch "${FILESDIR}"/exim-4.87-as-needed-ldflags.patch # 352265, 391279
+	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+
+	if use maildir ; then
+		epatch "${FILESDIR}"/exim-4.20-maildir.patch
+	else
+		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+	fi
+
+	# user Exim believes it should be
+	MAILUSER=mail
+	MAILGROUP=mail
+	if use prefix && [[ ${EUID} != 0 ]] ; then
+		MAILUSER=$(id -un)
+		MAILGROUP=$(id -gn)
+	fi
+}
+
+src_configure() {
+	# general config and paths
+
+	sed -i.orig \
+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+		"${S}"/src/configure.default || die
+
+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+		src/EDITME > Local/Makefile
+
+	cd Local
+
+	cat >> Makefile <<- EOC
+		INFO_DIRECTORY=${EPREFIX}/usr/share/info
+		PID_FILE_PATH=${EPREFIX}/run/exim.pid
+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+		HAVE_ICONV=yes
+	EOC
+
+	# if we use libiconv, now is the time to tell so
+	use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+	# support for IPv6
+	if use ipv6; then
+		cat >> Makefile <<- EOC
+			HAVE_IPV6=YES
+		EOC
+	fi
+
+	#
+	# mail storage formats
+
+	# mailstore is Exim's traditional storage format
+	cat >> Makefile <<- EOC
+		SUPPORT_MAILSTORE=yes
+	EOC
+
+	# mbox
+	if use mbx; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MBX=yes
+		EOC
+	fi
+
+	# maildir
+	if use maildir; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MAILDIR=yes
+		EOC
+	fi
+
+	#
+	# lookup methods
+
+	# use the "native" interfaces to the DBM and CDB libraries, support
+	# passwd and directory lookups by default
+	cat >> Makefile <<- EOC
+		USE_DB=yes
+		DBMLIB=-ldb
+		LOOKUP_CDB=yes
+		LOOKUP_PASSWD=yes
+		LOOKUP_DSEARCH=yes
+	EOC
+
+	if ! use dnsdb; then
+		# DNSDB lookup is enabled by default
+		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+	fi
+
+	if use ldap; then
+		cat >> Makefile <<- EOC
+			LOOKUP_LDAP=yes
+			LDAP_LIB_TYPE=OPENLDAP2
+			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+			LOOKUP_LIBS += -lldap -llber
+		EOC
+	fi
+
+	if use mysql; then
+		cat >> Makefile <<- EOC
+			LOOKUP_MYSQL=yes
+			LOOKUP_INCLUDE += $(mysql_config --include)
+			LOOKUP_LIBS += $(mysql_config --libs)
+		EOC
+	fi
+
+	if use nis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_NIS=yes
+			LOOKUP_NISPLUS=yes
+		EOC
+	fi
+
+	if use postgres; then
+		cat >> Makefile <<- EOC
+			LOOKUP_PGSQL=yes
+			LOOKUP_INCLUDE += -I$(pg_config --includedir)
+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+		EOC
+	fi
+
+	if use sqlite; then
+		cat >> Makefile <<- EOC
+			LOOKUP_SQLITE=yes
+			LOOKUP_SQLITE_PC=sqlite3
+		EOC
+	fi
+
+	if use redis; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_REDIS=yes
+			LOOKUP_LIBS += -lhiredis
+		EOC
+	fi
+
+	#
+	# Exim monitor, enabled by default, controlled via X USE-flag,
+	# disable if not requested, bug #46778
+	if use X; then
+		cp ../exim_monitor/EDITME eximon.conf || die
+	else
+		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+	fi
+
+	#
+	# features
+
+	# content scanning support
+	if use exiscan-acl; then
+		cat >> Makefile <<- EOC
+			WITH_CONTENT_SCAN=yes
+			WITH_OLD_DEMIME=yes
+		EOC
+	fi
+
+	# DomainKeys Identified Mail, RFC4871
+	if ! use dkim; then
+		# DKIM is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_DKIM=yes
+		EOC
+	fi
+
+	# Per-Recipient-Data-Response
+	if ! use prdr; then
+		# PRDR is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_PRDR=yes
+		EOC
+	fi
+
+	# log to syslog
+	if use syslog; then
+		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=syslog
+		EOC
+	else
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+		EOC
+	fi
+
+	# starttls support (ssl)
+	if use ssl; then
+		echo "SUPPORT_TLS=yes" >> Makefile
+		if use gnutls; then
+			echo "USE_GNUTLS=yes" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls" >> Makefile
+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+		else
+			echo "USE_OPENSSL_PC=openssl" >> Makefile
+		fi
+	fi
+
+	# TCP wrappers
+	if use tcpd; then
+		cat >> Makefile <<- EOC
+			USE_TCP_WRAPPERS=yes
+			EXTRALIBS_EXIM += -lwrap
+		EOC
+	fi
+
+	# Light Mail Transport Protocol
+	if use lmtp; then
+		cat >> Makefile <<- EOC
+			TRANSPORT_LMTP=yes
+		EOC
+	fi
+
+	# embedded Perl
+	if use perl; then
+		cat >> Makefile <<- EOC
+			EXIM_PERL=perl.o
+		EOC
+	fi
+
+	# dlfunc
+	if use dlfunc; then
+		cat >> Makefile <<- EOC
+			EXPAND_DLFUNC=yes
+		EOC
+	fi
+
+	#
+	# experimental features
+
+	# Distributed Checksum Clearinghouse
+	if use dcc; then
+		echo "EXPERIMENTAL_DCC=yes">> Makefile
+	fi
+
+	# Sender Policy Framework
+	if use spf; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SPF=yes
+			EXTRALIBS_EXIM += -lspf2
+		EOC
+	fi
+
+	# Sender Rewriting Scheme
+	if use srs; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SRS=yes
+			EXTRALIBS_EXIM += -lsrs_alt
+		EOC
+	fi
+
+	# DMARC
+	if use dmarc; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DMARC=yes
+			EXTRALIBS_EXIM += -lopendmarc
+		EOC
+	fi
+
+	# Transport post-delivery actions
+	if use tpda; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_EVENT=yes
+		EOC
+	fi
+
+	# Proxy Protocol
+	if use proxy; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_PROXY=yes
+		EOC
+	fi
+
+	# Delivery Sender Notifications
+	if use dsn; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DSN=yes
+		EOC
+	fi
+
+	#
+	# authentication (SMTP AUTH)
+
+	# standard bits
+	cat >> Makefile <<- EOC
+		AUTH_SPA=yes
+		AUTH_CRAM_MD5=yes
+		AUTH_PLAINTEXT=yes
+	EOC
+
+	# Cyrus SASL
+	if use sasl; then
+		cat >> Makefile <<- EOC
+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+			AUTH_CYRUS_SASL=yes
+			AUTH_LIBS += -lsasl2
+		EOC
+	fi
+
+	# Dovecot
+	if use dovecot-sasl; then
+		cat >> Makefile <<- EOC
+			AUTH_DOVECOT=yes
+		EOC
+	fi
+
+	# Pluggable Authentication Modules
+	if use pam; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PAM=yes
+			AUTH_LIBS += -lpam
+		EOC
+	fi
+
+	# Radius
+	if use radius; then
+		cat >> Makefile <<- EOC
+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+			AUTH_LIBS += -lfreeradius-client
+		EOC
+	fi
+}
+
+src_compile() {
+	emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+		|| die "make failed"
+}
+
+src_install () {
+	cd "${S}"/build-exim-gentoo || die
+	dosbin exim
+	if use X; then
+		dosbin eximon.bin
+		dosbin eximon
+	fi
+	fperms 4755 /usr/sbin/exim
+
+	dosym exim /usr/sbin/sendmail
+	dosym exim /usr/sbin/rsmtp
+	dosym exim /usr/sbin/rmail
+	dosym /usr/sbin/exim /usr/bin/mailq
+	dosym /usr/sbin/exim /usr/bin/newaliases
+	dosym /usr/sbin/sendmail /usr/lib/sendmail
+
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+		convert4r3 convert4r4 exipick
+	do
+		dosbin $i
+	done
+
+	dodoc "${S}"/doc/*
+	doman "${S}"/doc/exim.8
+	use dsn && dodoc "${S}"/README.DSN
+	use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
+
+	# conf files
+	insinto /etc/exim
+	newins "${S}"/src/configure.default exim.conf.dist
+	if use exiscan-acl; then
+		newins "${S}"/src/configure.default exim.conf.exiscan-acl
+	fi
+	doins "${WORKDIR}"/system_filter.exim
+	doins "${FILESDIR}"/auth_conf.sub
+
+	pamd_mimic system-auth exim auth account
+
+	# headers, #436406
+	if use dlfunc ; then
+		# fixup includes so they actually can be found when including
+		sed -i \
+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+			local_scan.h || die
+		insinto /usr/include/exim
+		doins {config,local_scan}.h ../src/{mytypes,store}.h
+	fi
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/exim.logrotate" exim
+
+	newinitd "${FILESDIR}"/exim.rc9 exim
+	newconfd "${FILESDIR}"/exim.confd exim
+
+	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+	dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+	fi
+	if use dcc ; then
+		einfo "DCC support is experimental, you can find some limited"
+		einfo "documentation at the bottom of this prerelease message:"
+		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+	fi
+	use spf && einfo "SPF support is experimental"
+	use srs && einfo "SRS support is experimental"
+	if use dmarc ; then
+		einfo "DMARC support is experimental.  See global settings to"
+		einfo "configure DMARC, for usage see the documentation at "
+		einfo "experimental-spec.txt."
+	fi
+	use tpda && einfo "TPDA/EVENT support is experimental"
+	use proxy && einfo "proxy support is experimental"
+	if use dsn ; then
+		einfo "Starting from Exim 4.83, DSN support comes from upstream."
+		einfo "DSN support is an experimental feature.  If you used DSN"
+		einfo "support prior to 4.83, make sure to remove all dsn_process"
+		einfo "switches from your routers, see https://bugs.gentoo.org/511818"
+	fi
+	einfo "Exim maintains some db files under its spool directory that need"
+	einfo "cleaning from time to time.  (${EROOT}var/spool/exim/db)"
+	einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
+	einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
+}

diff --git a/mail-mta/exim/files/exim-4.87-as-needed-ldflags.patch b/mail-mta/exim/files/exim-4.87-as-needed-ldflags.patch
new file mode 100644
index 0000000..e438485
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.87-as-needed-ldflags.patch
@@ -0,0 +1,145 @@
+https://bugs.gentoo.org/show_bug.cgi?id=352265
+
+Make sure LDFLAGS comes first, such that all libraries are considered,
+and not discarded when --as-needed is in effect.
+
+https://bugs.gentoo.org/show_bug.cgi?id=391279
+
+Use LDFLAGS for all targets, not just the exim binary, such that
+--as-needed works as well.
+
+
+--- OS/Makefile-Base
++++ OS/Makefile-Base
+@@ -325,12 +325,12 @@
+         buildrouters buildtransports \
+         $(OBJ_EXIM) version.o
+ 	@echo "$(LNCC) -o exim"
+-	$(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \
++	$(FE)$(PURIFY) $(LNCC) -o exim $(LDFLAGS) $(OBJ_EXIM) version.o \
+ 	  routers/routers.a transports/transports.a lookups/lookups.a \
+ 	  auths/auths.a pdkim/pdkim.a \
+ 	  $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \
+ 	  $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \
+-	  $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS)
++	  $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LFLAGS)
+ 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ 	  echo $(STRIP_COMMAND) exim; \
+ 	  $(STRIP_COMMAND) exim; \
+@@ -346,8 +346,8 @@
+ 
+ exim_dumpdb: $(OBJ_DUMPDB)
+ 	@echo "$(LNCC) -o exim_dumpdb"
+-	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LFLAGS) $(OBJ_DUMPDB) \
+-	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
++	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LDFLAGS) $(OBJ_DUMPDB) \
++	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
+ 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ 	  echo $(STRIP_COMMAND) exim_dumpdb; \
+ 	  $(STRIP_COMMAND) exim_dumpdb; \
+@@ -361,8 +361,8 @@
+ 
+ exim_fixdb:  $(OBJ_FIXDB) buildauths
+ 	@echo "$(LNCC) -o exim_fixdb"
+-	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \
+-	  auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB)
++	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LDFLAGS) $(OBJ_FIXDB) \
++	  auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
+ 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ 	  echo $(STRIP_COMMAND) exim_fixdb; \
+ 	  $(STRIP_COMMAND) exim_fixdb; \
+@@ -376,8 +376,8 @@
+ 
+ exim_tidydb: $(OBJ_TIDYDB)
+ 	@echo "$(LNCC) -o exim_tidydb"
+-	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LFLAGS) $(OBJ_TIDYDB) \
+-	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
++	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LDFLAGS) $(OBJ_TIDYDB) \
++	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
+ 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ 	  echo $(STRIP_COMMAND) exim_tidydb; \
+ 	  $(STRIP_COMMAND) exim_tidydb; \
+@@ -389,8 +389,8 @@
+ 
+ exim_dbmbuild: exim_dbmbuild.o
+ 	@echo "$(LNCC) -o exim_dbmbuild"
+-	$(FE)$(LNCC) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
+-	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
++	$(FE)$(LNCC) -o exim_dbmbuild $(LDFLAGS) exim_dbmbuild.o \
++	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
+ 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ 	  echo $(STRIP_COMMAND) exim_dbmbuild; \
+ 	  $(STRIP_COMMAND) exim_dbmbuild; \
+@@ -404,8 +404,8 @@
+ 	@echo "$(CC) exim_lock.c"
+ 	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
+ 	@echo "$(LNCC) -o exim_lock"
+-	$(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o  \
+-	  $(LIBS) $(EXTRALIBS)
++	$(FE)$(LNCC) -o exim_lock $(LDFLAGS) exim_lock.o  \
++	  $(LIBS) $(EXTRALIBS) $(LFLAGS)
+ 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ 	  echo $(STRIP_COMMAND) exim_lock; \
+ 	  $(STRIP_COMMAND) exim_lock; \
+@@ -435,9 +435,9 @@
+ 	$(FE)$(CC) -o em_version.o -c \
+ 	  $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c
+ 	@echo "$(LNCC) -o eximon.bin"
+-	$(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \
++	$(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LDFLAGS) $(XLFLAGS) \
+ 	$(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \
+-	  $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc
++	  $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc $(LFLAGS)
+ 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ 	  echo $(STRIP_COMMAND) eximon.bin; \
+ 	  $(STRIP_COMMAND) eximon.bin; \
+@@ -745,9 +745,9 @@
+ test_dbfn:   config.h dbfn.c dummies.o sa-globals.o sa-os.o store.o \
+ 	       string.o tod.o version.o utf8.o
+ 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
+-	$(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \
++	$(LNCC) -o test_dbfn $(LDFLAGS) dbfn.o \
+ 	  dummies.o sa-globals.o sa-os.o store.o string.o \
+-	  tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS)
++	  tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LFLAGS)
+ 	rm -f dbfn.o
+ 
+ test_host:   config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
+@@ -756,29 +756,29 @@
+ 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c
+ 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c
+ 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c
+-	$(LNCC) -o test_host $(LFLAGS) \
++	$(LNCC) -o test_host $(LDFLAGS) \
+ 	  host.o child.o dns.o dummies.o sa-globals.o os.o store.o string.o \
+-	  tod.o tree.o $(LIBS) $(LIBRESOLV)
++	  tod.o tree.o $(LIBS) $(LIBRESOLV) $(LFLAGS)
+ 	rm -f child.o dummies.o host.o dns.o
+ 
+ test_os:     os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o
+ 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c
+-	$(LNCC) -o test_os $(LFLAGS) os.o dummies.o \
+-	  sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS)
++	$(LNCC) -o test_os $(LDFLAGS) os.o dummies.o \
++	  sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LFLAGS)
+ 	rm -f os.o
+ 
+ test_parse:  config.h parse.c dummies.o sa-globals.o \
+ 	     store.o string.o tod.o version.o utf8.o
+ 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c
+-	$(LNCC) -o test_parse $(LFLAGS) parse.o \
++	$(LNCC) -o test_parse $(LDFLAGS) parse.o \
+ 	  dummies.o sa-globals.o store.o string.o tod.o version.o \
+-	  utf8.o $(LDFLAGS)
++	  utf8.o $(LFLAGS)
+ 	rm -f parse.o
+ 
+ test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o
+ 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c
+-	$(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \
+-	  dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS)
++	$(LNCC) -o test_string $(LDFLAGS) -DSTAND_ALONE string.o \
++	  dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LFLAGS)
+ 	rm -f string.o
+ 
+ # End


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2016-03-04 10:58 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2016-03-04 10:58 UTC (permalink / raw
  To: gentoo-commits

commit:     d64c7f7c68164c8d99325dd8fba7efcd515b9b09
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  4 10:56:37 2016 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Mar  4 10:56:37 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d64c7f7c

mail-mta/exim: fix TMPDIR patch for 4.86.2, drop for 4.87_rc5 as it's upstream, bug #576332

Package-Manager: portage-2.2.26

 mail-mta/exim/exim-4.86.2.ebuild             |  2 +-
 mail-mta/exim/exim-4.87_rc5.ebuild           |  1 -
 mail-mta/exim/files/exim-4.86.2-TMPDIR.patch | 68 ++++++++++++++++++++++++++++
 3 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/mail-mta/exim/exim-4.86.2.ebuild b/mail-mta/exim/exim-4.86.2.ebuild
index afad148..1e63f26 100644
--- a/mail-mta/exim/exim-4.86.2.ebuild
+++ b/mail-mta/exim/exim-4.86.2.ebuild
@@ -87,7 +87,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
 	epatch "${FILESDIR}"/exim-4.86-radius-type-fix.patch
 	epatch "${FILESDIR}"/exim-4.86-radius-include.patch
-	epatch "${FILESDIR}"/exim-4.86-TMPDIR.patch # 63420
+	epatch "${FILESDIR}"/exim-4.86.2-TMPDIR.patch # 63420
 
 	if use maildir ; then
 		epatch "${FILESDIR}"/exim-4.20-maildir.patch

diff --git a/mail-mta/exim/exim-4.87_rc5.ebuild b/mail-mta/exim/exim-4.87_rc5.ebuild
index 2bcd192..661bf5e 100644
--- a/mail-mta/exim/exim-4.87_rc5.ebuild
+++ b/mail-mta/exim/exim-4.87_rc5.ebuild
@@ -85,7 +85,6 @@ src_prepare() {
 	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
 	epatch "${FILESDIR}"/exim-4.87-as-needed-ldflags.patch # 352265, 391279
 	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-	epatch "${FILESDIR}"/exim-4.86-TMPDIR.patch # 63420
 
 	if use maildir ; then
 		epatch "${FILESDIR}"/exim-4.20-maildir.patch

diff --git a/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch b/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch
new file mode 100644
index 0000000..9c05a24
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch
@@ -0,0 +1,68 @@
+Adapted for 4.86.2
+
+From c36cf51b85cfc86e46226c846914c8d915f9f3c0 Mon Sep 17 00:00:00 2001
+From: Alexander Tsoy <alexander@tsoy.me>
+Date: Tue, 2 Feb 2016 20:56:15 +0300
+Subject: [PATCH] Rename build-time option TMPDIR to EXIM_TMPDIR
+
+---
+ src/EDITME              |  2 +-
+ src/config.h.defaults   |  2 +-
+ src/exim.c              | 12 ++++++------
+ 3 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/EDITME b/src/EDITME
+index 30a296e..6afe0c7 100644
+--- a/src/EDITME
++++ b/src/EDITME
+@@ -1123,7 +1123,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+ # it replaces the value with what is defined here. Commenting this setting
+ # suppresses the check altogether.
+ 
+-TMPDIR="/tmp"
++EXIM_TMPDIR="/tmp"
+ 
+ 
+ #------------------------------------------------------------------------------
+diff --git a/src/config.h.defaults b/src/config.h.defaults
+index 14de083..c1cf1a9 100644
+--- a/src/config.h.defaults
++++ b/src/config.h.defaults
+@@ -150,7 +150,7 @@ it's a default value. */
+ 
+ #define TCP_WRAPPERS_DAEMON_NAME "exim"
+ #define TIMEZONE_DEFAULT
+-#define TMPDIR
++#define EXIM_TMPDIR
+ 
+ #define TRANSPORT_APPENDFILE
+ #define TRANSPORT_AUTOREPLY
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -3887,20 +3887,20 @@
+ temporary files are created; Exim doesn't use these (apart from when delivering
+ to MBX mailboxes), but called libraries such as DBM libraries may require them.
+ If TMPDIR is found in the environment, reset it to the value defined in the
+-TMPDIR macro, if this macro is defined. */
++EXIM_TMPDIR macro, if this macro is defined. */
+ 
+-#ifdef TMPDIR
++#ifdef EXIM_TMPDIR
+   {
+   uschar **p;
+   if (environ) for (p = USS environ; *p != NULL; p++)
+     {
+     if (Ustrncmp(*p, "TMPDIR=", 7) == 0 &&
+-        Ustrcmp(*p+7, TMPDIR) != 0)
++        Ustrcmp(*p+7, EXIM_TMPDIR) != 0)
+       {
+-      uschar *newp = malloc(Ustrlen(TMPDIR) + 8);
+-      sprintf(CS newp, "TMPDIR=%s", TMPDIR);
++      uschar *newp = malloc(Ustrlen(EXIM_TMPDIR) + 8);
++      sprintf(CS newp, "TMPDIR=%s", EXIM_TMPDIR);
+       *p = newp;
+-      DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", TMPDIR);
++      DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", EXIM_TMPDIR);
+       }
+     }
+   }


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2016-07-08 11:28 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2016-07-08 11:28 UTC (permalink / raw
  To: gentoo-commits

commit:     62a850cc4c30b096ca965f64dc9b21a8fcf8b53b
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  8 11:28:24 2016 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Jul  8 11:28:24 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62a850cc

mail-mta/exim: cleanup

Package-Manager: portage-2.2.28

 mail-mta/exim/Manifest                             |   8 -
 mail-mta/exim/exim-4.84.2.ebuild                   | 508 --------------------
 mail-mta/exim/exim-4.84.ebuild                     | 508 --------------------
 mail-mta/exim/exim-4.85.2.ebuild                   | 508 --------------------
 mail-mta/exim/exim-4.86.2.ebuild                   | 525 ---------------------
 mail-mta/exim/files/exim-4.86-TMPDIR.patch         |  71 ---
 mail-mta/exim/files/exim-4.86-radius-include.patch |  15 -
 .../exim/files/exim-4.86-radius-type-fix.patch     |  25 -
 mail-mta/exim/files/exim-4.86.2-TMPDIR.patch       |  68 ---
 mail-mta/exim/files/exim.rc8                       |  30 --
 10 files changed, 2266 deletions(-)

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 7f78b6b..c702b5e 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,15 +1,7 @@
-DIST exim-4.84.2.tar.bz2 1745970 SHA256 eb082aedf9349a29e25120e53f9e67a7ca6c4a6dad579c1425da1e131599bf52 SHA512 04f0f4631d5eb81d7732f4e210fdda87e34adb497f1af744868fab0fe1dc64845b0d1228b34660e0123436a78d0ecf62a6d18702a0ba4f2c1a1c1398b8ac4aaf WHIRLPOOL 34054528aa0a1724001942474ad23385221a42def71bb7460574052f06fe93bead0af04ba5cbdd463fddcb85d855c5441ed3b72a1a97f862a4bf9534267f4434
-DIST exim-4.84.tar.bz2 1761790 SHA256 78ea22be87fb6df880e7fd482f3bec9ef6ceca0c9dedd50f8a26cae0b38b9e9c SHA512 3cd41af6d57e5f0377fc93367753eae6cb6bf835803e8608c44e1da5acefce1ed8886f4fe7536950de072bfed6e927afe1536c1e6466cf3121dd352b69a68039 WHIRLPOOL 9e840aa6afa0db68455b4ab458706eedd7ea57b084999c9e85eaaec0530ed93958731d934ff1d7830d9b5cd086e36cb56dc8a2f78dad85bdba9ae6573510e840
-DIST exim-4.85.2.tar.bz2 1773050 SHA256 b0dcdb8832e77716396a6ca8a7523263af518d23910d818ba9a492fe93bef618 SHA512 17398ac730cc355ea063d68f9396e1f9238d2c9cc90939dd0ed3a003aa995e79190f6a206f1b338c95f300a43c97481b0b24d34bcded7b281b521f9dbb41fc6d WHIRLPOOL faa21b50b76e7d5ffe94d4bbf3616492108a0ab3702c16d1e0e6fe62d6ecc351d5df62d99f0c97aa32d8e20c1af96a3ed57207a026f8830f0df149edf508a33d
 DIST exim-4.85.tar.bz2 1784150 SHA256 13211f2bbc5400d095a9b4be075eb1347e0d98676fdfe4be8a3b4d56281daaa4 SHA512 2c5846528ee98e4aff5dbabe49dfa5ba6753fa64154b9671a7849db8a17773917fe13bcb9e5f732c43d7479debfadd8012b8650823eb12504a6b1b28be456161 WHIRLPOOL 4057cd745f12ff62e956838406544060d3d2d7383027959f3c1ca12eff43bddb9be63e284767245b271e53bef92596c1241f5e90e9ed611d02e95b7a30adc7c8
-DIST exim-4.86.2.tar.bz2 1799316 SHA256 7756deafd0583776e091f2efcba9b36203e668cf420d8876f314980803636eb3 SHA512 5869a7ae8fd66819f654f6617c7e77075a24b110074317b77135b8cc86f12632e79758d41819c6e91871e0145adaba4b91651f5c6c1d2ebd17927f0198876231 WHIRLPOOL 81e284bf6d1be9597e858468834ce8ff60f2783b75fea85a020df20a15a088339c4b2ccc6199c83672fcb37c05d4ca7957e70a2f2827292454266e7f9bcab87f
 DIST exim-4.86.tar.bz2 1804807 SHA256 f1ccf2ce2ea51b7fbbf160e7e0e41d24ca401cf44a185128ad99ea04635fc456 SHA512 0b90cd1b4d99bbb976336ccf9c2c3375f453a74bb306f1b0215f7ecca80fbda83cf5cc38c502516c2903c5d753f1f559c534fc4f4b1b32ee3300db86de6610ab WHIRLPOOL a7e938cfaeb92af1b81c8a113752914b61e49d7fd71c39460b944716725b1e98b50a7c9ef1699569cd031ee7cac210639d9ef9bd21280e5ce7682eb40db91726
 DIST exim-4.87.tar.bz2 1801422 SHA256 74691e0dff4d1b5d387e9c33c86f96a8f6d2adbc781c0dec9d2061a847b07dc9 SHA512 2b0d5c82133315c444e29abd182e0866482c904db1abe5ffe9a3008c2174f52eca850a433c069b4102874dc32bbe4af112beac94ffa154f1c06615c24deb47a4 WHIRLPOOL 3aede6629fbf41a71f6907e636458165258b523a3080d0b59ba6b295c1a258d8ce205a3295d4c49c2e6e88ef597b64895684fd47a3f5c3fba360d8e56be5f7f9
-DIST exim-html-4.84.2.tar.bz2 459553 SHA256 407165354936515c28d6f206cf20bb3c3c7f55e70e66c551154e8e9dd554955d SHA512 17b1151f90eec13334ac27f9f8430276bf1a7b4c9c6e41c76afb52e18fe107ab421194881876221acef6386a7bd8c6a5372fec6217f88e3dd4bcaef8809aa178 WHIRLPOOL df3960dfbb631b9b82d60edda27910e58936e17edc6782cd63bf70bf826bce8dbe76d7add6444045334eb6230167f5f76984274d9ba3a6c6b50009412c6e6e8b
-DIST exim-html-4.84.tar.bz2 465281 SHA256 7ee7e9015b853915604b7806be93d56e9ba1fb915b63f0d6828c47f2228fd45b SHA512 7de8513476b6abcdfd36b0121a2a9d6decf1ccf94ef51b8363e544066cc05670e6f2b4d03d5fbc49071b1431183dfd9badde5cbcc65f51d55ec6b25ebcb070b9 WHIRLPOOL 88c376fd399e17b2bc06d2d0fad19f8c6485807118a81e0c200f6c39defe7155fa920489481a8b82e629951766ce0222b85956f387d22d22549303bd3dff7f82
-DIST exim-html-4.85.2.tar.bz2 461392 SHA256 b84e19f53b4077efbb94e232c8ce6557d133e0275a1d0ec32f2677068ad33dfa SHA512 e6f8531cbf0edc50db43d74b1e671ea51a2eaac7c06c8551f0229bc3a7882c725c8025a95d8a728aeb4ab3feddf6d2e1e5b7191869ac02cdfcb428e986a86422 WHIRLPOOL 8fe3a6575300ce660770b1357cef1158ef1171bcd79d7a4d7170a4867a4f7d5fd5e33d3be8a48ddfc875860d209b0771cd1c49173a9b821b3c1d70b48ea1583c
 DIST exim-html-4.85.tar.bz2 467069 SHA256 fd91946369626e74842a0799b93d0d9e4a201fe640af84e1b5349fe6ff204167 SHA512 8214576300827f79c0880e2d2163f71d7f1b3fe2aff714b591a011e48816965de5a773c3509137b085fec3d4d2128931f8398768c24dad6c92b7df27cbcafe74 WHIRLPOOL a7edffd7124c4920708616d3e59c0db5159dee5f7e4fd62ce29fdba769d39781a3826d4e3e39cdc97669941bb9a5c977defe280feb73cbe159b23df4cb6fe95f
-DIST exim-html-4.86.2.tar.bz2 466139 SHA256 1c97a6efd0a7aaf4b9960ce70fed4df37725f676397ce744efea1503ec1f5914 SHA512 593df23914939f8fa76c15a2ab7fc197efa05fcbb984179c9dc2c7d535fe2bef1394c07bc8449f2219f54615ff2f4ee13b76409d89b846dc71e54880681c913e WHIRLPOOL e6bbcf9bc20e2231542d20f40c656b30ce1f2e6fff5005f594191c5e325d0c5fbd45543b680151773fc14cbee253f417e7cea4e514d4e677486a6d334a36a3a7
 DIST exim-html-4.86.tar.bz2 471159 SHA256 02226a9fbb6d5aaa9d35f3e2a3bd9077e2307463de6baf6e3e2e938c1fe39146 SHA512 0c15fbccaf9b744fb8b7990d2b2bd0555a04ef5ed82ffbf2e32372a539bae6d7cebad96960f5570a2f8f27d31ebdf2467c51cb053b059996bb9122bc02fa741b WHIRLPOOL d9fbaa73491ab1657afb6ba59da5adea26144b58b358aeb9829731d3f35d6c1d8c7021c5243cb989e7c704cc346cde2a330f9eedc5b357326c1d56d7caa4a6c5
 DIST exim-html-4.87.tar.bz2 478953 SHA256 8f87876d4a392f59d1009ba64ac461862951a3f4eed9c0b14a49be7bcbdc1f12 SHA512 224884abfd7ab9a2410dbdd24bb65545faf427f1b83a942c6c72309e7d85771f78bf7dc5ec1439de95e1038959cdfc4ab549abb98852c8b17c8310b51ad0385c WHIRLPOOL 0444f0b8d8f2e6fab66e9ec7b169eb1d175247e31c323f0a2817b60e2ce6b75057c8d38477697472b009f73fd4b285595b8ca09bac845763767e8146d6c87491
 DIST system_filter.exim.gz 3075 SHA256 3a3471b486a09e0a0153f7b520e1eaf26d21b97d73ea8348bdc593c00eb1e437 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 WHIRLPOOL ce68d9c18b24eca3ef97ea810964cc1ada5f85b795a7c432ad39b5788188a16419101c92fb52b418738d760e1d658f7a41485e5561079a667d84d276c71be5a4

diff --git a/mail-mta/exim/exim-4.84.2.ebuild b/mail-mta/exim/exim-4.84.2.ebuild
deleted file mode 100644
index 4479c70..0000000
--- a/mail-mta/exim/exim-4.84.2.ebuild
+++ /dev/null
@@ -1,508 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
-REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4/old"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	>=sys-libs/db-3.2:=
-	dev-libs/libpcre
-	perl? ( dev-lang/perl:= )
-	pam? ( virtual/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? ( dev-libs/openssl:= )
-	gnutls? ( net-libs/gnutls[pkcs11?]
-			  dev-libs/libtasn1 )
-	ldap? ( >=net-nds/openldap-2.0.7 )
-	mysql? ( virtual/mysql )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc )
-	srs? ( mail-filter/libsrs_alt )
-	X? ( x11-proto/xproto
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/radiusclient )
-	virtual/libiconv
-	"
-	# added X check for #57206
-DEPEND="${COMMON_DEPEND}
-	virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/mini-qmail
-	!<mail-mta/msmtp-1.4.19-r1
-	!>=mail-mta/msmtp-1.4.19-r1[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/qmail-ldap
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!<mail-mta/ssmtp-2.64-r2
-	!>=mail-mta/ssmtp-2.64-r2[mta]
-	!net-mail/mailwrapper
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
-	epatch "${FILESDIR}"/exim-4.14-tail.patch
-	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
-	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
-	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
-	epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
-	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
-	if use maildir ; then
-		epatch "${FILESDIR}"/exim-4.20-maildir.patch
-	else
-		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	sed -i.orig \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
-		"${S}"/src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
-		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile
-
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-	EOC
-
-	# if we use libiconv, now is the time to tell so
-	use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	#
-	# mail storage formats
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-
-	# use the "native" interfaces to the DBM and CDB libraries, support
-	# passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		USE_DB=yes
-		DBMLIB=-ldb
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	#
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-	else
-		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
-	fi
-
-	#
-	# features
-
-	# content scanning support
-	if use exiscan-acl; then
-		cat >> Makefile <<- EOC
-			WITH_CONTENT_SCAN=yes
-			WITH_OLD_DEMIME=yes
-		EOC
-	fi
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		echo "SUPPORT_TLS=yes" >> Makefile
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls" >> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-		EOC
-	fi
-
-	#
-	# experimental features
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SRS=yes
-			EXTRALIBS_EXIM += -lsrs_alt
-		EOC
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use tpda; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_TPDA=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_PROXY=yes
-		EOC
-	fi
-
-	# Delivery Sender Notifications
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENT
-			AUTH_LIBS += -lradiusclient
-		EOC
-	fi
-}
-
-src_compile() {
-	emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
-		|| die "make failed"
-}
-
-src_install () {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym /usr/sbin/exim /usr/bin/mailq
-	dosym /usr/sbin/exim /usr/bin/newaliases
-	dosym /usr/sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc "${S}"/doc/*
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	if use exiscan-acl; then
-		newins "${S}"/src/configure.default exim.conf.exiscan-acl
-	fi
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	pamd_mimic system-auth exim auth account
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc8 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	dodir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
-		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	use spf && einfo "SPF support is experimental"
-	use srs && einfo "SRS support is experimental"
-	if use dmarc ; then
-		einfo "DMARC support is experimental.  See global settings to"
-		einfo "configure DMARC, for usage see the documentation at "
-		einfo "experimental-spec.txt."
-	fi
-	use tpda && einfo "TPDA support is experimental"
-	use proxy && einfo "proxy support is experimental"
-	if use dsn ; then
-		einfo "Starting from Exim 4.83, DSN support comes from upstream."
-		einfo "DSN support is an experimental feature.  If you used DSN"
-		einfo "support prior to 4.83, make sure to remove all dsn_process"
-		einfo "switches from your routers, see https://bugs.gentoo.org/511818"
-	fi
-	einfo "Exim maintains some db files under its spool directory that need"
-	einfo "cleaning from time to time.  (${EROOT}var/spool/exim/db)"
-	einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
-	einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
-}

diff --git a/mail-mta/exim/exim-4.84.ebuild b/mail-mta/exim/exim-4.84.ebuild
deleted file mode 100644
index a09c05c..0000000
--- a/mail-mta/exim/exim-4.84.ebuild
+++ /dev/null
@@ -1,508 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
-REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd ~x86-solaris"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	>=sys-libs/db-3.2:=
-	dev-libs/libpcre
-	perl? ( dev-lang/perl:= )
-	pam? ( virtual/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? ( dev-libs/openssl:= )
-	gnutls? ( net-libs/gnutls[pkcs11?]
-			  dev-libs/libtasn1 )
-	ldap? ( >=net-nds/openldap-2.0.7 )
-	mysql? ( virtual/mysql )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc )
-	srs? ( mail-filter/libsrs_alt )
-	X? ( x11-proto/xproto
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/radiusclient )
-	virtual/libiconv
-	"
-	# added X check for #57206
-DEPEND="${COMMON_DEPEND}
-	virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/mini-qmail
-	!<mail-mta/msmtp-1.4.19-r1
-	!>=mail-mta/msmtp-1.4.19-r1[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/qmail-ldap
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!<mail-mta/ssmtp-2.64-r2
-	!>=mail-mta/ssmtp-2.64-r2[mta]
-	!net-mail/mailwrapper
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
-	epatch "${FILESDIR}"/exim-4.14-tail.patch
-	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
-	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
-	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
-	epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
-	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
-	if use maildir ; then
-		epatch "${FILESDIR}"/exim-4.20-maildir.patch
-	else
-		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	sed -i.orig \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
-		"${S}"/src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
-		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile
-
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-	EOC
-
-	# if we use libiconv, now is the time to tell so
-	use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	#
-	# mail storage formats
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-
-	# use the "native" interfaces to the DBM and CDB libraries, support
-	# passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		USE_DB=yes
-		DBMLIB=-ldb
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	#
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-	else
-		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
-	fi
-
-	#
-	# features
-
-	# content scanning support
-	if use exiscan-acl; then
-		cat >> Makefile <<- EOC
-			WITH_CONTENT_SCAN=yes
-			WITH_OLD_DEMIME=yes
-		EOC
-	fi
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		echo "SUPPORT_TLS=yes" >> Makefile
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls" >> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-		EOC
-	fi
-
-	#
-	# experimental features
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SRS=yes
-			EXTRALIBS_EXIM += -lsrs_alt
-		EOC
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use tpda; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_TPDA=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_PROXY=yes
-		EOC
-	fi
-
-	# Delivery Sender Notifications
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENT
-			AUTH_LIBS += -lradiusclient
-		EOC
-	fi
-}
-
-src_compile() {
-	emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
-		|| die "make failed"
-}
-
-src_install () {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym /usr/sbin/exim /usr/bin/mailq
-	dosym /usr/sbin/exim /usr/bin/newaliases
-	dosym /usr/sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc "${S}"/doc/*
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	if use exiscan-acl; then
-		newins "${S}"/src/configure.default exim.conf.exiscan-acl
-	fi
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	pamd_mimic system-auth exim auth account
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc8 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	dodir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
-		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	use spf && einfo "SPF support is experimental"
-	use srs && einfo "SRS support is experimental"
-	if use dmarc ; then
-		einfo "DMARC support is experimental.  See global settings to"
-		einfo "configure DMARC, for usage see the documentation at "
-		einfo "experimental-spec.txt."
-	fi
-	use tpda && einfo "TPDA support is experimental"
-	use proxy && einfo "proxy support is experimental"
-	if use dsn ; then
-		einfo "Starting from Exim 4.83, DSN support comes from upstream."
-		einfo "DSN support is an experimental feature.  If you used DSN"
-		einfo "support prior to 4.83, make sure to remove all dsn_process"
-		einfo "switches from your routers, see https://bugs.gentoo.org/511818"
-	fi
-	einfo "Exim maintains some db files under its spool directory that need"
-	einfo "cleaning from time to time.  (${EROOT}var/spool/exim/db)"
-	einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
-	einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
-}

diff --git a/mail-mta/exim/exim-4.85.2.ebuild b/mail-mta/exim/exim-4.85.2.ebuild
deleted file mode 100644
index 5f918df..0000000
--- a/mail-mta/exim/exim-4.85.2.ebuild
+++ /dev/null
@@ -1,508 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
-REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4/old"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	>=sys-libs/db-3.2:=
-	dev-libs/libpcre
-	perl? ( dev-lang/perl:= )
-	pam? ( virtual/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? ( dev-libs/openssl:= )
-	gnutls? ( net-libs/gnutls[pkcs11?]
-			  dev-libs/libtasn1 )
-	ldap? ( >=net-nds/openldap-2.0.7 )
-	mysql? ( virtual/mysql )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc )
-	srs? ( mail-filter/libsrs_alt )
-	X? ( x11-proto/xproto
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/radiusclient )
-	virtual/libiconv
-	"
-	# added X check for #57206
-DEPEND="${COMMON_DEPEND}
-	virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/mini-qmail
-	!<mail-mta/msmtp-1.4.19-r1
-	!>=mail-mta/msmtp-1.4.19-r1[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/qmail-ldap
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!<mail-mta/ssmtp-2.64-r2
-	!>=mail-mta/ssmtp-2.64-r2[mta]
-	!net-mail/mailwrapper
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
-	epatch "${FILESDIR}"/exim-4.14-tail.patch
-	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
-	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
-	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
-	epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
-	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
-	if use maildir ; then
-		epatch "${FILESDIR}"/exim-4.20-maildir.patch
-	else
-		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	sed -i.orig \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
-		"${S}"/src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
-		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile
-
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-	EOC
-
-	# if we use libiconv, now is the time to tell so
-	use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	#
-	# mail storage formats
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-
-	# use the "native" interfaces to the DBM and CDB libraries, support
-	# passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		USE_DB=yes
-		DBMLIB=-ldb
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	#
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-	else
-		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
-	fi
-
-	#
-	# features
-
-	# content scanning support
-	if use exiscan-acl; then
-		cat >> Makefile <<- EOC
-			WITH_CONTENT_SCAN=yes
-			WITH_OLD_DEMIME=yes
-		EOC
-	fi
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		echo "SUPPORT_TLS=yes" >> Makefile
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls" >> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-		EOC
-	fi
-
-	#
-	# experimental features
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SRS=yes
-			EXTRALIBS_EXIM += -lsrs_alt
-		EOC
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use tpda; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_EVENT=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_PROXY=yes
-		EOC
-	fi
-
-	# Delivery Sender Notifications
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENT
-			AUTH_LIBS += -lradiusclient
-		EOC
-	fi
-}
-
-src_compile() {
-	emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
-		|| die "make failed"
-}
-
-src_install () {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym /usr/sbin/exim /usr/bin/mailq
-	dosym /usr/sbin/exim /usr/bin/newaliases
-	dosym /usr/sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc "${S}"/doc/*
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	if use exiscan-acl; then
-		newins "${S}"/src/configure.default exim.conf.exiscan-acl
-	fi
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	pamd_mimic system-auth exim auth account
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc9 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	dodir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
-		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	use spf && einfo "SPF support is experimental"
-	use srs && einfo "SRS support is experimental"
-	if use dmarc ; then
-		einfo "DMARC support is experimental.  See global settings to"
-		einfo "configure DMARC, for usage see the documentation at "
-		einfo "experimental-spec.txt."
-	fi
-	use tpda && einfo "TPDA/EVENT support is experimental"
-	use proxy && einfo "proxy support is experimental"
-	if use dsn ; then
-		einfo "Starting from Exim 4.83, DSN support comes from upstream."
-		einfo "DSN support is an experimental feature.  If you used DSN"
-		einfo "support prior to 4.83, make sure to remove all dsn_process"
-		einfo "switches from your routers, see https://bugs.gentoo.org/511818"
-	fi
-	einfo "Exim maintains some db files under its spool directory that need"
-	einfo "cleaning from time to time.  (${EROOT}var/spool/exim/db)"
-	einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
-	einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
-}

diff --git a/mail-mta/exim/exim-4.86.2.ebuild b/mail-mta/exim/exim-4.86.2.ebuild
deleted file mode 100644
index 4e7e8ea..0000000
--- a/mail-mta/exim/exim-4.86.2.ebuild
+++ /dev/null
@@ -1,525 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
-REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	>=sys-libs/db-3.2:=
-	dev-libs/libpcre
-	perl? ( dev-lang/perl:= )
-	pam? ( virtual/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0=[-bindist] )
-		libressl? ( dev-libs/libressl:= )
-	)
-	gnutls? ( net-libs/gnutls[pkcs11?]
-			  dev-libs/libtasn1 )
-	ldap? ( >=net-nds/openldap-2.0.7 )
-	mysql? ( virtual/mysql )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc )
-	srs? ( mail-filter/libsrs_alt )
-	X? ( x11-proto/xproto
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/freeradius-client )
-	virtual/libiconv
-	"
-	# added X check for #57206
-DEPEND="${COMMON_DEPEND}
-	virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/mini-qmail
-	!<mail-mta/msmtp-1.4.19-r1
-	!>=mail-mta/msmtp-1.4.19-r1[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/qmail-ldap
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!<mail-mta/ssmtp-2.64-r2
-	!>=mail-mta/ssmtp-2.64-r2[mta]
-	!net-mail/mailwrapper
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
-	epatch "${FILESDIR}"/exim-4.14-tail.patch
-	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
-	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
-	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
-	epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
-	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-	epatch "${FILESDIR}"/exim-4.86-radius-type-fix.patch
-	epatch "${FILESDIR}"/exim-4.86-radius-include.patch
-	epatch "${FILESDIR}"/exim-4.86.2-TMPDIR.patch # 63420
-
-	if use maildir ; then
-		epatch "${FILESDIR}"/exim-4.20-maildir.patch
-	else
-		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	sed -i.orig \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
-		"${S}"/src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
-		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile
-
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-	EOC
-
-	# if we use libiconv, now is the time to tell so
-	use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	#
-	# mail storage formats
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-
-	# use the "native" interfaces to the DBM and CDB libraries, support
-	# passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		USE_DB=yes
-		DBMLIB=-ldb
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	#
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-	else
-		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
-	fi
-
-	#
-	# features
-
-	# content scanning support
-	if use exiscan-acl; then
-		cat >> Makefile <<- EOC
-			WITH_CONTENT_SCAN=yes
-			WITH_OLD_DEMIME=yes
-		EOC
-	fi
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		echo "SUPPORT_TLS=yes" >> Makefile
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls" >> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-		EOC
-	fi
-
-	#
-	# experimental features
-
-	# DANE
-	if use dane; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DANE=yes
-		EOC
-	fi
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SRS=yes
-			EXTRALIBS_EXIM += -lsrs_alt
-		EOC
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use tpda; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_EVENT=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_PROXY=yes
-		EOC
-	fi
-
-	# Delivery Sender Notifications
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
-			AUTH_LIBS += -lfreeradius-client
-		EOC
-	fi
-}
-
-src_compile() {
-	emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
-		|| die "make failed"
-}
-
-src_install () {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym /usr/sbin/exim /usr/bin/mailq
-	dosym /usr/sbin/exim /usr/bin/newaliases
-	dosym /usr/sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc "${S}"/doc/*
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	if use exiscan-acl; then
-		newins "${S}"/src/configure.default exim.conf.exiscan-acl
-	fi
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	pamd_mimic system-auth exim auth account
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc9 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	dodir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
-		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
-	fi
-	use dane && einfo "DANE support is experimental"
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	use spf && einfo "SPF support is experimental"
-	use srs && einfo "SRS support is experimental"
-	if use dmarc ; then
-		einfo "DMARC support is experimental.  See global settings to"
-		einfo "configure DMARC, for usage see the documentation at "
-		einfo "experimental-spec.txt."
-	fi
-	use tpda && einfo "TPDA/EVENT support is experimental"
-	use proxy && einfo "proxy support is experimental"
-	if use dsn ; then
-		einfo "Starting from Exim 4.83, DSN support comes from upstream."
-		einfo "DSN support is an experimental feature.  If you used DSN"
-		einfo "support prior to 4.83, make sure to remove all dsn_process"
-		einfo "switches from your routers, see https://bugs.gentoo.org/511818"
-	fi
-	einfo "Exim maintains some db files under its spool directory that need"
-	einfo "cleaning from time to time.  (${EROOT}var/spool/exim/db)"
-	einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
-	einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
-	einfo "For CVE-2016-1531, Exim introduced keep_environment and"
-	einfo "add_environment flags.  You might want to set them, see:"
-	einfo "https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html"
-}

diff --git a/mail-mta/exim/files/exim-4.86-TMPDIR.patch b/mail-mta/exim/files/exim-4.86-TMPDIR.patch
deleted file mode 100644
index 7fb0a79..0000000
--- a/mail-mta/exim/files/exim-4.86-TMPDIR.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From c36cf51b85cfc86e46226c846914c8d915f9f3c0 Mon Sep 17 00:00:00 2001
-From: Alexander Tsoy <alexander@tsoy.me>
-Date: Tue, 2 Feb 2016 20:56:15 +0300
-Subject: [PATCH] Rename build-time option TMPDIR to EXIM_TMPDIR
-
----
- src/EDITME              |  2 +-
- src/config.h.defaults   |  2 +-
- src/exim.c              | 12 ++++++------
- 3 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/src/EDITME b/src/EDITME
-index 30a296e..6afe0c7 100644
---- a/src/EDITME
-+++ b/src/EDITME
-@@ -1123,7 +1123,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
- # it replaces the value with what is defined here. Commenting this setting
- # suppresses the check altogether.
- 
--TMPDIR="/tmp"
-+EXIM_TMPDIR="/tmp"
- 
- 
- #------------------------------------------------------------------------------
-diff --git a/src/config.h.defaults b/src/config.h.defaults
-index 14de083..c1cf1a9 100644
---- a/src/config.h.defaults
-+++ b/src/config.h.defaults
-@@ -150,7 +150,7 @@ it's a default value. */
- 
- #define TCP_WRAPPERS_DAEMON_NAME "exim"
- #define TIMEZONE_DEFAULT
--#define TMPDIR
-+#define EXIM_TMPDIR
- 
- #define TRANSPORT_APPENDFILE
- #define TRANSPORT_AUTOREPLY
-diff --git a/src/exim.c b/src/exim.c
-index ebc71dd..c134bf5 100644
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -3899,20 +3899,20 @@ if (log_oneline)
- temporary files are created; Exim doesn't use these (apart from when delivering
- to MBX mailboxes), but called libraries such as DBM libraries may require them.
- If TMPDIR is found in the environment, reset it to the value defined in the
--TMPDIR macro, if this macro is defined. */
-+EXIM_TMPDIR macro, if this macro is defined. */
- 
--#ifdef TMPDIR
-+#ifdef EXIM_TMPDIR
-   {
-   uschar **p;
-   for (p = USS environ; *p != NULL; p++)
-     {
-     if (Ustrncmp(*p, "TMPDIR=", 7) == 0 &&
--        Ustrcmp(*p+7, TMPDIR) != 0)
-+        Ustrcmp(*p+7, EXIM_TMPDIR) != 0)
-       {
--      uschar *newp = malloc(Ustrlen(TMPDIR) + 8);
--      sprintf(CS newp, "TMPDIR=%s", TMPDIR);
-+      uschar *newp = malloc(Ustrlen(EXIM_TMPDIR) + 8);
-+      sprintf(CS newp, "TMPDIR=%s", EXIM_TMPDIR);
-       *p = newp;
--      DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", TMPDIR);
-+      DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", EXIM_TMPDIR);
-       }
-     }
-   }
--- 
-2.4.10
-

diff --git a/mail-mta/exim/files/exim-4.86-radius-include.patch b/mail-mta/exim/files/exim-4.86-radius-include.patch
deleted file mode 100644
index acff7fc..0000000
--- a/mail-mta/exim/files/exim-4.86-radius-include.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -urN exim-4.86.orig/src/auths/call_radius.c exim-4.86/src/auths/call_radius.c
---- exim-4.86.orig/src/auths/call_radius.c	2015-07-24 00:20:37.000000000 +0300
-+++ exim-4.86/src/auths/call_radius.c	2015-10-17 20:05:31.581240956 +0300
-@@ -38,7 +38,11 @@
-   #if !defined(RADIUS_LIB_RADIUSCLIENT) && !defined(RADIUS_LIB_RADIUSCLIENTNEW)
-   #define RADIUS_LIB_RADIUSCLIENT
-   #endif
-+  #ifdef RADIUS_LIB_RADIUSCLIENTNEW
-+  #include <freeradius-client.h>
-+  #else
-   #include <radiusclient.h>
-+  #endif
- #endif
- 
- 

diff --git a/mail-mta/exim/files/exim-4.86-radius-type-fix.patch b/mail-mta/exim/files/exim-4.86-radius-type-fix.patch
deleted file mode 100644
index 3ff4722..0000000
--- a/mail-mta/exim/files/exim-4.86-radius-type-fix.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-commit 1b2adaee621f520aa640669a35c089c448294e9e
-Author: Alexander Tsoy <alexander@tsoy.me>
-Date:   Sat Oct 17 20:39:10 2015 +0300
-
-    Fix conflicting types errors in radius auth
-    
-    Was broken by commits 93a6fce2 and 55414b25
-
-diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c
-index 2064ed2..1201078 100644
---- a/src/src/auths/call_radius.c
-+++ b/src/src/auths/call_radius.c
-@@ -60,10 +60,10 @@ Returns:   OK if authentication succeeded
- */
- 
- int
--auth_call_radius(uschar *s, uschar **errptr)
-+auth_call_radius(const uschar *s, uschar **errptr)
- {
- uschar *user;
--uschar *radius_args = s;
-+const uschar *radius_args = s;
- int result;
- int sep = 0;
- 

diff --git a/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch b/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch
deleted file mode 100644
index 9c05a24..0000000
--- a/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-Adapted for 4.86.2
-
-From c36cf51b85cfc86e46226c846914c8d915f9f3c0 Mon Sep 17 00:00:00 2001
-From: Alexander Tsoy <alexander@tsoy.me>
-Date: Tue, 2 Feb 2016 20:56:15 +0300
-Subject: [PATCH] Rename build-time option TMPDIR to EXIM_TMPDIR
-
----
- src/EDITME              |  2 +-
- src/config.h.defaults   |  2 +-
- src/exim.c              | 12 ++++++------
- 3 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/src/EDITME b/src/EDITME
-index 30a296e..6afe0c7 100644
---- a/src/EDITME
-+++ b/src/EDITME
-@@ -1123,7 +1123,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
- # it replaces the value with what is defined here. Commenting this setting
- # suppresses the check altogether.
- 
--TMPDIR="/tmp"
-+EXIM_TMPDIR="/tmp"
- 
- 
- #------------------------------------------------------------------------------
-diff --git a/src/config.h.defaults b/src/config.h.defaults
-index 14de083..c1cf1a9 100644
---- a/src/config.h.defaults
-+++ b/src/config.h.defaults
-@@ -150,7 +150,7 @@ it's a default value. */
- 
- #define TCP_WRAPPERS_DAEMON_NAME "exim"
- #define TIMEZONE_DEFAULT
--#define TMPDIR
-+#define EXIM_TMPDIR
- 
- #define TRANSPORT_APPENDFILE
- #define TRANSPORT_AUTOREPLY
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -3887,20 +3887,20 @@
- temporary files are created; Exim doesn't use these (apart from when delivering
- to MBX mailboxes), but called libraries such as DBM libraries may require them.
- If TMPDIR is found in the environment, reset it to the value defined in the
--TMPDIR macro, if this macro is defined. */
-+EXIM_TMPDIR macro, if this macro is defined. */
- 
--#ifdef TMPDIR
-+#ifdef EXIM_TMPDIR
-   {
-   uschar **p;
-   if (environ) for (p = USS environ; *p != NULL; p++)
-     {
-     if (Ustrncmp(*p, "TMPDIR=", 7) == 0 &&
--        Ustrcmp(*p+7, TMPDIR) != 0)
-+        Ustrcmp(*p+7, EXIM_TMPDIR) != 0)
-       {
--      uschar *newp = malloc(Ustrlen(TMPDIR) + 8);
--      sprintf(CS newp, "TMPDIR=%s", TMPDIR);
-+      uschar *newp = malloc(Ustrlen(EXIM_TMPDIR) + 8);
-+      sprintf(CS newp, "TMPDIR=%s", EXIM_TMPDIR);
-       *p = newp;
--      DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", TMPDIR);
-+      DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", EXIM_TMPDIR);
-       }
-     }
-   }

diff --git a/mail-mta/exim/files/exim.rc8 b/mail-mta/exim/files/exim.rc8
deleted file mode 100644
index c88750b..0000000
--- a/mail-mta/exim/files/exim.rc8
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_started_commands="reload"
-
-depend() {
-	need logger
-	use antivirus net
-	provide mta
-}
-
-start() {
-	ebegin "Starting ${SVCNAME}"
-	start-stop-daemon --start --exec /usr/sbin/exim --pidfile /run/${SVCNAME}.pid -- -C /etc/exim/${SVCNAME}.conf ${EXIM_OPTS:--bd -q15m}
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping ${SVCNAME}"
-	start-stop-daemon --stop --pidfile /run/${SVCNAME}.pid --name exim
-	eend $?
-}
-
-reload() {
-	ebegin "Reloading ${SVCNAME}"
-	start-stop-daemon --signal HUP --pidfile /run/${SVCNAME}.pid --name exim
-	eend $?
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-03-11  7:58 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2017-03-11  7:58 UTC (permalink / raw
  To: gentoo-commits

commit:     12942acaa4b53ec62de0112ecda4fb24e7386312
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 11 07:58:35 2017 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sat Mar 11 07:58:35 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12942aca

mail-mta/exim: remove bashisms from init-script, bug #612262

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 mail-mta/exim/exim-4.89.ebuild |  2 +-
 mail-mta/exim/files/exim.rc10  | 47 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/mail-mta/exim/exim-4.89.ebuild b/mail-mta/exim/exim-4.89.ebuild
index 5a527a41b49..562c9d8ef25 100644
--- a/mail-mta/exim/exim-4.89.ebuild
+++ b/mail-mta/exim/exim-4.89.ebuild
@@ -490,7 +490,7 @@ src_install () {
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}/exim.logrotate" exim
 
-	newinitd "${FILESDIR}"/exim.rc9 exim
+	newinitd "${FILESDIR}"/exim.rc10 exim
 	newconfd "${FILESDIR}"/exim.confd exim
 
 	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}

diff --git a/mail-mta/exim/files/exim.rc10 b/mail-mta/exim/files/exim.rc10
new file mode 100644
index 00000000000..c44dba16ce2
--- /dev/null
+++ b/mail-mta/exim/files/exim.rc10
@@ -0,0 +1,47 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands="reload"
+
+depend() {
+	need logger
+	use antivirus net
+	provide mta
+}
+
+tidy_dbs() {
+	local spooldir=$(/usr/sbin/exim -C /etc/exim/${SVCNAME}.conf -bP -n spool_directory)
+	local db
+	local ret=0
+	ebegin "Tidying hints databases in ${spooldir}/db"
+	for db in "${spooldir}"/db/* ; do
+		case "${db}" in
+			*".lockfile"|*"*")  continue  ;;
+		esac
+		/usr/sbin/exim_tidydb ${TIDY_OPTS} "${spooldir}" ${db##*/} > /dev/null
+		: $((ret += $?))
+	done
+	eend ${ret}
+}
+
+start() {
+	# if you use multiple instances, make sure you set spool_directory
+	# in the configfile
+	tidy_dbs
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --exec /usr/sbin/exim --pidfile /run/${SVCNAME}.pid -- -C /etc/exim/${SVCNAME}.conf ${EXIM_OPTS:--bd -q15m}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --pidfile /run/${SVCNAME}.pid --name exim
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile /run/${SVCNAME}.pid --name exim
+	eend $?
+}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-06-19 16:06 Thomas Deutschmann
  0 siblings, 0 replies; 26+ messages in thread
From: Thomas Deutschmann @ 2017-06-19 16:06 UTC (permalink / raw
  To: gentoo-commits

commit:     81618852a1f9d12b4aeea8a85b9d0f37f81f05b9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 19 16:06:14 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun 19 16:06:32 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81618852

mail-mta/exim: Rev bump to add patch for CVE-2017-1000369 (bug #622212)

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 mail-mta/exim/exim-4.89-r1.ebuild                  | 529 +++++++++++++++++++++
 .../exim/files/exim-4.89-CVE-2017-1000369.patch    |  58 +++
 2 files changed, 587 insertions(+)

diff --git a/mail-mta/exim/exim-4.89-r1.ebuild b/mail-mta/exim/exim-4.89-r1.ebuild
new file mode 100644
index 00000000000..0d1ab8856b6
--- /dev/null
+++ b/mail-mta/exim/exim-4.89-r1.ebuild
@@ -0,0 +1,529 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"
+REQUIRED_USE="
+	dane? ( !gnutls )
+	dmarc? ( spf dkim )
+	pkcs11? ( gnutls )
+	spf? ( exiscan-acl )
+	srs? ( exiscan-acl )
+"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+	mirror://gentoo/system_filter.exim.gz
+	doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+	>=sys-libs/db-3.2:=
+	dev-libs/libpcre
+	perl? ( dev-lang/perl:= )
+	pam? ( virtual/pam )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gnutls? ( net-libs/gnutls[pkcs11?]
+			  dev-libs/libtasn1 )
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	nis? ( elibc_glibc? ( || (
+		<sys-libs/glibc-2.23
+		>=sys-libs/glibc-2.23[rpc]
+	) ) )
+	mysql? ( virtual/libmysqlclient )
+	postgres? ( dev-db/postgresql:= )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+	redis? ( dev-libs/hiredis )
+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+	dmarc? ( mail-filter/opendmarc )
+	srs? ( mail-filter/libsrs_alt )
+	X? ( x11-proto/xproto
+		x11-libs/libX11
+		x11-libs/libXmu
+		x11-libs/libXt
+		x11-libs/libXaw
+	)
+	sqlite? ( dev-db/sqlite )
+	radius? ( net-dialup/freeradius-client )
+	virtual/libiconv
+	"
+	# added X check for #57206
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/mini-qmail
+	!<mail-mta/msmtp-1.4.19-r1
+	!>=mail-mta/msmtp-1.4.19-r1[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!<mail-mta/ssmtp-2.64-r2
+	!>=mail-mta/ssmtp-2.64-r2[mta]
+	!net-mail/mailwrapper
+	>=net-mail/mailbase-0.00-r5
+	virtual/logger
+	dcc? ( mail-filter/dcc )
+	selinux? ( sec-policy/selinux-exim )
+	"
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+	epatch "${FILESDIR}"/exim-4.14-tail.patch
+	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+	epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+	epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212
+
+	if use maildir ; then
+		epatch "${FILESDIR}"/exim-4.20-maildir.patch
+	else
+		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+	fi
+
+	eapply_user
+
+	# user Exim believes it should be
+	MAILUSER=mail
+	MAILGROUP=mail
+	if use prefix && [[ ${EUID} != 0 ]] ; then
+		MAILUSER=$(id -un)
+		MAILGROUP=$(id -gn)
+	fi
+}
+
+src_configure() {
+	# general config and paths
+
+	sed -i.orig \
+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+		"${S}"/src/configure.default || die
+
+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+		src/EDITME > Local/Makefile
+
+	if use elibc_musl; then
+		sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+		-i OS/Makefile-Linux
+	fi
+
+	cd Local
+
+	cat >> Makefile <<- EOC
+		INFO_DIRECTORY=${EPREFIX}/usr/share/info
+		PID_FILE_PATH=${EPREFIX}/run/exim.pid
+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+		HAVE_ICONV=yes
+	EOC
+
+	# if we use libiconv, now is the time to tell so
+	use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+	# support for IPv6
+	if use ipv6; then
+		cat >> Makefile <<- EOC
+			HAVE_IPV6=YES
+		EOC
+	fi
+
+	#
+	# mail storage formats
+
+	# mailstore is Exim's traditional storage format
+	cat >> Makefile <<- EOC
+		SUPPORT_MAILSTORE=yes
+	EOC
+
+	# mbox
+	if use mbx; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MBX=yes
+		EOC
+	fi
+
+	# maildir
+	if use maildir; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MAILDIR=yes
+		EOC
+	fi
+
+	#
+	# lookup methods
+
+	# use the "native" interfaces to the DBM and CDB libraries, support
+	# passwd and directory lookups by default
+	cat >> Makefile <<- EOC
+		USE_DB=yes
+		DBMLIB=-ldb
+		LOOKUP_CDB=yes
+		LOOKUP_PASSWD=yes
+		LOOKUP_DSEARCH=yes
+	EOC
+
+	if ! use dnsdb; then
+		# DNSDB lookup is enabled by default
+		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+	fi
+
+	if use ldap; then
+		cat >> Makefile <<- EOC
+			LOOKUP_LDAP=yes
+			LDAP_LIB_TYPE=OPENLDAP2
+			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+			LOOKUP_LIBS += -lldap -llber
+		EOC
+	fi
+
+	if use mysql; then
+		cat >> Makefile <<- EOC
+			LOOKUP_MYSQL=yes
+			LOOKUP_INCLUDE += $(mysql_config --include)
+			LOOKUP_LIBS += $(mysql_config --libs)
+		EOC
+	fi
+
+	if use nis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_NIS=yes
+			LOOKUP_NISPLUS=yes
+		EOC
+	fi
+
+	if use postgres; then
+		cat >> Makefile <<- EOC
+			LOOKUP_PGSQL=yes
+			LOOKUP_INCLUDE += -I$(pg_config --includedir)
+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+		EOC
+	fi
+
+	if use sqlite; then
+		cat >> Makefile <<- EOC
+			LOOKUP_SQLITE=yes
+			LOOKUP_SQLITE_PC=sqlite3
+		EOC
+	fi
+
+	if use redis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_REDIS=yes
+			LOOKUP_LIBS += -lhiredis
+		EOC
+	fi
+
+	#
+	# Exim monitor, enabled by default, controlled via X USE-flag,
+	# disable if not requested, bug #46778
+	if use X; then
+		cp ../exim_monitor/EDITME eximon.conf || die
+	else
+		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+	fi
+
+	#
+	# features
+
+	# content scanning support
+	if use exiscan-acl; then
+		cat >> Makefile <<- EOC
+			WITH_CONTENT_SCAN=yes
+			WITH_OLD_DEMIME=yes
+		EOC
+	fi
+
+	# DomainKeys Identified Mail, RFC4871
+	if ! use dkim; then
+		# DKIM is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_DKIM=yes
+		EOC
+	fi
+
+	# Per-Recipient-Data-Response
+	if ! use prdr; then
+		# PRDR is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_PRDR=yes
+		EOC
+	fi
+
+	# log to syslog
+	if use syslog; then
+		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=syslog
+		EOC
+	else
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+		EOC
+	fi
+
+	# starttls support (ssl)
+	if use ssl; then
+		echo "SUPPORT_TLS=yes" >> Makefile
+		if use gnutls; then
+			echo "USE_GNUTLS=yes" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls" >> Makefile
+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+		else
+			echo "USE_OPENSSL_PC=openssl" >> Makefile
+		fi
+	fi
+
+	# TCP wrappers
+	if use tcpd; then
+		cat >> Makefile <<- EOC
+			USE_TCP_WRAPPERS=yes
+			EXTRALIBS_EXIM += -lwrap
+		EOC
+	fi
+
+	# Light Mail Transport Protocol
+	if use lmtp; then
+		cat >> Makefile <<- EOC
+			TRANSPORT_LMTP=yes
+		EOC
+	fi
+
+	# embedded Perl
+	if use perl; then
+		cat >> Makefile <<- EOC
+			EXIM_PERL=perl.o
+		EOC
+	fi
+
+	# dlfunc
+	if use dlfunc; then
+		cat >> Makefile <<- EOC
+			EXPAND_DLFUNC=yes
+		EOC
+	fi
+
+	#
+	# experimental features
+
+	# DANE
+	if use dane; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DANE=yes
+		EOC
+	fi
+
+	# Distributed Checksum Clearinghouse
+	if use dcc; then
+		echo "EXPERIMENTAL_DCC=yes">> Makefile
+	fi
+
+	# Sender Policy Framework
+	if use spf; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SPF=yes
+			EXTRALIBS_EXIM += -lspf2
+		EOC
+	fi
+
+	# Sender Rewriting Scheme
+	if use srs; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SRS=yes
+			EXTRALIBS_EXIM += -lsrs_alt
+		EOC
+	fi
+
+	# DMARC
+	if use dmarc; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DMARC=yes
+			EXTRALIBS_EXIM += -lopendmarc
+		EOC
+	fi
+
+	# Transport post-delivery actions
+	if use tpda; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_EVENT=yes
+		EOC
+	fi
+
+	# Proxy Protocol
+	if use proxy; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_PROXY=yes
+		EOC
+	fi
+
+	# Delivery Sender Notifications
+	if use dsn; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DSN=yes
+		EOC
+	fi
+
+	#
+	# authentication (SMTP AUTH)
+
+	# standard bits
+	cat >> Makefile <<- EOC
+		AUTH_SPA=yes
+		AUTH_CRAM_MD5=yes
+		AUTH_PLAINTEXT=yes
+	EOC
+
+	# Cyrus SASL
+	if use sasl; then
+		cat >> Makefile <<- EOC
+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+			AUTH_CYRUS_SASL=yes
+			AUTH_LIBS += -lsasl2
+		EOC
+	fi
+
+	# Dovecot
+	if use dovecot-sasl; then
+		cat >> Makefile <<- EOC
+			AUTH_DOVECOT=yes
+		EOC
+	fi
+
+	# Pluggable Authentication Modules
+	if use pam; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PAM=yes
+			AUTH_LIBS += -lpam
+		EOC
+	fi
+
+	# Radius
+	if use radius; then
+		cat >> Makefile <<- EOC
+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+			AUTH_LIBS += -lfreeradius-client
+		EOC
+	fi
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+		|| die "make failed"
+}
+
+src_install () {
+	cd "${S}"/build-exim-gentoo || die
+	dosbin exim
+	if use X; then
+		dosbin eximon.bin
+		dosbin eximon
+	fi
+	fperms 4755 /usr/sbin/exim
+
+	dosym exim /usr/sbin/sendmail
+	dosym exim /usr/sbin/rsmtp
+	dosym exim /usr/sbin/rmail
+	dosym /usr/sbin/exim /usr/bin/mailq
+	dosym /usr/sbin/exim /usr/bin/newaliases
+	dosym /usr/sbin/sendmail /usr/lib/sendmail
+
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+		convert4r3 convert4r4 exipick
+	do
+		dosbin $i
+	done
+
+	dodoc "${S}"/doc/*
+	doman "${S}"/doc/exim.8
+	use dsn && dodoc "${S}"/README.DSN
+	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+	# conf files
+	insinto /etc/exim
+	newins "${S}"/src/configure.default exim.conf.dist
+	if use exiscan-acl; then
+		newins "${S}"/src/configure.default exim.conf.exiscan-acl
+	fi
+	doins "${WORKDIR}"/system_filter.exim
+	doins "${FILESDIR}"/auth_conf.sub
+
+	pamd_mimic system-auth exim auth account
+
+	# headers, #436406
+	if use dlfunc ; then
+		# fixup includes so they actually can be found when including
+		sed -i \
+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+			local_scan.h || die
+		insinto /usr/include/exim
+		doins {config,local_scan}.h ../src/{mytypes,store}.h
+	fi
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/exim.logrotate" exim
+
+	newinitd "${FILESDIR}"/exim.rc10 exim
+	newconfd "${FILESDIR}"/exim.confd exim
+
+	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+	dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+	fi
+	use dane && einfo "DANE support is experimental"
+	if use dcc ; then
+		einfo "DCC support is experimental, you can find some limited"
+		einfo "documentation at the bottom of this prerelease message:"
+		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+	fi
+	use spf && einfo "SPF support is experimental"
+	use srs && einfo "SRS support is experimental"
+	if use dmarc ; then
+		einfo "DMARC support is experimental.  See global settings to"
+		einfo "configure DMARC, for usage see the documentation at "
+		einfo "experimental-spec.txt."
+	fi
+	use tpda && einfo "TPDA/EVENT support is experimental"
+	use proxy && einfo "proxy support is experimental"
+	use dsn && einfo "DSN support is experimental"
+	elog "The obsolete acl condition 'demime' is removed, the replacements"
+	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}

diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch
new file mode 100644
index 00000000000..c3d976a2b90
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch
@@ -0,0 +1,58 @@
+CVE-2017-1000369
+
+https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
+
+--- a/doc/exim.8
++++ b/doc/exim.8
+@@ -1350,7 +1350,7 @@ option sets the received protocol value that is stored in
+ or \fB\-bs\fP is used. For \fB\-bh\fP, the protocol is forced to one of the standard
+ SMTP protocol names. For \fB\-bs\fP, the protocol is always "local\-" followed by
+ one of those same names. For \fB\-bS\fP (batched SMTP) however, the protocol can
+-be set by \fB\-oMr\fP.
++be set by \fB\-oMr\fP. Repeated use of this option is not supported.
+ .TP 10
+ \fB\-oMs\fP <\fIhost name\fP>
+ See \fB\-oMa\fP above for general remarks about the \fB\-oM\fP options. The \fB\-oMs\fP
+@@ -1418,6 +1418,7 @@ host name and its colon can be omitted when only the protocol is to be set.
+ Note the Exim already has two private options, \fB\-pd\fP and \fB\-ps\fP, that refer
+ to embedded Perl. It is therefore impossible to set a protocol value of d
+ or s using this option (but that does not seem a real limitation).
++Repeated use of this option is not supported.
+ .TP 10
+ \fB\-q\fP
+ This option is normally restricted to admin users. However, there is a
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -3092,7 +3092,14 @@ for (i = 1; i < argc; i++)
+ 
+       /* -oMr: Received protocol */
+ 
+-      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
++      else if (Ustrcmp(argrest, "Mr") == 0)
++
++        if (received_protocol)
++          {
++          fprintf(stderr, "received_protocol is set already\n");
++          exit(EXIT_FAILURE);
++          }
++        else received_protocol = argv[++i];
+ 
+       /* -oMs: Set sender host name */
+ 
+@@ -3188,7 +3195,15 @@ for (i = 1; i < argc; i++)
+ 
+     if (*argrest != 0)
+       {
+-      uschar *hn = Ustrchr(argrest, ':');
++      uschar *hn;
++
++      if (received_protocol)
++        {
++        fprintf(stderr, "received_protocol is set already\n");
++        exit(EXIT_FAILURE);
++        }
++
++      hn = Ustrchr(argrest, ':');
+       if (hn == NULL)
+         {
+         received_protocol = argrest;


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-09-20  6:47 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2017-09-20  6:47 UTC (permalink / raw
  To: gentoo-commits

commit:     a28012017468408c57306f590e3fb254d8746dd2
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 20 06:47:22 2017 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Sep 20 06:47:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2801201

mail-mta/exim: add backport for crash on remote server behaviour

Package-Manager: Portage-2.3.8, Repoman-2.3.1

 mail-mta/exim/exim-4.89-r2.ebuild                  | 529 +++++++++++++++++++++
 .../exim/files/exim-4.89-transport-crash.patch     |  62 +++
 2 files changed, 591 insertions(+)

diff --git a/mail-mta/exim/exim-4.89-r2.ebuild b/mail-mta/exim/exim-4.89-r2.ebuild
new file mode 100644
index 00000000000..1f2228c4f0c
--- /dev/null
+++ b/mail-mta/exim/exim-4.89-r2.ebuild
@@ -0,0 +1,529 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"
+REQUIRED_USE="
+	dane? ( !gnutls )
+	dmarc? ( spf dkim )
+	pkcs11? ( gnutls )
+	spf? ( exiscan-acl )
+	srs? ( exiscan-acl )
+"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+	mirror://gentoo/system_filter.exim.gz
+	doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+	>=sys-libs/db-3.2:=
+	dev-libs/libpcre
+	perl? ( dev-lang/perl:= )
+	pam? ( virtual/pam )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gnutls? ( net-libs/gnutls[pkcs11?]
+			  dev-libs/libtasn1 )
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	nis? ( elibc_glibc? ( || (
+		<sys-libs/glibc-2.23
+		>=sys-libs/glibc-2.23[rpc]
+	) ) )
+	mysql? ( virtual/libmysqlclient )
+	postgres? ( dev-db/postgresql:= )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+	redis? ( dev-libs/hiredis )
+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+	dmarc? ( mail-filter/opendmarc )
+	srs? ( mail-filter/libsrs_alt )
+	X? ( x11-proto/xproto
+		x11-libs/libX11
+		x11-libs/libXmu
+		x11-libs/libXt
+		x11-libs/libXaw
+	)
+	sqlite? ( dev-db/sqlite )
+	radius? ( net-dialup/freeradius-client )
+	virtual/libiconv
+	"
+	# added X check for #57206
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/mini-qmail
+	!<mail-mta/msmtp-1.4.19-r1
+	!>=mail-mta/msmtp-1.4.19-r1[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!<mail-mta/ssmtp-2.64-r2
+	!>=mail-mta/ssmtp-2.64-r2[mta]
+	!net-mail/mailwrapper
+	>=net-mail/mailbase-0.00-r5
+	virtual/logger
+	dcc? ( mail-filter/dcc )
+	selinux? ( sec-policy/selinux-exim )
+	"
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+	epatch "${FILESDIR}"/exim-4.14-tail.patch
+	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+	epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+	epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212
+	epatch "${FILESDIR}"/${P}-transport-crash.patch # from git/in next release
+
+	if use maildir ; then
+		epatch "${FILESDIR}"/exim-4.20-maildir.patch
+	else
+		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+	fi
+
+	eapply_user
+
+	# user Exim believes it should be
+	MAILUSER=mail
+	MAILGROUP=mail
+	if use prefix && [[ ${EUID} != 0 ]] ; then
+		MAILUSER=$(id -un)
+		MAILGROUP=$(id -gn)
+	fi
+}
+
+src_configure() {
+	# general config and paths
+
+	sed -i.orig \
+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+		"${S}"/src/configure.default || die
+
+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+		src/EDITME > Local/Makefile
+
+	if use elibc_musl; then
+		sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+		-i OS/Makefile-Linux
+	fi
+
+	cd Local
+
+	cat >> Makefile <<- EOC
+		INFO_DIRECTORY=${EPREFIX}/usr/share/info
+		PID_FILE_PATH=${EPREFIX}/run/exim.pid
+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+		HAVE_ICONV=yes
+	EOC
+
+	# if we use libiconv, now is the time to tell so
+	use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+	# support for IPv6
+	if use ipv6; then
+		cat >> Makefile <<- EOC
+			HAVE_IPV6=YES
+		EOC
+	fi
+
+	#
+	# mail storage formats
+
+	# mailstore is Exim's traditional storage format
+	cat >> Makefile <<- EOC
+		SUPPORT_MAILSTORE=yes
+	EOC
+
+	# mbox
+	if use mbx; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MBX=yes
+		EOC
+	fi
+
+	# maildir
+	if use maildir; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MAILDIR=yes
+		EOC
+	fi
+
+	#
+	# lookup methods
+
+	# use the "native" interfaces to the DBM and CDB libraries, support
+	# passwd and directory lookups by default
+	cat >> Makefile <<- EOC
+		USE_DB=yes
+		DBMLIB=-ldb
+		LOOKUP_CDB=yes
+		LOOKUP_PASSWD=yes
+		LOOKUP_DSEARCH=yes
+	EOC
+
+	if ! use dnsdb; then
+		# DNSDB lookup is enabled by default
+		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+	fi
+
+	if use ldap; then
+		cat >> Makefile <<- EOC
+			LOOKUP_LDAP=yes
+			LDAP_LIB_TYPE=OPENLDAP2
+			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+			LOOKUP_LIBS += -lldap -llber
+		EOC
+	fi
+
+	if use mysql; then
+		cat >> Makefile <<- EOC
+			LOOKUP_MYSQL=yes
+			LOOKUP_INCLUDE += $(mysql_config --include)
+			LOOKUP_LIBS += $(mysql_config --libs)
+		EOC
+	fi
+
+	if use nis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_NIS=yes
+			LOOKUP_NISPLUS=yes
+		EOC
+	fi
+
+	if use postgres; then
+		cat >> Makefile <<- EOC
+			LOOKUP_PGSQL=yes
+			LOOKUP_INCLUDE += -I$(pg_config --includedir)
+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+		EOC
+	fi
+
+	if use sqlite; then
+		cat >> Makefile <<- EOC
+			LOOKUP_SQLITE=yes
+			LOOKUP_SQLITE_PC=sqlite3
+		EOC
+	fi
+
+	if use redis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_REDIS=yes
+			LOOKUP_LIBS += -lhiredis
+		EOC
+	fi
+
+	#
+	# Exim monitor, enabled by default, controlled via X USE-flag,
+	# disable if not requested, bug #46778
+	if use X; then
+		cp ../exim_monitor/EDITME eximon.conf || die
+	else
+		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+	fi
+
+	#
+	# features
+
+	# content scanning support
+	if use exiscan-acl; then
+		cat >> Makefile <<- EOC
+			WITH_CONTENT_SCAN=yes
+			WITH_OLD_DEMIME=yes
+		EOC
+	fi
+
+	# DomainKeys Identified Mail, RFC4871
+	if ! use dkim; then
+		# DKIM is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_DKIM=yes
+		EOC
+	fi
+
+	# Per-Recipient-Data-Response
+	if ! use prdr; then
+		# PRDR is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_PRDR=yes
+		EOC
+	fi
+
+	# log to syslog
+	if use syslog; then
+		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=syslog
+		EOC
+	else
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+		EOC
+	fi
+
+	# starttls support (ssl)
+	if use ssl; then
+		echo "SUPPORT_TLS=yes" >> Makefile
+		if use gnutls; then
+			echo "USE_GNUTLS=yes" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls" >> Makefile
+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+		else
+			echo "USE_OPENSSL_PC=openssl" >> Makefile
+		fi
+	fi
+
+	# TCP wrappers
+	if use tcpd; then
+		cat >> Makefile <<- EOC
+			USE_TCP_WRAPPERS=yes
+			EXTRALIBS_EXIM += -lwrap
+		EOC
+	fi
+
+	# Light Mail Transport Protocol
+	if use lmtp; then
+		cat >> Makefile <<- EOC
+			TRANSPORT_LMTP=yes
+		EOC
+	fi
+
+	# embedded Perl
+	if use perl; then
+		cat >> Makefile <<- EOC
+			EXIM_PERL=perl.o
+		EOC
+	fi
+
+	# dlfunc
+	if use dlfunc; then
+		cat >> Makefile <<- EOC
+			EXPAND_DLFUNC=yes
+		EOC
+	fi
+
+	# Proxy Protocol
+	if use proxy; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PROXY=yes
+		EOC
+	fi
+
+	#
+	# experimental features
+
+	# DANE
+	if use dane; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DANE=yes
+		EOC
+	fi
+
+	# Distributed Checksum Clearinghouse
+	if use dcc; then
+		echo "EXPERIMENTAL_DCC=yes">> Makefile
+	fi
+
+	# Sender Policy Framework
+	if use spf; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SPF=yes
+			EXTRALIBS_EXIM += -lspf2
+		EOC
+	fi
+
+	# Sender Rewriting Scheme
+	if use srs; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SRS=yes
+			EXTRALIBS_EXIM += -lsrs_alt
+		EOC
+	fi
+
+	# DMARC
+	if use dmarc; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DMARC=yes
+			EXTRALIBS_EXIM += -lopendmarc
+		EOC
+	fi
+
+	# Transport post-delivery actions
+	if use tpda; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_EVENT=yes
+		EOC
+	fi
+
+	# Delivery Sender Notifications
+	if use dsn; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DSN=yes
+		EOC
+	fi
+
+	#
+	# authentication (SMTP AUTH)
+
+	# standard bits
+	cat >> Makefile <<- EOC
+		AUTH_SPA=yes
+		AUTH_CRAM_MD5=yes
+		AUTH_PLAINTEXT=yes
+	EOC
+
+	# Cyrus SASL
+	if use sasl; then
+		cat >> Makefile <<- EOC
+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+			AUTH_CYRUS_SASL=yes
+			AUTH_LIBS += -lsasl2
+		EOC
+	fi
+
+	# Dovecot
+	if use dovecot-sasl; then
+		cat >> Makefile <<- EOC
+			AUTH_DOVECOT=yes
+		EOC
+	fi
+
+	# Pluggable Authentication Modules
+	if use pam; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PAM=yes
+			AUTH_LIBS += -lpam
+		EOC
+	fi
+
+	# Radius
+	if use radius; then
+		cat >> Makefile <<- EOC
+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+			AUTH_LIBS += -lfreeradius-client
+		EOC
+	fi
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+		|| die "make failed"
+}
+
+src_install () {
+	cd "${S}"/build-exim-gentoo || die
+	dosbin exim
+	if use X; then
+		dosbin eximon.bin
+		dosbin eximon
+	fi
+	fperms 4755 /usr/sbin/exim
+
+	dosym exim /usr/sbin/sendmail
+	dosym exim /usr/sbin/rsmtp
+	dosym exim /usr/sbin/rmail
+	dosym /usr/sbin/exim /usr/bin/mailq
+	dosym /usr/sbin/exim /usr/bin/newaliases
+	dosym /usr/sbin/sendmail /usr/lib/sendmail
+
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+		convert4r3 convert4r4 exipick
+	do
+		dosbin $i
+	done
+
+	dodoc "${S}"/doc/*
+	doman "${S}"/doc/exim.8
+	use dsn && dodoc "${S}"/README.DSN
+	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+	# conf files
+	insinto /etc/exim
+	newins "${S}"/src/configure.default exim.conf.dist
+	if use exiscan-acl; then
+		newins "${S}"/src/configure.default exim.conf.exiscan-acl
+	fi
+	doins "${WORKDIR}"/system_filter.exim
+	doins "${FILESDIR}"/auth_conf.sub
+
+	pamd_mimic system-auth exim auth account
+
+	# headers, #436406
+	if use dlfunc ; then
+		# fixup includes so they actually can be found when including
+		sed -i \
+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+			local_scan.h || die
+		insinto /usr/include/exim
+		doins {config,local_scan}.h ../src/{mytypes,store}.h
+	fi
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/exim.logrotate" exim
+
+	newinitd "${FILESDIR}"/exim.rc10 exim
+	newconfd "${FILESDIR}"/exim.confd exim
+
+	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+	dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+	fi
+	use dane && einfo "DANE support is experimental"
+	if use dcc ; then
+		einfo "DCC support is experimental, you can find some limited"
+		einfo "documentation at the bottom of this prerelease message:"
+		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+	fi
+	use spf && einfo "SPF support is experimental"
+	use srs && einfo "SRS support is experimental"
+	if use dmarc ; then
+		einfo "DMARC support is experimental.  See global settings to"
+		einfo "configure DMARC, for usage see the documentation at "
+		einfo "experimental-spec.txt."
+	fi
+	use tpda && einfo "TPDA/EVENT support is experimental"
+	use dsn && einfo "DSN support is experimental"
+	elog "The obsolete acl condition 'demime' is removed, the replacements"
+	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}

diff --git a/mail-mta/exim/files/exim-4.89-transport-crash.patch b/mail-mta/exim/files/exim-4.89-transport-crash.patch
new file mode 100644
index 00000000000..94a1d6b1552
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.89-transport-crash.patch
@@ -0,0 +1,62 @@
+This is a manual backport of the following commit which fixes the
+original bug as well as https://bugs.exim.org/show_bug.cgi?id=2166:
+
+From e69636bc9ddf3617be688b07941d7d659d50eaa7 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sat, 3 Jun 2017 13:39:18 +0100
+Subject: [PATCH 1/1] Fix crash in transport, on second smtp-connect fail for a
+ list of target hosts
+
+Reported as the sequence:
+  1MX: 554 on connect (banner)
+  2MX: TCP conn timeout
+
+diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
+index 454c0f7..dc9e03b 100644
+--- a/src/src/transports/smtp.c
++++ b/src/src/transports/smtp.c
+@@ -2177,25 +2177,34 @@ return OK;
+ 
+   /* The failure happened while setting up the call; see if the failure was
+   a 5xx response (this will either be on connection, or following HELO - a 5xx
+-  after EHLO causes it to try HELO). If so, fail all addresses, as this host is
+-  never going to accept them. For other errors during setting up (timeouts or
+-  whatever), defer all addresses, and yield DEFER, so that the host is not
+-  tried again for a while. */
++  after EHLO causes it to try HELO). If so, and there are no more hosts to try,
++  fail all addresses, as this host is never going to accept them. For other
++  errors during setting up (timeouts or whatever), defer all addresses, and
++  yield DEFER, so that the host is not tried again for a while.
++
++  XXX This peeking for another host feels like a layering violation. We want
++  to note the host as unusable, but down here we shouldn't know if this was
++  the last host to try for the addr(list).  Perhaps the upper layer should be
++  the one to do set_errno() ?  The problem is that currently the addr is where
++  errno etc. are stashed, but until we run out of hosts to try the errors are
++  host-specific.  Maybe we should enhance the host_item definition? */
+ 
+ FAILED:
+   sx->ok = FALSE;                /* For when reached by GOTO */
+-
+-  yield = code == '5'
++  set_errno(sx->addrlist, errno, message,
++	    sx->host->next
++	    ? DEFER
++	    : code == '5'
+ #ifdef SUPPORT_I18N
+-	  || errno == ERRNO_UTF8_FWD
++			|| errno == ERRNO_UTF8_FWD
+ #endif
+-    ? FAIL : DEFER;
+-
+-  set_errno(sx->addrlist, errno, message, yield, pass_message, sx->host
++	    ? FAIL : DEFER,
++	    pass_message, sx->host
+ #ifdef EXPERIMENTAL_DSN_INFO
+ 	    , sx->smtp_greeting, sx->helo_response
+ #endif
+ 	    );
++  yield = DEFER;
+   }
+ 
+ 


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-10-05 13:39 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2017-10-05 13:39 UTC (permalink / raw
  To: gentoo-commits

commit:     1a5cdd9ceb1e3b02e4076b9033b54fa980083e24
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  5 13:37:33 2017 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Thu Oct  5 13:37:33 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a5cdd9c

mail-mta/exim: cleanupsecurity affected version, bug #622212

Package-Manager: Portage-2.3.8, Repoman-2.3.3

 mail-mta/exim/Manifest                             |   2 -
 mail-mta/exim/exim-4.88.ebuild                     | 528 ---------------------
 .../exim/files/exim-4.88-as-needed-ldflags.patch   | 145 ------
 mail-mta/exim/files/exim.rc9                       |  45 --
 4 files changed, 720 deletions(-)

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 85e003d0642..bfccbae830e 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,5 +1,3 @@
-DIST exim-4.88.tar.bz2 1824610 SHA256 119d5fd7e31fc224e84dfa458fe182f200856bae7adf852a8287c242161f8a2d SHA512 ea094bf703628c201de119fc5f09539475e52158e935f8f2a9e4138c4a1bfe885017145c3cc5e22aa9087b195091955c69385ebf1ea0baec64ed5c1b8e3b1caf WHIRLPOOL d2d8c404217fcc5bbc7bc18500456f2709a099b0a31d4930343b836c35c62e3914fa1c686ea7d9ba5eea95f0caab13c3b76c1508eda74cb75dabb0d61472428e
 DIST exim-4.89.tar.bz2 1844430 SHA256 912f2ee03c8dba06a3a4c0ee40522d367e1b65dc59e38dfcc1f5d9eecff51ab0 SHA512 1e059966a93b47f055ab4ec2a4556f2c918aff56ea0367585f3a853f00411e9c275e13be4f9ae615a468fa06263135cd6a138fa1753f1b7fb3259a3321fcca65 WHIRLPOOL d0b30cde5cf2dbe278d393eae70e40a3861a153a2411f98f73a7ae43881032cc3e0f15163b09e17d61c09e673c2e766371c80533908af3460f483a5c18dff80f
-DIST exim-pdf-4.88.tar.bz2 1922494 SHA256 33736fafb45c5922fcbc0def7626f46cb74927987b78943aa26949ef30789574 SHA512 8c4f580fa319c0285bcb49056ecd72b056cbbfa287a15a4d856965b4218469c85607ec7321ae0f2ba3be868f05a70a7fb8a77d5836a574417e6bffc64720bee5 WHIRLPOOL 7e3e65c58cc9a313d3440de6b79ed4f113ea265e39201aa2d36c091037c2b20718bd49f04e99f2aa029a20d238cd21178762e2ba6b470596309e83fb3ffc542b
 DIST exim-pdf-4.89.tar.bz2 1924606 SHA256 17d70ef5b2814f725633efcf339bcb49ac9564ecd648e0e3d010b5e43d6c167d SHA512 b04ea2e4dcdb1aaf52ef77ccd76e6599c68c4c6e5a98090720dbd3c50f7191bf3f6cd7dc2089a765c47576311780809cff547f85f004caec411d0f1ac9985299 WHIRLPOOL 4ab5bc7bdbbfc998ae7ee63f19449d051a1d7183f9b70297db100f44b82df2cca0853c309ddfccafee2d44cd1228258e06628ed82dab76de851bec856321c58f
 DIST system_filter.exim.gz 3075 SHA256 3a3471b486a09e0a0153f7b520e1eaf26d21b97d73ea8348bdc593c00eb1e437 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 WHIRLPOOL ce68d9c18b24eca3ef97ea810964cc1ada5f85b795a7c432ad39b5788188a16419101c92fb52b418738d760e1d658f7a41485e5561079a667d84d276c71be5a4

diff --git a/mail-mta/exim/exim-4.88.ebuild b/mail-mta/exim/exim-4.88.ebuild
deleted file mode 100644
index 767a7dd9736..00000000000
--- a/mail-mta/exim/exim-4.88.ebuild
+++ /dev/null
@@ -1,528 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"
-REQUIRED_USE="
-	dane? ( !gnutls )
-	dmarc? ( spf dkim )
-	pkcs11? ( gnutls )
-	spf? ( exiscan-acl )
-	srs? ( exiscan-acl )
-"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="hppa" # 622212
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	>=sys-libs/db-3.2:=
-	dev-libs/libpcre
-	perl? ( dev-lang/perl:= )
-	pam? ( virtual/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	gnutls? ( net-libs/gnutls[pkcs11?]
-			  dev-libs/libtasn1 )
-	ldap? ( >=net-nds/openldap-2.0.7 )
-	nis? ( elibc_glibc? ( || (
-		<sys-libs/glibc-2.23
-		>=sys-libs/glibc-2.23[rpc]
-	) ) )
-	mysql? ( virtual/libmysqlclient )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc )
-	srs? ( mail-filter/libsrs_alt )
-	X? ( x11-proto/xproto
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/freeradius-client )
-	virtual/libiconv
-	"
-	# added X check for #57206
-DEPEND="${COMMON_DEPEND}
-	virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/mini-qmail
-	!<mail-mta/msmtp-1.4.19-r1
-	!>=mail-mta/msmtp-1.4.19-r1[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/qmail-ldap
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!<mail-mta/ssmtp-2.64-r2
-	!>=mail-mta/ssmtp-2.64-r2[mta]
-	!net-mail/mailwrapper
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
-	epatch "${FILESDIR}"/exim-4.14-tail.patch
-	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
-	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
-	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
-	epatch "${FILESDIR}"/exim-4.88-as-needed-ldflags.patch # 352265, 391279
-	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
-	if use maildir ; then
-		epatch "${FILESDIR}"/exim-4.20-maildir.patch
-	else
-		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	eapply_user
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	sed -i.orig \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
-		"${S}"/src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
-		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile
-
-	if use elibc_musl; then
-		sed -e 's/^LIBS = -lnsl/LIBS =/g' \
-		-i OS/Makefile-Linux
-	fi
-
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-	EOC
-
-	# if we use libiconv, now is the time to tell so
-	use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	#
-	# mail storage formats
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-
-	# use the "native" interfaces to the DBM and CDB libraries, support
-	# passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		USE_DB=yes
-		DBMLIB=-ldb
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	#
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-	else
-		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
-	fi
-
-	#
-	# features
-
-	# content scanning support
-	if use exiscan-acl; then
-		cat >> Makefile <<- EOC
-			WITH_CONTENT_SCAN=yes
-			WITH_OLD_DEMIME=yes
-		EOC
-	fi
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		echo "SUPPORT_TLS=yes" >> Makefile
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls" >> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-		EOC
-	fi
-
-	#
-	# experimental features
-
-	# DANE
-	if use dane; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DANE=yes
-		EOC
-	fi
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SRS=yes
-			EXTRALIBS_EXIM += -lsrs_alt
-		EOC
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use tpda; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_EVENT=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_PROXY=yes
-		EOC
-	fi
-
-	# Delivery Sender Notifications
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
-			AUTH_LIBS += -lfreeradius-client
-		EOC
-	fi
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
-		|| die "make failed"
-}
-
-src_install () {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym /usr/sbin/exim /usr/bin/mailq
-	dosym /usr/sbin/exim /usr/bin/newaliases
-	dosym /usr/sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc "${S}"/doc/*
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	if use exiscan-acl; then
-		newins "${S}"/src/configure.default exim.conf.exiscan-acl
-	fi
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	pamd_mimic system-auth exim auth account
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc9 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	dodir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
-		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
-	fi
-	use dane && einfo "DANE support is experimental"
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	use spf && einfo "SPF support is experimental"
-	use srs && einfo "SRS support is experimental"
-	if use dmarc ; then
-		einfo "DMARC support is experimental.  See global settings to"
-		einfo "configure DMARC, for usage see the documentation at "
-		einfo "experimental-spec.txt."
-	fi
-	use tpda && einfo "TPDA/EVENT support is experimental"
-	use proxy && einfo "proxy support is experimental"
-	use dsn && einfo "DSN support is experimental"
-	elog "The obsolete acl condition 'demime' is removed, the replacements"
-	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
-}

diff --git a/mail-mta/exim/files/exim-4.88-as-needed-ldflags.patch b/mail-mta/exim/files/exim-4.88-as-needed-ldflags.patch
deleted file mode 100644
index a733ca09c2a..00000000000
--- a/mail-mta/exim/files/exim-4.88-as-needed-ldflags.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-https://bugs.gentoo.org/show_bug.cgi?id=352265
-
-Make sure LDFLAGS comes first, such that all libraries are considered,
-and not discarded when --as-needed is in effect.
-
-https://bugs.gentoo.org/show_bug.cgi?id=391279
-
-Use LDFLAGS for all targets, not just the exim binary, such that
---as-needed works as well.
-
-
---- OS/Makefile-Base
-+++ OS/Makefile-Base
-@@ -346,12 +346,12 @@
-         buildrouters buildtransports \
-         $(OBJ_EXIM) version.o
- 	@echo "$(LNCC) -o exim"
--	$(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \
-+	$(FE)$(PURIFY) $(LNCC) -o exim $(LDFLAGS) $(OBJ_EXIM) version.o \
- 	  routers/routers.a transports/transports.a lookups/lookups.a \
- 	  auths/auths.a pdkim/pdkim.a \
- 	  $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \
- 	  $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \
--	  $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS)
-+	  $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim; \
- 	  $(STRIP_COMMAND) exim; \
-@@ -367,8 +367,8 @@
- 
- exim_dumpdb: $(OBJ_DUMPDB)
- 	@echo "$(LNCC) -o exim_dumpdb"
--	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LFLAGS) $(OBJ_DUMPDB) \
--	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LDFLAGS) $(OBJ_DUMPDB) \
-+	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_dumpdb; \
- 	  $(STRIP_COMMAND) exim_dumpdb; \
-@@ -382,8 +382,8 @@
- 
- exim_fixdb:  $(OBJ_FIXDB) buildauths
- 	@echo "$(LNCC) -o exim_fixdb"
--	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \
--	  auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LDFLAGS) $(OBJ_FIXDB) \
-+	  auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_fixdb; \
- 	  $(STRIP_COMMAND) exim_fixdb; \
-@@ -397,8 +397,8 @@
- 
- exim_tidydb: $(OBJ_TIDYDB)
- 	@echo "$(LNCC) -o exim_tidydb"
--	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LFLAGS) $(OBJ_TIDYDB) \
--	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LDFLAGS) $(OBJ_TIDYDB) \
-+	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_tidydb; \
- 	  $(STRIP_COMMAND) exim_tidydb; \
-@@ -410,8 +410,8 @@
- 
- exim_dbmbuild: exim_dbmbuild.o
- 	@echo "$(LNCC) -o exim_dbmbuild"
--	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
--	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LDFLAGS) exim_dbmbuild.o \
-+	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_dbmbuild; \
- 	  $(STRIP_COMMAND) exim_dbmbuild; \
-@@ -425,8 +425,8 @@
- 	@echo "$(CC) exim_lock.c"
- 	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
- 	@echo "$(LNCC) -o exim_lock"
--	$(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o  \
--	  $(LIBS) $(EXTRALIBS)
-+	$(FE)$(LNCC) -o exim_lock $(LDFLAGS) exim_lock.o  \
-+	  $(LIBS) $(EXTRALIBS) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_lock; \
- 	  $(STRIP_COMMAND) exim_lock; \
-@@ -462,9 +462,9 @@
- 	$(FE)$(CC) -o em_version.o -c \
- 	  $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c
- 	@echo "$(LNCC) -o eximon.bin"
--	$(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \
-+	$(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LDFLAGS) $(XLFLAGS) \
- 	  $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \
--	  $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc
-+	  $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) eximon.bin; \
- 	  $(STRIP_COMMAND) eximon.bin; \
-@@ -779,9 +779,9 @@
- test_dbfn:   config.h dbfn.c dummies.o sa-globals.o sa-os.o store.o \
- 	       string.o tod.o version.o utf8.o
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
--	$(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \
-+	$(LNCC) -o test_dbfn $(LDFLAGS) dbfn.o \
- 	  dummies.o sa-globals.o sa-os.o store.o string.o \
--	  tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS)
-+	  tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LFLAGS)
- 	rm -f dbfn.o
- 
- test_host:   config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
-@@ -790,29 +790,29 @@
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c
--	$(LNCC) -o test_host $(LFLAGS) \
-+	$(LNCC) -o test_host $(LDFLAGS) \
- 	  host.o child.o dns.o dummies.o sa-globals.o os.o store.o string.o \
--	  tod.o tree.o $(LIBS) $(LIBRESOLV)
-+	  tod.o tree.o $(LIBS) $(LIBRESOLV) $(LFLAGS)
- 	rm -f child.o dummies.o host.o dns.o
- 
- test_os:     os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c
--	$(LNCC) -o test_os $(LFLAGS) os.o dummies.o \
--	  sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS)
-+	$(LNCC) -o test_os $(LDFLAGS) os.o dummies.o \
-+	  sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LFLAGS)
- 	rm -f os.o
- 
- test_parse:  config.h parse.c dummies.o sa-globals.o \
- 	     store.o string.o tod.o version.o utf8.o
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c
--	$(LNCC) -o test_parse $(LFLAGS) parse.o \
-+	$(LNCC) -o test_parse $(LDFLAGS) parse.o \
- 	  dummies.o sa-globals.o store.o string.o tod.o version.o \
--	  utf8.o $(LDFLAGS)
-+	  utf8.o $(LFLAGS)
- 	rm -f parse.o
- 
- test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c
--	$(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \
--	  dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS)
-+	$(LNCC) -o test_string $(LDFLAGS) -DSTAND_ALONE string.o \
-+	  dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LFLAGS)
- 	rm -f string.o
- 
- # End

diff --git a/mail-mta/exim/files/exim.rc9 b/mail-mta/exim/files/exim.rc9
deleted file mode 100644
index ebc74115378..00000000000
--- a/mail-mta/exim/files/exim.rc9
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_started_commands="reload"
-
-depend() {
-	need logger
-	use antivirus net
-	provide mta
-}
-
-tidy_dbs() {
-	local spooldir=$(/usr/sbin/exim -C /etc/exim/${SVCNAME}.conf -bP -n spool_directory)
-	local db
-	local ret=0
-	ebegin "Tidying hints databases in ${spooldir}/db"
-	for db in "${spooldir}"/db/* ; do
-		[[ ${db} == *".lockfile" || ${db} == *"*" ]] && continue
-		/usr/sbin/exim_tidydb ${TIDY_OPTS} "${spooldir}" ${db##*/} > /dev/null
-		: $((ret += $?))
-	done
-	eend ${ret}
-}
-
-start() {
-	# if you use multiple instances, make sure you set spool_directory
-	# in the configfile
-	tidy_dbs
-	ebegin "Starting ${SVCNAME}"
-	start-stop-daemon --start --exec /usr/sbin/exim --pidfile /run/${SVCNAME}.pid -- -C /etc/exim/${SVCNAME}.conf ${EXIM_OPTS:--bd -q15m}
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping ${SVCNAME}"
-	start-stop-daemon --stop --pidfile /run/${SVCNAME}.pid --name exim
-	eend $?
-}
-
-reload() {
-	ebegin "Reloading ${SVCNAME}"
-	start-stop-daemon --signal HUP --pidfile /run/${SVCNAME}.pid --name exim
-	eend $?
-}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-10-08  9:24 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2017-10-08  9:24 UTC (permalink / raw
  To: gentoo-commits

commit:     c87c9d43f1e04c6f13067946c6cdb868667e4c2f
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Oct  8 09:02:10 2017 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Oct  8 09:24:54 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c87c9d43

mail-mta/exim: add patch from upstream for crash in address expando

Package-Manager: Portage-2.3.8, Repoman-2.3.3

 .../{exim-4.89-r2.ebuild => exim-4.89-r3.ebuild}   |  1 +
 .../files/exim-4.89-address-expando-crash.patch    | 85 ++++++++++++++++++++++
 2 files changed, 86 insertions(+)

diff --git a/mail-mta/exim/exim-4.89-r2.ebuild b/mail-mta/exim/exim-4.89-r3.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.89-r2.ebuild
rename to mail-mta/exim/exim-4.89-r3.ebuild
index 1f2228c4f0c..654084176e6 100644
--- a/mail-mta/exim/exim-4.89-r2.ebuild
+++ b/mail-mta/exim/exim-4.89-r3.ebuild
@@ -96,6 +96,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
 	epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212
 	epatch "${FILESDIR}"/${P}-transport-crash.patch # from git/in next release
+	epatch "${FILESDIR}"/${P}-address-expando-crash.patch # from git/in next release
 
 	if use maildir ; then
 		epatch "${FILESDIR}"/exim-4.20-maildir.patch

diff --git a/mail-mta/exim/files/exim-4.89-address-expando-crash.patch b/mail-mta/exim/files/exim-4.89-address-expando-crash.patch
new file mode 100644
index 00000000000..2a868490a42
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.89-address-expando-crash.patch
@@ -0,0 +1,85 @@
+ignoring parts which don't match due to repo reorg post release
+
+From 1b7cf216d933b395dee691f05becca4dd44b26f7 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Wed, 4 Oct 2017 22:25:45 +0200
+Subject: [PATCH] Check for proper output separator in expanding
+ ${addresses:STRING}    (Closes 2171)
+
+Better yet would be to force setting the output separator literally,
+and not after expansion of the STRING. But this would be an incompatible
+change.
+---
+ doc/doc-docbook/spec.xfpt    | 10 +++++++++-
+ src/src/expand.c             |  8 +++++++-
+ test/scripts/0000-Basic/0002 |  1 +
+ test/stdout/0002             |  1 +
+ 4 files changed, 18 insertions(+), 2 deletions(-)
+
+ignored - diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
+ignored - index 4a8e1d0..c140945 100644
+ignored - --- a/doc/doc-docbook/spec.xfpt
+ignored - +++ b/doc/doc-docbook/spec.xfpt
+ignored - @@ -10118,7 +10118,15 @@ character. For example:
+ignored -  .code
+ignored -  ${addresses:>& Chief <ceo@up.stairs>, sec@base.ment (dogsbody)}
+ignored -  .endd
+ignored - -expands to &`ceo@up.stairs&&sec@base.ment`&. Compare the &*address*& (singular)
+ignored - +expands to &`ceo@up.stairs&&sec@base.ment`&. The string is expanded
+ignored - +first, so if the expanded string starts with >, it may change the output
+ignored - +separator unintentionally. This can be avoided by setting the output
+ignored - +separator explicitly:
+ignored - +.code
+ignored - +${addresses:>:$h_from:}
+ignored - +.endd
+ignored - +
+ignored - +Compare the &*address*& (singular)
+ignored -  expansion item, which extracts the working address from a single RFC2822
+ignored -  address. See the &*filter*&, &*map*&, and &*reduce*& items for ways of
+ignored -  processing lists.
+diff --git a/src/src/expand.c b/src/src/expand.c
+index 353b8ea..67b3d65 100644
+--- a/src/src/expand.c
++++ b/src/src/expand.c
+@@ -6797,7 +6797,13 @@ while (*s != 0)
+         int start, end, domain;  /* Not really used */
+ 
+         while (isspace(*sub)) sub++;
+-        if (*sub == '>') { *outsep = *++sub; ++sub; }
++        if (*sub == '>')
++          if (*outsep = *++sub) ++sub;
++          else {
++            expand_string_message = string_sprintf("output separator "
++              "missing in expanding ${addresses:%s}", --sub);
++            goto EXPAND_FAILED;
++          }
+         parse_allow_group = TRUE;
+ 
+         for (;;)
+ignored - diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002
+ignored - index cb0bb18..dd9cea2 100644
+ignored - --- a/test/scripts/0000-Basic/0002
+ignored - +++ b/test/scripts/0000-Basic/0002
+ignored - @@ -133,6 +133,7 @@ addresses: ${addresses:>+ Exim Person <local-part@dom.ain> (that's me),\
+ignored -  addresses: ${addresses:Exim Person <local-part@dom.ain> (that's me), \
+ignored -             xyz@abc, nullgroupname:;, group: p@q, r@s; }
+ignored -  addresses: ${addresses:local-part@dom.ain <local-part@dom.ain>}
+ignored - +addresses: ${addresses:>}
+ignored -  
+ignored -  escape:     ${escape:B7·F2ò}
+ignored -  excape8bit: ${escape8bit:undisturbed text\ttab\nnewline\ttab\\backslash \176tilde\177DEL\200\x81.}
+ignored - diff --git a/test/stdout/0002 b/test/stdout/0002
+ignored - index 5593f06..1422289 100644
+ignored - --- a/test/stdout/0002
+ignored - +++ b/test/stdout/0002
+ignored - @@ -123,6 +123,7 @@
+ignored -  > addresses: local-part@dom.ain+xyz@abc
+ignored -  > addresses: local-part@dom.ain:xyz@abc:p@q:r@s
+ignored -  > addresses: 
+ignored - +> Failed: output separator missing in expanding ${addresses:>}
+ignored -  > 
+ignored -  > escape:     B7\267F2\362
+ignored -  > excape8bit: undisturbed text	tab
+-- 
+1.9.1
+


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2019-02-19 12:20 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2019-02-19 12:20 UTC (permalink / raw
  To: gentoo-commits

commit:     85749f8757dad788e0a475affc9b77f4a722aac9
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 17 10:37:02 2019 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Tue Feb 19 12:19:43 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85749f87

mail-mta/exim: version bump

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 mail-mta/exim/Manifest                             |   2 +
 mail-mta/exim/exim-4.92.ebuild                     | 561 +++++++++++++++++++++
 .../exim/files/exim-4.92-localscan_dlopen.patch    | 267 ++++++++++
 3 files changed, 830 insertions(+)

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index a9d8a746f01..7195d5f1d29 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,3 +1,5 @@
 DIST exim-4.91.tar.xz 1744660 BLAKE2B 8d50a709def02a52f8e76a16fcf51a4fc7e553217d5513a361aa780f58bff336a9ab90d8683e3841a074f54f3c75f2f77bf1a353a849be1207bffdd5fb6e4c51 SHA512 35b34dda8dd0f27c0429e6eb8409756ecd3cf9e535bac421d696b1560db0ff3bf4cd0e4a00bc0b7e32137d31bb5de20776c7c1830ec125aa36b5c4376b0c71a2
+DIST exim-4.92.tar.xz 1767136 BLAKE2B 6c97578807073a782112218c65de460cc94f046d807eddc7330f2f67266c0ef341ded61050a16aca13c88e606a923a9e08033c8bfb618a7ef34b3d2ea6db32ca SHA512 62c327e6184a358ba7f0dbc38b44d2537234be91727a5bfac97e74af64a8d77e376b3221dcfdd8f6eca7d812f9233595503dc6e50e2972bed40a1b74eb209c31
 DIST exim-pdf-4.91.tar.xz 1973672 BLAKE2B 0b9e3f65c8e8a5f727dd4359d1c5c6c867c0ecfce3b44763d5a24f2d98353bc58c42456e9884994f404d17685909ea287a478189407ba8e7835352274c788980 SHA512 82add9b42749b6d938ff3b44a4dea3dfe84bcb2a1efea8a32b64d81a9ea312033d33023b5c224a44a2c053b18f9042bd1f2834847cf48873d1725a5594704a12
+DIST exim-pdf-4.92.tar.xz 2038812 BLAKE2B d5966a27f980a2ceb31293d92049a6691a08262bd20ae7315f41929f0d7a45b5d66c7000f9596b193e74d0c17f91c56a3262602047673c49649f1cad6b216547 SHA512 3a40818025fceaa7ac17f8e7ce06a61e3cf65267c821aea93e1a1a659782b047ab177b88a38c9b2271c0a296e1dc7939e23fe0f89415a11cd45693cb8af10c15
 DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3

diff --git a/mail-mta/exim/exim-4.92.ebuild b/mail-mta/exim/exim-4.92.ebuild
new file mode 100644
index 00000000000..1b4f24e9a07
--- /dev/null
+++ b/mail-mta/exim/exim-4.92.ebuild
@@ -0,0 +1,561 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit db-use eutils toolchain-funcs multilib pam systemd
+
+IUSE="arc dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn elibc_glibc exiscan-acl gnutls idn ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd +tpda X"
+REQUIRED_USE="
+	arc? ( dkim spf )
+	dane? ( ssl !gnutls )
+	dmarc? ( dkim spf )
+	gnutls? ( ssl )
+	pkcs11? ( ssl )
+	spf? ( exiscan-acl )
+	srs? ( exiscan-acl )
+"
+# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
+# for x86 and amd64 only, due to this, repoman won't allow depending on
+# gnutls[dane] for all else.  Because we cannot express USE=dane when
+# USE=gnutls is in effect only in package.use.mask, the only option we
+# have left is to a) ignore the dependency (but that results in bug
+# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
+# incorrect, but b) is the only "correct" view from repoman.
+
+COMM_URI="https://downloads.exim.org/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.xz
+	mirror://gentoo/system_filter.exim.gz
+	doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.xz )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+	( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
+	dev-libs/libpcre
+	idn? ( net-dns/libidn:= net-dns/libidn2:= )
+	perl? ( dev-lang/perl:= )
+	pam? ( virtual/pam )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gnutls? (
+		net-libs/gnutls:0=[pkcs11?]
+		dev-libs/libtasn1
+	)
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	nis? (
+		elibc_glibc? (
+			net-libs/libtirpc
+			>=net-libs/libnsl-1:=
+		)
+	)
+	mysql? ( virtual/libmysqlclient )
+	postgres? ( dev-db/postgresql:= )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+	redis? ( dev-libs/hiredis )
+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+	dmarc? ( mail-filter/opendmarc )
+	srs? ( mail-filter/libsrs_alt )
+	X? (
+		x11-libs/libX11
+		x11-libs/libXmu
+		x11-libs/libXt
+		x11-libs/libXaw
+	)
+	sqlite? ( dev-db/sqlite )
+	radius? ( net-dialup/freeradius-client )
+	virtual/libiconv
+	elibc_glibc? ( net-libs/libnsl )
+	"
+	# added X check for #57206
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/mini-qmail
+	!<mail-mta/msmtp-1.4.19-r1
+	!>=mail-mta/msmtp-1.4.19-r1[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!<mail-mta/ssmtp-2.64-r2
+	!>=mail-mta/ssmtp-2.64-r2[mta]
+	!net-mail/mailwrapper
+	>=net-mail/mailbase-0.00-r5
+	virtual/logger
+	dcc? ( mail-filter/dcc )
+	selinux? ( sec-policy/selinux-exim )
+	"
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+	epatch "${FILESDIR}"/exim-4.14-tail.patch
+	epatch "${FILESDIR}"/exim-4.92-localscan_dlopen.patch
+	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+	epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+
+	if use maildir ; then
+		epatch "${FILESDIR}"/exim-4.20-maildir.patch
+	else
+		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+	fi
+
+	eapply_user
+
+	# user Exim believes it should be
+	MAILUSER=mail
+	MAILGROUP=mail
+	if use prefix && [[ ${EUID} != 0 ]] ; then
+		MAILUSER=$(id -un)
+		MAILGROUP=$(id -gn)
+	fi
+}
+
+src_configure() {
+	# general config and paths
+
+	sed -i.orig \
+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+		"${S}"/src/configure.default || die
+
+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+		src/EDITME > Local/Makefile
+
+	if use elibc_musl; then
+		sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+		-i OS/Makefile-Linux
+	fi
+
+	cd Local
+
+	cat >> Makefile <<- EOC
+		INFO_DIRECTORY=${EPREFIX}/usr/share/info
+		PID_FILE_PATH=${EPREFIX}/run/exim.pid
+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+		HAVE_ICONV=yes
+	EOC
+
+	# if we use libiconv, now is the time to tell so
+	use !elibc_glibc && use !elibc_musl && \
+		echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+	# support for IPv6
+	if use ipv6; then
+		cat >> Makefile <<- EOC
+			HAVE_IPV6=YES
+		EOC
+	fi
+
+	# support i18n/IDNA
+	if use idn; then
+		cat >> Makefile <<- EOC
+			SUPPORT_I18N=yes
+			SUPPORT_I18N_2008=yes
+			EXTRALIBS_EXIM += -lidn -lidn2
+		EOC
+	fi
+
+	#
+	# mail storage formats
+
+	# mailstore is Exim's traditional storage format
+	cat >> Makefile <<- EOC
+		SUPPORT_MAILSTORE=yes
+	EOC
+
+	# mbox
+	if use mbx; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MBX=yes
+		EOC
+	fi
+
+	# maildir
+	if use maildir; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MAILDIR=yes
+		EOC
+	fi
+
+	#
+	# lookup methods
+
+	# use the "native" interfaces to the DBM and CDB libraries, support
+	# passwd and directory lookups by default
+	local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
+	cat >> Makefile <<- EOC
+		USE_DB=yes
+		CFLAGS+=-I$(db_includedir ${DB_VERS})
+		DBMLIB=-l$(db_libname ${DB_VERS})
+		LOOKUP_CDB=yes
+		LOOKUP_PASSWD=yes
+		LOOKUP_DSEARCH=yes
+	EOC
+
+	if ! use dnsdb; then
+		# DNSDB lookup is enabled by default
+		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+	fi
+
+	if use ldap; then
+		cat >> Makefile <<- EOC
+			LOOKUP_LDAP=yes
+			LDAP_LIB_TYPE=OPENLDAP2
+			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+			LOOKUP_LIBS += -lldap -llber
+		EOC
+	fi
+
+	if use mysql; then
+		cat >> Makefile <<- EOC
+			LOOKUP_MYSQL=yes
+			LOOKUP_INCLUDE += $(mysql_config --include)
+			LOOKUP_LIBS += $(mysql_config --libs)
+		EOC
+	fi
+
+	if use nis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_NIS=yes
+			LOOKUP_NISPLUS=yes
+		EOC
+		if use elibc_glibc ; then
+			cat >> Makefile <<- EOC
+				CFLAGS += -I/usr/include/tirpc
+			EOC
+		fi
+	fi
+
+	if use postgres; then
+		cat >> Makefile <<- EOC
+			LOOKUP_PGSQL=yes
+			LOOKUP_INCLUDE += -I$(pg_config --includedir)
+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+		EOC
+	fi
+
+	if use sqlite; then
+		cat >> Makefile <<- EOC
+			LOOKUP_SQLITE=yes
+			LOOKUP_SQLITE_PC=sqlite3
+		EOC
+	fi
+
+	if use redis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_REDIS=yes
+			LOOKUP_LIBS += -lhiredis
+		EOC
+	fi
+
+	#
+	# Exim monitor, enabled by default, controlled via X USE-flag,
+	# disable if not requested, bug #46778
+	if use X; then
+		cp ../exim_monitor/EDITME eximon.conf || die
+	else
+		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+	fi
+
+	#
+	# features
+
+	# content scanning support
+	if use exiscan-acl; then
+		cat >> Makefile <<- EOC
+			WITH_CONTENT_SCAN=yes
+		EOC
+	fi
+
+	# DomainKeys Identified Mail, RFC4871
+	if ! use dkim; then
+		# DKIM is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_DKIM=yes
+		EOC
+	fi
+
+	# Per-Recipient-Data-Response
+	if ! use prdr; then
+		# PRDR is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_PRDR=yes
+		EOC
+	fi
+
+	# Transport post-delivery actions
+	if use !tpda && use !dane; then
+		# EVENT is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_EVENT=yes
+		EOC
+	fi
+
+	# log to syslog
+	if use syslog; then
+		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=syslog
+		EOC
+	else
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+		EOC
+	fi
+
+	# starttls support (ssl)
+	if use ssl; then
+		echo "SUPPORT_TLS=yes" >> Makefile
+		if use gnutls; then
+			echo "USE_GNUTLS=yes" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls" >> Makefile
+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+		else
+			echo "USE_OPENSSL_PC=openssl" >> Makefile
+		fi
+	fi
+
+	# TCP wrappers
+	if use tcpd; then
+		cat >> Makefile <<- EOC
+			USE_TCP_WRAPPERS=yes
+			EXTRALIBS_EXIM += -lwrap
+		EOC
+	fi
+
+	# Light Mail Transport Protocol
+	if use lmtp; then
+		cat >> Makefile <<- EOC
+			TRANSPORT_LMTP=yes
+		EOC
+	fi
+
+	# embedded Perl
+	if use perl; then
+		cat >> Makefile <<- EOC
+			EXIM_PERL=perl.o
+		EOC
+	fi
+
+	# dlfunc
+	if use dlfunc; then
+		cat >> Makefile <<- EOC
+			EXPAND_DLFUNC=yes
+		EOC
+	fi
+
+	# Proxy Protocol
+	if use proxy; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PROXY=yes
+		EOC
+	fi
+
+	# DANE
+	if use dane; then
+		cat >> Makefile <<- EOC
+			SUPPORT_DANE=yes
+		EOC
+	fi
+
+	# Sender Policy Framework
+	if use spf; then
+		cat >> Makefile <<- EOC
+			SUPPORT_SPF=yes
+			EXTRALIBS_EXIM += -lspf2
+		EOC
+	fi
+
+	#
+	# experimental features
+
+	# Authenticated Receive Chain
+	if use arc; then
+		echo "EXPERIMENTAL_ARC=yes">> Makefile
+	fi
+
+	# Distributed Checksum Clearinghouse
+	if use dcc; then
+		echo "EXPERIMENTAL_DCC=yes">> Makefile
+	fi
+
+	# Sender Rewriting Scheme
+	if use srs; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SRS=yes
+			EXTRALIBS_EXIM += -lsrs_alt
+		EOC
+	fi
+
+	# DMARC
+	if use dmarc; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DMARC=yes
+			EXTRALIBS_EXIM += -lopendmarc
+		EOC
+	fi
+
+	# Delivery Sender Notifications extra information in fail message
+	if use dsn; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DSN_INFO=yes
+		EOC
+	fi
+
+	#
+	# authentication (SMTP AUTH)
+
+	# standard bits
+	cat >> Makefile <<- EOC
+		AUTH_SPA=yes
+		AUTH_CRAM_MD5=yes
+		AUTH_PLAINTEXT=yes
+	EOC
+
+	# Cyrus SASL
+	if use sasl; then
+		cat >> Makefile <<- EOC
+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+			AUTH_CYRUS_SASL=yes
+			AUTH_LIBS += -lsasl2
+		EOC
+	fi
+
+	# Dovecot
+	if use dovecot-sasl; then
+		cat >> Makefile <<- EOC
+			AUTH_DOVECOT=yes
+		EOC
+	fi
+
+	# Pluggable Authentication Modules
+	if use pam; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PAM=yes
+			AUTH_LIBS += -lpam
+		EOC
+	fi
+
+	# Radius
+	if use radius; then
+		cat >> Makefile <<- EOC
+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+			AUTH_LIBS += -lfreeradius-client
+		EOC
+	fi
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+		|| die "make failed"
+}
+
+src_install () {
+	cd "${S}"/build-exim-gentoo || die
+	dosbin exim
+	if use X; then
+		dosbin eximon.bin
+		dosbin eximon
+	fi
+	fperms 4755 /usr/sbin/exim
+
+	dosym exim /usr/sbin/sendmail
+	dosym exim /usr/sbin/rsmtp
+	dosym exim /usr/sbin/rmail
+	dosym ../sbin/exim /usr/bin/mailq
+	dosym ../sbin/exim /usr/bin/newaliases
+	dosym ../sbin/sendmail /usr/lib/sendmail
+
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+		convert4r3 convert4r4 exipick
+	do
+		dosbin $i
+	done
+
+	dodoc "${S}"/doc/*
+	doman "${S}"/doc/exim.8
+	use dsn && dodoc "${S}"/README.DSN
+	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+	# conf files
+	insinto /etc/exim
+	newins "${S}"/src/configure.default exim.conf.dist
+	if use exiscan-acl; then
+		newins "${S}"/src/configure.default exim.conf.exiscan-acl
+	fi
+	doins "${WORKDIR}"/system_filter.exim
+	doins "${FILESDIR}"/auth_conf.sub
+
+	pamd_mimic system-auth exim auth account
+
+	# headers, #436406
+	if use dlfunc ; then
+		# fixup includes so they actually can be found when including
+		sed -i \
+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+			local_scan.h || die
+		insinto /usr/include/exim
+		doins {config,local_scan}.h ../src/{mytypes,store}.h
+	fi
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/exim.logrotate" exim
+
+	newinitd "${FILESDIR}"/exim.rc10 exim
+	newconfd "${FILESDIR}"/exim.confd exim
+
+	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+	keepdir /var/log/${PN}
+}
+
+pkg_postinst() {
+	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+	fi
+	if use dcc ; then
+		einfo "DCC support is experimental, you can find some limited"
+		einfo "documentation at the bottom of this prerelease message:"
+		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+	fi
+	use srs && einfo "SRS support is experimental"
+	if use dmarc ; then
+		einfo "DMARC support is experimental.  See global settings to"
+		einfo "configure DMARC, for usage see the documentation at "
+		einfo "experimental-spec.txt."
+	fi
+	use dsn && einfo "extra information in fail DSN message is experimental"
+	elog "The obsolete acl condition 'demime' is removed, the replacements"
+	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}

diff --git a/mail-mta/exim/files/exim-4.92-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.92-localscan_dlopen.patch
new file mode 100644
index 00000000000..b52d2ad7b9c
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.92-localscan_dlopen.patch
@@ -0,0 +1,267 @@
+diff -ur exim-4.92.orig/src/config.h.defaults exim-4.92/src/config.h.defaults
+--- exim-4.92.orig/src/config.h.defaults	2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/config.h.defaults	2019-02-16 18:17:24.547216157 +0100
+@@ -32,6 +32,8 @@
+ 
+ #define AUTH_VARS                     3
+ 
++#define DLOPEN_LOCAL_SCAN
++
+ #define BIN_DIRECTORY
+ 
+ #define CONFIGURE_FILE
+Only in exim-4.92/src: config.h.defaults.orig
+diff -ur exim-4.92.orig/src/EDITME exim-4.92/src/EDITME
+--- exim-4.92.orig/src/EDITME	2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/EDITME	2019-02-16 18:17:24.547216157 +0100
+@@ -824,6 +824,24 @@
+ 
+ 
+ #------------------------------------------------------------------------------
++# On systems which support dynamic loading of shared libraries, Exim can
++# load a local_scan function specified in its config file instead of having
++# to be recompiled with the desired local_scan function. For a full
++# description of the API to this function, see the Exim specification.
++
++DLOPEN_LOCAL_SCAN=yes
++
++# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
++# linker flags.  Without it, the loaded .so won't be able to access any
++# functions from exim.
++
++LFLAGS = -rdynamic
++ifeq ($(OSTYPE),Linux)
++LFLAGS += -ldl
++endif
++
++
++#------------------------------------------------------------------------------
+ # The default distribution of Exim contains only the plain text form of the
+ # documentation. Other forms are available separately. If you want to install
+ # the documentation in "info" format, first fetch the Texinfo documentation
+Only in exim-4.92/src: EDITME.orig
+diff -ur exim-4.92.orig/src/globals.c exim-4.92/src/globals.c
+--- exim-4.92.orig/src/globals.c	2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/globals.c	2019-02-16 18:17:24.549216150 +0100
+@@ -41,6 +41,10 @@
+ 
+ uschar *no_aliases             = NULL;
+ 
++#ifdef DLOPEN_LOCAL_SCAN
++uschar *local_scan_path        = NULL;
++#endif
++
+ 
+ /* For comments on these variables, see globals.h. I'm too idle to
+ duplicate them here... */
+Only in exim-4.92/src: globals.c.orig
+diff -ur exim-4.92.orig/src/globals.h exim-4.92/src/globals.h
+--- exim-4.92.orig/src/globals.h	2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/globals.h	2019-02-16 18:17:24.549216150 +0100
+@@ -152,6 +152,9 @@
+ extern int (*receive_ferror)(void);
+ extern BOOL (*receive_smtp_buffered)(void);
+ 
++#ifdef DLOPEN_LOCAL_SCAN
++extern uschar *local_scan_path;        /* Path to local_scan() library */
++#endif
+ 
+ /* For clearing, saving, restoring address expansion variables. We have to have
+ the size of this vector set explicitly, because it is referenced from more than
+Only in exim-4.92/src: globals.h.orig
+diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
+--- exim-4.92.orig/src/local_scan.c	2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/local_scan.c	2019-02-16 18:29:56.832732592 +0100
+@@ -5,61 +5,131 @@
+ /* Copyright (c) University of Cambridge 1995 - 2009 */
+ /* See the file NOTICE for conditions of use and distribution. */
+ 
++#include "exim.h"
+ 
+-/******************************************************************************
+-This file contains a template local_scan() function that just returns ACCEPT.
+-If you want to implement your own version, you should copy this file to, say
+-Local/local_scan.c, and edit the copy. To use your version instead of the
+-default, you must set
+-
+-HAVE_LOCAL_SCAN=yes
+-LOCAL_SCAN_SOURCE=Local/local_scan.c
+-
+-in your Local/Makefile. This makes it easy to copy your version for use with
+-subsequent Exim releases.
+-
+-For a full description of the API to this function, see the Exim specification.
+-******************************************************************************/
+-
+-
+-/* This is the only Exim header that you should include. The effect of
+-including any other Exim header is not defined, and may change from release to
+-release. Use only the documented interface! */
+-
+-#include "local_scan.h"
+-
+-
+-/* This is a "do-nothing" version of a local_scan() function. The arguments
+-are:
+-
+-  fd             The file descriptor of the open -D file, which contains the
+-                   body of the message. The file is open for reading and
+-                   writing, but modifying it is dangerous and not recommended.
+-
+-  return_text    A pointer to an unsigned char* variable which you can set in
+-                   order to return a text string. It is initialized to NULL.
+-
+-The return values of this function are:
+-
+-  LOCAL_SCAN_ACCEPT
+-                 The message is to be accepted. The return_text argument is
+-                   saved in $local_scan_data.
+-
+-  LOCAL_SCAN_REJECT
+-                 The message is to be rejected. The returned text is used
+-                   in the rejection message.
+-
+-  LOCAL_SCAN_TEMPREJECT
+-                 This specifies a temporary rejection. The returned text
+-                   is used in the rejection message.
+-*/
++#ifdef DLOPEN_LOCAL_SCAN
++#include <dlfcn.h>
++static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
++static int load_local_scan_library(void);
++#endif
+ 
+ int
+ local_scan(int fd, uschar **return_text)
+ {
+ fd = fd;                      /* Keep picky compilers happy */
+ return_text = return_text;
+-return LOCAL_SCAN_ACCEPT;
++#ifdef DLOPEN_LOCAL_SCAN
++/* local_scan_path is defined AND not the empty string */
++if (local_scan_path && *local_scan_path)
++  {
++  if (!local_scan_fn)
++    {
++    if (!load_local_scan_library())
++      {
++        char *base_msg , *error_msg , *final_msg ;
++        int final_length = -1 ;
++
++        base_msg=US"Local configuration error - local_scan() library failure\n";
++        error_msg = dlerror() ;
++
++        final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
++        final_msg = (char*)malloc( final_length*sizeof(char) ) ;
++        *final_msg = '\0' ;
++
++        strcat( final_msg , base_msg ) ;
++        strcat( final_msg , error_msg ) ;
++
++        *return_text = final_msg ;
++      return LOCAL_SCAN_TEMPREJECT;
++      }
++    }
++    return local_scan_fn(fd, return_text);
++  }
++else
++#endif
++  return LOCAL_SCAN_ACCEPT;
++}
++
++#ifdef DLOPEN_LOCAL_SCAN
++
++static int load_local_scan_library(void)
++{
++/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
++void *local_scan_lib = NULL;
++int (*local_scan_version_fn)(void);
++int vers_maj;
++int vers_min;
++
++local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
++if (!local_scan_lib)
++  {
++  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
++    "message temporarily rejected");
++  return FALSE;
++  }
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
++if (!local_scan_version_fn)
++  {
++  dlclose(local_scan_lib);
++  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++    "local_scan_version_major() function - message temporarily rejected");
++  return FALSE;
++  }
++
++/* The major number is increased when the ABI is changed in a non
++   backward compatible way. */
++vers_maj = local_scan_version_fn();
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
++if (!local_scan_version_fn)
++  {
++  dlclose(local_scan_lib);
++  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++    "local_scan_version_minor() function - message temporarily rejected");
++  return FALSE;
++  }
++
++/* The minor number is increased each time a new feature is added (in a
++   way that doesn't break backward compatibility) -- Marc */
++vers_min = local_scan_version_fn();
++
++
++if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
++  {
++  dlclose(local_scan_lib);
++  local_scan_lib = NULL;
++  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
++    "version number, you need to recompile your module for this version"
++    "of exim (The module was compiled for version %d.%d and this exim provides"
++    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++    LOCAL_SCAN_ABI_VERSION_MINOR);
++  return FALSE;
++  }
++else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
++  {
++  dlclose(local_scan_lib);
++  local_scan_lib = NULL;
++  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
++    "version number, you need to recompile your module for this version"
++    "of exim (The module was compiled for version %d.%d and this exim provides"
++    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++    LOCAL_SCAN_ABI_VERSION_MINOR);
++  return FALSE;
++  }
++
++local_scan_fn = dlsym(local_scan_lib, "local_scan");
++if (!local_scan_fn)
++  {
++  dlclose(local_scan_lib);
++  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++    "local_scan() function - message temporarily rejected");
++  return FALSE;
++  }
++
++return TRUE;
+ }
+ 
++#endif /* DLOPEN_LOCAL_SCAN */
++
+ /* End of local_scan.c */
+diff -ur exim-4.92.orig/src/readconf.c exim-4.92/src/readconf.c
+--- exim-4.92.orig/src/readconf.c	2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/readconf.c	2019-02-16 18:18:46.013947455 +0100
+@@ -199,6 +199,9 @@
+   { "local_from_prefix",        opt_stringptr,   &local_from_prefix },
+   { "local_from_suffix",        opt_stringptr,   &local_from_suffix },
+   { "local_interfaces",         opt_stringptr,   &local_interfaces },
++#ifdef DLOPEN_LOCAL_SCAN
++  { "local_scan_path",          opt_stringptr,   &local_scan_path },
++#endif
+ #ifdef HAVE_LOCAL_SCAN
+   { "local_scan_timeout",       opt_time,        &local_scan_timeout },
+ #endif


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2019-06-11  8:17 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2019-06-11  8:17 UTC (permalink / raw
  To: gentoo-commits

commit:     4971a74df5e8753cfbb4d40c0ff4960d951b2e52
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 11 08:16:54 2019 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Tue Jun 11 08:16:54 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4971a74d

mail-mta/exim: revbump for fix for bug #687554

Bug: https://bugs.gentoo.org/687554
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
Package-Manager: Portage-2.3.66, Repoman-2.3.11

 mail-mta/exim/exim-4.92-r1.ebuild                  | 562 +++++++++++++++++++++
 .../files/exim-4.92-fix-eval-expansion-32bit.patch |  51 ++
 2 files changed, 613 insertions(+)

diff --git a/mail-mta/exim/exim-4.92-r1.ebuild b/mail-mta/exim/exim-4.92-r1.ebuild
new file mode 100644
index 00000000000..a0346ffb579
--- /dev/null
+++ b/mail-mta/exim/exim-4.92-r1.ebuild
@@ -0,0 +1,562 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit db-use eutils toolchain-funcs multilib pam systemd
+
+IUSE="arc dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn elibc_glibc exiscan-acl gnutls idn ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd +tpda X"
+REQUIRED_USE="
+	arc? ( dkim spf )
+	dane? ( ssl !gnutls )
+	dmarc? ( dkim spf )
+	gnutls? ( ssl )
+	pkcs11? ( ssl )
+	spf? ( exiscan-acl )
+	srs? ( exiscan-acl )
+"
+# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
+# for x86 and amd64 only, due to this, repoman won't allow depending on
+# gnutls[dane] for all else.  Because we cannot express USE=dane when
+# USE=gnutls is in effect only in package.use.mask, the only option we
+# have left is to a) ignore the dependency (but that results in bug
+# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
+# incorrect, but b) is the only "correct" view from repoman.
+
+COMM_URI="https://downloads.exim.org/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.xz
+	mirror://gentoo/system_filter.exim.gz
+	doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.xz )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+	( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
+	dev-libs/libpcre
+	idn? ( net-dns/libidn:= net-dns/libidn2:= )
+	perl? ( dev-lang/perl:= )
+	pam? ( virtual/pam )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gnutls? (
+		net-libs/gnutls:0=[pkcs11?]
+		dev-libs/libtasn1
+	)
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	nis? (
+		elibc_glibc? (
+			net-libs/libtirpc
+			>=net-libs/libnsl-1:=
+		)
+	)
+	mysql? ( virtual/libmysqlclient )
+	postgres? ( dev-db/postgresql:= )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+	redis? ( dev-libs/hiredis )
+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+	dmarc? ( mail-filter/opendmarc )
+	srs? ( mail-filter/libsrs_alt )
+	X? (
+		x11-libs/libX11
+		x11-libs/libXmu
+		x11-libs/libXt
+		x11-libs/libXaw
+	)
+	sqlite? ( dev-db/sqlite )
+	radius? ( net-dialup/freeradius-client )
+	virtual/libiconv
+	elibc_glibc? ( net-libs/libnsl )
+	"
+	# added X check for #57206
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/mini-qmail
+	!<mail-mta/msmtp-1.4.19-r1
+	!>=mail-mta/msmtp-1.4.19-r1[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!<mail-mta/ssmtp-2.64-r2
+	!>=mail-mta/ssmtp-2.64-r2[mta]
+	!net-mail/mailwrapper
+	>=net-mail/mailbase-0.00-r5
+	virtual/logger
+	dcc? ( mail-filter/dcc )
+	selinux? ( sec-policy/selinux-exim )
+	"
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+	epatch "${FILESDIR}"/exim-4.14-tail.patch
+	epatch "${FILESDIR}"/exim-4.92-localscan_dlopen.patch
+	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+	epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+	epatch "${FILESDIR}"/exim-4.92-fix-eval-expansion-32bit.patch #687554
+
+	if use maildir ; then
+		epatch "${FILESDIR}"/exim-4.20-maildir.patch
+	else
+		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+	fi
+
+	eapply_user
+
+	# user Exim believes it should be
+	MAILUSER=mail
+	MAILGROUP=mail
+	if use prefix && [[ ${EUID} != 0 ]] ; then
+		MAILUSER=$(id -un)
+		MAILGROUP=$(id -gn)
+	fi
+}
+
+src_configure() {
+	# general config and paths
+
+	sed -i.orig \
+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+		"${S}"/src/configure.default || die
+
+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+		src/EDITME > Local/Makefile
+
+	if use elibc_musl; then
+		sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+		-i OS/Makefile-Linux
+	fi
+
+	cd Local
+
+	cat >> Makefile <<- EOC
+		INFO_DIRECTORY=${EPREFIX}/usr/share/info
+		PID_FILE_PATH=${EPREFIX}/run/exim.pid
+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+		HAVE_ICONV=yes
+	EOC
+
+	# if we use libiconv, now is the time to tell so
+	use !elibc_glibc && use !elibc_musl && \
+		echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+	# support for IPv6
+	if use ipv6; then
+		cat >> Makefile <<- EOC
+			HAVE_IPV6=YES
+		EOC
+	fi
+
+	# support i18n/IDNA
+	if use idn; then
+		cat >> Makefile <<- EOC
+			SUPPORT_I18N=yes
+			SUPPORT_I18N_2008=yes
+			EXTRALIBS_EXIM += -lidn -lidn2
+		EOC
+	fi
+
+	#
+	# mail storage formats
+
+	# mailstore is Exim's traditional storage format
+	cat >> Makefile <<- EOC
+		SUPPORT_MAILSTORE=yes
+	EOC
+
+	# mbox
+	if use mbx; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MBX=yes
+		EOC
+	fi
+
+	# maildir
+	if use maildir; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MAILDIR=yes
+		EOC
+	fi
+
+	#
+	# lookup methods
+
+	# use the "native" interfaces to the DBM and CDB libraries, support
+	# passwd and directory lookups by default
+	local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
+	cat >> Makefile <<- EOC
+		USE_DB=yes
+		CFLAGS+=-I$(db_includedir ${DB_VERS})
+		DBMLIB=-l$(db_libname ${DB_VERS})
+		LOOKUP_CDB=yes
+		LOOKUP_PASSWD=yes
+		LOOKUP_DSEARCH=yes
+	EOC
+
+	if ! use dnsdb; then
+		# DNSDB lookup is enabled by default
+		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+	fi
+
+	if use ldap; then
+		cat >> Makefile <<- EOC
+			LOOKUP_LDAP=yes
+			LDAP_LIB_TYPE=OPENLDAP2
+			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+			LOOKUP_LIBS += -lldap -llber
+		EOC
+	fi
+
+	if use mysql; then
+		cat >> Makefile <<- EOC
+			LOOKUP_MYSQL=yes
+			LOOKUP_INCLUDE += $(mysql_config --include)
+			LOOKUP_LIBS += $(mysql_config --libs)
+		EOC
+	fi
+
+	if use nis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_NIS=yes
+			LOOKUP_NISPLUS=yes
+		EOC
+		if use elibc_glibc ; then
+			cat >> Makefile <<- EOC
+				CFLAGS += -I/usr/include/tirpc
+			EOC
+		fi
+	fi
+
+	if use postgres; then
+		cat >> Makefile <<- EOC
+			LOOKUP_PGSQL=yes
+			LOOKUP_INCLUDE += -I$(pg_config --includedir)
+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+		EOC
+	fi
+
+	if use sqlite; then
+		cat >> Makefile <<- EOC
+			LOOKUP_SQLITE=yes
+			LOOKUP_SQLITE_PC=sqlite3
+		EOC
+	fi
+
+	if use redis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_REDIS=yes
+			LOOKUP_LIBS += -lhiredis
+		EOC
+	fi
+
+	#
+	# Exim monitor, enabled by default, controlled via X USE-flag,
+	# disable if not requested, bug #46778
+	if use X; then
+		cp ../exim_monitor/EDITME eximon.conf || die
+	else
+		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+	fi
+
+	#
+	# features
+
+	# content scanning support
+	if use exiscan-acl; then
+		cat >> Makefile <<- EOC
+			WITH_CONTENT_SCAN=yes
+		EOC
+	fi
+
+	# DomainKeys Identified Mail, RFC4871
+	if ! use dkim; then
+		# DKIM is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_DKIM=yes
+		EOC
+	fi
+
+	# Per-Recipient-Data-Response
+	if ! use prdr; then
+		# PRDR is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_PRDR=yes
+		EOC
+	fi
+
+	# Transport post-delivery actions
+	if use !tpda && use !dane; then
+		# EVENT is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_EVENT=yes
+		EOC
+	fi
+
+	# log to syslog
+	if use syslog; then
+		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=syslog
+		EOC
+	else
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+		EOC
+	fi
+
+	# starttls support (ssl)
+	if use ssl; then
+		echo "SUPPORT_TLS=yes" >> Makefile
+		if use gnutls; then
+			echo "USE_GNUTLS=yes" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls" >> Makefile
+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+		else
+			echo "USE_OPENSSL_PC=openssl" >> Makefile
+		fi
+	fi
+
+	# TCP wrappers
+	if use tcpd; then
+		cat >> Makefile <<- EOC
+			USE_TCP_WRAPPERS=yes
+			EXTRALIBS_EXIM += -lwrap
+		EOC
+	fi
+
+	# Light Mail Transport Protocol
+	if use lmtp; then
+		cat >> Makefile <<- EOC
+			TRANSPORT_LMTP=yes
+		EOC
+	fi
+
+	# embedded Perl
+	if use perl; then
+		cat >> Makefile <<- EOC
+			EXIM_PERL=perl.o
+		EOC
+	fi
+
+	# dlfunc
+	if use dlfunc; then
+		cat >> Makefile <<- EOC
+			EXPAND_DLFUNC=yes
+		EOC
+	fi
+
+	# Proxy Protocol
+	if use proxy; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PROXY=yes
+		EOC
+	fi
+
+	# DANE
+	if use dane; then
+		cat >> Makefile <<- EOC
+			SUPPORT_DANE=yes
+		EOC
+	fi
+
+	# Sender Policy Framework
+	if use spf; then
+		cat >> Makefile <<- EOC
+			SUPPORT_SPF=yes
+			EXTRALIBS_EXIM += -lspf2
+		EOC
+	fi
+
+	#
+	# experimental features
+
+	# Authenticated Receive Chain
+	if use arc; then
+		echo "EXPERIMENTAL_ARC=yes">> Makefile
+	fi
+
+	# Distributed Checksum Clearinghouse
+	if use dcc; then
+		echo "EXPERIMENTAL_DCC=yes">> Makefile
+	fi
+
+	# Sender Rewriting Scheme
+	if use srs; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SRS=yes
+			EXTRALIBS_EXIM += -lsrs_alt
+		EOC
+	fi
+
+	# DMARC
+	if use dmarc; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DMARC=yes
+			EXTRALIBS_EXIM += -lopendmarc
+		EOC
+	fi
+
+	# Delivery Sender Notifications extra information in fail message
+	if use dsn; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DSN_INFO=yes
+		EOC
+	fi
+
+	#
+	# authentication (SMTP AUTH)
+
+	# standard bits
+	cat >> Makefile <<- EOC
+		AUTH_SPA=yes
+		AUTH_CRAM_MD5=yes
+		AUTH_PLAINTEXT=yes
+	EOC
+
+	# Cyrus SASL
+	if use sasl; then
+		cat >> Makefile <<- EOC
+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+			AUTH_CYRUS_SASL=yes
+			AUTH_LIBS += -lsasl2
+		EOC
+	fi
+
+	# Dovecot
+	if use dovecot-sasl; then
+		cat >> Makefile <<- EOC
+			AUTH_DOVECOT=yes
+		EOC
+	fi
+
+	# Pluggable Authentication Modules
+	if use pam; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PAM=yes
+			AUTH_LIBS += -lpam
+		EOC
+	fi
+
+	# Radius
+	if use radius; then
+		cat >> Makefile <<- EOC
+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+			AUTH_LIBS += -lfreeradius-client
+		EOC
+	fi
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+		|| die "make failed"
+}
+
+src_install () {
+	cd "${S}"/build-exim-gentoo || die
+	dosbin exim
+	if use X; then
+		dosbin eximon.bin
+		dosbin eximon
+	fi
+	fperms 4755 /usr/sbin/exim
+
+	dosym exim /usr/sbin/sendmail
+	dosym exim /usr/sbin/rsmtp
+	dosym exim /usr/sbin/rmail
+	dosym ../sbin/exim /usr/bin/mailq
+	dosym ../sbin/exim /usr/bin/newaliases
+	dosym ../sbin/sendmail /usr/lib/sendmail
+
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+		convert4r3 convert4r4 exipick
+	do
+		dosbin $i
+	done
+
+	dodoc "${S}"/doc/*
+	doman "${S}"/doc/exim.8
+	use dsn && dodoc "${S}"/README.DSN
+	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+	# conf files
+	insinto /etc/exim
+	newins "${S}"/src/configure.default exim.conf.dist
+	if use exiscan-acl; then
+		newins "${S}"/src/configure.default exim.conf.exiscan-acl
+	fi
+	doins "${WORKDIR}"/system_filter.exim
+	doins "${FILESDIR}"/auth_conf.sub
+
+	pamd_mimic system-auth exim auth account
+
+	# headers, #436406
+	if use dlfunc ; then
+		# fixup includes so they actually can be found when including
+		sed -i \
+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+			local_scan.h || die
+		insinto /usr/include/exim
+		doins {config,local_scan}.h ../src/{mytypes,store}.h
+	fi
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/exim.logrotate" exim
+
+	newinitd "${FILESDIR}"/exim.rc10 exim
+	newconfd "${FILESDIR}"/exim.confd exim
+
+	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+	keepdir /var/log/${PN}
+}
+
+pkg_postinst() {
+	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+	fi
+	if use dcc ; then
+		einfo "DCC support is experimental, you can find some limited"
+		einfo "documentation at the bottom of this prerelease message:"
+		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+	fi
+	use srs && einfo "SRS support is experimental"
+	if use dmarc ; then
+		einfo "DMARC support is experimental.  See global settings to"
+		einfo "configure DMARC, for usage see the documentation at "
+		einfo "experimental-spec.txt."
+	fi
+	use dsn && einfo "extra information in fail DSN message is experimental"
+	elog "The obsolete acl condition 'demime' is removed, the replacements"
+	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}

diff --git a/mail-mta/exim/files/exim-4.92-fix-eval-expansion-32bit.patch b/mail-mta/exim/files/exim-4.92-fix-eval-expansion-32bit.patch
new file mode 100644
index 00000000000..17d7d21113d
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.92-fix-eval-expansion-32bit.patch
@@ -0,0 +1,51 @@
+Extract from complete patch from
+https://git.exim.org/exim.git/patch/26dd3aa007b3b77969610c031f59388e0953bd00
+to only take the buildconfig.c change because the git directory
+structure is different from a release tarball causing this patch to fail
+otherwise.
+
+From 26dd3aa007b3b77969610c031f59388e0953bd00 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 7 Jun 2019 11:54:10 +0100
+Subject: [PATCH] Fix detection of 32b platform at build time.  Bug 2405
+
+---
+ src/src/buildconfig.c        | 12 +++++---
+ test/scripts/0000-Basic/0002 | 72 +++++++++++++++++++++++---------------------
+ test/stdout/0002             | 72 +++++++++++++++++++++++---------------------
+ 3 files changed, 83 insertions(+), 73 deletions(-)
+
+diff --git a/src/src/buildconfig.c b/src/src/buildconfig.c
+index 71cf97b..a680b34 100644
+--- a/src/src/buildconfig.c
++++ b/src/src/buildconfig.c
+@@ -111,6 +111,7 @@ unsigned long test_ulong_t = 0L;
+ unsigned int test_uint_t = 0;
+ #endif
+ long test_long_t = 0;
++long long test_longlong_t = 0;
+ int test_int_t = 0;
+ FILE *base;
+ FILE *new;
+@@ -155,15 +156,16 @@ This assumption is known to be OK for the common operating systems. */
+ 
+ fprintf(new, "#ifndef OFF_T_FMT\n");
+ if (sizeof(test_off_t) > sizeof(test_long_t))
+-  {
+   fprintf(new, "# define OFF_T_FMT  \"%%lld\"\n");
+-  fprintf(new, "# define LONGLONG_T long long int\n");
+-  }
+ else
+-  {
+   fprintf(new, "# define OFF_T_FMT  \"%%ld\"\n");
++fprintf(new, "#endif\n\n");
++
++fprintf(new, "#ifndef LONGLONG_T\n");
++if (sizeof(test_longlong_t) > sizeof(test_long_t))
++  fprintf(new, "# define LONGLONG_T long long int\n");
++else
+   fprintf(new, "# define LONGLONG_T long int\n");
+-  }
+ fprintf(new, "#endif\n\n");
+ 
+ /* Now do the same thing for time_t variables. If the length is greater than


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2019-08-02  6:44 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2019-08-02  6:44 UTC (permalink / raw
  To: gentoo-commits

commit:     e4104b9c4bd8cbaba4712e6a8d4e6c8d120ba5c0
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Aug  2 06:42:47 2019 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Aug  2 06:42:47 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4104b9c

mail-mta/exim: cleanup vulnerable CVE-2019-10149

Bug: https://bugs.gentoo.org/687336
Package-Manager: Portage-2.3.66, Repoman-2.3.16
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 mail-mta/exim/Manifest                             |   2 -
 mail-mta/exim/exim-4.91-r2.ebuild                  | 561 ---------------------
 .../exim/files/exim-4.74-localscan_dlopen.patch    | 262 ----------
 3 files changed, 825 deletions(-)

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index c666f92c515..92f89a8e4ee 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,7 +1,5 @@
-DIST exim-4.91.tar.xz 1744660 BLAKE2B 8d50a709def02a52f8e76a16fcf51a4fc7e553217d5513a361aa780f58bff336a9ab90d8683e3841a074f54f3c75f2f77bf1a353a849be1207bffdd5fb6e4c51 SHA512 35b34dda8dd0f27c0429e6eb8409756ecd3cf9e535bac421d696b1560db0ff3bf4cd0e4a00bc0b7e32137d31bb5de20776c7c1830ec125aa36b5c4376b0c71a2
 DIST exim-4.92.1.tar.xz 1767976 BLAKE2B fb5bdb8762f16e30c43c7899e5fb5b459bb5e910458f970d20a5cb26cdde842d87a1f8150e4c0f9e931fa277e2f33a0fb8a6d478b5bf871d03a12ebd06c36d67 SHA512 fd43448db0aa5139f8b459322b95e258f232ac8a4bf21a19099c7768329ec20c344c4e0d8dd2e98c33a192a5f97d7666a746de2c87bdfb8da42c625c985d7e05
 DIST exim-4.92.tar.xz 1767136 BLAKE2B 6c97578807073a782112218c65de460cc94f046d807eddc7330f2f67266c0ef341ded61050a16aca13c88e606a923a9e08033c8bfb618a7ef34b3d2ea6db32ca SHA512 62c327e6184a358ba7f0dbc38b44d2537234be91727a5bfac97e74af64a8d77e376b3221dcfdd8f6eca7d812f9233595503dc6e50e2972bed40a1b74eb209c31
-DIST exim-pdf-4.91.tar.xz 1973672 BLAKE2B 0b9e3f65c8e8a5f727dd4359d1c5c6c867c0ecfce3b44763d5a24f2d98353bc58c42456e9884994f404d17685909ea287a478189407ba8e7835352274c788980 SHA512 82add9b42749b6d938ff3b44a4dea3dfe84bcb2a1efea8a32b64d81a9ea312033d33023b5c224a44a2c053b18f9042bd1f2834847cf48873d1725a5594704a12
 DIST exim-pdf-4.92.1.tar.xz 2038948 BLAKE2B 6624fb8930944f79e0c7e52a001727cfcff508ac69cb4107247201b8598d6e223cac7c7eda14c3102d0eabc151a547b6cc5ef11a6c4a830f31dfd88e24907c1d SHA512 437b868cd7dedae59e32b9245c8c1ca3375605eb4911846bc3508b627acf32c99bda644b3c3e84eb539a39b3c2cc4f83314eebe55160b3da617ccaec2f1623a2
 DIST exim-pdf-4.92.tar.xz 2038812 BLAKE2B d5966a27f980a2ceb31293d92049a6691a08262bd20ae7315f41929f0d7a45b5d66c7000f9596b193e74d0c17f91c56a3262602047673c49649f1cad6b216547 SHA512 3a40818025fceaa7ac17f8e7ce06a61e3cf65267c821aea93e1a1a659782b047ab177b88a38c9b2271c0a296e1dc7939e23fe0f89415a11cd45693cb8af10c15
 DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3

diff --git a/mail-mta/exim/exim-4.91-r2.ebuild b/mail-mta/exim/exim-4.91-r2.ebuild
deleted file mode 100644
index cf587588b81..00000000000
--- a/mail-mta/exim/exim-4.91-r2.ebuild
+++ /dev/null
@@ -1,561 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit db-use eutils toolchain-funcs multilib pam systemd
-
-IUSE="arc dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn elibc_glibc exiscan-acl gnutls idn ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd +tpda X"
-REQUIRED_USE="
-	arc? ( dkim spf )
-	dane? ( ssl !gnutls )
-	dmarc? ( dkim spf )
-	gnutls? ( ssl )
-	pkcs11? ( ssl )
-	spf? ( exiscan-acl )
-	srs? ( exiscan-acl )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else.  Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
-# incorrect, but b) is the only "correct" view from repoman.
-
-COMM_URI="https://downloads.exim.org/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.xz
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.xz )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd ~x86-solaris"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
-	dev-libs/libpcre
-	idn? ( net-dns/libidn:= net-dns/libidn2:= )
-	perl? ( dev-lang/perl:= )
-	pam? ( virtual/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	gnutls? (
-		net-libs/gnutls:0=[pkcs11?]
-		dev-libs/libtasn1
-	)
-	ldap? ( >=net-nds/openldap-2.0.7 )
-	nis? (
-		elibc_glibc? (
-			net-libs/libtirpc
-			>=net-libs/libnsl-1:=
-		)
-	)
-	mysql? ( virtual/libmysqlclient )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc )
-	srs? ( mail-filter/libsrs_alt )
-	X? (
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/freeradius-client )
-	virtual/libiconv
-	elibc_glibc? ( net-libs/libnsl )
-	"
-	# added X check for #57206
-DEPEND="${COMMON_DEPEND}
-	virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/mini-qmail
-	!<mail-mta/msmtp-1.4.19-r1
-	!>=mail-mta/msmtp-1.4.19-r1[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/qmail-ldap
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!<mail-mta/ssmtp-2.64-r2
-	!>=mail-mta/ssmtp-2.64-r2[mta]
-	!net-mail/mailwrapper
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
-	epatch "${FILESDIR}"/exim-4.14-tail.patch
-	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
-	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
-	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
-	epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
-	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
-	if use maildir ; then
-		epatch "${FILESDIR}"/exim-4.20-maildir.patch
-	else
-		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	eapply_user
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	sed -i.orig \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
-		"${S}"/src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
-		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile
-
-	if use elibc_musl; then
-		sed -e 's/^LIBS = -lnsl/LIBS =/g' \
-		-i OS/Makefile-Linux
-	fi
-
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-	EOC
-
-	# if we use libiconv, now is the time to tell so
-	use !elibc_glibc && use !elibc_musl && \
-		echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	# support i18n/IDNA
-	if use idn; then
-		cat >> Makefile <<- EOC
-			SUPPORT_I18N=yes
-			SUPPORT_I18N_2008=yes
-			EXTRALIBS_EXIM += -lidn -lidn2
-		EOC
-	fi
-
-	#
-	# mail storage formats
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-
-	# use the "native" interfaces to the DBM and CDB libraries, support
-	# passwd and directory lookups by default
-	local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
-	cat >> Makefile <<- EOC
-		USE_DB=yes
-		CFLAGS+=-I$(db_includedir ${DB_VERS})
-		DBMLIB=-l$(db_libname ${DB_VERS})
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-		if use elibc_glibc ; then
-			cat >> Makefile <<- EOC
-				CFLAGS += -I/usr/include/tirpc
-			EOC
-		fi
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	#
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-	else
-		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
-	fi
-
-	#
-	# features
-
-	# content scanning support
-	if use exiscan-acl; then
-		cat >> Makefile <<- EOC
-			WITH_CONTENT_SCAN=yes
-		EOC
-	fi
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use !tpda && use !dane; then
-		# EVENT is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_EVENT=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		echo "SUPPORT_TLS=yes" >> Makefile
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls" >> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PROXY=yes
-		EOC
-	fi
-
-	# DANE
-	if use dane; then
-		cat >> Makefile <<- EOC
-			SUPPORT_DANE=yes
-		EOC
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	#
-	# experimental features
-
-	# Authenticated Receive Chain
-	if use arc; then
-		echo "EXPERIMENTAL_ARC=yes">> Makefile
-	fi
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_SRS=yes
-			EXTRALIBS_EXIM += -lsrs_alt
-		EOC
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Delivery Sender Notifications extra information in fail message
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN_INFO=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
-			AUTH_LIBS += -lfreeradius-client
-		EOC
-	fi
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
-		|| die "make failed"
-}
-
-src_install () {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym ../sbin/exim /usr/bin/mailq
-	dosym ../sbin/exim /usr/bin/newaliases
-	dosym ../sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc "${S}"/doc/*
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	if use exiscan-acl; then
-		newins "${S}"/src/configure.default exim.conf.exiscan-acl
-	fi
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	pamd_mimic system-auth exim auth account
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc10 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
-		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	use srs && einfo "SRS support is experimental"
-	if use dmarc ; then
-		einfo "DMARC support is experimental.  See global settings to"
-		einfo "configure DMARC, for usage see the documentation at "
-		einfo "experimental-spec.txt."
-	fi
-	use dsn && einfo "extra information in fail DSN message is experimental"
-	elog "The obsolete acl condition 'demime' is removed, the replacements"
-	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
-}

diff --git a/mail-mta/exim/files/exim-4.74-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.74-localscan_dlopen.patch
deleted file mode 100644
index 3bb57c1637c..00000000000
--- a/mail-mta/exim/files/exim-4.74-localscan_dlopen.patch
+++ /dev/null
@@ -1,262 +0,0 @@
-diff -Naur exim-4.32/src/EDITME exim-4.32-dlopen/src/EDITME
---- src/EDITME	2004-04-15 08:27:01.000000000 +0000
-+++ src/EDITME	2004-05-06 16:15:47.000000000 +0000
-@@ -505,6 +505,24 @@
- 
- 
- #------------------------------------------------------------------------------
-+# On systems which support dynamic loading of shared libraries, Exim can
-+# load a local_scan function specified in its config file instead of having
-+# to be recompiled with the desired local_scan function. For a full
-+# description of the API to this function, see the Exim specification.
-+
-+DLOPEN_LOCAL_SCAN=yes
-+
-+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
-+# linker flags.  Without it, the loaded .so won't be able to access any
-+# functions from exim.
-+
-+LFLAGS = -rdynamic
-+ifeq ($(OSTYPE),Linux)
-+LFLAGS += -ldl
-+endif
-+
-+
-+#------------------------------------------------------------------------------
- # The default distribution of Exim contains only the plain text form of the
- # documentation. Other forms are available separately. If you want to install
- # the documentation in "info" format, first fetch the Texinfo documentation
-diff -Naur exim-4.32/src/config.h.defaults exim-4.32-dlopen/src/config.h.defaults
---- src/config.h.defaults	2004-04-15 08:27:01.000000000 +0000
-+++ src/config.h.defaults	2004-05-06 16:16:30.000000000 +0000
-@@ -20,6 +20,8 @@
- #define AUTH_PLAINTEXT
- #define AUTH_SPA
- 
-+#define DLOPEN_LOCAL_SCAN
-+
- #define BIN_DIRECTORY
- 
- #define CONFIGURE_FILE
-diff -Naur exim-4.32/src/globals.c exim-4.32-dlopen/src/globals.c
---- src/globals.c	2004-04-15 08:27:01.000000000 +0000
-+++ src/globals.c	2004-05-06 16:17:07.000000000 +0000
-@@ -109,6 +109,10 @@
- uschar *tls_verify_hosts       = NULL;
- #endif
- 
-+#ifdef DLOPEN_LOCAL_SCAN
-+uschar *local_scan_path        = NULL;
-+#endif
-+
- 
- /* Input-reading functions for messages, so we can use special ones for
- incoming TCP/IP. The defaults use stdin. We never need these for any
-diff -Naur exim-4.32/src/globals.h exim-4.32-dlopen/src/globals.h
---- src/globals.h	2004-04-15 08:27:01.000000000 +0000
-+++ src/globals.h	2004-05-06 16:17:50.000000000 +0000
-@@ -73,6 +73,9 @@
- extern uschar *tls_verify_hosts;       /* Mandatory client verification */
- #endif
- 
-+#ifdef DLOPEN_LOCAL_SCAN
-+extern uschar *local_scan_path;        /* Path to local_scan() library */
-+#endif
- 
- /* Input-reading functions for messages, so we can use special ones for
- incoming TCP/IP. */
-diff -Naur exim-4.32/src/local_scan.c exim-4.32-dlopen/src/local_scan.c
---- src/local_scan.c	2004-04-15 08:27:01.000000000 +0000
-+++ src/local_scan.c	2004-05-06 16:21:57.000000000 +0000
-@@ -5,60 +5,131 @@
- /* Copyright (c) University of Cambridge 1995 - 2004 */
- /* See the file NOTICE for conditions of use and distribution. */
- 
-+#include "exim.h"
- 
--/******************************************************************************
--This file contains a template local_scan() function that just returns ACCEPT.
--If you want to implement your own version, you should copy this file to, say
--Local/local_scan.c, and edit the copy. To use your version instead of the
--default, you must set
--
--LOCAL_SCAN_SOURCE=Local/local_scan.c
--
--in your Local/Makefile. This makes it easy to copy your version for use with
--subsequent Exim releases.
--
--For a full description of the API to this function, see the Exim specification.
--******************************************************************************/
--
--
--/* This is the only Exim header that you should include. The effect of
--including any other Exim header is not defined, and may change from release to
--release. Use only the documented interface! */
--
--#include "local_scan.h"
--
--
--/* This is a "do-nothing" version of a local_scan() function. The arguments
--are:
--
--  fd             The file descriptor of the open -D file, which contains the
--                   body of the message. The file is open for reading and
--                   writing, but modifying it is dangerous and not recommended.
--
--  return_text    A pointer to an unsigned char* variable which you can set in
--                   order to return a text string. It is initialized to NULL.
--
--The return values of this function are:
--
--  LOCAL_SCAN_ACCEPT
--                 The message is to be accepted. The return_text argument is
--                   saved in $local_scan_data.
--
--  LOCAL_SCAN_REJECT
--                 The message is to be rejected. The returned text is used
--                   in the rejection message.
--
--  LOCAL_SCAN_TEMPREJECT
--                 This specifies a temporary rejection. The returned text
--                   is used in the rejection message.
--*/
-+#ifdef DLOPEN_LOCAL_SCAN
-+#include <dlfcn.h>
-+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
-+static int load_local_scan_library(void);
-+#endif
- 
- int
- local_scan(int fd, uschar **return_text)
- {
- fd = fd;                      /* Keep picky compilers happy */
- return_text = return_text;
--return LOCAL_SCAN_ACCEPT;
-+#ifdef DLOPEN_LOCAL_SCAN
-+/* local_scan_path is defined AND not the empty string */
-+if (local_scan_path && *local_scan_path)
-+  {
-+  if (!local_scan_fn)
-+    {
-+    if (!load_local_scan_library())
-+      {
-+        char *base_msg , *error_msg , *final_msg ;
-+        int final_length = -1 ;
-+
-+        base_msg=US"Local configuration error - local_scan() library failure\n";
-+        error_msg = dlerror() ;
-+
-+        final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
-+        final_msg = (char*)malloc( final_length*sizeof(char) ) ;
-+        *final_msg = '\0' ;
-+
-+        strcat( final_msg , base_msg ) ;
-+        strcat( final_msg , error_msg ) ;
-+
-+        *return_text = final_msg ;
-+      return LOCAL_SCAN_TEMPREJECT;
-+      }
-+    }
-+    return local_scan_fn(fd, return_text);
-+  }
-+else
-+#endif
-+  return LOCAL_SCAN_ACCEPT;
-+}
-+
-+#ifdef DLOPEN_LOCAL_SCAN
-+
-+static int load_local_scan_library(void)
-+{
-+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
-+void *local_scan_lib = NULL;
-+int (*local_scan_version_fn)(void);
-+int vers_maj;
-+int vers_min;
-+
-+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
-+if (!local_scan_lib)
-+  {
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
-+    "message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
-+if (!local_scan_version_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan_version_major() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+/* The major number is increased when the ABI is changed in a non
-+   backward compatible way. */
-+vers_maj = local_scan_version_fn();
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
-+if (!local_scan_version_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan_version_minor() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+/* The minor number is increased each time a new feature is added (in a
-+   way that doesn't break backward compatibility) -- Marc */
-+vers_min = local_scan_version_fn();
-+
-+
-+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
-+  {
-+  dlclose(local_scan_lib);
-+  local_scan_lib = NULL;
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
-+    "version number, you need to recompile your module for this version"
-+    "of exim (The module was compiled for version %d.%d and this exim provides"
-+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+    LOCAL_SCAN_ABI_VERSION_MINOR);
-+  return FALSE;
-+  }
-+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
-+  {
-+  dlclose(local_scan_lib);
-+  local_scan_lib = NULL;
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
-+    "version number, you need to recompile your module for this version"
-+    "of exim (The module was compiled for version %d.%d and this exim provides"
-+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+    LOCAL_SCAN_ABI_VERSION_MINOR);
-+  return FALSE;
-+  }
-+
-+local_scan_fn = dlsym(local_scan_lib, "local_scan");
-+if (!local_scan_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+return TRUE;
- }
- 
-+#endif /* DLOPEN_LOCAL_SCAN */
-+
- /* End of local_scan.c */
-diff -Naur exim-4.32/src/readconf.c exim-4.32-dlopen/src/readconf.c
---- src/readconf.c	2004-04-15 08:27:01.000000000 +0000
-+++ src/readconf.c	2004-05-06 16:23:12.000000000 +0000
-@@ -223,6 +223,9 @@
-   { "local_from_prefix",        opt_stringptr,   &local_from_prefix },
-   { "local_from_suffix",        opt_stringptr,   &local_from_suffix },
-   { "local_interfaces",         opt_stringptr,   &local_interfaces },
-+#ifdef DLOPEN_LOCAL_SCAN
-+  { "local_scan_path",          opt_stringptr,   &local_scan_path },
-+#endif
-   { "local_scan_timeout",       opt_time,        &local_scan_timeout },
-   { "local_sender_retain",      opt_bool,        &local_sender_retain },
-   { "localhost_number",         opt_stringptr,   &host_number_string },


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2020-05-09  9:57 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2020-05-09  9:57 UTC (permalink / raw
  To: gentoo-commits

commit:     631b045c07527ab0ca4d4d585c56faa3855187fe
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sat May  9 09:57:23 2020 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sat May  9 09:57:38 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=631b045c

mail-mta/exim-4.93.0.4: fix compilation with certain USE-combinations

- fix localscan compilation
- fix nis compilation
- refine DB includes to lookup only
- fix radius compilation

Closes: https://bugs.gentoo.org/720364
Closes: https://bugs.gentoo.org/720362
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 mail-mta/exim/exim-4.93.0.4.ebuild                 |  8 ++-
 .../exim/files/exim-4.93-localscan_dlopen.patch    |  4 +-
 mail-mta/exim/files/exim-4.93-radius.patch         | 66 ++++++++++++++++++++++
 3 files changed, 74 insertions(+), 4 deletions(-)

diff --git a/mail-mta/exim/exim-4.93.0.4.ebuild b/mail-mta/exim/exim-4.93.0.4.ebuild
index a7ac64a9ffb..6e787039465 100644
--- a/mail-mta/exim/exim-4.93.0.4.ebuild
+++ b/mail-mta/exim/exim-4.93.0.4.ebuild
@@ -114,6 +114,7 @@ src_prepare() {
 	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
 	eapply     "${FILESDIR}"/exim-4.93-localscan_dlopen.patch
+	eapply -p2 "${FILESDIR}"/exim-4.93-radius.patch # 720364
 
 	if use maildir ; then
 		eapply "${FILESDIR}"/exim-4.20-maildir.patch
@@ -219,11 +220,11 @@ src_configure() {
 	local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
 	cat >> Makefile <<- EOC
 		USE_DB=yes
-		CFLAGS+=-I$(db_includedir ${DB_VERS})
-		DBMLIB=-l$(db_libname ${DB_VERS})
 		LOOKUP_CDB=yes
 		LOOKUP_PASSWD=yes
 		LOOKUP_DSEARCH=yes
+		LOOKUP_INCLUDE += -I$(db_includedir ${DB_VERS})
+		DBMLIB = -l$(db_libname ${DB_VERS})
 	EOC
 
 	if ! use dnsdb; then
@@ -255,7 +256,8 @@ src_configure() {
 		EOC
 		if use elibc_glibc ; then
 			cat >> Makefile <<- EOC
-				CFLAGS += -I"${EPREFIX}"/usr/include/tirpc
+				LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
+				LOOKUP_LIBS += -lnsl
 			EOC
 		fi
 	fi

diff --git a/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch
index d2a5e63128a..0d016dbeb26 100644
--- a/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch
+++ b/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch
@@ -72,7 +72,7 @@ Only in exim-4.92/src: globals.h.orig
 diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
 --- exim-4.92.orig/src/local_scan.c	2019-01-30 14:59:52.000000000 +0100
 +++ exim-4.92/src/local_scan.c	2019-02-16 18:29:56.832732592 +0100
-@@ -5,61 +5,131 @@
+@@ -5,61 +5,133 @@
  /* Copyright (c) University of Cambridge 1995 - 2009 */
  /* See the file NOTICE for conditions of use and distribution. */
  
@@ -126,9 +126,11 @@ diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
 -                   is used in the rejection message.
 -*/
 +#ifdef DLOPEN_LOCAL_SCAN
++#include <stdlib.h>
 +#include <dlfcn.h>
 +static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
 +static int load_local_scan_library(void);
++extern uschar *local_scan_path;        /* Path to local_scan() library */
 +#endif
  
  int

diff --git a/mail-mta/exim/files/exim-4.93-radius.patch b/mail-mta/exim/files/exim-4.93-radius.patch
new file mode 100644
index 00000000000..55c52bee561
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.93-radius.patch
@@ -0,0 +1,66 @@
+From 70b28b113e21d21a528876c3abe88ccb5f7cc77d Mon Sep 17 00:00:00 2001
+From: Fabian Groffen <grobian@gentoo.org>
+Date: Sat, 9 May 2020 11:35:12 +0200
+Subject: [PATCH] call_radius: fix compilation due to incorrect usage of
+ string_sprintf
+
+Since f3ebb786e451da973560f1c9d8cdb151d25108b5, string_sprintf cannot be
+used without arguments any more, so use US directly.
+
+While at it, also make newline usage consistent to not return a newline
+in errptr, when it is debug-printed, a newline is added.
+
+https://bugs.gentoo.org/720364
+
+Signed-off-by: Fabian Groffen <grobian@gentoo.org>
+---
+ src/src/auths/call_radius.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c
+index c3637436d..253fd75cd 100644
+--- a/src/src/auths/call_radius.c
++++ b/src/src/auths/call_radius.c
+@@ -115,16 +115,16 @@ if (rc_read_config(RADIUS_CONFIG_FILE) != 0)
+   *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
+ 
+ else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
+-  *errptr = string_sprintf("RADIUS: can't read dictionary");
++  *errptr = US("RADIUS: can't read dictionary");
+ 
+ else if (rc_avpair_add(&send, PW_USER_NAME, user, 0) == NULL)
+-  *errptr = string_sprintf("RADIUS: add user name failed\n");
++  *errptr = US("RADIUS: add user name failed");
+ 
+ else if (rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0) == NULL)
+-  *errptr = string_sprintf("RADIUS: add password failed\n");
++  *errptr = US("RADIUS: add password failed");
+ 
+ else if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0) == NULL)
+-  *errptr = string_sprintf("RADIUS: add service type failed\n");
++  *errptr = US("RADIUS: add service type failed");
+ 
+ #else  /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */
+ 
+@@ -132,17 +132,17 @@ if ((h = rc_read_config(RADIUS_CONFIG_FILE)) == NULL)
+   *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
+ 
+ else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0)
+-  *errptr = string_sprintf("RADIUS: can't read dictionary");
++  *errptr = US("RADIUS: can't read dictionary");
+ 
+ else if (rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0) == NULL)
+-  *errptr = string_sprintf("RADIUS: add user name failed\n");
++  *errptr = US("RADIUS: add user name failed");
+ 
+ else if (rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args,
+     Ustrlen(radius_args), 0) == NULL)
+-  *errptr = string_sprintf("RADIUS: add password failed\n");
++  *errptr = US("RADIUS: add password failed");
+ 
+ else if (rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0) == NULL)
+-  *errptr = string_sprintf("RADIUS: add service type failed\n");
++  *errptr = US("RADIUS: add service type failed");
+ 
+ #endif  /* RADIUS_LIB_RADIUSCLIENT */
+ 


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2020-05-13  7:45 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2020-05-13  7:45 UTC (permalink / raw
  To: gentoo-commits

commit:     1468afd12e683a61448e2ff58c47e54715f0ff29
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed May 13 07:44:37 2020 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed May 13 07:45:13 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1468afd1

mail-mta/exim-4.93.0.4-r1: revbump for CVE-2020-12783

Bug: https://bugs.gentoo.org/722484
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 ...xim-4.93.0.4.ebuild => exim-4.93.0.4-r1.ebuild} |  1 +
 mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch | 83 ++++++++++++++++++++++
 2 files changed, 84 insertions(+)

diff --git a/mail-mta/exim/exim-4.93.0.4.ebuild b/mail-mta/exim/exim-4.93.0.4-r1.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.93.0.4.ebuild
rename to mail-mta/exim/exim-4.93.0.4-r1.ebuild
index ae3fd4019c8..714de0e7045 100644
--- a/mail-mta/exim/exim-4.93.0.4.ebuild
+++ b/mail-mta/exim/exim-4.93.0.4-r1.ebuild
@@ -115,6 +115,7 @@ src_prepare() {
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
 	eapply     "${FILESDIR}"/exim-4.93-localscan_dlopen.patch
 	eapply -p2 "${FILESDIR}"/exim-4.93-radius.patch # 720364
+	eapply     "${FILESDIR}"/exim-4.93-CVE-2020-12783.patch # 722484
 
 	if use maildir ; then
 		eapply "${FILESDIR}"/exim-4.20-maildir.patch

diff --git a/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch b/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch
new file mode 100644
index 00000000000..c957d5541e4
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch
@@ -0,0 +1,83 @@
+auths/spa: fix for CVE-2020-12783
+
+This is a combined patch of git commits:
+
+57aa14b216432be381b6295c312065b2fd034f86
+a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
+
+leaving out whitespace noise for a smaller patch
+and made it apply to the 4.93 release
+
+modified paths because Exim dists differ in layout from the git repo
+
+Fix SPA authenticator, checking client-supplied data before using it.  Bug 2571
+Rework SPA fix to avoid overflows.  Bug 2571
+
+
+--- a/src/auths/auth-spa.c
++++ b/src/auths/auth-spa.c
+@@ -405,7 +405,7 @@ int
+ /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */
+ {
+   int len = 0;
+-  register uschar digit1, digit2, digit3, digit4;
++  uschar digit1, digit2, digit3, digit4;
+ 
+   if (in[0] == '+' && in[1] == ' ')
+     in += 2;
+--- a/src/auths/spa.c
++++ b/src/auths/spa.c
+@@ -139,7 +139,8 @@ SPAAuthChallenge challenge;
+ SPAAuthResponse  response;
+ SPAAuthResponse  *responseptr = &response;
+ uschar msgbuf[2048];
+-uschar *clearpass;
++uschar *clearpass, *s;
++unsigned off;
+ 
+ /* send a 334, MS Exchange style, and grab the client's request,
+ unless we already have it via an initial response. */
+@@ -194,9 +195,19 @@ that causes failure if the size of msgbuf is exceeded. ****/
+ 
+   {
+   int i;
+-  char *p = ((char*)responseptr) + IVAL(&responseptr->uUser.offset,0);
++  char * p;
+   int len = SVAL(&responseptr->uUser.len,0)/2;
+ 
++  if (  (off = IVAL(&responseptr->uUser.offset,0)) >= sizeof(SPAAuthResponse)
++     || len >= sizeof(responseptr->buffer)/2
++     || (p = (CS responseptr) + off) + len*2 >= CS (responseptr+1)
++     )
++    {
++    DEBUG(D_auth)
++      debug_printf("auth_spa_server(): bad uUser spec in response\n");
++    return FAIL;
++    }
++
+   if (len + 1 >= sizeof(msgbuf)) return FAIL;
+   for (i = 0; i < len; ++i)
+     {
+@@ -245,12 +256,16 @@ spa_smb_nt_encrypt(clearpass, challenge.challengeData, ntRespData);
+ 
+ /* compare NT hash (LM may not be available) */
+ 
+-if (memcmp(ntRespData,
+-      ((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
+-      24) == 0)
+-  /* success. we have a winner. */
+-  {
++off = IVAL(&responseptr->ntResponse.offset,0);
++if (off >= sizeof(SPAAuthResponse) - 24)
++  {
++  DEBUG(D_auth)
++    debug_printf("auth_spa_server(): bad ntRespData spec in response\n");
++  return FAIL;
++  }
++s = (US responseptr) + off;
++
++if (memcmp(ntRespData, s, 24) == 0)
+   return auth_check_serv_cond(ablock);
+-  }
+ 
+   /* Expand server_condition as an authorization check (PH) */


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2020-06-08  8:06 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2020-06-08  8:06 UTC (permalink / raw
  To: gentoo-commits

commit:     6a18f75bc0b98b1bc66844c82d5eee10eac9dfd7
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  8 08:05:57 2020 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Jun  8 08:06:10 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a18f75b

mail-mta/exim-4.94-r1: fix PAM expansion, bug #727310

Closes: https://bugs.gentoo.org/727310
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 .../exim/{exim-4.94.ebuild => exim-4.94-r1.ebuild} |  1 +
 .../exim/files/exim-4.94-taint-pam-expansion.patch | 35 ++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/mail-mta/exim/exim-4.94.ebuild b/mail-mta/exim/exim-4.94-r1.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.94.ebuild
rename to mail-mta/exim/exim-4.94-r1.ebuild
index cc977b34b9a..52358f32bef 100644
--- a/mail-mta/exim/exim-4.94.ebuild
+++ b/mail-mta/exim/exim-4.94-r1.ebuild
@@ -114,6 +114,7 @@ src_prepare() {
 	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
 	eapply     "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
+	eapply -p2 "${FILESDIR}"/exim-4.94-taint-pam-expansion.patch # drop on NR
 
 	if use maildir ; then
 		eapply "${FILESDIR}"/exim-4.94-maildir.patch

diff --git a/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch b/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch
new file mode 100644
index 00000000000..81863d340ed
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch
@@ -0,0 +1,35 @@
+From f7f933a199be8bb7362c715e0040545b514cddca Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 2 Jun 2020 14:50:31 +0100
+Subject: [PATCH] Taint: fix pam expansion condition.  Bug 2587
+
+---
+ doc/doc-txt/ChangeLog    | 5 +++++
+ src/src/auths/call_pam.c | 5 ++---
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+modified for gentoo so the patch applies by dropping Changelog part
+
+diff --git a/src/src/auths/call_pam.c b/src/src/auths/call_pam.c
+index 2959cbbf3..80bb23ec3 100644
+--- a/src/src/auths/call_pam.c
++++ b/src/src/auths/call_pam.c
+@@ -83,8 +83,7 @@ for (int i = 0; i < num_msg; i++)
+     {
+     case PAM_PROMPT_ECHO_ON:
+     case PAM_PROMPT_ECHO_OFF:
+-      arg = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size);
+-      if (!arg)
++      if (!(arg = string_nextinlist(&pam_args, &sep, NULL, 0)))
+ 	{
+ 	arg = US"";
+ 	pam_arg_ended = TRUE;
+@@ -155,7 +154,7 @@ pam_arg_ended = FALSE;
+ fail. PAM doesn't support authentication with an empty user (it prompts for it,
+ causing a potential mis-interpretation). */
+ 
+-user = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size);
++user = string_nextinlist(&pam_args, &sep, NULL, 0);
+ if (user == NULL || user[0] == 0) return FAIL;
+ 
+ /* Start off PAM interaction */


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2022-10-19  9:20 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2022-10-19  9:20 UTC (permalink / raw
  To: gentoo-commits

commit:     c1ee45f74e9ab5f27b279d1a604f6dc71f7685b7
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 19 09:18:29 2022 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Oct 19 09:20:50 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1ee45f7

mail-mta/exim-4.94.2-r10: revbump to fix compilation with exiscan

The CVE patch broke compilation when content scanning is not enabled.
Ensure the regex_vars_clear function is always built.

Closes: https://bugs.gentoo.org/877633
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 ...xim-4.94.2-r9.ebuild => exim-4.94.2-r10.ebuild} |  0
 mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch  | 28 ++++++++++------------
 2 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/mail-mta/exim/exim-4.94.2-r9.ebuild b/mail-mta/exim/exim-4.94.2-r10.ebuild
similarity index 100%
rename from mail-mta/exim/exim-4.94.2-r9.ebuild
rename to mail-mta/exim/exim-4.94.2-r10.ebuild

diff --git a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch b/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
index 9617c70d9e57..8793514b8fb7 100644
--- a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
+++ b/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
@@ -50,21 +50,6 @@ Subject: [PATCH 1/1] Fix $regex<n> use-after-free.  Bug 2915
  #endif
 --- exim-4.94.2/src/regex.c	2021-04-30 14:08:21.000000000 +0200
 +++ exim-4.94.2/src/regex.c	2022-10-19 09:35:03.229084750 +0200
-@@ -87,6 +87,14 @@
- return FAIL;
- }
- 
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
- int
- regex(const uschar **listptr)
- {
 @@ -98,7 +106,7 @@
  int ret = FAIL;
  
@@ -84,6 +69,19 @@ Subject: [PATCH 1/1] Fix $regex<n> use-after-free.  Bug 2915
  
  /* precompile our regexes */
  if (!(re_list_head = compile(*listptr)))
+@@ -213,3 +205,12 @@
+ }
+ 
+ #endif /* WITH_CONTENT_SCAN */
++
++/* reset expansion variables */
++void
++regex_vars_clear(void)
++{
++regex_match_string = NULL;
++for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
++}
++
 --- exim-4.94.2/src/smtp_in.c	2021-04-30 14:08:21.000000000 +0200
 +++ exim-4.94.2/src/smtp_in.c	2022-10-19 09:15:58.613447975 +0200
 @@ -2161,8 +2161,10 @@


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-01-03 10:22 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-01-03 10:22 UTC (permalink / raw
  To: gentoo-commits

commit:     d4637e8d3a6d78bfb956570ddf9b03236f3620c0
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Tue Jan  3 10:22:20 2023 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Tue Jan  3 10:22:20 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4637e8d

mail-mta/exim-4.94.2-r12: update openssl-3 patches

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 ...im-4.94.2-r11.ebuild => exim-4.94.2-r12.ebuild} |   2 +-
 mail-mta/exim/files/exim-4.94.2-openssl3.patch     | 306 ++++++++++++++++++++-
 2 files changed, 303 insertions(+), 5 deletions(-)

diff --git a/mail-mta/exim/exim-4.94.2-r11.ebuild b/mail-mta/exim/exim-4.94.2-r12.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.94.2-r11.ebuild
rename to mail-mta/exim/exim-4.94.2-r12.ebuild
index 352ae0cdcd7e..a347cf1581f6 100644
--- a/mail-mta/exim/exim-4.94.2-r11.ebuild
+++ b/mail-mta/exim/exim-4.94.2-r12.ebuild
@@ -122,7 +122,7 @@ src_prepare() {
 	eapply     "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
 	eapply     "${FILESDIR}"/exim-4.94.2-fix-crash-resolve.patch # 799368 upstr
 	eapply     "${FILESDIR}"/exim-4.94-CVE-2022-3559.patch  # 877607 upstr
-	eapply     "${FILESDIR}"/exim-4.94.2-openssl3.patch # 888619 backport
+	eapply     "${FILESDIR}"/exim-4.94.2-openssl3.patch # 888619 backports
 
 	# for this reason we have a := dep on opendmarc, they changed their
 	# API in a minor release

diff --git a/mail-mta/exim/files/exim-4.94.2-openssl3.patch b/mail-mta/exim/files/exim-4.94.2-openssl3.patch
index d1102aac8bfa..f9758515bef1 100644
--- a/mail-mta/exim/files/exim-4.94.2-openssl3.patch
+++ b/mail-mta/exim/files/exim-4.94.2-openssl3.patch
@@ -1,13 +1,34 @@
-Based on original commit, but applied to 4.94.2 tarball.
+Original commits from upstream applied to 4.94.2 release tarball
+
+From a5d79c99f4948d9fd288a1bfaca3a44cf2caaa32 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed, 1 Dec 2021 17:36:18 +0000
+Subject: [PATCH] OpenSSL: use nondeprecated D-H functions under 3.0.0.
+
+From c6a290f4d8df3734b3cdc2232b4334ff8386c1da Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed, 1 Dec 2021 18:52:21 +0000
+Subject: [PATCH] OpenSSL: tidy DH and ECDH param setup Testsuite: expand DH
+ testcase
 
 From ff7829398d74e67f1c1f40339a772fd76708e5ac Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
 Date: Sat, 27 Nov 2021 21:07:15 +0000
 Subject: [PATCH] Fix build for OpenSSL 3.0.0 .  Bug 2810
 
----
- src/src/tls-openssl.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
+From ca4014de81e6aa367aa0a54c49b4c3d4b137814c Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun, 1 Jan 2023 12:18:38 +0000
+Subject: [PATCH] OpenSSL: fix tls_eccurve setting explicit curve/group.  Bug
+ 2954
+
+From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Mon, 2 Jan 2023 15:04:14 +0000
+Subject: [PATCH] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0.  Bug
+ 2954
+
+Broken-by: ca4014de81e6
 
 --- a/src/tls-openssl.c
 +++ b/src/tls-openssl.c
@@ -32,3 +53,280 @@ Subject: [PATCH] Fix build for OpenSSL 3.0.0 .  Bug 2810
  #endif
  #ifdef SSL_OP_NO_TLSv1_2
    { US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 },
+@@ -1017,23 +1021,27 @@
+ *************************************************/
+ 
+ /* If dhparam is set, expand it, and load up the parameters for DH encryption.
++Server only.
+ 
+ Arguments:
+   sctx      The current SSL CTX (inbound or outbound)
+   dhparam   DH parameter file or fixed parameter identity string
+-  host      connected host, if client; NULL if server
+   errstr    error string pointer
+ 
+ Returns:    TRUE if OK (nothing to set up, or setup worked)
+ */
+ 
+ static BOOL
+-init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host, uschar ** errstr)
++init_dh(SSL_CTX * sctx, uschar * dhparam, uschar ** errstr)
+ {
+-BIO *bio;
+-DH *dh;
+-uschar *dhexpanded;
+-const char *pem;
++BIO * bio;
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++DH * dh;
++#else
++EVP_PKEY * pkey;
++#endif
++uschar * dhexpanded;
++const char * pem;
+ int dh_bitsize;
+ 
+ if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr))
+@@ -1046,7 +1054,7 @@
+   if (!(bio = BIO_new_file(CS dhexpanded, "r")))
+     {
+     tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
+-          host, US strerror(errno), errstr);
++          NULL, US strerror(errno), errstr);
+     return FALSE;
+     }
+   }
+@@ -1061,17 +1069,23 @@
+   if (!(pem = std_dh_prime_named(dhexpanded)))
+     {
+     tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded),
+-        host, US strerror(errno), errstr);
++        NULL, US strerror(errno), errstr);
+     return FALSE;
+     }
+   bio = BIO_new_mem_buf(CS pem, -1);
+   }
+ 
+-if (!(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)))
++if (!(
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++      dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)
++#else
++      pkey = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL)
++#endif
++   ) )
+   {
+   BIO_free(bio);
+   tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded),
+-      host, NULL, errstr);
++      NULL, NULL, errstr);
+   return FALSE;
+   }
+ 
+@@ -1081,33 +1095,54 @@
+  * If someone wants to dance at the edge, then they can raise the limit or use
+  * current libraries. */
+-#ifdef EXIM_HAVE_OPENSSL_DH_BITS
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++# ifdef EXIM_HAVE_OPENSSL_DH_BITS
+ /* Added in commit 26c79d5641d; `git describe --contains` says OpenSSL_1_1_0-pre1~1022
+  * This predates OpenSSL_1_1_0 (before a, b, ...) so is in all 1.1.0 */
+ dh_bitsize = DH_bits(dh);
+-#else
++# else
+ dh_bitsize = 8 * DH_size(dh);
++# endif
++#else	/* 3.0.0 + */
++dh_bitsize = EVP_PKEY_get_bits(pkey);
+ #endif
+ 
+-/* Even if it is larger, we silently return success rather than cause things
+- * to fail out, so that a too-large DH will not knock out all TLS; it's a
+- * debatable choice. */
+-if (dh_bitsize > tls_dh_max_bits)
++/* Even if it is larger, we silently return success rather than cause things to
++fail out, so that a too-large DH will not knock out all TLS; it's a debatable
++choice.  Likewise for a failing attempt to set one. */
++
++if (dh_bitsize <= tls_dh_max_bits)
+   {
+-  DEBUG(D_tls)
+-    debug_printf("dhparams file %d bits, is > tls_dh_max_bits limit of %d\n",
+-        dh_bitsize, tls_dh_max_bits);
++  if (
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++      SSL_CTX_set_tmp_dh(sctx, dh)
++#else
++      SSL_CTX_set0_tmp_dh_pkey(sctx, pkey)
++#endif
++      == 0)
++    {
++    ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
++    log_write(0, LOG_MAIN|LOG_PANIC, "TLS error (D-H param setting '%s'): %s",
++	dhexpanded ? dhexpanded : US"default", ssl_errstring);
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++    /* EVP_PKEY_free(pkey);  crashes */
++#endif
++    }
++  else
++    DEBUG(D_tls)
++      debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
++	dhexpanded ? dhexpanded : US"default", dh_bitsize);
+   }
+ else
+-  {
+-  SSL_CTX_set_tmp_dh(sctx, dh);
+   DEBUG(D_tls)
+-    debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
+-      dhexpanded ? dhexpanded : US"default", dh_bitsize);
+-  }
++    debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
++	dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);
+ 
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ DH_free(dh);
+-BIO_free(bio);
++#endif
++/* The EVP_PKEY ownership stays with the ctx; do not free it */
+ 
++BIO_free(bio);
+ return TRUE;
+ }
+ 
+@@ -1118,7 +1154,7 @@
+ *               Initialize for ECDH              *
+ *************************************************/
+ 
+-/* Load parameters for ECDH encryption.
++/* Load parameters for ECDH encryption.  Server only.
+ 
+ For now, we stick to NIST P-256 because: it's simple and easy to configure;
+ it avoids any patent issues that might bite redistributors; despite events in
+@@ -1136,37 +1172,40 @@
+ 
+ Arguments:
+   sctx      The current SSL CTX (inbound or outbound)
+-  host      connected host, if client; NULL if server
+   errstr    error string pointer
+ 
+ Returns:    TRUE if OK (nothing to set up, or setup worked)
+ */
+ 
+ static BOOL
+-init_ecdh(SSL_CTX * sctx, host_item * host, uschar ** errstr)
++init_ecdh(SSL_CTX * sctx, uschar ** errstr)
+ {
+ #ifdef OPENSSL_NO_ECDH
+ return TRUE;
+ #else
+ 
+-EC_KEY * ecdh;
+ uschar * exp_curve;
+-int nid;
+-BOOL rv;
+-
+-if (host)	/* No ECDH setup for clients, only for servers */
+-  return TRUE;
++int nid, rc;
+ 
+ # ifndef EXIM_HAVE_ECDH
+ DEBUG(D_tls)
+-  debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
++  debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n");
+ return TRUE;
+ # else
+ 
+ if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
+   return FALSE;
++
++/* Is the option deliberately empty? */
++
+ if (!exp_curve || !*exp_curve)
++  {
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++  DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n");
++  (void) SSL_CTX_set1_curves(sctx, &nid, 0);
++#endif
+   return TRUE;
++  }
+ 
+ /* "auto" needs to be handled carefully.
+  * OpenSSL <  1.0.2: we do not select anything, but fallback to prime256v1
+@@ -1202,27 +1241,41 @@
+ #   endif
+    )
+   {
+-  tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
+-    host, NULL, errstr);
++  uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve);
++  DEBUG(D_tls) debug_printf("TLS error '%s'\n", s);
++  if (errstr) *errstr = s;
+   return FALSE;
+   }
+ 
+-if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
+-  {
+-  tls_error(US"Unable to create ec curve", host, NULL, errstr);
+-  return FALSE;
+-  }
++# if OPENSSL_VERSION_NUMBER < 0x30000000L
++ {
++  EC_KEY * ecdh;
++  if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
++    {
++    tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
++    return FALSE;
++    }
+ 
+-/* The "tmp" in the name here refers to setting a temporary key
+-not to the stability of the interface. */
++  /* The "tmp" in the name here refers to setting a temporary key
++  not to the stability of the interface. */
+ 
+-if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
+-  tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL, errstr);
++  if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0)
++    tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
++  else
++    DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
++  EC_KEY_free(ecdh);
++ }
++
++#else	/* v 3.0.0 + */
++
++if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
++  tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
+ else
+-  DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
++  DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve);
++
++#endif
+ 
+-EC_KEY_free(ecdh);
+-return !rv;
++return !!rc;
+ 
+ # endif	/*EXIM_HAVE_ECDH*/
+ #endif /*OPENSSL_NO_ECDH*/
+@@ -1727,8 +1780,8 @@
+ SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo);
+ 
+-if (  !init_dh(server_sni, cbinfo->dhparam, NULL, &dummy_errstr)
+-   || !init_ecdh(server_sni, NULL, &dummy_errstr)
++if (  !init_dh(server_sni, cbinfo->dhparam, &dummy_errstr)
++   || !init_ecdh(server_sni, &dummy_errstr)
+    )
+   goto bad;
+ 
+@@ -2213,8 +2266,8 @@
+ /* Initialize with DH parameters if supplied */
+ /* Initialize ECDH temp key parameter selection */
+ 
+-if (  !init_dh(ctx, dhparam, host, errstr)
+-   || !init_ecdh(ctx, host, errstr)
++if (  !init_dh(ctx, dhparam, errstr)
++   || !init_ecdh(ctx, errstr)
+    )
+   return DEFER;
+ 


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-05-27  9:25 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-05-27  9:25 UTC (permalink / raw
  To: gentoo-commits

commit:     050f88a892c6dc4f60c338ed8da4fb953f85090e
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sat May 27 09:24:25 2023 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sat May 27 09:24:50 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=050f88a8

mail-mta/exim-4.96-r3: move 4.96 patches into tarball

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 mail-mta/exim/Manifest                             |   1 +
 mail-mta/exim/exim-4.96-r3.ebuild                  |  33 +--
 mail-mta/exim/files/exim-4.96-dane-dns_again.patch |  81 -------
 .../exim/files/exim-4.96-deamon-startup-fix.patch  |  53 -----
 .../files/exim-4.96-dmarc_use_after_free.patch     |  31 ---
 .../exim/files/exim-4.96-expansion-crash.patch     |  69 ------
 .../exim/files/exim-4.96-openssl-bad-alpn.patch    | 101 ---------
 .../files/exim-4.96-openssl-double-expansion.patch | 217 -------------------
 .../files/exim-4.96-openssl-tls_eccurve-lt-3.patch |  44 ----
 .../exim-4.96-openssl-tls_eccurve-setting.patch    | 169 ---------------
 .../exim/files/exim-4.96-openssl-verify-ocsp.patch | 232 ---------------------
 .../exim/files/exim-4.96-recursion-dns_again.patch |  57 -----
 .../files/exim-4.96-regex-use-after-free.patch     | 173 ---------------
 .../exim-4.96-rewrite-malformed-addr-fix.patch     |  42 ----
 .../files/exim-4.96-spf-memory-error-fix.patch     |  25 ---
 .../exim/files/exim-4.96-transport-crash.patch     |  27 ---
 16 files changed, 20 insertions(+), 1335 deletions(-)

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 254aa57e04a2..079903b715c8 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,4 +1,5 @@
 DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc
+DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
 DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
 DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0
 DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1

diff --git a/mail-mta/exim/exim-4.96-r3.ebuild b/mail-mta/exim/exim-4.96-r3.ebuild
index 646aa80b8ade..b9f58258caa4 100644
--- a/mail-mta/exim/exim-4.96-r3.ebuild
+++ b/mail-mta/exim/exim-4.96-r3.ebuild
@@ -34,8 +34,10 @@ SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
 	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
 COMM_URI="https://downloads.exim.org/exim4${SDIR}"
 
+GPV="r0"
 DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
 SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
+	https://dev.gentoo.org/~grobian/distfiles/${P}-gentoo-patches-${GPV}.tar.xz
 	mirror://gentoo/system_filter.exim.gz
 	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
 HOMEPAGE="https://www.exim.org/"
@@ -116,20 +118,23 @@ src_prepare() {
 	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
 	eapply     "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
-	eapply     "${FILESDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-regex-use-after-free.patch # upstr
-	eapply -p2 "${FILESDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-recursion-dns_again.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-dane-dns_again.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-expansion-crash.patch # upstr
-	eapply     "${FILESDIR}"/exim-4.96-transport-crash.patch # upstr
+
+	# Upstream post-release fixes :(
+	local GPVDIR=${WORKDIR}/${P}-gentoo-patches-${GPV}
+	eapply     "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
+	eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
 
 	# oddity, they disable berkdb as hack, and then throw an error when
 	# berkdb isn't enabled

diff --git a/mail-mta/exim/files/exim-4.96-dane-dns_again.patch b/mail-mta/exim/files/exim-4.96-dane-dns_again.patch
deleted file mode 100644
index 9bd94f784594..000000000000
--- a/mail-mta/exim/files/exim-4.96-dane-dns_again.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-modified for Gentoo, removed Changelog due to conflicts
-
-From 30520c8f87fcf660ed99a2344cae7f9787f7bc89 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 5 Jan 2023 18:39:51 +0000
-Subject: [PATCH 3/3] DANE: do not check dns_again_means_nonexist for TLSA
- results of TRY_AGAIN
-
----
- doc/doc-docbook/spec.xfpt |  7 ++++++-
- doc/ChangeLog     |  4 ++++
- src/dns.c             | 35 ++++++++++++++++++++++-------------
- 3 files changed, 32 insertions(+), 14 deletions(-)
-
---- a/src/dns.c
-+++ b/src/dns.c
-@@ -904,25 +904,34 @@ if (dnsa->answerlen < 0) switch (h_errno
-     DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave TRY_AGAIN\n",
-       name, dns_text_type(type));
- 
-     /* Cut this out for various test programs */
- #ifndef STAND_ALONE
--    if (try_again_recursion)
-+    /* Permitting dns_again_means nonexist for TLSA lookups breaks the
-+    doewngrade resistance of dane, so avoid for those. */
-+
-+    if (type == T_TLSA)
-+      rc = FAIL;
-+    else
-       {
--      log_write(0, LOG_MAIN|LOG_PANIC,
--	"dns_again_means_nonexist recursion seen for %s (assuming nonexist)",
--	name);
--      return dns_fail_return(name, type, dns_expire_from_soa(dnsa, type), DNS_NOMATCH);
--      }
-+      if (try_again_recursion)
-+	{
-+	log_write(0, LOG_MAIN|LOG_PANIC,
-+	  "dns_again_means_nonexist recursion seen for %s"
-+	  " (assuming nonexist)", name);
-+	return dns_fail_return(name, type, dns_expire_from_soa(dnsa, type),
-+			      DNS_NOMATCH);
-+	}
- 
--    try_again_recursion = TRUE;
--    save_domain = deliver_domain;
--    deliver_domain = string_copy(name);  /* set $domain */
--    rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0,
--      &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
--    deliver_domain = save_domain;
--    try_again_recursion = FALSE;
-+      try_again_recursion = TRUE;
-+      save_domain = deliver_domain;
-+      deliver_domain = string_copy(name);  /* set $domain */
-+      rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0,
-+	&domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
-+      deliver_domain = save_domain;
-+      try_again_recursion = FALSE;
-+      }
- 
-     if (rc != OK)
-       {
-       DEBUG(D_dns) debug_printf("returning DNS_AGAIN\n");
-       return dns_fail_return(name, type, 0, DNS_AGAIN);
---- a/doc/spec.txt
-+++ b/doc/spec.txt
-@@ -14246,11 +14246,13 @@ dns_again_means_nonexist, it is treated
- should be used with care. You can make it apply to reverse lookups by a setting
- such as this:
- 
- dns_again_means_nonexist = *.in-addr.arpa
- 
--This option applies to all DNS lookups that Exim does. It also applies when the
-+This option applies to all DNS lookups that Exim does, except for TLSA lookups
-+(where knowing about such failures +is security-relevant). It also applies
-+when the
- gethostbyname() or getipnodebyname() functions give temporary errors, since
- these are most likely to be caused by DNS lookup problems. The dnslookup router
- has some options of its own for controlling what happens when lookups for MX or
- SRV records give temporary errors. These more specific options are applied
- after this global option.

diff --git a/mail-mta/exim/files/exim-4.96-deamon-startup-fix.patch b/mail-mta/exim/files/exim-4.96-deamon-startup-fix.patch
deleted file mode 100644
index 8cf0cb703f1d..000000000000
--- a/mail-mta/exim/files/exim-4.96-deamon-startup-fix.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-modified for Gentoo, removed Changelog to avoid conflicts
-
-From 221321d2c51b83d1feced80ecd6c2fe33ec5456c Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 3 Nov 2022 20:08:25 +0000
-Subject: [PATCH 1/2] Fix daemon startup.  Bug 2930
-
-Broken-by: 7d5055276a
----
- doc/ChangeLog | 4 ++++
- src/daemon.c      | 8 ++++++--
- 2 files changed, 10 insertions(+), 2 deletions(-)
-
---- a/src/daemon.c
-+++ b/src/daemon.c
-@@ -1744,19 +1744,23 @@
-   {
-   /* If the parent process of this one has pid == 1, we are re-initializing the
-   daemon as the result of a SIGHUP. In this case, there is no need to do
-   anything, because the controlling terminal has long gone. Otherwise, fork, in
-   case current process is a process group leader (see 'man setsid' for an
--  explanation) before calling setsid(). */
-+  explanation) before calling setsid().
-+  All other forks want daemon_listen cleared. Rather than blow a register, jsut
-+  restore it here. */
- 
-   if (getppid() != 1)
-     {
-+    BOOL daemon_listen = f.daemon_listen;
-     pid_t pid = exim_fork(US"daemon");
-     if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
-       "fork() failed when starting daemon: %s", strerror(errno));
-     if (pid > 0) exit(EXIT_SUCCESS);      /* in parent process, just exit */
-     (void)setsid();                       /* release controlling terminal */
-+    f.daemon_listen = daemon_listen;
-     }
-   }
- 
- /* We are now in the disconnected, daemon process (unless debugging). Set up
- the listening sockets if required. */
-@@ -2090,11 +2094,11 @@
- 	      {				/* found; append port to list */
- 	      for (p = i2->log; *p; ) p++;	/* end of existing string */
- 	      if (*--p == '}') *p = '\0';	/* drop EOL */
- 	      while (isdigit(*--p)) ;		/* char before port */
- 
--	      i2->log = *p == ':'		/* no list yet? */
-+	      i2->log = *p == ':'		/* no list yet?     { */
- 		? string_sprintf("%.*s{%s,%d}",
- 		  (int)(p - i2->log + 1), i2->log, p+1, ipa->port)
- 		: string_sprintf("%s,%d}", i2->log, ipa->port);
- 	      ipa->log = NULL;
- 	      break;

diff --git a/mail-mta/exim/files/exim-4.96-dmarc_use_after_free.patch b/mail-mta/exim/files/exim-4.96-dmarc_use_after_free.patch
deleted file mode 100644
index dc2f62e9ba0f..000000000000
--- a/mail-mta/exim/files/exim-4.96-dmarc_use_after_free.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@brun.one>
-Date: Fri, 14 Oct 2022 21:02:51 +0200
-Subject: [PATCH] DMARC: fix use-after-free in dmarc_dns_lookup
-
-This fixes a use-after-free in dmarc_dns_lookup where the result
-of dns_lookup in dnsa is freed before the required data is copied out.
-
-Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
----
- src/src/dmarc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/src/dmarc.c b/src/src/dmarc.c
-index ad0c26c91..53c2752ac 100644
---- a/src/src/dmarc.c
-+++ b/src/src/dmarc.c
-@@ -230,8 +230,9 @@ if (rc == DNS_SUCCEED)
-        rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
-     if (rr->type == T_TXT && rr->size > 3)
-       {
-+      uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
-       store_free_dns_answer(dnsa);
--      return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
-+      return record;
-       }
- store_free_dns_answer(dnsa);
- return NULL;
--- 
-2.30.2
-

diff --git a/mail-mta/exim/files/exim-4.96-expansion-crash.patch b/mail-mta/exim/files/exim-4.96-expansion-crash.patch
deleted file mode 100644
index 4b79784f9979..000000000000
--- a/mail-mta/exim/files/exim-4.96-expansion-crash.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-modified for Gentoo, removed Changelog and tests
-
-From 70069b65a39a7ba73a36fbd95371ff03cde1eb23 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 2 Feb 2023 20:00:35 +0000
-Subject: [PATCH] Fix crash in expansions
-
-Broken-by: 1058096b8c53
----
- doc/ChangeLog | 4 ++++
- src/expand.c      | 9 +++++----
- test/stderr/0630      | 1 +
- 3 files changed, 10 insertions(+), 4 deletions(-)
-
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -4652,11 +4652,11 @@ while (*s)
-       yield = string_catn(yield, value, len);
- 
-     continue;
-     }
- 
--  if (isdigit(*s))
-+  if (isdigit(*s))		/* A $<n> variable */
-     {
-     int n;
-     s = read_cnumber(&n, s);
-     if (n >= 0 && n <= expand_nmax)
-       yield = string_catn(yield, expand_nstring[n], expand_nlength[n]);
-@@ -7060,10 +7060,11 @@ NOT_ITEM: ;
-       if (arg) *arg++ = '_';		/* Put back for error messages */
-       }
- 
-     /* Deal specially with operators that might take a certificate variable
-     as we do not want to do the usual expansion. For most, expand the string.*/
-+
-     switch(c)
-       {
- #ifndef DISABLE_TLS
-       case EOP_MD5:
-       case EOP_SHA1:
-@@ -7107,11 +7108,11 @@ NOT_ITEM: ;
- 
-     /* Otherwise, switch on the operator type.  After handling go back
-     to the main loop top. */
- 
-      {
--     int start = yield->ptr;
-+     unsigned expansion_start = gstring_length(yield);
-      switch(c)
-       {
-       case EOP_BASE32:
- 	{
- 	uschar *t;
-@@ -8168,12 +8169,12 @@ NOT_ITEM: ;
- 	  goto EXPAND_FAILED;
- 	}	/* EOP_* switch */
- 
-        DEBUG(D_expand)
- 	{
--	const uschar * s = yield->s + start;
--	int i = yield->ptr - start;
-+	const uschar * s = yield->s + expansion_start;
-+	int i = gstring_length(yield) - expansion_start;
- 	BOOL tainted = is_tainted(s);
- 
- 	DEBUG(D_noutf8)
- 	  {
- 	  debug_printf_indent("|-----op-res: %.*s\n", i, s);

diff --git a/mail-mta/exim/files/exim-4.96-openssl-bad-alpn.patch b/mail-mta/exim/files/exim-4.96-openssl-bad-alpn.patch
deleted file mode 100644
index f494fff85a09..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-bad-alpn.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-modified for Gentoo, removed tests
-
-From e1aca33756f73c22b00a98d40ce2be8ed94464b1 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 5 Jan 2023 13:03:37 +0000
-Subject: [PATCH 2/3] OpenSSL: log conns rejected for bad ALPN, with the
- offered value
-
-Unfortunately, no way to do this under GnuTLS
----
- src/match.c       |  1 +
- src/tls-gnu.c     |  9 ++++++++-
- src/tls-openssl.c | 13 +++++++++++--
- test/log/1190         |  2 ++
- test/runtest          |  3 +++
- 5 files changed, 25 insertions(+), 3 deletions(-)
-
-diff --git a/src/match.c b/src/match.c
-index 91a49c0f0..07070362d 100644
---- a/src/match.c
-+++ b/src/match.c
-@@ -968,6 +968,7 @@ Arguments:
-   s              string to search for
-   listptr        ptr to ptr to colon separated list of patterns, or NULL
-   sep            a separator value for the list (see string_nextinlist())
-+		 or zero for auto
-   anchorptr      ptr to tree for named items, or NULL if no named items
-   cache_bits     ptr to cache_bits for ditto, or NULL if not caching
-   type           MCL_DOMAIN when matching a domain list
-diff --git a/src/tls-gnu.c b/src/tls-gnu.c
-index 729fb5879..b47fabf1d 100644
---- a/src/tls-gnu.c
-+++ b/src/tls-gnu.c
-@@ -1119,21 +1119,28 @@ switch (tls_id)
-     /* The format of "data" here doesn't seem to be documented, but appears
-     to be a 2-byte field with a (redundant, given the "size" arg) total length
-     then a sequence of one-byte size then string (not nul-term) names.  The
--    latter is as described in OpenSSL documentation. */
-+    latter is as described in OpenSSL documentation.
-+    Note that we do not get called for a match_fail, making it hard to log
-+    a single bad ALPN being offered (the common case). */
-+    {
-+    gstring * g = NULL;
- 
-     DEBUG(D_tls) debug_printf("Seen ALPN extension from client (s=%u):", size);
-     for (const uschar * s = data+2; s-data < size-1; s += *s + 1)
-       {
-       server_seen_alpn++;
-+      g = string_append_listele_n(g, ':', s+1, *s);
-       DEBUG(D_tls) debug_printf(" '%.*s'", (int)*s, s+1);
-       }
-     DEBUG(D_tls) debug_printf("\n");
-     if (server_seen_alpn > 1)
-       {
-+      log_write(0, LOG_MAIN, "TLS ALPN (%s) rejected", string_from_gstring(g));
-       DEBUG(D_tls) debug_printf("TLS: too many ALPNs presented in handshake\n");
-       return GNUTLS_E_NO_APPLICATION_PROTOCOL;
-       }
-     break;
-+    }
- #endif
-   }
- return 0;
-diff --git a/src/tls-openssl.c b/src/tls-openssl.c
-index e063d29bd..513ba0d3a 100644
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -2324,6 +2324,8 @@ static int
- tls_server_alpn_cb(SSL *ssl, const uschar ** out, uschar * outlen,
-   const uschar * in, unsigned int inlen, void * arg)
- {
-+gstring * g = NULL;
-+
- server_seen_alpn = TRUE;
- DEBUG(D_tls)
-   {
-@@ -2354,12 +2356,19 @@ if (  inlen > 1		/* at least one name */
-       }
-   }
- 
--/* More than one name from clilent, or name did not match our list. */
-+/* More than one name from client, or name did not match our list. */
- 
- /* This will be fatal to the TLS conn; would be nice to kill TCP also.
- Maybe as an option in future; for now leave control to the config (must-tls). */
- 
--DEBUG(D_tls) debug_printf("TLS ALPN rejected\n");
-+for (int pos = 0, siz; pos < inlen; pos += siz+1)
-+  {
-+  siz = in[pos];
-+  if (pos + 1 + siz > inlen) siz = inlen - pos - 1;
-+  g = string_append_listele_n(g, ':', in + pos + 1, siz);
-+  }
-+log_write(0, LOG_MAIN, "TLS ALPN (%s) rejected", string_from_gstring(g));
-+gstring_release_unused(g);
- return SSL_TLSEXT_ERR_ALERT_FATAL;
- }
- #endif	/* EXIM_HAVE_ALPN */
--- 
-2.39.0
-

diff --git a/mail-mta/exim/files/exim-4.96-openssl-double-expansion.patch b/mail-mta/exim/files/exim-4.96-openssl-double-expansion.patch
deleted file mode 100644
index 09e4f11ef20e..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-double-expansion.patch
+++ /dev/null
@@ -1,217 +0,0 @@
-From 62b97c2ecf148ee86053d82e5509e4c3a5a20054 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sat, 29 Oct 2022 22:33:43 +0100
-Subject: [PATCH 2/2] OpenSSL: fix double-expansion of tls_verify_certificates
-
----
- src/tls-openssl.c | 66 +++++++++++++++++++++----------------------
- 1 file changed, 33 insertions(+), 33 deletions(-)
-
-diff --git a/src/tls-openssl.c b/src/tls-openssl.c
-index fdf0d92b2..2e09882d2 100644
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -435,15 +435,15 @@ typedef struct exim_openssl_state {
- /* should figure out a cleanup of API to handle state preserved per
- implementation, for various reasons, which can be void * in the APIs.
- For now, we hack around it. */
- exim_openssl_state_st *client_static_state = NULL;	/*XXX should not use static; multiple concurrent clients! */
- exim_openssl_state_st state_server = {.is_server = TRUE};
- 
- static int
--setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host,
-+setup_certs(SSL_CTX * sctx, uschar ** certs, uschar * crl, host_item * host,
-     uschar ** errstr );
- 
- /* Callbacks */
- #ifndef DISABLE_OCSP
- static int tls_server_stapling_cb(SSL *s, void *arg);
- static void x509_stack_dump_cert_s_names(const STACK_OF(X509) * sk);
- static void x509_store_dump_cert_s_names(X509_STORE * store);
-@@ -1762,18 +1762,18 @@ if (  opt_set_and_noexpand(tls_verify_certificates)
-   {
-   /* Watch the default dir also as they are always included */
- 
-   if (  tls_set_watch(CUS X509_get_default_cert_file(), FALSE)
-      && tls_set_watch(tls_verify_certificates, FALSE)
-      && tls_set_watch(tls_crl, FALSE))
-     {
-+    uschar * v_certs = tls_verify_certificates;
-     DEBUG(D_tls) debug_printf("TLS: preloading CA bundle for server\n");
- 
--    if (setup_certs(ctx, tls_verify_certificates, tls_crl, NULL, &dummy_errstr)
--	== OK)
-+    if (setup_certs(ctx, &v_certs, tls_crl, NULL, &dummy_errstr) == OK)
-       state_server.lib_state.cabundle = TRUE;
- 
-     /* If we can, preload the server-side cert, key and ocsp */
- 
-     if (  opt_set_and_noexpand(tls_certificate)
- # ifndef DISABLE_OCSP
-        && opt_unset_or_noexpand(tls_ocsp_file)
-@@ -1897,18 +1897,19 @@ if (  opt_set_and_noexpand(ob->tls_verify_certificates)
-   {
-   if (  !watch
-      ||    tls_set_watch(CUS X509_get_default_cert_file(), FALSE)
-         && tls_set_watch(ob->tls_verify_certificates, FALSE)
- 	&& tls_set_watch(ob->tls_crl, FALSE)
-      )
-     {
-+    uschar * v_certs = ob->tls_verify_certificates;
-     DEBUG(D_tls)
-       debug_printf("TLS: preloading CA bundle for transport '%s'\n", t->name);
- 
--    if (setup_certs(ctx, ob->tls_verify_certificates,
-+    if (setup_certs(ctx, &v_certs,
- 	  ob->tls_crl, dummy_host, &dummy_errstr) == OK)
-       ob->tls_preload.cabundle = TRUE;
-     }
-   }
- else
-   DEBUG(D_tls)
-       debug_printf("TLS: not preloading CA bundle, for transport '%s'\n", t->name);
-@@ -2238,22 +2239,20 @@ if (state->u_ocsp.server.file)
-   {
-   SSL_CTX_set_tlsext_status_cb(server_sni, tls_server_stapling_cb);
-   SSL_CTX_set_tlsext_status_arg(server_sni, state);
-   }
- #endif
- 
-   {
--  uschar * expcerts;
--  if (  !expand_check(tls_verify_certificates, US"tls_verify_certificates",
--		  &expcerts, &dummy_errstr)
--     || (rc = setup_certs(server_sni, expcerts, tls_crl, NULL,
-+  uschar * v_certs = tls_verify_certificates;
-+  if ((rc = setup_certs(server_sni, &v_certs, tls_crl, NULL,
- 			&dummy_errstr)) != OK)
-     goto bad;
- 
--  if (expcerts && *expcerts)
-+  if (v_certs && *v_certs)
-     setup_cert_verify(server_sni, FALSE, verify_callback_server);
-   }
- 
- /* do this after setup_certs, because this can require the certs for verifying
- OCSP information. */
- if ((rc = tls_expand_session_files(server_sni, state, &dummy_errstr)) != OK)
-   goto bad;
-@@ -3017,32 +3016,33 @@ return TRUE;
- 
- 
- /* Called by both client and server startup; on the server possibly
- repeated after a Server Name Indication.
- 
- Arguments:
-   sctx          SSL_CTX* to initialise
--  certs         certs file, expanded
-+  certs         certs file, returned expanded
-   crl           CRL file or NULL
-   host          NULL in a server; the remote host in a client
-   errstr	error string pointer
- 
- Returns:        OK/DEFER/FAIL
- */
- 
- static int
--setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host,
-+setup_certs(SSL_CTX * sctx, uschar ** certsp, uschar * crl, host_item * host,
-     uschar ** errstr)
- {
--uschar *expcerts, *expcrl;
-+uschar * expcerts, * expcrl;
- 
--if (!expand_check(certs, US"tls_verify_certificates", &expcerts, errstr))
-+if (!expand_check(*certsp, US"tls_verify_certificates", &expcerts, errstr))
-   return DEFER;
- DEBUG(D_tls) debug_printf("tls_verify_certificates: %s\n", expcerts);
- 
-+*certsp = expcerts;
- if (expcerts && *expcerts)
-   {
-   /* Tell the library to use its compiled-in location for the system default
-   CA bundle. Then add the ones specified in the config, if any. */
- 
-   if (!SSL_CTX_set_default_verify_paths(sctx))
-     return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL, errstr);
-@@ -3330,28 +3330,28 @@ if (verify_check_host(&tls_verify_hosts) == OK)
-   server_verify_optional = FALSE;
- else if (verify_check_host(&tls_try_verify_hosts) == OK)
-   server_verify_optional = TRUE;
- else
-   goto skip_certs;
- 
-  {
--  uschar * expcerts;
--  if (!expand_check(tls_verify_certificates, US"tls_verify_certificates",
--		    &expcerts, errstr))
--    return DEFER;
--  DEBUG(D_tls) debug_printf("tls_verify_certificates: %s\n", expcerts);
-+  uschar * v_certs = tls_verify_certificates;
- 
-   if (state_server.lib_state.cabundle)
--    { DEBUG(D_tls) debug_printf("TLS: CA bundle for server was preloaded\n"); }
-+    {
-+    DEBUG(D_tls) debug_printf("TLS: CA bundle for server was preloaded\n");
-+    setup_cert_verify(ctx, server_verify_optional, verify_callback_server);
-+    }
-   else
--    if ((rc = setup_certs(ctx, expcerts, tls_crl, NULL, errstr)) != OK)
-+    {
-+    if ((rc = setup_certs(ctx, &v_certs, tls_crl, NULL, errstr)) != OK)
-       return rc;
--
--  if (expcerts && *expcerts)
--    setup_cert_verify(ctx, server_verify_optional, verify_callback_server);
-+    if (v_certs && *v_certs)
-+      setup_cert_verify(ctx, server_verify_optional, verify_callback_server);
-+    }
-  }
- skip_certs: ;
- 
- #ifndef DISABLE_TLS_RESUME
- # if OPENSSL_VERSION_NUMBER < 0x30000000L
- SSL_CTX_set_tlsext_ticket_key_cb(ctx, ticket_key_callback);
- /* despite working, appears to always return failure, so ignoring */
-@@ -3606,28 +3606,28 @@ if (  (  (  !ob->tls_verify_hosts || !ob->tls_verify_hosts
-   client_verify_optional = FALSE;
- else if (verify_check_given_host(CUSS &ob->tls_try_verify_hosts, host) == OK)
-   client_verify_optional = TRUE;
- else
-   return OK;
- 
-  {
--  uschar * expcerts;
--  if (!expand_check(ob->tls_verify_certificates, US"tls_verify_certificates",
--		    &expcerts, errstr))
--    return DEFER;
--  DEBUG(D_tls) debug_printf("tls_verify_certificates: %s\n", expcerts);
-+  uschar * v_certs = ob->tls_verify_certificates;
- 
-   if (state->lib_state.cabundle)
--    { DEBUG(D_tls) debug_printf("TLS: CA bundle was preloaded\n"); }
-+    {
-+    DEBUG(D_tls) debug_printf("TLS: CA bundle for tpt was preloaded\n");
-+    setup_cert_verify(ctx, client_verify_optional, verify_callback_client);
-+    }
-   else
--    if ((rc = setup_certs(ctx, expcerts, ob->tls_crl, host, errstr)) != OK)
-+    {
-+    if ((rc = setup_certs(ctx, &v_certs, ob->tls_crl, host, errstr)) != OK)
-       return rc;
--
--  if (expcerts && *expcerts)
--    setup_cert_verify(ctx, client_verify_optional, verify_callback_client);
-+    if (v_certs && *v_certs)
-+      setup_cert_verify(ctx, client_verify_optional, verify_callback_client);
-+    }
-  }
- 
- if (verify_check_given_host(CUSS &ob->tls_verify_cert_hostnames, host) == OK)
-   {
-   state->verify_cert_hostnames =
- #ifdef SUPPORT_I18N
-     string_domain_utf8_to_alabel(host->certname, NULL);
--- 
-2.35.1
-

diff --git a/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-lt-3.patch b/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-lt-3.patch
deleted file mode 100644
index 37d1d445cb0a..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-lt-3.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-modified for Gentoo, removed tests due to conflicts
-
-From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Mon, 2 Jan 2023 15:04:14 +0000
-Subject: [PATCH 1/3] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0. 
- Bug 2954
-
-Broken-by: ca4014de81e6
----
- src/tls-openssl.c          |  7 ++++---
- test/log/2149                  | 28 ++++++++++++++--------------
- test/runtest                   |  3 +++
- test/scripts/2100-OpenSSL/2149 | 22 ++++++++++++----------
- 4 files changed, 33 insertions(+), 27 deletions(-)
-
-diff --git a/src/tls-openssl.c b/src/tls-openssl.c
-index 4d0f99ea9..e063d29bd 100644
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -786,8 +786,9 @@ if (  (nid = OBJ_sn2nid       (CCS exp_curve)) == NID_undef
- #   endif
-    )
-   {
--  tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
--    NULL, NULL, errstr);
-+  uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve);
-+  DEBUG(D_tls) debug_printf("TLS error '%s'\n", s);
-+  if (errstr) *errstr = s;
-   return FALSE;
-   }
- 
-@@ -803,7 +804,7 @@ if (  (nid = OBJ_sn2nid       (CCS exp_curve)) == NID_undef
-   /* The "tmp" in the name here refers to setting a temporary key
-   not to the stability of the interface. */
- 
--  if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
-+  if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0)
-     tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
-   else
-     DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
--- 
-2.39.0
-

diff --git a/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-setting.patch b/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-setting.patch
deleted file mode 100644
index 6ccfbca9a985..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-setting.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-modified for Gentoo, dropped Changelog and test due to conflicts
-
-From ca4014de81e6aa367aa0a54c49b4c3d4b137814c Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sun, 1 Jan 2023 12:18:38 +0000
-Subject: [PATCH] OpenSSL: fix tls_eccurve setting explicit curve/group.  Bug
- 2954
-
----
- doc/ChangeLog          |  4 +++
- src/tls-openssl.c          | 39 ++++++++++++++----------
- test/confs/2148                | 54 ++++++++++++++++++++++++++++++++++
- test/confs/2149                | 39 +++++++++++++-----------
- test/log/2148                  | 48 ++++++++++++++++++++++++++++++
- test/log/2149                  | 39 ++++++++++++------------
- test/paniclog/{2149 => 2148}   |  0
- test/scripts/2100-OpenSSL/2148 | 50 +++++++++++++++++++++++++++++++
- test/scripts/2100-OpenSSL/2149 | 50 ++++++++++++++++---------------
- test/stderr/2148               |  5 ++++
- test/stderr/2149               |  3 --
- 11 files changed, 250 insertions(+), 81 deletions(-)
- create mode 100644 test/confs/2148
- create mode 100644 test/log/2148
- rename test/paniclog/{2149 => 2148} (100%)
- create mode 100644 test/scripts/2100-OpenSSL/2148
- create mode 100644 test/stderr/2148
-
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -657,16 +657,16 @@ if (dh_bitsize <= tls_dh_max_bits)
-     /* EVP_PKEY_free(pkey);  crashes */
- #endif
-     }
-   else
-     DEBUG(D_tls)
--      debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
-+      debug_printf(" Diffie-Hellman initialized from %s with %d-bit prime\n",
- 	dhexpanded ? dhexpanded : US"default", dh_bitsize);
-   }
- else
-   DEBUG(D_tls)
--    debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
-+    debug_printf(" dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
- 	dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);
- 
- #if OPENSSL_VERSION_NUMBER < 0x30000000L
- DH_free(dh);
- #endif
-@@ -712,23 +712,31 @@ init_ecdh(SSL_CTX * sctx, uschar ** errs
- #ifdef OPENSSL_NO_ECDH
- return TRUE;
- #else
- 
- uschar * exp_curve;
--int nid;
--BOOL rv;
-+int nid, rc;
- 
- # ifndef EXIM_HAVE_ECDH
- DEBUG(D_tls)
--  debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
-+  debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n");
- return TRUE;
- # else
- 
- if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
-   return FALSE;
-+
-+/* Is the option deliberately empty? */
-+
- if (!exp_curve || !*exp_curve)
-+  {
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+  DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n");
-+  (void) SSL_CTX_set1_curves(sctx, &nid, 0);
-+#endif
-   return TRUE;
-+  }
- 
- /* "auto" needs to be handled carefully.
-  * OpenSSL <  1.0.2: we do not select anything, but fallback to prime256v1
-  * OpenSSL <  1.1.0: we have to call SSL_CTX_set_ecdh_auto
-  *                   (openssl/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
-@@ -737,27 +745,26 @@ if (!exp_curve || !*exp_curve)
-  */
- if (Ustrcmp(exp_curve, "auto") == 0)
-   {
- #if OPENSSL_VERSION_NUMBER < 0x10002000L
-   DEBUG(D_tls) debug_printf(
--    "ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
-+    " ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
-   exp_curve = US"prime256v1";
- #else
- # if defined SSL_CTRL_SET_ECDH_AUTO
-   DEBUG(D_tls) debug_printf(
--    "ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n");
-+    " ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n");
-   SSL_CTX_set_ecdh_auto(sctx, 1);
-   return TRUE;
- # else
-   DEBUG(D_tls) debug_printf(
--    "ECDH OpenSSL 1.1.0+: temp key parameter settings: default selection\n");
-+    " ECDH OpenSSL 1.1.0+: temp key parameter settings: library default selection\n");
-   return TRUE;
- # endif
- #endif
-   }
- 
--DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve);
- if (  (nid = OBJ_sn2nid       (CCS exp_curve)) == NID_undef
- #   ifdef EXIM_HAVE_OPENSSL_EC_NIST2NID
-    && (nid = EC_curve_nist2nid(CCS exp_curve)) == NID_undef
- #   endif
-    )
-@@ -777,27 +784,27 @@ if (  (nid = OBJ_sn2nid       (CCS exp_c
-     }
- 
-   /* The "tmp" in the name here refers to setting a temporary key
-   not to the stability of the interface. */
- 
--  if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
-+  if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
-     tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
-   else
--    DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
-+    DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
-   EC_KEY_free(ecdh);
-  }
- 
- #else	/* v 3.0.0 + */
- 
--if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
-+if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
-   tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
- else
--  DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);
-+  DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve);
- 
- #endif
- 
--return !rv;
-+return !!rc;
- 
- # endif	/*EXIM_HAVE_ECDH*/
- #endif /*OPENSSL_NO_ECDH*/
- }
- 
-@@ -1719,19 +1726,19 @@ state_server.lib_state.lib_ctx = ctx;
- 
- /* Preload DH params and EC curve */
- 
- if (opt_unset_or_noexpand(tls_dhparam))
-   {
--  DEBUG(D_tls) debug_printf("TLS: preloading DH params for server\n");
-+  DEBUG(D_tls) debug_printf("TLS: preloading DH params '%s' for server\n", tls_dhparam);
-   if (init_dh(ctx, tls_dhparam, &dummy_errstr))
-     state_server.lib_state.dh = TRUE;
-   }
- else
-   DEBUG(D_tls) debug_printf("TLS: not preloading DH params for server\n");
- if (opt_unset_or_noexpand(tls_eccurve))
-   {
--  DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve for server\n");
-+  DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve '%s' for server\n", tls_eccurve);
-   if (init_ecdh(ctx, &dummy_errstr))
-     state_server.lib_state.ecdh = TRUE;
-   }
- else
-   DEBUG(D_tls) debug_printf("TLS: not preloading ECDH curve for server\n");

diff --git a/mail-mta/exim/files/exim-4.96-openssl-verify-ocsp.patch b/mail-mta/exim/files/exim-4.96-openssl-verify-ocsp.patch
deleted file mode 100644
index 2e21065fb1d6..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-verify-ocsp.patch
+++ /dev/null
@@ -1,232 +0,0 @@
-From 7f65a63b60c6ea86db683ac00e221939f3bb1d47 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Tue, 25 Oct 2022 21:26:30 +0100
-Subject: [PATCH 1/2] OpenSSL: when preloading creds do the server certs before
- the OCSP proofs so that the latter can ve verified before loading
-
----
- src/tls-openssl.c | 113 ++++++++++++++++++++++--------------------
- 1 file changed, 58 insertions(+), 55 deletions(-)
-
-diff --git a/src/tls-openssl.c b/src/tls-openssl.c
-index 68ad6f15b..fdf0d92b2 100644
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -441,14 +441,16 @@ exim_openssl_state_st state_server = {.is_server = TRUE};
- static int
- setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host,
-     uschar ** errstr );
- 
- /* Callbacks */
- #ifndef DISABLE_OCSP
- static int tls_server_stapling_cb(SSL *s, void *arg);
-+static void x509_stack_dump_cert_s_names(const STACK_OF(X509) * sk);
-+static void x509_store_dump_cert_s_names(X509_STORE * store);
- #endif
- 
- 
- 
- /* Daemon-called, before every connection, key create/rotate */
- #ifndef DISABLE_TLS_RESUME
- static void tk_init(void);
-@@ -1307,15 +1309,14 @@ ocsp_load_response(exim_openssl_state_st * state, const uschar * filename,
- {
- BIO * bio;
- OCSP_RESPONSE * resp;
- OCSP_BASICRESP * basic_response;
- OCSP_SINGLERESP * single_response;
- ASN1_GENERALIZEDTIME * rev, * thisupd, * nextupd;
- STACK_OF(X509) * sk;
--unsigned long verify_flags;
- int status, reason, i;
- 
- DEBUG(D_tls)
-   debug_printf("tls_ocsp_file (%s)  '%s'\n", is_pem ? "PEM" : "DER", filename);
- 
- if (!filename || !*filename) return;
- 
-@@ -1372,28 +1373,28 @@ if ((status = OCSP_response_status(resp)) != OCSP_RESPONSE_STATUS_SUCCESSFUL)
- if (!(basic_response = OCSP_response_get1_basic(resp)))
-   {
-   DEBUG(D_tls)
-     debug_printf("OCSP response parse error: unable to extract basic response.\n");
-   goto bad;
-   }
- 
--sk = state->verify_stack;
--verify_flags = OCSP_NOVERIFY; /* check sigs, but not purpose */
-+sk = state->verify_stack;	/* set by setup_certs() / chain_from_pem_file() */
- 
- /* May need to expose ability to adjust those flags?
- OCSP_NOSIGS OCSP_NOVERIFY OCSP_NOCHAIN OCSP_NOCHECKS OCSP_NOEXPLICIT
- OCSP_TRUSTOTHER OCSP_NOINTERN */
- 
--/* This does a full verify on the OCSP proof before we load it for serving
--up; possibly overkill - just date-checks might be nice enough.
-+/* This does a partial verify (only the signer link, not the whole chain-to-CA)
-+on the OCSP proof before we load it for serving up; possibly overkill -
-+just date-checks might be nice enough.
- 
- OCSP_basic_verify takes a "store" arg, but does not
--use it for the chain verification, which is all we do
--when OCSP_NOVERIFY is set.  The content from the wire
--"basic_response" and a cert-stack "sk" are all that is used.
-+use it for the chain verification, when OCSP_NOVERIFY is set.
-+The content from the wire "basic_response" and a cert-stack "sk" are all
-+that is used.
- 
- We have a stack, loaded in setup_certs() if tls_verify_certificates
- was a file (not a directory, or "system").  It is unfortunate we
- cannot used the connection context store, as that would neatly
- handle the "system" case too, but there seems to be no library
- function for getting a stack from a store.
- [ In OpenSSL 1.1 - ?  X509_STORE_CTX_get0_chain(ctx) ? ]
-@@ -1402,15 +1403,15 @@ SNI handling.
- 
- Separately we might try to replace using OCSP_basic_verify() - which seems to not
- be a public interface into the OpenSSL library (there's no manual entry) -
- But what with?  We also use OCSP_basic_verify in the client stapling callback.
- And there we NEED it; we must verify that status... unless the
- library does it for us anyway?  */
- 
--if ((i = OCSP_basic_verify(basic_response, sk, NULL, verify_flags)) < 0)
-+if ((i = OCSP_basic_verify(basic_response, sk, NULL, OCSP_NOVERIFY)) < 0)
-   {
-   DEBUG(D_tls)
-     {
-     ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
-     debug_printf("OCSP response verify failure: %s\n", US ssl_errstring);
-     }
-   goto bad;
-@@ -1747,61 +1748,18 @@ if (opt_unset_or_noexpand(tls_eccurve))
-   if (init_ecdh(ctx, &dummy_errstr))
-     state_server.lib_state.ecdh = TRUE;
-   }
- else
-   DEBUG(D_tls) debug_printf("TLS: not preloading ECDH curve for server\n");
- 
- #if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
--/* If we can, preload the server-side cert, key and ocsp */
--
--if (  opt_set_and_noexpand(tls_certificate)
--# ifndef DISABLE_OCSP
--   && opt_unset_or_noexpand(tls_ocsp_file)
--#endif
--   && opt_unset_or_noexpand(tls_privatekey))
--  {
--  /* Set watches on the filenames.  The implementation does de-duplication
--  so we can just blindly do them all.  */
--
--  if (  tls_set_watch(tls_certificate, TRUE)
--# ifndef DISABLE_OCSP
--     && tls_set_watch(tls_ocsp_file, TRUE)
--#endif
--     && tls_set_watch(tls_privatekey, TRUE))
--    {
--    state_server.certificate = tls_certificate;
--    state_server.privatekey = tls_privatekey;
--#ifndef DISABLE_OCSP
--    state_server.u_ocsp.server.file = tls_ocsp_file;
--#endif
--
--    DEBUG(D_tls) debug_printf("TLS: preloading server certs\n");
--    if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
--      state_server.lib_state.conn_certs = TRUE;
--    }
--  }
--else if (  !tls_certificate && !tls_privatekey
--# ifndef DISABLE_OCSP
--	&& !tls_ocsp_file
--#endif
--   )
--  {		/* Generate & preload a selfsigned cert. No files to watch. */
--  if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
--    {
--    state_server.lib_state.conn_certs = TRUE;
--    lifetime = f.running_in_test_harness ? 2 : 60 * 60;		/* 1 hour */
--    }
--  }
--else
--  DEBUG(D_tls) debug_printf("TLS: not preloading server certs\n");
--
--
- /* If we can, preload the Authorities for checking client certs against.
- Actual choice to do verify is made (tls_{,try_}verify_hosts)
--at TLS conn startup */
-+at TLS conn startup.
-+Do this before the server ocsp so that its info can verify the ocsp. */
- 
- if (  opt_set_and_noexpand(tls_verify_certificates)
-    && opt_unset_or_noexpand(tls_crl))
-   {
-   /* Watch the default dir also as they are always included */
- 
-   if (  tls_set_watch(CUS X509_get_default_cert_file(), FALSE)
-@@ -1809,18 +1767,63 @@ if (  opt_set_and_noexpand(tls_verify_certificates)
-      && tls_set_watch(tls_crl, FALSE))
-     {
-     DEBUG(D_tls) debug_printf("TLS: preloading CA bundle for server\n");
- 
-     if (setup_certs(ctx, tls_verify_certificates, tls_crl, NULL, &dummy_errstr)
- 	== OK)
-       state_server.lib_state.cabundle = TRUE;
--    }
-+
-+    /* If we can, preload the server-side cert, key and ocsp */
-+
-+    if (  opt_set_and_noexpand(tls_certificate)
-+# ifndef DISABLE_OCSP
-+       && opt_unset_or_noexpand(tls_ocsp_file)
-+# endif
-+       && opt_unset_or_noexpand(tls_privatekey))
-+      {
-+      /* Set watches on the filenames.  The implementation does de-duplication
-+      so we can just blindly do them all.  */
-+
-+      if (  tls_set_watch(tls_certificate, TRUE)
-+# ifndef DISABLE_OCSP
-+	 && tls_set_watch(tls_ocsp_file, TRUE)
-+# endif
-+	 && tls_set_watch(tls_privatekey, TRUE))
-+	{
-+	state_server.certificate = tls_certificate;
-+	state_server.privatekey = tls_privatekey;
-+#ifndef DISABLE_OCSP
-+	state_server.u_ocsp.server.file = tls_ocsp_file;
-+# endif
-+
-+	DEBUG(D_tls) debug_printf("TLS: preloading server certs\n");
-+	if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
-+	  state_server.lib_state.conn_certs = TRUE;
-+	}
-+      }
-+    else if (  !tls_certificate && !tls_privatekey
-+# ifndef DISABLE_OCSP
-+	    && !tls_ocsp_file
-+# endif
-+       )
-+      {		/* Generate & preload a selfsigned cert. No files to watch. */
-+      if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
-+	{
-+	state_server.lib_state.conn_certs = TRUE;
-+	lifetime = f.running_in_test_harness ? 2 : 60 * 60;		/* 1 hour */
-+	}
-+      }
-+    else
-+      DEBUG(D_tls) debug_printf("TLS: not preloading server certs\n");
-+	}
-   }
- else
-   DEBUG(D_tls) debug_printf("TLS: not preloading CA bundle for server\n");
-+
-+
- #endif	/* EXIM_HAVE_INOTIFY */
- 
- 
- /* If we can, preload the ciphers control string */
- 
- if (opt_set_and_noexpand(tls_require_ciphers))
-   {
--- 
-2.35.1
-

diff --git a/mail-mta/exim/files/exim-4.96-recursion-dns_again.patch b/mail-mta/exim/files/exim-4.96-recursion-dns_again.patch
deleted file mode 100644
index 6ac0e81c9551..000000000000
--- a/mail-mta/exim/files/exim-4.96-recursion-dns_again.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-modified for Gentoo, removed Changelog due to conflicts
-
-From 1d38781da934809e6ce0b8c3718c4b3bccdfe1d2 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 28 Dec 2022 19:39:06 +0000
-Subject: [PATCH] Fix recursion on dns_again_means_nonexist. Bug 2911
-
----
- doc/ChangeLog        |  8 +++++
- src/dns.c                | 12 ++++++++
- test/confs/2202              | 18 +++++++++--
- test/scripts/2200-dnsdb/2202 |  8 +++++
- test/stderr/2202             | 58 +++++++++++++++++++++++++++++++++++-
- test/stdout/2202             |  8 +++++
- 6 files changed, 108 insertions(+), 4 deletions(-)
-
---- a/src/dns.c
-+++ b/src/dns.c
-@@ -799,10 +799,11 @@ int
- dns_basic_lookup(dns_answer * dnsa, const uschar * name, int type)
- {
- int rc;
- #ifndef STAND_ALONE
- const uschar * save_domain;
-+static BOOL try_again_recursion = FALSE;
- #endif
- 
- /* DNS lookup failures of any kind are cached in a tree. This is mainly so that
- a timeout on one domain doesn't happen time and time again for messages that
- have many addresses in the same domain. We rely on the resolver and name server
-@@ -903,15 +904,26 @@ if (dnsa->answerlen < 0) switch (h_errno
-     DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave TRY_AGAIN\n",
-       name, dns_text_type(type));
- 
-     /* Cut this out for various test programs */
- #ifndef STAND_ALONE
-+    if (try_again_recursion)
-+      {
-+      log_write(0, LOG_MAIN|LOG_PANIC,
-+	"dns_again_means_nonexist recursion seen for %s (assuming nonexist)",
-+	name);
-+      return dns_fail_return(name, type, dns_expire_from_soa(dnsa, type), DNS_NOMATCH);
-+      }
-+
-+    try_again_recursion = TRUE;
-     save_domain = deliver_domain;
-     deliver_domain = string_copy(name);  /* set $domain */
-     rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0,
-       &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
-     deliver_domain = save_domain;
-+    try_again_recursion = FALSE;
-+
-     if (rc != OK)
-       {
-       DEBUG(D_dns) debug_printf("returning DNS_AGAIN\n");
-       return dns_fail_return(name, type, 0, DNS_AGAIN);
-       }

diff --git a/mail-mta/exim/files/exim-4.96-regex-use-after-free.patch b/mail-mta/exim/files/exim-4.96-regex-use-after-free.patch
deleted file mode 100644
index 1ec6d9a4abd6..000000000000
--- a/mail-mta/exim/files/exim-4.96-regex-use-after-free.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-modified for Gentoo, removed Changelog due to conflicts
-
-From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 15:37:40 +0100
-Subject: [PATCH] Fix $regex<n> use-after-free.  Bug 2915
-
----
- doc/ChangeLog           |  8 +++++++-
- src/exim.c                  |  4 +---
- src/expand.c                |  2 +-
- src/functions.h             |  1 +
- src/globals.c               |  2 +-
- src/regex.c                 | 29 ++++++++++++++++++-----------
- src/smtp_in.c               |  2 ++
- test/confs/4002                 | 10 ++++++++++
- test/mail/4002.userx            |  7 +++++++
- test/scripts/4000-scanning/4002 |  7 +++++++
- 10 files changed, 55 insertions(+), 17 deletions(-)
-
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -1999,12 +1999,10 @@
- 
- regex_whitelisted_macro =
-   regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
- #endif
- 
--for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--
- /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
- this seems to be a generally accepted convention, since one finds symbolic
- links called "mailq" in standard OS configurations. */
- 
- if ((namelen == 5 && Ustrcmp(argv[0], "mailq") == 0) ||
-@@ -6082,11 +6080,11 @@
-   callout_address = NULL;
-   sending_ip_address = NULL;
-   deliver_localpart_data = deliver_domain_data =
-   recipient_data = sender_data = NULL;
-   acl_var_m = NULL;
--  for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+  regex_vars_clear();
- 
-   store_reset(reset_point);
-   }
- 
- exim_exit(EXIT_SUCCESS);   /* Never returns */
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -1871,11 +1871,11 @@
-   {
-   tree_node * node = tree_search(router_var, name + 2);
-   return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
-   }
- 
--/* Handle $auth<n> variables. */
-+/* Handle $auth<n>, $regex<n> variables. */
- 
- if (Ustrncmp(name, "auth", 4) == 0)
-   {
-   uschar *endptr;
-   int n = Ustrtoul(name + 4, &endptr, 10);
---- a/src/functions.h
-+++ b/src/functions.h
-@@ -436,10 +436,11 @@
- extern int     regex(const uschar **);
- #endif
- extern BOOL    regex_match(const pcre2_code *, const uschar *, int, uschar **);
- extern BOOL    regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
- extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
-+extern void    regex_vars_clear(void);
- extern void    retry_add_item(address_item *, uschar *, int);
- extern BOOL    retry_check_address(const uschar *, host_item *, uschar *, BOOL,
-                  uschar **, uschar **);
- extern retry_config *retry_find_config(const uschar *, const uschar *, int, int);
- extern BOOL    retry_ultimate_address_timeout(uschar *, const uschar *,
---- a/src/globals.c
-+++ b/src/globals.c
-@@ -1313,11 +1313,11 @@
- #ifndef DISABLE_PIPE_CONNECT
- const pcre2_code *regex_EARLY_PIPE   = NULL;
- #endif
- const pcre2_code *regex_ismsgid      = NULL;
- const pcre2_code *regex_smtp_code    = NULL;
--const uschar *regex_vars[REGEX_VARS];
-+const uschar *regex_vars[REGEX_VARS] = { 0 };;
- #ifdef WHITELIST_D_MACROS
- const pcre2_code *regex_whitelisted_macro = NULL;
- #endif
- #ifdef WITH_CONTENT_SCAN
- uschar *regex_match_string     = NULL;
---- a/src/regex.c
-+++ b/src/regex.c
-@@ -94,22 +94,32 @@
-   }
- pcre2_match_data_free(md);
- return FAIL;
- }
- 
-+
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
-+
- int
--regex(const uschar **listptr)
-+regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
--FILE *mbox_file;
--pcre_list *re_list_head;
--uschar *linebuffer;
-+FILE * mbox_file;
-+pcre_list * re_list_head;
-+uschar * linebuffer;
- long f_pos = 0;
- int ret = FAIL;
- 
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
- 
- if (!mime_stream)				/* We are in the DATA ACL */
-   {
-   if (!(mbox_file = spool_mbox(&mbox_size, NULL, NULL)))
-     {						/* error while spooling */
-@@ -167,18 +177,17 @@
- 
- 
- int
- mime_regex(const uschar **listptr)
- {
--pcre_list *re_list_head = NULL;
--FILE *f;
--uschar *mime_subject = NULL;
-+pcre_list * re_list_head = NULL;
-+FILE * f;
-+uschar * mime_subject = NULL;
- int mime_subject_len = 0;
- int ret;
- 
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
- 
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
-   return FAIL;			/* no regexes -> nothing to do */
- 
---- a/src/smtp_in.c
-+++ b/src/smtp_in.c
-@@ -2155,12 +2155,14 @@
- prdr_requested = FALSE;
- #endif
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+regex_vars_clear();
- body_linecount = body_zerocount = 0;
- 
-+lookup_value = NULL;				/* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL;           /* Updated by ratelimit ACL condition */
-                    /* Note that ratelimiters_conn persists across resets. */
- 
- /* Reset message ACL variables */

diff --git a/mail-mta/exim/files/exim-4.96-rewrite-malformed-addr-fix.patch b/mail-mta/exim/files/exim-4.96-rewrite-malformed-addr-fix.patch
deleted file mode 100644
index 2d3363e7b6cf..000000000000
--- a/mail-mta/exim/files/exim-4.96-rewrite-malformed-addr-fix.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-modified for Gentoo, removed Changelog change due to conflicts
-
-From e7ec503729970a03d4509921342bc81313976126 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Tue, 12 Jul 2022 22:14:04 +0100
-Subject: [PATCH] Fix exit on attempt to rewrite a malformed address.  Bug 2903
-
----
- doc/ChangeLog        |   5 +
- src/rewrite.c            |   9 +-
- test/confs/0471              |   7 +
- test/log/0471                |   5 +
- test/scripts/0000-Basic/0471 |   4 +-
- test/stderr/0471             | 245 ++++++++++++++++++++++++++++++++++-
- 6 files changed, 267 insertions(+), 8 deletions(-)
-
---- a/src/rewrite.c
-+++ b/src/rewrite.c
-@@ -493,19 +493,18 @@
-   empty address, overlong addres. Sometimes the result matters, sometimes not.
-   It seems this function is called for *any* header we see. */
- 
-   if (!recipient)
-     {
--    /* Handle unparesable addresses in the header. Slightly ugly because a
-+    /* Log unparesable addresses in the header. Slightly ugly because a
-     null output from the extract can also result from a header without an
--    address, "To: undisclosed recpients:;" being the classic case. */
-+    address, "To: undisclosed recpients:;" being the classic case. Ignore
-+    this one and carry on. */
- 
-     if ((rewrite_rules || routed_old) && Ustrcmp(errmess, "empty address") != 0)
--      {
-       log_write(0, LOG_MAIN, "rewrite: %s", errmess);
--      exim_exit(EXIT_FAILURE);
--      }
-+
-     loop_reset_point = store_reset(loop_reset_point);
-     continue;
-     }
- 
-   /* If routed_old is not NULL, this is a rewrite caused by a router,

diff --git a/mail-mta/exim/files/exim-4.96-spf-memory-error-fix.patch b/mail-mta/exim/files/exim-4.96-spf-memory-error-fix.patch
deleted file mode 100644
index e474acf6f54d..000000000000
--- a/mail-mta/exim/files/exim-4.96-spf-memory-error-fix.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 93c722ce0549360af68269f088f4e59ed8fc130e Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sun, 7 Aug 2022 17:00:27 +0100
-Subject: [PATCH] SPF: fix memory accounting for error case
-
----
- src/spf.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/spf.c b/src/spf.c
-index db6eea3a8..a8c0f75c4 100644
---- a/src/spf.c
-+++ b/src/spf.c
-@@ -204,7 +204,7 @@ spf_nxdomain = SPF_dns_rr_new_init(spf_dns_server,
-   "", ns_t_any, 24 * 60 * 60, HOST_NOT_FOUND);
- if (!spf_nxdomain)
-   {
--  free(spf_dns_server);
-+  store_free(spf_dns_server);
-   return NULL;
-   }
- 
--- 
-2.35.1
-

diff --git a/mail-mta/exim/files/exim-4.96-transport-crash.patch b/mail-mta/exim/files/exim-4.96-transport-crash.patch
deleted file mode 100644
index 913fbf2d0918..000000000000
--- a/mail-mta/exim/files/exim-4.96-transport-crash.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-modified for Gentoo, removed Changelog
-
-From a8786a66feb3c003c74551399b345b1634cc6739 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 4 May 2023 15:41:46 +0100
-Subject: [PATCH 1/3] Fix variable initialisation in smtp transport.  Bug 2996
-
----
- doc/ChangeLog     | 8 ++++++++
- src/transports/smtp.c | 2 +-
- 2 files changed, 9 insertions(+), 1 deletion(-)
-
---- a/src/transports/smtp.c
-+++ b/src/transports/smtp.c
-@@ -4950,11 +4950,11 @@ Returns:    nothing
- void
- smtp_transport_closedown(transport_instance *tblock)
- {
- smtp_transport_options_block * ob = SOB tblock->options_block;
- client_conn_ctx cctx;
--smtp_context sx;
-+smtp_context sx = {0};
- uschar buffer[256];
- uschar inbuffer[4096];
- uschar outbuffer[16];
- 
- /*XXX really we need an active-smtp-client ctx, rather than assuming stdout */


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-11-08  8:03 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-11-08  8:03 UTC (permalink / raw
  To: gentoo-commits

commit:     e1634b7a70c6c987472c68a979add070fea799d6
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  8 08:03:24 2023 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Nov  8 08:03:24 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1634b7a

mail-mta/exim: cleanup

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 mail-mta/exim/Manifest                             |   2 -
 mail-mta/exim/exim-4.94.2-r12.ebuild               | 662 ---------------------
 mail-mta/exim/exim-4.94.2-r7.ebuild                |   2 +-
 mail-mta/exim/exim-4.96.1.ebuild                   | 655 --------------------
 mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch  |  99 ---
 .../exim/files/exim-4.94.2-fix-crash-resolve.patch |  24 -
 mail-mta/exim/files/exim-4.94.2-openssl3.patch     | 332 -----------
 7 files changed, 1 insertion(+), 1775 deletions(-)

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 1ad7d2a61766..2422a76d59b8 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,11 +1,9 @@
 DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc
 DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
-DIST exim-4.96.1.tar.xz 1879404 BLAKE2B fc6425be41ef7722f7d7b6b541c01774a4bafe55ca38152dc3fbb837e00ea52fabc39a42fcbf0500f4e0eda40deec3cbb0d746da9700a4a615f9ee4869e325c5 SHA512 ef1a0e57c59cdf4e915b3ac5dcdbc69f565b14dd92b0527f6796b2c46a9ec34f991f9790fb4171c99417f7e482cdd62d77e780cc71fab227c8bed876103f7fdd
 DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed
 DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
 DIST exim-4.97.tar.xz 1909536 BLAKE2B b0f09d5f162853996976c222786de14e2104acdf01fd61da486f59f4cf8af1182cdfb7ea31fd55ccfd9c57256e7f442dc1b46727e08fe2eca82a296ac4ae7899 SHA512 b28cbb49fa7e143dfcc94e004d57cf98a1945013e676cd103c1ee4cf52933d49d378baa13bea2663353dba97745d6b2ab8b7b66cde870788a2d85d7abd716968
 DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0
-DIST exim-pdf-4.96.1.tar.xz 2132252 BLAKE2B 7e6d756630211b6465f9162c7a6b461774b3999ad8c3c1ace157a39b7e07f86644d206c5687991b6098aec47445319def44ddb2895b2a16146f6abd1c11d47a6 SHA512 d39ee2f9a05326809a6e8454a108d717838dacfa42c2cade72f5937b1b44d70e70152fa75f4b4e9548cd4198d54f8a8c1323e14d7d1f9a0a23c99a53db1001b0
 DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74
 DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1
 DIST exim-pdf-4.97.tar.xz 2136852 BLAKE2B df188e658e9e86d1b651d12b29e8a440677d75cc0384bab829323582a3a89b62f34e504b759ef2824b7735056696aed6ac33a4ca10a74fc5bc036f150caaac12 SHA512 defd1e7d823f4eadd2afe426d9105a395421824a1b1941b97bfda408905bdd105b5c219b713e15506d25d98fa48e965228f8daab286dc1be14a387f567c0b58b

diff --git a/mail-mta/exim/exim-4.94.2-r12.ebuild b/mail-mta/exim/exim-4.94.2-r12.ebuild
deleted file mode 100644
index c84859d97f58..000000000000
--- a/mail-mta/exim/exim-4.94.2-r12.ebuild
+++ /dev/null
@@ -1,662 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn exiscan-acl gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +srs-alt srs-native +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
-	arc? ( dkim spf )
-	dane? ( ssl !gnutls )
-	dmarc? ( dkim spf )
-	dkim? ( ssl !gnutls )
-	gnutls? ( ssl )
-	pkcs11? ( ssl )
-	spf? ( exiscan-acl )
-	srs? (
-		exiscan-acl
-		^^ ( srs-alt srs-native )
-	)
-	|| ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else.  Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
-	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	dev-libs/libpcre:=
-	tdb? ( sys-libs/tdb:= )
-	!tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
-	!tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
-	idn? ( net-dns/libidn:= net-dns/libidn2:= )
-	perl? ( dev-lang/perl:= )
-	pam? ( sys-libs/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? (
-		gnutls? (
-			net-libs/gnutls:0=[pkcs11?]
-			dev-libs/libtasn1
-		)
-		!gnutls? (
-			dev-libs/openssl:0=
-		)
-	)
-	ldap? ( >=net-nds/openldap-2.0.7:= )
-	elibc_glibc? (
-		net-libs/libnsl:=
-		nis? (
-			net-libs/libtirpc:=
-			>=net-libs/libnsl-1:=
-		)
-	)
-	mysql? ( dev-db/mysql-connector-c:= )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis:= )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc:= )
-	srs? ( srs-alt? ( mail-filter/libsrs_alt ) )
-	X? (
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/freeradius-client )
-	virtual/libcrypt:=
-	virtual/libiconv
-	"
-	# added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/msmtp[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!mail-mta/ssmtp[mta]
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
-	# Legacy patches which need a respin for -p1
-	eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
-	eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	eapply     "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
-	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
-	eapply     "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
-	eapply     "${FILESDIR}"/exim-4.94.2-fix-crash-resolve.patch # 799368 upstr
-	eapply     "${FILESDIR}"/exim-4.94-CVE-2022-3559.patch  # 877607 upstr
-	eapply     "${FILESDIR}"/exim-4.94.2-openssl3.patch # 888619 backports
-
-	# for this reason we have a := dep on opendmarc, they changed their
-	# API in a minor release
-	if use dmarc && has_version ">=mail-filter/opendmarc-1.4" ; then
-		eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-	fi
-
-	if use maildir ; then
-		eapply "${FILESDIR}"/exim-4.94-maildir.patch
-	else
-		eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	eapply_user
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	local aliases="${EPREFIX}/etc/mail/aliases"
-	sed -i \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
-		src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
-	if use elibc_musl; then
-		sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
-	fi
-
-	local conffile="${EPREFIX}/etc/exim/exim.conf"
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
-		-e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile || die
-
-	# work on Local/Makefile from now on
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-	EOC
-
-	# configure db implementation, Exim always needs one for its hints
-	# database, we prefer tdb and gdbm, since bdb is kind of getting
-	# less and less support
-	if use tdb ; then
-		cat >> Makefile <<- EOC
-			USE_TDB=yes
-			DBMLIB = -ltdb
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-	elif use berkdb ; then
-		# use the "native" interfaces to the DBM and CDB libraries, support
-		# passwd and directory lookups by default
-		local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
-		cat >> Makefile <<- EOC
-			USE_DB=yes
-			# keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
-			CFLAGS += -I$(db_includedir ${DB_VERS})
-			DBMLIB = -l$(db_libname ${DB_VERS})
-		EOC
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	else # must be gdbm via required_use
-		cat >> Makefile <<- EOC
-			USE_GDBM=yes
-			DBMLIB = -lgdbm
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	fi
-
-	# if we use libiconv, now is the time to tell so
-	if use !elibc_glibc && use !elibc_musl ; then
-		cat >> Makefile <<- EOC
-			EXTRALIBS_EXIM=-liconv
-		EOC
-	fi
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	# support i18n/IDNA
-	if use idn; then
-		cat >> Makefile <<- EOC
-			SUPPORT_I18N=yes
-			SUPPORT_I18N_2008=yes
-			EXTRALIBS_EXIM += -lidn -lidn2
-		EOC
-	fi
-
-	#
-	# mail storage formats
-	#
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-	#
-
-	# support passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-		if use elibc_glibc ; then
-			cat >> Makefile <<- EOC
-				LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
-				LOOKUP_LIBS += -lnsl
-			EOC
-		fi
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-		cat >> Makefile <<- EOC
-			EXIM_MONITOR=eximon.bin
-		EOC
-	fi
-
-	#
-	# features
-	#
-
-	# content scanning support
-	if use exiscan-acl; then
-		cat >> Makefile <<- EOC
-			WITH_CONTENT_SCAN=yes
-		EOC
-	fi
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use !tpda && use !dane; then
-		# EVENT is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_EVENT=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
-		sed -i \
-			-e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
-			Makefile || die
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
-				>> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL=yes" >> Makefile
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	else
-		echo "DISABLE_TLS=yes" >> Makefile
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-			HAVE_LOCAL_SCAN=yes
-			DLOPEN_LOCAL_SCAN=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PROXY=yes
-		EOC
-	fi
-
-	# SOCKS5 (outbound) proxy support
-	if use socks5; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SOCKS=yes
-		EOC
-	fi
-
-	# DANE
-	if use !dane; then
-		# DANE is enabled by default
-		sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			SUPPORT_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	#
-	# experimental features
-	#
-
-	# Authenticated Receive Chain
-	if use arc; then
-		echo "EXPERIMENTAL_ARC=yes">> Makefile
-	fi
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		# NOTE: we currently USE-default to srs-alt, because this is
-		# what USE=srs used to be.  Eventually we want to rid ourselves
-		# of this external implementation.
-		if use srs-alt; then
-			# historical default, from 4.95 this becomes
-			# EXPERIMENTAL_SRS_ALT
-			cat >> Makefile <<- EOC
-				EXPERIMENTAL_SRS=yes
-				EXTRALIBS_EXIM += -lsrs_alt
-			EOC
-		fi
-		if use srs-native; then
-			# this one becomes SUPPORT_SRS in 4.95
-			cat >> Makefile <<- EOC
-				EXPERIMENTAL_SRS_NATIVE=yes
-			EOC
-		fi
-	fi
-
-	# Delivery Sender Notifications extra information in fail message
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN_INFO=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-	#
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
-			AUTH_LIBS += -lfreeradius-client
-		EOC
-	fi
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym ../sbin/exim /usr/bin/mailq
-	dosym ../sbin/exim /usr/bin/newaliases
-	dosym ../sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc -r "${S}"/doc/.
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	if use exiscan-acl; then
-		newins "${S}"/src/configure.default exim.conf.exiscan-acl
-	fi
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	if use pam; then
-		pamd_mimic system-auth exim auth account
-	fi
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc10 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit \
-		"${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit \
-		"${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit \
-		"${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
-		einfo "for using smtp auth."
-		einfo "Please create ${EROOT}/etc/exim/exim.conf from"
-		einfo "  ${EROOT}/etc/exim/exim.conf.dist."
-	fi
-	if use dmarc ; then
-		einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
-		einfo "you can populate this file with the contents downloaded from"
-		einfo "  https://publicsuffix.org/list/public_suffix_list.dat"
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	if use srs ; then
-		einfo "SRS support is experimental in this release of Exim"
-		if use srs-alt; then
-			elog "You are using libsrs_alt to implement SRS support."
-			elog "In future release of Exim, the native SRS implementation"
-			elog "(USE=srs-native) will become the default.  Please prepare"
-			elog "your package.use or switch to USE=srs-native now."
-		fi
-	fi
-	use dsn && einfo "extra information in fail DSN message is experimental"
-	einfo
-	elog "Note that this release contains a tainted variable check that"
-	elog "is likely to break your configuration used with Exim 4.93 and before."
-	elog "Please check your transports for occurences of \$local_part, and"
-	elog "use a replacement like \$local_part_data where possible."
-}

diff --git a/mail-mta/exim/exim-4.94.2-r7.ebuild b/mail-mta/exim/exim-4.94.2-r7.ebuild
index 4f2833ff82e5..8f5367aecfb8 100644
--- a/mail-mta/exim/exim-4.94.2-r7.ebuild
+++ b/mail-mta/exim/exim-4.94.2-r7.ebuild
@@ -39,7 +39,7 @@ HOMEPAGE="https://www.exim.org/"
 
 SLOT="0"
 LICENSE="GPL-2"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~ppc ppc64 sparc x86"
+KEYWORDS="sparc"
 
 COMMON_DEPEND=">=sys-apps/sed-4.0.5
 	( >=sys-libs/db-3.2:= <sys-libs/db-6:= )

diff --git a/mail-mta/exim/exim-4.96.1.ebuild b/mail-mta/exim/exim-4.96.1.ebuild
deleted file mode 100644
index 2fb3f6b6970a..000000000000
--- a/mail-mta/exim/exim-4.96.1.ebuild
+++ /dev/null
@@ -1,655 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
-	arc? ( dkim spf )
-	dane? ( ssl !gnutls )
-	dmarc? ( dkim spf )
-	dkim? ( ssl !gnutls )
-	gnutls? ( ssl )
-	pkcs11? ( ssl )
-	|| ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else.  Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
-	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-GPV="r0"
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
-	https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	dev-libs/libpcre2:=
-	tdb? ( sys-libs/tdb:= )
-	!tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
-	!tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
-	idn? ( net-dns/libidn:= net-dns/libidn2:= )
-	perl? ( dev-lang/perl:= )
-	pam? ( sys-libs/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? (
-		gnutls? (
-			net-libs/gnutls:0=[pkcs11?]
-			dev-libs/libtasn1
-		)
-		!gnutls? (
-			dev-libs/openssl:0=
-		)
-	)
-	ldap? ( >=net-nds/openldap-2.0.7:= )
-	elibc_glibc? (
-		net-libs/libnsl:=
-		nis? (
-			net-libs/libtirpc:=
-			>=net-libs/libnsl-1:=
-		)
-	)
-	mysql? ( dev-db/mysql-connector-c:= )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis:= )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc:= )
-	X? (
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/freeradius-client )
-	virtual/libcrypt:=
-	virtual/libiconv
-	"
-	# added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/msmtp[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!mail-mta/ssmtp[mta]
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
-	# Legacy patches which need a respin for -p1
-	eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
-	eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	eapply     "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
-	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
-	eapply     "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
-
-	# Upstream post-release fixes :(
-	local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV}
-	eapply     "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
-	eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
-
-	# oddity, they disable berkdb as hack, and then throw an error when
-	# berkdb isn't enabled
-	sed -i \
-		-e 's/_DB_/_DONTMESS_/' \
-		-e 's/define DB void/define DONTMESS void/' \
-		src/auths/call_radius.c || die
-
-	# API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
-	# used, but 1.3 has a CVE and Gentoo (like most downstreams) only
-	# has 1.4 available
-	eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-
-	if use maildir ; then
-		eapply "${FILESDIR}"/exim-4.94-maildir.patch
-	else
-		eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	eapply_user
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	local aliases="${EPREFIX}/etc/mail/aliases"
-	sed -i \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
-		src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
-	if use elibc_musl; then
-		sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
-	fi
-
-	local conffile="${EPREFIX}/etc/exim/exim.conf"
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
-		-e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile || die
-
-	# work on Local/Makefile from now on
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-		WITH_CONTENT_SCAN=yes
-	EOC
-
-	# configure db implementation, Exim always needs one for its hints
-	# database, we prefer tdb and gdbm, since bdb is kind of getting
-	# less and less support
-	if use tdb ; then
-		cat >> Makefile <<- EOC
-			USE_TDB=yes
-			DBMLIB = -ltdb
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-	elif use gdbm ; then
-		cat >> Makefile <<- EOC
-			USE_GDBM=yes
-			DBMLIB = -lgdbm
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	else # must be berkdb via required_use
-		# use the "native" interfaces to the DBM and CDB libraries, support
-		# passwd and directory lookups by default
-		local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
-		cat >> Makefile <<- EOC
-			USE_DB=yes
-			# keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
-			CFLAGS += -I$(db_includedir ${DB_VERS})
-			DBMLIB = -l$(db_libname ${DB_VERS})
-		EOC
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	fi
-
-	# if we use libiconv, now is the time to tell so
-	if use !elibc_glibc && use !elibc_musl ; then
-		cat >> Makefile <<- EOC
-			EXTRALIBS_EXIM=-liconv
-		EOC
-	fi
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	# support i18n/IDNA
-	if use idn; then
-		cat >> Makefile <<- EOC
-			SUPPORT_I18N=yes
-			SUPPORT_I18N_2008=yes
-			EXTRALIBS_EXIM += -lidn -lidn2
-		EOC
-	fi
-
-	#
-	# mail storage formats
-	#
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-	#
-
-	# support passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-		if use elibc_glibc ; then
-			cat >> Makefile <<- EOC
-				LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
-				LOOKUP_LIBS += -lnsl
-			EOC
-		fi
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-		cat >> Makefile <<- EOC
-			EXIM_MONITOR=eximon.bin
-		EOC
-	fi
-
-	#
-	# features
-	#
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use !tpda && use !dane; then
-		# EVENT is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_EVENT=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
-		sed -i \
-			-e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
-			Makefile || die
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
-				>> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL=yes" >> Makefile
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	else
-		echo "DISABLE_TLS=yes" >> Makefile
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-			HAVE_LOCAL_SCAN=yes
-			DLOPEN_LOCAL_SCAN=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PROXY=yes
-		EOC
-	fi
-
-	# SOCKS5 (outbound) proxy support
-	if use socks5; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SOCKS=yes
-		EOC
-	fi
-
-	# DANE
-	if use !dane; then
-		# DANE is enabled by default
-		sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			SUPPORT_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	#
-	# experimental features
-	#
-
-	# Authenticated Receive Chain
-	if use arc; then
-		echo "EXPERIMENTAL_ARC=yes">> Makefile
-	fi
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		# this one is the default/supported variant since 4.95, and the
-		# only variant available since 4.96
-		cat >> Makefile <<- EOC
-			SUPPORT_SRS=yes
-		EOC
-	fi
-
-	# Delivery Sender Notifications extra information in fail message
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN_INFO=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-	#
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
-			AUTH_LIBS += -lfreeradius-client
-		EOC
-	fi
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym ../sbin/exim /usr/bin/mailq
-	dosym ../sbin/exim /usr/bin/newaliases
-	dosym ../sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc -r "${S}"/doc/.
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	if use pam; then
-		pamd_mimic system-auth exim auth account
-	fi
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc10 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit \
-		"${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit \
-		"${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit \
-		"${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
-		einfo "for using smtp auth."
-		einfo "Please create ${EROOT}/etc/exim/exim.conf from"
-		einfo "  ${EROOT}/etc/exim/exim.conf.dist."
-	fi
-	if use berkdb && ( use gdbm || use tdb ) ; then
-		ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
-	fi
-	if use dmarc ; then
-		einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
-		einfo "you can populate this file with the contents downloaded from"
-		einfo "  https://publicsuffix.org/list/public_suffix_list.dat"
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	if use srs; then
-		einfo "SRS support using libsrs_alt was dropped in this"
-		einfo "release of Exim, you are now using the native SRS implementation"
-	fi
-	use dsn && einfo "extra information in fail DSN message is experimental"
-	einfo
-	elog "Note that this release contains a tainted variable check that"
-	elog "is likely to break your configuration used with Exim 4.93 and before."
-	elog "Please check your transports for occurences of \$local_part, and"
-	elog "use a replacement like \$local_part_data where possible."
-}

diff --git a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch b/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
deleted file mode 100644
index 533aaf1f9e51..000000000000
--- a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-Patch cleaned up for Gentoo
-- applied to 4.94
-- removed unnecessary whitespace changes
-
-From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 15:37:40 +0100
-Subject: [PATCH 1/1] Fix $regex<n> use-after-free.  Bug 2915
-
---- exim-4.94.2/src/exim.c	2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/exim.c	2022-10-19 09:15:58.611447982 +0200
-@@ -1886,8 +1886,6 @@
-   regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
- #endif
- 
--for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--
- /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
- this seems to be a generally accepted convention, since one finds symbolic
- links called "mailq" in standard OS configurations. */
-@@ -5841,7 +5839,7 @@
-   deliver_localpart_data = deliver_domain_data =
-   recipient_data = sender_data = NULL;
-   acl_var_m = NULL;
--  for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+  regex_vars_clear();
- 
-   store_reset(reset_point);
-   }
---- exim-4.94.2/src/functions.h	2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/functions.h	2022-10-19 09:17:44.882122667 +0200
-@@ -417,6 +417,7 @@
- #endif
- extern BOOL    regex_match_and_setup(const pcre *, const uschar *, int, int);
- extern const pcre *regex_must_compile(const uschar *, BOOL, BOOL);
-+extern void    regex_vars_clear(void);
- extern void    retry_add_item(address_item *, uschar *, int);
- extern BOOL    retry_check_address(const uschar *, host_item *, uschar *, BOOL,
-                  uschar **, uschar **);
---- exim-4.94.2/src/globals.c	2022-10-19 09:14:19.344751853 +0200
-+++ exim-4.94.2/src/globals.c	2022-10-19 09:18:27.675991666 +0200
-@@ -1289,7 +1289,7 @@
- #endif
- const pcre *regex_ismsgid      = NULL;
- const pcre *regex_smtp_code    = NULL;
--uschar *regex_vars[REGEX_VARS];
-+uschar *regex_vars[REGEX_VARS] = { 0 };
- #ifdef WHITELIST_D_MACROS
- const pcre *regex_whitelisted_macro = NULL;
- #endif
---- exim-4.94.2/src/regex.c	2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/regex.c	2022-10-19 09:35:03.229084750 +0200
-@@ -98,7 +106,7 @@
- int ret = FAIL;
- 
- /* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
- 
- if (!mime_stream)				/* We are in the DATA ACL */
-   {
-@@ -166,8 +174,7 @@
- int mime_subject_len = 0;
- int ret;
- 
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
- 
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
-@@ -213,3 +205,14 @@
- }
- 
- #endif /* WITH_CONTENT_SCAN */
-+
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+#ifdef WITH_CONTENT_SCAN
-+regex_match_string = NULL;
-+#endif
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
---- exim-4.94.2/src/smtp_in.c	2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/smtp_in.c	2022-10-19 09:15:58.613447975 +0200
-@@ -2161,8 +2161,10 @@
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+regex_vars_clear();
- body_linecount = body_zerocount = 0;
- 
-+lookup_value = NULL;				/* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL;           /* Updated by ratelimit ACL condition */
-                    /* Note that ratelimiters_conn persists across resets. */

diff --git a/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch b/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch
deleted file mode 100644
index 27e68bfdd74f..000000000000
--- a/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From d4bc023436e4cce7c23c5f8bb5199e178b4cc743 Mon Sep 17 00:00:00 2001
-From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
-Date: Sun, 16 May 2021 19:11:19 +0200
-Subject: [PATCH] Fix host_name_lookup (Close 2747)
-
-https://bugs.exim.org/show_bug.cgi?id=2747
-
-(cherry picked from commit 20812729e3e47a193a21d326ecd036d67a8b2724)
----
- src/src/host.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/src/host.c b/src/src/host.c
---- a/src/host.c
-+++ b/src/host.c
-@@ -1691,7 +1691,7 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0)))
-       {
-       uschar **aptr = NULL;
-       int ssize = 264;
--      int count = 0;
-+      int count = 1;  /* need 1 more for terminating NULL */
-       int old_pool = store_pool;
- 
-       sender_host_dnssec = dns_is_secure(dnsa);

diff --git a/mail-mta/exim/files/exim-4.94.2-openssl3.patch b/mail-mta/exim/files/exim-4.94.2-openssl3.patch
deleted file mode 100644
index f9758515bef1..000000000000
--- a/mail-mta/exim/files/exim-4.94.2-openssl3.patch
+++ /dev/null
@@ -1,332 +0,0 @@
-Original commits from upstream applied to 4.94.2 release tarball
-
-From a5d79c99f4948d9fd288a1bfaca3a44cf2caaa32 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 1 Dec 2021 17:36:18 +0000
-Subject: [PATCH] OpenSSL: use nondeprecated D-H functions under 3.0.0.
-
-From c6a290f4d8df3734b3cdc2232b4334ff8386c1da Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 1 Dec 2021 18:52:21 +0000
-Subject: [PATCH] OpenSSL: tidy DH and ECDH param setup Testsuite: expand DH
- testcase
-
-From ff7829398d74e67f1c1f40339a772fd76708e5ac Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Sat, 27 Nov 2021 21:07:15 +0000
-Subject: [PATCH] Fix build for OpenSSL 3.0.0 .  Bug 2810
-
-From ca4014de81e6aa367aa0a54c49b4c3d4b137814c Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sun, 1 Jan 2023 12:18:38 +0000
-Subject: [PATCH] OpenSSL: fix tls_eccurve setting explicit curve/group.  Bug
- 2954
-
-From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Mon, 2 Jan 2023 15:04:14 +0000
-Subject: [PATCH] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0.  Bug
- 2954
-
-Broken-by: ca4014de81e6
-
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -227,12 +227,16 @@
-   { US"no_tlsv1", SSL_OP_NO_TLSv1 },
- #endif
- #ifdef SSL_OP_NO_TLSv1_1
--#if SSL_OP_NO_TLSv1_1 == 0x00000400L
-+# if OPENSSL_VERSION_NUMBER < 0x30000000L
-+#  if SSL_OP_NO_TLSv1_1 == 0x00000400L
-   /* Error in chosen value in 1.0.1a; see first item in CHANGES for 1.0.1b */
--#warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring
--#else
-+#   warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring
-+#   define NO_SSL_OP_NO_TLSv1_1
-+#  endif
-+# endif
-+# ifndef NO_SSL_OP_NO_TLSv1_1
-   { US"no_tlsv1_1", SSL_OP_NO_TLSv1_1 },
--#endif
-+# endif
- #endif
- #ifdef SSL_OP_NO_TLSv1_2
-   { US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 },
-@@ -1017,23 +1021,27 @@
- *************************************************/
- 
- /* If dhparam is set, expand it, and load up the parameters for DH encryption.
-+Server only.
- 
- Arguments:
-   sctx      The current SSL CTX (inbound or outbound)
-   dhparam   DH parameter file or fixed parameter identity string
--  host      connected host, if client; NULL if server
-   errstr    error string pointer
- 
- Returns:    TRUE if OK (nothing to set up, or setup worked)
- */
- 
- static BOOL
--init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host, uschar ** errstr)
-+init_dh(SSL_CTX * sctx, uschar * dhparam, uschar ** errstr)
- {
--BIO *bio;
--DH *dh;
--uschar *dhexpanded;
--const char *pem;
-+BIO * bio;
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+DH * dh;
-+#else
-+EVP_PKEY * pkey;
-+#endif
-+uschar * dhexpanded;
-+const char * pem;
- int dh_bitsize;
- 
- if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr))
-@@ -1046,7 +1054,7 @@
-   if (!(bio = BIO_new_file(CS dhexpanded, "r")))
-     {
-     tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
--          host, US strerror(errno), errstr);
-+          NULL, US strerror(errno), errstr);
-     return FALSE;
-     }
-   }
-@@ -1061,17 +1069,23 @@
-   if (!(pem = std_dh_prime_named(dhexpanded)))
-     {
-     tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded),
--        host, US strerror(errno), errstr);
-+        NULL, US strerror(errno), errstr);
-     return FALSE;
-     }
-   bio = BIO_new_mem_buf(CS pem, -1);
-   }
- 
--if (!(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)))
-+if (!(
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+      dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)
-+#else
-+      pkey = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL)
-+#endif
-+   ) )
-   {
-   BIO_free(bio);
-   tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded),
--      host, NULL, errstr);
-+      NULL, NULL, errstr);
-   return FALSE;
-   }
- 
-@@ -1081,33 +1095,54 @@
-  * If someone wants to dance at the edge, then they can raise the limit or use
-  * current libraries. */
--#ifdef EXIM_HAVE_OPENSSL_DH_BITS
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+# ifdef EXIM_HAVE_OPENSSL_DH_BITS
- /* Added in commit 26c79d5641d; `git describe --contains` says OpenSSL_1_1_0-pre1~1022
-  * This predates OpenSSL_1_1_0 (before a, b, ...) so is in all 1.1.0 */
- dh_bitsize = DH_bits(dh);
--#else
-+# else
- dh_bitsize = 8 * DH_size(dh);
-+# endif
-+#else	/* 3.0.0 + */
-+dh_bitsize = EVP_PKEY_get_bits(pkey);
- #endif
- 
--/* Even if it is larger, we silently return success rather than cause things
-- * to fail out, so that a too-large DH will not knock out all TLS; it's a
-- * debatable choice. */
--if (dh_bitsize > tls_dh_max_bits)
-+/* Even if it is larger, we silently return success rather than cause things to
-+fail out, so that a too-large DH will not knock out all TLS; it's a debatable
-+choice.  Likewise for a failing attempt to set one. */
-+
-+if (dh_bitsize <= tls_dh_max_bits)
-   {
--  DEBUG(D_tls)
--    debug_printf("dhparams file %d bits, is > tls_dh_max_bits limit of %d\n",
--        dh_bitsize, tls_dh_max_bits);
-+  if (
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+      SSL_CTX_set_tmp_dh(sctx, dh)
-+#else
-+      SSL_CTX_set0_tmp_dh_pkey(sctx, pkey)
-+#endif
-+      == 0)
-+    {
-+    ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
-+    log_write(0, LOG_MAIN|LOG_PANIC, "TLS error (D-H param setting '%s'): %s",
-+	dhexpanded ? dhexpanded : US"default", ssl_errstring);
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+    /* EVP_PKEY_free(pkey);  crashes */
-+#endif
-+    }
-+  else
-+    DEBUG(D_tls)
-+      debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
-+	dhexpanded ? dhexpanded : US"default", dh_bitsize);
-   }
- else
--  {
--  SSL_CTX_set_tmp_dh(sctx, dh);
-   DEBUG(D_tls)
--    debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
--      dhexpanded ? dhexpanded : US"default", dh_bitsize);
--  }
-+    debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
-+	dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);
- 
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
- DH_free(dh);
--BIO_free(bio);
-+#endif
-+/* The EVP_PKEY ownership stays with the ctx; do not free it */
- 
-+BIO_free(bio);
- return TRUE;
- }
- 
-@@ -1118,7 +1154,7 @@
- *               Initialize for ECDH              *
- *************************************************/
- 
--/* Load parameters for ECDH encryption.
-+/* Load parameters for ECDH encryption.  Server only.
- 
- For now, we stick to NIST P-256 because: it's simple and easy to configure;
- it avoids any patent issues that might bite redistributors; despite events in
-@@ -1136,37 +1172,40 @@
- 
- Arguments:
-   sctx      The current SSL CTX (inbound or outbound)
--  host      connected host, if client; NULL if server
-   errstr    error string pointer
- 
- Returns:    TRUE if OK (nothing to set up, or setup worked)
- */
- 
- static BOOL
--init_ecdh(SSL_CTX * sctx, host_item * host, uschar ** errstr)
-+init_ecdh(SSL_CTX * sctx, uschar ** errstr)
- {
- #ifdef OPENSSL_NO_ECDH
- return TRUE;
- #else
- 
--EC_KEY * ecdh;
- uschar * exp_curve;
--int nid;
--BOOL rv;
--
--if (host)	/* No ECDH setup for clients, only for servers */
--  return TRUE;
-+int nid, rc;
- 
- # ifndef EXIM_HAVE_ECDH
- DEBUG(D_tls)
--  debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
-+  debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n");
- return TRUE;
- # else
- 
- if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
-   return FALSE;
-+
-+/* Is the option deliberately empty? */
-+
- if (!exp_curve || !*exp_curve)
-+  {
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+  DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n");
-+  (void) SSL_CTX_set1_curves(sctx, &nid, 0);
-+#endif
-   return TRUE;
-+  }
- 
- /* "auto" needs to be handled carefully.
-  * OpenSSL <  1.0.2: we do not select anything, but fallback to prime256v1
-@@ -1202,27 +1241,41 @@
- #   endif
-    )
-   {
--  tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
--    host, NULL, errstr);
-+  uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve);
-+  DEBUG(D_tls) debug_printf("TLS error '%s'\n", s);
-+  if (errstr) *errstr = s;
-   return FALSE;
-   }
- 
--if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
--  {
--  tls_error(US"Unable to create ec curve", host, NULL, errstr);
--  return FALSE;
--  }
-+# if OPENSSL_VERSION_NUMBER < 0x30000000L
-+ {
-+  EC_KEY * ecdh;
-+  if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
-+    {
-+    tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
-+    return FALSE;
-+    }
- 
--/* The "tmp" in the name here refers to setting a temporary key
--not to the stability of the interface. */
-+  /* The "tmp" in the name here refers to setting a temporary key
-+  not to the stability of the interface. */
- 
--if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
--  tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL, errstr);
-+  if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0)
-+    tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
-+  else
-+    DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
-+  EC_KEY_free(ecdh);
-+ }
-+
-+#else	/* v 3.0.0 + */
-+
-+if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
-+  tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
- else
--  DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
-+  DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve);
-+
-+#endif
- 
--EC_KEY_free(ecdh);
--return !rv;
-+return !!rc;
- 
- # endif	/*EXIM_HAVE_ECDH*/
- #endif /*OPENSSL_NO_ECDH*/
-@@ -1727,8 +1780,8 @@
- SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb);
- SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo);
- 
--if (  !init_dh(server_sni, cbinfo->dhparam, NULL, &dummy_errstr)
--   || !init_ecdh(server_sni, NULL, &dummy_errstr)
-+if (  !init_dh(server_sni, cbinfo->dhparam, &dummy_errstr)
-+   || !init_ecdh(server_sni, &dummy_errstr)
-    )
-   goto bad;
- 
-@@ -2213,8 +2266,8 @@
- /* Initialize with DH parameters if supplied */
- /* Initialize ECDH temp key parameter selection */
- 
--if (  !init_dh(ctx, dhparam, host, errstr)
--   || !init_ecdh(ctx, host, errstr)
-+if (  !init_dh(ctx, dhparam, errstr)
-+   || !init_ecdh(ctx, errstr)
-    )
-   return DEFER;
- 


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-12-25 10:42 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-12-25 10:42 UTC (permalink / raw
  To: gentoo-commits

commit:     8a7059d941873a35822e577495cf71fdea4dcc08
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 25 10:34:01 2023 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Dec 25 10:42:12 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a7059d9

mail-mta/exim-4.94.2: drop old

sparc how has exim-4.96.2 stable

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 mail-mta/exim/exim-4.94.2-r7.ebuild                | 618 ---------------------
 .../exim/files/exim-4.94-localscan_dlopen.patch    | 269 ---------
 2 files changed, 887 deletions(-)

diff --git a/mail-mta/exim/exim-4.94.2-r7.ebuild b/mail-mta/exim/exim-4.94.2-r7.ebuild
deleted file mode 100644
index 8f5367aecfb8..000000000000
--- a/mail-mta/exim/exim-4.94.2-r7.ebuild
+++ /dev/null
@@ -1,618 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls idn ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs +srs-alt srs-native +ssl syslog tcpd +tpda X"
-REQUIRED_USE="
-	arc? ( dkim spf )
-	dane? ( ssl !gnutls )
-	dmarc? ( dkim spf )
-	dkim? ( ssl !gnutls )
-	gnutls? ( ssl )
-	pkcs11? ( ssl )
-	spf? ( exiscan-acl )
-	srs? (
-		exiscan-acl
-		^^ ( srs-alt srs-native )
-	)
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else.  Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
-# incorrect, but b) is the only "correct" view from repoman.
-
-SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
-	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="sparc"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
-	dev-libs/libpcre
-	idn? ( net-dns/libidn:= net-dns/libidn2:= )
-	perl? ( dev-lang/perl:= )
-	pam? ( sys-libs/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? (
-		gnutls? (
-			net-libs/gnutls:0=[pkcs11?]
-			dev-libs/libtasn1
-		)
-		!gnutls? (
-			dev-libs/openssl:0=
-		)
-	)
-	ldap? ( >=net-nds/openldap-2.0.7:= )
-	nis? (
-		elibc_glibc? (
-			net-libs/libtirpc:=
-			>=net-libs/libnsl-1:=
-		)
-	)
-	mysql? ( dev-db/mysql-connector-c:= )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis:= )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc:= )
-	srs? ( srs-alt? ( mail-filter/libsrs_alt ) )
-	X? (
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/freeradius-client )
-	virtual/libcrypt:=
-	virtual/libiconv
-	elibc_glibc? ( net-libs/libnsl )
-	"
-	# added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/msmtp[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!mail-mta/ssmtp[mta]
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
-	# Legacy patches which need a respin for -p1
-	eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
-	eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	eapply     "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
-	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
-	eapply     "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
-
-	# for this reason we have a := dep on opendmarc, they changed their
-	# API in a minor release
-	if use dmarc && has_version ">=mail-filter/opendmarc-1.4" ; then
-		eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-	fi
-
-	if use maildir ; then
-		eapply "${FILESDIR}"/exim-4.94-maildir.patch
-	else
-		eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	eapply_user
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	local aliases="${EPREFIX}/etc/mail/aliases"
-	sed -i \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
-		src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
-	if use elibc_musl; then
-		sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
-	fi
-
-	local conffile="${EPREFIX}/etc/exim/exim.conf"
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
-		-e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile || die
-
-	# work on Local/Makefile from now on
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-	EOC
-
-	# if we use libiconv, now is the time to tell so
-	if use !elibc_glibc && use !elibc_musl ; then
-		cat >> Makefile <<- EOC
-			EXTRALIBS_EXIM=-liconv
-		EOC
-	fi
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	# support i18n/IDNA
-	if use idn; then
-		cat >> Makefile <<- EOC
-			SUPPORT_I18N=yes
-			SUPPORT_I18N_2008=yes
-			EXTRALIBS_EXIM += -lidn -lidn2
-		EOC
-	fi
-
-	#
-	# mail storage formats
-	#
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-
-	# use the "native" interfaces to the DBM and CDB libraries, support
-	# passwd and directory lookups by default
-	local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
-	cat >> Makefile <<- EOC
-		USE_DB=yes
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-		# keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
-		CFLAGS += -I$(db_includedir ${DB_VERS})
-		DBMLIB = -l$(db_libname ${DB_VERS})
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-		if use elibc_glibc ; then
-			cat >> Makefile <<- EOC
-				LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
-				LOOKUP_LIBS += -lnsl
-			EOC
-		fi
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-		cat >> Makefile <<- EOC
-			EXIM_MONITOR=eximon.bin
-		EOC
-	fi
-
-	#
-	# features
-	#
-
-	# content scanning support
-	if use exiscan-acl; then
-		cat >> Makefile <<- EOC
-			WITH_CONTENT_SCAN=yes
-		EOC
-	fi
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use !tpda && use !dane; then
-		# EVENT is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_EVENT=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
-		sed -i \
-			-e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
-			Makefile || die
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
-				>> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL=yes" >> Makefile
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	else
-		echo "DISABLE_TLS=yes" >> Makefile
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-			HAVE_LOCAL_SCAN=yes
-			DLOPEN_LOCAL_SCAN=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PROXY=yes
-		EOC
-	fi
-
-	# DANE
-	if use !dane; then
-		# DANE is enabled by default
-		sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			SUPPORT_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	#
-	# experimental features
-	#
-
-	# Authenticated Receive Chain
-	if use arc; then
-		echo "EXPERIMENTAL_ARC=yes">> Makefile
-	fi
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		# NOTE: we currently USE-default to srs-alt, because this is
-		# what USE=srs used to be.  Eventually we want to rid ourselves
-		# of this external implementation.
-		if use srs-alt; then
-			# historical default, from 4.95 this becomes
-			# EXPERIMENTAL_SRS_ALT
-			cat >> Makefile <<- EOC
-				EXPERIMENTAL_SRS=yes
-				EXTRALIBS_EXIM += -lsrs_alt
-			EOC
-		fi
-		if use srs-native; then
-			# this one becomes SUPPORT_SRS in 4.95
-			cat >> Makefile <<- EOC
-				EXPERIMENTAL_SRS_NATIVE=yes
-			EOC
-		fi
-	fi
-
-	# Delivery Sender Notifications extra information in fail message
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN_INFO=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-	#
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
-			AUTH_LIBS += -lfreeradius-client
-		EOC
-	fi
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym ../sbin/exim /usr/bin/mailq
-	dosym ../sbin/exim /usr/bin/newaliases
-	dosym ../sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc -r "${S}"/doc/.
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	if use exiscan-acl; then
-		newins "${S}"/src/configure.default exim.conf.exiscan-acl
-	fi
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	if use pam; then
-		pamd_mimic system-auth exim auth account
-	fi
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc10 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit \
-		"${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit \
-		"${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit \
-		"${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
-		einfo "for using smtp auth."
-		einfo "Please create ${EROOT}/etc/exim/exim.conf from"
-		einfo "  ${EROOT}/etc/exim/exim.conf.dist."
-	fi
-	if use dmarc ; then
-		einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
-		einfo "you can populate this file with the contents downloaded from"
-		einfo "  https://publicsuffix.org/list/public_suffix_list.dat"
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	if use srs ; then
-		einfo "SRS support is experimental in this release of Exim"
-		if use srs-alt; then
-			elog "You are using libsrs_alt to implement SRS support."
-			elog "In future release of Exim, the native SRS implementation"
-			elog "(USE=srs-native) will become the default.  Please prepare"
-			elog "your package.use or switch to USE=srs-native now."
-		fi
-	fi
-	use dsn && einfo "extra information in fail DSN message is experimental"
-	einfo
-	elog "Note that this release contains a tainted variable check that"
-	elog "is likely to break your configuration used with Exim 4.93 and before."
-	elog "Please check your transports for occurences of \$local_part, and"
-	elog "use a replacement like \$local_part_data where possible."
-}

diff --git a/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch
deleted file mode 100644
index 68ff48ac2a33..000000000000
--- a/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-diff -ur exim-4.92.orig/src/config.h.defaults exim-4.92/src/config.h.defaults
---- exim-4.92.orig/src/config.h.defaults	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/config.h.defaults	2019-02-16 18:17:24.547216157 +0100
-@@ -32,6 +32,8 @@
- 
- #define AUTH_VARS                     3
- 
-+#define DLOPEN_LOCAL_SCAN
-+
- #define BIN_DIRECTORY
- 
- #define CONFIGURE_FILE
-Only in exim-4.92/src: config.h.defaults.orig
-diff -ur exim-4.92.orig/src/EDITME exim-4.92/src/EDITME
---- exim-4.92.orig/src/EDITME	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/EDITME	2019-02-16 18:17:24.547216157 +0100
-@@ -824,6 +824,24 @@
- 
- 
- #------------------------------------------------------------------------------
-+# On systems which support dynamic loading of shared libraries, Exim can
-+# load a local_scan function specified in its config file instead of having
-+# to be recompiled with the desired local_scan function. For a full
-+# description of the API to this function, see the Exim specification.
-+
-+#DLOPEN_LOCAL_SCAN=yes
-+
-+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
-+# linker flags.  Without it, the loaded .so won't be able to access any
-+# functions from exim.
-+
-+LFLAGS = -rdynamic
-+ifeq ($(OSTYPE),Linux)
-+LFLAGS += -ldl
-+endif
-+
-+
-+#------------------------------------------------------------------------------
- # The default distribution of Exim contains only the plain text form of the
- # documentation. Other forms are available separately. If you want to install
- # the documentation in "info" format, first fetch the Texinfo documentation
-Only in exim-4.92/src: EDITME.orig
-diff -ur exim-4.92.orig/src/globals.c exim-4.92/src/globals.c
---- exim-4.92.orig/src/globals.c	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/globals.c	2019-02-16 18:17:24.549216150 +0100
-@@ -41,6 +41,10 @@
- 
- uschar *no_aliases             = NULL;
- 
-+#ifdef DLOPEN_LOCAL_SCAN
-+uschar *local_scan_path        = NULL;
-+#endif
-+
- 
- /* For comments on these variables, see globals.h. I'm too idle to
- duplicate them here... */
-Only in exim-4.92/src: globals.c.orig
-diff -ur exim-4.92.orig/src/globals.h exim-4.92/src/globals.h
---- exim-4.92.orig/src/globals.h	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/globals.h	2019-02-16 18:17:24.549216150 +0100
-@@ -152,6 +152,9 @@
- extern int (*receive_ferror)(void);
- extern BOOL (*receive_smtp_buffered)(void);
- 
-+#ifdef DLOPEN_LOCAL_SCAN
-+extern uschar *local_scan_path;        /* Path to local_scan() library */
-+#endif
- 
- /* For clearing, saving, restoring address expansion variables. We have to have
- the size of this vector set explicitly, because it is referenced from more than
-Only in exim-4.92/src: globals.h.orig
-diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
---- exim-4.92.orig/src/local_scan.c	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/local_scan.c	2019-02-16 18:29:56.832732592 +0100
-@@ -5,61 +5,133 @@
- /* Copyright (c) University of Cambridge 1995 - 2009 */
- /* See the file NOTICE for conditions of use and distribution. */
- 
-+#include "local_scan.h"
- 
--/******************************************************************************
--This file contains a template local_scan() function that just returns ACCEPT.
--If you want to implement your own version, you should copy this file to, say
--Local/local_scan.c, and edit the copy. To use your version instead of the
--default, you must set
--
--HAVE_LOCAL_SCAN=yes
--LOCAL_SCAN_SOURCE=Local/local_scan.c
--
--in your Local/Makefile. This makes it easy to copy your version for use with
--subsequent Exim releases.
--
--For a full description of the API to this function, see the Exim specification.
--******************************************************************************/
--
--
--/* This is the only Exim header that you should include. The effect of
--including any other Exim header is not defined, and may change from release to
--release. Use only the documented interface! */
--
--#include "local_scan.h"
--
--
--/* This is a "do-nothing" version of a local_scan() function. The arguments
--are:
--
--  fd             The file descriptor of the open -D file, which contains the
--                   body of the message. The file is open for reading and
--                   writing, but modifying it is dangerous and not recommended.
--
--  return_text    A pointer to an unsigned char* variable which you can set in
--                   order to return a text string. It is initialized to NULL.
--
--The return values of this function are:
--
--  LOCAL_SCAN_ACCEPT
--                 The message is to be accepted. The return_text argument is
--                   saved in $local_scan_data.
--
--  LOCAL_SCAN_REJECT
--                 The message is to be rejected. The returned text is used
--                   in the rejection message.
--
--  LOCAL_SCAN_TEMPREJECT
--                 This specifies a temporary rejection. The returned text
--                   is used in the rejection message.
--*/
-+#ifdef DLOPEN_LOCAL_SCAN
-+#include <stdlib.h>
-+#include <dlfcn.h>
-+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
-+static int load_local_scan_library(void);
-+extern uschar *local_scan_path;        /* Path to local_scan() library */
-+#endif
- 
- int
- local_scan(int fd, uschar **return_text)
- {
- fd = fd;                      /* Keep picky compilers happy */
- return_text = return_text;
--return LOCAL_SCAN_ACCEPT;
-+#ifdef DLOPEN_LOCAL_SCAN
-+/* local_scan_path is defined AND not the empty string */
-+if (local_scan_path && *local_scan_path)
-+  {
-+  if (!local_scan_fn)
-+    {
-+    if (!load_local_scan_library())
-+      {
-+        char *base_msg , *error_msg , *final_msg ;
-+        int final_length = -1 ;
-+
-+        base_msg=US"Local configuration error - local_scan() library failure\n";
-+        error_msg = dlerror() ;
-+
-+        final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
-+        final_msg = (char*)malloc( final_length*sizeof(char) ) ;
-+        *final_msg = '\0' ;
-+
-+        strcat( final_msg , base_msg ) ;
-+        strcat( final_msg , error_msg ) ;
-+
-+        *return_text = final_msg ;
-+      return LOCAL_SCAN_TEMPREJECT;
-+      }
-+    }
-+    return local_scan_fn(fd, return_text);
-+  }
-+else
-+#endif
-+  return LOCAL_SCAN_ACCEPT;
-+}
-+
-+#ifdef DLOPEN_LOCAL_SCAN
-+
-+static int load_local_scan_library(void)
-+{
-+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
-+void *local_scan_lib = NULL;
-+int (*local_scan_version_fn)(void);
-+int vers_maj;
-+int vers_min;
-+
-+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
-+if (!local_scan_lib)
-+  {
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
-+    "message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
-+if (!local_scan_version_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan_version_major() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+/* The major number is increased when the ABI is changed in a non
-+   backward compatible way. */
-+vers_maj = local_scan_version_fn();
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
-+if (!local_scan_version_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan_version_minor() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+/* The minor number is increased each time a new feature is added (in a
-+   way that doesn't break backward compatibility) -- Marc */
-+vers_min = local_scan_version_fn();
-+
-+
-+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
-+  {
-+  dlclose(local_scan_lib);
-+  local_scan_lib = NULL;
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
-+    "version number, you need to recompile your module for this version"
-+    "of exim (The module was compiled for version %d.%d and this exim provides"
-+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+    LOCAL_SCAN_ABI_VERSION_MINOR);
-+  return FALSE;
-+  }
-+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
-+  {
-+  dlclose(local_scan_lib);
-+  local_scan_lib = NULL;
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
-+    "version number, you need to recompile your module for this version"
-+    "of exim (The module was compiled for version %d.%d and this exim provides"
-+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+    LOCAL_SCAN_ABI_VERSION_MINOR);
-+  return FALSE;
-+  }
-+
-+local_scan_fn = dlsym(local_scan_lib, "local_scan");
-+if (!local_scan_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+return TRUE;
- }
- 
-+#endif /* DLOPEN_LOCAL_SCAN */
-+
- /* End of local_scan.c */
-diff -ur exim-4.92.orig/src/readconf.c exim-4.92/src/readconf.c
---- exim-4.92.orig/src/readconf.c	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/readconf.c	2019-02-16 18:18:46.013947455 +0100
-@@ -205,6 +205,9 @@
-   { "local_from_prefix",        opt_stringptr,   {&local_from_prefix} },
-   { "local_from_suffix",        opt_stringptr,   {&local_from_suffix} },
-   { "local_interfaces",         opt_stringptr,   {&local_interfaces} },
-+#ifdef DLOPEN_LOCAL_SCAN
-+  { "local_scan_path",          opt_stringptr,   {&local_scan_path} },
-+#endif
- #ifdef HAVE_LOCAL_SCAN
-   { "local_scan_timeout",       opt_time,        {&local_scan_timeout} },
- #endif


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-12-25 10:42 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-12-25 10:42 UTC (permalink / raw
  To: gentoo-commits

commit:     38b56d6352c696749e20078af71daaf871e58691
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 25 10:39:54 2023 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Dec 25 10:42:12 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38b56d63

mail-mta/exim: add backport for CVE-2023-51766 to 4.96 and 4.97

Addresses:
 Partially vulnerable to "SMTP Smuggling" if pipelining is enabled and
 chunking is disabled/unused

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 mail-mta/exim/Manifest                             |   2 -
 .../{exim-4.97-r1.ebuild => exim-4.96-r5.ebuild}   |  33 ++-
 .../{exim-4.97-r1.ebuild => exim-4.97-r2.ebuild}   |   1 +
 mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch | 265 +++++++++++++++++++++
 4 files changed, 294 insertions(+), 7 deletions(-)

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 2422a76d59b8..897713920daf 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,9 +1,7 @@
-DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc
 DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
 DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed
 DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
 DIST exim-4.97.tar.xz 1909536 BLAKE2B b0f09d5f162853996976c222786de14e2104acdf01fd61da486f59f4cf8af1182cdfb7ea31fd55ccfd9c57256e7f442dc1b46727e08fe2eca82a296ac4ae7899 SHA512 b28cbb49fa7e143dfcc94e004d57cf98a1945013e676cd103c1ee4cf52933d49d378baa13bea2663353dba97745d6b2ab8b7b66cde870788a2d85d7abd716968
-DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0
 DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74
 DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1
 DIST exim-pdf-4.97.tar.xz 2136852 BLAKE2B df188e658e9e86d1b651d12b29e8a440677d75cc0384bab829323582a3a89b62f34e504b759ef2824b7735056696aed6ac33a4ca10a74fc5bc036f150caaac12 SHA512 defd1e7d823f4eadd2afe426d9105a395421824a1b1941b97bfda408905bdd105b5c219b713e15506d25d98fa48e965228f8daab286dc1be14a387f567c0b58b

diff --git a/mail-mta/exim/exim-4.97-r1.ebuild b/mail-mta/exim/exim-4.96-r5.ebuild
similarity index 90%
copy from mail-mta/exim/exim-4.97-r1.ebuild
copy to mail-mta/exim/exim-4.96-r5.ebuild
index 3dbed307e7e4..95cd963bee1d 100644
--- a/mail-mta/exim/exim-4.97-r1.ebuild
+++ b/mail-mta/exim/exim-4.96-r5.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit db-use flag-o-matic toolchain-funcs pam systemd
+inherit db-use toolchain-funcs pam systemd
 
 IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
 dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
@@ -35,6 +35,7 @@ COMM_URI="https://downloads.exim.org/exim4${SDIR}"
 GPV="r0"
 DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
 SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
+	https://dev.gentoo.org/~grobian/distfiles/${P}-gentoo-patches-${GPV}.tar.xz
 	mirror://gentoo/system_filter.exim.gz
 	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
 HOMEPAGE="https://www.exim.org/"
@@ -111,11 +112,29 @@ src_prepare() {
 	# Legacy patches which need a respin for -p1
 	eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
 	eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	eapply     "${FILESDIR}"/exim-4.97-as-needed-ldflags.patch # 352265, 391279
+	eapply     "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
 	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
-	eapply     "${FILESDIR}"/exim-4.97-localscan_dlopen.patch
-	eapply     "${FILESDIR}"/exim-4.97-no-exim_id_update.patch
+	eapply     "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
+
+	# Upstream post-release fixes :(
+	local GPVDIR=${WORKDIR}/${P}-gentoo-patches-${GPV}
+	eapply     "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
+	eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
+
+	eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063
 
 	# oddity, they disable berkdb as hack, and then throw an error when
 	# berkdb isn't enabled
@@ -124,6 +143,11 @@ src_prepare() {
 		-e 's/define DB void/define DONTMESS void/' \
 		src/auths/call_radius.c || die
 
+	# API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
+	# used, but 1.3 has a CVE and Gentoo (like most downstreams) only
+	# has 1.4 available
+	eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
+
 	if use maildir ; then
 		eapply "${FILESDIR}"/exim-4.94-maildir.patch
 	else
@@ -153,7 +177,6 @@ src_configure() {
 
 	if use elibc_musl; then
 		sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
-		append-cflags -DNO_EXECINFO
 	fi
 
 	local conffile="${EPREFIX}/etc/exim/exim.conf"

diff --git a/mail-mta/exim/exim-4.97-r1.ebuild b/mail-mta/exim/exim-4.97-r2.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.97-r1.ebuild
rename to mail-mta/exim/exim-4.97-r2.ebuild
index 3dbed307e7e4..06ad474f9e9c 100644
--- a/mail-mta/exim/exim-4.97-r1.ebuild
+++ b/mail-mta/exim/exim-4.97-r2.ebuild
@@ -116,6 +116,7 @@ src_prepare() {
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
 	eapply     "${FILESDIR}"/exim-4.97-localscan_dlopen.patch
 	eapply     "${FILESDIR}"/exim-4.97-no-exim_id_update.patch
+	eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063
 
 	# oddity, they disable berkdb as hack, and then throw an error when
 	# berkdb isn't enabled

diff --git a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
new file mode 100644
index 000000000000..7eed4eb1855f
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
@@ -0,0 +1,265 @@
+https://nvd.nist.gov/vuln/detail/CVE-2023-51766
+
+
+From cf1376206284f2a4f11e32d931d4aade34c206c5 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 22 Dec 2023 23:57:05 +0000
+Subject: [PATCH] Reject "dot, LF" as ending data phase.  Bug 3063
+
+From 5bb786d5ad568a88d50d15452aacc8404047e5ca Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sat, 23 Dec 2023 17:42:57 +0000
+Subject: [PATCH] Reject "dot, LF" as ending data phase (pt. 2).  Bug 3063
+
+reduced to source changes only for Gentoo
+
+
+
+diff --git a/src/src/receive.c b/src/src/receive.c
+index e35400aec..c6f612832 100644
+--- a/src/src/receive.c
++++ b/src/src/receive.c
+@@ -836,93 +842,101 @@
+ */
+ 
+ static int
+-read_message_data_smtp(FILE *fout)
++read_message_data_smtp(FILE * fout, BOOL strict_crlf)
+ {
+-int ch_state = 0;
+-int ch;
+-int linelength = 0;
++enum { s_linestart, s_normal, s_had_cr, s_had_nl_dot, s_had_dot_cr } ch_state =
++	      s_linestart;
++int linelength = 0, ch;
+ 
+ while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
+   {
+   if (ch == 0) body_zerocount++;
+   switch (ch_state)
+     {
+-    case 0:                             /* After LF or CRLF */
+-    if (ch == '.')
+-      {
+-      ch_state = 3;
+-      continue;                         /* Don't ever write . after LF */
+-      }
+-    ch_state = 1;
++    case s_linestart:			/* After LF or CRLF */
++      if (ch == '.')
++	{
++	ch_state = s_had_nl_dot;
++	continue;			/* Don't ever write . after LF */
++	}
++      ch_state = s_normal;
+ 
+-    /* Else fall through to handle as normal uschar. */
++      /* Else fall through to handle as normal uschar. */
+ 
+-    case 1:                             /* Normal state */
+-    if (ch == '\n')
+-      {
+-      ch_state = 0;
+-      body_linecount++;
++    case s_normal:			/* Normal state */
++      if (ch == '\r')
++	{
++	ch_state = s_had_cr;
++	continue;			/* Don't write the CR */
++	}
++      if (ch == '\n')			/* Bare LF at end of line */
++	if (strict_crlf)
++	  ch = ' ';			/* replace LF with space */
++	else
++	  {				/* treat as line ending */
++	  ch_state = s_linestart;
++	  body_linecount++;
++	  if (linelength > max_received_linelength)
++	    max_received_linelength = linelength;
++	  linelength = -1;
++	  }
++      break;
++
++    case s_had_cr:			/* After (unwritten) CR */
++      body_linecount++;			/* Any char ends line */
+       if (linelength > max_received_linelength)
+-        max_received_linelength = linelength;
++	max_received_linelength = linelength;
+       linelength = -1;
+-      }
+-    else if (ch == '\r')
+-      {
+-      ch_state = 2;
+-      continue;
+-      }
+-    break;
++      if (ch == '\n')			/* proper CRLF */
++	ch_state = s_linestart;
++      else
++	{
++	message_size++;		/* convert the dropped CR to a stored NL */
++	if (fout && fputc('\n', fout) == EOF) return END_WERROR;
++	cutthrough_data_put_nl();
++	if (ch == '\r')			/* CR; do not write */
++	  continue;
++	ch_state = s_normal;		/* not LF or CR; process as standard */
++	}
++      break;
+ 
+-    case 2:                             /* After (unwritten) CR */
+-    body_linecount++;
+-    if (linelength > max_received_linelength)
+-      max_received_linelength = linelength;
+-    linelength = -1;
+-    if (ch == '\n')
+-      {
+-      ch_state = 0;
+-      }
+-    else
+-      {
+-      message_size++;
+-      if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+-      cutthrough_data_put_nl();
+-      if (ch != '\r') ch_state = 1; else continue;
+-      }
+-    break;
++    case s_had_nl_dot:			/* After [CR] LF . */
++      if (ch == '\n')			/* [CR] LF . LF */
++	if (strict_crlf)
++	  ch = ' ';			/* replace LF with space */
++	else
++	  return END_DOT;
++      else if (ch == '\r')		/* [CR] LF . CR */
++	{
++	ch_state = s_had_dot_cr;
++	continue;			/* Don't write the CR */
++	}
++      /* The dot was removed on reaching s_had_nl_dot. For a doubled dot, here,
++      reinstate it to cutthrough. The current ch, dot or not, is passed both to
++      cutthrough and to file below. */
++      else if (ch == '.')
++	{
++	uschar c = ch;
++	cutthrough_data_puts(&c, 1);
++	}
++      ch_state = s_normal;
++      break;
+ 
+-    case 3:                             /* After [CR] LF . */
+-    if (ch == '\n')
+-      return END_DOT;
+-    if (ch == '\r')
+-      {
+-      ch_state = 4;
+-      continue;
+-      }
+-    /* The dot was removed at state 3. For a doubled dot, here, reinstate
+-    it to cutthrough. The current ch, dot or not, is passed both to cutthrough
+-    and to file below. */
+-    if (ch == '.')
+-      {
+-      uschar c= ch;
+-      cutthrough_data_puts(&c, 1);
+-      }
+-    ch_state = 1;
+-    break;
++    case s_had_dot_cr:			/* After [CR] LF . CR */
++      if (ch == '\n')
++	return END_DOT;			/* Preferred termination */
+ 
+-    case 4:                             /* After [CR] LF . CR */
+-    if (ch == '\n') return END_DOT;
+-    message_size++;
+-    body_linecount++;
+-    if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+-    cutthrough_data_put_nl();
+-    if (ch == '\r')
+-      {
+-      ch_state = 2;
+-      continue;
+-      }
+-    ch_state = 1;
+-    break;
++      message_size++;		/* convert the dropped CR to a stored NL */
++      body_linecount++;
++      if (fout && fputc('\n', fout) == EOF) return END_WERROR;
++      cutthrough_data_put_nl();
++      if (ch == '\r')
++	{
++	ch_state = s_had_cr;
++	continue;			/* CR; do not write */
++	}
++      ch_state = s_normal;
++      break;
+     }
+ 
+   /* Add the character to the spool file, unless skipping; then loop for the
+@@ -1140,7 +1152,7 @@ receive_swallow_smtp(void)
+ {
+ if (message_ended >= END_NOTENDED)
+   message_ended = chunking_state <= CHUNKING_OFFERED
+-     ? read_message_data_smtp(NULL)
++     ? read_message_data_smtp(NULL, FALSE)
+      : read_message_bdat_smtp_wire(NULL);
+ }
+ 
+@@ -1960,8 +1960,10 @@ for (;;)
+ 
+   if (ch == '\n')
+     {
+-    if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
+-      else if (first_line_ended_crlf) receive_ungetc(' ');
++    if (first_line_ended_crlf == TRUE_UNSET)
++      first_line_ended_crlf = FALSE;
++    else if (first_line_ended_crlf)
++      receive_ungetc(' ');
+     goto EOL;
+     }
+ 
+@@ -1977,7 +1980,11 @@ for (;;)
+   if (f.dot_ends && ptr == 0 && ch == '.')
+     {
+     ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+-    if (ch == '\r')
++    if (ch == '\n' && first_line_ended_crlf == TRUE /* and not TRUE_UNSET */ )
++    		/* dot, LF  but we are in CRLF mode.  Attack? */
++      ch = ' ';	/* replace the LF with a space */
++
++    else if (ch == '\r')
+       {
+       ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+       if (ch != '\n')
+@@ -2013,7 +2020,8 @@ for (;;)
+     ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+     if (ch == '\n')
+       {
+-      if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
++      if (first_line_ended_crlf == TRUE_UNSET)
++	first_line_ended_crlf = TRUE;
+       goto EOL;
+       }
+ 
+@@ -3241,7 +3253,7 @@ if (!ferror(spool_data_file) && !(receive_feof)() && message_ended != END_DOT)
+   if (smtp_input)
+     {
+     message_ended = chunking_state <= CHUNKING_OFFERED
+-      ? read_message_data_smtp(spool_data_file)
++      ? read_message_data_smtp(spool_data_file, first_line_ended_crlf)
+       : spool_wireformat
+       ? read_message_bdat_smtp_wire(spool_data_file)
+       : read_message_bdat_smtp(spool_data_file);
+diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
+index e19c86ff8..aeaffeb37 100644
+--- a/src/src/smtp_in.c
++++ b/src/src/smtp_in.c
+@@ -5112,7 +5112,10 @@ while (done <= 0)
+ 	to get the DATA command sent. */
+ 
+ 	if (!acl_smtp_predata && cutthrough.cctx.sock < 0)
++	  {
++	  if (!check_sync()) goto SYNC_FAILURE;
+ 	  rc = OK;
++	  }
+ 	else
+ 	  {
+ 	  uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept";


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-01-12 11:56 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-01-12 11:56 UTC (permalink / raw
  To: gentoo-commits

commit:     c11d2a7a9507bd2392e0c8c83e6719debbf18ab1
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 12 11:56:22 2024 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Jan 12 11:56:22 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c11d2a7a

mail-mta/exim: cleanup vulnerable

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 mail-mta/exim/Manifest                             |   5 -
 mail-mta/exim/exim-4.96-r4.ebuild                  | 655 --------------------
 mail-mta/exim/exim-4.96.2-r1.ebuild                | 656 ---------------------
 mail-mta/exim/exim-4.96.2.ebuild                   | 655 --------------------
 .../exim/files/exim-4.93-as-needed-ldflags.patch   | 145 -----
 mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch  |  14 -
 .../exim/files/exim-4.95-localscan_dlopen.patch    | 221 -------
 mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch | 265 ---------
 8 files changed, 2616 deletions(-)

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 9553d4d46a0a..d87f52e906c4 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,8 +1,3 @@
-DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
-DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed
-DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
 DIST exim-4.97.1.tar.xz 1919308 BLAKE2B ea41bf851185c7330e648c7757f2bf0b0aea3133e399630a40d220f5f542e9055e3ed0cd67c9ee5dcede281ccc17919a4ac328abd8f05d4d828e0381f10df0b8 SHA512 eab7ca28b37f1635c48f5e963ab69fcbad539b2c35a84286ecaad7d7ff5210bbefce86452302e08099afdc0710f9cb7ca6d9b152b0ba88a19292f7c5541e0cfc
-DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74
-DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1
 DIST exim-pdf-4.97.1.tar.xz 2139688 BLAKE2B baadbb6ca7b88b11ea88f6b5ce0c96d9d713a1f5b358e4dfb52647ccc2bb1a9a6f74e75341839a8ee7df327f2f5645dbf223e4e5923631b02aa53a777701b436 SHA512 6aa733b1d48b6237f458939ff53e484e702f47a0c10ba781ba101db404d39667bd2ddc876af4f597deda1991e534d5b8b874c549e6a86b5325ebd624a6713183
 DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3

diff --git a/mail-mta/exim/exim-4.96-r4.ebuild b/mail-mta/exim/exim-4.96-r4.ebuild
deleted file mode 100644
index c3bb1a1d477e..000000000000
--- a/mail-mta/exim/exim-4.96-r4.ebuild
+++ /dev/null
@@ -1,655 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
-	arc? ( dkim spf )
-	dane? ( ssl !gnutls )
-	dmarc? ( dkim spf )
-	dkim? ( ssl !gnutls )
-	gnutls? ( ssl )
-	pkcs11? ( ssl )
-	|| ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else.  Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
-	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-GPV="r0"
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
-	https://dev.gentoo.org/~grobian/distfiles/${P}-gentoo-patches-${GPV}.tar.xz
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	dev-libs/libpcre2:=
-	tdb? ( sys-libs/tdb:= )
-	!tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
-	!tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
-	idn? ( net-dns/libidn:= net-dns/libidn2:= )
-	perl? ( dev-lang/perl:= )
-	pam? ( sys-libs/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? (
-		gnutls? (
-			net-libs/gnutls:0=[pkcs11?]
-			dev-libs/libtasn1
-		)
-		!gnutls? (
-			dev-libs/openssl:0=
-		)
-	)
-	ldap? ( >=net-nds/openldap-2.0.7:= )
-	elibc_glibc? (
-		net-libs/libnsl:=
-		nis? (
-			net-libs/libtirpc:=
-			>=net-libs/libnsl-1:=
-		)
-	)
-	mysql? ( dev-db/mysql-connector-c:= )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis:= )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc:= )
-	X? (
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/freeradius-client )
-	virtual/libcrypt:=
-	virtual/libiconv
-	"
-	# added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/msmtp[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!mail-mta/ssmtp[mta]
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
-	# Legacy patches which need a respin for -p1
-	eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
-	eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	eapply     "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
-	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
-	eapply     "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
-
-	# Upstream post-release fixes :(
-	local GPVDIR=${WORKDIR}/${P}-gentoo-patches-${GPV}
-	eapply     "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
-	eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
-
-	# oddity, they disable berkdb as hack, and then throw an error when
-	# berkdb isn't enabled
-	sed -i \
-		-e 's/_DB_/_DONTMESS_/' \
-		-e 's/define DB void/define DONTMESS void/' \
-		src/auths/call_radius.c || die
-
-	# API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
-	# used, but 1.3 has a CVE and Gentoo (like most downstreams) only
-	# has 1.4 available
-	eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-
-	if use maildir ; then
-		eapply "${FILESDIR}"/exim-4.94-maildir.patch
-	else
-		eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	eapply_user
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	local aliases="${EPREFIX}/etc/mail/aliases"
-	sed -i \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
-		src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
-	if use elibc_musl; then
-		sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
-	fi
-
-	local conffile="${EPREFIX}/etc/exim/exim.conf"
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
-		-e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile || die
-
-	# work on Local/Makefile from now on
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-		WITH_CONTENT_SCAN=yes
-	EOC
-
-	# configure db implementation, Exim always needs one for its hints
-	# database, we prefer tdb and gdbm, since bdb is kind of getting
-	# less and less support
-	if use tdb ; then
-		cat >> Makefile <<- EOC
-			USE_TDB=yes
-			DBMLIB = -ltdb
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-	elif use gdbm ; then
-		cat >> Makefile <<- EOC
-			USE_GDBM=yes
-			DBMLIB = -lgdbm
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	else # must be berkdb via required_use
-		# use the "native" interfaces to the DBM and CDB libraries, support
-		# passwd and directory lookups by default
-		local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
-		cat >> Makefile <<- EOC
-			USE_DB=yes
-			# keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
-			CFLAGS += -I$(db_includedir ${DB_VERS})
-			DBMLIB = -l$(db_libname ${DB_VERS})
-		EOC
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	fi
-
-	# if we use libiconv, now is the time to tell so
-	if use !elibc_glibc && use !elibc_musl ; then
-		cat >> Makefile <<- EOC
-			EXTRALIBS_EXIM=-liconv
-		EOC
-	fi
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	# support i18n/IDNA
-	if use idn; then
-		cat >> Makefile <<- EOC
-			SUPPORT_I18N=yes
-			SUPPORT_I18N_2008=yes
-			EXTRALIBS_EXIM += -lidn -lidn2
-		EOC
-	fi
-
-	#
-	# mail storage formats
-	#
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-	#
-
-	# support passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-		if use elibc_glibc ; then
-			cat >> Makefile <<- EOC
-				LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
-				LOOKUP_LIBS += -lnsl
-			EOC
-		fi
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-		cat >> Makefile <<- EOC
-			EXIM_MONITOR=eximon.bin
-		EOC
-	fi
-
-	#
-	# features
-	#
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use !tpda && use !dane; then
-		# EVENT is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_EVENT=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
-		sed -i \
-			-e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
-			Makefile || die
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
-				>> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL=yes" >> Makefile
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	else
-		echo "DISABLE_TLS=yes" >> Makefile
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-			HAVE_LOCAL_SCAN=yes
-			DLOPEN_LOCAL_SCAN=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PROXY=yes
-		EOC
-	fi
-
-	# SOCKS5 (outbound) proxy support
-	if use socks5; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SOCKS=yes
-		EOC
-	fi
-
-	# DANE
-	if use !dane; then
-		# DANE is enabled by default
-		sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			SUPPORT_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	#
-	# experimental features
-	#
-
-	# Authenticated Receive Chain
-	if use arc; then
-		echo "EXPERIMENTAL_ARC=yes">> Makefile
-	fi
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		# this one is the default/supported variant since 4.95, and the
-		# only variant available since 4.96
-		cat >> Makefile <<- EOC
-			SUPPORT_SRS=yes
-		EOC
-	fi
-
-	# Delivery Sender Notifications extra information in fail message
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN_INFO=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-	#
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
-			AUTH_LIBS += -lfreeradius-client
-		EOC
-	fi
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym ../sbin/exim /usr/bin/mailq
-	dosym ../sbin/exim /usr/bin/newaliases
-	dosym ../sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc -r "${S}"/doc/.
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	if use pam; then
-		pamd_mimic system-auth exim auth account
-	fi
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc10 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit \
-		"${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit \
-		"${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit \
-		"${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
-		einfo "for using smtp auth."
-		einfo "Please create ${EROOT}/etc/exim/exim.conf from"
-		einfo "  ${EROOT}/etc/exim/exim.conf.dist."
-	fi
-	if use berkdb && ( use gdbm || use tdb ) ; then
-		ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
-	fi
-	if use dmarc ; then
-		einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
-		einfo "you can populate this file with the contents downloaded from"
-		einfo "  https://publicsuffix.org/list/public_suffix_list.dat"
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	if use srs; then
-		einfo "SRS support using libsrs_alt was dropped in this"
-		einfo "release of Exim, you are now using the native SRS implementation"
-	fi
-	use dsn && einfo "extra information in fail DSN message is experimental"
-	einfo
-	elog "Note that this release contains a tainted variable check that"
-	elog "is likely to break your configuration used with Exim 4.93 and before."
-	elog "Please check your transports for occurences of \$local_part, and"
-	elog "use a replacement like \$local_part_data where possible."
-}

diff --git a/mail-mta/exim/exim-4.96.2-r1.ebuild b/mail-mta/exim/exim-4.96.2-r1.ebuild
deleted file mode 100644
index f31266dbaa83..000000000000
--- a/mail-mta/exim/exim-4.96.2-r1.ebuild
+++ /dev/null
@@ -1,656 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
-	arc? ( dkim spf )
-	dane? ( ssl !gnutls )
-	dmarc? ( dkim spf )
-	dkim? ( ssl !gnutls )
-	gnutls? ( ssl )
-	pkcs11? ( ssl )
-	|| ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else.  Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
-	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-GPV="r0"
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
-	https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	dev-libs/libpcre2:=
-	tdb? ( sys-libs/tdb:= )
-	!tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
-	!tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
-	idn? ( net-dns/libidn:= net-dns/libidn2:= )
-	perl? ( dev-lang/perl:= )
-	pam? ( sys-libs/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? (
-		gnutls? (
-			net-libs/gnutls:0=[pkcs11?]
-			dev-libs/libtasn1
-		)
-		!gnutls? (
-			dev-libs/openssl:0=
-		)
-	)
-	ldap? ( >=net-nds/openldap-2.0.7:= )
-	elibc_glibc? (
-		net-libs/libnsl:=
-		nis? (
-			net-libs/libtirpc:=
-			>=net-libs/libnsl-1:=
-		)
-	)
-	mysql? ( dev-db/mysql-connector-c:= )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis:= )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc:= )
-	X? (
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/freeradius-client )
-	virtual/libcrypt:=
-	virtual/libiconv
-	"
-	# added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/msmtp[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!mail-mta/ssmtp[mta]
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
-	# Legacy patches which need a respin for -p1
-	eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
-	eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	eapply     "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
-	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
-	eapply     "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
-	eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063
-
-	# Upstream post-release fixes :(
-	local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV}
-	eapply     "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
-	eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
-
-	# oddity, they disable berkdb as hack, and then throw an error when
-	# berkdb isn't enabled
-	sed -i \
-		-e 's/_DB_/_DONTMESS_/' \
-		-e 's/define DB void/define DONTMESS void/' \
-		src/auths/call_radius.c || die
-
-	# API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
-	# used, but 1.3 has a CVE and Gentoo (like most downstreams) only
-	# has 1.4 available
-	eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-
-	if use maildir ; then
-		eapply "${FILESDIR}"/exim-4.94-maildir.patch
-	else
-		eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	eapply_user
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	local aliases="${EPREFIX}/etc/mail/aliases"
-	sed -i \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
-		src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
-	if use elibc_musl; then
-		sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
-	fi
-
-	local conffile="${EPREFIX}/etc/exim/exim.conf"
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
-		-e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile || die
-
-	# work on Local/Makefile from now on
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-		WITH_CONTENT_SCAN=yes
-	EOC
-
-	# configure db implementation, Exim always needs one for its hints
-	# database, we prefer tdb and gdbm, since bdb is kind of getting
-	# less and less support
-	if use tdb ; then
-		cat >> Makefile <<- EOC
-			USE_TDB=yes
-			DBMLIB = -ltdb
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-	elif use gdbm ; then
-		cat >> Makefile <<- EOC
-			USE_GDBM=yes
-			DBMLIB = -lgdbm
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	else # must be berkdb via required_use
-		# use the "native" interfaces to the DBM and CDB libraries, support
-		# passwd and directory lookups by default
-		local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
-		cat >> Makefile <<- EOC
-			USE_DB=yes
-			# keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
-			CFLAGS += -I$(db_includedir ${DB_VERS})
-			DBMLIB = -l$(db_libname ${DB_VERS})
-		EOC
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	fi
-
-	# if we use libiconv, now is the time to tell so
-	if use !elibc_glibc && use !elibc_musl ; then
-		cat >> Makefile <<- EOC
-			EXTRALIBS_EXIM=-liconv
-		EOC
-	fi
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	# support i18n/IDNA
-	if use idn; then
-		cat >> Makefile <<- EOC
-			SUPPORT_I18N=yes
-			SUPPORT_I18N_2008=yes
-			EXTRALIBS_EXIM += -lidn -lidn2
-		EOC
-	fi
-
-	#
-	# mail storage formats
-	#
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-	#
-
-	# support passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-		if use elibc_glibc ; then
-			cat >> Makefile <<- EOC
-				LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
-				LOOKUP_LIBS += -lnsl
-			EOC
-		fi
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-		cat >> Makefile <<- EOC
-			EXIM_MONITOR=eximon.bin
-		EOC
-	fi
-
-	#
-	# features
-	#
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use !tpda && use !dane; then
-		# EVENT is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_EVENT=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
-		sed -i \
-			-e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
-			Makefile || die
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
-				>> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL=yes" >> Makefile
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	else
-		echo "DISABLE_TLS=yes" >> Makefile
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-			HAVE_LOCAL_SCAN=yes
-			DLOPEN_LOCAL_SCAN=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PROXY=yes
-		EOC
-	fi
-
-	# SOCKS5 (outbound) proxy support
-	if use socks5; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SOCKS=yes
-		EOC
-	fi
-
-	# DANE
-	if use !dane; then
-		# DANE is enabled by default
-		sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			SUPPORT_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	#
-	# experimental features
-	#
-
-	# Authenticated Receive Chain
-	if use arc; then
-		echo "EXPERIMENTAL_ARC=yes">> Makefile
-	fi
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		# this one is the default/supported variant since 4.95, and the
-		# only variant available since 4.96
-		cat >> Makefile <<- EOC
-			SUPPORT_SRS=yes
-		EOC
-	fi
-
-	# Delivery Sender Notifications extra information in fail message
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN_INFO=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-	#
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
-			AUTH_LIBS += -lfreeradius-client
-		EOC
-	fi
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym ../sbin/exim /usr/bin/mailq
-	dosym ../sbin/exim /usr/bin/newaliases
-	dosym ../sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc -r "${S}"/doc/.
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	if use pam; then
-		pamd_mimic system-auth exim auth account
-	fi
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc10 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit \
-		"${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit \
-		"${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit \
-		"${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
-		einfo "for using smtp auth."
-		einfo "Please create ${EROOT}/etc/exim/exim.conf from"
-		einfo "  ${EROOT}/etc/exim/exim.conf.dist."
-	fi
-	if use berkdb && ( use gdbm || use tdb ) ; then
-		ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
-	fi
-	if use dmarc ; then
-		einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
-		einfo "you can populate this file with the contents downloaded from"
-		einfo "  https://publicsuffix.org/list/public_suffix_list.dat"
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	if use srs; then
-		einfo "SRS support using libsrs_alt was dropped in this"
-		einfo "release of Exim, you are now using the native SRS implementation"
-	fi
-	use dsn && einfo "extra information in fail DSN message is experimental"
-	einfo
-	elog "Note that this release contains a tainted variable check that"
-	elog "is likely to break your configuration used with Exim 4.93 and before."
-	elog "Please check your transports for occurences of \$local_part, and"
-	elog "use a replacement like \$local_part_data where possible."
-}

diff --git a/mail-mta/exim/exim-4.96.2.ebuild b/mail-mta/exim/exim-4.96.2.ebuild
deleted file mode 100644
index 1a6f85e5b4ec..000000000000
--- a/mail-mta/exim/exim-4.96.2.ebuild
+++ /dev/null
@@ -1,655 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
-	arc? ( dkim spf )
-	dane? ( ssl !gnutls )
-	dmarc? ( dkim spf )
-	dkim? ( ssl !gnutls )
-	gnutls? ( ssl )
-	pkcs11? ( ssl )
-	|| ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else.  Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
-	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-GPV="r0"
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
-	https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz
-	mirror://gentoo/system_filter.exim.gz
-	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~ppc ppc64 sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	dev-libs/libpcre2:=
-	tdb? ( sys-libs/tdb:= )
-	!tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
-	!tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
-	idn? ( net-dns/libidn:= net-dns/libidn2:= )
-	perl? ( dev-lang/perl:= )
-	pam? ( sys-libs/pam )
-	tcpd? ( sys-apps/tcp-wrappers )
-	ssl? (
-		gnutls? (
-			net-libs/gnutls:0=[pkcs11?]
-			dev-libs/libtasn1
-		)
-		!gnutls? (
-			dev-libs/openssl:0=
-		)
-	)
-	ldap? ( >=net-nds/openldap-2.0.7:= )
-	elibc_glibc? (
-		net-libs/libnsl:=
-		nis? (
-			net-libs/libtirpc:=
-			>=net-libs/libnsl-1:=
-		)
-	)
-	mysql? ( dev-db/mysql-connector-c:= )
-	postgres? ( dev-db/postgresql:= )
-	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
-	redis? ( dev-libs/hiredis:= )
-	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc:= )
-	X? (
-		x11-libs/libX11
-		x11-libs/libXmu
-		x11-libs/libXt
-		x11-libs/libXaw
-	)
-	sqlite? ( dev-db/sqlite )
-	radius? ( net-dialup/freeradius-client )
-	virtual/libcrypt:=
-	virtual/libiconv
-	"
-	# added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
-	!mail-mta/courier
-	!mail-mta/esmtp
-	!mail-mta/msmtp[mta]
-	!mail-mta/netqmail
-	!mail-mta/nullmailer
-	!mail-mta/postfix
-	!mail-mta/sendmail
-	!mail-mta/opensmtpd
-	!mail-mta/ssmtp[mta]
-	>=net-mail/mailbase-0.00-r5
-	virtual/logger
-	dcc? ( mail-filter/dcc )
-	selinux? ( sec-policy/selinux-exim )
-	"
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
-	# Legacy patches which need a respin for -p1
-	eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
-	eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	eapply     "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
-	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
-	eapply     "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
-
-	# Upstream post-release fixes :(
-	local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV}
-	eapply     "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
-	eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
-	eapply     "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
-
-	# oddity, they disable berkdb as hack, and then throw an error when
-	# berkdb isn't enabled
-	sed -i \
-		-e 's/_DB_/_DONTMESS_/' \
-		-e 's/define DB void/define DONTMESS void/' \
-		src/auths/call_radius.c || die
-
-	# API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
-	# used, but 1.3 has a CVE and Gentoo (like most downstreams) only
-	# has 1.4 available
-	eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-
-	if use maildir ; then
-		eapply "${FILESDIR}"/exim-4.94-maildir.patch
-	else
-		eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
-	fi
-
-	eapply_user
-
-	# user Exim believes it should be
-	MAILUSER=mail
-	MAILGROUP=mail
-	if use prefix && [[ ${EUID} != 0 ]] ; then
-		MAILUSER=$(id -un)
-		MAILGROUP=$(id -gn)
-	fi
-}
-
-src_configure() {
-	# general config and paths
-
-	local aliases="${EPREFIX}/etc/mail/aliases"
-	sed -i \
-		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
-		src/configure.default || die
-
-	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
-	if use elibc_musl; then
-		sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
-	fi
-
-	local conffile="${EPREFIX}/etc/exim/exim.conf"
-	sed -e "48i\CFLAGS=${CFLAGS}" \
-		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
-		-e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
-		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
-		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
-		src/EDITME > Local/Makefile || die
-
-	# work on Local/Makefile from now on
-	cd Local
-
-	cat >> Makefile <<- EOC
-		INFO_DIRECTORY=${EPREFIX}/usr/share/info
-		PID_FILE_PATH=${EPREFIX}/run/exim.pid
-		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
-		HAVE_ICONV=yes
-		WITH_CONTENT_SCAN=yes
-	EOC
-
-	# configure db implementation, Exim always needs one for its hints
-	# database, we prefer tdb and gdbm, since bdb is kind of getting
-	# less and less support
-	if use tdb ; then
-		cat >> Makefile <<- EOC
-			USE_TDB=yes
-			DBMLIB = -ltdb
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-	elif use gdbm ; then
-		cat >> Makefile <<- EOC
-			USE_GDBM=yes
-			DBMLIB = -lgdbm
-		EOC
-		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	else # must be berkdb via required_use
-		# use the "native" interfaces to the DBM and CDB libraries, support
-		# passwd and directory lookups by default
-		local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
-		cat >> Makefile <<- EOC
-			USE_DB=yes
-			# keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
-			CFLAGS += -I$(db_includedir ${DB_VERS})
-			DBMLIB = -l$(db_libname ${DB_VERS})
-		EOC
-		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
-		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
-	fi
-
-	# if we use libiconv, now is the time to tell so
-	if use !elibc_glibc && use !elibc_musl ; then
-		cat >> Makefile <<- EOC
-			EXTRALIBS_EXIM=-liconv
-		EOC
-	fi
-
-	# support for IPv6
-	if use ipv6; then
-		cat >> Makefile <<- EOC
-			HAVE_IPV6=YES
-		EOC
-	fi
-
-	# support i18n/IDNA
-	if use idn; then
-		cat >> Makefile <<- EOC
-			SUPPORT_I18N=yes
-			SUPPORT_I18N_2008=yes
-			EXTRALIBS_EXIM += -lidn -lidn2
-		EOC
-	fi
-
-	#
-	# mail storage formats
-	#
-
-	# mailstore is Exim's traditional storage format
-	cat >> Makefile <<- EOC
-		SUPPORT_MAILSTORE=yes
-	EOC
-
-	# mbox
-	if use mbx; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MBX=yes
-		EOC
-	fi
-
-	# maildir
-	if use maildir; then
-		cat >> Makefile <<- EOC
-			SUPPORT_MAILDIR=yes
-		EOC
-	fi
-
-	#
-	# lookup methods
-	#
-
-	# support passwd and directory lookups by default
-	cat >> Makefile <<- EOC
-		LOOKUP_CDB=yes
-		LOOKUP_PASSWD=yes
-		LOOKUP_DSEARCH=yes
-	EOC
-
-	if ! use dnsdb; then
-		# DNSDB lookup is enabled by default
-		sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
-	fi
-
-	if use ldap; then
-		cat >> Makefile <<- EOC
-			LOOKUP_LDAP=yes
-			LDAP_LIB_TYPE=OPENLDAP2
-			LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
-			LOOKUP_LIBS += -lldap -llber
-		EOC
-	fi
-
-	if use mysql; then
-		cat >> Makefile <<- EOC
-			LOOKUP_MYSQL=yes
-			LOOKUP_INCLUDE += $(mysql_config --include)
-			LOOKUP_LIBS += $(mysql_config --libs)
-		EOC
-	fi
-
-	if use nis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_NIS=yes
-			LOOKUP_NISPLUS=yes
-		EOC
-		if use elibc_glibc ; then
-			cat >> Makefile <<- EOC
-				LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
-				LOOKUP_LIBS += -lnsl
-			EOC
-		fi
-	fi
-
-	if use postgres; then
-		cat >> Makefile <<- EOC
-			LOOKUP_PGSQL=yes
-			LOOKUP_INCLUDE += -I$(pg_config --includedir)
-			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
-		EOC
-	fi
-
-	if use sqlite; then
-		cat >> Makefile <<- EOC
-			LOOKUP_SQLITE=yes
-			LOOKUP_SQLITE_PC=sqlite3
-		EOC
-	fi
-
-	if use redis; then
-		cat >> Makefile <<- EOC
-			LOOKUP_REDIS=yes
-			LOOKUP_LIBS += -lhiredis
-		EOC
-	fi
-
-	# Exim monitor, enabled by default, controlled via X USE-flag,
-	# disable if not requested, bug #46778
-	if use X; then
-		cp ../exim_monitor/EDITME eximon.conf || die
-		cat >> Makefile <<- EOC
-			EXIM_MONITOR=eximon.bin
-		EOC
-	fi
-
-	#
-	# features
-	#
-
-	# DomainKeys Identified Mail, RFC4871
-	if ! use dkim; then
-		# DKIM is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_DKIM=yes
-		EOC
-	fi
-
-	# Per-Recipient-Data-Response
-	if ! use prdr; then
-		# PRDR is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_PRDR=yes
-		EOC
-	fi
-
-	# Transport post-delivery actions
-	if use !tpda && use !dane; then
-		# EVENT is enabled by default
-		cat >> Makefile <<- EOC
-			DISABLE_EVENT=yes
-		EOC
-	fi
-
-	# log to syslog
-	if use syslog; then
-		local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
-		sed -i \
-			-e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
-			Makefile || die
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=syslog
-		EOC
-	else
-		cat >> Makefile <<- EOC
-			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
-		EOC
-	fi
-
-	# starttls support (ssl)
-	if use ssl; then
-		if use gnutls; then
-			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
-				>> Makefile
-			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
-		else
-			echo "USE_OPENSSL=yes" >> Makefile
-			echo "USE_OPENSSL_PC=openssl" >> Makefile
-		fi
-	else
-		echo "DISABLE_TLS=yes" >> Makefile
-	fi
-
-	# TCP wrappers
-	if use tcpd; then
-		cat >> Makefile <<- EOC
-			USE_TCP_WRAPPERS=yes
-			EXTRALIBS_EXIM += -lwrap
-		EOC
-	fi
-
-	# Light Mail Transport Protocol
-	if use lmtp; then
-		cat >> Makefile <<- EOC
-			TRANSPORT_LMTP=yes
-		EOC
-	fi
-
-	# embedded Perl
-	if use perl; then
-		cat >> Makefile <<- EOC
-			EXIM_PERL=perl.o
-		EOC
-	fi
-
-	# dlfunc
-	if use dlfunc; then
-		cat >> Makefile <<- EOC
-			EXPAND_DLFUNC=yes
-			HAVE_LOCAL_SCAN=yes
-			DLOPEN_LOCAL_SCAN=yes
-		EOC
-	fi
-
-	# Proxy Protocol
-	if use proxy; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PROXY=yes
-		EOC
-	fi
-
-	# SOCKS5 (outbound) proxy support
-	if use socks5; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SOCKS=yes
-		EOC
-	fi
-
-	# DANE
-	if use !dane; then
-		# DANE is enabled by default
-		sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
-	fi
-
-	# DMARC
-	if use dmarc; then
-		cat >> Makefile <<- EOC
-			SUPPORT_DMARC=yes
-			EXTRALIBS_EXIM += -lopendmarc
-		EOC
-	fi
-
-	# Sender Policy Framework
-	if use spf; then
-		cat >> Makefile <<- EOC
-			SUPPORT_SPF=yes
-			EXTRALIBS_EXIM += -lspf2
-		EOC
-	fi
-
-	#
-	# experimental features
-	#
-
-	# Authenticated Receive Chain
-	if use arc; then
-		echo "EXPERIMENTAL_ARC=yes">> Makefile
-	fi
-
-	# Distributed Checksum Clearinghouse
-	if use dcc; then
-		echo "EXPERIMENTAL_DCC=yes">> Makefile
-	fi
-
-	# Sender Rewriting Scheme
-	if use srs; then
-		# this one is the default/supported variant since 4.95, and the
-		# only variant available since 4.96
-		cat >> Makefile <<- EOC
-			SUPPORT_SRS=yes
-		EOC
-	fi
-
-	# Delivery Sender Notifications extra information in fail message
-	if use dsn; then
-		cat >> Makefile <<- EOC
-			EXPERIMENTAL_DSN_INFO=yes
-		EOC
-	fi
-
-	#
-	# authentication (SMTP AUTH)
-	#
-
-	# standard bits
-	cat >> Makefile <<- EOC
-		AUTH_SPA=yes
-		AUTH_CRAM_MD5=yes
-		AUTH_PLAINTEXT=yes
-	EOC
-
-	# Cyrus SASL
-	if use sasl; then
-		cat >> Makefile <<- EOC
-			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
-			AUTH_CYRUS_SASL=yes
-			AUTH_LIBS += -lsasl2
-		EOC
-	fi
-
-	# Dovecot
-	if use dovecot-sasl; then
-		cat >> Makefile <<- EOC
-			AUTH_DOVECOT=yes
-		EOC
-	fi
-
-	# Pluggable Authentication Modules
-	if use pam; then
-		cat >> Makefile <<- EOC
-			SUPPORT_PAM=yes
-			AUTH_LIBS += -lpam
-		EOC
-	fi
-
-	# Radius
-	if use radius; then
-		cat >> Makefile <<- EOC
-			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
-			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
-			AUTH_LIBS += -lfreeradius-client
-		EOC
-	fi
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
-	cd "${S}"/build-exim-gentoo || die
-	dosbin exim
-	if use X; then
-		dosbin eximon.bin
-		dosbin eximon
-	fi
-	fperms 4755 /usr/sbin/exim
-
-	dosym exim /usr/sbin/sendmail
-	dosym exim /usr/sbin/rsmtp
-	dosym exim /usr/sbin/rmail
-	dosym ../sbin/exim /usr/bin/mailq
-	dosym ../sbin/exim /usr/bin/newaliases
-	dosym ../sbin/sendmail /usr/lib/sendmail
-
-	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
-		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
-		convert4r3 convert4r4 exipick
-	do
-		dosbin $i
-	done
-
-	dodoc -r "${S}"/doc/.
-	doman "${S}"/doc/exim.8
-	use dsn && dodoc "${S}"/README.DSN
-	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
-	# conf files
-	insinto /etc/exim
-	newins "${S}"/src/configure.default exim.conf.dist
-	doins "${WORKDIR}"/system_filter.exim
-	doins "${FILESDIR}"/auth_conf.sub
-
-	if use pam; then
-		pamd_mimic system-auth exim auth account
-	fi
-
-	# headers, #436406
-	if use dlfunc ; then
-		# fixup includes so they actually can be found when including
-		sed -i \
-			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
-			local_scan.h || die
-		insinto /usr/include/exim
-		doins {config,local_scan}.h ../src/{mytypes,store}.h
-	fi
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/exim.logrotate" exim
-
-	newinitd "${FILESDIR}"/exim.rc10 exim
-	newconfd "${FILESDIR}"/exim.confd exim
-
-	systemd_dounit \
-		"${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
-	systemd_newunit \
-		"${FILESDIR}"/exim_at.service 'exim@.service'
-	systemd_newunit \
-		"${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
-	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
-	keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
-	if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
-		einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
-		einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
-		einfo "for using smtp auth."
-		einfo "Please create ${EROOT}/etc/exim/exim.conf from"
-		einfo "  ${EROOT}/etc/exim/exim.conf.dist."
-	fi
-	if use berkdb && ( use gdbm || use tdb ) ; then
-		ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
-	fi
-	if use dmarc ; then
-		einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
-		einfo "you can populate this file with the contents downloaded from"
-		einfo "  https://publicsuffix.org/list/public_suffix_list.dat"
-	fi
-	if use dcc ; then
-		einfo "DCC support is experimental, you can find some limited"
-		einfo "documentation at the bottom of this prerelease message:"
-		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
-	fi
-	if use srs; then
-		einfo "SRS support using libsrs_alt was dropped in this"
-		einfo "release of Exim, you are now using the native SRS implementation"
-	fi
-	use dsn && einfo "extra information in fail DSN message is experimental"
-	einfo
-	elog "Note that this release contains a tainted variable check that"
-	elog "is likely to break your configuration used with Exim 4.93 and before."
-	elog "Please check your transports for occurences of \$local_part, and"
-	elog "use a replacement like \$local_part_data where possible."
-}

diff --git a/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch b/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch
deleted file mode 100644
index 3b3ea4628174..000000000000
--- a/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-https://bugs.gentoo.org/show_bug.cgi?id=352265
-
-Make sure LDFLAGS comes first, such that all libraries are considered,
-and not discarded when --as-needed is in effect.
-
-https://bugs.gentoo.org/show_bug.cgi?id=391279
-
-Use LDFLAGS for all targets, not just the exim binary, such that
---as-needed works as well.
-
-
---- a/OS/Makefile-Base
-+++ b/OS/Makefile-Base
-@@ -496,12 +496,12 @@
-         buildrouters buildtransports \
-         $(OBJ_EXIM) version.o
- 	@echo "$(LNCC) -o exim"
--	$(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \
-+	$(FE)$(PURIFY) $(LNCC) -o exim $(LDFLAGS) $(OBJ_EXIM) version.o \
- 	  routers/routers.a transports/transports.a lookups/lookups.a \
- 	  auths/auths.a pdkim/pdkim.a \
- 	  $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \
- 	  $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \
--	  $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS)
-+	  $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim; \
- 	  $(STRIP_COMMAND) exim; \
-@@ -517,8 +517,8 @@
- 
- exim_dumpdb: $(OBJ_DUMPDB)
- 	@echo "$(LNCC) -o exim_dumpdb"
--	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LFLAGS) $(OBJ_DUMPDB) \
--	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LDFLAGS) $(OBJ_DUMPDB) \
-+	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_dumpdb; \
- 	  $(STRIP_COMMAND) exim_dumpdb; \
-@@ -532,8 +532,8 @@
- 
- exim_fixdb:  $(OBJ_FIXDB)
- 	@echo "$(LNCC) -o exim_fixdb"
--	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \
--	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LDFLAGS) $(OBJ_FIXDB) \
-+	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_fixdb; \
- 	  $(STRIP_COMMAND) exim_fixdb; \
-@@ -547,8 +547,8 @@
- 
- exim_tidydb: $(OBJ_TIDYDB)
- 	@echo "$(LNCC) -o exim_tidydb"
--	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LFLAGS) $(OBJ_TIDYDB) \
--	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LDFLAGS) $(OBJ_TIDYDB) \
-+	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_tidydb; \
- 	  $(STRIP_COMMAND) exim_tidydb; \
-@@ -560,8 +560,8 @@
- 
- exim_dbmbuild: exim_dbmbuild.o
- 	@echo "$(LNCC) -o exim_dbmbuild"
--	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
--	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LDFLAGS) exim_dbmbuild.o \
-+	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_dbmbuild; \
- 	  $(STRIP_COMMAND) exim_dbmbuild; \
-@@ -575,8 +575,8 @@
- 	@echo "$(CC) exim_lock.c"
- 	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
- 	@echo "$(LNCC) -o exim_lock"
--	$(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o  \
--	  $(LIBS) $(EXTRALIBS)
-+	$(FE)$(LNCC) -o exim_lock $(LDFLAGS) exim_lock.o  \
-+	  $(LIBS) $(EXTRALIBS) $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) exim_lock; \
- 	  $(STRIP_COMMAND) exim_lock; \
-@@ -612,9 +612,9 @@
- 	$(FE)$(CC) -o em_version.o -c \
- 	  $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c
- 	@echo "$(LNCC) -o eximon.bin"
--	$(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \
-+	$(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LDFLAGS) $(XLFLAGS) \
- 	  $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \
--	  $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc
-+	  $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc $(LFLAGS)
- 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- 	  echo $(STRIP_COMMAND) eximon.bin; \
- 	  $(STRIP_COMMAND) eximon.bin; \
-@@ -947,9 +947,9 @@
- 	       string.o tod.o version.o utf8.o
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY store.c
--	$(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \
-+	$(LNCC) -o test_dbfn $(LDFLAGS) dbfn.o \
- 	  dummies.o sa-globals.o sa-os.o store.o string.o \
--	  tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS)
-+	  tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LFLAGS)
- 	rm -f dbfn.o store.o
- 
- test_host:   config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
-@@ -958,29 +958,29 @@
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c
--	$(LNCC) -o test_host $(LFLAGS) \
-+	$(LNCC) -o test_host $(LDFLAGS) \
- 	  host.o child.o dns.o dummies.o sa-globals.o os.o store.o string.o \
--	  tod.o tree.o $(LIBS) $(LIBRESOLV)
-+	  tod.o tree.o $(LIBS) $(LIBRESOLV) $(LFLAGS)
- 	rm -f child.o dummies.o host.o dns.o
- 
- test_os:     os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c
--	$(LNCC) -o test_os $(LFLAGS) os.o dummies.o \
--	  sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS)
-+	$(LNCC) -o test_os $(LDFLAGS) os.o dummies.o \
-+	  sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LFLAGS)
- 	rm -f os.o
- 
- test_parse:  config.h parse.c dummies.o sa-globals.o \
- 	     store.o string.o tod.o version.o utf8.o
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c
--	$(LNCC) -o test_parse $(LFLAGS) parse.o \
-+	$(LNCC) -o test_parse $(LDFLAGS) parse.o \
- 	  dummies.o sa-globals.o store.o string.o tod.o version.o \
--	  utf8.o $(LDFLAGS)
-+	  utf8.o $(LFLAGS)
- 	rm -f parse.o
- 
- test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o
- 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c
--	$(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \
--	  dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS)
-+	$(LNCC) -o test_string $(LDFLAGS) -DSTAND_ALONE string.o \
-+	  dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LFLAGS)
- 	rm -f string.o
- 
- # End

diff --git a/mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch b/mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch
deleted file mode 100644
index d37c320d1592..000000000000
--- a/mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-https://bugs.exim.org/show_bug.cgi?id=2728
-
-
---- a/src/dmarc.c
-+++ b/src/dmarc.c
-@@ -446,7 +446,7 @@
- 		  vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
- 		  DMARC_POLICY_DKIM_OUTCOME_NONE;
-     libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain,
--					       dkim_result, US"");
-+					       sig->selector, dkim_result, US"");
-     DEBUG(D_receive)
-       debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
-     if (libdm_status != DMARC_PARSE_OKAY)

diff --git a/mail-mta/exim/files/exim-4.95-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.95-localscan_dlopen.patch
deleted file mode 100644
index 320cc9936da9..000000000000
--- a/mail-mta/exim/files/exim-4.95-localscan_dlopen.patch
+++ /dev/null
@@ -1,221 +0,0 @@
-Only in exim-4.95: dlopen.patch
-diff -aur exim-4.95.orig/src/config.h.defaults exim-4.95/src/config.h.defaults
---- exim-4.95.orig/src/config.h.defaults	2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/config.h.defaults	2021-09-29 08:20:03.677883649 +0200
-@@ -35,6 +35,8 @@
- 
- #define AUTH_VARS                     4
- 
-+#define DLOPEN_LOCAL_SCAN
-+
- #define BIN_DIRECTORY
- 
- #define CONFIGURE_FILE
-Only in exim-4.95/src: config.h.defaults.orig
-diff -aur exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
---- exim-4.95.orig/src/EDITME	2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/EDITME	2021-09-29 08:20:03.678883649 +0200
-@@ -883,6 +883,24 @@
- 
- 
- #------------------------------------------------------------------------------
-+# On systems which support dynamic loading of shared libraries, Exim can
-+# load a local_scan function specified in its config file instead of having
-+# to be recompiled with the desired local_scan function. For a full
-+# description of the API to this function, see the Exim specification.
-+
-+#DLOPEN_LOCAL_SCAN=yes
-+
-+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
-+# linker flags.  Without it, the loaded .so won't be able to access any
-+# functions from exim.
-+
-+LFLAGS = -rdynamic
-+ifeq ($(OSTYPE),Linux)
-+LFLAGS += -ldl
-+endif
-+
-+
-+#------------------------------------------------------------------------------
- # The default distribution of Exim contains only the plain text form of the
- # documentation. Other forms are available separately. If you want to install
- # the documentation in "info" format, first fetch the Texinfo documentation
-Only in exim-4.95/src: EDITME.orig
-diff -aur exim-4.95.orig/src/globals.c exim-4.95/src/globals.c
---- exim-4.95.orig/src/globals.c	2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/globals.c	2021-09-29 08:20:03.679883649 +0200
-@@ -42,6 +42,10 @@
- 
- uschar *no_aliases             = NULL;
- 
-+#ifdef DLOPEN_LOCAL_SCAN
-+uschar *local_scan_path        = NULL;
-+#endif
-+
- 
- /* For comments on these variables, see globals.h. I'm too idle to
- duplicate them here... */
-Only in exim-4.95/src: globals.c.orig
-diff -aur exim-4.95.orig/src/globals.h exim-4.95/src/globals.h
---- exim-4.95.orig/src/globals.h	2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/globals.h	2021-09-29 08:20:03.680883648 +0200
-@@ -170,6 +170,9 @@
- extern int (*receive_ferror)(void);
- extern BOOL (*receive_smtp_buffered)(void);
- 
-+#ifdef DLOPEN_LOCAL_SCAN
-+extern uschar *local_scan_path;        /* Path to local_scan() library */
-+#endif
- 
- /* For clearing, saving, restoring address expansion variables. We have to have
- the size of this vector set explicitly, because it is referenced from more than
-Only in exim-4.95/src: globals.h.orig
-diff -aur exim-4.95.orig/src/local_scan.c exim-4.95/src/local_scan.c
---- exim-4.95.orig/src/local_scan.c	2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/local_scan.c	2021-09-29 08:23:33.756785663 +0200
-@@ -54,10 +54,130 @@
-                    is used in the rejection message.
- */
- 
-+#ifdef DLOPEN_LOCAL_SCAN
-+# include <stdlib.h>
-+# include <dlfcn.h>
-+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
-+static int load_local_scan_library(void);
-+extern uschar *local_scan_path;        /* Path to local_scan() library */
-+#endif
-+
- int
- local_scan(int fd, uschar **return_text)
- {
--return LOCAL_SCAN_ACCEPT;
-+#ifdef DLOPEN_LOCAL_SCAN
-+/* local_scan_path is defined AND not the empty string */
-+if (local_scan_path && *local_scan_path)
-+  {
-+  if (!local_scan_fn)
-+    {
-+    if (!load_local_scan_library())
-+      {
-+        char *base_msg , *error_msg , *final_msg ;
-+        int final_length = -1 ;
-+
-+        base_msg=US"Local configuration error - local_scan() library failure\n";
-+        error_msg = dlerror() ;
-+
-+        final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
-+        final_msg = (char*)malloc( final_length*sizeof(char) ) ;
-+        *final_msg = '\0' ;
-+
-+        strcat( final_msg , base_msg ) ;
-+        strcat( final_msg , error_msg ) ;
-+
-+        *return_text = final_msg ;
-+      return LOCAL_SCAN_TEMPREJECT;
-+      }
-+    }
-+    return local_scan_fn(fd, return_text);
-+  }
-+else
-+#endif
-+  return LOCAL_SCAN_ACCEPT;
-+}
-+
-+#ifdef DLOPEN_LOCAL_SCAN
-+
-+static int load_local_scan_library(void)
-+{
-+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
-+void *local_scan_lib = NULL;
-+int (*local_scan_version_fn)(void);
-+int vers_maj;
-+int vers_min;
-+
-+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
-+if (!local_scan_lib)
-+  {
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
-+    "message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
-+if (!local_scan_version_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan_version_major() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+/* The major number is increased when the ABI is changed in a non
-+   backward compatible way. */
-+vers_maj = local_scan_version_fn();
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
-+if (!local_scan_version_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan_version_minor() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+/* The minor number is increased each time a new feature is added (in a
-+   way that doesn't break backward compatibility) -- Marc */
-+vers_min = local_scan_version_fn();
-+
-+
-+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
-+  {
-+  dlclose(local_scan_lib);
-+  local_scan_lib = NULL;
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
-+    "version number, you need to recompile your module for this version"
-+    "of exim (The module was compiled for version %d.%d and this exim provides"
-+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+    LOCAL_SCAN_ABI_VERSION_MINOR);
-+  return FALSE;
-+  }
-+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
-+  {
-+  dlclose(local_scan_lib);
-+  local_scan_lib = NULL;
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
-+    "version number, you need to recompile your module for this version"
-+    "of exim (The module was compiled for version %d.%d and this exim provides"
-+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+    LOCAL_SCAN_ABI_VERSION_MINOR);
-+  return FALSE;
-+  }
-+
-+local_scan_fn = dlsym(local_scan_lib, "local_scan");
-+if (!local_scan_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+return TRUE;
- }
- 
-+#endif /* DLOPEN_LOCAL_SCAN */
-+
-+
- /* End of local_scan.c */
-diff -aur exim-4.95.orig/src/readconf.c exim-4.95/src/readconf.c
---- exim-4.95.orig/src/readconf.c	2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/readconf.c	2021-09-29 08:20:03.682883647 +0200
-@@ -215,6 +215,9 @@
-   { "local_from_prefix",        opt_stringptr,   {&local_from_prefix} },
-   { "local_from_suffix",        opt_stringptr,   {&local_from_suffix} },
-   { "local_interfaces",         opt_stringptr,   {&local_interfaces} },
-+#ifdef DLOPEN_LOCAL_SCAN
-+  { "local_scan_path",          opt_stringptr,   {&local_scan_path} },
-+#endif
- #ifdef HAVE_LOCAL_SCAN
-   { "local_scan_timeout",       opt_time,        {&local_scan_timeout} },
- #endif
-Only in exim-4.95/src: readconf.c.orig

diff --git a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
deleted file mode 100644
index 7eed4eb1855f..000000000000
--- a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
+++ /dev/null
@@ -1,265 +0,0 @@
-https://nvd.nist.gov/vuln/detail/CVE-2023-51766
-
-
-From cf1376206284f2a4f11e32d931d4aade34c206c5 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Fri, 22 Dec 2023 23:57:05 +0000
-Subject: [PATCH] Reject "dot, LF" as ending data phase.  Bug 3063
-
-From 5bb786d5ad568a88d50d15452aacc8404047e5ca Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sat, 23 Dec 2023 17:42:57 +0000
-Subject: [PATCH] Reject "dot, LF" as ending data phase (pt. 2).  Bug 3063
-
-reduced to source changes only for Gentoo
-
-
-
-diff --git a/src/src/receive.c b/src/src/receive.c
-index e35400aec..c6f612832 100644
---- a/src/src/receive.c
-+++ b/src/src/receive.c
-@@ -836,93 +842,101 @@
- */
- 
- static int
--read_message_data_smtp(FILE *fout)
-+read_message_data_smtp(FILE * fout, BOOL strict_crlf)
- {
--int ch_state = 0;
--int ch;
--int linelength = 0;
-+enum { s_linestart, s_normal, s_had_cr, s_had_nl_dot, s_had_dot_cr } ch_state =
-+	      s_linestart;
-+int linelength = 0, ch;
- 
- while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
-   {
-   if (ch == 0) body_zerocount++;
-   switch (ch_state)
-     {
--    case 0:                             /* After LF or CRLF */
--    if (ch == '.')
--      {
--      ch_state = 3;
--      continue;                         /* Don't ever write . after LF */
--      }
--    ch_state = 1;
-+    case s_linestart:			/* After LF or CRLF */
-+      if (ch == '.')
-+	{
-+	ch_state = s_had_nl_dot;
-+	continue;			/* Don't ever write . after LF */
-+	}
-+      ch_state = s_normal;
- 
--    /* Else fall through to handle as normal uschar. */
-+      /* Else fall through to handle as normal uschar. */
- 
--    case 1:                             /* Normal state */
--    if (ch == '\n')
--      {
--      ch_state = 0;
--      body_linecount++;
-+    case s_normal:			/* Normal state */
-+      if (ch == '\r')
-+	{
-+	ch_state = s_had_cr;
-+	continue;			/* Don't write the CR */
-+	}
-+      if (ch == '\n')			/* Bare LF at end of line */
-+	if (strict_crlf)
-+	  ch = ' ';			/* replace LF with space */
-+	else
-+	  {				/* treat as line ending */
-+	  ch_state = s_linestart;
-+	  body_linecount++;
-+	  if (linelength > max_received_linelength)
-+	    max_received_linelength = linelength;
-+	  linelength = -1;
-+	  }
-+      break;
-+
-+    case s_had_cr:			/* After (unwritten) CR */
-+      body_linecount++;			/* Any char ends line */
-       if (linelength > max_received_linelength)
--        max_received_linelength = linelength;
-+	max_received_linelength = linelength;
-       linelength = -1;
--      }
--    else if (ch == '\r')
--      {
--      ch_state = 2;
--      continue;
--      }
--    break;
-+      if (ch == '\n')			/* proper CRLF */
-+	ch_state = s_linestart;
-+      else
-+	{
-+	message_size++;		/* convert the dropped CR to a stored NL */
-+	if (fout && fputc('\n', fout) == EOF) return END_WERROR;
-+	cutthrough_data_put_nl();
-+	if (ch == '\r')			/* CR; do not write */
-+	  continue;
-+	ch_state = s_normal;		/* not LF or CR; process as standard */
-+	}
-+      break;
- 
--    case 2:                             /* After (unwritten) CR */
--    body_linecount++;
--    if (linelength > max_received_linelength)
--      max_received_linelength = linelength;
--    linelength = -1;
--    if (ch == '\n')
--      {
--      ch_state = 0;
--      }
--    else
--      {
--      message_size++;
--      if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
--      cutthrough_data_put_nl();
--      if (ch != '\r') ch_state = 1; else continue;
--      }
--    break;
-+    case s_had_nl_dot:			/* After [CR] LF . */
-+      if (ch == '\n')			/* [CR] LF . LF */
-+	if (strict_crlf)
-+	  ch = ' ';			/* replace LF with space */
-+	else
-+	  return END_DOT;
-+      else if (ch == '\r')		/* [CR] LF . CR */
-+	{
-+	ch_state = s_had_dot_cr;
-+	continue;			/* Don't write the CR */
-+	}
-+      /* The dot was removed on reaching s_had_nl_dot. For a doubled dot, here,
-+      reinstate it to cutthrough. The current ch, dot or not, is passed both to
-+      cutthrough and to file below. */
-+      else if (ch == '.')
-+	{
-+	uschar c = ch;
-+	cutthrough_data_puts(&c, 1);
-+	}
-+      ch_state = s_normal;
-+      break;
- 
--    case 3:                             /* After [CR] LF . */
--    if (ch == '\n')
--      return END_DOT;
--    if (ch == '\r')
--      {
--      ch_state = 4;
--      continue;
--      }
--    /* The dot was removed at state 3. For a doubled dot, here, reinstate
--    it to cutthrough. The current ch, dot or not, is passed both to cutthrough
--    and to file below. */
--    if (ch == '.')
--      {
--      uschar c= ch;
--      cutthrough_data_puts(&c, 1);
--      }
--    ch_state = 1;
--    break;
-+    case s_had_dot_cr:			/* After [CR] LF . CR */
-+      if (ch == '\n')
-+	return END_DOT;			/* Preferred termination */
- 
--    case 4:                             /* After [CR] LF . CR */
--    if (ch == '\n') return END_DOT;
--    message_size++;
--    body_linecount++;
--    if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
--    cutthrough_data_put_nl();
--    if (ch == '\r')
--      {
--      ch_state = 2;
--      continue;
--      }
--    ch_state = 1;
--    break;
-+      message_size++;		/* convert the dropped CR to a stored NL */
-+      body_linecount++;
-+      if (fout && fputc('\n', fout) == EOF) return END_WERROR;
-+      cutthrough_data_put_nl();
-+      if (ch == '\r')
-+	{
-+	ch_state = s_had_cr;
-+	continue;			/* CR; do not write */
-+	}
-+      ch_state = s_normal;
-+      break;
-     }
- 
-   /* Add the character to the spool file, unless skipping; then loop for the
-@@ -1140,7 +1152,7 @@ receive_swallow_smtp(void)
- {
- if (message_ended >= END_NOTENDED)
-   message_ended = chunking_state <= CHUNKING_OFFERED
--     ? read_message_data_smtp(NULL)
-+     ? read_message_data_smtp(NULL, FALSE)
-      : read_message_bdat_smtp_wire(NULL);
- }
- 
-@@ -1960,8 +1960,10 @@ for (;;)
- 
-   if (ch == '\n')
-     {
--    if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
--      else if (first_line_ended_crlf) receive_ungetc(' ');
-+    if (first_line_ended_crlf == TRUE_UNSET)
-+      first_line_ended_crlf = FALSE;
-+    else if (first_line_ended_crlf)
-+      receive_ungetc(' ');
-     goto EOL;
-     }
- 
-@@ -1977,7 +1980,11 @@ for (;;)
-   if (f.dot_ends && ptr == 0 && ch == '.')
-     {
-     ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
--    if (ch == '\r')
-+    if (ch == '\n' && first_line_ended_crlf == TRUE /* and not TRUE_UNSET */ )
-+    		/* dot, LF  but we are in CRLF mode.  Attack? */
-+      ch = ' ';	/* replace the LF with a space */
-+
-+    else if (ch == '\r')
-       {
-       ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
-       if (ch != '\n')
-@@ -2013,7 +2020,8 @@ for (;;)
-     ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
-     if (ch == '\n')
-       {
--      if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
-+      if (first_line_ended_crlf == TRUE_UNSET)
-+	first_line_ended_crlf = TRUE;
-       goto EOL;
-       }
- 
-@@ -3241,7 +3253,7 @@ if (!ferror(spool_data_file) && !(receive_feof)() && message_ended != END_DOT)
-   if (smtp_input)
-     {
-     message_ended = chunking_state <= CHUNKING_OFFERED
--      ? read_message_data_smtp(spool_data_file)
-+      ? read_message_data_smtp(spool_data_file, first_line_ended_crlf)
-       : spool_wireformat
-       ? read_message_bdat_smtp_wire(spool_data_file)
-       : read_message_bdat_smtp(spool_data_file);
-diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
-index e19c86ff8..aeaffeb37 100644
---- a/src/src/smtp_in.c
-+++ b/src/src/smtp_in.c
-@@ -5112,7 +5112,10 @@ while (done <= 0)
- 	to get the DATA command sent. */
- 
- 	if (!acl_smtp_predata && cutthrough.cctx.sock < 0)
-+	  {
-+	  if (!check_sync()) goto SYNC_FAILURE;
- 	  rc = OK;
-+	  }
- 	else
- 	  {
- 	  uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept";


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-01-28 18:20 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-01-28 18:20 UTC (permalink / raw
  To: gentoo-commits

commit:     662e4585eef68252845c897c989764dddd350141
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 28 18:18:46 2024 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Jan 28 18:20:00 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=662e4585

mail-mta/exim-4.97.1-r2: update upstream patches for pcre2 memory usage

Bug: https://bugs.gentoo.org/922780
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 ...exim-4.97.1-r1.ebuild => exim-4.97.1-r2.ebuild} |   0
 .../files/exim-4.97.1-memory-usage-bug-3047.patch  | 210 +++++++++++++++++++--
 2 files changed, 190 insertions(+), 20 deletions(-)

diff --git a/mail-mta/exim/exim-4.97.1-r1.ebuild b/mail-mta/exim/exim-4.97.1-r2.ebuild
similarity index 100%
rename from mail-mta/exim/exim-4.97.1-r1.ebuild
rename to mail-mta/exim/exim-4.97.1-r2.ebuild

diff --git a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
index f141d08bb7b4..75e5d1a42781 100644
--- a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
+++ b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
@@ -1,36 +1,60 @@
-https://bugs.exim.org/show_bug.cgi?id=3047
-https://bugs.gentoo.org/922780
+From b4e7527561f1c68b821d5cf25efe29ae63d1d434 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu, 25 Jan 2024 17:48:43 +0000
+Subject: [PATCH] Appendfile: release regex-match store every thousand files. 
+ Bug 3047
 
-diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c
-index ec41ca035..91b353079 100644
---- a/src/transports/appendfile.c
-+++ b/src/transports/appendfile.c
-@@ -153,6 +153,10 @@ static const char *mailbox_formats[] = {
-   (!ob->quota_warn_threshold_is_percent || ob->quota_value > 0))
+From 35aacb69f5c839a4b77158464e401d86eb422ed6 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 26 Jan 2024 21:58:59 +0000
+Subject: [PATCH] ACL: in "regex" condition, release store every thousand
+ lines.  Bug 3047
+
+
+diff --git a/src/src/exim.c b/src/src/exim.c
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -49,6 +49,8 @@ optimize out the tail recursion and so not make them too expensive. */
+ static void *
+ function_store_malloc(PCRE2_SIZE size, void * tag)
+ {
++if (size > INT_MAX)
++  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "excessive memory alloc request");
+ return store_malloc((int)size);
+ }
  
+@@ -63,12 +65,15 @@ if (block) store_free(block);
+ static void *
+ function_store_get(PCRE2_SIZE size, void * tag)
+ {
++if (size > INT_MAX)
++  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "excessive memory alloc request");
+ return store_get((int)size, GET_UNTAINTED);	/* loses track of taint */
+ }
+ 
+ static void
+ function_store_nullfree(void * block, void * tag)
+ {
++/* We cannot free memory allocated using store_get() */
+ }
  
-+/* Free memory allocated by PCRE2 every so often, because a recent version
-+is now using 20kB for every match call */
-+
-+#define RESET_STORE_FILECNT	1000
  
- /*************************************************
- *              Setup entry point                 *
+diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c
+--- a/src/transports/appendfile.c
++++ b/src/transports/appendfile.c
 @@ -661,13 +665,14 @@ Returns:        the sum of the sizes of the stattable files
  off_t
  check_dir_size(const uschar * dirname, int * countptr, const pcre2_code * re)
  {
--DIR *dir;
-+DIR * dir;
+ DIR *dir;
  off_t sum = 0;
 -int count = *countptr;
-+int count = *countptr, lcount = RESET_STORE_FILECNT;
++int count = *countptr, lcount = REGEX_LOOPCOUNT_STORE_RESET;
 +rmark reset_point = store_mark();
  
  if (!(dir = exim_opendir(dirname))) return 0;
  
--for (struct dirent *ent; ent = readdir(dir); )
-+for (struct dirent * ent; ent = readdir(dir); )
+ for (struct dirent *ent; ent = readdir(dir); )
    {
    uschar * path, * name = US ent->d_name;
    struct stat statbuf;
@@ -41,7 +65,7 @@ index ec41ca035..91b353079 100644
 +  if (--lcount == 0)
 +    {
 +    store_reset(reset_point); reset_point = store_mark();
-+    lcount = RESET_STORE_FILECNT;
++    lcount = REGEX_LOOPCOUNT_STORE_RESET;
 +    }
  
    /* If there's a regex, try to find the size using it */
@@ -54,3 +78,149 @@ index ec41ca035..91b353079 100644
  *countptr = count;
  return sum;
  }
+diff --git a/src/src/macros.h b/src/src/macros.h
+--- a/src/macros.h
++++ b/src/macros.h
+@@ -1185,4 +1185,9 @@ typedef enum {
+   sw_mrc_tx_fail,		/* transmit failed */
+ } sw_mrc_t;
+ 
++/* Recent versions of PCRE2 are allocating 20kB per match, rather than the previous 112 B.
++When doing en extended loop of matching, release store periodically. */
++
++#define	REGEX_LOOPCOUNT_STORE_RESET	1000
++
+ /* End of macros.h */
+diff --git a/src/src/regex.c b/src/src/regex.c
+--- a/src/regex.c
++++ b/src/regex.c
+@@ -31,12 +31,11 @@ extern uschar *mime_current_boundary;
+ 
+ 
+ static pcre_list *
+-compile(const uschar * list, BOOL cacheable)
++compile(const uschar * list, BOOL cacheable, int * cntp)
+ {
+-int sep = 0;
++int sep = 0, cnt = 0;
+ uschar * regex_string;
+-pcre_list * re_list_head = NULL;
+-pcre_list * ri;
++pcre_list * re_list_head = NULL, * ri;
+ 
+ /* precompile our regexes */
+ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
+@@ -58,7 +57,9 @@ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
+     ri->pcre_text = regex_string;
+     ri->next = re_list_head;
+     re_list_head = ri;
++    cnt++;
+     }
++if (cntp) *cntp = cnt;
+ return re_list_head;
+ }
+ 
+@@ -112,7 +113,8 @@ FILE * mbox_file;
+ pcre_list * re_list_head;
+ uschar * linebuffer;
+ long f_pos = 0;
+-int ret = FAIL;
++int ret = FAIL, cnt, lcount = REGEX_LOOPCOUNT_STORE_RESET;
++rmark reset_point;
+ 
+ regex_vars_clear();
+ 
+@@ -136,26 +138,34 @@ else
+   mbox_file = mime_stream;
+   }
+ 
+-/* precompile our regexes */
+-if (!(re_list_head = compile(*listptr, cacheable)))
+-  return FAIL;			/* no regexes -> nothing to do */
+-
+-/* match each line against all regexes */
+-linebuffer = store_get(32767, GET_TAINTED);
+-while (fgets(CS linebuffer, 32767, mbox_file))
++reset_point = store_mark();
+   {
+-  if (  mime_stream && mime_current_boundary		/* check boundary */
+-     && Ustrncmp(linebuffer, "--", 2) == 0
+-     && Ustrncmp((linebuffer+2), mime_current_boundary,
+-		  Ustrlen(mime_current_boundary)) == 0)
+-      break;						/* found boundary */
+-
+-  if ((ret = matcher(re_list_head, linebuffer, (int)Ustrlen(linebuffer))) == OK)
+-    goto done;
++  /* precompile our regexes */
++  if ((re_list_head = compile(*listptr, cacheable, &cnt)))
++    {
++    /* match each line against all regexes */
++    linebuffer = store_get(32767, GET_TAINTED);
++    while (fgets(CS linebuffer, 32767, mbox_file))
++      {
++      if (  mime_stream && mime_current_boundary		/* check boundary */
++	 && Ustrncmp(linebuffer, "--", 2) == 0
++	 && Ustrncmp((linebuffer+2), mime_current_boundary,
++		      Ustrlen(mime_current_boundary)) == 0)
++	break;						/* found boundary */
++
++      if ((ret = matcher(re_list_head, linebuffer, (int)Ustrlen(linebuffer))) == OK)
++	break;
++
++      if ((lcount -= cnt) <= 0)
++	{
++	store_reset(reset_point); reset_point = store_mark();
++	lcount = REGEX_LOOPCOUNT_STORE_RESET;
++	}
++      }
++    }
+   }
+-/* no matches ... */
++store_reset(reset_point);
+ 
+-done:
+ if (!mime_stream)
+   (void)fclose(mbox_file);
+ else
+@@ -180,14 +190,11 @@ pcre_list * re_list_head = NULL;
+ FILE * f;
+ uschar * mime_subject = NULL;
+ int mime_subject_len = 0;
+-int ret;
++int ret = FAIL;
++rmark reset_point;
+ 
+ regex_vars_clear();
+ 
+-/* precompile our regexes */
+-if (!(re_list_head = compile(*listptr, cacheable)))
+-  return FAIL;			/* no regexes -> nothing to do */
+-
+ /* check if the file is already decoded */
+ if (!mime_decoded_filename)
+   {				/* no, decode it first */
+@@ -210,12 +217,20 @@ if (!(f = fopen(CS mime_decoded_filename, "rb")))
+   return DEFER;
+   }
+ 
+-/* get 32k memory, tainted */
+-mime_subject = store_get(32767, GET_TAINTED);
++reset_point = store_mark();
++  {
++  /* precompile our regexes */
++  if ((re_list_head = compile(*listptr, cacheable, NULL)))
++    {
++    /* get 32k memory, tainted */
++    mime_subject = store_get(32767, GET_TAINTED);
+ 
+-mime_subject_len = fread(mime_subject, 1, 32766, f);
++    mime_subject_len = fread(mime_subject, 1, 32766, f);
+ 
+-ret = matcher(re_list_head, mime_subject, mime_subject_len);
++    ret = matcher(re_list_head, mime_subject, mime_subject_len);
++    }
++  }
++store_reset(reset_point);
+ (void)fclose(f);
+ return ret;
+ }


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-02-11 20:07 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-02-11 20:07 UTC (permalink / raw
  To: gentoo-commits

commit:     2582b32d9016fdda44afd8cbbfbb198584e14c41
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 11 20:05:31 2024 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Feb 11 20:05:31 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2582b32d

mail-mta/exim-4.97.1-r3: update regex memory patch

Include 84add256b346 from upstream.

Bug: https://bugs.gentoo.org/922780
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 ...exim-4.97.1-r2.ebuild => exim-4.97.1-r3.ebuild} |  0
 .../files/exim-4.97.1-memory-usage-bug-3047.patch  | 35 +++++++++++++++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/mail-mta/exim/exim-4.97.1-r2.ebuild b/mail-mta/exim/exim-4.97.1-r3.ebuild
similarity index 100%
rename from mail-mta/exim/exim-4.97.1-r2.ebuild
rename to mail-mta/exim/exim-4.97.1-r3.ebuild

diff --git a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
index 75e5d1a42781..b8f4eb9c5eef 100644
--- a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
+++ b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
@@ -10,6 +10,11 @@ Date: Fri, 26 Jan 2024 21:58:59 +0000
 Subject: [PATCH] ACL: in "regex" condition, release store every thousand
  lines.  Bug 3047
 
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun, 11 Feb 2024 13:57:18 +0000 (+0000)
+Subject: Use non-releaseable memory for regex match strings. Bug 3047
+Broken-by: 35aacb69f5c8
+
 
 diff --git a/src/src/exim.c b/src/src/exim.c
 --- a/src/exim.c
@@ -110,7 +115,7 @@ diff --git a/src/src/regex.c b/src/src/regex.c
  
  /* precompile our regexes */
  while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
-@@ -58,7 +57,9 @@ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
+@@ -58,10 +57,19 @@ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
      ri->pcre_text = regex_string;
      ri->next = re_list_head;
      re_list_head = ri;
@@ -120,6 +125,34 @@ diff --git a/src/src/regex.c b/src/src/regex.c
  return re_list_head;
  }
  
++
++/* Check list of REs against buffer, returning OK for (first) match,
++else FAIL.  On match return allocated result strings in regex_vars[]. 
++
++We use the perm-pool for that, so that our caller can release
++other allocations.
++*/
+ static int
+ matcher(pcre_list * re_list_head, uschar * linebuffer, int len)
+ {
+@@ -75,6 +82,9 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next)
+   /* try matcher on the line */
+   if ((n = pcre2_match(ri->re, (PCRE2_SPTR)linebuffer, len, 0, 0, md, pcre_gen_mtc_ctx)) > 0)
+     {
++    int save_pool = store_pool;
++    store_pool = POOL_PERM;
++
+     Ustrncpy(regex_match_string_buffer, ri->pcre_text,
+ 	      sizeof(regex_match_string_buffer)-1);
+     regex_match_string = regex_match_string_buffer;
+@@ -87,6 +97,7 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next)
+       regex_vars[nn-1] = string_copyn(linebuffer + ovec[off], len);
+       }
+ 
++    store_pool = save_pool;
+     return OK;
+     }
+   }
 @@ -112,7 +113,8 @@ FILE * mbox_file;
  pcre_list * re_list_head;
  uschar * linebuffer;


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-02-16 12:08 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-02-16 12:08 UTC (permalink / raw
  To: gentoo-commits

commit:     8b177cea39a5f4c6b96b698fb29266678ee19e0b
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 16 12:07:39 2024 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Feb 16 12:07:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b177cea

mail-mta/exim-4.97.1-r4: update regex memory patch

Include 44b3172e3694 from upstream.

Bug: https://bugs.gentoo.org/922780
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 .../{exim-4.97.1-r4.ebuild => exim-4.97.1-r5.ebuild}   |  0
 .../exim/files/exim-4.97.1-memory-usage-bug-3047.patch | 18 ++++++++++++------
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/mail-mta/exim/exim-4.97.1-r4.ebuild b/mail-mta/exim/exim-4.97.1-r5.ebuild
similarity index 100%
rename from mail-mta/exim/exim-4.97.1-r4.ebuild
rename to mail-mta/exim/exim-4.97.1-r5.ebuild

diff --git a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
index e467edf71fa2..c9b52f2aebfe 100644
--- a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
+++ b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
@@ -26,6 +26,11 @@ Date: Tue, 13 Feb 2024 17:34:19 +0000
 Subject: [PATCH] Use non-releasable memory for regex line-buffer
 Broken-by: 5aacb69f5c8
 
+From 44b3172e369435c2c1baa4e9c837252f729d2905 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu, 15 Feb 2024 19:56:40 +0000
+Subject: [PATCH] regex: avoid releasing built RE midloop
+
 diff --git a/src/src/exim.c b/src/src/exim.c
 --- a/src/exim.c
 +++ b/src/exim.c
@@ -176,7 +181,7 @@ diff --git a/src/src/regex.c b/src/src/regex.c
      return OK;
      }
    }
-@@ -110,9 +111,9 @@ FILE * mbox_file;
+@@ -110,9 +111,8 @@ FILE * mbox_file;
  unsigned long mbox_size;
  FILE * mbox_file;
  pcre_list * re_list_head;
@@ -184,7 +189,6 @@ diff --git a/src/src/regex.c b/src/src/regex.c
  long f_pos = 0;
 -int ret = FAIL;
 +int ret = FAIL, cnt, lcount = REGEX_LOOPCOUNT_STORE_RESET;
-+rmark reset_point;
  
  regex_vars_clear();
  
@@ -199,8 +203,7 @@ diff --git a/src/src/regex.c b/src/src/regex.c
 -/* match each line against all regexes */
 -linebuffer = store_get(32767, GET_TAINTED);
 -while (fgets(CS linebuffer, 32767, mbox_file))
-+reset_point = store_mark();
-   {
+-  {
 -  if (  mime_stream && mime_current_boundary		/* check boundary */
 -     && Ustrncmp(linebuffer, "--", 2) == 0
 -     && Ustrncmp((linebuffer+2), mime_current_boundary,
@@ -212,6 +215,8 @@ diff --git a/src/src/regex.c b/src/src/regex.c
 +  /* precompile our regexes */
 +  if ((re_list_head = compile(*listptr, cacheable, &cnt)))
 +    {
++    rmark reset_point = store_mark();
++
 +    while (fgets(CS big_buffer, big_buffer_size, mbox_file))
 +      {
 +      if (  mime_stream && mime_current_boundary		/* check boundary */
@@ -229,10 +234,11 @@ diff --git a/src/src/regex.c b/src/src/regex.c
 +	lcount = REGEX_LOOPCOUNT_STORE_RESET;
 +	}
 +      }
++
++    store_reset(reset_point);
 +    }
-   }
+-  }
 -/* no matches ... */
-+store_reset(reset_point);
  
 -done:
  if (!mime_stream)


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-08-21  7:40 Fabian Groffen
  0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-08-21  7:40 UTC (permalink / raw
  To: gentoo-commits

commit:     1097635d14eeaaa52eeda75da3257a08c27bcf30
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 21 07:39:00 2024 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Aug 21 07:39:47 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1097635d

mail-mta/exim-4.97.1-r6: CVE-2024-39929

Bug: https://bugs.gentoo.org/938214
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 mail-mta/exim/exim-4.97.1-r6.ebuild                | 637 +++++++++++++++++++++
 .../files/exim-4.97.1-CVE-2024-39929-part1.patch   | 111 ++++
 .../files/exim-4.97.1-CVE-2024-39929-part2.patch   | 247 ++++++++
 3 files changed, 995 insertions(+)

diff --git a/mail-mta/exim/exim-4.97.1-r6.ebuild b/mail-mta/exim/exim-4.97.1-r6.ebuild
new file mode 100644
index 000000000000..fbc02d2e7b6f
--- /dev/null
+++ b/mail-mta/exim/exim-4.97.1-r6.ebuild
@@ -0,0 +1,637 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit db-use flag-o-matic toolchain-funcs pam systemd
+
+IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
+dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
+mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
+socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
+REQUIRED_USE="
+	arc? ( dkim spf )
+	dane? ( ssl !gnutls )
+	!dane? ( ssl? ( gnutls ) )
+	dmarc? ( dkim spf )
+	dkim? ( ssl !gnutls )
+	gnutls? ( ssl )
+	pkcs11? ( ssl )
+	|| ( berkdb gdbm tdb )
+"
+# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
+# for x86 and amd64 only (probably due to unbound dep)
+# Exim supports it but we cannot express the dep USE=dane when
+# USE=gnutls is in effect only in package.use.mask, the only option we
+# have left is to a) ignore the dependency (but that results in bug
+# #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
+# incorrect, but b) is the only "correct" view from dep-pointofview.
+# Bug #925108 showed that DANE is basically non-optional with OpenSSL,
+# so we make -dane mandatory to use gnutls.  Bleh.
+# We cannot express a required use for berkdb/gdbm/tdb correctly because
+# berkdb and gdbm are both enabled in base profile
+
+SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
+	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
+COMM_URI="https://downloads.exim.org/exim4${SDIR}"
+
+GPV="r0"
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
+	mirror://gentoo/system_filter.exim.gz
+	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
+HOMEPAGE="https://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+	dev-libs/libpcre2:=
+	tdb? ( sys-libs/tdb:= )
+	!tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
+	!tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
+	idn? ( net-dns/libidn:= net-dns/libidn2:= )
+	perl? ( dev-lang/perl:= )
+	pam? ( sys-libs/pam )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? (
+		gnutls? (
+			net-libs/gnutls:0=[pkcs11?]
+			dev-libs/libtasn1
+		)
+		!gnutls? (
+			dev-libs/openssl:0=
+		)
+	)
+	ldap? ( >=net-nds/openldap-2.0.7:= )
+	elibc_glibc? (
+		net-libs/libnsl:=
+		nis? (
+			net-libs/libtirpc:=
+			>=net-libs/libnsl-1:=
+		)
+	)
+	mysql? ( dev-db/mysql-connector-c:= )
+	postgres? ( dev-db/postgresql:= )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+	redis? ( dev-libs/hiredis:= )
+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+	dmarc? ( mail-filter/opendmarc:= )
+	X? (
+		x11-libs/libX11
+		x11-libs/libXmu
+		x11-libs/libXt
+		x11-libs/libXaw
+	)
+	sqlite? ( dev-db/sqlite )
+	radius? ( net-dialup/freeradius-client )
+	virtual/libcrypt:=
+	virtual/libiconv
+	"
+	# added X check for #57206
+BDEPEND="virtual/pkgconfig"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/msmtp[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/postfix
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!mail-mta/ssmtp[mta]
+	>=net-mail/mailbase-0.00-r5
+	virtual/logger
+	dcc? ( mail-filter/dcc )
+	selinux? ( sec-policy/selinux-exim )
+	"
+
+S=${WORKDIR}/${P//_rc/-RC}
+
+src_prepare() {
+	# Legacy patches which need a respin for -p1
+	eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
+	eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+	eapply     "${FILESDIR}"/exim-4.97-as-needed-ldflags.patch # 352265, 391279
+	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
+	eapply     "${FILESDIR}"/exim-4.97-localscan_dlopen.patch
+	eapply     "${FILESDIR}"/exim-4.97-no-exim_id_update.patch
+	eapply     "${FILESDIR}"/exim-4.97.1-memory-usage-bug-3047.patch # 922780
+
+	eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part1.patch
+	eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part2.patch
+
+	# oddity, they disable berkdb as hack, and then throw an error when
+	# berkdb isn't enabled
+	sed -i \
+		-e 's/_DB_/_DONTMESS_/' \
+		-e 's/define DB void/define DONTMESS void/' \
+		src/auths/call_radius.c || die
+
+	if use maildir ; then
+		eapply "${FILESDIR}"/exim-4.94-maildir.patch
+	else
+		eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+	fi
+
+	eapply_user
+
+	# user Exim believes it should be
+	MAILUSER=mail
+	MAILGROUP=mail
+	if use prefix && [[ ${EUID} != 0 ]] ; then
+		MAILUSER=$(id -un)
+		MAILGROUP=$(id -gn)
+	fi
+}
+
+src_configure() {
+	# general config and paths
+
+	local aliases="${EPREFIX}/etc/mail/aliases"
+	sed -i \
+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
+		src/configure.default || die
+
+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
+
+	if use elibc_musl; then
+		sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
+		append-cflags -DNO_EXECINFO
+	fi
+
+	local conffile="${EPREFIX}/etc/exim/exim.conf"
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+		-e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
+		-e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+		src/EDITME > Local/Makefile || die
+
+	# work on Local/Makefile from now on
+	cd Local
+
+	cat >> Makefile <<- EOC
+		INFO_DIRECTORY=${EPREFIX}/usr/share/info
+		PID_FILE_PATH=${EPREFIX}/run/exim.pid
+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+		HAVE_ICONV=yes
+		WITH_CONTENT_SCAN=yes
+	EOC
+
+	# configure db implementation, Exim always needs one for its hints
+	# database, we prefer tdb and gdbm, since bdb is kind of getting
+	# less and less support
+	if use tdb ; then
+		cat >> Makefile <<- EOC
+			USE_TDB=yes
+			DBMLIB = -ltdb
+		EOC
+		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
+		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
+	elif use gdbm ; then
+		cat >> Makefile <<- EOC
+			USE_GDBM=yes
+			DBMLIB = -lgdbm
+		EOC
+		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
+		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
+	else # must be berkdb via required_use
+		# use the "native" interfaces to the DBM and CDB libraries, support
+		# passwd and directory lookups by default
+		local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
+		cat >> Makefile <<- EOC
+			USE_DB=yes
+			# keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
+			CFLAGS += -I$(db_includedir ${DB_VERS})
+			DBMLIB = -l$(db_libname ${DB_VERS})
+		EOC
+		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
+		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
+	fi
+
+	# if we use libiconv, now is the time to tell so
+	if use !elibc_glibc && use !elibc_musl ; then
+		cat >> Makefile <<- EOC
+			EXTRALIBS_EXIM=-liconv
+		EOC
+	fi
+
+	# support for IPv6
+	if use ipv6; then
+		cat >> Makefile <<- EOC
+			HAVE_IPV6=YES
+		EOC
+	fi
+
+	# support i18n/IDNA
+	if use idn; then
+		cat >> Makefile <<- EOC
+			SUPPORT_I18N=yes
+			SUPPORT_I18N_2008=yes
+			EXTRALIBS_EXIM += -lidn -lidn2
+		EOC
+	fi
+
+	#
+	# mail storage formats
+	#
+
+	# mailstore is Exim's traditional storage format
+	cat >> Makefile <<- EOC
+		SUPPORT_MAILSTORE=yes
+	EOC
+
+	# mbox
+	if use mbx; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MBX=yes
+		EOC
+	fi
+
+	# maildir
+	if use maildir; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MAILDIR=yes
+		EOC
+	fi
+
+	#
+	# lookup methods
+	#
+
+	# support passwd and directory lookups by default
+	cat >> Makefile <<- EOC
+		LOOKUP_CDB=yes
+		LOOKUP_PASSWD=yes
+		LOOKUP_DSEARCH=yes
+	EOC
+
+	if ! use dnsdb; then
+		# DNSDB lookup is enabled by default
+		sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
+	fi
+
+	if use ldap; then
+		cat >> Makefile <<- EOC
+			LOOKUP_LDAP=yes
+			LDAP_LIB_TYPE=OPENLDAP2
+			LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
+			LOOKUP_LIBS += -lldap -llber
+		EOC
+	fi
+
+	if use mysql; then
+		cat >> Makefile <<- EOC
+			LOOKUP_MYSQL=yes
+			LOOKUP_INCLUDE += $(mysql_config --include)
+			LOOKUP_LIBS += $(mysql_config --libs)
+		EOC
+	fi
+
+	if use nis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_NIS=yes
+			LOOKUP_NISPLUS=yes
+		EOC
+		if use elibc_glibc ; then
+			cat >> Makefile <<- EOC
+				LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
+				LOOKUP_LIBS += -lnsl
+			EOC
+		fi
+	fi
+
+	if use postgres; then
+		cat >> Makefile <<- EOC
+			LOOKUP_PGSQL=yes
+			LOOKUP_INCLUDE += -I$(pg_config --includedir)
+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+		EOC
+	fi
+
+	if use sqlite; then
+		cat >> Makefile <<- EOC
+			LOOKUP_SQLITE=yes
+			LOOKUP_SQLITE_PC=sqlite3
+		EOC
+	fi
+
+	if use redis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_REDIS=yes
+			LOOKUP_LIBS += -lhiredis
+		EOC
+	fi
+
+	# Exim monitor, enabled by default, controlled via X USE-flag,
+	# disable if not requested, bug #46778
+	if use X; then
+		cp ../exim_monitor/EDITME eximon.conf || die
+		cat >> Makefile <<- EOC
+			EXIM_MONITOR=eximon.bin
+		EOC
+	fi
+
+	#
+	# features
+	#
+
+	# DomainKeys Identified Mail, RFC4871
+	if ! use dkim; then
+		# DKIM is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_DKIM=yes
+		EOC
+	fi
+
+	# Per-Recipient-Data-Response
+	if ! use prdr; then
+		# PRDR is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_PRDR=yes
+		EOC
+	fi
+
+	# Transport post-delivery actions
+	if use !tpda && use !dane; then
+		# EVENT is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_EVENT=yes
+		EOC
+	fi
+
+	# log to syslog
+	if use syslog; then
+		local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
+		sed -i \
+			-e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
+			Makefile || die
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=syslog
+		EOC
+	else
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+		EOC
+	fi
+
+	# starttls support (ssl)
+	if use ssl; then
+		if use gnutls; then
+			echo "USE_GNUTLS=yes" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
+				>> Makefile
+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+		else
+			echo "USE_OPENSSL=yes" >> Makefile
+			echo "USE_OPENSSL_PC=openssl" >> Makefile
+		fi
+	else
+		echo "DISABLE_TLS=yes" >> Makefile
+	fi
+
+	# TCP wrappers
+	if use tcpd; then
+		cat >> Makefile <<- EOC
+			USE_TCP_WRAPPERS=yes
+			EXTRALIBS_EXIM += -lwrap
+		EOC
+	fi
+
+	# Light Mail Transport Protocol
+	if use lmtp; then
+		cat >> Makefile <<- EOC
+			TRANSPORT_LMTP=yes
+		EOC
+	fi
+
+	# embedded Perl
+	if use perl; then
+		cat >> Makefile <<- EOC
+			EXIM_PERL=perl.o
+		EOC
+	fi
+
+	# dlfunc
+	if use dlfunc; then
+		cat >> Makefile <<- EOC
+			EXPAND_DLFUNC=yes
+			HAVE_LOCAL_SCAN=yes
+			DLOPEN_LOCAL_SCAN=yes
+		EOC
+	fi
+
+	# Proxy Protocol
+	if use proxy; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PROXY=yes
+		EOC
+	fi
+
+	# SOCKS5 (outbound) proxy support
+	if use socks5; then
+		cat >> Makefile <<- EOC
+			SUPPORT_SOCKS=yes
+		EOC
+	fi
+
+	# DANE
+	if use !dane; then
+		# DANE is enabled by default
+		sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
+	fi
+
+	# DMARC
+	if use dmarc; then
+		cat >> Makefile <<- EOC
+			SUPPORT_DMARC=yes
+			EXTRALIBS_EXIM += -lopendmarc
+		EOC
+	fi
+
+	# Sender Policy Framework
+	if use spf; then
+		cat >> Makefile <<- EOC
+			SUPPORT_SPF=yes
+			EXTRALIBS_EXIM += -lspf2
+		EOC
+	fi
+
+	#
+	# experimental features
+	#
+
+	# Authenticated Receive Chain
+	if use arc; then
+		echo "EXPERIMENTAL_ARC=yes">> Makefile
+	fi
+
+	# Distributed Checksum Clearinghouse
+	if use dcc; then
+		echo "EXPERIMENTAL_DCC=yes">> Makefile
+	fi
+
+	# Sender Rewriting Scheme
+	if use srs; then
+		# this one is the default/supported variant since 4.95, and the
+		# only variant available since 4.96
+		cat >> Makefile <<- EOC
+			SUPPORT_SRS=yes
+		EOC
+	fi
+
+	# Delivery Sender Notifications extra information in fail message
+	if use dsn; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DSN_INFO=yes
+		EOC
+	fi
+
+	#
+	# authentication (SMTP AUTH)
+	#
+
+	# standard bits
+	cat >> Makefile <<- EOC
+		AUTH_SPA=yes
+		AUTH_CRAM_MD5=yes
+		AUTH_PLAINTEXT=yes
+	EOC
+
+	# Cyrus SASL
+	if use sasl; then
+		cat >> Makefile <<- EOC
+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+			AUTH_CYRUS_SASL=yes
+			AUTH_LIBS += -lsasl2
+		EOC
+	fi
+
+	# Dovecot
+	if use dovecot-sasl; then
+		cat >> Makefile <<- EOC
+			AUTH_DOVECOT=yes
+		EOC
+	fi
+
+	# Pluggable Authentication Modules
+	if use pam; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PAM=yes
+			AUTH_LIBS += -lpam
+		EOC
+	fi
+
+	# Radius
+	if use radius; then
+		cat >> Makefile <<- EOC
+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+			AUTH_LIBS += -lfreeradius-client
+		EOC
+	fi
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
+}
+
+src_install() {
+	cd "${S}"/build-exim-gentoo || die
+	dosbin exim
+	if use X; then
+		dosbin eximon.bin
+		dosbin eximon
+	fi
+	fperms 4755 /usr/sbin/exim
+
+	dosym exim /usr/sbin/sendmail
+	dosym exim /usr/sbin/rsmtp
+	dosym exim /usr/sbin/rmail
+	dosym ../sbin/exim /usr/bin/mailq
+	dosym ../sbin/exim /usr/bin/newaliases
+	dosym ../sbin/sendmail /usr/lib/sendmail
+
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+		convert4r3 convert4r4 exipick
+	do
+		dosbin $i
+	done
+
+	dodoc -r "${S}"/doc/.
+	doman "${S}"/doc/exim.8
+	use dsn && dodoc "${S}"/README.DSN
+	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+	# conf files
+	insinto /etc/exim
+	newins "${S}"/src/configure.default exim.conf.dist
+	doins "${WORKDIR}"/system_filter.exim
+	doins "${FILESDIR}"/auth_conf.sub
+
+	if use pam; then
+		pamd_mimic system-auth exim auth account
+	fi
+
+	# headers, #436406
+	if use dlfunc ; then
+		# fixup includes so they actually can be found when including
+		sed -i \
+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+			local_scan.h || die
+		insinto /usr/include/exim
+		doins {config,local_scan}.h ../src/{mytypes,store}.h
+	fi
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/exim.logrotate" exim
+
+	newinitd "${FILESDIR}"/exim.rc10 exim
+	newconfd "${FILESDIR}"/exim.confd exim
+
+	systemd_dounit \
+		"${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+	systemd_newunit \
+		"${FILESDIR}"/exim_at.service 'exim@.service'
+	systemd_newunit \
+		"${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+	keepdir /var/log/${PN}
+}
+
+pkg_postinst() {
+	if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
+		einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
+		einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
+		einfo "for using smtp auth."
+		einfo "Please create ${EROOT}/etc/exim/exim.conf from"
+		einfo "  ${EROOT}/etc/exim/exim.conf.dist."
+	fi
+	if use berkdb && ( use gdbm || use tdb ) ; then
+		ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
+	fi
+	if use dmarc ; then
+		einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
+		einfo "you can populate this file with the contents downloaded from"
+		einfo "  https://publicsuffix.org/list/public_suffix_list.dat"
+	fi
+	if use dcc ; then
+		einfo "DCC support is experimental, you can find some limited"
+		einfo "documentation at the bottom of this prerelease message:"
+		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
+	fi
+	use dsn && einfo "extra information in fail DSN message is experimental"
+	einfo
+	elog "Note that this release contains a tainted variable check that"
+	elog "is likely to break your configuration used with Exim 4.93 and before."
+	elog "Please check your transports for occurences of \$local_part, and"
+	elog "use a replacement like \$local_part_data where possible."
+}

diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch
new file mode 100644
index 000000000000..e83a44abc986
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch
@@ -0,0 +1,111 @@
+patch reduced to code only
+
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Mon, 1 Jul 2024 18:35:12 +0000 (+0100)
+Subject: Fix MIME parsing of filenames specified using multiple parameters.  Bug 3099
+X-Git-Tag: exim-4.98-RC3~2
+X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/6ce5c70cff89
+
+Fix MIME parsing of filenames specified using multiple parameters.  Bug 3099
+---
+
+diff --git a/src/src/mime.c b/src/src/mime.c
+index 975ddca85..5f9e1ade7 100644
+--- a/src/src/mime.c
++++ b/src/src/mime.c
+@@ -587,10 +587,10 @@ while(1)
+ 
+ 	while (*p)
+ 	  {
+-	  DEBUG(D_acl) debug_printf_indent("MIME:   considering paramlist '%s'\n", p);
++	  DEBUG(D_acl)
++	    debug_printf_indent("MIME:   considering paramlist '%s'\n", p);
+ 
+-	  if (  !mime_filename
+-	     && strncmpic(CUS"content-disposition:", header, 20) == 0
++	  if (  strncmpic(CUS"content-disposition:", header, 20) == 0
+ 	     && strncmpic(CUS"filename*", p, 9) == 0
+ 	     )
+ 	    {					/* RFC 2231 filename */
+@@ -604,11 +604,12 @@ while(1)
+ 
+ 	    if (q && *q)
+ 	      {
+-	      uschar * temp_string, * err_msg;
++	      uschar * temp_string, * err_msg, * fname = q;
+ 	      int slen;
+ 
+ 	      /* build up an un-decoded filename over successive
+ 	      filename*= parameters (for use when 2047 decode fails) */
++/*XXX could grow a gstring here */
+ 
+ 	      mime_fname_rfc2231 = string_sprintf("%#s%s",
+ 		mime_fname_rfc2231, q);
+@@ -623,26 +624,32 @@ while(1)
+ 		  /* look for a ' in the "filename" */
+ 		  while(*s != '\'' && *s) s++;	/* s is 1st ' or NUL */
+ 
+-		  if ((size = s-q) > 0)
+-		    mime_filename_charset = string_copyn(q, size);
++		  if (*s)			/* there was a ' */
++		    {
++		    if ((size = s-q) > 0)
++		      mime_filename_charset = string_copyn(q, size);
+ 
+-		  if (*(p = s)) p++;
+-		  while(*p == '\'') p++;	/* p is after 2nd ' */
++		    if (*(fname = s)) fname++;
++		    while(*fname == '\'') fname++;    /* fname is after 2nd ' */
++		    }
+ 		  }
+-		else
+-		  p = q;
+ 
+-		DEBUG(D_acl) debug_printf_indent("MIME:    charset %s fname '%s'\n",
+-		  mime_filename_charset ? mime_filename_charset : US"<NULL>", p);
++		DEBUG(D_acl)
++		  debug_printf_indent("MIME:    charset %s fname '%s'\n",
++		    mime_filename_charset ? mime_filename_charset : US"<NULL>",
++		    fname);
+ 
+-		temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen);
+-		DEBUG(D_acl) debug_printf_indent("MIME:    2047-name %s\n", temp_string);
++		temp_string = rfc2231_to_2047(fname, mime_filename_charset,
++					      &slen);
++		DEBUG(D_acl)
++		  debug_printf_indent("MIME:    2047-name %s\n", temp_string);
+ 
+ 		temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ',
+-		  NULL, &err_msg);
+-		DEBUG(D_acl) debug_printf_indent("MIME:    plain-name %s\n", temp_string);
++					      NULL, &err_msg);
++		DEBUG(D_acl)
++		  debug_printf_indent("MIME:    plain-name %s\n", temp_string);
+ 
+-		if (!temp_string || (size = Ustrlen(temp_string))  == slen)
++		if (!temp_string || (size = Ustrlen(temp_string)) == slen)
+ 		  decoding_failed = TRUE;
+ 		else
+ 		  /* build up a decoded filename over successive
+@@ -651,9 +658,9 @@ while(1)
+ 		  mime_filename = mime_fname = mime_fname
+ 		    ? string_sprintf("%s%s", mime_fname, temp_string)
+ 		    : temp_string;
+-		}
+-	      }
+-	    }
++		}	/*!decoding_failed*/
++	      }		/*q*/
++	    }		/*2231 filename*/
+ 
+ 	  else
+ 	    /* look for interesting parameters */
+@@ -682,7 +689,7 @@ while(1)
+ 
+ 
+ 	  /* There is something, but not one of our interesting parameters.
+-	     Advance past the next semicolon */
++	  Advance past the next semicolon */
+ 	  p = mime_next_semicolon(p);
+ 	  if (*p) p++;
+ 	  }				/* param scan on line */

diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch
new file mode 100644
index 000000000000..f33e33598379
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch
@@ -0,0 +1,247 @@
+patch reduced to code only
+
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 2 Jul 2024 13:41:19 +0000 (+0100)
+Subject: MIME: support RFC 2331 for name=.  Bug 3099
+X-Git-Tag: exim-4.98-RC3~1
+X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/1b3209b0577a
+
+MIME: support RFC 2331 for name=.  Bug 3099
+---
+
+diff --git a/src/src/mime.c b/src/src/mime.c
+index 5f9e1ade7..8044bb3fd 100644
+--- a/src/src/mime.c
++++ b/src/src/mime.c
+@@ -30,10 +30,10 @@ static int mime_header_list_size = nelem(mime_header_list);
+ 
+ static mime_parameter mime_parameter_list[] = {
+   /*	name	namelen	 value */
+-  { US"name=",     5, &mime_filename },
+-  { US"filename=", 9, &mime_filename },
+-  { US"charset=",  8, &mime_charset  },
+-  { US"boundary=", 9, &mime_boundary }
++  { US"name",     4, &mime_filename },
++  { US"filename", 8, &mime_filename },
++  { US"charset",  7, &mime_charset  },
++  { US"boundary", 8, &mime_boundary }
+ };
+ 
+ 
+@@ -577,8 +577,8 @@ while(1)
+       if (*(p = q)) p++;			/* jump past the ; */
+ 
+ 	{
+-	uschar * mime_fname = NULL;
+-	uschar * mime_fname_rfc2231 = NULL;
++	gstring * mime_fname = NULL;
++	gstring * mime_fname_rfc2231 = NULL;
+ 	uschar * mime_filename_charset = NULL;
+ 	BOOL decoding_failed = FALSE;
+ 
+@@ -590,90 +590,92 @@ while(1)
+ 	  DEBUG(D_acl)
+ 	    debug_printf_indent("MIME:   considering paramlist '%s'\n", p);
+ 
+-	  if (  strncmpic(CUS"content-disposition:", header, 20) == 0
+-	     && strncmpic(CUS"filename*", p, 9) == 0
+-	     )
+-	    {					/* RFC 2231 filename */
+-	    uschar * q;
+-
+-	    /* find value of the filename */
+-	    p += 9;
+-	    while(*p != '=' && *p) p++;
+-	    if (*p) p++;			/* p is filename or NUL */
+-	    q = mime_param_val(&p);		/* p now trailing ; or NUL */
+-
+-	    if (q && *q)
++	  /* look for interesting parameters */
++	  for (mime_parameter * mp = mime_parameter_list;
++	       mp < mime_parameter_list + nelem(mime_parameter_list);
++	       mp++
++	      ) if (strncmpic(mp->name, p, mp->namelen) == 0)
++	    {
++	    p += mp->namelen;
++	    if (*p == '*')			/* RFC 2231 */
+ 	      {
+-	      uschar * temp_string, * err_msg, * fname = q;
+-	      int slen;
+-
+-	      /* build up an un-decoded filename over successive
+-	      filename*= parameters (for use when 2047 decode fails) */
+-/*XXX could grow a gstring here */
+-
+-	      mime_fname_rfc2231 = string_sprintf("%#s%s",
+-		mime_fname_rfc2231, q);
+-
+-	      if (!decoding_failed)
++	      while (isdigit(*++p)) ;		/* ignore cont-cnt values */
++	      if (*p == '*') p++;		/* step over sep chset mark */
++	      if (*p == '=')
+ 		{
+-		int size;
+-		if (!mime_filename_charset)
++		uschar * q;
++		p++;				/* step over = */
++		q = mime_param_val(&p);		/* p now trailing ; or NUL */
++
++		if (q && *q)			/* q is the dequoted value */
+ 		  {
+-		  uschar * s = q;
++		  uschar * err_msg, * fname = q;
++		  int slen;
++
++		  /* build up an un-decoded filename over successive
++		  filename*= parameters (for use when 2047 decode fails) */
+ 
+-		  /* look for a ' in the "filename" */
+-		  while(*s != '\'' && *s) s++;	/* s is 1st ' or NUL */
++		  mime_fname_rfc2231 = string_cat(mime_fname_rfc2231, q);
+ 
+-		  if (*s)			/* there was a ' */
++		  if (!decoding_failed)
+ 		    {
+-		    if ((size = s-q) > 0)
+-		      mime_filename_charset = string_copyn(q, size);
+-
+-		    if (*(fname = s)) fname++;
+-		    while(*fname == '\'') fname++;    /* fname is after 2nd ' */
+-		    }
+-		  }
+-
+-		DEBUG(D_acl)
+-		  debug_printf_indent("MIME:    charset %s fname '%s'\n",
+-		    mime_filename_charset ? mime_filename_charset : US"<NULL>",
+-		    fname);
+-
+-		temp_string = rfc2231_to_2047(fname, mime_filename_charset,
+-					      &slen);
+-		DEBUG(D_acl)
+-		  debug_printf_indent("MIME:    2047-name %s\n", temp_string);
+-
+-		temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ',
+-					      NULL, &err_msg);
+-		DEBUG(D_acl)
+-		  debug_printf_indent("MIME:    plain-name %s\n", temp_string);
+-
+-		if (!temp_string || (size = Ustrlen(temp_string)) == slen)
+-		  decoding_failed = TRUE;
+-		else
+-		  /* build up a decoded filename over successive
+-		  filename*= parameters */
+-
+-		  mime_filename = mime_fname = mime_fname
+-		    ? string_sprintf("%s%s", mime_fname, temp_string)
+-		    : temp_string;
+-		}	/*!decoding_failed*/
+-	      }		/*q*/
+-	    }		/*2231 filename*/
+-
+-	  else
+-	    /* look for interesting parameters */
+-	    for (mime_parameter * mp = mime_parameter_list;
+-		 mp < mime_parameter_list + nelem(mime_parameter_list);
+-		 mp++
+-		) if (strncmpic(mp->name, p, mp->namelen) == 0)
+-	      {
+-	      uschar * q;
+-	      uschar * dummy_errstr;
++		    if (!mime_filename_charset)
++		      {			/* try for RFC 2231 chset/lang */
++		      uschar * s = q;
++
++		      /* look for a ' in the raw paramval */
++		      while(*s != '\'' && *s) s++;	/* s is 1st ' or NUL */
++
++		      if (*s)				/* there was a ' */
++			{
++			int size;
++			if ((size = s-q) > 0)
++			  mime_filename_charset = string_copyn(q, size);
++
++			if (*(fname = s)) fname++;
++			while(*fname == '\'') fname++;    /*fname is after 2nd '*/
++			}
++		      }
++
++		    DEBUG(D_acl)
++		      debug_printf_indent("MIME:    charset %s fname '%s'\n",
++			mime_filename_charset ? mime_filename_charset : US"<NULL>",
++			fname);
++
++		    fname = rfc2231_to_2047(fname, mime_filename_charset,
++						  &slen);
++		    DEBUG(D_acl)
++		      debug_printf_indent("MIME:    2047-name %s\n", fname);
++
++		    fname = rfc2047_decode(fname, FALSE, NULL, ' ',
++						  NULL, &err_msg);
++		    DEBUG(D_acl) debug_printf_indent(
++				    "MIME:    plain-name %s\n", fname);
++
++		    if (!fname || Ustrlen(fname) == slen)
++		      decoding_failed = TRUE;
++		    else if (mp->value == &mime_filename)
++		      {
++		      /* build up a decoded filename over successive
++		      filename*= parameters */
++
++		      mime_fname = string_cat(mime_fname, fname);
++		      mime_filename = string_from_gstring(mime_fname);
++		      }
++		    }	/*!decoding_failed*/
++		  }	/*q*/
++
++		if (*p) p++;			/* p is past ; */
++		goto param_done;		/* done matching param names */
++		}		/*2231 param coding extension*/
++	      }
++	    else if (*p == '=')
++	      {		/* non-2231 param */
++	      uschar * q, * dummy_errstr;
+ 
+ 	      /* grab the value and copy to its expansion variable */
+-	      p += mp->namelen;
++
++	      if (*p) p++;			/* step over = */
+ 	      q = mime_param_val(&p);		/* p now trailing ; or NUL */
+ 
+ 	      *mp->value = q && *q
+@@ -684,26 +686,31 @@ while(1)
+ 		"MIME:  found %s parameter in %s header, value '%s'\n",
+ 		mp->name, mh->name, *mp->value);
+ 
+-	      break;			/* done matching param names */
++	      if (*p) p++;			/* p is past ; */
++	      goto param_done;			/* done matching param names */
+ 	      }
+-
++	    }					/* interesting parameters */
+ 
+ 	  /* There is something, but not one of our interesting parameters.
+ 	  Advance past the next semicolon */
++
+ 	  p = mime_next_semicolon(p);
+ 	  if (*p) p++;
+-	  }				/* param scan on line */
++  param_done:
++	  }					/* param scan on line */
+ 
+ 	if (strncmpic(CUS"content-disposition:", header, 20) == 0)
+ 	  {
+-	  if (decoding_failed) mime_filename = mime_fname_rfc2231;
++	  if (decoding_failed)
++	    mime_filename = string_from_gstring(mime_fname_rfc2231);
+ 
+ 	  DEBUG(D_acl) debug_printf_indent(
+ 	    "MIME:  found %s parameter in %s header, value is '%s'\n",
+ 	    "filename", mh->name, mime_filename);
+ 	  }
+ 	}
+-      }
++      break;
++      }	/* interesting headers */
+ 
+   /* set additional flag variables (easier access) */
+   if (  mime_content_type


^ permalink raw reply related	[flat|nested] 26+ messages in thread

end of thread, other threads:[~2024-08-21  7:40 UTC | newest]

Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-06-08  8:06 [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/ Fabian Groffen
  -- strict thread matches above, loose matches on Subject: below --
2024-08-21  7:40 Fabian Groffen
2024-02-16 12:08 Fabian Groffen
2024-02-11 20:07 Fabian Groffen
2024-01-28 18:20 Fabian Groffen
2024-01-12 11:56 Fabian Groffen
2023-12-25 10:42 Fabian Groffen
2023-12-25 10:42 Fabian Groffen
2023-11-08  8:03 Fabian Groffen
2023-05-27  9:25 Fabian Groffen
2023-01-03 10:22 Fabian Groffen
2022-10-19  9:20 Fabian Groffen
2020-05-13  7:45 Fabian Groffen
2020-05-09  9:57 Fabian Groffen
2019-08-02  6:44 Fabian Groffen
2019-06-11  8:17 Fabian Groffen
2019-02-19 12:20 Fabian Groffen
2017-10-08  9:24 Fabian Groffen
2017-10-05 13:39 Fabian Groffen
2017-09-20  6:47 Fabian Groffen
2017-06-19 16:06 Thomas Deutschmann
2017-03-11  7:58 Fabian Groffen
2016-07-08 11:28 Fabian Groffen
2016-03-04 10:58 Fabian Groffen
2015-12-11  9:23 Fabian Groffen
2015-10-19 10:52 Sergey Popov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox