summaryrefslogtreecommitdiff
path: root/mail-mta/exim
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2024-08-21 12:26:06 +0100
committerV3n3RiX <venerix@koprulu.sector>2024-08-21 12:26:06 +0100
commitbad9bf87b08d293eb79ebe14d1882e77da2b0ced (patch)
tree2e95088a05ca299b8369979d4b47f0f846657be7 /mail-mta/exim
parentc431a44e3cfa102e5ef2c9d6bbac48e28c9b15cb (diff)
gentoo auto-resync : 21:08:2024 - 12:26:06
Diffstat (limited to 'mail-mta/exim')
-rw-r--r--mail-mta/exim/Manifest3
-rw-r--r--mail-mta/exim/exim-4.97.1-r6.ebuild637
-rw-r--r--mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch111
-rw-r--r--mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch247
4 files changed, 998 insertions, 0 deletions
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 4e61a86453e8..e754c0253ff1 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -8,6 +8,8 @@ AUX exim-4.94-maildir.patch 316 BLAKE2B fe0b27712e77eba83244434c33372cec47fa3170
AUX exim-4.97-as-needed-ldflags.patch 6032 BLAKE2B ba3e78e49435581eba3fa238c4e660acf9e4bc91c47110f6932675eb0c33568c03ee00a91cef6de93f5acb4611ad6ac1bf465a90f4bc055ac2528d77b588822c SHA512 b7f1e84e3c788d1a9c56339c5dc7eb14eff39b8efaf90d32fd66ddd589f60d4bfab5f36cae51cb84646c1f0b0f7523e56d6a898116b72dc108e89f33d8919333
AUX exim-4.97-localscan_dlopen.patch 6429 BLAKE2B 166c44c93730ef4a0cecd9c8cc556ce2c53dcc21d85b2cb7663fc01d445eab3ecba20f3525b1206238e2b6508a58fe79c72ad86c1722b7c4e1164a6bf9534d6d SHA512 f1d29829f4d7159227476bed377a01a4db6d9aad021bda476d9c1ad1dc4fe7a621260a9e1e4ff9b2686c46575a553a96af7f75f625cb99a5941aa4562f01646a
AUX exim-4.97-no-exim_id_update.patch 402 BLAKE2B 0c2f7ec1fe995f8ee58c6907e149367082c5ce837d1508b9e61f10681825fdcc78a52316184629aa6a80021fbfa21aa0ee90eee6b8fae5a1b05efb77337dd2c5 SHA512 07c062f042176b108444b9a163a309b3186fc19f2953dbb7ad066874189417684b0934fe1300933d04231cc59eeeacfb22ad42b0f328212585908c2e9eae5a8b
+AUX exim-4.97.1-CVE-2024-39929-part1.patch 3624 BLAKE2B c58d8d2ed56acf36d851ff8cc17569aa01da3d71582f6813f43d397a7333381b7cd6acfa6923111e403ff71413a3c8d11ea1df48f8a846fcea9b0479103008cc SHA512 0d1a4080d657895153e32111fea33daee1efb2a79d1699310135fd0a25935695b016ed55e7889583170b058c072e251833057d4bbdb59a032dbb8491b8c24b8c
+AUX exim-4.97.1-CVE-2024-39929-part2.patch 7476 BLAKE2B 14a7b0e5711307cab2e19b1325162503b8e9167cc527f520d4fe395d6582a0bb8f80c058c3502487bde0414d14ae0e7fbebab5d3e471e4764679de12ad0c9600 SHA512 123bf547ee2f09f0c97f01c64c6452103eb972daf2c364b475b5d841b9d972551f03550f7dfedd8340ffd4cc3f4b6e077f04a9ea87c89d1cc3cca330249ded33
AUX exim-4.97.1-memory-usage-bug-3047.patch 8680 BLAKE2B 6c027bebf5d2499d92cf442d3d1beaade645f59b3b6ed4e0f20db763a8697d4f77cbe2d727136df18486a9374f2c46754fa8f89da6361cb1b42812034ac0de7c SHA512 0397318fdc9de3bc9707fad84b6c5c3fec23e5c3d211d090412a907855b74013d6dde1193d590b2162e72167156c8816e9649e18081feba3061431555d6f69c6
AUX exim-submission.socket 161 BLAKE2B 409a5a687897af369a6a2ff0c30564096cc6b308dbc5d0afb6742df44d2aa972e45bad9681d2cb72be9731b260d23fdadb80bae644e7b875af5e34e9c8b8b40f SHA512 4a233761793e3510e9efa5aad3a6098c41b757f13133a7ea825680f2b393aba8d7935f16bf1dd065dde884fe7ba45639a8d398333a7d9bf0a6b72f88c8f2a09d
AUX exim-submission_at.service 360 BLAKE2B 9ebcac1ab0f01a8264141843a4e711d77f634bdd910406bd466a0c197fdad8a9ff4bc31b9b28ef73c810aaff3e549eb60c0a2546507910dfc800da154eb1da00 SHA512 dc28698f15e8eaa4614ae81fc8cb76d92fed1110ce02f7a6ee8feace418dbb194711eb2d4dd444cf818628c11721e21d80b7b974879ab6ddd78cc717cce17c2f
@@ -21,5 +23,6 @@ DIST exim-4.97.1.tar.xz 1919308 BLAKE2B ea41bf851185c7330e648c7757f2bf0b0aea3133
DIST exim-pdf-4.97.1.tar.xz 2139688 BLAKE2B baadbb6ca7b88b11ea88f6b5ce0c96d9d713a1f5b358e4dfb52647ccc2bb1a9a6f74e75341839a8ee7df327f2f5645dbf223e4e5923631b02aa53a777701b436 SHA512 6aa733b1d48b6237f458939ff53e484e702f47a0c10ba781ba101db404d39667bd2ddc876af4f597deda1991e534d5b8b874c549e6a86b5325ebd624a6713183
DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3
EBUILD exim-4.97.1-r5.ebuild 15407 BLAKE2B b20ad346a0d6bfebe2bef714e9f014f37249450bf956d0b567dd17d87335d4b041e56015506c87750b9e0a50d126b6e869738ea153c6bdc098dbaa0118426f69 SHA512 539b05912913422a629e70b6f301eeedd922dd8dc89af8836b327455693a0160658914292ab694157f8f9ead17ed97e68b507cb0e9064b47ed0af0de5a6f1878
+EBUILD exim-4.97.1-r6.ebuild 15543 BLAKE2B 0b7de20037c65afd4c14b31cbe3e62e2837985907f178ab92d82af3897cb576f1b61a537e15c129058fd1669c9c905b799216f57e4ae001a881429f5a19af9de SHA512 467b5af1bd0562d73dda8563dd60e2f03c09dd7e08b6822668d6bab6cd01f9d7a272a1738cb4b1a294396c4c830931a5934ae3e066de5332e7b9a14629eb1cea
EBUILD exim-4.97.1.ebuild 15332 BLAKE2B b3a3e571a09f421f15b6d4b4e7b0cb1158392b6108e9c6c04b9736f4e8cf71d469a8e750a45673334bbc2f55bc8049f3374d043df55b6a09c7f0a4ef34d131e5 SHA512 180f59ccac10d630fcb36d58183236ad6959d185f1eb3044ab8110679aa10a25266285a02ce69f43b9a79820c30a4815c7f181b1d56a28ce319917d4af2740e5
MISC metadata.xml 2488 BLAKE2B 2b6eee3c45210da4bb79ed1a01801cabbdf2be353652602b60cb7c512426197eb14defb2382dd71bcbf0101685a8e5d2f58d52fbee402894f2d86e51329d2165 SHA512 1b3f9fe9cbff738595101b32179f5c8230b5afefcce5266e06db97a3a07a73ad842f0a8be44f421a71e120cdff11e262ba1893f1c7117a0a4c42cf5f37a44d7b
diff --git a/mail-mta/exim/exim-4.97.1-r6.ebuild b/mail-mta/exim/exim-4.97.1-r6.ebuild
new file mode 100644
index 000000000000..fbc02d2e7b6f
--- /dev/null
+++ b/mail-mta/exim/exim-4.97.1-r6.ebuild
@@ -0,0 +1,637 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit db-use flag-o-matic toolchain-funcs pam systemd
+
+IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
+dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
+mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
+socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
+REQUIRED_USE="
+ arc? ( dkim spf )
+ dane? ( ssl !gnutls )
+ !dane? ( ssl? ( gnutls ) )
+ dmarc? ( dkim spf )
+ dkim? ( ssl !gnutls )
+ gnutls? ( ssl )
+ pkcs11? ( ssl )
+ || ( berkdb gdbm tdb )
+"
+# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
+# for x86 and amd64 only (probably due to unbound dep)
+# Exim supports it but we cannot express the dep USE=dane when
+# USE=gnutls is in effect only in package.use.mask, the only option we
+# have left is to a) ignore the dependency (but that results in bug
+# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
+# incorrect, but b) is the only "correct" view from dep-pointofview.
+# Bug #925108 showed that DANE is basically non-optional with OpenSSL,
+# so we make -dane mandatory to use gnutls. Bleh.
+# We cannot express a required use for berkdb/gdbm/tdb correctly because
+# berkdb and gdbm are both enabled in base profile
+
+SDIR=$([[ ${PV} == *_rc* ]] && echo /test
+ [[ ${PV} == *.*.*.* ]] && echo /fixes)
+COMM_URI="https://downloads.exim.org/exim4${SDIR}"
+
+GPV="r0"
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
+ mirror://gentoo/system_filter.exim.gz
+ doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
+HOMEPAGE="https://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+ dev-libs/libpcre2:=
+ tdb? ( sys-libs/tdb:= )
+ !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
+ !tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
+ idn? ( net-dns/libidn:= net-dns/libidn2:= )
+ perl? ( dev-lang/perl:= )
+ pam? ( sys-libs/pam )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? (
+ gnutls? (
+ net-libs/gnutls:0=[pkcs11?]
+ dev-libs/libtasn1
+ )
+ !gnutls? (
+ dev-libs/openssl:0=
+ )
+ )
+ ldap? ( >=net-nds/openldap-2.0.7:= )
+ elibc_glibc? (
+ net-libs/libnsl:=
+ nis? (
+ net-libs/libtirpc:=
+ >=net-libs/libnsl-1:=
+ )
+ )
+ mysql? ( dev-db/mysql-connector-c:= )
+ postgres? ( dev-db/postgresql:= )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+ redis? ( dev-libs/hiredis:= )
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+ dmarc? ( mail-filter/opendmarc:= )
+ X? (
+ x11-libs/libX11
+ x11-libs/libXmu
+ x11-libs/libXt
+ x11-libs/libXaw
+ )
+ sqlite? ( dev-db/sqlite )
+ radius? ( net-dialup/freeradius-client )
+ virtual/libcrypt:=
+ virtual/libiconv
+ "
+ # added X check for #57206
+BDEPEND="virtual/pkgconfig"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/msmtp[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/postfix
+ !mail-mta/sendmail
+ !mail-mta/opensmtpd
+ !mail-mta/ssmtp[mta]
+ >=net-mail/mailbase-0.00-r5
+ virtual/logger
+ dcc? ( mail-filter/dcc )
+ selinux? ( sec-policy/selinux-exim )
+ "
+
+S=${WORKDIR}/${P//_rc/-RC}
+
+src_prepare() {
+ # Legacy patches which need a respin for -p1
+ eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
+ eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+ eapply "${FILESDIR}"/exim-4.97-as-needed-ldflags.patch # 352265, 391279
+ eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+ eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
+ eapply "${FILESDIR}"/exim-4.97-localscan_dlopen.patch
+ eapply "${FILESDIR}"/exim-4.97-no-exim_id_update.patch
+ eapply "${FILESDIR}"/exim-4.97.1-memory-usage-bug-3047.patch # 922780
+
+ eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part1.patch
+ eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part2.patch
+
+ # oddity, they disable berkdb as hack, and then throw an error when
+ # berkdb isn't enabled
+ sed -i \
+ -e 's/_DB_/_DONTMESS_/' \
+ -e 's/define DB void/define DONTMESS void/' \
+ src/auths/call_radius.c || die
+
+ if use maildir ; then
+ eapply "${FILESDIR}"/exim-4.94-maildir.patch
+ else
+ eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+ fi
+
+ eapply_user
+
+ # user Exim believes it should be
+ MAILUSER=mail
+ MAILGROUP=mail
+ if use prefix && [[ ${EUID} != 0 ]] ; then
+ MAILUSER=$(id -un)
+ MAILGROUP=$(id -gn)
+ fi
+}
+
+src_configure() {
+ # general config and paths
+
+ local aliases="${EPREFIX}/etc/mail/aliases"
+ sed -i \
+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
+ src/configure.default || die
+
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
+
+ if use elibc_musl; then
+ sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
+ append-cflags -DNO_EXECINFO
+ fi
+
+ local conffile="${EPREFIX}/etc/exim/exim.conf"
+ sed -e "48i\CFLAGS=${CFLAGS}" \
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+ -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
+ -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+ src/EDITME > Local/Makefile || die
+
+ # work on Local/Makefile from now on
+ cd Local
+
+ cat >> Makefile <<- EOC
+ INFO_DIRECTORY=${EPREFIX}/usr/share/info
+ PID_FILE_PATH=${EPREFIX}/run/exim.pid
+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+ HAVE_ICONV=yes
+ WITH_CONTENT_SCAN=yes
+ EOC
+
+ # configure db implementation, Exim always needs one for its hints
+ # database, we prefer tdb and gdbm, since bdb is kind of getting
+ # less and less support
+ if use tdb ; then
+ cat >> Makefile <<- EOC
+ USE_TDB=yes
+ DBMLIB = -ltdb
+ EOC
+ sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
+ sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
+ elif use gdbm ; then
+ cat >> Makefile <<- EOC
+ USE_GDBM=yes
+ DBMLIB = -lgdbm
+ EOC
+ sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
+ sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
+ else # must be berkdb via required_use
+ # use the "native" interfaces to the DBM and CDB libraries, support
+ # passwd and directory lookups by default
+ local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
+ cat >> Makefile <<- EOC
+ USE_DB=yes
+ # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
+ CFLAGS += -I$(db_includedir ${DB_VERS})
+ DBMLIB = -l$(db_libname ${DB_VERS})
+ EOC
+ sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
+ sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
+ fi
+
+ # if we use libiconv, now is the time to tell so
+ if use !elibc_glibc && use !elibc_musl ; then
+ cat >> Makefile <<- EOC
+ EXTRALIBS_EXIM=-liconv
+ EOC
+ fi
+
+ # support for IPv6
+ if use ipv6; then
+ cat >> Makefile <<- EOC
+ HAVE_IPV6=YES
+ EOC
+ fi
+
+ # support i18n/IDNA
+ if use idn; then
+ cat >> Makefile <<- EOC
+ SUPPORT_I18N=yes
+ SUPPORT_I18N_2008=yes
+ EXTRALIBS_EXIM += -lidn -lidn2
+ EOC
+ fi
+
+ #
+ # mail storage formats
+ #
+
+ # mailstore is Exim's traditional storage format
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILSTORE=yes
+ EOC
+
+ # mbox
+ if use mbx; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MBX=yes
+ EOC
+ fi
+
+ # maildir
+ if use maildir; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILDIR=yes
+ EOC
+ fi
+
+ #
+ # lookup methods
+ #
+
+ # support passwd and directory lookups by default
+ cat >> Makefile <<- EOC
+ LOOKUP_CDB=yes
+ LOOKUP_PASSWD=yes
+ LOOKUP_DSEARCH=yes
+ EOC
+
+ if ! use dnsdb; then
+ # DNSDB lookup is enabled by default
+ sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
+ fi
+
+ if use ldap; then
+ cat >> Makefile <<- EOC
+ LOOKUP_LDAP=yes
+ LDAP_LIB_TYPE=OPENLDAP2
+ LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
+ LOOKUP_LIBS += -lldap -llber
+ EOC
+ fi
+
+ if use mysql; then
+ cat >> Makefile <<- EOC
+ LOOKUP_MYSQL=yes
+ LOOKUP_INCLUDE += $(mysql_config --include)
+ LOOKUP_LIBS += $(mysql_config --libs)
+ EOC
+ fi
+
+ if use nis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_NIS=yes
+ LOOKUP_NISPLUS=yes
+ EOC
+ if use elibc_glibc ; then
+ cat >> Makefile <<- EOC
+ LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
+ LOOKUP_LIBS += -lnsl
+ EOC
+ fi
+ fi
+
+ if use postgres; then
+ cat >> Makefile <<- EOC
+ LOOKUP_PGSQL=yes
+ LOOKUP_INCLUDE += -I$(pg_config --includedir)
+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+ EOC
+ fi
+
+ if use sqlite; then
+ cat >> Makefile <<- EOC
+ LOOKUP_SQLITE=yes
+ LOOKUP_SQLITE_PC=sqlite3
+ EOC
+ fi
+
+ if use redis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_REDIS=yes
+ LOOKUP_LIBS += -lhiredis
+ EOC
+ fi
+
+ # Exim monitor, enabled by default, controlled via X USE-flag,
+ # disable if not requested, bug #46778
+ if use X; then
+ cp ../exim_monitor/EDITME eximon.conf || die
+ cat >> Makefile <<- EOC
+ EXIM_MONITOR=eximon.bin
+ EOC
+ fi
+
+ #
+ # features
+ #
+
+ # DomainKeys Identified Mail, RFC4871
+ if ! use dkim; then
+ # DKIM is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_DKIM=yes
+ EOC
+ fi
+
+ # Per-Recipient-Data-Response
+ if ! use prdr; then
+ # PRDR is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_PRDR=yes
+ EOC
+ fi
+
+ # Transport post-delivery actions
+ if use !tpda && use !dane; then
+ # EVENT is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_EVENT=yes
+ EOC
+ fi
+
+ # log to syslog
+ if use syslog; then
+ local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
+ sed -i \
+ -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
+ Makefile || die
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=syslog
+ EOC
+ else
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+ EOC
+ fi
+
+ # starttls support (ssl)
+ if use ssl; then
+ if use gnutls; then
+ echo "USE_GNUTLS=yes" >> Makefile
+ echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
+ >> Makefile
+ use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+ else
+ echo "USE_OPENSSL=yes" >> Makefile
+ echo "USE_OPENSSL_PC=openssl" >> Makefile
+ fi
+ else
+ echo "DISABLE_TLS=yes" >> Makefile
+ fi
+
+ # TCP wrappers
+ if use tcpd; then
+ cat >> Makefile <<- EOC
+ USE_TCP_WRAPPERS=yes
+ EXTRALIBS_EXIM += -lwrap
+ EOC
+ fi
+
+ # Light Mail Transport Protocol
+ if use lmtp; then
+ cat >> Makefile <<- EOC
+ TRANSPORT_LMTP=yes
+ EOC
+ fi
+
+ # embedded Perl
+ if use perl; then
+ cat >> Makefile <<- EOC
+ EXIM_PERL=perl.o
+ EOC
+ fi
+
+ # dlfunc
+ if use dlfunc; then
+ cat >> Makefile <<- EOC
+ EXPAND_DLFUNC=yes
+ HAVE_LOCAL_SCAN=yes
+ DLOPEN_LOCAL_SCAN=yes
+ EOC
+ fi
+
+ # Proxy Protocol
+ if use proxy; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PROXY=yes
+ EOC
+ fi
+
+ # SOCKS5 (outbound) proxy support
+ if use socks5; then
+ cat >> Makefile <<- EOC
+ SUPPORT_SOCKS=yes
+ EOC
+ fi
+
+ # DANE
+ if use !dane; then
+ # DANE is enabled by default
+ sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
+ fi
+
+ # DMARC
+ if use dmarc; then
+ cat >> Makefile <<- EOC
+ SUPPORT_DMARC=yes
+ EXTRALIBS_EXIM += -lopendmarc
+ EOC
+ fi
+
+ # Sender Policy Framework
+ if use spf; then
+ cat >> Makefile <<- EOC
+ SUPPORT_SPF=yes
+ EXTRALIBS_EXIM += -lspf2
+ EOC
+ fi
+
+ #
+ # experimental features
+ #
+
+ # Authenticated Receive Chain
+ if use arc; then
+ echo "EXPERIMENTAL_ARC=yes">> Makefile
+ fi
+
+ # Distributed Checksum Clearinghouse
+ if use dcc; then
+ echo "EXPERIMENTAL_DCC=yes">> Makefile
+ fi
+
+ # Sender Rewriting Scheme
+ if use srs; then
+ # this one is the default/supported variant since 4.95, and the
+ # only variant available since 4.96
+ cat >> Makefile <<- EOC
+ SUPPORT_SRS=yes
+ EOC
+ fi
+
+ # Delivery Sender Notifications extra information in fail message
+ if use dsn; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DSN_INFO=yes
+ EOC
+ fi
+
+ #
+ # authentication (SMTP AUTH)
+ #
+
+ # standard bits
+ cat >> Makefile <<- EOC
+ AUTH_SPA=yes
+ AUTH_CRAM_MD5=yes
+ AUTH_PLAINTEXT=yes
+ EOC
+
+ # Cyrus SASL
+ if use sasl; then
+ cat >> Makefile <<- EOC
+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+ AUTH_CYRUS_SASL=yes
+ AUTH_LIBS += -lsasl2
+ EOC
+ fi
+
+ # Dovecot
+ if use dovecot-sasl; then
+ cat >> Makefile <<- EOC
+ AUTH_DOVECOT=yes
+ EOC
+ fi
+
+ # Pluggable Authentication Modules
+ if use pam; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PAM=yes
+ AUTH_LIBS += -lpam
+ EOC
+ fi
+
+ # Radius
+ if use radius; then
+ cat >> Makefile <<- EOC
+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+ AUTH_LIBS += -lfreeradius-client
+ EOC
+ fi
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
+}
+
+src_install() {
+ cd "${S}"/build-exim-gentoo || die
+ dosbin exim
+ if use X; then
+ dosbin eximon.bin
+ dosbin eximon
+ fi
+ fperms 4755 /usr/sbin/exim
+
+ dosym exim /usr/sbin/sendmail
+ dosym exim /usr/sbin/rsmtp
+ dosym exim /usr/sbin/rmail
+ dosym ../sbin/exim /usr/bin/mailq
+ dosym ../sbin/exim /usr/bin/newaliases
+ dosym ../sbin/sendmail /usr/lib/sendmail
+
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+ convert4r3 convert4r4 exipick
+ do
+ dosbin $i
+ done
+
+ dodoc -r "${S}"/doc/.
+ doman "${S}"/doc/exim.8
+ use dsn && dodoc "${S}"/README.DSN
+ use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+ # conf files
+ insinto /etc/exim
+ newins "${S}"/src/configure.default exim.conf.dist
+ doins "${WORKDIR}"/system_filter.exim
+ doins "${FILESDIR}"/auth_conf.sub
+
+ if use pam; then
+ pamd_mimic system-auth exim auth account
+ fi
+
+ # headers, #436406
+ if use dlfunc ; then
+ # fixup includes so they actually can be found when including
+ sed -i \
+ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+ local_scan.h || die
+ insinto /usr/include/exim
+ doins {config,local_scan}.h ../src/{mytypes,store}.h
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/exim.logrotate" exim
+
+ newinitd "${FILESDIR}"/exim.rc10 exim
+ newconfd "${FILESDIR}"/exim.confd exim
+
+ systemd_dounit \
+ "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+ systemd_newunit \
+ "${FILESDIR}"/exim_at.service 'exim@.service'
+ systemd_newunit \
+ "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+ diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+ keepdir /var/log/${PN}
+}
+
+pkg_postinst() {
+ if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
+ einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
+ einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
+ einfo "for using smtp auth."
+ einfo "Please create ${EROOT}/etc/exim/exim.conf from"
+ einfo " ${EROOT}/etc/exim/exim.conf.dist."
+ fi
+ if use berkdb && ( use gdbm || use tdb ) ; then
+ ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
+ fi
+ if use dmarc ; then
+ einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
+ einfo "you can populate this file with the contents downloaded from"
+ einfo " https://publicsuffix.org/list/public_suffix_list.dat"
+ fi
+ if use dcc ; then
+ einfo "DCC support is experimental, you can find some limited"
+ einfo "documentation at the bottom of this prerelease message:"
+ einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
+ fi
+ use dsn && einfo "extra information in fail DSN message is experimental"
+ einfo
+ elog "Note that this release contains a tainted variable check that"
+ elog "is likely to break your configuration used with Exim 4.93 and before."
+ elog "Please check your transports for occurences of \$local_part, and"
+ elog "use a replacement like \$local_part_data where possible."
+}
diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch
new file mode 100644
index 000000000000..e83a44abc986
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch
@@ -0,0 +1,111 @@
+patch reduced to code only
+
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Mon, 1 Jul 2024 18:35:12 +0000 (+0100)
+Subject: Fix MIME parsing of filenames specified using multiple parameters. Bug 3099
+X-Git-Tag: exim-4.98-RC3~2
+X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/6ce5c70cff89
+
+Fix MIME parsing of filenames specified using multiple parameters. Bug 3099
+---
+
+diff --git a/src/src/mime.c b/src/src/mime.c
+index 975ddca85..5f9e1ade7 100644
+--- a/src/src/mime.c
++++ b/src/src/mime.c
+@@ -587,10 +587,10 @@ while(1)
+
+ while (*p)
+ {
+- DEBUG(D_acl) debug_printf_indent("MIME: considering paramlist '%s'\n", p);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: considering paramlist '%s'\n", p);
+
+- if ( !mime_filename
+- && strncmpic(CUS"content-disposition:", header, 20) == 0
++ if ( strncmpic(CUS"content-disposition:", header, 20) == 0
+ && strncmpic(CUS"filename*", p, 9) == 0
+ )
+ { /* RFC 2231 filename */
+@@ -604,11 +604,12 @@ while(1)
+
+ if (q && *q)
+ {
+- uschar * temp_string, * err_msg;
++ uschar * temp_string, * err_msg, * fname = q;
+ int slen;
+
+ /* build up an un-decoded filename over successive
+ filename*= parameters (for use when 2047 decode fails) */
++/*XXX could grow a gstring here */
+
+ mime_fname_rfc2231 = string_sprintf("%#s%s",
+ mime_fname_rfc2231, q);
+@@ -623,26 +624,32 @@ while(1)
+ /* look for a ' in the "filename" */
+ while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */
+
+- if ((size = s-q) > 0)
+- mime_filename_charset = string_copyn(q, size);
++ if (*s) /* there was a ' */
++ {
++ if ((size = s-q) > 0)
++ mime_filename_charset = string_copyn(q, size);
+
+- if (*(p = s)) p++;
+- while(*p == '\'') p++; /* p is after 2nd ' */
++ if (*(fname = s)) fname++;
++ while(*fname == '\'') fname++; /* fname is after 2nd ' */
++ }
+ }
+- else
+- p = q;
+
+- DEBUG(D_acl) debug_printf_indent("MIME: charset %s fname '%s'\n",
+- mime_filename_charset ? mime_filename_charset : US"<NULL>", p);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: charset %s fname '%s'\n",
++ mime_filename_charset ? mime_filename_charset : US"<NULL>",
++ fname);
+
+- temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen);
+- DEBUG(D_acl) debug_printf_indent("MIME: 2047-name %s\n", temp_string);
++ temp_string = rfc2231_to_2047(fname, mime_filename_charset,
++ &slen);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: 2047-name %s\n", temp_string);
+
+ temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ',
+- NULL, &err_msg);
+- DEBUG(D_acl) debug_printf_indent("MIME: plain-name %s\n", temp_string);
++ NULL, &err_msg);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: plain-name %s\n", temp_string);
+
+- if (!temp_string || (size = Ustrlen(temp_string)) == slen)
++ if (!temp_string || (size = Ustrlen(temp_string)) == slen)
+ decoding_failed = TRUE;
+ else
+ /* build up a decoded filename over successive
+@@ -651,9 +658,9 @@ while(1)
+ mime_filename = mime_fname = mime_fname
+ ? string_sprintf("%s%s", mime_fname, temp_string)
+ : temp_string;
+- }
+- }
+- }
++ } /*!decoding_failed*/
++ } /*q*/
++ } /*2231 filename*/
+
+ else
+ /* look for interesting parameters */
+@@ -682,7 +689,7 @@ while(1)
+
+
+ /* There is something, but not one of our interesting parameters.
+- Advance past the next semicolon */
++ Advance past the next semicolon */
+ p = mime_next_semicolon(p);
+ if (*p) p++;
+ } /* param scan on line */
diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch
new file mode 100644
index 000000000000..f33e33598379
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch
@@ -0,0 +1,247 @@
+patch reduced to code only
+
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 2 Jul 2024 13:41:19 +0000 (+0100)
+Subject: MIME: support RFC 2331 for name=. Bug 3099
+X-Git-Tag: exim-4.98-RC3~1
+X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/1b3209b0577a
+
+MIME: support RFC 2331 for name=. Bug 3099
+---
+
+diff --git a/src/src/mime.c b/src/src/mime.c
+index 5f9e1ade7..8044bb3fd 100644
+--- a/src/src/mime.c
++++ b/src/src/mime.c
+@@ -30,10 +30,10 @@ static int mime_header_list_size = nelem(mime_header_list);
+
+ static mime_parameter mime_parameter_list[] = {
+ /* name namelen value */
+- { US"name=", 5, &mime_filename },
+- { US"filename=", 9, &mime_filename },
+- { US"charset=", 8, &mime_charset },
+- { US"boundary=", 9, &mime_boundary }
++ { US"name", 4, &mime_filename },
++ { US"filename", 8, &mime_filename },
++ { US"charset", 7, &mime_charset },
++ { US"boundary", 8, &mime_boundary }
+ };
+
+
+@@ -577,8 +577,8 @@ while(1)
+ if (*(p = q)) p++; /* jump past the ; */
+
+ {
+- uschar * mime_fname = NULL;
+- uschar * mime_fname_rfc2231 = NULL;
++ gstring * mime_fname = NULL;
++ gstring * mime_fname_rfc2231 = NULL;
+ uschar * mime_filename_charset = NULL;
+ BOOL decoding_failed = FALSE;
+
+@@ -590,90 +590,92 @@ while(1)
+ DEBUG(D_acl)
+ debug_printf_indent("MIME: considering paramlist '%s'\n", p);
+
+- if ( strncmpic(CUS"content-disposition:", header, 20) == 0
+- && strncmpic(CUS"filename*", p, 9) == 0
+- )
+- { /* RFC 2231 filename */
+- uschar * q;
+-
+- /* find value of the filename */
+- p += 9;
+- while(*p != '=' && *p) p++;
+- if (*p) p++; /* p is filename or NUL */
+- q = mime_param_val(&p); /* p now trailing ; or NUL */
+-
+- if (q && *q)
++ /* look for interesting parameters */
++ for (mime_parameter * mp = mime_parameter_list;
++ mp < mime_parameter_list + nelem(mime_parameter_list);
++ mp++
++ ) if (strncmpic(mp->name, p, mp->namelen) == 0)
++ {
++ p += mp->namelen;
++ if (*p == '*') /* RFC 2231 */
+ {
+- uschar * temp_string, * err_msg, * fname = q;
+- int slen;
+-
+- /* build up an un-decoded filename over successive
+- filename*= parameters (for use when 2047 decode fails) */
+-/*XXX could grow a gstring here */
+-
+- mime_fname_rfc2231 = string_sprintf("%#s%s",
+- mime_fname_rfc2231, q);
+-
+- if (!decoding_failed)
++ while (isdigit(*++p)) ; /* ignore cont-cnt values */
++ if (*p == '*') p++; /* step over sep chset mark */
++ if (*p == '=')
+ {
+- int size;
+- if (!mime_filename_charset)
++ uschar * q;
++ p++; /* step over = */
++ q = mime_param_val(&p); /* p now trailing ; or NUL */
++
++ if (q && *q) /* q is the dequoted value */
+ {
+- uschar * s = q;
++ uschar * err_msg, * fname = q;
++ int slen;
++
++ /* build up an un-decoded filename over successive
++ filename*= parameters (for use when 2047 decode fails) */
+
+- /* look for a ' in the "filename" */
+- while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */
++ mime_fname_rfc2231 = string_cat(mime_fname_rfc2231, q);
+
+- if (*s) /* there was a ' */
++ if (!decoding_failed)
+ {
+- if ((size = s-q) > 0)
+- mime_filename_charset = string_copyn(q, size);
+-
+- if (*(fname = s)) fname++;
+- while(*fname == '\'') fname++; /* fname is after 2nd ' */
+- }
+- }
+-
+- DEBUG(D_acl)
+- debug_printf_indent("MIME: charset %s fname '%s'\n",
+- mime_filename_charset ? mime_filename_charset : US"<NULL>",
+- fname);
+-
+- temp_string = rfc2231_to_2047(fname, mime_filename_charset,
+- &slen);
+- DEBUG(D_acl)
+- debug_printf_indent("MIME: 2047-name %s\n", temp_string);
+-
+- temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ',
+- NULL, &err_msg);
+- DEBUG(D_acl)
+- debug_printf_indent("MIME: plain-name %s\n", temp_string);
+-
+- if (!temp_string || (size = Ustrlen(temp_string)) == slen)
+- decoding_failed = TRUE;
+- else
+- /* build up a decoded filename over successive
+- filename*= parameters */
+-
+- mime_filename = mime_fname = mime_fname
+- ? string_sprintf("%s%s", mime_fname, temp_string)
+- : temp_string;
+- } /*!decoding_failed*/
+- } /*q*/
+- } /*2231 filename*/
+-
+- else
+- /* look for interesting parameters */
+- for (mime_parameter * mp = mime_parameter_list;
+- mp < mime_parameter_list + nelem(mime_parameter_list);
+- mp++
+- ) if (strncmpic(mp->name, p, mp->namelen) == 0)
+- {
+- uschar * q;
+- uschar * dummy_errstr;
++ if (!mime_filename_charset)
++ { /* try for RFC 2231 chset/lang */
++ uschar * s = q;
++
++ /* look for a ' in the raw paramval */
++ while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */
++
++ if (*s) /* there was a ' */
++ {
++ int size;
++ if ((size = s-q) > 0)
++ mime_filename_charset = string_copyn(q, size);
++
++ if (*(fname = s)) fname++;
++ while(*fname == '\'') fname++; /*fname is after 2nd '*/
++ }
++ }
++
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: charset %s fname '%s'\n",
++ mime_filename_charset ? mime_filename_charset : US"<NULL>",
++ fname);
++
++ fname = rfc2231_to_2047(fname, mime_filename_charset,
++ &slen);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: 2047-name %s\n", fname);
++
++ fname = rfc2047_decode(fname, FALSE, NULL, ' ',
++ NULL, &err_msg);
++ DEBUG(D_acl) debug_printf_indent(
++ "MIME: plain-name %s\n", fname);
++
++ if (!fname || Ustrlen(fname) == slen)
++ decoding_failed = TRUE;
++ else if (mp->value == &mime_filename)
++ {
++ /* build up a decoded filename over successive
++ filename*= parameters */
++
++ mime_fname = string_cat(mime_fname, fname);
++ mime_filename = string_from_gstring(mime_fname);
++ }
++ } /*!decoding_failed*/
++ } /*q*/
++
++ if (*p) p++; /* p is past ; */
++ goto param_done; /* done matching param names */
++ } /*2231 param coding extension*/
++ }
++ else if (*p == '=')
++ { /* non-2231 param */
++ uschar * q, * dummy_errstr;
+
+ /* grab the value and copy to its expansion variable */
+- p += mp->namelen;
++
++ if (*p) p++; /* step over = */
+ q = mime_param_val(&p); /* p now trailing ; or NUL */
+
+ *mp->value = q && *q
+@@ -684,26 +686,31 @@ while(1)
+ "MIME: found %s parameter in %s header, value '%s'\n",
+ mp->name, mh->name, *mp->value);
+
+- break; /* done matching param names */
++ if (*p) p++; /* p is past ; */
++ goto param_done; /* done matching param names */
+ }
+-
++ } /* interesting parameters */
+
+ /* There is something, but not one of our interesting parameters.
+ Advance past the next semicolon */
++
+ p = mime_next_semicolon(p);
+ if (*p) p++;
+- } /* param scan on line */
++ param_done:
++ } /* param scan on line */
+
+ if (strncmpic(CUS"content-disposition:", header, 20) == 0)
+ {
+- if (decoding_failed) mime_filename = mime_fname_rfc2231;
++ if (decoding_failed)
++ mime_filename = string_from_gstring(mime_fname_rfc2231);
+
+ DEBUG(D_acl) debug_printf_indent(
+ "MIME: found %s parameter in %s header, value is '%s'\n",
+ "filename", mh->name, mime_filename);
+ }
+ }
+- }
++ break;
++ } /* interesting headers */
+
+ /* set additional flag variables (easier access) */
+ if ( mime_content_type