gentoo auto-resync : 25:12:2023 - 13:34:50

author: V3n3RiX <venerix@koprulu.sector> 2023-12-25 13:34:50 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2023-12-25 13:34:50 +0000
commit: 479921825a5c44a5fbcd5441f00ee98e54db9bac (patch)
tree: a40800c43ce47a1158369633f7d432b2bd365743 /mail-mta
parent: fa5cba104ab90ce81be0cb7e9992447a10e76013 (diff)
10 files changed, 517 insertions, 349 deletions
diff --git a/mail-mta/Manifest.gz b/mail-mta/Manifest.gz
index 3e270dc539f9..f122bb1cb136 100644
--- a/mail-mta/Manifest.gz
+++ b/mail-mta/Manifest.gz
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 579c6128e608..f1102d41896e 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -5,10 +5,10 @@ AUX exim-4.74-radius-db-ENV-clash.patch 667 BLAKE2B 3cc03dd925333774c08484efbb5d
 AUX exim-4.76-crosscompile.patch 462 BLAKE2B de78322f93760cef0d5a768b8be6c723f00d5c7557da6189ffa6ee34215c41ebe8896a2457b2e6a704d05a1730eab09c8cc73e3ba3140954f9ac32423210b612 SHA512 d4fd4417c1ce727f139999c399795312cdbbb9735d0793d68f8e3150240bc53b31277cb26f9946ba549b34c661fc0a61147d376bda09aa6763cab55d80d62343
 AUX exim-4.80-spool-mail-group.patch 946 BLAKE2B a3b6783b77823c5a8373623d16b85e2ba209b419b6724f307c46bf961bc5195690453208cdd40e45bc36e5a070892414c7737a97fa04e653e78050c153c59079 SHA512 24f30e9a9d90dc0f1fe8b3db26f8bc2649182b4e78110dc28a9c0f3a3feb7589f923144a4f1c54a1c46ff8cfe40826a1f2212787753be752f4d15a72d54a143b
 AUX exim-4.93-as-needed-ldflags.patch 6013 BLAKE2B 2de473f089a36cabd5481020524dcb2efb7a5681b224608a8454aebc70e07f7776fe812f02fa5d81fb80b25bc2cc154924953d173d65664b1e576176a01191b9 SHA512 df6c18a7d092d9069dd6d4177154681197de86ab41dbd399055ad663cbd0c7da149f8bbcb7c888965851475ee2cf891dc934f1d5ad7a4ea3dc46a54ece582418
-AUX exim-4.94-localscan_dlopen.patch 9595 BLAKE2B c48eaaf486585890dc4028beaca7a39d5b1d965323468c4c317d099ccf0e2e983e9366cb923e0b34546a66ac718ee15e8f682a65cdcd771de8164f76b86c0aa2 SHA512 bd7872473ad1ab9eca41757ca6ee7dd8628bddfa145191aea6a5ac4b62b0e4e3539803cf75fcb22b8bfdcca33a7d2f71ff58ca1862f456960e6b7e4d262ba6ef
 AUX exim-4.94-maildir.patch 316 BLAKE2B fe0b27712e77eba83244434c33372cec47fa317026d159de7a0ac37f2563999a6470df2dc203c1fcda8e7074c949133a0311c2b94c4b48bbc46d64c7c486202c SHA512 13863226883f79dcc781fe8eb3b50ad3c5511af130cf6e41ce40e8543d46832668bd7d746a2cc67842748cdf26144bef4aece49397d3168819215eac93ca1e6e
 AUX exim-4.94-opendmarc-1.4.patch 506 BLAKE2B d8ba66e1165dffb9ba367b997d69090fa8b31aa6ce3cb17d6ade4bd3b3dabf2a2d93223106eeb7f39754397eb17979e66d52de8dc2d524de9019c9598cd89af6 SHA512 6145f07c0b5b4234160fd3480329759a06500b658643523f32bcfa9158258a9b708095725f2e56d5538567f888c5e0e954c4ac51c8f2d16921dc4950241cd2fc
 AUX exim-4.95-localscan_dlopen.patch 7621 BLAKE2B 6df3c1acb585dc87759e056f7bb44e50219812c3ca41364fff77942cc2d6f7452d8f4c158f17295bc586eeacc8048e24f767bab0464d300a7cb7d357c63bedd9 SHA512 1cf52ac9637a753ff7257c274bc09591a8c761fc6599cbb2cceb213272573c371dbc5db6b028c2f745989013c21af54c45facf5f2bf5c87742e299c12a9b8a1b
+AUX exim-4.97-CVE-2023-51766.patch 7723 BLAKE2B e1d542e54b32dec25a85280460f60a8315150be7ca67ea748f04be0d5b173f6c46e0a58c5a98254056188760315c0d5592a404d62544e5727e58aa5f894f275e SHA512 fc5b64f6a6ef848764d5c10589cfda99b1dc984d6f2e57730a747cc34f40f6e10d5edb197a121475251266c3e0c8f40cc6fed0988f4461a8a73393fd3d047e59
 AUX exim-4.97-as-needed-ldflags.patch 6032 BLAKE2B ba3e78e49435581eba3fa238c4e660acf9e4bc91c47110f6932675eb0c33568c03ee00a91cef6de93f5acb4611ad6ac1bf465a90f4bc055ac2528d77b588822c SHA512 b7f1e84e3c788d1a9c56339c5dc7eb14eff39b8efaf90d32fd66ddd589f60d4bfab5f36cae51cb84646c1f0b0f7523e56d6a898116b72dc108e89f33d8919333
 AUX exim-4.97-localscan_dlopen.patch 6429 BLAKE2B 166c44c93730ef4a0cecd9c8cc556ce2c53dcc21d85b2cb7663fc01d445eab3ecba20f3525b1206238e2b6508a58fe79c72ad86c1722b7c4e1164a6bf9534d6d SHA512 f1d29829f4d7159227476bed377a01a4db6d9aad021bda476d9c1ad1dc4fe7a621260a9e1e4ff9b2686c46575a553a96af7f75f625cb99a5941aa4562f01646a
 AUX exim-4.97-no-exim_id_update.patch 402 BLAKE2B 0c2f7ec1fe995f8ee58c6907e149367082c5ce837d1508b9e61f10681825fdcc78a52316184629aa6a80021fbfa21aa0ee90eee6b8fae5a1b05efb77337dd2c5 SHA512 07c062f042176b108444b9a163a309b3186fc19f2953dbb7ad066874189417684b0934fe1300933d04231cc59eeeacfb22ad42b0f328212585908c2e9eae5a8b
@@ -20,18 +20,16 @@ AUX exim.rc10 1135 BLAKE2B abc7247ee8171069f30f954d9e4275fa85f09f5488a372f9c4f7f
 AUX exim.service 229 BLAKE2B 6d6396ef98b8e7c4fcfa28e24223bd58393387abedfb960284dfd1a297d1612deea6b77e2affeca8c5ff6f7db3eb32717893ed0dc1eaf3525e6969520e8589a3 SHA512 a071e9fb74b5fc2fdf0c73ad64ddfbc3954d8f7095d6a363dacf8c75d72a479fbf6821822ec5c8f3846d7687342e1bd447b97f91ca7b0582e5c98008aac30cca
 AUX exim.socket 139 BLAKE2B bb8281a98fdac1b52031d5250fd1e658bf5a2c32e24b49ed0daa857d0d32285abf6db23c3d717992c43443ab4bcd97a19ec3811f182200a2d99a48ced6cfb6bc SHA512 db621116907ceb573e6f34581f47c91f751bff593054d7ddc32397b34c7f2405bec184bdb0589d2ac457fa3a61bcba072761e3a6293a99c9c764d2d9fd6069ae
 AUX exim_at.service 140 BLAKE2B 8624f4a555e2acdc7aaf917952c4152ad00dc063a51076aefa1d023d47d5f7fe8b268f3308734f363ed9628cd8551ccac7fc369657e0fdf65507d2e6419f704c SHA512 11c8133ee15b3e5193c9b1c59aed66c81b6e045dd23310bede9fcde6c88905db5ef08afdb798b53b75a7465915ea1247e980edf95db07a7f9b7bb58ce95fbb5a
-DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc
 DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
 DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed
 DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
 DIST exim-4.97.tar.xz 1909536 BLAKE2B b0f09d5f162853996976c222786de14e2104acdf01fd61da486f59f4cf8af1182cdfb7ea31fd55ccfd9c57256e7f442dc1b46727e08fe2eca82a296ac4ae7899 SHA512 b28cbb49fa7e143dfcc94e004d57cf98a1945013e676cd103c1ee4cf52933d49d378baa13bea2663353dba97745d6b2ab8b7b66cde870788a2d85d7abd716968
-DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0
 DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74
 DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1
 DIST exim-pdf-4.97.tar.xz 2136852 BLAKE2B df188e658e9e86d1b651d12b29e8a440677d75cc0384bab829323582a3a89b62f34e504b759ef2824b7735056696aed6ac33a4ca10a74fc5bc036f150caaac12 SHA512 defd1e7d823f4eadd2afe426d9105a395421824a1b1941b97bfda408905bdd105b5c219b713e15506d25d98fa48e965228f8daab286dc1be14a387f567c0b58b
 DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3
-EBUILD exim-4.94.2-r7.ebuild 14776 BLAKE2B a0fb91597d669703f7c97874ff0989c90f6989d836bb12c2a24be64efecde184149374a7319495117d94a0fa75d6d94b612a63306dff3d17fb7f717ab97d5d6f SHA512 c9ff4091c66c7b3d60e17f95a542bc870edae5111e2690fae9f507081a6f9903a7dc587e9705c6adbad01fc9badad69f58ba8c24add3fc01a1e223387ebd6078
-EBUILD exim-4.96-r4.ebuild 16589 BLAKE2B dd4a8fafb95891d3a4ec779360cc0603b27d365a3bceed9ec977371c30b953f7fec8d3e132dda1d4da9611374082447d233cdbadc3e6f8cf01576465e459262f SHA512 64eda6530c502540669fc7934db59e16939cf44c90974a84d5c7fa5e5e1bc61b1b10d69c4d07351fc4f3966c3473fa8813e5c35feaa48999eb183ad26e4a0f0c
+EBUILD exim-4.96-r4.ebuild 16535 BLAKE2B a88defab588c1cecdd1aadac7e8e18f45432ee32573ca8990c34881668fbb48344cb658a7b5c261e08a86fee2355c6e17a7c48235bd394a6c8f9ff4844d93bc7 SHA512 d62a1ea6ef9f623239464de735060b7427f54f0af10d46791260df844d910e4451a0957cacae22155ee6f3a073f5ef8a69bba710c1cdefe4dcf11082470e0601
+EBUILD exim-4.96.2-r1.ebuild 16669 BLAKE2B d4ff8e4fcaf41e90b477c336156f4f2cfaea1b091790816b809aa0d1df884f4634e898f28300bb9c14b48e4d029cfc68071b0c1daa72f55432a288ec557e4155 SHA512 0e028a4abac5e5869676d543190cb2e9d2a151aa50ee8bb8d07e2b642c06c8a30bc1d9017fdb98a83ffea7d1cd846e8b0bdc71135e446ba8d377457e001b67bf
 EBUILD exim-4.96.2.ebuild 16601 BLAKE2B 155c746de2ca0ba5a9dcf5da82d29ccca43ac41622deef127accd09f2fd296ea214cc745cc3bb620b9790b320476baed5ba438a8d3915e0c8c91cee33d26f9e5 SHA512 a716435140e193eb1a9fcea37b976475c11ea9f46cf483a3ff54b46e2aada4f4e72cb0c35d1b35ce48dd77e481701c4f7ad24e43328d28f591c6e257263f5a2a
-EBUILD exim-4.97-r1.ebuild 15359 BLAKE2B d1e7b0c9a8d387a1e5564a05c1d72a4acdbe5b836f867cb98c9cde8cf24ac89cb9c2ccbb11b46a307486f8c724d929092aaa7649a31dc2cc711ee4069539dfdf SHA512 efce57763ea6b6aee956d7a975417943088f8a3fa0213094ee8a49a5782ade81bded74f57cb26b42e245f1106c33d05f404d9ce6e5e483065d02e268189f3eb0
-MISC metadata.xml 2759 BLAKE2B 4f5d0d9fbd244b0836de4bd0d3b84f45376628a12e019c89e49e6dbd7128c19f16281fdfb401d852f57f27f547184351000382cc7333a524f7be280e0799d8d8 SHA512 85a2eaef07eb68d51a1307c6d76bef6620e7311ffda593750ebee5fe84affac2e026c971818500004c0ab9722a8e84c8eb0394fb66bb2ba6cd3465cf7e1f1a73
+EBUILD exim-4.97-r2.ebuild 15267 BLAKE2B fd990f3dd11266bc969c0f25f038ff991b871baa3b41e356043cfb949a9110cd72df57e116a231dae6c9bd4e875469d8c0972ce8b1990c41715beeb75d2af2cd SHA512 2a345958acbdb3f0434f157199d864c9b833647168468110fba80efe1edec26b26bd17b56d628644df95d8bb5c00a4e6edd17ba97d97474a16f54ab7f3ea6ca0
+MISC metadata.xml 2488 BLAKE2B 2b6eee3c45210da4bb79ed1a01801cabbdf2be353652602b60cb7c512426197eb14defb2382dd71bcbf0101685a8e5d2f58d52fbee402894f2d86e51329d2165 SHA512 1b3f9fe9cbff738595101b32179f5c8230b5afefcce5266e06db97a3a07a73ad842f0a8be44f421a71e120cdff11e262ba1893f1c7117a0a4c42cf5f37a44d7b
diff --git a/mail-mta/exim/exim-4.96-r4.ebuild b/mail-mta/exim/exim-4.96-r4.ebuild
index 503519b18ac5..c3bb1a1d477e 100644
--- a/mail-mta/exim/exim-4.96-r4.ebuild
+++ b/mail-mta/exim/exim-4.96-r4.ebuild
@@ -42,7 +42,7 @@ HOMEPAGE="https://www.exim.org/"
 
 SLOT="0"
 LICENSE="GPL-2"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~ppc ppc64 ~sparc x86"
+KEYWORDS="x86"
 
 COMMON_DEPEND=">=sys-apps/sed-4.0.5
 	dev-libs/libpcre2:=
diff --git a/mail-mta/exim/exim-4.94.2-r7.ebuild b/mail-mta/exim/exim-4.96.2-r1.ebuild
index 8f5367aecfb8..f31266dbaa83 100644
--- a/mail-mta/exim/exim-4.94.2-r7.ebuild
+++ b/mail-mta/exim/exim-4.96.2-r1.ebuild
@@ -1,11 +1,14 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
 
 inherit db-use toolchain-funcs pam systemd
 
-IUSE="arc +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls idn ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs +srs-alt srs-native +ssl syslog tcpd +tpda X"
+IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
+dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
+mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
+socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
 REQUIRED_USE="
 	arc? ( dkim spf )
 	dane? ( ssl !gnutls )
@@ -13,11 +16,7 @@ REQUIRED_USE="
 	dkim? ( ssl !gnutls )
 	gnutls? ( ssl )
 	pkcs11? ( ssl )
-	spf? ( exiscan-acl )
-	srs? (
-		exiscan-acl
-		^^ ( srs-alt srs-native )
-	)
+	|| ( berkdb gdbm tdb )
 "
 # NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
 # for x86 and amd64 only, due to this, repoman won't allow depending on
@@ -26,24 +25,30 @@ REQUIRED_USE="
 # have left is to a) ignore the dependency (but that results in bug
 # #661164) or b) mask the usage of USE=dane with USE=gnutls.  Both are
 # incorrect, but b) is the only "correct" view from repoman.
+# We cannot express a required use for berkdb/gdbm/tdb correctly because
+# berkdb and gdbm are both enabled in base profile
 
 SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
 	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
 COMM_URI="https://downloads.exim.org/exim4${SDIR}"
 
+GPV="r0"
 DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
 SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
+	https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz
 	mirror://gentoo/system_filter.exim.gz
 	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
 HOMEPAGE="https://www.exim.org/"
 
 SLOT="0"
 LICENSE="GPL-2"
-KEYWORDS="sparc"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 
 COMMON_DEPEND=">=sys-apps/sed-4.0.5
-	( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
-	dev-libs/libpcre
+	dev-libs/libpcre2:=
+	tdb? ( sys-libs/tdb:= )
+	!tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
+	!tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
 	idn? ( net-dns/libidn:= net-dns/libidn2:= )
 	perl? ( dev-lang/perl:= )
 	pam? ( sys-libs/pam )
@@ -58,8 +63,9 @@ COMMON_DEPEND=">=sys-apps/sed-4.0.5
 		)
 	)
 	ldap? ( >=net-nds/openldap-2.0.7:= )
-	nis? (
-		elibc_glibc? (
+	elibc_glibc? (
+		net-libs/libnsl:=
+		nis? (
 			net-libs/libtirpc:=
 			>=net-libs/libnsl-1:=
 		)
@@ -70,7 +76,6 @@ COMMON_DEPEND=">=sys-apps/sed-4.0.5
 	redis? ( dev-libs/hiredis:= )
 	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
 	dmarc? ( mail-filter/opendmarc:= )
-	srs? ( srs-alt? ( mail-filter/libsrs_alt ) )
 	X? (
 		x11-libs/libX11
 		x11-libs/libXmu
@@ -81,7 +86,6 @@ COMMON_DEPEND=">=sys-apps/sed-4.0.5
 	radius? ( net-dialup/freeradius-client )
 	virtual/libcrypt:=
 	virtual/libiconv
-	elibc_glibc? ( net-libs/libnsl )
 	"
 	# added X check for #57206
 BDEPEND="virtual/pkgconfig"
@@ -111,13 +115,37 @@ src_prepare() {
 	eapply     "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
 	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
-	eapply     "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
+	eapply     "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
+	eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063
+
+	# Upstream post-release fixes :(
+	local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV}
+	eapply     "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
+	eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
+	eapply     "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
+
+	# oddity, they disable berkdb as hack, and then throw an error when
+	# berkdb isn't enabled
+	sed -i \
+		-e 's/_DB_/_DONTMESS_/' \
+		-e 's/define DB void/define DONTMESS void/' \
+		src/auths/call_radius.c || die
 
-	# for this reason we have a := dep on opendmarc, they changed their
-	# API in a minor release
-	if use dmarc && has_version ">=mail-filter/opendmarc-1.4" ; then
-		eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-	fi
+	# API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
+	# used, but 1.3 has a CVE and Gentoo (like most downstreams) only
+	# has 1.4 available
+	eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
 
 	if use maildir ; then
 		eapply "${FILESDIR}"/exim-4.94-maildir.patch
@@ -167,8 +195,40 @@ src_configure() {
 		PID_FILE_PATH=${EPREFIX}/run/exim.pid
 		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
 		HAVE_ICONV=yes
+		WITH_CONTENT_SCAN=yes
 	EOC
 
+	# configure db implementation, Exim always needs one for its hints
+	# database, we prefer tdb and gdbm, since bdb is kind of getting
+	# less and less support
+	if use tdb ; then
+		cat >> Makefile <<- EOC
+			USE_TDB=yes
+			DBMLIB = -ltdb
+		EOC
+		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
+		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
+	elif use gdbm ; then
+		cat >> Makefile <<- EOC
+			USE_GDBM=yes
+			DBMLIB = -lgdbm
+		EOC
+		sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
+		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
+	else # must be berkdb via required_use
+		# use the "native" interfaces to the DBM and CDB libraries, support
+		# passwd and directory lookups by default
+		local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
+		cat >> Makefile <<- EOC
+			USE_DB=yes
+			# keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
+			CFLAGS += -I$(db_includedir ${DB_VERS})
+			DBMLIB = -l$(db_libname ${DB_VERS})
+		EOC
+		sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
+		sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
+	fi
+
 	# if we use libiconv, now is the time to tell so
 	if use !elibc_glibc && use !elibc_musl ; then
 		cat >> Makefile <<- EOC
@@ -217,18 +277,13 @@ src_configure() {
 
 	#
 	# lookup methods
+	#
 
-	# use the "native" interfaces to the DBM and CDB libraries, support
-	# passwd and directory lookups by default
-	local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
+	# support passwd and directory lookups by default
 	cat >> Makefile <<- EOC
-		USE_DB=yes
 		LOOKUP_CDB=yes
 		LOOKUP_PASSWD=yes
 		LOOKUP_DSEARCH=yes
-		# keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
-		CFLAGS += -I$(db_includedir ${DB_VERS})
-		DBMLIB = -l$(db_libname ${DB_VERS})
 	EOC
 
 	if ! use dnsdb; then
@@ -301,13 +356,6 @@ src_configure() {
 	# features
 	#
 
-	# content scanning support
-	if use exiscan-acl; then
-		cat >> Makefile <<- EOC
-			WITH_CONTENT_SCAN=yes
-		EOC
-	fi
-
 	# DomainKeys Identified Mail, RFC4871
 	if ! use dkim; then
 		# DKIM is enabled by default
@@ -400,6 +448,13 @@ src_configure() {
 		EOC
 	fi
 
+	# SOCKS5 (outbound) proxy support
+	if use socks5; then
+		cat >> Makefile <<- EOC
+			SUPPORT_SOCKS=yes
+		EOC
+	fi
+
 	# DANE
 	if use !dane; then
 		# DANE is enabled by default
@@ -438,23 +493,11 @@ src_configure() {
 
 	# Sender Rewriting Scheme
 	if use srs; then
-		# NOTE: we currently USE-default to srs-alt, because this is
-		# what USE=srs used to be.  Eventually we want to rid ourselves
-		# of this external implementation.
-		if use srs-alt; then
-			# historical default, from 4.95 this becomes
-			# EXPERIMENTAL_SRS_ALT
-			cat >> Makefile <<- EOC
-				EXPERIMENTAL_SRS=yes
-				EXTRALIBS_EXIM += -lsrs_alt
-			EOC
-		fi
-		if use srs-native; then
-			# this one becomes SUPPORT_SRS in 4.95
-			cat >> Makefile <<- EOC
-				EXPERIMENTAL_SRS_NATIVE=yes
-			EOC
-		fi
+		# this one is the default/supported variant since 4.95, and the
+		# only variant available since 4.96
+		cat >> Makefile <<- EOC
+			SUPPORT_SRS=yes
+		EOC
 	fi
 
 	# Delivery Sender Notifications extra information in fail message
@@ -545,9 +588,6 @@ src_install() {
 	# conf files
 	insinto /etc/exim
 	newins "${S}"/src/configure.default exim.conf.dist
-	if use exiscan-acl; then
-		newins "${S}"/src/configure.default exim.conf.exiscan-acl
-	fi
 	doins "${WORKDIR}"/system_filter.exim
 	doins "${FILESDIR}"/auth_conf.sub
 
@@ -590,6 +630,9 @@ pkg_postinst() {
 		einfo "Please create ${EROOT}/etc/exim/exim.conf from"
 		einfo "  ${EROOT}/etc/exim/exim.conf.dist."
 	fi
+	if use berkdb && ( use gdbm || use tdb ) ; then
+		ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
+	fi
 	if use dmarc ; then
 		einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
 		einfo "you can populate this file with the contents downloaded from"
@@ -600,14 +643,9 @@ pkg_postinst() {
 		einfo "documentation at the bottom of this prerelease message:"
 		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
 	fi
-	if use srs ; then
-		einfo "SRS support is experimental in this release of Exim"
-		if use srs-alt; then
-			elog "You are using libsrs_alt to implement SRS support."
-			elog "In future release of Exim, the native SRS implementation"
-			elog "(USE=srs-native) will become the default.  Please prepare"
-			elog "your package.use or switch to USE=srs-native now."
-		fi
+	if use srs; then
+		einfo "SRS support using libsrs_alt was dropped in this"
+		einfo "release of Exim, you are now using the native SRS implementation"
 	fi
 	use dsn && einfo "extra information in fail DSN message is experimental"
 	einfo
diff --git a/mail-mta/exim/exim-4.97-r1.ebuild b/mail-mta/exim/exim-4.97-r2.ebuild
index 3dbed307e7e4..ada81a9a2399 100644
--- a/mail-mta/exim/exim-4.97-r1.ebuild
+++ b/mail-mta/exim/exim-4.97-r2.ebuild
@@ -116,6 +116,7 @@ src_prepare() {
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
 	eapply     "${FILESDIR}"/exim-4.97-localscan_dlopen.patch
 	eapply     "${FILESDIR}"/exim-4.97-no-exim_id_update.patch
+	eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063
 
 	# oddity, they disable berkdb as hack, and then throw an error when
 	# berkdb isn't enabled
@@ -621,10 +622,6 @@ pkg_postinst() {
 		einfo "documentation at the bottom of this prerelease message:"
 		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
 	fi
-	if use srs; then
-		einfo "SRS support using libsrs_alt was dropped in this"
-		einfo "release of Exim, you are now using the native SRS implementation"
-	fi
 	use dsn && einfo "extra information in fail DSN message is experimental"
 	einfo
 	elog "Note that this release contains a tainted variable check that"
diff --git a/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch
deleted file mode 100644
index 68ff48ac2a33..000000000000
--- a/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-diff -ur exim-4.92.orig/src/config.h.defaults exim-4.92/src/config.h.defaults
---- exim-4.92.orig/src/config.h.defaults	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/config.h.defaults	2019-02-16 18:17:24.547216157 +0100
-@@ -32,6 +32,8 @@
- 
- #define AUTH_VARS                     3
- 
-+#define DLOPEN_LOCAL_SCAN
-+
- #define BIN_DIRECTORY
- 
- #define CONFIGURE_FILE
-Only in exim-4.92/src: config.h.defaults.orig
-diff -ur exim-4.92.orig/src/EDITME exim-4.92/src/EDITME
---- exim-4.92.orig/src/EDITME	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/EDITME	2019-02-16 18:17:24.547216157 +0100
-@@ -824,6 +824,24 @@
- 
- 
- #------------------------------------------------------------------------------
-+# On systems which support dynamic loading of shared libraries, Exim can
-+# load a local_scan function specified in its config file instead of having
-+# to be recompiled with the desired local_scan function. For a full
-+# description of the API to this function, see the Exim specification.
-+
-+#DLOPEN_LOCAL_SCAN=yes
-+
-+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
-+# linker flags.  Without it, the loaded .so won't be able to access any
-+# functions from exim.
-+
-+LFLAGS = -rdynamic
-+ifeq ($(OSTYPE),Linux)
-+LFLAGS += -ldl
-+endif
-+
-+
-+#------------------------------------------------------------------------------
- # The default distribution of Exim contains only the plain text form of the
- # documentation. Other forms are available separately. If you want to install
- # the documentation in "info" format, first fetch the Texinfo documentation
-Only in exim-4.92/src: EDITME.orig
-diff -ur exim-4.92.orig/src/globals.c exim-4.92/src/globals.c
---- exim-4.92.orig/src/globals.c	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/globals.c	2019-02-16 18:17:24.549216150 +0100
-@@ -41,6 +41,10 @@
- 
- uschar *no_aliases             = NULL;
- 
-+#ifdef DLOPEN_LOCAL_SCAN
-+uschar *local_scan_path        = NULL;
-+#endif
-+
- 
- /* For comments on these variables, see globals.h. I'm too idle to
- duplicate them here... */
-Only in exim-4.92/src: globals.c.orig
-diff -ur exim-4.92.orig/src/globals.h exim-4.92/src/globals.h
---- exim-4.92.orig/src/globals.h	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/globals.h	2019-02-16 18:17:24.549216150 +0100
-@@ -152,6 +152,9 @@
- extern int (*receive_ferror)(void);
- extern BOOL (*receive_smtp_buffered)(void);
- 
-+#ifdef DLOPEN_LOCAL_SCAN
-+extern uschar *local_scan_path;        /* Path to local_scan() library */
-+#endif
- 
- /* For clearing, saving, restoring address expansion variables. We have to have
- the size of this vector set explicitly, because it is referenced from more than
-Only in exim-4.92/src: globals.h.orig
-diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
---- exim-4.92.orig/src/local_scan.c	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/local_scan.c	2019-02-16 18:29:56.832732592 +0100
-@@ -5,61 +5,133 @@
- /* Copyright (c) University of Cambridge 1995 - 2009 */
- /* See the file NOTICE for conditions of use and distribution. */
- 
-+#include "local_scan.h"
- 
--/******************************************************************************
--This file contains a template local_scan() function that just returns ACCEPT.
--If you want to implement your own version, you should copy this file to, say
--Local/local_scan.c, and edit the copy. To use your version instead of the
--default, you must set
--
--HAVE_LOCAL_SCAN=yes
--LOCAL_SCAN_SOURCE=Local/local_scan.c
--
--in your Local/Makefile. This makes it easy to copy your version for use with
--subsequent Exim releases.
--
--For a full description of the API to this function, see the Exim specification.
--******************************************************************************/
--
--
--/* This is the only Exim header that you should include. The effect of
--including any other Exim header is not defined, and may change from release to
--release. Use only the documented interface! */
--
--#include "local_scan.h"
--
--
--/* This is a "do-nothing" version of a local_scan() function. The arguments
--are:
--
--  fd             The file descriptor of the open -D file, which contains the
--                   body of the message. The file is open for reading and
--                   writing, but modifying it is dangerous and not recommended.
--
--  return_text    A pointer to an unsigned char* variable which you can set in
--                   order to return a text string. It is initialized to NULL.
--
--The return values of this function are:
--
--  LOCAL_SCAN_ACCEPT
--                 The message is to be accepted. The return_text argument is
--                   saved in $local_scan_data.
--
--  LOCAL_SCAN_REJECT
--                 The message is to be rejected. The returned text is used
--                   in the rejection message.
--
--  LOCAL_SCAN_TEMPREJECT
--                 This specifies a temporary rejection. The returned text
--                   is used in the rejection message.
--*/
-+#ifdef DLOPEN_LOCAL_SCAN
-+#include <stdlib.h>
-+#include <dlfcn.h>
-+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
-+static int load_local_scan_library(void);
-+extern uschar *local_scan_path;        /* Path to local_scan() library */
-+#endif
- 
- int
- local_scan(int fd, uschar **return_text)
- {
- fd = fd;                      /* Keep picky compilers happy */
- return_text = return_text;
--return LOCAL_SCAN_ACCEPT;
-+#ifdef DLOPEN_LOCAL_SCAN
-+/* local_scan_path is defined AND not the empty string */
-+if (local_scan_path && *local_scan_path)
-+  {
-+  if (!local_scan_fn)
-+    {
-+    if (!load_local_scan_library())
-+      {
-+        char *base_msg , *error_msg , *final_msg ;
-+        int final_length = -1 ;
-+
-+        base_msg=US"Local configuration error - local_scan() library failure\n";
-+        error_msg = dlerror() ;
-+
-+        final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
-+        final_msg = (char*)malloc( final_length*sizeof(char) ) ;
-+        *final_msg = '\0' ;
-+
-+        strcat( final_msg , base_msg ) ;
-+        strcat( final_msg , error_msg ) ;
-+
-+        *return_text = final_msg ;
-+      return LOCAL_SCAN_TEMPREJECT;
-+      }
-+    }
-+    return local_scan_fn(fd, return_text);
-+  }
-+else
-+#endif
-+  return LOCAL_SCAN_ACCEPT;
-+}
-+
-+#ifdef DLOPEN_LOCAL_SCAN
-+
-+static int load_local_scan_library(void)
-+{
-+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
-+void *local_scan_lib = NULL;
-+int (*local_scan_version_fn)(void);
-+int vers_maj;
-+int vers_min;
-+
-+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
-+if (!local_scan_lib)
-+  {
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
-+    "message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
-+if (!local_scan_version_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan_version_major() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+/* The major number is increased when the ABI is changed in a non
-+   backward compatible way. */
-+vers_maj = local_scan_version_fn();
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
-+if (!local_scan_version_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan_version_minor() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+/* The minor number is increased each time a new feature is added (in a
-+   way that doesn't break backward compatibility) -- Marc */
-+vers_min = local_scan_version_fn();
-+
-+
-+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
-+  {
-+  dlclose(local_scan_lib);
-+  local_scan_lib = NULL;
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
-+    "version number, you need to recompile your module for this version"
-+    "of exim (The module was compiled for version %d.%d and this exim provides"
-+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+    LOCAL_SCAN_ABI_VERSION_MINOR);
-+  return FALSE;
-+  }
-+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
-+  {
-+  dlclose(local_scan_lib);
-+  local_scan_lib = NULL;
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
-+    "version number, you need to recompile your module for this version"
-+    "of exim (The module was compiled for version %d.%d and this exim provides"
-+    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+    LOCAL_SCAN_ABI_VERSION_MINOR);
-+  return FALSE;
-+  }
-+
-+local_scan_fn = dlsym(local_scan_lib, "local_scan");
-+if (!local_scan_fn)
-+  {
-+  dlclose(local_scan_lib);
-+  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+    "local_scan() function - message temporarily rejected");
-+  return FALSE;
-+  }
-+
-+return TRUE;
- }
- 
-+#endif /* DLOPEN_LOCAL_SCAN */
-+
- /* End of local_scan.c */
-diff -ur exim-4.92.orig/src/readconf.c exim-4.92/src/readconf.c
---- exim-4.92.orig/src/readconf.c	2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/readconf.c	2019-02-16 18:18:46.013947455 +0100
-@@ -205,6 +205,9 @@
-   { "local_from_prefix",        opt_stringptr,   {&local_from_prefix} },
-   { "local_from_suffix",        opt_stringptr,   {&local_from_suffix} },
-   { "local_interfaces",         opt_stringptr,   {&local_interfaces} },
-+#ifdef DLOPEN_LOCAL_SCAN
-+  { "local_scan_path",          opt_stringptr,   {&local_scan_path} },
-+#endif
- #ifdef HAVE_LOCAL_SCAN
-   { "local_scan_timeout",       opt_time,        {&local_scan_timeout} },
- #endif
diff --git a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
new file mode 100644
index 000000000000..7eed4eb1855f
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
@@ -0,0 +1,265 @@
+https://nvd.nist.gov/vuln/detail/CVE-2023-51766
+
+
+From cf1376206284f2a4f11e32d931d4aade34c206c5 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 22 Dec 2023 23:57:05 +0000
+Subject: [PATCH] Reject "dot, LF" as ending data phase.  Bug 3063
+
+From 5bb786d5ad568a88d50d15452aacc8404047e5ca Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sat, 23 Dec 2023 17:42:57 +0000
+Subject: [PATCH] Reject "dot, LF" as ending data phase (pt. 2).  Bug 3063
+
+reduced to source changes only for Gentoo
+
+
+
+diff --git a/src/src/receive.c b/src/src/receive.c
+index e35400aec..c6f612832 100644
+--- a/src/src/receive.c
++++ b/src/src/receive.c
+@@ -836,93 +842,101 @@
+ */
+ 
+ static int
+-read_message_data_smtp(FILE *fout)
++read_message_data_smtp(FILE * fout, BOOL strict_crlf)
+ {
+-int ch_state = 0;
+-int ch;
+-int linelength = 0;
++enum { s_linestart, s_normal, s_had_cr, s_had_nl_dot, s_had_dot_cr } ch_state =
++	      s_linestart;
++int linelength = 0, ch;
+ 
+ while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
+   {
+   if (ch == 0) body_zerocount++;
+   switch (ch_state)
+     {
+-    case 0:                             /* After LF or CRLF */
+-    if (ch == '.')
+-      {
+-      ch_state = 3;
+-      continue;                         /* Don't ever write . after LF */
+-      }
+-    ch_state = 1;
++    case s_linestart:			/* After LF or CRLF */
++      if (ch == '.')
++	{
++	ch_state = s_had_nl_dot;
++	continue;			/* Don't ever write . after LF */
++	}
++      ch_state = s_normal;
+ 
+-    /* Else fall through to handle as normal uschar. */
++      /* Else fall through to handle as normal uschar. */
+ 
+-    case 1:                             /* Normal state */
+-    if (ch == '\n')
+-      {
+-      ch_state = 0;
+-      body_linecount++;
++    case s_normal:			/* Normal state */
++      if (ch == '\r')
++	{
++	ch_state = s_had_cr;
++	continue;			/* Don't write the CR */
++	}
++      if (ch == '\n')			/* Bare LF at end of line */
++	if (strict_crlf)
++	  ch = ' ';			/* replace LF with space */
++	else
++	  {				/* treat as line ending */
++	  ch_state = s_linestart;
++	  body_linecount++;
++	  if (linelength > max_received_linelength)
++	    max_received_linelength = linelength;
++	  linelength = -1;
++	  }
++      break;
++
++    case s_had_cr:			/* After (unwritten) CR */
++      body_linecount++;			/* Any char ends line */
+       if (linelength > max_received_linelength)
+-        max_received_linelength = linelength;
++	max_received_linelength = linelength;
+       linelength = -1;
+-      }
+-    else if (ch == '\r')
+-      {
+-      ch_state = 2;
+-      continue;
+-      }
+-    break;
++      if (ch == '\n')			/* proper CRLF */
++	ch_state = s_linestart;
++      else
++	{
++	message_size++;		/* convert the dropped CR to a stored NL */
++	if (fout && fputc('\n', fout) == EOF) return END_WERROR;
++	cutthrough_data_put_nl();
++	if (ch == '\r')			/* CR; do not write */
++	  continue;
++	ch_state = s_normal;		/* not LF or CR; process as standard */
++	}
++      break;
+ 
+-    case 2:                             /* After (unwritten) CR */
+-    body_linecount++;
+-    if (linelength > max_received_linelength)
+-      max_received_linelength = linelength;
+-    linelength = -1;
+-    if (ch == '\n')
+-      {
+-      ch_state = 0;
+-      }
+-    else
+-      {
+-      message_size++;
+-      if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+-      cutthrough_data_put_nl();
+-      if (ch != '\r') ch_state = 1; else continue;
+-      }
+-    break;
++    case s_had_nl_dot:			/* After [CR] LF . */
++      if (ch == '\n')			/* [CR] LF . LF */
++	if (strict_crlf)
++	  ch = ' ';			/* replace LF with space */
++	else
++	  return END_DOT;
++      else if (ch == '\r')		/* [CR] LF . CR */
++	{
++	ch_state = s_had_dot_cr;
++	continue;			/* Don't write the CR */
++	}
++      /* The dot was removed on reaching s_had_nl_dot. For a doubled dot, here,
++      reinstate it to cutthrough. The current ch, dot or not, is passed both to
++      cutthrough and to file below. */
++      else if (ch == '.')
++	{
++	uschar c = ch;
++	cutthrough_data_puts(&c, 1);
++	}
++      ch_state = s_normal;
++      break;
+ 
+-    case 3:                             /* After [CR] LF . */
+-    if (ch == '\n')
+-      return END_DOT;
+-    if (ch == '\r')
+-      {
+-      ch_state = 4;
+-      continue;
+-      }
+-    /* The dot was removed at state 3. For a doubled dot, here, reinstate
+-    it to cutthrough. The current ch, dot or not, is passed both to cutthrough
+-    and to file below. */
+-    if (ch == '.')
+-      {
+-      uschar c= ch;
+-      cutthrough_data_puts(&c, 1);
+-      }
+-    ch_state = 1;
+-    break;
++    case s_had_dot_cr:			/* After [CR] LF . CR */
++      if (ch == '\n')
++	return END_DOT;			/* Preferred termination */
+ 
+-    case 4:                             /* After [CR] LF . CR */
+-    if (ch == '\n') return END_DOT;
+-    message_size++;
+-    body_linecount++;
+-    if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+-    cutthrough_data_put_nl();
+-    if (ch == '\r')
+-      {
+-      ch_state = 2;
+-      continue;
+-      }
+-    ch_state = 1;
+-    break;
++      message_size++;		/* convert the dropped CR to a stored NL */
++      body_linecount++;
++      if (fout && fputc('\n', fout) == EOF) return END_WERROR;
++      cutthrough_data_put_nl();
++      if (ch == '\r')
++	{
++	ch_state = s_had_cr;
++	continue;			/* CR; do not write */
++	}
++      ch_state = s_normal;
++      break;
+     }
+ 
+   /* Add the character to the spool file, unless skipping; then loop for the
+@@ -1140,7 +1152,7 @@ receive_swallow_smtp(void)
+ {
+ if (message_ended >= END_NOTENDED)
+   message_ended = chunking_state <= CHUNKING_OFFERED
+-     ? read_message_data_smtp(NULL)
++     ? read_message_data_smtp(NULL, FALSE)
+      : read_message_bdat_smtp_wire(NULL);
+ }
+ 
+@@ -1960,8 +1960,10 @@ for (;;)
+ 
+   if (ch == '\n')
+     {
+-    if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
+-      else if (first_line_ended_crlf) receive_ungetc(' ');
++    if (first_line_ended_crlf == TRUE_UNSET)
++      first_line_ended_crlf = FALSE;
++    else if (first_line_ended_crlf)
++      receive_ungetc(' ');
+     goto EOL;
+     }
+ 
+@@ -1977,7 +1980,11 @@ for (;;)
+   if (f.dot_ends && ptr == 0 && ch == '.')
+     {
+     ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+-    if (ch == '\r')
++    if (ch == '\n' && first_line_ended_crlf == TRUE /* and not TRUE_UNSET */ )
++    		/* dot, LF  but we are in CRLF mode.  Attack? */
++      ch = ' ';	/* replace the LF with a space */
++
++    else if (ch == '\r')
+       {
+       ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+       if (ch != '\n')
+@@ -2013,7 +2020,8 @@ for (;;)
+     ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+     if (ch == '\n')
+       {
+-      if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
++      if (first_line_ended_crlf == TRUE_UNSET)
++	first_line_ended_crlf = TRUE;
+       goto EOL;
+       }
+ 
+@@ -3241,7 +3253,7 @@ if (!ferror(spool_data_file) && !(receive_feof)() && message_ended != END_DOT)
+   if (smtp_input)
+     {
+     message_ended = chunking_state <= CHUNKING_OFFERED
+-      ? read_message_data_smtp(spool_data_file)
++      ? read_message_data_smtp(spool_data_file, first_line_ended_crlf)
+       : spool_wireformat
+       ? read_message_bdat_smtp_wire(spool_data_file)
+       : read_message_bdat_smtp(spool_data_file);
+diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
+index e19c86ff8..aeaffeb37 100644
+--- a/src/src/smtp_in.c
++++ b/src/src/smtp_in.c
+@@ -5112,7 +5112,10 @@ while (done <= 0)
+ 	to get the DATA command sent. */
+ 
+ 	if (!acl_smtp_predata && cutthrough.cctx.sock < 0)
++	  {
++	  if (!check_sync()) goto SYNC_FAILURE;
+ 	  rc = OK;
++	  }
+ 	else
+ 	  {
+ 	  uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept";
diff --git a/mail-mta/exim/metadata.xml b/mail-mta/exim/metadata.xml
index d74398a75cc0..536bdc48deb3 100644
--- a/mail-mta/exim/metadata.xml
+++ b/mail-mta/exim/metadata.xml
@@ -31,16 +31,10 @@
 		<flag name="dmarc">Adds support for DMARC</flag>
 		<flag name="dsn">Adds support for Delivery Status Notifications
 			(DSN)</flag>
-		<flag name="exiscan-acl">Patch providing support for content
-			scanning</flag>
 		<flag name="lmtp">Adds support for lmtp</flag>
 		<flag name="mbx">Adds support for UW's mbx format</flag>
 		<flag name="spf">Adds support for Sender Policy Framework</flag>
 		<flag name="srs">Adds support for Sender Rewriting Scheme</flag>
-		<flag name="srs-alt">Use <pkg>mail-filter/libsrs_alt</pkg> to
-			implement SRS support</flag>
-		<flag name="srs-native">Use Exim's built-in SRS support to
-			implement SRS support</flag>
 		<flag name="proxy">Add support for being behind a proxy, such as HAProxy</flag>
 		<flag name="pkcs11">Require pkcs11 support in <pkg>net-libs/gnutls</pkg> with USE=gnutls</flag>
 		<flag name="redis">Adds support for querying <pkg>dev-db/redis</pkg></flag>
diff --git a/mail-mta/msmtp/Manifest b/mail-mta/msmtp/Manifest
index 4301672ed291..3af249dc073d 100644
--- a/mail-mta/msmtp/Manifest
+++ b/mail-mta/msmtp/Manifest
@@ -1,5 +1,7 @@
 AUX msmtpd.confd 518 BLAKE2B e537ca90e9c4debd53936b227352b73f5ca1e7114ba8daa3121f1979dfc3495996a820276292ec6da63ce79d8f42bafb45c74daacb6778e5b56656aa9688ecbd SHA512 e6f4f39da73aace9f5a4f8e080ca897f51265b8806836366121d61f5367596955eefca377c5fe9c4094f3a9ecbe04801cf38fcc6017c73a9e4b7a68fc9a81528
 AUX msmtpd.init 347 BLAKE2B 9faea920dc23ebcdb62b05595acf4f70dd3d654645ed0f5ba6f76316762986c9951905f675c2e527c5e0b5eee2bcf53a14e018d8d64080b97e82da4e3abaa0b8 SHA512 e3080dc1fb7b72b6332ebcd4f807780dc04d32b8d3e5740b62f618d5d8f39f7c2a119604e26282e1d98c1365fff7920944401c399267461fab7ae2cdfdac44d7
 DIST msmtp-1.8.24.tar.xz 409268 BLAKE2B 1661dffbdf9418665dfea3eacdcb716a27ea0916024247ccc221d0f6c3da0076f9bc3b822e9f0c152185f08b8d929268f8eaf63489304225d200a093fcff9d46 SHA512 9bcd1431bd27a74cea931da0e89adfdc53b5be027cef4a735e2fdaba3aed38408b4a266960b51a4071664b88b1af4545a3df5acf64b9ab8ce84000c49a8286ff
+DIST msmtp-1.8.25.tar.xz 418264 BLAKE2B 1ba407a130849c7ba1f9959a88d368f8b8330b33be4eb612f3308afcf94e6e5fe010a844c3ff03e7b848cd60493c7a9f4ab6af18aed5a1fbf452ed7863f192f2 SHA512 7d9808b095b222f2283fb42395cb6560f776c9f92f9f467ea2245196b5dc8a85c359ff8c2ea68440e7eada8333a5da78aff921c2ef2b41cfde9d90c396425e72
 EBUILD msmtp-1.8.24.ebuild 3250 BLAKE2B 8a3961709c4e369ee68cca6e6d5c6672e8b361b199b2d7d447c55053dde7db6e7b8abe843364df480cc536ece6062486be233f7d9c6cacab7181d0b9418f7bba SHA512 6880a36a1b7cdf6478f3452901fdbf37f8b6fc992703056fe289c09c6c7bec584c9636997dfa278e8b7ec1d3de3db6e45c09da1820f32abb49e10b29b3ff1aa2
+EBUILD msmtp-1.8.25.ebuild 3255 BLAKE2B de6cbb5628e749fd17727463a61e16ec40f554370027a09ef67057af5d1908252813253c6b435d9ebf81de13b9f6ccb4f4cdd8d97199ad732d5c5ab0f313b1f0 SHA512 edaf1229f1655839c92c3cb782485fa005d4ee6b2e24fd6d4b5d94077d8a432e4d382f9a485a37fdc553e6c1b43fbe771176d9656e241c872ea94dbec2fb2f0b
 MISC metadata.xml 390 BLAKE2B c245db441455174144a9071fc47570fe4760b8fe696baef76f32e69ef9a9d221efaf8dba090a555e0a5aa47b601703ada191c7b88c134271924bc46e61227d8e SHA512 b90c6215a3044a7964b2e6ff6817eb40bb79fc4d1b845904788b8990ca6dcc58f2ff5f1745a977a374ee8a9ecf0775a18db2d91d0c8c41a597f70a10033d6035
diff --git a/mail-mta/msmtp/msmtp-1.8.25.ebuild b/mail-mta/msmtp/msmtp-1.8.25.ebuild
new file mode 100644
index 000000000000..f8f460e9df26
--- /dev/null
+++ b/mail-mta/msmtp/msmtp-1.8.25.ebuild
@@ -0,0 +1,143 @@
+# Copyright 2004-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit fcaps
+
+DESCRIPTION="An SMTP client and SMTP plugin for mail user agents such as Mutt"
+HOMEPAGE="https://marlam.de/msmtp/"
+SRC_URI="https://marlam.de/msmtp/releases/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="daemon doc keyring +gnutls idn +mta nls sasl ssl"
+
+# fcaps.eclass unconditionally defines "filecaps" USE flag which we need for
+# USE="daemon" in order to set the caps we need.
+REQUIRED_USE="daemon? ( filecaps )"
+
+# Upstream discourages usage of openssl. See also
+# https://marlam.de/msmtp/news/openssl-discouraged/
+DEPEND="
+	keyring? ( app-crypt/libsecret )
+	idn? ( net-dns/libidn2:= )
+	nls? ( virtual/libintl )
+	sasl? ( net-misc/gsasl[client] )
+	ssl? (
+		gnutls? ( net-libs/gnutls[idn?] )
+		!gnutls? ( dev-libs/libretls:= )
+	)
+"
+
+RDEPEND="${DEPEND}
+	net-mail/mailbase
+	daemon? (
+		acct-group/msmtpd
+		acct-user/msmtpd
+	)
+	mta? (
+		!mail-mta/courier
+		!mail-mta/esmtp
+		!mail-mta/exim
+		!mail-mta/netqmail
+		!mail-mta/nullmailer
+		!mail-mta/postfix
+		!mail-mta/sendmail
+		!mail-mta/opensmtpd
+		!>=mail-mta/ssmtp-2.64-r2[mta]
+	)
+"
+
+BDEPEND="
+	doc? ( virtual/texi2dvi )
+	nls? ( sys-devel/gettext )
+	virtual/pkgconfig
+"
+
+DOCS="AUTHORS ChangeLog NEWS README THANKS doc/msmtprc*"
+
+src_prepare() {
+	# Use default Gentoo location for mail aliases
+	sed 's:/etc/aliases:/etc/mail/aliases:' \
+		-i scripts/find_alias/find_alias_for_msmtp.sh || die
+
+	default
+}
+
+src_configure() {
+	local myeconfargs=(
+		--disable-gai-idn
+		$(use_enable nls)
+		$(use_with daemon msmtpd)
+		$(use_with keyring libsecret)
+		$(use_with idn libidn)
+		$(use_with sasl libgsasl)
+		$(use_with ssl tls $(usex gnutls gnutls libtls))
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc ; then
+		cd doc || die
+		emake html pdf
+	fi
+}
+
+src_install() {
+	default
+
+	if use daemon ; then
+		fcaps CAP_NET_BIND_SERVICE usr/bin/msmtpd
+		newinitd "${FILESDIR}"/msmtpd.init msmtpd
+		newconfd "${FILESDIR}"/msmtpd.confd msmtpd
+	fi
+
+	if use doc ; then
+		dodoc doc/msmtp.{html,pdf}
+	fi
+
+	if use mta ; then
+		dosym ../bin/msmtp /usr/sbin/sendmail
+		dosym ../bin/msmtp /usr/$(get_libdir)/sendmail
+	fi
+
+	insinto /usr/share/vim/vimfiles/syntax
+	doins scripts/vim/msmtp.vim
+
+	insinto /etc
+	newins doc/msmtprc-system.example msmtprc
+
+	src_install_contrib find_alias find_alias_for_msmtp.sh
+	src_install_contrib msmtpqueue "*.sh" "README ChangeLog"
+	src_install_contrib msmtpq "msmtpq msmtp-queue" README.msmtpq
+	src_install_contrib set_sendmail set_sendmail.sh set_sendmail.conf
+}
+
+pkg_postinst() {
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		einfo "Please edit ${EROOT}/etc/msmtprc before first use."
+		einfo "In addition, per user configuration files can be placed"
+		einfo "as '~/.msmtprc'.  See the msmtprc-user.example file under"
+		einfo "/usr/share/doc/${PF}/ for an example."
+	fi
+}
+
+src_install_contrib() {
+	subdir="$1"
+	bins="$2"
+	docs="$3"
+	local dir=/usr/share/${PN}/${subdir}
+	insinto ${dir}
+	exeinto ${dir}
+	for i in ${bins} ; do
+		doexe scripts/${subdir}/${i}
+	done
+	for i in ${docs} ; do
+		newdoc scripts/${subdir}/${i} ${subdir}.${i}
+	done
+}
author	V3n3RiX <venerix@koprulu.sector>	2023-12-25 13:34:50 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2023-12-25 13:34:50 +0000
commit	479921825a5c44a5fbcd5441f00ee98e54db9bac (patch)
tree	a40800c43ce47a1158369633f7d432b2bd365743 /mail-mta
parent	fa5cba104ab90ce81be0cb7e9992447a10e76013 (diff)