6 files changed, 600 insertions, 0 deletions
diff --git a/mail-mta/netqmail/Manifest b/mail-mta/netqmail/Manifest
index 04ba575761c8..f57b6812d1e5 100644
--- a/mail-mta/netqmail/Manifest
+++ b/mail-mta/netqmail/Manifest
@@ -1,8 +1,12 @@
 AUX 1.06-exit.patch 551 BLAKE2B 77a928b1aff304bce5b5df69d067e1271f6ce5ecf0342486d4c8dcbb3546f1a19cdf758a3af3ebbc24d02d3e924a05dceaf7ab6c27605f662df4ec66fc80067b SHA512 9623d4c045d1399ca035ad49f82e50a344529edffaf7c0e2f1015fe0958dfaf8814462a70b944403203d84b86852e8a01f6a3c4688228b45443258dc908e9236
 AUX 1.06-fbsd-utmpx.patch 1902 BLAKE2B 8c2a278e10ed48db89b76c7005655f6e7707ee4e61d9cbfdcfbd3b7f335450131eecb810b1bc92fd49243ae03ab7f94384bf9078115f01bcf625d8c87d624040 SHA512 c1267365a1199aa5041cc75769e838cfacddd82e1f6dddcc99d86f4b4fc901d8604abdab96a86479109f2278970d88249d8013115dfb89d3e2cfa0e823a01a86
 AUX 1.06-readwrite.patch 237 BLAKE2B a8c9af939378bb423c68aebdafeeb3ecb53def9e7d050272e6f669c4d99d938a10a268420b1cf7e699146b3f71bb75c461e45f3f0905b9ccd3371572947aafca SHA512 4cfb7991f2b30740d007a655743e77f5271ebefb4ed31ceb44d10ee53168eec713bbe64ff3616c372851c5fe1f04e57601dc83a27f1ce9cccdd0e2fbc942b550
+AUX netqmail-1.06-CVE-2005-1513.patch 2362 BLAKE2B 9fa61890284f6ef84de6c0781ccad4bc998865785a7ce3bb5ce2b6fa6d3d84a65718262d009d72cb787609272b830b87ba19c393cbfecf91721b018185a72fee SHA512 0f0a6c72b3479e44f105f629599a08f55baa03d7794075baaea20897079888fb14dcac0227a280f9dd91d1d62e8b05984383e150e61d40c674131a105dfad762
+AUX netqmail-1.06-CVE-2005-1514.patch 972 BLAKE2B 464f62fb87e3aa7580e850a3210f3b606e24e9e586cdceca4c3b3270f0e073a020db457d4efce27ad500e89b30c3c73192d48305ac6aa53e21951f6e6429dff3 SHA512 7b6cd95ff2e1f238877b2208440808dd28fccdbeb1b87cc827c92e1fb433b2e829a21eadce9e1cab07da4a2838a2ee391850bd451ce775004fb1fcb4bd3fafd9
+AUX netqmail-1.06-CVE-2005-1515.patch 1820 BLAKE2B 05bef22814dea4925e04f9cf5533d97c7c102184ff0cc026ae57f09c9f20ac750c73b390680383278f2bb78bb76872f5b412a70f90e133ad5b01edf6bfad6fd4 SHA512 83da821b37abf34b36e36cf95ea07624d7d2e4780328e2e0c1a2580dcbb1b0f38f41b8106217d4277b7576a3b065bd1dd35da979817e36d4b2e4a904687b300e
 AUX netqmail-1.06-any-to-cname.patch 3242 BLAKE2B ea216ecf0d2f3fd4decc92d4826559438edc9764b6910c8ef328863f4c94a1b6af57b1619a74ffd67eb09ae2725a24e53ff75cc24d2aa7896f6bb39392840ed4 SHA512 9f2fea79807d1f6da0494c992993217809f2fda2b00847ed7af7ea73e81fc421c26a14fcae7d77783e2c15be425159f5fba3f20e6c3d88e67134ec0678d3a4cd
 AUX netqmail-1.06-ipme-multiple.patch 3694 BLAKE2B 53d1db0766a1720cf626210bd9272f2e5bbe310738c934ed8c3c0ffc7adb54ba8938af0d12771c77f59cada9d1c97f858cacfd86a4a0b0bcbb5c6c4e7d0d0d6e SHA512 08f26af9ecab24258956d20c8e7201bd4f3d55ce9f2793417ae3fa1ecae4e610eaa2fcfe01462ffa70f4974b5ee4969851c254ab051fe039dd2a8eb9fb8b8f5e
+AUX netqmail-1.06-overflows.patch 5874 BLAKE2B d54f69a8696612ef542de8fadbc36463b56fdcb756d9d6e606440586533fb7929e755c1cf64d9cb88f7c8503bfd36b356b2e003c26e3b074889b1b897c75141e SHA512 dfd34f5005c33fdcce6be90765420c485c89e282cc5db4d667f254f7cc83112f08b99a93c4f520a7380c60fa5c0944a183bf5455b6d51f5fbb66e9bac899c196
 AUX qmail-smtputf8-crlf-fix.patch 397 BLAKE2B 3ca4abcb9f1c1604828c31f358a6da3b3f9734a76d736b1dacada786e69ef010bdb0254d8106c82859ad66f21e1f81249db5f49984116ac84e7c719770999306 SHA512 b6e8060ef00464f429bc8b6d47d294c8e021ddef1991b7cf212a277f375872672d7f4ef799d93f1913fcb9260cb6d74049e6e9978aa43b59228e6c0c067cd87b
 AUX qmail-smtputf8.patch 6693 BLAKE2B 1b9cd78e63ab9f2f8ca9f49c49406f603efb31d323bb4423aaa8b970c2c26a7e76496a449a98501765dc1a5e6659d9bfd49a6dafbdba14db9a9594e1d1c9b94f SHA512 8cafdf1a4f1fd41e6b11ee2abddac5c3da4a1d2ab17b5d3847433875a91f867a26eb358ae8c41791f1e77758e5a2c311134a286d888ccd23fbede6d9f0b475c4
 DIST big-todo.103.patch 5546 BLAKE2B 34889a97c642bafedebdd3fba7dd848e58f692bbebb33da26f39d47d65ac2067cc6bfeea9f044dcebcdce53bf789c7b2e029d6542ad1926a420291d4b59d7554 SHA512 fe6e19a94fb7dbe51f7164e38a91d8edb636251569d44ace1e146fe5f607b240edafb2884daaac481ff3219142ab553cfd5b01786e0dfc4662ef07336b789975
@@ -14,4 +18,5 @@ DIST qmail-smtputf8.patch 6693 BLAKE2B 1b9cd78e63ab9f2f8ca9f49c49406f603efb31d32
 DIST qmail-spp-0.42.tar.gz 18689 BLAKE2B df67f10f6daf9601fd074c774c5be4decca59f3e790774d502c28ebd495f9d7523ecebfd37abd333e347151647364d08d3ccc25099c82748bf7b7ea84bb18977 SHA512 03449862886a0ca20fbadab4c94b34b55d185f8df3261bd68aea99e9ded9edfab4477c6b38a8e0295e9b38b0045615da8b1a906a458f28745eadd3c4d882bcbf
 DIST vu555316.patch 617 BLAKE2B fa98c360cb199fc4367c668d605399cc53ab2d26668f5ed6bbf0c26449fdf584f71fd415d80ba7babb6593dc842ec342aba4f7357ae838e6556d43f1dc76b6d9 SHA512 5d7810360e5eaa8e8ee141fe92c765d9458aa12198a8d0ac702e0630e08d060ad4a1d33690d434f20f5aff79eb200cd8173bebc334c411e340c0198b5d8d1a65
 EBUILD netqmail-1.06-r12.ebuild 4558 BLAKE2B 9adfc66473fb61f908cb90f881fa3f23341df3d2e734e997164c3d6151fc540db39efd6680c289c0f86e3d78ba1fdc49e8f6ba2ef325562ffbf177024af2d3fa SHA512 736fab292b62cd258357a612159485adf80681e1244aa9057d8eb7b8ec2069b5538654653f9ca5d4132139151dcb935c54a9e8395a8aa0517e2f92654ab0d4f5
+EBUILD netqmail-1.06-r13.ebuild 4716 BLAKE2B caa266393bebd340fe69c0db66340b5b58545da63d0118f6dabf247f0f8dd887b394fd1900b5e808499d410fc31ab9e24d602164f9c1b62450958c0e8032607c SHA512 99d405d30686b2fd603b2d93acac021057305aa369a536494232f2499901005b43dde2483de79024a7c4328d2e3a901e3f217699ec66b6edcaa40fa2df6e2c13
 MISC metadata.xml 720 BLAKE2B 9bd0209a0db8075a22507fb63fa9f045959323da3b4c53e3d9da9d412fd39ff3576dc29c6d2af9db949e5fee4e98e166bbc41ce1d48ba0f8964e85fbe99728bb SHA512 57330a6fa33d3c65b0fe1289f89d356bebca6e7c8ba47cb5edfe53cd74938646ca60e3d001facab1fa5c4071fee7c3a8e0ad2ba2b4604aea3a8525c391991715
diff --git a/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch
new file mode 100644
index 000000000000..58af5a9cee11
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch
@@ -0,0 +1,66 @@
+From bb92ea678c2a2a524d2ee6e9d598275a659168d2 Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eike@sf-mail.de>
+Date: Mon, 11 May 2020 18:30:13 +0200
+Subject: [PATCH 3/4] mimimum fix for CVE-2005-1513
+
+The first allocation at the tail of the function is not changed as that
+one starts with a small number of elements and grows only on
+subsequent call.s
+---
+ gen_allocdefs.h | 27 ++++++++++++++++++++++-----
+ 1 file changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/gen_allocdefs.h b/gen_allocdefs.h
+index 783a9b1..0588441 100644
+--- a/gen_allocdefs.h
++++ b/gen_allocdefs.h
+@@ -4,24 +4,41 @@
+ #define GEN_ALLOC_ready(ta,type,field,len,a,i,n,x,base,ta_ready) \
+ int ta_ready(x,n) register ta *x; register unsigned int n; \
+ { register unsigned int i; \
++  unsigned int nlen; \
+   if (x->field) { \
+     i = x->a; \
+     if (n > i) { \
+-      x->a = base + n + (n >> 3); \
+-      if (alloc_re(&x->field,i * sizeof(type),x->a * sizeof(type))) return 1; \
++      unsigned int nnum; \
++      if (__builtin_add_overflow(base, n, &nlen)) \
++        return 0; \
++      if (__builtin_add_overflow(nlen, n >> 3, &nlen)) \
++        return 0; \
++      if (__builtin_mul_overflow(nlen, sizeof(type), &nnum)) \
++        return 0; \
++      x->a = nlen; \
++      if (alloc_re(&x->field,i * sizeof(type),nnum)) return 1; \
+       x->a = i; return 0; } \
+     return 1; } \
+   x->len = 0; \
+   return !!(x->field = (type *) alloc((x->a = n) * sizeof(type))); }
+ 
+ #define GEN_ALLOC_readyplus(ta,type,field,len,a,i,n,x,base,ta_rplus) \
+-int ta_rplus(x,n) register ta *x; register unsigned int n; \
++int ta_rplus(x,n) register ta *x; unsigned int n; \
+ { register unsigned int i; \
+   if (x->field) { \
+     i = x->a; n += x->len; \
++    if (__builtin_add_overflow(n, x->len, &n)) \
++      return 0; \
+     if (n > i) { \
+-      x->a = base + n + (n >> 3); \
+-      if (alloc_re(&x->field,i * sizeof(type),x->a * sizeof(type))) return 1; \
++      unsigned int nlen, nnum; \
++      if (__builtin_add_overflow(base, n, &nlen)) \
++        return 0; \
++      if (__builtin_add_overflow(nlen, n >> 3, &nlen)) \
++        return 0; \
++      if (__builtin_mul_overflow(nlen, sizeof(type), &nnum)) \
++        return 0; \
++      x->a = nlen; \
++      if (alloc_re(&x->field,i * sizeof(type),nnum)) return 1; \
+       x->a = i; return 0; } \
+     return 1; } \
+   x->len = 0; \
+-- 
+2.26.1
+
diff --git a/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch
new file mode 100644
index 000000000000..3876c290b676
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch
@@ -0,0 +1,39 @@
+From dc617a2f2d31e4c448b806791b3f8736cf9d1ffb Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eike@sf-mail.de>
+Date: Tue, 12 May 2020 20:06:38 +0200
+Subject: [PATCH 2/4] fix possible signed integer overflow in commands()
+ (CVE-2005-1514)
+
+Fix it as suggested by the Qualys Security Advisory team.
+---
+ commands.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/commands.c b/commands.c
+index b0d3f61..90a50c9 100644
+--- a/commands.c
++++ b/commands.c
+@@ -10,16 +10,17 @@ int commands(ss,c)
+ substdio *ss;
+ struct commands *c;
+ {
+-  int i;
++  unsigned int i;
+   char *arg;
+ 
+   for (;;) {
+     if (!stralloc_copys(&cmd,"")) return -1;
+ 
+     for (;;) {
++      int j;
+       if (!stralloc_readyplus(&cmd,1)) return -1;
+-      i = substdio_get(ss,cmd.s + cmd.len,1);
+-      if (i != 1) return i;
++      j = substdio_get(ss,cmd.s + cmd.len,1);
++      if (j != 1) return j;
+       if (cmd.s[cmd.len] == '\n') break;
+       ++cmd.len;
+     }
+-- 
+2.26.1
+
diff --git a/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1515.patch b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1515.patch
new file mode 100644
index 000000000000..f1df70022e17
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1515.patch
@@ -0,0 +1,64 @@
+From 5540e1b47ac043033e6661b4e04dcaf958db0110 Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eike@sf-mail.de>
+Date: Mon, 11 May 2020 18:55:11 +0200
+Subject: [PATCH 1/4] fix signedness wraparound in substdio_put()
+ (CVE-2005-1515)
+
+---
+ qmail.c   |  2 +-
+ substdo.c | 14 ++++++++------
+ 2 files changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/qmail.c b/qmail.c
+index 186c092..7c86a04 100644
+--- a/qmail.c
++++ b/qmail.c
+@@ -61,7 +61,7 @@ void qmail_fail(qq) struct qmail *qq;
+   qq->flagerr = 1;
+ }
+ 
+-void qmail_put(qq,s,len) struct qmail *qq; char *s; int len;
++void qmail_put(qq,s,len) struct qmail *qq; char *s; unsigned int len;
+ {
+   if (!qq->flagerr) if (substdio_put(&qq->ss,s,len) == -1) qq->flagerr = 1;
+ }
+diff --git a/substdo.c b/substdo.c
+index fb616f7..bccf0d6 100644
+--- a/substdo.c
++++ b/substdo.c
+@@ -7,7 +7,7 @@ static int allwrite(op,fd,buf,len)
+ register int (*op)();
+ register int fd;
+ register char *buf;
+-register int len;
++register unsigned int len;
+ {
+   register int w;
+ 
+@@ -55,16 +55,18 @@ register int len;
+ int substdio_put(s,buf,len)
+ register substdio *s;
+ register char *buf;
+-register int len;
++register unsigned int len;
+ {
+-  register int n;
++  register unsigned int n = s->n; /* how many bytes to write in next chunk */
+  
+-  n = s->n;
+-  if (len > n - s->p) {
++  /* check if the input would fit in the buffer without flushing */
++  if (len > n - (unsigned int)s->p) {
+     if (substdio_flush(s) == -1) return -1;
+     /* now s->p == 0 */
+     if (n < SUBSTDIO_OUTSIZE) n = SUBSTDIO_OUTSIZE;
+-    while (len > s->n) {
++    /* as long as the remainder would not fit into s->x write it directly
++     * from buf to s->fd. */
++    while (len > (unsigned int)s->n) {
+       if (n > len) n = len;
+       if (allwrite(s->op,s->fd,buf,n) == -1) return -1;
+       buf += n;
+-- 
+2.26.1
+
diff --git a/mail-mta/netqmail/files/netqmail-1.06-overflows.patch b/mail-mta/netqmail/files/netqmail-1.06-overflows.patch
new file mode 100644
index 000000000000..d9932df972c4
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-overflows.patch
@@ -0,0 +1,223 @@
+From e8a1e037afc8729bd65d4bda36dedf444f301c0f Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eike@sf-mail.de>
+Date: Mon, 11 May 2020 18:30:13 +0200
+Subject: [PATCH 4/4] fix additional length overflows
+
+---
+ Makefile        |  6 +++---
+ alloc.c         | 21 ++++++++++++++-------
+ qmail-local.c   |  3 ++-
+ qmail-pop3d.c   |  3 ++-
+ quote.c         | 10 +++++++++-
+ stralloc_catb.c |  8 +++++++-
+ stralloc_opyb.c |  8 +++++++-
+ substdo.c       |  4 ++--
+ 8 files changed, 46 insertions(+), 17 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 0f0e31a..4b592c6 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1673,7 +1673,7 @@ qsutil.h
+ 	./compile qsutil.c
+ 
+ quote.o: \
+-compile quote.c stralloc.h gen_alloc.h str.h quote.h
++compile quote.c stralloc.h gen_alloc.h str.h quote.h error.h
+ 	./compile quote.c
+ 
+ rcpthosts.o: \
+@@ -1965,7 +1965,7 @@ compile stralloc_cat.c byte.h stralloc.h gen_alloc.h
+ 	./compile stralloc_cat.c
+ 
+ stralloc_catb.o: \
+-compile stralloc_catb.c stralloc.h gen_alloc.h byte.h
++compile stralloc_catb.c stralloc.h gen_alloc.h byte.h error.h
+ 	./compile stralloc_catb.c
+ 
+ stralloc_cats.o: \
+@@ -1982,7 +1982,7 @@ gen_allocdefs.h
+ 	./compile stralloc_eady.c
+ 
+ stralloc_opyb.o: \
+-compile stralloc_opyb.c stralloc.h gen_alloc.h byte.h
++compile stralloc_opyb.c stralloc.h gen_alloc.h byte.h error.h
+ 	./compile stralloc_opyb.c
+ 
+ stralloc_opys.o: \
+diff --git a/alloc.c b/alloc.c
+index c661453..3ab5f6f 100644
+--- a/alloc.c
++++ b/alloc.c
+@@ -1,7 +1,6 @@
++#include <stdlib.h>
+ #include "alloc.h"
+ #include "error.h"
+-extern char *malloc();
+-extern void free();
+ 
+ #define ALIGNMENT 16 /* XXX: assuming that this alignment is enough */
+ #define SPACE 4096 /* must be multiple of ALIGNMENT */
+@@ -11,15 +10,23 @@ static aligned realspace[SPACE / ALIGNMENT];
+ #define space ((char *) realspace)
+ static unsigned int avail = SPACE; /* multiple of ALIGNMENT; 0<=avail<=SPACE */
+ 
++static char *m_alloc(unsigned int n)
++{
++  char *x = malloc(n);
++  if (!x) errno = error_nomem;
++  return x;
++}
++
+ /*@null@*//*@out@*/char *alloc(n)
+ unsigned int n;
+ {
+-  char *x;
+-  n = ALIGNMENT + n - (n & (ALIGNMENT - 1)); /* XXX: could overflow */
++  if (n >= SPACE)
++    return m_alloc(n);
++  /* Round it up to the next multiple of alignment. Could overflow if n is
++   * close to 2**32, but by the check above this is already ruled out. */
++  n = ALIGNMENT + n - (n & (ALIGNMENT - 1));
+   if (n <= avail) { avail -= n; return space + avail; }
+-  x = malloc(n);
+-  if (!x) errno = error_nomem;
+-  return x;
++  return m_alloc(n);
+ }
+ 
+ void alloc_free(x)
+diff --git a/qmail-local.c b/qmail-local.c
+index 6fec288..f5e33fd 100644
+--- a/qmail-local.c
++++ b/qmail-local.c
+@@ -1,5 +1,6 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <stdlib.h>
+ #include "readwrite.h"
+ #include "sig.h"
+ #include "env.h"
+@@ -633,7 +634,7 @@ char **argv;
+      i = j + 1;
+     }
+ 
+- recips = (char **) alloc((numforward + 1) * sizeof(char *));
++ recips = (char **) calloc(numforward + 1, sizeof(char *));
+  if (!recips) temp_nomem();
+  numforward = 0;
+ 
+diff --git a/qmail-pop3d.c b/qmail-pop3d.c
+index 0ca4f9c..1916433 100644
+--- a/qmail-pop3d.c
++++ b/qmail-pop3d.c
+@@ -1,5 +1,6 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <stdlib.h>
+ #include "commands.h"
+ #include "sig.h"
+ #include "getln.h"
+@@ -131,7 +132,7 @@ void getlist()
+   if (maildir_scan(&pq,&filenames,1,1) == -1) die_scan();
+  
+   numm = pq.p ? pq.len : 0;
+-  m = (struct message *) alloc(numm * sizeof(struct message));
++  m = (struct message *) calloc(numm, sizeof(struct message));
+   if (!m) die_nomem();
+  
+   for (i = 0;i < numm;++i) {
+diff --git a/quote.c b/quote.c
+index 659cfcd..73b7214 100644
+--- a/quote.c
++++ b/quote.c
+@@ -1,3 +1,4 @@
++#include "error.h"
+ #include "stralloc.h"
+ #include "str.h"
+ #include "quote.h"
+@@ -23,8 +24,15 @@ stralloc *sain;
+  char ch;
+  int i;
+  int j;
++ unsigned int nlen;
+ 
+- if (!stralloc_ready(saout,sain->len * 2 + 2)) return 0;
++ /* make sure the size calculation below does not overflow */
++ if (__builtin_mul_overflow(sain->len, 2, &nlen) ||
++     __builtin_add_overflow(nlen, 2, &nlen)) {
++   errno = error_nomem;
++   return 0;
++ }
++ if (!stralloc_ready(saout,nlen)) return 0;
+  j = 0;
+  saout->s[j++] = '"';
+  for (i = 0;i < sain->len;++i)
+diff --git a/stralloc_catb.c b/stralloc_catb.c
+index 67dbcc0..a315810 100644
+--- a/stralloc_catb.c
++++ b/stralloc_catb.c
+@@ -1,13 +1,19 @@
+ #include "stralloc.h"
+ #include "byte.h"
++#include "error.h"
+ 
+ int stralloc_catb(sa,s,n)
+ stralloc *sa;
+ char *s;
+ unsigned int n;
+ {
++  unsigned int i;
+   if (!sa->s) return stralloc_copyb(sa,s,n);
+-  if (!stralloc_readyplus(sa,n + 1)) return 0;
++  if (__builtin_add_overflow(n, 1, &i)) {
++    errno = error_nomem;
++    return 0;
++  }
++  if (!stralloc_readyplus(sa,i)) return 0;
+   byte_copy(sa->s + sa->len,n,s);
+   sa->len += n;
+   sa->s[sa->len] = 'Z'; /* ``offensive programming'' */
+diff --git a/stralloc_opyb.c b/stralloc_opyb.c
+index ac258b3..8a6f305 100644
+--- a/stralloc_opyb.c
++++ b/stralloc_opyb.c
+@@ -1,12 +1,18 @@
+ #include "stralloc.h"
+ #include "byte.h"
++#include "error.h"
+ 
+ int stralloc_copyb(sa,s,n)
+ stralloc *sa;
+ char *s;
+ unsigned int n;
+ {
+-  if (!stralloc_ready(sa,n + 1)) return 0;
++  unsigned int i;
++  if (__builtin_add_overflow(n, 1, &i)) {
++    errno = error_nomem;
++    return 0;
++  }
++  if (!stralloc_ready(sa,i)) return 0;
+   byte_copy(sa->s,n,s);
+   sa->len = n;
+   sa->s[n] = 'Z'; /* ``offensive programming'' */
+diff --git a/substdo.c b/substdo.c
+index bccf0d6..ad7232a 100644
+--- a/substdo.c
++++ b/substdo.c
+@@ -38,9 +38,9 @@ register substdio *s;
+ int substdio_bput(s,buf,len)
+ register substdio *s;
+ register char *buf;
+-register int len;
++register unsigned int len;
+ {
+-  register int n;
++  register unsigned int n;
+  
+   while (len > (n = s->n - s->p)) {
+     byte_copy(s->x + s->p,n,buf); s->p += n; buf += n; len -= n;
+-- 
+2.26.1
+
diff --git a/mail-mta/netqmail/netqmail-1.06-r13.ebuild b/mail-mta/netqmail/netqmail-1.06-r13.ebuild
new file mode 100644
index 000000000000..ae21c36a52c5
--- /dev/null
+++ b/mail-mta/netqmail/netqmail-1.06-r13.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+GENQMAIL_PV=20191010
+QMAIL_SPP_PV=0.42
+
+QMAIL_TLS_PV=20190114
+QMAIL_TLS_F=${PN}-1.05-tls-smtpauth-${QMAIL_TLS_PV}.patch
+QMAIL_TLS_CVE=vu555316.patch
+
+QMAIL_BIGTODO_PV=103
+QMAIL_BIGTODO_F=big-todo.${QMAIL_BIGTODO_PV}.patch
+
+QMAIL_LARGE_DNS='qmail-103.patch'
+
+QMAIL_SMTPUTF8='qmail-smtputf8.patch'
+
+inherit qmail
+
+DESCRIPTION="qmail -- a secure, reliable, efficient, simple message transfer agent"
+HOMEPAGE="
+	http://netqmail.org
+	https://cr.yp.to/qmail.html
+	http://qmail.org
+"
+SRC_URI="mirror://qmail/${P}.tar.gz
+	https://github.com/DerDakon/genqmail/releases/download/genqmail-${GENQMAIL_PV}/${GENQMAIL_F}
+	https://www.ckdhr.com/ckd/${QMAIL_LARGE_DNS}
+	!vanilla? (
+		highvolume? ( mirror://qmail/${QMAIL_BIGTODO_F} )
+		qmail-spp? ( mirror://sourceforge/qmail-spp/${QMAIL_SPP_F} )
+		ssl? (
+			https://mirror.alexh.name/qmail/netqmail/${QMAIL_TLS_F}
+			http://inoa.net/qmail-tls/${QMAIL_TLS_CVE}
+			https://arnt.gulbrandsen.priv.no/qmail/qmail-smtputf8.patch
+		)
+	)
+"
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~mips ppc ppc64 ~s390 sparc ~x86"
+IUSE="authcram gencertdaily highvolume libressl pop3 qmail-spp ssl vanilla"
+REQUIRED_USE="vanilla? ( !ssl !qmail-spp !highvolume )"
+RESTRICT="test"
+
+DEPEND="
+	acct-group/nofiles
+	acct-group/qmail
+	acct-user/alias
+	acct-user/qmaild
+	acct-user/qmaill
+	acct-user/qmailp
+	acct-user/qmailq
+	acct-user/qmailr
+	acct-user/qmails
+	net-dns/libidn2
+	net-mail/queue-repair
+	sys-apps/gentoo-functions
+	sys-apps/groff
+	ssl? (
+		!libressl? ( >=dev-libs/openssl-1.1:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+"
+RDEPEND="${DEPEND}
+	sys-apps/ucspi-tcp
+	virtual/checkpassword
+	virtual/daemontools
+	authcram? ( >=net-mail/cmd5checkpw-0.30 )
+	ssl? (
+		pop3? ( sys-apps/ucspi-ssl )
+	)
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/exim
+	!mail-mta/mini-qmail
+	!mail-mta/msmtp[mta]
+	!mail-mta/nullmailer
+	!mail-mta/opensmtpd
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/ssmtp[mta]
+"
+
+pkg_setup() {
+	if [[ -n "${QMAIL_PATCH_DIR}" ]]; then
+		eerror
+		eerror "The QMAIL_PATCH_DIR variable for custom patches"
+		eerror "has been removed from ${PN}. If you need custom patches"
+		eerror "see 'user patches' in the portage manual."
+		eerror
+		die "QMAIL_PATCH_DIR is not supported anymore"
+	fi
+}
+
+src_unpack() {
+	genqmail_src_unpack
+	use qmail-spp && qmail_spp_src_unpack
+
+	unpack ${P}.tar.gz
+}
+
+PATCHES=(
+	"${FILESDIR}/${PV}-exit.patch"
+	"${FILESDIR}/${PV}-readwrite.patch"
+	"${DISTDIR}/${QMAIL_LARGE_DNS}"
+	"${FILESDIR}/${PV}-fbsd-utmpx.patch"
+	"${FILESDIR}/${P}-ipme-multiple.patch"
+	"${FILESDIR}/${P}-any-to-cname.patch"
+	"${FILESDIR}/${P}-CVE-2005-1513.patch"
+	"${FILESDIR}/${P}-CVE-2005-1514.patch"
+	"${FILESDIR}/${P}-CVE-2005-1515.patch"
+	"${FILESDIR}/${P}-overflows.patch"
+)
+
+src_prepare() {
+	if ! use vanilla; then
+		if use ssl; then
+			# This patch contains relative paths and needs to be cleaned up.
+			sed 's~^--- \.\./\.\./~--- ~g' \
+				< "${DISTDIR}"/${QMAIL_TLS_F} \
+				> "${T}"/${QMAIL_TLS_F} || die
+			PATCHES+=( "${T}/${QMAIL_TLS_F}"
+				"${DISTDIR}/${QMAIL_TLS_CVE}"
+				"${FILESDIR}/qmail-smtputf8.patch"
+				"${FILESDIR}/qmail-smtputf8-crlf-fix.patch"
+			)
+		fi
+		if use highvolume; then
+			PATCHES+=( "${DISTDIR}/${QMAIL_BIGTODO_F}" )
+		fi
+
+		if use qmail-spp; then
+			if use ssl; then
+				SPP_PATCH="${QMAIL_SPP_S}/qmail-spp-smtpauth-tls-20060105.diff"
+			else
+				SPP_PATCH="${QMAIL_SPP_S}/netqmail-spp.diff"
+			fi
+			# make the patch work with "-p1"
+			sed -e 's#^--- \([Mq]\)#--- a/\1#' -e 's#^+++ \([Mq]\)#+++ b/\1#' -i ${SPP_PATCH} || die
+
+			PATCHES+=( "${SPP_PATCH}" )
+		fi
+	fi
+
+	default
+
+	qmail_src_postunpack
+
+	# Fix bug #33818 but for netqmail (Bug 137015)
+	if ! use authcram; then
+		einfo "Disabled CRAM_MD5 support"
+		sed -e 's,^#define CRAM_MD5$,/*&*/,' -i "${S}"/qmail-smtpd.c || die
+	else
+		einfo "Enabled CRAM_MD5 support"
+	fi
+
+	ht_fix_file Makefile*
+}
+
+src_compile() {
+	qmail_src_compile
+	use qmail-spp && qmail_spp_src_compile
+}
+
+src_install() {
+	qmail_src_install
+}
+
+pkg_postinst() {
+	qmail_queue_setup
+	qmail_rootmail_fixup
+	qmail_tcprules_build
+
+	qmail_config_notice
+	qmail_supervise_config_notice
+	elog
+	elog "If you are looking for documentation, check those links:"
+	elog "https://wiki.gentoo.org/wiki/Virtual_mail_hosting_with_qmail"
+	elog "  -- qmail/vpopmail Virtual Mail Hosting System Guide"
+	elog "http://www.lifewithqmail.com/"
+	elog "  -- Life with qmail"
+	elog
+}
+
+pkg_preinst() {
+	qmail_tcprules_fixup
+}
+
+pkg_config() {
+	# avoid some weird locale problems
+	export LC_ALL=C
+
+	qmail_config_fast
+	qmail_tcprules_config
+	qmail_tcprules_build
+
+	use ssl && qmail_ssl_generate
+}