From 407525b571b48cfd65e1ad7a02d250a927c967c9 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Fri, 1 Dec 2017 03:04:39 +0000
Subject: gentoo resync : 01.12.2017

---
 mail-mta/exim/Manifest                             |  12 +-
 mail-mta/exim/exim-4.89-r5.ebuild                  | 532 +++++++++++++++++++++
 mail-mta/exim/exim-4.89.1.ebuild                   | 529 ++++++++++++++++++++
 mail-mta/exim/files/exim-4.89-CVE-2017-16943.patch |  40 ++
 mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch |  57 +++
 5 files changed, 1167 insertions(+), 3 deletions(-)
 create mode 100644 mail-mta/exim/exim-4.89-r5.ebuild
 create mode 100644 mail-mta/exim/exim-4.89.1.ebuild
 create mode 100644 mail-mta/exim/files/exim-4.89-CVE-2017-16943.patch
 create mode 100644 mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch

(limited to 'mail-mta/exim')

diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index a1c716394ddb..7bb2fe4e0e4b 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -8,6 +8,8 @@ AUX exim-4.76-crosscompile.patch 462 BLAKE2B de78322f93760cef0d5a768b8be6c723f00
 AUX exim-4.80-spool-mail-group.patch 946 BLAKE2B a3b6783b77823c5a8373623d16b85e2ba209b419b6724f307c46bf961bc5195690453208cdd40e45bc36e5a070892414c7737a97fa04e653e78050c153c59079 SHA512 24f30e9a9d90dc0f1fe8b3db26f8bc2649182b4e78110dc28a9c0f3a3feb7589f923144a4f1c54a1c46ff8cfe40826a1f2212787753be752f4d15a72d54a143b
 AUX exim-4.82-makefile-freebsd.patch 1252 BLAKE2B 29c58b487850e28e0b2dfd5bbaa7e8ac341ebc00093a46a9d6b44c8d1c508629f78f646ccd3d022b2acee20d0572320f79acc21c519727f007e11e08623f4fec SHA512 fb440ad3e46b90d4c2e4826841944f4006390ccebee08154a39e46f6854be15edd7d0b028333b41451a0511f886ad3a30cb4b86e7ba8be99f12616a137f09d56
 AUX exim-4.89-CVE-2017-1000369.patch 2043 BLAKE2B f6fee7ba1039c50cf8c8fbfee0923496e80d76ba346a50d857762820b2e519009a9dd6bbd4ca6a6e547a2e3050960422af43e547dfcfb2307765676256b1c0d0 SHA512 6c4a227bb3a6ba8178cd13c796b10c031c39114749746ac236269b104fb2c22c6388e0a99ca7915ba48203e332714518bd865efd5ec226ffdec9334f882c9a5d
+AUX exim-4.89-CVE-2017-16943.patch 1471 BLAKE2B d8d94fc5af92a5d79e1d2239e88bf8c4ef6eff556eb17ce95255c991cad563a44c67858110678133d5e8a8ae7c3edb2c6c37d7aa662a96bde486669e57c6b745 SHA512 1d140024bbf64c0a408339e2307bccfa9c8a26982179c47a99d96c6d99c6eb4a62ee38b4c408f43ff8cbbef0f495c97dd6ca218cabd2d228c2e265ed777056f0
+AUX exim-4.89-CVE-2017-16944.patch 1763 BLAKE2B 55199eb28fb7651547ae80472148444e25da38ab1521bb5c9d2b77f0134c5bb85bf26ba94cf76346b4d4094536c611160041f995c9a52976a4fb7a4d62b8185d SHA512 3354659e51fee4da2a400236b10cfe0ad5979b50b7393e0d9be9bab4def48c74bb9397c1916594fddf2ea54289059cc59814e6cf0bc8877a839a90f1b7f1a0e8
 AUX exim-4.89-address-expando-crash.patch 3655 BLAKE2B 155ed3375525d22ee6a743f91d1914b4295b1dc38161d42e8fcdad912a5753545b8ffc2df9640da4eb12a9b65943b8c98c802e39077329e41aa4956210d91cad SHA512 79623b920c4447daa607ceee5c6c0b4a178185f2768d2a8d2cd9d23b31714d06b2b5134db654156df66eec57fbf24b2129c32016c4a3800819c7638391e78c05
 AUX exim-4.89-as-needed-ldflags.patch 6048 BLAKE2B 229dbc384c64a30f620c2965b030f6e6773efca5390ccd67a6a69b5565b0d2d536f0385d8095f92e43e1bc45ab43822efd10cb8aafe2d3cee7d21c0b330e08d1 SHA512 a0ac891c2708afdf8be339a15e6c74d27a19ac87ab63e97de71b5b5d4fab63b898018f7f0ad1dc2e22a86d71c05c1a1b250d598d7622e6172f187ac36e5c3adf
 AUX exim-4.89-transport-crash.patch 2416 BLAKE2B 15949b8a641564395477a833e6d1c228b51a26baf970b11027ecdc7192c90927f749d3e2e89f847e810a7d99110d82a648cbb442d173784890a7f25018ef8822 SHA512 52bd267e748d92ea92ce4944acc8ec7f49e8b1cb74fc473af618fe4fafb68a961ff2b849fc508ff95340ba7bd2851500082a05a54403fa484c9b9a23c0aa787d
@@ -19,9 +21,13 @@ AUX exim.rc10 1135 BLAKE2B abc7247ee8171069f30f954d9e4275fa85f09f5488a372f9c4f7f
 AUX exim.service 229 BLAKE2B 6d6396ef98b8e7c4fcfa28e24223bd58393387abedfb960284dfd1a297d1612deea6b77e2affeca8c5ff6f7db3eb32717893ed0dc1eaf3525e6969520e8589a3 SHA512 a071e9fb74b5fc2fdf0c73ad64ddfbc3954d8f7095d6a363dacf8c75d72a479fbf6821822ec5c8f3846d7687342e1bd447b97f91ca7b0582e5c98008aac30cca
 AUX exim.socket 139 BLAKE2B bb8281a98fdac1b52031d5250fd1e658bf5a2c32e24b49ed0daa857d0d32285abf6db23c3d717992c43443ab4bcd97a19ec3811f182200a2d99a48ced6cfb6bc SHA512 db621116907ceb573e6f34581f47c91f751bff593054d7ddc32397b34c7f2405bec184bdb0589d2ac457fa3a61bcba072761e3a6293a99c9c764d2d9fd6069ae
 AUX exim_at.service 140 BLAKE2B 8624f4a555e2acdc7aaf917952c4152ad00dc063a51076aefa1d023d47d5f7fe8b268f3308734f363ed9628cd8551ccac7fc369657e0fdf65507d2e6419f704c SHA512 11c8133ee15b3e5193c9b1c59aed66c81b6e045dd23310bede9fcde6c88905db5ef08afdb798b53b75a7465915ea1247e980edf95db07a7f9b7bb58ce95fbb5a
-DIST exim-4.89.tar.bz2 1844430 SHA256 912f2ee03c8dba06a3a4c0ee40522d367e1b65dc59e38dfcc1f5d9eecff51ab0 SHA512 1e059966a93b47f055ab4ec2a4556f2c918aff56ea0367585f3a853f00411e9c275e13be4f9ae615a468fa06263135cd6a138fa1753f1b7fb3259a3321fcca65 WHIRLPOOL d0b30cde5cf2dbe278d393eae70e40a3861a153a2411f98f73a7ae43881032cc3e0f15163b09e17d61c09e673c2e766371c80533908af3460f483a5c18dff80f
-DIST exim-pdf-4.89.tar.bz2 1924606 SHA256 17d70ef5b2814f725633efcf339bcb49ac9564ecd648e0e3d010b5e43d6c167d SHA512 b04ea2e4dcdb1aaf52ef77ccd76e6599c68c4c6e5a98090720dbd3c50f7191bf3f6cd7dc2089a765c47576311780809cff547f85f004caec411d0f1ac9985299 WHIRLPOOL 4ab5bc7bdbbfc998ae7ee63f19449d051a1d7183f9b70297db100f44b82df2cca0853c309ddfccafee2d44cd1228258e06628ed82dab76de851bec856321c58f
-DIST system_filter.exim.gz 3075 SHA256 3a3471b486a09e0a0153f7b520e1eaf26d21b97d73ea8348bdc593c00eb1e437 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 WHIRLPOOL ce68d9c18b24eca3ef97ea810964cc1ada5f85b795a7c432ad39b5788188a16419101c92fb52b418738d760e1d658f7a41485e5561079a667d84d276c71be5a4
+DIST exim-4.89.1.tar.bz2 1828699 BLAKE2B 21b3acc73717319c58341f28463d0fd576c725291ae348015f6696f079fc6c3c08c86f9a2c19f81e0019c50b6cb8670466f4b449bf09a454e6b6e02feee60bfc SHA512 391102c5af991c3f9035aefadd031a9ab2505c682a5cd9c2268f82edb01dc5edec94d86e298d2be3c0437c261b63fb2662cc37f4de67106b0325f2c3bf7e0b9e
+DIST exim-4.89.tar.bz2 1844430 BLAKE2B 255bb3f27a264d92bf4664cf1278beabffa888006dfc0b31cde8a04d62501b0fe282db5b959bd303e2a818322716548c97264842130b8d5c3b9075615f668ca7 SHA512 1e059966a93b47f055ab4ec2a4556f2c918aff56ea0367585f3a853f00411e9c275e13be4f9ae615a468fa06263135cd6a138fa1753f1b7fb3259a3321fcca65
+DIST exim-pdf-4.89.1.tar.bz2 1942785 BLAKE2B 588298b2c3007a94d40370463dec52d9b5c44b72e8c93e9b749e0ed513f1da045b58140f8802edfd9a5e9dd2d9911f70b4d4cdde3b3952c794c6abd9744ed3d9 SHA512 0b7944237fcadf708570c39a7963246fc70579fecafc746ed8e210c3319eed64a4678162c8c4243e84f48396b3b8bcbc3626523984a716b85564ee50c5712333
+DIST exim-pdf-4.89.tar.bz2 1924606 BLAKE2B f03182d51f4cc5b71cb65c2e0bcf74142f8110b6bfbd5b0fc05e321b692ebde5dbc84c4562a39ee85065f4d2db0654e6a189c826bfdea19051f56969d4ca74e2 SHA512 b04ea2e4dcdb1aaf52ef77ccd76e6599c68c4c6e5a98090720dbd3c50f7191bf3f6cd7dc2089a765c47576311780809cff547f85f004caec411d0f1ac9985299
+DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3
 EBUILD exim-4.89-r1.ebuild 12241 BLAKE2B bd193a4137fdc6be1615fe85d60b0c4aad676b2158b47592a20545f068292b1b92f71ac36b22da24b0aae6ed1cc12b701fd5d72bb7d3adec8c995730e0da83b3 SHA512 7ff6fa9d2b968a65e4b1e014f4bc1c53d7d1282a45893132aafdbceb403172a02c1455242a266960b4d403db3ca981fffaa8cc82028964e2c72dac8a0da347dc
 EBUILD exim-4.89-r3.ebuild 12401 BLAKE2B 40e24ad653011522ff3d42b2fac04be3a603ebe106d980ae64640fff8399a62df1503826fad1bc80a1f2bbd6eed8e08492c9bd49dfb461967ca408f68ed19a50 SHA512 4a529526216963f566d5c30ecdfadbfdbeac276d8187b90b8e6aa6be17b6bffda64ae66e9ae7b77ada193812125669d72a524fd9095af58ee2561cfd7df0d76a
+EBUILD exim-4.89-r5.ebuild 12545 BLAKE2B 325558337027f91801f6239edaf331b8d833a962cbe2f1a2b3b2ce1fc0d4254a0c7ffb7f5d91ae329efda1c85bbf4fbb6ed47ec152d0999e625a83450bc92865 SHA512 9e5aaf8402acb2cb336069b49cbc515434f44cdc1f221608de5499797f9deb749498e33aef549ba6861809446ae9a547930d3ffd78899b83f5902ddb31b88932
+EBUILD exim-4.89.1.ebuild 12267 BLAKE2B 885d2f6d47f2d24ae64ddd81dca542489d8da050b7ca4cc5a66cfb449fd8aaa77a4a37cf6aaa1e826e2c2f750baa28bef256d37a9e18c88f5887b123d0a26f5d SHA512 e7e55e2781974982ba1ba5de76210bebb806853ca0ccc6f6fd82b3574964b099ee066c34a499edbfeca62ee258d4b7f813f6d583d6c542650a8c94286e628233
 MISC metadata.xml 2482 BLAKE2B 8cc92e47224d8afbc72bd61d6651887f5211c4ebe36ae1d38e55ed395dee9574307b075bcf36fcd0761be0358c2bc27cfc0e60294a48483b444d4534f5c0b9da SHA512 dcda0d8164098a41d7defa30b84b36bfdc6fc1fecce2dc680aa22341f67be9dad281bdee0b6f9028459b4a62d4f3a83a16bd1cdca99238b114532c7b06f5c25f
diff --git a/mail-mta/exim/exim-4.89-r5.ebuild b/mail-mta/exim/exim-4.89-r5.ebuild
new file mode 100644
index 000000000000..de57ae11836a
--- /dev/null
+++ b/mail-mta/exim/exim-4.89-r5.ebuild
@@ -0,0 +1,532 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"
+REQUIRED_USE="
+	dane? ( !gnutls )
+	dmarc? ( spf dkim )
+	pkcs11? ( gnutls )
+	spf? ( exiscan-acl )
+	srs? ( exiscan-acl )
+"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+	mirror://gentoo/system_filter.exim.gz
+	doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="alpha ~amd64 ~arm hppa ia64 ppc ppc64 ~sparc x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+	>=sys-libs/db-3.2:=
+	dev-libs/libpcre
+	perl? ( dev-lang/perl:= )
+	pam? ( virtual/pam )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gnutls? ( net-libs/gnutls[pkcs11?]
+			  dev-libs/libtasn1 )
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	nis? ( elibc_glibc? ( || (
+		<sys-libs/glibc-2.23
+		>=sys-libs/glibc-2.23[rpc]
+	) ) )
+	mysql? ( virtual/libmysqlclient )
+	postgres? ( dev-db/postgresql:= )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+	redis? ( dev-libs/hiredis )
+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+	dmarc? ( mail-filter/opendmarc )
+	srs? ( mail-filter/libsrs_alt )
+	X? ( x11-proto/xproto
+		x11-libs/libX11
+		x11-libs/libXmu
+		x11-libs/libXt
+		x11-libs/libXaw
+	)
+	sqlite? ( dev-db/sqlite )
+	radius? ( net-dialup/freeradius-client )
+	virtual/libiconv
+	"
+	# added X check for #57206
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/mini-qmail
+	!<mail-mta/msmtp-1.4.19-r1
+	!>=mail-mta/msmtp-1.4.19-r1[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!<mail-mta/ssmtp-2.64-r2
+	!>=mail-mta/ssmtp-2.64-r2[mta]
+	!net-mail/mailwrapper
+	>=net-mail/mailbase-0.00-r5
+	virtual/logger
+	dcc? ( mail-filter/dcc )
+	selinux? ( sec-policy/selinux-exim )
+	"
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+	epatch "${FILESDIR}"/exim-4.14-tail.patch
+	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+	epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+	epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212
+	epatch "${FILESDIR}"/${P}-transport-crash.patch # from git/in next release
+	epatch "${FILESDIR}"/${P}-address-expando-crash.patch # from git/in next release
+	epatch "${FILESDIR}"/${P}-CVE-2017-16943.patch # from git/in next release
+	epatch "${FILESDIR}"/${P}-CVE-2017-16944.patch # from git/in next release
+
+	if use maildir ; then
+		epatch "${FILESDIR}"/exim-4.20-maildir.patch
+	else
+		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+	fi
+
+	eapply_user
+
+	# user Exim believes it should be
+	MAILUSER=mail
+	MAILGROUP=mail
+	if use prefix && [[ ${EUID} != 0 ]] ; then
+		MAILUSER=$(id -un)
+		MAILGROUP=$(id -gn)
+	fi
+}
+
+src_configure() {
+	# general config and paths
+
+	sed -i.orig \
+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+		"${S}"/src/configure.default || die
+
+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+		src/EDITME > Local/Makefile
+
+	if use elibc_musl; then
+		sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+		-i OS/Makefile-Linux
+	fi
+
+	cd Local
+
+	cat >> Makefile <<- EOC
+		INFO_DIRECTORY=${EPREFIX}/usr/share/info
+		PID_FILE_PATH=${EPREFIX}/run/exim.pid
+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+		HAVE_ICONV=yes
+	EOC
+
+	# if we use libiconv, now is the time to tell so
+	use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+	# support for IPv6
+	if use ipv6; then
+		cat >> Makefile <<- EOC
+			HAVE_IPV6=YES
+		EOC
+	fi
+
+	#
+	# mail storage formats
+
+	# mailstore is Exim's traditional storage format
+	cat >> Makefile <<- EOC
+		SUPPORT_MAILSTORE=yes
+	EOC
+
+	# mbox
+	if use mbx; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MBX=yes
+		EOC
+	fi
+
+	# maildir
+	if use maildir; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MAILDIR=yes
+		EOC
+	fi
+
+	#
+	# lookup methods
+
+	# use the "native" interfaces to the DBM and CDB libraries, support
+	# passwd and directory lookups by default
+	cat >> Makefile <<- EOC
+		USE_DB=yes
+		DBMLIB=-ldb
+		LOOKUP_CDB=yes
+		LOOKUP_PASSWD=yes
+		LOOKUP_DSEARCH=yes
+	EOC
+
+	if ! use dnsdb; then
+		# DNSDB lookup is enabled by default
+		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+	fi
+
+	if use ldap; then
+		cat >> Makefile <<- EOC
+			LOOKUP_LDAP=yes
+			LDAP_LIB_TYPE=OPENLDAP2
+			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+			LOOKUP_LIBS += -lldap -llber
+		EOC
+	fi
+
+	if use mysql; then
+		cat >> Makefile <<- EOC
+			LOOKUP_MYSQL=yes
+			LOOKUP_INCLUDE += $(mysql_config --include)
+			LOOKUP_LIBS += $(mysql_config --libs)
+		EOC
+	fi
+
+	if use nis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_NIS=yes
+			LOOKUP_NISPLUS=yes
+		EOC
+	fi
+
+	if use postgres; then
+		cat >> Makefile <<- EOC
+			LOOKUP_PGSQL=yes
+			LOOKUP_INCLUDE += -I$(pg_config --includedir)
+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+		EOC
+	fi
+
+	if use sqlite; then
+		cat >> Makefile <<- EOC
+			LOOKUP_SQLITE=yes
+			LOOKUP_SQLITE_PC=sqlite3
+		EOC
+	fi
+
+	if use redis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_REDIS=yes
+			LOOKUP_LIBS += -lhiredis
+		EOC
+	fi
+
+	#
+	# Exim monitor, enabled by default, controlled via X USE-flag,
+	# disable if not requested, bug #46778
+	if use X; then
+		cp ../exim_monitor/EDITME eximon.conf || die
+	else
+		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+	fi
+
+	#
+	# features
+
+	# content scanning support
+	if use exiscan-acl; then
+		cat >> Makefile <<- EOC
+			WITH_CONTENT_SCAN=yes
+			WITH_OLD_DEMIME=yes
+		EOC
+	fi
+
+	# DomainKeys Identified Mail, RFC4871
+	if ! use dkim; then
+		# DKIM is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_DKIM=yes
+		EOC
+	fi
+
+	# Per-Recipient-Data-Response
+	if ! use prdr; then
+		# PRDR is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_PRDR=yes
+		EOC
+	fi
+
+	# log to syslog
+	if use syslog; then
+		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=syslog
+		EOC
+	else
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+		EOC
+	fi
+
+	# starttls support (ssl)
+	if use ssl; then
+		echo "SUPPORT_TLS=yes" >> Makefile
+		if use gnutls; then
+			echo "USE_GNUTLS=yes" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls" >> Makefile
+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+		else
+			echo "USE_OPENSSL_PC=openssl" >> Makefile
+		fi
+	fi
+
+	# TCP wrappers
+	if use tcpd; then
+		cat >> Makefile <<- EOC
+			USE_TCP_WRAPPERS=yes
+			EXTRALIBS_EXIM += -lwrap
+		EOC
+	fi
+
+	# Light Mail Transport Protocol
+	if use lmtp; then
+		cat >> Makefile <<- EOC
+			TRANSPORT_LMTP=yes
+		EOC
+	fi
+
+	# embedded Perl
+	if use perl; then
+		cat >> Makefile <<- EOC
+			EXIM_PERL=perl.o
+		EOC
+	fi
+
+	# dlfunc
+	if use dlfunc; then
+		cat >> Makefile <<- EOC
+			EXPAND_DLFUNC=yes
+		EOC
+	fi
+
+	# Proxy Protocol
+	if use proxy; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PROXY=yes
+		EOC
+	fi
+
+	#
+	# experimental features
+
+	# DANE
+	if use dane; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DANE=yes
+		EOC
+	fi
+
+	# Distributed Checksum Clearinghouse
+	if use dcc; then
+		echo "EXPERIMENTAL_DCC=yes">> Makefile
+	fi
+
+	# Sender Policy Framework
+	if use spf; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SPF=yes
+			EXTRALIBS_EXIM += -lspf2
+		EOC
+	fi
+
+	# Sender Rewriting Scheme
+	if use srs; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SRS=yes
+			EXTRALIBS_EXIM += -lsrs_alt
+		EOC
+	fi
+
+	# DMARC
+	if use dmarc; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DMARC=yes
+			EXTRALIBS_EXIM += -lopendmarc
+		EOC
+	fi
+
+	# Transport post-delivery actions
+	if use tpda; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_EVENT=yes
+		EOC
+	fi
+
+	# Delivery Sender Notifications
+	if use dsn; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DSN=yes
+		EOC
+	fi
+
+	#
+	# authentication (SMTP AUTH)
+
+	# standard bits
+	cat >> Makefile <<- EOC
+		AUTH_SPA=yes
+		AUTH_CRAM_MD5=yes
+		AUTH_PLAINTEXT=yes
+	EOC
+
+	# Cyrus SASL
+	if use sasl; then
+		cat >> Makefile <<- EOC
+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+			AUTH_CYRUS_SASL=yes
+			AUTH_LIBS += -lsasl2
+		EOC
+	fi
+
+	# Dovecot
+	if use dovecot-sasl; then
+		cat >> Makefile <<- EOC
+			AUTH_DOVECOT=yes
+		EOC
+	fi
+
+	# Pluggable Authentication Modules
+	if use pam; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PAM=yes
+			AUTH_LIBS += -lpam
+		EOC
+	fi
+
+	# Radius
+	if use radius; then
+		cat >> Makefile <<- EOC
+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+			AUTH_LIBS += -lfreeradius-client
+		EOC
+	fi
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+		|| die "make failed"
+}
+
+src_install () {
+	cd "${S}"/build-exim-gentoo || die
+	dosbin exim
+	if use X; then
+		dosbin eximon.bin
+		dosbin eximon
+	fi
+	fperms 4755 /usr/sbin/exim
+
+	dosym exim /usr/sbin/sendmail
+	dosym exim /usr/sbin/rsmtp
+	dosym exim /usr/sbin/rmail
+	dosym ../sbin/exim /usr/bin/mailq
+	dosym ../sbin/exim /usr/bin/newaliases
+	dosym ../sbin/sendmail /usr/lib/sendmail
+
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+		convert4r3 convert4r4 exipick
+	do
+		dosbin $i
+	done
+
+	dodoc "${S}"/doc/*
+	doman "${S}"/doc/exim.8
+	use dsn && dodoc "${S}"/README.DSN
+	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+	# conf files
+	insinto /etc/exim
+	newins "${S}"/src/configure.default exim.conf.dist
+	if use exiscan-acl; then
+		newins "${S}"/src/configure.default exim.conf.exiscan-acl
+	fi
+	doins "${WORKDIR}"/system_filter.exim
+	doins "${FILESDIR}"/auth_conf.sub
+
+	pamd_mimic system-auth exim auth account
+
+	# headers, #436406
+	if use dlfunc ; then
+		# fixup includes so they actually can be found when including
+		sed -i \
+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+			local_scan.h || die
+		insinto /usr/include/exim
+		doins {config,local_scan}.h ../src/{mytypes,store}.h
+	fi
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/exim.logrotate" exim
+
+	newinitd "${FILESDIR}"/exim.rc10 exim
+	newconfd "${FILESDIR}"/exim.confd exim
+
+	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+	dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+	fi
+	use dane && einfo "DANE support is experimental"
+	if use dcc ; then
+		einfo "DCC support is experimental, you can find some limited"
+		einfo "documentation at the bottom of this prerelease message:"
+		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+	fi
+	use spf && einfo "SPF support is experimental"
+	use srs && einfo "SRS support is experimental"
+	if use dmarc ; then
+		einfo "DMARC support is experimental.  See global settings to"
+		einfo "configure DMARC, for usage see the documentation at "
+		einfo "experimental-spec.txt."
+	fi
+	use tpda && einfo "TPDA/EVENT support is experimental"
+	use dsn && einfo "DSN support is experimental"
+	elog "The obsolete acl condition 'demime' is removed, the replacements"
+	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}
diff --git a/mail-mta/exim/exim-4.89.1.ebuild b/mail-mta/exim/exim-4.89.1.ebuild
new file mode 100644
index 000000000000..4f9f9564ba7d
--- /dev/null
+++ b/mail-mta/exim/exim-4.89.1.ebuild
@@ -0,0 +1,529 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"
+REQUIRED_USE="
+	dane? ( !gnutls )
+	dmarc? ( spf dkim )
+	pkcs11? ( gnutls )
+	spf? ( exiscan-acl )
+	srs? ( exiscan-acl )
+"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+	mirror://gentoo/system_filter.exim.gz
+	doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+	>=sys-libs/db-3.2:=
+	dev-libs/libpcre
+	perl? ( dev-lang/perl:= )
+	pam? ( virtual/pam )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gnutls? ( net-libs/gnutls[pkcs11?]
+			  dev-libs/libtasn1 )
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	nis? ( elibc_glibc? ( || (
+		<sys-libs/glibc-2.23
+		>=sys-libs/glibc-2.23[rpc]
+	) ) )
+	mysql? ( virtual/libmysqlclient )
+	postgres? ( dev-db/postgresql:= )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+	redis? ( dev-libs/hiredis )
+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+	dmarc? ( mail-filter/opendmarc )
+	srs? ( mail-filter/libsrs_alt )
+	X? ( x11-proto/xproto
+		x11-libs/libX11
+		x11-libs/libXmu
+		x11-libs/libXt
+		x11-libs/libXaw
+	)
+	sqlite? ( dev-db/sqlite )
+	radius? ( net-dialup/freeradius-client )
+	virtual/libiconv
+	"
+	# added X check for #57206
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/mini-qmail
+	!<mail-mta/msmtp-1.4.19-r1
+	!>=mail-mta/msmtp-1.4.19-r1[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!<mail-mta/ssmtp-2.64-r2
+	!>=mail-mta/ssmtp-2.64-r2[mta]
+	!net-mail/mailwrapper
+	>=net-mail/mailbase-0.00-r5
+	virtual/logger
+	dcc? ( mail-filter/dcc )
+	selinux? ( sec-policy/selinux-exim )
+	"
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+	epatch "${FILESDIR}"/exim-4.14-tail.patch
+	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+	epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+
+	epatch "${FILESDIR}"/exim-4.89-address-expando-crash.patch # from git/in next release
+
+	if use maildir ; then
+		epatch "${FILESDIR}"/exim-4.20-maildir.patch
+	else
+		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+	fi
+
+	eapply_user
+
+	# user Exim believes it should be
+	MAILUSER=mail
+	MAILGROUP=mail
+	if use prefix && [[ ${EUID} != 0 ]] ; then
+		MAILUSER=$(id -un)
+		MAILGROUP=$(id -gn)
+	fi
+}
+
+src_configure() {
+	# general config and paths
+
+	sed -i.orig \
+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+		"${S}"/src/configure.default || die
+
+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+		src/EDITME > Local/Makefile
+
+	if use elibc_musl; then
+		sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+		-i OS/Makefile-Linux
+	fi
+
+	cd Local
+
+	cat >> Makefile <<- EOC
+		INFO_DIRECTORY=${EPREFIX}/usr/share/info
+		PID_FILE_PATH=${EPREFIX}/run/exim.pid
+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+		HAVE_ICONV=yes
+	EOC
+
+	# if we use libiconv, now is the time to tell so
+	use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+	# support for IPv6
+	if use ipv6; then
+		cat >> Makefile <<- EOC
+			HAVE_IPV6=YES
+		EOC
+	fi
+
+	#
+	# mail storage formats
+
+	# mailstore is Exim's traditional storage format
+	cat >> Makefile <<- EOC
+		SUPPORT_MAILSTORE=yes
+	EOC
+
+	# mbox
+	if use mbx; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MBX=yes
+		EOC
+	fi
+
+	# maildir
+	if use maildir; then
+		cat >> Makefile <<- EOC
+			SUPPORT_MAILDIR=yes
+		EOC
+	fi
+
+	#
+	# lookup methods
+
+	# use the "native" interfaces to the DBM and CDB libraries, support
+	# passwd and directory lookups by default
+	cat >> Makefile <<- EOC
+		USE_DB=yes
+		DBMLIB=-ldb
+		LOOKUP_CDB=yes
+		LOOKUP_PASSWD=yes
+		LOOKUP_DSEARCH=yes
+	EOC
+
+	if ! use dnsdb; then
+		# DNSDB lookup is enabled by default
+		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+	fi
+
+	if use ldap; then
+		cat >> Makefile <<- EOC
+			LOOKUP_LDAP=yes
+			LDAP_LIB_TYPE=OPENLDAP2
+			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+			LOOKUP_LIBS += -lldap -llber
+		EOC
+	fi
+
+	if use mysql; then
+		cat >> Makefile <<- EOC
+			LOOKUP_MYSQL=yes
+			LOOKUP_INCLUDE += $(mysql_config --include)
+			LOOKUP_LIBS += $(mysql_config --libs)
+		EOC
+	fi
+
+	if use nis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_NIS=yes
+			LOOKUP_NISPLUS=yes
+		EOC
+	fi
+
+	if use postgres; then
+		cat >> Makefile <<- EOC
+			LOOKUP_PGSQL=yes
+			LOOKUP_INCLUDE += -I$(pg_config --includedir)
+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+		EOC
+	fi
+
+	if use sqlite; then
+		cat >> Makefile <<- EOC
+			LOOKUP_SQLITE=yes
+			LOOKUP_SQLITE_PC=sqlite3
+		EOC
+	fi
+
+	if use redis; then
+		cat >> Makefile <<- EOC
+			LOOKUP_REDIS=yes
+			LOOKUP_LIBS += -lhiredis
+		EOC
+	fi
+
+	#
+	# Exim monitor, enabled by default, controlled via X USE-flag,
+	# disable if not requested, bug #46778
+	if use X; then
+		cp ../exim_monitor/EDITME eximon.conf || die
+	else
+		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+	fi
+
+	#
+	# features
+
+	# content scanning support
+	if use exiscan-acl; then
+		cat >> Makefile <<- EOC
+			WITH_CONTENT_SCAN=yes
+			WITH_OLD_DEMIME=yes
+		EOC
+	fi
+
+	# DomainKeys Identified Mail, RFC4871
+	if ! use dkim; then
+		# DKIM is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_DKIM=yes
+		EOC
+	fi
+
+	# Per-Recipient-Data-Response
+	if ! use prdr; then
+		# PRDR is enabled by default
+		cat >> Makefile <<- EOC
+			DISABLE_PRDR=yes
+		EOC
+	fi
+
+	# log to syslog
+	if use syslog; then
+		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=syslog
+		EOC
+	else
+		cat >> Makefile <<- EOC
+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+		EOC
+	fi
+
+	# starttls support (ssl)
+	if use ssl; then
+		echo "SUPPORT_TLS=yes" >> Makefile
+		if use gnutls; then
+			echo "USE_GNUTLS=yes" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls" >> Makefile
+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+		else
+			echo "USE_OPENSSL_PC=openssl" >> Makefile
+		fi
+	fi
+
+	# TCP wrappers
+	if use tcpd; then
+		cat >> Makefile <<- EOC
+			USE_TCP_WRAPPERS=yes
+			EXTRALIBS_EXIM += -lwrap
+		EOC
+	fi
+
+	# Light Mail Transport Protocol
+	if use lmtp; then
+		cat >> Makefile <<- EOC
+			TRANSPORT_LMTP=yes
+		EOC
+	fi
+
+	# embedded Perl
+	if use perl; then
+		cat >> Makefile <<- EOC
+			EXIM_PERL=perl.o
+		EOC
+	fi
+
+	# dlfunc
+	if use dlfunc; then
+		cat >> Makefile <<- EOC
+			EXPAND_DLFUNC=yes
+		EOC
+	fi
+
+	# Proxy Protocol
+	if use proxy; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PROXY=yes
+		EOC
+	fi
+
+	#
+	# experimental features
+
+	# DANE
+	if use dane; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DANE=yes
+		EOC
+	fi
+
+	# Distributed Checksum Clearinghouse
+	if use dcc; then
+		echo "EXPERIMENTAL_DCC=yes">> Makefile
+	fi
+
+	# Sender Policy Framework
+	if use spf; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SPF=yes
+			EXTRALIBS_EXIM += -lspf2
+		EOC
+	fi
+
+	# Sender Rewriting Scheme
+	if use srs; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_SRS=yes
+			EXTRALIBS_EXIM += -lsrs_alt
+		EOC
+	fi
+
+	# DMARC
+	if use dmarc; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DMARC=yes
+			EXTRALIBS_EXIM += -lopendmarc
+		EOC
+	fi
+
+	# Transport post-delivery actions
+	if use tpda; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_EVENT=yes
+		EOC
+	fi
+
+	# Delivery Sender Notifications
+	if use dsn; then
+		cat >> Makefile <<- EOC
+			EXPERIMENTAL_DSN=yes
+		EOC
+	fi
+
+	#
+	# authentication (SMTP AUTH)
+
+	# standard bits
+	cat >> Makefile <<- EOC
+		AUTH_SPA=yes
+		AUTH_CRAM_MD5=yes
+		AUTH_PLAINTEXT=yes
+	EOC
+
+	# Cyrus SASL
+	if use sasl; then
+		cat >> Makefile <<- EOC
+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+			AUTH_CYRUS_SASL=yes
+			AUTH_LIBS += -lsasl2
+		EOC
+	fi
+
+	# Dovecot
+	if use dovecot-sasl; then
+		cat >> Makefile <<- EOC
+			AUTH_DOVECOT=yes
+		EOC
+	fi
+
+	# Pluggable Authentication Modules
+	if use pam; then
+		cat >> Makefile <<- EOC
+			SUPPORT_PAM=yes
+			AUTH_LIBS += -lpam
+		EOC
+	fi
+
+	# Radius
+	if use radius; then
+		cat >> Makefile <<- EOC
+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+			AUTH_LIBS += -lfreeradius-client
+		EOC
+	fi
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+		|| die "make failed"
+}
+
+src_install () {
+	cd "${S}"/build-exim-gentoo || die
+	dosbin exim
+	if use X; then
+		dosbin eximon.bin
+		dosbin eximon
+	fi
+	fperms 4755 /usr/sbin/exim
+
+	dosym exim /usr/sbin/sendmail
+	dosym exim /usr/sbin/rsmtp
+	dosym exim /usr/sbin/rmail
+	dosym ../sbin/exim /usr/bin/mailq
+	dosym ../sbin/exim /usr/bin/newaliases
+	dosym ../sbin/sendmail /usr/lib/sendmail
+
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+		convert4r3 convert4r4 exipick
+	do
+		dosbin $i
+	done
+
+	dodoc "${S}"/doc/*
+	doman "${S}"/doc/exim.8
+	use dsn && dodoc "${S}"/README.DSN
+	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+	# conf files
+	insinto /etc/exim
+	newins "${S}"/src/configure.default exim.conf.dist
+	if use exiscan-acl; then
+		newins "${S}"/src/configure.default exim.conf.exiscan-acl
+	fi
+	doins "${WORKDIR}"/system_filter.exim
+	doins "${FILESDIR}"/auth_conf.sub
+
+	pamd_mimic system-auth exim auth account
+
+	# headers, #436406
+	if use dlfunc ; then
+		# fixup includes so they actually can be found when including
+		sed -i \
+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+			local_scan.h || die
+		insinto /usr/include/exim
+		doins {config,local_scan}.h ../src/{mytypes,store}.h
+	fi
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/exim.logrotate" exim
+
+	newinitd "${FILESDIR}"/exim.rc10 exim
+	newconfd "${FILESDIR}"/exim.confd exim
+
+	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+	dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+	fi
+	use dane && einfo "DANE support is experimental"
+	if use dcc ; then
+		einfo "DCC support is experimental, you can find some limited"
+		einfo "documentation at the bottom of this prerelease message:"
+		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+	fi
+	use spf && einfo "SPF support is experimental"
+	use srs && einfo "SRS support is experimental"
+	if use dmarc ; then
+		einfo "DMARC support is experimental.  See global settings to"
+		einfo "configure DMARC, for usage see the documentation at "
+		einfo "experimental-spec.txt."
+	fi
+	use tpda && einfo "TPDA/EVENT support is experimental"
+	use dsn && einfo "DSN support is experimental"
+	elog "The obsolete acl condition 'demime' is removed, the replacements"
+	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}
diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-16943.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-16943.patch
new file mode 100644
index 000000000000..b864ffa5ad17
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.89-CVE-2017-16943.patch
@@ -0,0 +1,40 @@
+From 4e6ae6235c68de243b1c2419027472d7659aa2b4 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 24 Nov 2017 20:22:33 +0000
+Subject: [PATCH] Avoid release of store if there have been later allocations. 
+ Bug 2199
+
+---
+ src/src/receive.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/src/receive.c b/src/src/receive.c
+index e7e518a..d9b5001 100644
+--- a/src/src/receive.c
++++ b/src/src/receive.c
+@@ -1810,8 +1810,8 @@ for (;;)
+   (and sometimes lunatic messages can have ones that are 100s of K long) we
+   call store_release() for strings that have been copied - if the string is at
+   the start of a block (and therefore the only thing in it, because we aren't
+-  doing any other gets), the block gets freed. We can only do this because we
+-  know there are no other calls to store_get() going on. */
++  doing any other gets), the block gets freed. We can only do this release if
++  there were no allocations since the once that we want to free. */
+ 
+   if (ptr >= header_size - 4)
+     {
+@@ -1820,9 +1820,10 @@ for (;;)
+     header_size *= 2;
+     if (!store_extend(next->text, oldsize, header_size))
+       {
++      BOOL release_ok = store_last_get[store_pool] == next->text;
+       uschar *newtext = store_get(header_size);
+       memcpy(newtext, next->text, ptr);
+-      store_release(next->text);
++      if (release_ok) store_release(next->text);
+       next->text = newtext;
+       }
+     }
+-- 
+1.9.1
+
diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch
new file mode 100644
index 000000000000..285a6170aa82
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch
@@ -0,0 +1,57 @@
+From 178ecb70987f024f0e775d87c2f8b2cf587dd542 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Mon, 27 Nov 2017 22:42:33 +0100
+Subject: [PATCH] Chunking: do not treat the first lonely dot special.
+ CVE-2017-16944, Bug 2201
+
+Modified to apply on 4.89-gentoo
+
+---
+ src/src/receive.c | 2 +-
+ src/src/smtp_in.c | 7 +++++++
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/src/receive.c b/src/src/receive.c
+index 541eba1..417e975 100644
+--- a/src/src/receive.c
++++ b/src/src/receive.c
+@@ -1865,7 +1865,7 @@ for (;;)
+   prevent further reading), and break out of the loop, having freed the
+   empty header, and set next = NULL to indicate no data line. */
+ 
+-  if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
++  if (ptr == 0 && ch == '.' && dot_ends)
+     {
+     ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+     if (ch == '\r')
+diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
+index 1fdb705..0aabc53 100644
+--- a/src/src/smtp_in.c
++++ b/src/src/smtp_in.c
+@@ -5094,16 +5094,23 @@ while (done <= 0)
+       DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
+ 				    (int)chunking_state, chunking_data_left);
+ 
++      /* push the current receive_* function on the "stack", and
++      replace them by bdat_getc(), which in turn will use the lwr_receive_*
++      functions to do the dirty work. */
+       lwr_receive_getc = receive_getc;
+       lwr_receive_ungetc = receive_ungetc;
++
+       receive_getc = bdat_getc;
+       receive_ungetc = bdat_ungetc;
+ 
++      dot_ends = FALSE;
++
+       goto DATA_BDAT;
+       }
+ 
+     case DATA_CMD:
+     HAD(SCH_DATA);
++    dot_ends = TRUE;
+ 
+     DATA_BDAT:		/* Common code for DATA and BDAT */
+     if (!discarded && recipients_count <= 0)
+-- 
+1.9.1
+
-- 
cgit v1.2.3