git: 0c138bb78cfa - main - mail/exim: update 4.96.2 -> 4.97
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Nov 2023 15:15:43 UTC
The branch main has been updated by pi:
URL: https://cgit.FreeBSD.org/ports/commit/?id=0c138bb78cfaf00bc66ca21a645b471460c0609f
commit 0c138bb78cfaf00bc66ca21a645b471460c0609f
Author: Kurt Jaeger <pi@FreeBSD.org>
AuthorDate: 2023-11-08 15:10:54 +0000
Commit: Kurt Jaeger <pi@FreeBSD.org>
CommitDate: 2023-11-08 15:10:54 +0000
mail/exim: update 4.96.2 -> 4.97
Notable changes:
- The internal (but exposed in logs, Received: headers and Message-ID: headers)
identifier used for messages is longer than in the previous release
PR: 274909
Changes: https://lists.exim.org/lurker/message/20231104.135832.37148bbd.en.html
Reported-by: doctor@doctor.nl2k.ab.ca
Approved-by: fluffy (maintainer)
Reviewed-by: Igor Zabelin <igorz@yandex.ru>
---
mail/exim/Makefile | 34 +--
mail/exim/distinfo | 6 +-
...-attempt-to-rewrite-a-malformed-address.-.patch | 39 ----
...-SPF-fix-memory-accounting-for-error-case.patch | 25 ---
...5_08-Fix-regex-n-use-after-free.-Bug-2915.patch | 167 ---------------
.../75_09-Fix-non-WITH_CONTENT_SCAN-build.patch | 58 ------
.../75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch | 135 ------------
.../75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch | 45 ----
...ix-for-clients-offering-no-TLS-extensions.patch | 96 ---------
...-Build-with-libopendmarc-1.4.x-fixes-2728.patch | 71 -------
...RC-fix-use-after-free-in-dmarc_dns_lookup.patch | 39 ----
.../75_22-Fix-daemon-startup.-Bug-2930.patch | 50 -----
..._23-Fix-reccipients-after-run.-.-Bug-2929.patch | 28 ---
...substring-capture-variables-for-null-matc.patch | 60 ------
...ubstring-capture-variables-for-null-match.patch | 94 ---------
...ex-substring-capture-commentary.-Bug-2933.patch | 48 -----
...n-preloading-creds-do-the-server-certs-be.patch | 232 ---------------------
...-double-expansion-of-tls_verify_certifica.patch | 217 -------------------
.../75_50-Fix-logging-of-max-size-log-line.patch | 63 ------
...ion-on-dns_again_means_nonexist.-Bug-2911.patch | 54 -----
...r-smtp-socket-explicitly-on-connect-ACL-d.patch | 50 -----
...-tls_eccurve-setting-explicit-curve-group.patch | 166 ---------------
...-tls_eccurve-on-earlier-versions-than-3.0.patch | 42 ----
...-conns-rejected-for-bad-ALPN-with-the-off.patch | 99 ---------
...-check-dns_again_means_nonexist-for-TLSA-.patch | 78 -------
.../debian/75_66-Fix-crash-in-expansions.patch | 66 ------
mail/exim/files/patch-src_tls-openssl.c | 11 +
mail/exim/pkg-plist | 2 +
28 files changed, 23 insertions(+), 2052 deletions(-)
diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index f3045963d649..6f6cdcdcb702 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -47,6 +47,8 @@ AUTH_SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2
BDB_USES= bdb
DMARC_LIB_DEPENDS= libopendmarc.so:mail/opendmarc
EMBEDDED_PERL_USE= perl5=run,build
+EMBEDDED_PERL_BUILD_DEPENDS= p5-File-FcntlLock>0:devel/p5-File-FcntlLock
+EMBEDDED_PERL_RUN_DEPENDS= p5-File-FcntlLock>0:devel/p5-File-FcntlLock
EXIMON_USES= xorg
EXIMON_USE= xorg=x11,xaw,xext,xmu,xt
GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls
@@ -64,32 +66,10 @@ SPF_LIB_DEPENDS= libspf2.so:mail/libspf2
SQLITE_LIB_DEPENDS= libicudata.so:devel/icu
SQLITE_USES= pkgconfig sqlite
-DEBIAN_PATCHES_PREFIX= ${FILESDIR}/debian/75
-EXTRA_PATCHES= \
- ${DEBIAN_PATCHES_PREFIX}_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_05-SPF-fix-memory-accounting-for-error-case.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_08-Fix-regex-n-use-after-free.-Bug-2915.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_09-Fix-non-WITH_CONTENT_SCAN-build.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_22-Fix-daemon-startup.-Bug-2930.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_23-Fix-reccipients-after-run.-.-Bug-2929.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_31-Fix-regext-substring-capture-variables-for-null-matc.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_32-Fix-regex-substring-capture-variables-for-null-match.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_34-Fix-regex-substring-capture-commentary.-Bug-2933.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_37-OpenSSL-when-preloading-creds-do-the-server-certs-be.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_38-OpenSSL-fix-double-expansion-of-tls_verify_certifica.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_50-Fix-logging-of-max-size-log-line.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_55-Fix-recursion-on-dns_again_means_nonexist.-Bug-2911.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_58-Close-server-smtp-socket-explicitly-on-connect-ACL-d.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_60-OpenSSL-fix-tls_eccurve-setting-explicit-curve-group.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_62-OpenSSL-Fix-tls_eccurve-on-earlier-versions-than-3.0.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch:-p1 \
- ${DEBIAN_PATCHES_PREFIX}_66-Fix-crash-in-expansions.patch:-p1
+#DEBIAN_PATCHES_PREFIX= ${FILESDIR}/debian/75
+#EXTRA_PATCHES= \
+# ${DEBIAN_PATCHES_PREFIX}_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch:-p1 \
+# ${DEBIAN_PATCHES_PREFIX}_05-SPF-fix-memory-accounting-for-error-case.patch:-p1
.include <bsd.port.options.mk>
@@ -130,7 +110,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.c
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.conf
.endif
-EXIM_VERSION= 4.96.2
+EXIM_VERSION= 4.97
SA_EXIM_VERSION=4.2.1
EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink"
EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h`
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index c8414ae70062..9cbaf2901ea2 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1697388290
-SHA256 (exim/exim-4.96.2.tar.bz2) = a7b9c247a8dcdf72b37ef4a6db0a744f6d34f65b40ef376265ddeb35610bb432
-SIZE (exim/exim-4.96.2.tar.bz2) = 2047572
+TIMESTAMP = 1699107695
+SHA256 (exim/exim-4.97.tar.bz2) = f0f6141b126a929e431d6ac8af3d6a1e310621ffe1f628b7b0de1e9b05488bfd
+SIZE (exim/exim-4.97.tar.bz2) = 2077471
SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1
SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933
diff --git a/mail/exim/files/debian/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch b/mail/exim/files/debian/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch
deleted file mode 100644
index 42a2c237aa82..000000000000
--- a/mail/exim/files/debian/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From e7ec503729970a03d4509921342bc81313976126 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Tue, 12 Jul 2022 22:14:04 +0100
-Subject: [PATCH] Fix exit on attempt to rewrite a malformed address. Bug 2903
-
----
- src/rewrite.c | 9 +-
- test/confs/0471 | 7 +
- test/log/0471 | 5 +
- test/scripts/0000-Basic/0471 | 4 +-
- test/stderr/0471 | 245 ++++++++++++++++++++++++++++++++++-
- 6 files changed, 267 insertions(+), 8 deletions(-)
-
---- a/src/rewrite.c
-+++ b/src/rewrite.c
-@@ -493,19 +493,18 @@
- empty address, overlong addres. Sometimes the result matters, sometimes not.
- It seems this function is called for *any* header we see. */
-
- if (!recipient)
- {
-- /* Handle unparesable addresses in the header. Slightly ugly because a
-+ /* Log unparesable addresses in the header. Slightly ugly because a
- null output from the extract can also result from a header without an
-- address, "To: undisclosed recpients:;" being the classic case. */
-+ address, "To: undisclosed recpients:;" being the classic case. Ignore
-+ this one and carry on. */
-
- if ((rewrite_rules || routed_old) && Ustrcmp(errmess, "empty address") != 0)
-- {
- log_write(0, LOG_MAIN, "rewrite: %s", errmess);
-- exim_exit(EXIT_FAILURE);
-- }
-+
- loop_reset_point = store_reset(loop_reset_point);
- continue;
- }
-
- /* If routed_old is not NULL, this is a rewrite caused by a router,
diff --git a/mail/exim/files/debian/75_05-SPF-fix-memory-accounting-for-error-case.patch b/mail/exim/files/debian/75_05-SPF-fix-memory-accounting-for-error-case.patch
deleted file mode 100644
index e474acf6f54d..000000000000
--- a/mail/exim/files/debian/75_05-SPF-fix-memory-accounting-for-error-case.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 93c722ce0549360af68269f088f4e59ed8fc130e Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sun, 7 Aug 2022 17:00:27 +0100
-Subject: [PATCH] SPF: fix memory accounting for error case
-
----
- src/spf.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/spf.c b/src/spf.c
-index db6eea3a8..a8c0f75c4 100644
---- a/src/spf.c
-+++ b/src/spf.c
-@@ -204,7 +204,7 @@ spf_nxdomain = SPF_dns_rr_new_init(spf_dns_server,
- "", ns_t_any, 24 * 60 * 60, HOST_NOT_FOUND);
- if (!spf_nxdomain)
- {
-- free(spf_dns_server);
-+ store_free(spf_dns_server);
- return NULL;
- }
-
---
-2.35.1
-
diff --git a/mail/exim/files/debian/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch b/mail/exim/files/debian/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch
deleted file mode 100644
index 6dd55c1fe806..000000000000
--- a/mail/exim/files/debian/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 15:37:40 +0100
-Subject: [PATCH] Fix $regex<n> use-after-free. Bug 2915
-
----
- src/exim.c | 4 +---
- src/expand.c | 2 +-
- src/functions.h | 1 +
- src/globals.c | 2 +-
- src/regex.c | 29 ++++++++++++++++++-----------
- src/smtp_in.c | 2 ++
- 7 files changed, 55 insertions(+), 17 deletions(-)
-
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -1999,12 +1999,10 @@
-
- regex_whitelisted_macro =
- regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
- #endif
-
--for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--
- /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
- this seems to be a generally accepted convention, since one finds symbolic
- links called "mailq" in standard OS configurations. */
-
- if ((namelen == 5 && Ustrcmp(argv[0], "mailq") == 0) ||
-@@ -6082,11 +6080,11 @@
- callout_address = NULL;
- sending_ip_address = NULL;
- deliver_localpart_data = deliver_domain_data =
- recipient_data = sender_data = NULL;
- acl_var_m = NULL;
-- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+ regex_vars_clear();
-
- store_reset(reset_point);
- }
-
- exim_exit(EXIT_SUCCESS); /* Never returns */
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -1871,11 +1871,11 @@
- {
- tree_node * node = tree_search(router_var, name + 2);
- return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
- }
-
--/* Handle $auth<n> variables. */
-+/* Handle $auth<n>, $regex<n> variables. */
-
- if (Ustrncmp(name, "auth", 4) == 0)
- {
- uschar *endptr;
- int n = Ustrtoul(name + 4, &endptr, 10);
---- a/src/functions.h
-+++ b/src/functions.h
-@@ -436,10 +436,11 @@
- extern int regex(const uschar **);
- #endif
- extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **);
- extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
- extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
-+extern void regex_vars_clear(void);
- extern void retry_add_item(address_item *, uschar *, int);
- extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL,
- uschar **, uschar **);
- extern retry_config *retry_find_config(const uschar *, const uschar *, int, int);
- extern BOOL retry_ultimate_address_timeout(uschar *, const uschar *,
---- a/src/globals.c
-+++ b/src/globals.c
-@@ -1313,11 +1313,11 @@
- #ifndef DISABLE_PIPE_CONNECT
- const pcre2_code *regex_EARLY_PIPE = NULL;
- #endif
- const pcre2_code *regex_ismsgid = NULL;
- const pcre2_code *regex_smtp_code = NULL;
--const uschar *regex_vars[REGEX_VARS];
-+const uschar *regex_vars[REGEX_VARS] = { 0 };;
- #ifdef WHITELIST_D_MACROS
- const pcre2_code *regex_whitelisted_macro = NULL;
- #endif
- #ifdef WITH_CONTENT_SCAN
- uschar *regex_match_string = NULL;
---- a/src/regex.c
-+++ b/src/regex.c
-@@ -94,22 +94,32 @@
- }
- pcre2_match_data_free(md);
- return FAIL;
- }
-
-+
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
-+
- int
--regex(const uschar **listptr)
-+regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
--FILE *mbox_file;
--pcre_list *re_list_head;
--uschar *linebuffer;
-+FILE * mbox_file;
-+pcre_list * re_list_head;
-+uschar * linebuffer;
- long f_pos = 0;
- int ret = FAIL;
-
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
-
- if (!mime_stream) /* We are in the DATA ACL */
- {
- if (!(mbox_file = spool_mbox(&mbox_size, NULL, NULL)))
- { /* error while spooling */
-@@ -167,18 +177,17 @@
-
-
- int
- mime_regex(const uschar **listptr)
- {
--pcre_list *re_list_head = NULL;
--FILE *f;
--uschar *mime_subject = NULL;
-+pcre_list * re_list_head = NULL;
-+FILE * f;
-+uschar * mime_subject = NULL;
- int mime_subject_len = 0;
- int ret;
-
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
-
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
- return FAIL; /* no regexes -> nothing to do */
-
---- a/src/smtp_in.c
-+++ b/src/smtp_in.c
-@@ -2155,12 +2155,14 @@
- prdr_requested = FALSE;
- #endif
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+regex_vars_clear();
- body_linecount = body_zerocount = 0;
-
-+lookup_value = NULL; /* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */
- /* Note that ratelimiters_conn persists across resets. */
-
- /* Reset message ACL variables */
diff --git a/mail/exim/files/debian/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch b/mail/exim/files/debian/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch
deleted file mode 100644
index 6071fa7c5bf4..000000000000
--- a/mail/exim/files/debian/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From d8ecc7bf97934a1e2244788c610c958cacd740bd Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 17:03:37 +0100
-Subject: [PATCH 1/3] Fix non-WITH_CONTENT_SCAN build.
-
-Broken-by: 4e9ed49f8f
----
- src/exim.c | 11 +++++++++++
- src/regex.c | 10 ----------
- 2 files changed, 11 insertions(+), 10 deletions(-)
-
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -1677,10 +1677,21 @@
- if ((s = expand_string(big_buffer))) printf("%s\n", CS s);
- else printf("Failed: %s\n", expand_string_message);
- }
-
-
-+/* reset regex expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
-+
-+
-
- /*************************************************
- * Entry point and high-level code *
- *************************************************/
-
---- a/src/regex.c
-+++ b/src/regex.c
-@@ -95,20 +95,10 @@
- pcre2_match_data_free(md);
- return FAIL;
- }
-
-
--/* reset expansion variables */
--void
--regex_vars_clear(void)
--{
--regex_match_string = NULL;
--for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--}
--
--
--
- int
- regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
- FILE * mbox_file;
diff --git a/mail/exim/files/debian/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch b/mail/exim/files/debian/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch
deleted file mode 100644
index 0a8ed514ffe8..000000000000
--- a/mail/exim/files/debian/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From 158dff9936e36a2d31d037d3988b9353458d6471 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 17:17:59 +0100
-Subject: [PATCH 2/3] Fix non-WITH_CONTENT_SCAN build (2)
-
-Broken-by: d8ecc7bf97
----
- src/exim.c | 13 +------------
- src/functions.h | 2 +-
- src/globals.h | 2 +-
- src/regex.c | 10 ++++++++++
- src/smtp_in.c | 2 ++
- 5 files changed, 15 insertions(+), 14 deletions(-)
-
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -1677,21 +1677,10 @@
- if ((s = expand_string(big_buffer))) printf("%s\n", CS s);
- else printf("Failed: %s\n", expand_string_message);
- }
-
-
--/* reset regex expansion variables */
--void
--regex_vars_clear(void)
--{
--regex_match_string = NULL;
--for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--}
--
--
--
--
-
- /*************************************************
- * Entry point and high-level code *
- *************************************************/
-
-@@ -6085,17 +6074,17 @@
- deliver_domain_orig = NULL;
- deliver_host = deliver_host_address = NULL;
- dnslist_domain = dnslist_matched = NULL;
- #ifdef WITH_CONTENT_SCAN
- malware_name = NULL;
-+ regex_vars_clear();
- #endif
- callout_address = NULL;
- sending_ip_address = NULL;
- deliver_localpart_data = deliver_domain_data =
- recipient_data = sender_data = NULL;
- acl_var_m = NULL;
-- regex_vars_clear();
-
- store_reset(reset_point);
- }
-
- exim_exit(EXIT_SUCCESS); /* Never returns */
---- a/src/functions.h
-+++ b/src/functions.h
-@@ -432,15 +432,15 @@
- extern BOOL receive_msg(BOOL);
- extern int_eximarith_t receive_statvfs(BOOL, int *);
- extern void receive_swallow_smtp(void);
- #ifdef WITH_CONTENT_SCAN
- extern int regex(const uschar **);
-+extern void regex_vars_clear(void);
- #endif
- extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **);
- extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
- extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
--extern void regex_vars_clear(void);
- extern void retry_add_item(address_item *, uschar *, int);
- extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL,
- uschar **, uschar **);
- extern retry_config *retry_find_config(const uschar *, const uschar *, int, int);
- extern BOOL retry_ultimate_address_timeout(uschar *, const uschar *,
---- a/src/globals.h
-+++ b/src/globals.h
-@@ -895,16 +895,16 @@
- #ifndef DISABLE_PIPE_CONNECT
- extern const pcre2_code *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */
- #endif
- extern const pcre2_code *regex_ismsgid; /* Compiled r.e. for message ID */
- extern const pcre2_code *regex_smtp_code; /* For recognizing SMTP codes */
--extern const uschar *regex_vars[]; /* $regexN variables */
- #ifdef WHITELIST_D_MACROS
- extern const pcre2_code *regex_whitelisted_macro; /* For -D macro values */
- #endif
- #ifdef WITH_CONTENT_SCAN
- extern uschar *regex_match_string; /* regex that matched a line (regex ACL condition) */
-+extern const uschar *regex_vars[];
- #endif
- extern int remote_delivery_count; /* Number of remote addresses */
- extern int remote_max_parallel; /* Maximum parallel delivery */
- extern uschar *remote_sort_domains; /* Remote domain sorting order */
- extern retry_config *retries; /* Chain of retry config information */
---- a/src/regex.c
-+++ b/src/regex.c
-@@ -95,10 +95,20 @@
- pcre2_match_data_free(md);
- return FAIL;
- }
-
-
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
-+
- int
- regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
- FILE * mbox_file;
---- a/src/smtp_in.c
-+++ b/src/smtp_in.c
-@@ -2155,11 +2155,13 @@
- prdr_requested = FALSE;
- #endif
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+#ifdef WITH_CONTENT_SCAN
- regex_vars_clear();
-+#endif
- body_linecount = body_zerocount = 0;
-
- lookup_value = NULL; /* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */
diff --git a/mail/exim/files/debian/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch b/mail/exim/files/debian/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch
deleted file mode 100644
index b06d89679b7e..000000000000
--- a/mail/exim/files/debian/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 32da6327e434e986a18b75a84f2d8c687ba14619 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 1 Sep 2022 15:54:35 +0100
-Subject: [PATCH 3/3] Fix non-WITH_CONTENT_SCAN build (3)
-
-Broken-by: d8ecc7bf97
----
- src/expand.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/expand.c b/src/expand.c
-index 89de56255..831ca2b75 100644
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -1869,6 +1869,7 @@ if (Ustrncmp(name, "auth", 4) == 0)
- if (!*endptr && n != 0 && n <= AUTH_VARS)
- return auth_vars[n-1] ? auth_vars[n-1] : US"";
- }
-+#ifdef WITH_CONTENT_SCAN
- else if (Ustrncmp(name, "regex", 5) == 0)
- {
- uschar *endptr;
-@@ -1876,6 +1877,7 @@ else if (Ustrncmp(name, "regex", 5) == 0)
- if (!*endptr && n != 0 && n <= REGEX_VARS)
- return regex_vars[n-1] ? regex_vars[n-1] : US"";
- }
-+#endif
-
- /* For all other variables, search the table */
-
-@@ -8715,9 +8717,11 @@ assert_variable_notin() treats as const, so deconst is safe. */
- for (int i = 0; i < AUTH_VARS; i++) if (auth_vars[i])
- assert_variable_notin(US"auth<n>", US auth_vars[i], &e);
-
-+#ifdef WITH_CONTENT_SCAN
- /* check regex<n> variables. assert_variable_notin() treats as const. */
- for (int i = 0; i < REGEX_VARS; i++) if (regex_vars[i])
- assert_variable_notin(US"regex<n>", US regex_vars[i], &e);
-+#endif
-
- /* check known-name variables */
- for (var_entry * v = var_table; v < var_table + var_table_size; v++)
---
-2.35.1
-
diff --git a/mail/exim/files/debian/75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch b/mail/exim/files/debian/75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch
deleted file mode 100644
index 73b584dbef4d..000000000000
--- a/mail/exim/files/debian/75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From ece23f05d6a430a461a75639197271c23f6858ec Mon Sep 17 00:00:00 2001
-From: Jasen Betts <jasen@xnet.co.nz>
-Date: Fri, 30 Sep 2022 13:49:41 +0100
-Subject: [PATCH] GnuTLS: fix for clients offering no TLS extensions
-
----
- src/tls-gnu.c | 3 ++-
- src/tls-openssl.c | 39 +++++++++++++++---------------
- test/confs/2091 | 1 +
- test/log/2091 | 3 +++
- test/scripts/2090-GnuTLS-ALPN/2091 | 19 +++++++++++++++
- test/stdout/2091 | 21 ++++++++++++++++
- 7 files changed, 68 insertions(+), 21 deletions(-)
- create mode 120000 test/confs/2091
- create mode 100644 test/log/2091
- create mode 100644 test/scripts/2090-GnuTLS-ALPN/2091
- create mode 100644 test/stdout/2091
-
---- a/src/tls-gnu.c
-+++ b/src/tls-gnu.c
-@@ -1130,12 +1130,13 @@
- static int
- tls_server_clienthello_cb(gnutls_session_t session, unsigned int htype,
- unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
- {
- /* Call fn for each extension seen. 3.6.3 onwards */
--return gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg,
-+int rc = gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg,
- GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO);
-+return rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE ? 0 : rc;
- }
-
-
- # ifdef notdef_crashes
- /* Make a note that we saw a status-response */
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -940,40 +940,39 @@
-
- Returns: nothing
- */
-
- static void
--info_callback(SSL *s, int where, int ret)
-+info_callback(SSL * s, int where, int ret)
- {
- DEBUG(D_tls)
- {
-- const uschar * str;
-+ gstring * g = NULL;
-
-- if (where & SSL_ST_CONNECT)
-- str = US"SSL_connect";
-- else if (where & SSL_ST_ACCEPT)
-- str = US"SSL_accept";
-- else
-- str = US"SSL info (undefined)";
-+ if (where & SSL_ST_CONNECT) g = string_append_listele(g, ',', US"SSL_connect");
-+ if (where & SSL_ST_ACCEPT) g = string_append_listele(g, ',', US"SSL_accept");
-+ if (where & SSL_CB_LOOP) g = string_append_listele(g, ',', US"state_chg");
-+ if (where & SSL_CB_EXIT) g = string_append_listele(g, ',', US"hshake_exit");
-+ if (where & SSL_CB_READ) g = string_append_listele(g, ',', US"read");
-+ if (where & SSL_CB_WRITE) g = string_append_listele(g, ',', US"write");
-+ if (where & SSL_CB_ALERT) g = string_append_listele(g, ',', US"alert");
-+ if (where & SSL_CB_HANDSHAKE_START) g = string_append_listele(g, ',', US"hshake_start");
-+ if (where & SSL_CB_HANDSHAKE_DONE) g = string_append_listele(g, ',', US"hshake_done");
-
- if (where & SSL_CB_LOOP)
-- debug_printf("%s: %s\n", str, SSL_state_string_long(s));
-+ debug_printf("SSL %s: %s\n", g->s, SSL_state_string_long(s));
- else if (where & SSL_CB_ALERT)
-- debug_printf("SSL3 alert %s:%s:%s\n",
-- str = where & SSL_CB_READ ? US"read" : US"write",
-+ debug_printf("SSL %s %s:%s\n", g->s,
- SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
- else if (where & SSL_CB_EXIT)
- {
-- if (ret == 0)
-- debug_printf("%s: failed in %s\n", str, SSL_state_string_long(s));
-- else if (ret < 0)
-- debug_printf("%s: error in %s\n", str, SSL_state_string_long(s));
-+ if (ret <= 0)
-+ debug_printf("SSL %s: %s in %s\n", g->s,
-+ ret == 0 ? "failed" : "error", SSL_state_string_long(s));
- }
-- else if (where & SSL_CB_HANDSHAKE_START)
-- debug_printf("%s: hshake start: %s\n", str, SSL_state_string_long(s));
-- else if (where & SSL_CB_HANDSHAKE_DONE)
-- debug_printf("%s: hshake done: %s\n", str, SSL_state_string_long(s));
-+ else if (where & (SSL_CB_HANDSHAKE_START | SSL_CB_HANDSHAKE_DONE))
-+ debug_printf("SSL %s: %s\n", g->s, SSL_state_string_long(s));
- }
- }
-
- #ifdef OPENSSL_HAVE_KEYLOG_CB
- static void
diff --git a/mail/exim/files/debian/75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch b/mail/exim/files/debian/75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch
deleted file mode 100644
index 456f315236b1..000000000000
--- a/mail/exim/files/debian/75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 1561c5d88b3a23a4348d8e3c1ce28554fcbcfe46 Mon Sep 17 00:00:00 2001
-From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
-Date: Sat, 15 Oct 2022 19:30:58 +0200
-Subject: [PATCH 1/2] Fix: Build with libopendmarc 1.4.x (fixes 2728)
-
----
- src/EDITME | 7 +++++--
- src/config.h.defaults | 1 +
- src/dmarc.c | 7 ++++++-
- 4 files changed, 15 insertions(+), 3 deletions(-)
-
---- a/src/EDITME
-+++ b/src/EDITME
-@@ -600,18 +600,21 @@
-
- # EXPERIMENTAL_DCC=yes
-
- # Uncomment the following line to add DMARC checking capability, implemented
- # using libopendmarc libraries. You must have SPF and DKIM support enabled also.
--# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
--# 1.3.2-3 works. I seems that the OpenDMARC project broke their API.
- # SUPPORT_DMARC=yes
- # CFLAGS += -I/usr/local/include
- # LDFLAGS += -lopendmarc
- # Uncomment the following if you need to change the default. You can
- # override it at runtime (main config option dmarc_tld_file)
- # DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
-+#
-+# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
-+# 1.3.2-3 works. It seems that the OpenDMARC project broke their API.
-+# Use this option if you need to build with an old library (1.3.x)
-+# DMARC_API=100300
-
- # Uncomment the following line to add ARC (Authenticated Received Chain)
- # support. You must have SPF and DKIM support enabled also.
- # EXPERIMENTAL_ARC=yes
-
---- a/src/config.h.defaults
-+++ b/src/config.h.defaults
-@@ -148,10 +148,11 @@
- #define STRING_SPRINTF_BUFFER_SIZE (8192 * 4)
-
- #define SUPPORT_CRYPTEQ
- #define SUPPORT_DANE
- #define SUPPORT_DMARC
-+#define DMARC_API 100400
- #define DMARC_TLD_FILE "/etc/exim/opendmarc.tlds"
- #define SUPPORT_I18N
- #define SUPPORT_I18N_2008
- #define SUPPORT_MAILDIR
- #define SUPPORT_MAILSTORE
---- a/src/dmarc.c
-+++ b/src/dmarc.c
-@@ -457,11 +457,16 @@
- dkim_result = vs == PDKIM_VERIFY_PASS ? DMARC_POLICY_DKIM_OUTCOME_PASS :
- vs == PDKIM_VERIFY_FAIL ? DMARC_POLICY_DKIM_OUTCOME_FAIL :
- vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
- DMARC_POLICY_DKIM_OUTCOME_NONE;
- libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain,
-- dkim_result, US"");
-+/* The opendmarc project broke its API in a way we can't detect * easily.
-+ * The EDITME provides a DMARC_API variable */
-+#if DMARC_API >= 100400
-+ sig->selector,
-+#endif
-+ dkim_result, US"");
- DEBUG(D_receive)
- debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
- if (libdm_status != DMARC_PARSE_OKAY)
- log_write(0, LOG_MAIN|LOG_PANIC,
- "failure to store dkim (%s) for DMARC: %s",
diff --git a/mail/exim/files/debian/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch b/mail/exim/files/debian/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch
deleted file mode 100644
index e8bda9e07b35..000000000000
--- a/mail/exim/files/debian/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@brun.one>
-Date: Fri, 14 Oct 2022 21:02:51 +0200
-Subject: [PATCH 2/2] DMARC: fix use-after-free in dmarc_dns_lookup
-
-This fixes a use-after-free in dmarc_dns_lookup where the result
-of dns_lookup in dnsa is freed before the required data is copied out.
-
-Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
----
- src/dmarc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/dmarc.c b/src/dmarc.c
-index ad0c26c91..53c2752ac 100644
---- a/src/dmarc.c
-+++ b/src/dmarc.c
-@@ -226,16 +226,17 @@ dns_scan dnss;
- int rc = dns_lookup(dnsa, string_sprintf("_dmarc.%s", dom), T_TXT, NULL);
-
- if (rc == DNS_SUCCEED)
- for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
- rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
- if (rr->type == T_TXT && rr->size > 3)
- {
-+ uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
- store_free_dns_answer(dnsa);
-- return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
-+ return record;
- }
- store_free_dns_answer(dnsa);
- return NULL;
- }
-
-
- static int
---
-2.35.1
-
diff --git a/mail/exim/files/debian/75_22-Fix-daemon-startup.-Bug-2930.patch b/mail/exim/files/debian/75_22-Fix-daemon-startup.-Bug-2930.patch
deleted file mode 100644
index 412c39be28d7..000000000000
--- a/mail/exim/files/debian/75_22-Fix-daemon-startup.-Bug-2930.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 221321d2c51b83d1feced80ecd6c2fe33ec5456c Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 3 Nov 2022 20:08:25 +0000
-Subject: [PATCH 1/2] Fix daemon startup. Bug 2930
-
-Broken-by: 7d5055276a
----
- src/daemon.c | 8 ++++++--
- 2 files changed, 10 insertions(+), 2 deletions(-)
-
---- a/src/daemon.c
-+++ b/src/daemon.c
-@@ -1744,19 +1744,23 @@
- {
- /* If the parent process of this one has pid == 1, we are re-initializing the
- daemon as the result of a SIGHUP. In this case, there is no need to do
- anything, because the controlling terminal has long gone. Otherwise, fork, in
- case current process is a process group leader (see 'man setsid' for an
-- explanation) before calling setsid(). */
-+ explanation) before calling setsid().
-+ All other forks want daemon_listen cleared. Rather than blow a register, jsut
-+ restore it here. */
-
- if (getppid() != 1)
- {
-+ BOOL daemon_listen = f.daemon_listen;
- pid_t pid = exim_fork(US"daemon");
- if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
- "fork() failed when starting daemon: %s", strerror(errno));
- if (pid > 0) exit(EXIT_SUCCESS); /* in parent process, just exit */
- (void)setsid(); /* release controlling terminal */
-+ f.daemon_listen = daemon_listen;
- }
- }
-
- /* We are now in the disconnected, daemon process (unless debugging). Set up
- the listening sockets if required. */
-@@ -2090,11 +2094,11 @@
- { /* found; append port to list */
- for (p = i2->log; *p; ) p++; /* end of existing string */
- if (*--p == '}') *p = '\0'; /* drop EOL */
- while (isdigit(*--p)) ; /* char before port */
-
-- i2->log = *p == ':' /* no list yet? */
-+ i2->log = *p == ':' /* no list yet? { */
- ? string_sprintf("%.*s{%s,%d}",
- (int)(p - i2->log + 1), i2->log, p+1, ipa->port)
- : string_sprintf("%s,%d}", i2->log, ipa->port);
- ipa->log = NULL;
- break;
diff --git a/mail/exim/files/debian/75_23-Fix-reccipients-after-run.-.-Bug-2929.patch b/mail/exim/files/debian/75_23-Fix-reccipients-after-run.-.-Bug-2929.patch
deleted file mode 100644
index 1db2ad0c9c99..000000000000
--- a/mail/exim/files/debian/75_23-Fix-reccipients-after-run.-.-Bug-2929.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 6b331d5834d12bdda21857cd6fffac17038ce3c7 Mon Sep 17 00:00:00 2001
-From: Ruben Jenster <r.jenster@drachenfels.de>
-Date: Thu, 3 Nov 2022 21:38:15 +0000
-Subject: [PATCH 2/2] Fix $reccipients after ${run...}. Bug 2929
-
-Broken-by: cfe6acff2d
----
- src/transport.c | 3 ++-
- 2 files changed, 5 insertions(+), 1 deletion(-)
-
---- a/src/transport.c
-+++ b/src/transport.c
-@@ -2342,13 +2342,14 @@
- /* Handle normal expansion string */
-
- else
- {
- const uschar *expanded_arg;
-+ BOOL enable_dollar_recipients_g = f.enable_dollar_recipients;
- f.enable_dollar_recipients = allow_dollar_recipients;
- expanded_arg = expand_cstring(argv[i]);
-- f.enable_dollar_recipients = FALSE;
-+ f.enable_dollar_recipients = enable_dollar_recipients_g;
-
- if (!expanded_arg)
- {
- uschar *msg = string_sprintf("Expansion of \"%s\" "
- "from command \"%s\" in %s failed: %s",
diff --git a/mail/exim/files/debian/75_31-Fix-regext-substring-capture-variables-for-null-matc.patch b/mail/exim/files/debian/75_31-Fix-regext-substring-capture-variables-for-null-matc.patch
deleted file mode 100644
index d12b1b246631..000000000000
--- a/mail/exim/files/debian/75_31-Fix-regext-substring-capture-variables-for-null-matc.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From e63825824cc406c160ccbf2b154c5d81b168604a Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Fri, 11 Nov 2022 00:05:59 +0000
-Subject: [PATCH 1/2] Fix regext substring capture variables for null matches.
- Bug 2933
-
-broken-by: 59d66fdc13f0
----
- src/exim.c | 2 ++
- src/malware.c | 3 +++
- src/regex.c | 2 +-
- 4 files changed, 11 insertions(+), 1 deletion(-)
-
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -167,10 +167,12 @@
- for (int matchnum = setup < 0 ? 0 : 1; matchnum < res; matchnum++)
- {
- PCRE2_SIZE len;
- pcre2_substring_get_bynumber(md, matchnum,
- (PCRE2_UCHAR **)&expand_nstring[expand_nmax], &len);
-+ if (!expand_nstring[expand_nmax])
-+ { expand_nstring[expand_nmax] = US""; len = 0; }
- expand_nlength[expand_nmax++] = (int)len;
- }
- expand_nmax--;
- }
- else if (res != PCRE2_ERROR_NOMATCH) DEBUG(D_any)
---- a/src/malware.c
-+++ b/src/malware.c
-@@ -323,11 +323,14 @@
- int i = pcre2_match(cre, text, PCRE2_ZERO_TERMINATED, 0, 0, md, pcre_mtc_ctx);
- PCRE2_UCHAR * substr = NULL;
- PCRE2_SIZE slen;
-
- if (i >= 2) /* Got it */
-+ {
*** 1335 LINES SKIPPED ***