Updated exim to last version without mandatory tainting.

2023-05-17 07:12:58 +02:00 · 2023-05-17 07:12:58 +02:00 · f6e2666804
parent 89189269a2
commit f6e2666804
11 changed files with 237 additions and 456 deletions
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@ -2,14 +2,13 @@ AUX auth_conf.sub 790 BLAKE2B 28ad6e3b494396c0bd42e7ac13de9e8e3cbd553f3e78e78792
 AUX exim-4.14-tail.patch 446 BLAKE2B 62e46f052c6d958246570c40ed67819f67c4a4ee74fbfe3c82c6f8494ef98ab65089845dd89ffc01516a0c861d9003ade5e4d67476cb34185d27b99cf233dd86 SHA512 a0365b15f0a48076f9660ebc424d48f68995ac21bbf77f407bdca5103ca65758d7f2241d0151eb5c78476557e240b24a95c23d3b12cfffc1b34ab6f89f2c2110
 AUX exim-4.20-maildir.patch 478 BLAKE2B 60feb354143a35631c3a71e46410e069d67cb7eab6643e6b2d4f4cfc15b497b96bb8f69a02ec67c3a6294f4d3c1da9e0787ca996f140713a19ecbcacc8ce0d4d SHA512 2c6f68e3c162a51e62ce6e391db8e79733f11bba20cc8778737650158203b88f9a77b7bbbd2a32b2cf8ae50f039b794fb0996f198acec6a50b94cad6a111f432
 AUX exim-4.69-r1.27021.patch 1447 BLAKE2B d1f40f68b056ae49cd78408d3dc54a1f4fb1584fec003c68645c8a7245499ef96c1bc3af8aac57d31ee10cb0d4ff2808a50bf35bb36f17df929b2c24abed90e2 SHA512 45a5b833c698da4690485716c7c45d762a9194d5ae41514028bbad548bbd44373cf7a3a3c6a1c4f635f3f50d1695ac7ead098bf8be15cd1f691c7cc6c7f8d715
 AUX exim-4.74-localscan_dlopen.patch 9280 BLAKE2B 11e1e9bd4700ba4d897cd585b751cfecbc3a9f2058961ed2ef876e42ff43d98357c35ced65e1866927e11a3d4ae2de5012456aab17f1a66ed20d10ff4054ece5 SHA512 bfd35b8fcc7b8bd50a28b2bb7865d358ed1af3978b057da1c83a0be38ba30a737d983b6b5cf829559ba8c490709d28bdb7d679eb825fe7e24798ec223bedc94e
 AUX exim-4.74-radius-db-ENV-clash.patch 667 BLAKE2B 3cc03dd925333774c08484efbb5daadcebc819cc49283205960146f176d225c8952dacb891e1a1be13046bb68e6d6571a732dbbb7d78c6b1758d93f256e41509 SHA512 040bbdb2259df882569a428b7fef03f89c3685428654ac29e93360a4791bdabe66e52d33d14f0822461fac119295bd31aad5998f63d59d4af057bd26b310a568
 AUX exim-4.76-crosscompile.patch 462 BLAKE2B de78322f93760cef0d5a768b8be6c723f00d5c7557da6189ffa6ee34215c41ebe8896a2457b2e6a704d05a1730eab09c8cc73e3ba3140954f9ac32423210b612 SHA512 d4fd4417c1ce727f139999c399795312cdbbb9735d0793d68f8e3150240bc53b31277cb26f9946ba549b34c661fc0a61147d376bda09aa6763cab55d80d62343
-AUX exim-4.80-spool-mail-group.patch 946 BLAKE2B a3b6783b77823c5a8373623d16b85e2ba209b419b6724f307c46bf961bc5195690453208cdd40e45bc36e5a070892414c7737a97fa04e653e78050c153c59079 SHA512 24f30e9a9d90dc0f1fe8b3db26f8bc2649182b4e78110dc28a9c0f3a3feb7589f923144a4f1c54a1c46ff8cfe40826a1f2212787753be752f4d15a72d54a143b
+AUX exim-4.93-CVE-2020-12783.patch 2469 BLAKE2B b4a98d5d5c45756ea8da01cb18bae40b6d242076557e80cc79dfd2d3d21b96f9860c2a6b17433a849e631504b8669a281b1ae3d0a67f6d599b631df03e54a630 SHA512 5efc5fb8375cdd560d8efe414094751c875a3dd363c93d8228248440e3c269348d54e039c52d311113d2a62a8d0016d1ad0e44314350ea6a5e3c59a9d66af58a
-AUX exim-4.82-makefile-freebsd.patch 1252 BLAKE2B 29c58b487850e28e0b2dfd5bbaa7e8ac341ebc00093a46a9d6b44c8d1c508629f78f646ccd3d022b2acee20d0572320f79acc21c519727f007e11e08623f4fec SHA512 fb440ad3e46b90d4c2e4826841944f4006390ccebee08154a39e46f6854be15edd7d0b028333b41451a0511f886ad3a30cb4b86e7ba8be99f12616a137f09d56
+AUX exim-4.93-as-needed-ldflags.patch 6013 BLAKE2B 2de473f089a36cabd5481020524dcb2efb7a5681b224608a8454aebc70e07f7776fe812f02fa5d81fb80b25bc2cc154924953d173d65664b1e576176a01191b9 SHA512 df6c18a7d092d9069dd6d4177154681197de86ab41dbd399055ad663cbd0c7da149f8bbcb7c888965851475ee2cf891dc934f1d5ad7a4ea3dc46a54ece582418
-AUX exim-4.89-as-needed-ldflags.patch 6048 BLAKE2B 229dbc384c64a30f620c2965b030f6e6773efca5390ccd67a6a69b5565b0d2d536f0385d8095f92e43e1bc45ab43822efd10cb8aafe2d3cee7d21c0b330e08d1 SHA512 a0ac891c2708afdf8be339a15e6c74d27a19ac87ab63e97de71b5b5d4fab63b898018f7f0ad1dc2e22a86d71c05c1a1b250d598d7622e6172f187ac36e5c3adf
+AUX exim-4.93-fno-common.patch 767 BLAKE2B cd66b56d88badd97c1d081c3458adf294352b9f34dc0faee820d75ed4b97be8a5f313c4ba46ea08d4c3ba4744badf3759393bea1455a3e7fc04d80939d5ec49e SHA512 5fc5cab9091296e0bc7665e9e08f5232decef4585c7504abab104a8a7cf1c69aee4f535f1e1214b94aeb856b8f5620c42608f35e7c7ff26667de88a8719bd301
-AUX exim-4.92-fix-eval-expansion-32bit.patch 1792 BLAKE2B 81ac3cc505e62c95624b8f55771d7cdce39c882cbcdd553e9cd6263417f31fe7a800dec4386cc4534609fa9b20fc493d2ae6393c8de0d09dd3b3056f3b7da501 SHA512 108e782f1483dcb2d1a34ba226d1829da78fbfb18eddd68def8e693091cf05c8e448c1bcd197fe893dc51996c434f8d9168c131e5ca67125e6362491c5aeeb77
+AUX exim-4.93-localscan_dlopen.patch 9585 BLAKE2B 02b11e75c94d70a787973e89dc329fc006b263d4411ccfb177acf596fd3832cc471004394cf126a9299b62113dc25fcf61bff9bb63d39c19f60ca7203c732be3 SHA512 5de142c1da26cd60e9e05de25e7c7de1f338591b3d73ea9ff151dc446ca45a2361841a28776e9680e77183f2071a7cac68063d5f83e79257b7b4a4884e1e9110
-AUX exim-4.92-localscan_dlopen.patch 9483 BLAKE2B 8fe480bbdccfa7388428fcb9aad876bcdcfc33220a529aebfca64e90c62f5a3b5ccf3477586349204f3c0be9ee3bb4d753e18cc24e759f26cf1a427d4f3e77da SHA512 7226ae2ef3d29537241f8c392dcc7522978861f8ad32ca280ec2da2f465f6dad0561ea3ad6a7606f8f6b2e7328704d464c892cd2ddaf0e132bc51f29f8003f4c
+AUX exim-4.93-radius.patch 2791 BLAKE2B 94edcc141e9ed4b8f669298fc9af5e2fdc2835488567917721c7061835e7d7980c3944cb21b2cdb46041be7e8f93d57fc4d26cda0aa9583b98a594ee6c11260a SHA512 8393bddb5f85879e6fb3e4a8272df8583d99600f5ef25abbcea429743e9e396248e47c2dabeba7c6178d2a4d21f82ae68cde92a50bcb9598370bd0b3d8bc220f
 AUX exim-submission.socket 161 BLAKE2B 409a5a687897af369a6a2ff0c30564096cc6b308dbc5d0afb6742df44d2aa972e45bad9681d2cb72be9731b260d23fdadb80bae644e7b875af5e34e9c8b8b40f SHA512 4a233761793e3510e9efa5aad3a6098c41b757f13133a7ea825680f2b393aba8d7935f16bf1dd065dde884fe7ba45639a8d398333a7d9bf0a6b72f88c8f2a09d
 AUX exim-submission_at.service 360 BLAKE2B 9ebcac1ab0f01a8264141843a4e711d77f634bdd910406bd466a0c197fdad8a9ff4bc31b9b28ef73c810aaff3e549eb60c0a2546507910dfc800da154eb1da00 SHA512 dc28698f15e8eaa4614ae81fc8cb76d92fed1110ce02f7a6ee8feace418dbb194711eb2d4dd444cf818628c11721e21d80b7b974879ab6ddd78cc717cce17c2f
 AUX exim.confd 141 BLAKE2B bc200e6121544d17e7feb0e162b5f6a5157647c3323492218da1556a19f3a2febf89a698e157a6dc657540d2f46088a9b1e34700655c715fbeaf0c201bc4aa9f SHA512 cb5e4aa71d3f0b7945e9806064f6a3ab64cb894381654ead40c73a49ae2d1bbb3dc587919952a09b2c81b9fcf8784f73d59c12081cda96a5b7210442f5088998
@ -18,8 +17,7 @@ AUX exim.rc10 1135 BLAKE2B abc7247ee8171069f30f954d9e4275fa85f09f5488a372f9c4f7f
 AUX exim.service 229 BLAKE2B 6d6396ef98b8e7c4fcfa28e24223bd58393387abedfb960284dfd1a297d1612deea6b77e2affeca8c5ff6f7db3eb32717893ed0dc1eaf3525e6969520e8589a3 SHA512 a071e9fb74b5fc2fdf0c73ad64ddfbc3954d8f7095d6a363dacf8c75d72a479fbf6821822ec5c8f3846d7687342e1bd447b97f91ca7b0582e5c98008aac30cca
 AUX exim.socket 139 BLAKE2B bb8281a98fdac1b52031d5250fd1e658bf5a2c32e24b49ed0daa857d0d32285abf6db23c3d717992c43443ab4bcd97a19ec3811f182200a2d99a48ced6cfb6bc SHA512 db621116907ceb573e6f34581f47c91f751bff593054d7ddc32397b34c7f2405bec184bdb0589d2ac457fa3a61bcba072761e3a6293a99c9c764d2d9fd6069ae
 AUX exim_at.service 140 BLAKE2B 8624f4a555e2acdc7aaf917952c4152ad00dc063a51076aefa1d023d47d5f7fe8b268f3308734f363ed9628cd8551ccac7fc369657e0fdf65507d2e6419f704c SHA512 11c8133ee15b3e5193c9b1c59aed66c81b6e045dd23310bede9fcde6c88905db5ef08afdb798b53b75a7465915ea1247e980edf95db07a7f9b7bb58ce95fbb5a
-DIST exim-4.92.tar.xz 1767136 BLAKE2B 6c97578807073a782112218c65de460cc94f046d807eddc7330f2f67266c0ef341ded61050a16aca13c88e606a923a9e08033c8bfb618a7ef34b3d2ea6db32ca SHA512 62c327e6184a358ba7f0dbc38b44d2537234be91727a5bfac97e74af64a8d77e376b3221dcfdd8f6eca7d812f9233595503dc6e50e2972bed40a1b74eb209c31
+DIST exim-4.93.0.4.tar.xz 1804696 BLAKE2B 721336101104d9c71b3bb6f432e382c28ad17d80cdb50d04213989e65a719d906caf8eb95639bfaf7a1bfdd62c7000d9df14484953446ecfca901fd7c708514e SHA512 84951849b69399d6f187d2801760dc0cb9e61c88c7c88aaca4e07e48120199a6be94b2236d058ffeacb8d611dd84056b610d480353c301a3ad5799768dd39d96
 DIST exim-pdf-4.92.tar.xz 2038812 BLAKE2B d5966a27f980a2ceb31293d92049a6691a08262bd20ae7315f41929f0d7a45b5d66c7000f9596b193e74d0c17f91c56a3262602047673c49649f1cad6b216547 SHA512 3a40818025fceaa7ac17f8e7ce06a61e3cf65267c821aea93e1a1a659782b047ab177b88a38c9b2271c0a296e1dc7939e23fe0f89415a11cd45693cb8af10c15
 DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3
-EBUILD exim-4.92-r2.ebuild 13828 BLAKE2B 5c63305e4327577670e24cb4a42928c5abc2e632af1713e943e2f456add32321637bdac97cc33e5b98640728d75a1a63229a3e7a0cb950b672ae6661299ad44e SHA512 764171320e299592125ac478e12013121701c2713358e2d2674ebed27d67f471e70bb1dce59bd25d20faff2ff19f38cff3bb9e6b41727e93e2b2cbd8fb3e7e1f
+EBUILD exim-4.93.0.4-r2.ebuild 13860 BLAKE2B 2c9c6e46b73cad9842e489883aec9b7b920e327931de85731c72d2943e84e44819b15f55a34cbbe596364b32118f03bedbcce05b516aff99d448697f63386408 SHA512 4a56d5b762de7d2f0fe09fd60a99f88851225012c05340ba6ade1228e63c2ef95043db1ec71bf2d588812b91f6ae1eeb39accb25dc9f5b179c5a88dddcfdfdc2
 MISC metadata.xml 2457 BLAKE2B c1dcbaedd069b41c4cfb190806b44014229d53cf6d6f72e04b99dc91f223567cb4f30100792aae72658780da0579fa26e6fb8a0266565bcc0c307996d59ac3ed SHA512 9044abccd15525c7676fc218b62d9b663bd155482894eced9c0cfc8a22e8cd7353009adc75a9f3de15b14f267e6ee6b4f4c91d8bd9260931c0b9de6bf48c762f
--- a/mail-mta/exim/exim-4.93.0.4-r2.ebuild
+++ b/mail-mta/exim/exim-4.93.0.4-r2.ebuild
@ -3,9 +3,9 @@
 EAPI="7"
-inherit db-use eutils toolchain-funcs multilib pam systemd
+inherit db-use toolchain-funcs multilib pam systemd
-IUSE="arc +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn elibc_glibc exiscan-acl gnutls idn ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs +srs-alt srs-native +ssl syslog tcpd +tpda X"
+IUSE="arc +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn elibc_glibc exiscan-acl gnutls idn ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs +ssl syslog tcpd +tpda X"
 REQUIRED_USE="
 	arc? ( dkim spf )
 	dane? ( ssl !gnutls )
@ -14,10 +14,7 @@ REQUIRED_USE="
 	gnutls? ( ssl )
 	pkcs11? ( ssl )
 	spf? ( exiscan-acl )
-	srs? (
+	srs? ( exiscan-acl )
 		exiscan-acl
 		^^ ( srs-alt srs-native )
 	)
 "
 # NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
 # for x86 and amd64 only, due to this, repoman won't allow depending on
@ -28,18 +25,17 @@ REQUIRED_USE="
 # incorrect, but b) is the only "correct" view from repoman.
 SDIR=$([[ ${PV} == *_rc* ]]   && echo /test
-	 [[ ${PV} == *.*.*.* ]] && echo /fixes)
+	[[ ${PV} == *.*.*.* ]] && echo /fixes)
 COMM_URI="https://downloads.exim.org/exim4${SDIR}"
 DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.xz
-	mirror://gentoo/system_filter.exim.gz
+	mirror://gentoo/system_filter.exim.gz"
 	doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
 HOMEPAGE="https://www.exim.org/"
 SLOT="0"
 LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc x86 ~x86-fbsd ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ppc ppc64 sparc x86 ~x86-solaris"
 COMMON_DEPEND=">=sys-apps/sed-4.0.5
 	( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
@ -69,8 +65,8 @@ COMMON_DEPEND=">=sys-apps/sed-4.0.5
 	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
 	redis? ( dev-libs/hiredis )
 	spf? ( >=mail-filter/libspf2-1.2.5-r1 )
-	dmarc? ( mail-filter/opendmarc:= )
+	dmarc? ( mail-filter/opendmarc )
-	srs? ( srs-alt? ( mail-filter/libsrs_alt ) )
+	srs? ( mail-filter/libsrs_alt )
 	X? (
 		x11-libs/libX11
 		x11-libs/libXmu
@ -79,7 +75,6 @@ COMMON_DEPEND=">=sys-apps/sed-4.0.5
 	)
 	sqlite? ( dev-db/sqlite )
 	radius? ( net-dialup/freeradius-client )
 	virtual/libcrypt:=
 	virtual/libiconv
 	elibc_glibc? ( net-libs/libnsl )
 	"
@ -107,17 +102,19 @@ RDEPEND="${COMMON_DEPEND}
 	selinux? ( sec-policy/selinux-exim )
 	"
-S=${WORKDIR}/${P//_rc/-RC}
+S=${WORKDIR}/${P//rc/RC}
 src_prepare() {
 	# Legacy patches which need a respin for -p1
 	eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
 	eapply     "${FILESDIR}"/exim-4.92-localscan_dlopen.patch
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
 	eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
-	eapply -p0 "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+	eapply     "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
 	eapply -p0 "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
 	eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-	eapply -p2 "${FILESDIR}"/exim-4.92-fix-eval-expansion-32bit.patch #687554
+	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
 	eapply     "${FILESDIR}"/exim-4.93-localscan_dlopen.patch
 	eapply -p2 "${FILESDIR}"/exim-4.93-radius.patch # 720364
 	eapply     "${FILESDIR}"/exim-4.93-CVE-2020-12783.patch # 722484
 	eapply     "${FILESDIR}"/exim-4.93-fno-common.patch # 723430
 	if use maildir ; then
 		eapply "${FILESDIR}"/exim-4.20-maildir.patch
@ -153,7 +150,7 @@ src_configure() {
 	local conffile="${EPREFIX}/etc/exim/exim.conf"
 	sed -e "48i\CFLAGS=${CFLAGS}" \
 		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
-		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+		-e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
 		-e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
 		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
 		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
@ -170,8 +167,11 @@ src_configure() {
 	EOC
 	# if we use libiconv, now is the time to tell so
-	use !elibc_glibc && use !elibc_musl && \
+	if use !elibc_glibc && use !elibc_musl ; then
-		echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+		cat >> Makefile <<- EOC
 			EXTRALIBS_EXIM=-liconv
 		EOC
 	fi
 	# support for IPv6
 	if use ipv6; then
@ -289,8 +289,9 @@ src_configure() {
 	# disable if not requested, bug #46778
 	if use X; then
 		cp ../exim_monitor/EDITME eximon.conf || die
-	else
+		cat >> Makefile <<- EOC
-		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile || die
+			EXIM_MONITOR=eximon.bin
 		EOC
 	fi
 	#
@ -345,14 +346,17 @@ src_configure() {
 	# starttls support (ssl)
 	if use ssl; then
 		echo "SUPPORT_TLS=yes" >> Makefile
 		if use gnutls; then
 			echo "USE_GNUTLS=yes" >> Makefile
-			echo "USE_GNUTLS_PC=gnutls" >> Makefile
+			echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
 				>> Makefile
 			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
 		else
 			echo "USE_OPENSSL=yes" >> Makefile
 			echo "USE_OPENSSL_PC=openssl" >> Makefile
 		fi
 	else
 		echo "DISABLE_TLS=yes" >> Makefile
 	fi
 	# TCP wrappers
@ -394,9 +398,16 @@ src_configure() {
 	fi
 	# DANE
-	if use dane; then
+	if use !dane; then
 		# DANE is enabled by default
 		sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
 	fi
 	# DMARC
 	if use dmarc; then
 		cat >> Makefile <<- EOC
-			SUPPORT_DANE=yes
+			SUPPORT_DMARC=yes
 			EXTRALIBS_EXIM += -lopendmarc
 		EOC
 	fi
@ -430,14 +441,6 @@ src_configure() {
 		EOC
 	fi
 	# DMARC
 	if use dmarc; then
 		cat >> Makefile <<- EOC
 			EXPERIMENTAL_DMARC=yes
 			EXTRALIBS_EXIM += -lopendmarc
 		EOC
 	fi
 	# Delivery Sender Notifications extra information in fail message
 	if use dsn; then
 		cat >> Makefile <<- EOC
@ -491,9 +494,8 @@ src_configure() {
 }
 src_compile() {
-	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+	emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
-		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
 		|| die "make failed"
 }
 src_install() {
@ -522,7 +524,6 @@ src_install() {
 	dodoc -r "${S}"/doc/.
 	doman "${S}"/doc/exim.8
 	use dsn && dodoc "${S}"/README.DSN
 	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
 	# conf files
 	insinto /etc/exim
@ -572,17 +573,17 @@ pkg_postinst() {
 		einfo "Please create ${EROOT}/etc/exim/exim.conf from"
 		einfo "  ${EROOT}/etc/exim/exim.conf.dist."
 	fi
 	if use dmarc ; then
 		einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
 		einfo "you can populate this file with the contents downloaded from"
 		einfo "  https://publicsuffix.org/list/public_suffix_list.dat"
 	fi
 	if use dcc ; then
 		einfo "DCC support is experimental, you can find some limited"
 		einfo "documentation at the bottom of this prerelease message:"
 		einfo "  http://article.gmane.org/gmane.mail.exim.devel/3579"
 	fi
 	use srs && einfo "SRS support is experimental"
 	if use dmarc ; then
 		einfo "DMARC support is experimental.  See global settings to"
 		einfo "configure DMARC, for usage see the documentation at "
 		einfo "experimental-spec.txt."
 	fi
 	use dsn && einfo "extra information in fail DSN message is experimental"
 	elog "The obsolete acl condition 'demime' is removed, the replacements"
 	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
--- a/mail-mta/exim/files/exim-4.74-localscan_dlopen.patch
+++ b/mail-mta/exim/files/exim-4.74-localscan_dlopen.patch
@ -1,262 +0,0 @@
 diff -Naur exim-4.32/src/EDITME exim-4.32-dlopen/src/EDITME
 --- src/EDITME	2004-04-15 08:27:01.000000000 +0000
 +++ src/EDITME	2004-05-06 16:15:47.000000000 +0000
@@ -505,6 +505,24 @@
 #------------------------------------------------------------------------------
 +# On systems which support dynamic loading of shared libraries, Exim can
 +# load a local_scan function specified in its config file instead of having
 +# to be recompiled with the desired local_scan function. For a full
 +# description of the API to this function, see the Exim specification.
 +
 +DLOPEN_LOCAL_SCAN=yes
 +
 +# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
 +# linker flags.  Without it, the loaded .so won't be able to access any
 +# functions from exim.
 +
 +LFLAGS = -rdynamic
 +ifeq ($(OSTYPE),Linux)
 +LFLAGS += -ldl
 +endif
 +
 +
 +#------------------------------------------------------------------------------
 # The default distribution of Exim contains only the plain text form of the
 # documentation. Other forms are available separately. If you want to install
 # the documentation in "info" format, first fetch the Texinfo documentation
 diff -Naur exim-4.32/src/config.h.defaults exim-4.32-dlopen/src/config.h.defaults
 --- src/config.h.defaults	2004-04-15 08:27:01.000000000 +0000
 +++ src/config.h.defaults	2004-05-06 16:16:30.000000000 +0000
@@ -20,6 +20,8 @@
 #define AUTH_PLAINTEXT
 #define AUTH_SPA
 +#define DLOPEN_LOCAL_SCAN
 +
 #define BIN_DIRECTORY
 #define CONFIGURE_FILE
 diff -Naur exim-4.32/src/globals.c exim-4.32-dlopen/src/globals.c
 --- src/globals.c	2004-04-15 08:27:01.000000000 +0000
 +++ src/globals.c	2004-05-06 16:17:07.000000000 +0000
@@ -109,6 +109,10 @@
 uschar *tls_verify_hosts       = NULL;
 #endif
 +#ifdef DLOPEN_LOCAL_SCAN
 +uschar *local_scan_path        = NULL;
 +#endif
 +
 /* Input-reading functions for messages, so we can use special ones for
 incoming TCP/IP. The defaults use stdin. We never need these for any
 diff -Naur exim-4.32/src/globals.h exim-4.32-dlopen/src/globals.h
 --- src/globals.h	2004-04-15 08:27:01.000000000 +0000
 +++ src/globals.h	2004-05-06 16:17:50.000000000 +0000
@@ -73,6 +73,9 @@
 extern uschar *tls_verify_hosts;       /* Mandatory client verification */
 #endif
 +#ifdef DLOPEN_LOCAL_SCAN
 +extern uschar *local_scan_path;        /* Path to local_scan() library */
 +#endif
 /* Input-reading functions for messages, so we can use special ones for
 incoming TCP/IP. */
 diff -Naur exim-4.32/src/local_scan.c exim-4.32-dlopen/src/local_scan.c
 --- src/local_scan.c	2004-04-15 08:27:01.000000000 +0000
 +++ src/local_scan.c	2004-05-06 16:21:57.000000000 +0000
@@ -5,60 +5,131 @@
 /* Copyright (c) University of Cambridge 1995 - 2004 */
 /* See the file NOTICE for conditions of use and distribution. */
 +#include "exim.h"
 -/******************************************************************************
 -This file contains a template local_scan() function that just returns ACCEPT.
 -If you want to implement your own version, you should copy this file to, say
 -Local/local_scan.c, and edit the copy. To use your version instead of the
 -default, you must set
 -
 -LOCAL_SCAN_SOURCE=Local/local_scan.c
 -
 -in your Local/Makefile. This makes it easy to copy your version for use with
 -subsequent Exim releases.
 -
 -For a full description of the API to this function, see the Exim specification.
 -******************************************************************************/
 -
 -
 -/* This is the only Exim header that you should include. The effect of
 -including any other Exim header is not defined, and may change from release to
 -release. Use only the documented interface! */
 -
 -#include "local_scan.h"
 -
 -
 -/* This is a "do-nothing" version of a local_scan() function. The arguments
 -are:
 -
 -  fd             The file descriptor of the open -D file, which contains the
 -                   body of the message. The file is open for reading and
 -                   writing, but modifying it is dangerous and not recommended.
 -
 -  return_text    A pointer to an unsigned char* variable which you can set in
 -                   order to return a text string. It is initialized to NULL.
 -
 -The return values of this function are:
 -
 -  LOCAL_SCAN_ACCEPT
 -                 The message is to be accepted. The return_text argument is
 -                   saved in $local_scan_data.
 -
 -  LOCAL_SCAN_REJECT
 -                 The message is to be rejected. The returned text is used
 -                   in the rejection message.
 -
 -  LOCAL_SCAN_TEMPREJECT
 -                 This specifies a temporary rejection. The returned text
 -                   is used in the rejection message.
 -*/
 +#ifdef DLOPEN_LOCAL_SCAN
 +#include <dlfcn.h>
 +static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
 +static int load_local_scan_library(void);
 +#endif
 int
 local_scan(int fd, uschar **return_text)
 {
 fd = fd;                      /* Keep picky compilers happy */
 return_text = return_text;
 -return LOCAL_SCAN_ACCEPT;
 +#ifdef DLOPEN_LOCAL_SCAN
 +/* local_scan_path is defined AND not the empty string */
 +if (local_scan_path && *local_scan_path)
 +  {
 +  if (!local_scan_fn)
 +    {
 +    if (!load_local_scan_library())
 +      {
 +        char *base_msg , *error_msg , *final_msg ;
 +        int final_length = -1 ;
 +
 +        base_msg=US"Local configuration error - local_scan() library failure\n";
 +        error_msg = dlerror() ;
 +
 +        final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
 +        final_msg = (char*)malloc( final_length*sizeof(char) ) ;
 +        *final_msg = '\0' ;
 +
 +        strcat( final_msg , base_msg ) ;
 +        strcat( final_msg , error_msg ) ;
 +
 +        *return_text = final_msg ;
 +      return LOCAL_SCAN_TEMPREJECT;
 +      }
 +    }
 +    return local_scan_fn(fd, return_text);
 +  }
 +else
 +#endif
 +  return LOCAL_SCAN_ACCEPT;
 +}
 +
 +#ifdef DLOPEN_LOCAL_SCAN
 +
 +static int load_local_scan_library(void)
 +{
 +/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
 +void *local_scan_lib = NULL;
 +int (*local_scan_version_fn)(void);
 +int vers_maj;
 +int vers_min;
 +
 +local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
 +if (!local_scan_lib)
 +  {
 +  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
 +    "message temporarily rejected");
 +  return FALSE;
 +  }
 +
 +local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
 +if (!local_scan_version_fn)
 +  {
 +  dlclose(local_scan_lib);
 +  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
 +    "local_scan_version_major() function - message temporarily rejected");
 +  return FALSE;
 +  }
 +
 +/* The major number is increased when the ABI is changed in a non
 +   backward compatible way. */
 +vers_maj = local_scan_version_fn();
 +
 +local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
 +if (!local_scan_version_fn)
 +  {
 +  dlclose(local_scan_lib);
 +  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
 +    "local_scan_version_minor() function - message temporarily rejected");
 +  return FALSE;
 +  }
 +
 +/* The minor number is increased each time a new feature is added (in a
 +   way that doesn't break backward compatibility) -- Marc */
 +vers_min = local_scan_version_fn();
 +
 +
 +if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
 +  {
 +  dlclose(local_scan_lib);
 +  local_scan_lib = NULL;
 +  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
 +    "version number, you need to recompile your module for this version"
 +    "of exim (The module was compiled for version %d.%d and this exim provides"
 +    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
 +    LOCAL_SCAN_ABI_VERSION_MINOR);
 +  return FALSE;
 +  }
 +else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
 +  {
 +  dlclose(local_scan_lib);
 +  local_scan_lib = NULL;
 +  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
 +    "version number, you need to recompile your module for this version"
 +    "of exim (The module was compiled for version %d.%d and this exim provides"
 +    "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
 +    LOCAL_SCAN_ABI_VERSION_MINOR);
 +  return FALSE;
 +  }
 +
 +local_scan_fn = dlsym(local_scan_lib, "local_scan");
 +if (!local_scan_fn)
 +  {
 +  dlclose(local_scan_lib);
 +  log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
 +    "local_scan() function - message temporarily rejected");
 +  return FALSE;
 +  }
 +
 +return TRUE;
 }
 +#endif /* DLOPEN_LOCAL_SCAN */
 +
 /* End of local_scan.c */
 diff -Naur exim-4.32/src/readconf.c exim-4.32-dlopen/src/readconf.c
 --- src/readconf.c	2004-04-15 08:27:01.000000000 +0000
 +++ src/readconf.c	2004-05-06 16:23:12.000000000 +0000
@@ -223,6 +223,9 @@
   { "local_from_prefix",        opt_stringptr,   &local_from_prefix },
   { "local_from_suffix",        opt_stringptr,   &local_from_suffix },
   { "local_interfaces",         opt_stringptr,   &local_interfaces },
 +#ifdef DLOPEN_LOCAL_SCAN
 +  { "local_scan_path",          opt_stringptr,   &local_scan_path },
 +#endif
   { "local_scan_timeout",       opt_time,        &local_scan_timeout },
   { "local_sender_retain",      opt_bool,        &local_sender_retain },
   { "localhost_number",         opt_stringptr,   &host_number_string },
--- a/mail-mta/exim/files/exim-4.80-spool-mail-group.patch
+++ b/mail-mta/exim/files/exim-4.80-spool-mail-group.patch
@ -1,27 +0,0 @@
 Change default such that we run on a stock Gentoo system.  Bug #438606
 --- src/configure.default
 +++ src/configure.default
@@ -674,8 +674,9 @@
 # BSD mailbox format. By default it will be run under the uid and gid of the
 # local user, and requires the sticky bit to be set on the /var/mail directory.
 # Some systems use the alternative approach of running mail deliveries under a
 -# particular group instead of using the sticky bit. The commented options below
 -# show how this can be done.
 +# particular group instead of using the sticky bit. This is also the
 +# default case on Gentoo, therefore group and mode are set below.
 +# Comment them out, to get the default behaviour.
 local_delivery:
   driver = appendfile
@@ -683,8 +684,8 @@
   delivery_date_add
   envelope_to_add
   return_path_add
 -# group = mail
 -# mode = 0660
 +  group = mail
 +  mode = 0660
 # This transport is used for handling pipe deliveries generated by alias or
--- a/mail-mta/exim/files/exim-4.82-makefile-freebsd.patch
+++ b/mail-mta/exim/files/exim-4.82-makefile-freebsd.patch
@ -1,45 +0,0 @@
 --- OS/Makefile-FreeBSD.orig	2013-09-30 19:59:09.000000000 +0200
 +++ OS/Makefile-FreeBSD	2013-09-30 20:01:22.000000000 +0200
@@ -1,10 +1,8 @@
 -# Exim: OS-specific make file for FreeBSD
 -# There's no setting of CFLAGS here, to allow the system default
 -# for "make" to be the default.
 -
 -CHOWN_COMMAND=/usr/sbin/chown
 -STRIP_COMMAND=/usr/bin/strip
 -CHMOD_COMMAND=/bin/chmod
 +# Exim: OS-specific FreeBSD make file, modified for Gentoo Prefix
 +
 +CHOWN_COMMAND=look_for_it
 +STRIP_COMMAND=
 +CHMOD_COMMAND=look_for_it
 HAVE_SA_LEN=YES
@@ -15,17 +13,9 @@
 CFLAGS_DYNAMIC=-shared -rdynamic -fPIC
 # FreeBSD always ships with Berkeley DB
 +DBMLIB = -ldb
 USE_DB=yes
 -# This code for building outside ports suggested by Richard Clayton
 -.ifdef   X11BASE
 -X11=${X11BASE}
 -.elifdef LOCALBASE
 -X11=$(LOCALBASE)
 -.else
 -X11=/usr/local
 -.endif
 -
 # nb: FreeBSD is entirely elf; objformat was removed prior to FreeBSD 7
 # http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.bin/objformat/Attic/objformat.c
 # deleted Jan 2007.
@@ -37,6 +27,7 @@
 # switch to default to ELF came with FreeBSD 3.  elf(5) claims ELF support
 # introduced in FreeBSD 2.2.6.
 #
 +X11=/usr/X11R6
 XINCLUDE=-I$(X11)/include
 XLFLAGS=-L$(X11)/lib -Wl,-rpath,${X11}/lib
 X11_LD_LIB=$(X11)/lib
--- a/mail-mta/exim/files/exim-4.92-fix-eval-expansion-32bit.patch
+++ b/mail-mta/exim/files/exim-4.92-fix-eval-expansion-32bit.patch
@ -1,51 +0,0 @@
 Extract from complete patch from
 https://git.exim.org/exim.git/patch/26dd3aa007b3b77969610c031f59388e0953bd00
 to only take the buildconfig.c change because the git directory
 structure is different from a release tarball causing this patch to fail
 otherwise.
 From 26dd3aa007b3b77969610c031f59388e0953bd00 Mon Sep 17 00:00:00 2001
 From: Jeremy Harris <jgh146exb@wizmail.org>
 Date: Fri, 7 Jun 2019 11:54:10 +0100
 Subject: [PATCH] Fix detection of 32b platform at build time.  Bug 2405
 ---
 src/src/buildconfig.c        | 12 +++++---
 test/scripts/0000-Basic/0002 | 72 +++++++++++++++++++++++---------------------
 test/stdout/0002             | 72 +++++++++++++++++++++++---------------------
 3 files changed, 83 insertions(+), 73 deletions(-)
 diff --git a/src/src/buildconfig.c b/src/src/buildconfig.c
 index 71cf97b..a680b34 100644
 --- a/src/src/buildconfig.c
 +++ b/src/src/buildconfig.c
@@ -111,6 +111,7 @@ unsigned long test_ulong_t = 0L;
 unsigned int test_uint_t = 0;
 #endif
 long test_long_t = 0;
 +long long test_longlong_t = 0;
 int test_int_t = 0;
 FILE *base;
 FILE *new;
@@ -155,15 +156,16 @@ This assumption is known to be OK for the common operating systems. */
 fprintf(new, "#ifndef OFF_T_FMT\n");
 if (sizeof(test_off_t) > sizeof(test_long_t))
 -  {
   fprintf(new, "# define OFF_T_FMT  \"%%lld\"\n");
 -  fprintf(new, "# define LONGLONG_T long long int\n");
 -  }
 else
 -  {
   fprintf(new, "# define OFF_T_FMT  \"%%ld\"\n");
 +fprintf(new, "#endif\n\n");
 +
 +fprintf(new, "#ifndef LONGLONG_T\n");
 +if (sizeof(test_longlong_t) > sizeof(test_long_t))
 +  fprintf(new, "# define LONGLONG_T long long int\n");
 +else
   fprintf(new, "# define LONGLONG_T long int\n");
 -  }
 fprintf(new, "#endif\n\n");
 /* Now do the same thing for time_t variables. If the length is greater than
--- a/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch
+++ b/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch
@ -0,0 +1,83 @@
 auths/spa: fix for CVE-2020-12783
 This is a combined patch of git commits:
 57aa14b216432be381b6295c312065b2fd034f86
 a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
 leaving out whitespace noise for a smaller patch
 and made it apply to the 4.93 release
 modified paths because Exim dists differ in layout from the git repo
 Fix SPA authenticator, checking client-supplied data before using it.  Bug 2571
 Rework SPA fix to avoid overflows.  Bug 2571
 --- a/src/auths/auth-spa.c
 +++ b/src/auths/auth-spa.c
@@ -405,7 +405,7 @@ int
 /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */
 {
   int len = 0;
 -  register uschar digit1, digit2, digit3, digit4;
 +  uschar digit1, digit2, digit3, digit4;
   if (in[0] == '+' && in[1] == ' ')
     in += 2;
 --- a/src/auths/spa.c
 +++ b/src/auths/spa.c
@@ -139,7 +139,8 @@ SPAAuthChallenge challenge;
 SPAAuthResponse  response;
 SPAAuthResponse  *responseptr = &response;
 uschar msgbuf[2048];
 -uschar *clearpass;
 +uschar *clearpass, *s;
 +unsigned off;
 /* send a 334, MS Exchange style, and grab the client's request,
 unless we already have it via an initial response. */
@@ -194,9 +195,19 @@ that causes failure if the size of msgbuf is exceeded. ****/
   {
   int i;
 -  char *p = ((char*)responseptr) + IVAL(&responseptr->uUser.offset,0);
 +  char * p;
   int len = SVAL(&responseptr->uUser.len,0)/2;
 +  if (  (off = IVAL(&responseptr->uUser.offset,0)) >= sizeof(SPAAuthResponse)
 +     || len >= sizeof(responseptr->buffer)/2
 +     || (p = (CS responseptr) + off) + len*2 >= CS (responseptr+1)
 +     )
 +    {
 +    DEBUG(D_auth)
 +      debug_printf("auth_spa_server(): bad uUser spec in response\n");
 +    return FAIL;
 +    }
 +
   if (len + 1 >= sizeof(msgbuf)) return FAIL;
   for (i = 0; i < len; ++i)
     {
@@ -245,12 +256,16 @@ spa_smb_nt_encrypt(clearpass, challenge.challengeData, ntRespData);
 /* compare NT hash (LM may not be available) */
 -if (memcmp(ntRespData,
 -      ((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
 -      24) == 0)
 -  /* success. we have a winner. */
 -  {
 +off = IVAL(&responseptr->ntResponse.offset,0);
 +if (off >= sizeof(SPAAuthResponse) - 24)
 +  {
 +  DEBUG(D_auth)
 +    debug_printf("auth_spa_server(): bad ntRespData spec in response\n");
 +  return FAIL;
 +  }
 +s = (US responseptr) + off;
 +
 +if (memcmp(ntRespData, s, 24) == 0)
   return auth_check_serv_cond(ablock);
 -  }
   /* Expand server_condition as an authorization check (PH) */
--- a/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch
+++ b/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch
@ -9,9 +9,9 @@ Use LDFLAGS for all targets, not just the exim binary, such that
 --as-needed works as well.
--- OS/Makefile-Base
+--- a/OS/Makefile-Base
-+++ OS/Makefile-Base
+++ b/OS/Makefile-Base
-@@ -346,12 +346,12 @@
+@@ -496,12 +496,12 @@
         buildrouters buildtransports \
         $(OBJ_EXIM) version.o
 	@echo "$(LNCC) -o exim"
@ -26,7 +26,7 @@ Use LDFLAGS for all targets, not just the exim binary, such that
 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
 	  echo $(STRIP_COMMAND) exim; \
 	  $(STRIP_COMMAND) exim; \
-@@ -367,8 +367,8 @@
+@@ -517,8 +517,8 @@
 exim_dumpdb: $(OBJ_DUMPDB)
 	@echo "$(LNCC) -o exim_dumpdb"
@ -37,18 +37,18 @@ Use LDFLAGS for all targets, not just the exim binary, such that
 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
 	  echo $(STRIP_COMMAND) exim_dumpdb; \
 	  $(STRIP_COMMAND) exim_dumpdb; \
-@@ -382,8 +382,8 @@
+@@ -532,8 +532,8 @@
- exim_fixdb:  $(OBJ_FIXDB) buildauths
+ exim_fixdb:  $(OBJ_FIXDB)
 	@echo "$(LNCC) -o exim_fixdb"
 -	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \
-	  auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB)
+-	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
 +	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LDFLAGS) $(OBJ_FIXDB) \
-+	  auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
+	  $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
 	  echo $(STRIP_COMMAND) exim_fixdb; \
 	  $(STRIP_COMMAND) exim_fixdb; \
-@@ -397,8 +397,8 @@
+@@ -547,8 +547,8 @@
 exim_tidydb: $(OBJ_TIDYDB)
 	@echo "$(LNCC) -o exim_tidydb"
@ -59,7 +59,7 @@ Use LDFLAGS for all targets, not just the exim binary, such that
 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
 	  echo $(STRIP_COMMAND) exim_tidydb; \
 	  $(STRIP_COMMAND) exim_tidydb; \
-@@ -410,8 +410,8 @@
+@@ -560,8 +560,8 @@
 exim_dbmbuild: exim_dbmbuild.o
 	@echo "$(LNCC) -o exim_dbmbuild"
@ -70,7 +70,7 @@ Use LDFLAGS for all targets, not just the exim binary, such that
 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
 	  echo $(STRIP_COMMAND) exim_dbmbuild; \
 	  $(STRIP_COMMAND) exim_dbmbuild; \
-@@ -425,8 +425,8 @@
+@@ -575,8 +575,8 @@
 	@echo "$(CC) exim_lock.c"
 	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
 	@echo "$(LNCC) -o exim_lock"
@ -81,7 +81,7 @@ Use LDFLAGS for all targets, not just the exim binary, such that
 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
 	  echo $(STRIP_COMMAND) exim_lock; \
 	  $(STRIP_COMMAND) exim_lock; \
-@@ -462,9 +462,9 @@
+@@ -612,9 +612,9 @@
 	$(FE)$(CC) -o em_version.o -c \
 	  $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c
 	@echo "$(LNCC) -o eximon.bin"
@ -93,7 +93,7 @@ Use LDFLAGS for all targets, not just the exim binary, such that
 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
 	  echo $(STRIP_COMMAND) eximon.bin; \
 	  $(STRIP_COMMAND) eximon.bin; \
-@@ -780,9 +780,9 @@
+@@ -947,9 +947,9 @@
 	       string.o tod.o version.o utf8.o
 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
 	$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY store.c
@ -105,7 +105,7 @@ Use LDFLAGS for all targets, not just the exim binary, such that
 	rm -f dbfn.o store.o
 test_host:   config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
-@@ -790,29 +790,29 @@
+@@ -958,29 +958,29 @@
 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c
 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c
 	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c
--- a/mail-mta/exim/files/exim-4.93-fno-common.patch
+++ b/mail-mta/exim/files/exim-4.93-fno-common.patch
@ -0,0 +1,16 @@
 Fix -fno-common linking
 Bug: https://bugs.gentoo.org/723430
 Bug: https://bugs.exim.org/show_bug.cgi?id=2577
 --- exim-4.93.0.4/src/globals.h
 +++ exim-4.93.0.4/src/globals.h
@@ -342,7 +342,7 @@
 extern BOOL    allow_domain_literals;  /* As it says */
 extern BOOL    allow_mx_to_ip;         /* Allow MX records to -> ip address */
 #ifdef EXPERIMENTAL_ARC
 -struct arc_set *arc_received;	       /* highest ARC instance evaluation struct */
 +extern struct arc_set *arc_received;	       /* highest ARC instance evaluation struct */
 extern int     arc_received_instance;  /* highest ARC instance number in headers */
 extern int     arc_oldest_pass;        /* lowest passing instance number in headers */
 extern const uschar *arc_state;	       /* verification state */
--- a/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch
+++ b/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch
@ -72,11 +72,11 @@ Only in exim-4.92/src: globals.h.orig
 diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
 --- exim-4.92.orig/src/local_scan.c	2019-01-30 14:59:52.000000000 +0100
 +++ exim-4.92/src/local_scan.c	2019-02-16 18:29:56.832732592 +0100
-@@ -5,61 +5,131 @@
+@@ -5,61 +5,133 @@
 /* Copyright (c) University of Cambridge 1995 - 2009 */
 /* See the file NOTICE for conditions of use and distribution. */
-+#include "exim.h"
+#include "local_scan.h"
 -/******************************************************************************
 -This file contains a template local_scan() function that just returns ACCEPT.
@ -126,9 +126,11 @@ diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
 -                   is used in the rejection message.
 -*/
 +#ifdef DLOPEN_LOCAL_SCAN
 +#include <stdlib.h>
 +#include <dlfcn.h>
 +static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
 +static int load_local_scan_library(void);
 +extern uschar *local_scan_path;        /* Path to local_scan() library */
 +#endif
 int
--- a/mail-mta/exim/files/exim-4.93-radius.patch
+++ b/mail-mta/exim/files/exim-4.93-radius.patch
@ -0,0 +1,66 @@
 From 70b28b113e21d21a528876c3abe88ccb5f7cc77d Mon Sep 17 00:00:00 2001
 From: Fabian Groffen <grobian@gentoo.org>
 Date: Sat, 9 May 2020 11:35:12 +0200
 Subject: [PATCH] call_radius: fix compilation due to incorrect usage of
 string_sprintf
 Since f3ebb786e451da973560f1c9d8cdb151d25108b5, string_sprintf cannot be
 used without arguments any more, so use US directly.
 While at it, also make newline usage consistent to not return a newline
 in errptr, when it is debug-printed, a newline is added.
 https://bugs.gentoo.org/720364
 Signed-off-by: Fabian Groffen <grobian@gentoo.org>
 ---
 src/src/auths/call_radius.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
 diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c
 index c3637436d..253fd75cd 100644
 --- a/src/src/auths/call_radius.c
 +++ b/src/src/auths/call_radius.c
@@ -115,16 +115,16 @@ if (rc_read_config(RADIUS_CONFIG_FILE) != 0)
   *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
 else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
 -  *errptr = string_sprintf("RADIUS: can't read dictionary");
 +  *errptr = US("RADIUS: can't read dictionary");
 else if (rc_avpair_add(&send, PW_USER_NAME, user, 0) == NULL)
 -  *errptr = string_sprintf("RADIUS: add user name failed\n");
 +  *errptr = US("RADIUS: add user name failed");
 else if (rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0) == NULL)
 -  *errptr = string_sprintf("RADIUS: add password failed\n");
 +  *errptr = US("RADIUS: add password failed");
 else if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0) == NULL)
 -  *errptr = string_sprintf("RADIUS: add service type failed\n");
 +  *errptr = US("RADIUS: add service type failed");
 #else  /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */
@@ -132,17 +132,17 @@ if ((h = rc_read_config(RADIUS_CONFIG_FILE)) == NULL)
   *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
 else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0)
 -  *errptr = string_sprintf("RADIUS: can't read dictionary");
 +  *errptr = US("RADIUS: can't read dictionary");
 else if (rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0) == NULL)
 -  *errptr = string_sprintf("RADIUS: add user name failed\n");
 +  *errptr = US("RADIUS: add user name failed");
 else if (rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args,
     Ustrlen(radius_args), 0) == NULL)
 -  *errptr = string_sprintf("RADIUS: add password failed\n");
 +  *errptr = US("RADIUS: add password failed");
 else if (rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0) == NULL)
 -  *errptr = string_sprintf("RADIUS: add service type failed\n");
 +  *errptr = US("RADIUS: add service type failed");
 #endif  /* RADIUS_LIB_RADIUSCLIENT */