Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 26 May 2023 18:34:21 GMT
From:      Kurt Jaeger <pi@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 003482675264 - main - mail/exim: fix update to 4.96 by adding missing patches
Message-ID:  <202305261834.34QIYLQc048909@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by pi:

URL: https://cgit.FreeBSD.org/ports/commit/?id=003482675264a732124cbd65b3a76cb67badd49a

commit 003482675264a732124cbd65b3a76cb67badd49a
Author:     Kurt Jaeger <pi@FreeBSD.org>
AuthorDate: 2023-05-26 18:33:29 +0000
Commit:     Kurt Jaeger <pi@FreeBSD.org>
CommitDate: 2023-05-26 18:33:29 +0000

    mail/exim: fix update to 4.96 by adding missing patches
    
    PR:             265098
    Reported by:    David Siebuerger <drs-freebsd@sieborger.nom.za>
---
 ...-attempt-to-rewrite-a-malformed-address.-.patch |  57 +++++
 ...-SPF-fix-memory-accounting-for-error-case.patch |  25 +++
 ...5_08-Fix-regex-n-use-after-free.-Bug-2915.patch | 193 +++++++++++++++++
 .../75_09-Fix-non-WITH_CONTENT_SCAN-build.patch    |  58 ++++++
 .../75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch  | 135 ++++++++++++
 .../75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch  |  45 ++++
 ...ix-for-clients-offering-no-TLS-extensions.patch | 114 ++++++++++
 ...-Build-with-libopendmarc-1.4.x-fixes-2728.patch |  88 ++++++++
 ...RC-fix-use-after-free-in-dmarc_dns_lookup.patch |  39 ++++
 .../75_22-Fix-daemon-startup.-Bug-2930.patch       |  68 ++++++
 ..._23-Fix-reccipients-after-run.-.-Bug-2929.patch |  45 ++++
 ...substring-capture-variables-for-null-matc.patch |  79 +++++++
 ...ubstring-capture-variables-for-null-match.patch |  94 +++++++++
 ...ex-substring-capture-commentary.-Bug-2933.patch |  48 +++++
 ...n-preloading-creds-do-the-server-certs-be.patch | 232 +++++++++++++++++++++
 ...-double-expansion-of-tls_verify_certifica.patch | 217 +++++++++++++++++++
 .../75_50-Fix-logging-of-max-size-log-line.patch   |  82 ++++++++
 ...ion-on-dns_again_means_nonexist.-Bug-2911.patch |  76 +++++++
 ...r-smtp-socket-explicitly-on-connect-ACL-d.patch |  50 +++++
 ...-tls_eccurve-setting-explicit-curve-group.patch | 184 ++++++++++++++++
 ...-tls_eccurve-on-earlier-versions-than-3.0.patch |  42 ++++
 ...-conns-rejected-for-bad-ALPN-with-the-off.patch |  99 +++++++++
 ...-check-dns_again_means_nonexist-for-TLSA-.patch |  96 +++++++++
 .../debian/75_66-Fix-crash-in-expansions.patch     |  84 ++++++++
 24 files changed, 2250 insertions(+)

diff --git a/mail/exim/files/debian/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch b/mail/exim/files/debian/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch
new file mode 100644
index 000000000000..bf0f64942d7d
--- /dev/null
+++ b/mail/exim/files/debian/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch
@@ -0,0 +1,57 @@
+From e7ec503729970a03d4509921342bc81313976126 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 12 Jul 2022 22:14:04 +0100
+Subject: [PATCH] Fix exit on attempt to rewrite a malformed address.  Bug 2903
+
+---
+ doc/ChangeLog        |   5 +
+ src/rewrite.c            |   9 +-
+ test/confs/0471              |   7 +
+ test/log/0471                |   5 +
+ test/scripts/0000-Basic/0471 |   4 +-
+ test/stderr/0471             | 245 ++++++++++++++++++++++++++++++++++-
+ 6 files changed, 267 insertions(+), 8 deletions(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -1,9 +1,14 @@
+ This document describes *changes* to previous versions, that might
+ affect Exim's operation, with an unchanged configuration file.  For new
+ options, and new features, see the NewStuff file next to this ChangeLog.
+ 
++JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
++      Make the rewrite never match and keep the logging.  Trust the
++      admin to be using verify=header-syntax (to actually reject the message).
++
++
+ Exim version 4.96
+ -----------------
+ 
+ JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from
+       after reception to before a subsequent reception.  This should
+--- a/src/rewrite.c
++++ b/src/rewrite.c
+@@ -493,19 +493,18 @@
+   empty address, overlong addres. Sometimes the result matters, sometimes not.
+   It seems this function is called for *any* header we see. */
+ 
+   if (!recipient)
+     {
+-    /* Handle unparesable addresses in the header. Slightly ugly because a
++    /* Log unparesable addresses in the header. Slightly ugly because a
+     null output from the extract can also result from a header without an
+-    address, "To: undisclosed recpients:;" being the classic case. */
++    address, "To: undisclosed recpients:;" being the classic case. Ignore
++    this one and carry on. */
+ 
+     if ((rewrite_rules || routed_old) && Ustrcmp(errmess, "empty address") != 0)
+-      {
+       log_write(0, LOG_MAIN, "rewrite: %s", errmess);
+-      exim_exit(EXIT_FAILURE);
+-      }
++
+     loop_reset_point = store_reset(loop_reset_point);
+     continue;
+     }
+ 
+   /* If routed_old is not NULL, this is a rewrite caused by a router,
diff --git a/mail/exim/files/debian/75_05-SPF-fix-memory-accounting-for-error-case.patch b/mail/exim/files/debian/75_05-SPF-fix-memory-accounting-for-error-case.patch
new file mode 100644
index 000000000000..e474acf6f54d
--- /dev/null
+++ b/mail/exim/files/debian/75_05-SPF-fix-memory-accounting-for-error-case.patch
@@ -0,0 +1,25 @@
+From 93c722ce0549360af68269f088f4e59ed8fc130e Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun, 7 Aug 2022 17:00:27 +0100
+Subject: [PATCH] SPF: fix memory accounting for error case
+
+---
+ src/spf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/spf.c b/src/spf.c
+index db6eea3a8..a8c0f75c4 100644
+--- a/src/spf.c
++++ b/src/spf.c
+@@ -204,7 +204,7 @@ spf_nxdomain = SPF_dns_rr_new_init(spf_dns_server,
+   "", ns_t_any, 24 * 60 * 60, HOST_NOT_FOUND);
+ if (!spf_nxdomain)
+   {
+-  free(spf_dns_server);
++  store_free(spf_dns_server);
+   return NULL;
+   }
+ 
+-- 
+2.35.1
+
diff --git a/mail/exim/files/debian/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch b/mail/exim/files/debian/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch
new file mode 100644
index 000000000000..2429e9ff55b9
--- /dev/null
+++ b/mail/exim/files/debian/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch
@@ -0,0 +1,193 @@
+From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed, 31 Aug 2022 15:37:40 +0100
+Subject: [PATCH] Fix $regex<n> use-after-free.  Bug 2915
+
+---
+ doc/ChangeLog           |  8 +++++++-
+ src/exim.c                  |  4 +---
+ src/expand.c                |  2 +-
+ src/functions.h             |  1 +
+ src/globals.c               |  2 +-
+ src/regex.c                 | 29 ++++++++++++++++++-----------
+ src/smtp_in.c               |  2 ++
+ 7 files changed, 55 insertions(+), 17 deletions(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -4,15 +4,21 @@
+ 
+ JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
+       Make the rewrite never match and keep the logging.  Trust the
+       admin to be using verify=header-syntax (to actually reject the message).
+ 
++JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
++      more than one message arrived in a single connection a reference from
++      the earlier message could be re-used.  Often a sigsegv resulted.
++      These variables were introduced in Exim 4.87.
++      Debug help from Graeme Fowler.
++
+ 
+ Exim version 4.96
+ -----------------
+ 
+-JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from
++JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
+       after reception to before a subsequent reception.  This should
+       mean slightly faster delivery, and also confirmation of reception
+       to senders.
+ 
+ JH/02 Move from using the pcre library to pcre2.  The former is no longer
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -1999,12 +1999,10 @@
+ 
+ regex_whitelisted_macro =
+   regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
+ #endif
+ 
+-for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
+-
+ /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
+ this seems to be a generally accepted convention, since one finds symbolic
+ links called "mailq" in standard OS configurations. */
+ 
+ if ((namelen == 5 && Ustrcmp(argv[0], "mailq") == 0) ||
+@@ -6082,11 +6080,11 @@
+   callout_address = NULL;
+   sending_ip_address = NULL;
+   deliver_localpart_data = deliver_domain_data =
+   recipient_data = sender_data = NULL;
+   acl_var_m = NULL;
+-  for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
++  regex_vars_clear();
+ 
+   store_reset(reset_point);
+   }
+ 
+ exim_exit(EXIT_SUCCESS);   /* Never returns */
+--- a/src/expand.c
++++ b/src/expand.c
+@@ -1871,11 +1871,11 @@
+   {
+   tree_node * node = tree_search(router_var, name + 2);
+   return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
+   }
+ 
+-/* Handle $auth<n> variables. */
++/* Handle $auth<n>, $regex<n> variables. */
+ 
+ if (Ustrncmp(name, "auth", 4) == 0)
+   {
+   uschar *endptr;
+   int n = Ustrtoul(name + 4, &endptr, 10);
+--- a/src/functions.h
++++ b/src/functions.h
+@@ -436,10 +436,11 @@
+ extern int     regex(const uschar **);
+ #endif
+ extern BOOL    regex_match(const pcre2_code *, const uschar *, int, uschar **);
+ extern BOOL    regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
+ extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
++extern void    regex_vars_clear(void);
+ extern void    retry_add_item(address_item *, uschar *, int);
+ extern BOOL    retry_check_address(const uschar *, host_item *, uschar *, BOOL,
+                  uschar **, uschar **);
+ extern retry_config *retry_find_config(const uschar *, const uschar *, int, int);
+ extern BOOL    retry_ultimate_address_timeout(uschar *, const uschar *,
+--- a/src/globals.c
++++ b/src/globals.c
+@@ -1313,11 +1313,11 @@
+ #ifndef DISABLE_PIPE_CONNECT
+ const pcre2_code *regex_EARLY_PIPE   = NULL;
+ #endif
+ const pcre2_code *regex_ismsgid      = NULL;
+ const pcre2_code *regex_smtp_code    = NULL;
+-const uschar *regex_vars[REGEX_VARS];
++const uschar *regex_vars[REGEX_VARS] = { 0 };;
+ #ifdef WHITELIST_D_MACROS
+ const pcre2_code *regex_whitelisted_macro = NULL;
+ #endif
+ #ifdef WITH_CONTENT_SCAN
+ uschar *regex_match_string     = NULL;
+--- a/src/regex.c
++++ b/src/regex.c
+@@ -94,22 +94,32 @@
+   }
+ pcre2_match_data_free(md);
+ return FAIL;
+ }
+ 
++
++/* reset expansion variables */
++void
++regex_vars_clear(void)
++{
++regex_match_string = NULL;
++for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
++}
++
++
++
+ int
+-regex(const uschar **listptr)
++regex(const uschar ** listptr)
+ {
+ unsigned long mbox_size;
+-FILE *mbox_file;
+-pcre_list *re_list_head;
+-uschar *linebuffer;
++FILE * mbox_file;
++pcre_list * re_list_head;
++uschar * linebuffer;
+ long f_pos = 0;
+ int ret = FAIL;
+ 
+-/* reset expansion variable */
+-regex_match_string = NULL;
++regex_vars_clear();
+ 
+ if (!mime_stream)				/* We are in the DATA ACL */
+   {
+   if (!(mbox_file = spool_mbox(&mbox_size, NULL, NULL)))
+     {						/* error while spooling */
+@@ -167,18 +177,17 @@
+ 
+ 
+ int
+ mime_regex(const uschar **listptr)
+ {
+-pcre_list *re_list_head = NULL;
+-FILE *f;
+-uschar *mime_subject = NULL;
++pcre_list * re_list_head = NULL;
++FILE * f;
++uschar * mime_subject = NULL;
+ int mime_subject_len = 0;
+ int ret;
+ 
+-/* reset expansion variable */
+-regex_match_string = NULL;
++regex_vars_clear();
+ 
+ /* precompile our regexes */
+ if (!(re_list_head = compile(*listptr)))
+   return FAIL;			/* no regexes -> nothing to do */
+ 
+--- a/src/smtp_in.c
++++ b/src/smtp_in.c
+@@ -2155,12 +2155,14 @@
+ prdr_requested = FALSE;
+ #endif
+ #ifdef SUPPORT_I18N
+ message_smtputf8 = FALSE;
+ #endif
++regex_vars_clear();
+ body_linecount = body_zerocount = 0;
+ 
++lookup_value = NULL;				/* Can be set by ACL */
+ sender_rate = sender_rate_limit = sender_rate_period = NULL;
+ ratelimiters_mail = NULL;           /* Updated by ratelimit ACL condition */
+                    /* Note that ratelimiters_conn persists across resets. */
+ 
+ /* Reset message ACL variables */
diff --git a/mail/exim/files/debian/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch b/mail/exim/files/debian/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch
new file mode 100644
index 000000000000..6071fa7c5bf4
--- /dev/null
+++ b/mail/exim/files/debian/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch
@@ -0,0 +1,58 @@
+From d8ecc7bf97934a1e2244788c610c958cacd740bd Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed, 31 Aug 2022 17:03:37 +0100
+Subject: [PATCH 1/3] Fix non-WITH_CONTENT_SCAN build.
+
+Broken-by: 4e9ed49f8f
+---
+ src/exim.c  | 11 +++++++++++
+ src/regex.c | 10 ----------
+ 2 files changed, 11 insertions(+), 10 deletions(-)
+
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -1677,10 +1677,21 @@
+   if ((s = expand_string(big_buffer))) printf("%s\n", CS s);
+   else printf("Failed: %s\n", expand_string_message);
+ }
+ 
+ 
++/* reset regex expansion variables */
++void
++regex_vars_clear(void)
++{
++regex_match_string = NULL;
++for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
++}
++
++
++
++
+ 
+ /*************************************************
+ *          Entry point and high-level code       *
+ *************************************************/
+ 
+--- a/src/regex.c
++++ b/src/regex.c
+@@ -95,20 +95,10 @@
+ pcre2_match_data_free(md);
+ return FAIL;
+ }
+ 
+ 
+-/* reset expansion variables */
+-void
+-regex_vars_clear(void)
+-{
+-regex_match_string = NULL;
+-for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
+-}
+-
+-
+-
+ int
+ regex(const uschar ** listptr)
+ {
+ unsigned long mbox_size;
+ FILE * mbox_file;
diff --git a/mail/exim/files/debian/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch b/mail/exim/files/debian/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch
new file mode 100644
index 000000000000..0a8ed514ffe8
--- /dev/null
+++ b/mail/exim/files/debian/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch
@@ -0,0 +1,135 @@
+From 158dff9936e36a2d31d037d3988b9353458d6471 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed, 31 Aug 2022 17:17:59 +0100
+Subject: [PATCH 2/3] Fix non-WITH_CONTENT_SCAN build (2)
+
+Broken-by: d8ecc7bf97
+---
+ src/exim.c      | 13 +------------
+ src/functions.h |  2 +-
+ src/globals.h   |  2 +-
+ src/regex.c     | 10 ++++++++++
+ src/smtp_in.c   |  2 ++
+ 5 files changed, 15 insertions(+), 14 deletions(-)
+
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -1677,21 +1677,10 @@
+   if ((s = expand_string(big_buffer))) printf("%s\n", CS s);
+   else printf("Failed: %s\n", expand_string_message);
+ }
+ 
+ 
+-/* reset regex expansion variables */
+-void
+-regex_vars_clear(void)
+-{
+-regex_match_string = NULL;
+-for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
+-}
+-
+-
+-
+-
+ 
+ /*************************************************
+ *          Entry point and high-level code       *
+ *************************************************/
+ 
+@@ -6085,17 +6074,17 @@
+   deliver_domain_orig = NULL;
+   deliver_host = deliver_host_address = NULL;
+   dnslist_domain = dnslist_matched = NULL;
+ #ifdef WITH_CONTENT_SCAN
+   malware_name = NULL;
++  regex_vars_clear();
+ #endif
+   callout_address = NULL;
+   sending_ip_address = NULL;
+   deliver_localpart_data = deliver_domain_data =
+   recipient_data = sender_data = NULL;
+   acl_var_m = NULL;
+-  regex_vars_clear();
+ 
+   store_reset(reset_point);
+   }
+ 
+ exim_exit(EXIT_SUCCESS);   /* Never returns */
+--- a/src/functions.h
++++ b/src/functions.h
+@@ -432,15 +432,15 @@
+ extern BOOL    receive_msg(BOOL);
+ extern int_eximarith_t receive_statvfs(BOOL, int *);
+ extern void    receive_swallow_smtp(void);
+ #ifdef WITH_CONTENT_SCAN
+ extern int     regex(const uschar **);
++extern void    regex_vars_clear(void);
+ #endif
+ extern BOOL    regex_match(const pcre2_code *, const uschar *, int, uschar **);
+ extern BOOL    regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
+ extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
+-extern void    regex_vars_clear(void);
+ extern void    retry_add_item(address_item *, uschar *, int);
+ extern BOOL    retry_check_address(const uschar *, host_item *, uschar *, BOOL,
+                  uschar **, uschar **);
+ extern retry_config *retry_find_config(const uschar *, const uschar *, int, int);
+ extern BOOL    retry_ultimate_address_timeout(uschar *, const uschar *,
+--- a/src/globals.h
++++ b/src/globals.h
+@@ -895,16 +895,16 @@
+ #ifndef DISABLE_PIPE_CONNECT
+ extern const pcre2_code  *regex_EARLY_PIPE;  /* For recognizing PIPE_CONNCT */
+ #endif
+ extern const pcre2_code  *regex_ismsgid;     /* Compiled r.e. for message ID */
+ extern const pcre2_code  *regex_smtp_code;   /* For recognizing SMTP codes */
+-extern const uschar *regex_vars[];           /* $regexN variables */
+ #ifdef WHITELIST_D_MACROS
+ extern const pcre2_code  *regex_whitelisted_macro; /* For -D macro values */
+ #endif
+ #ifdef WITH_CONTENT_SCAN
+ extern uschar *regex_match_string;     /* regex that matched a line (regex ACL condition) */
++extern const uschar *regex_vars[];
+ #endif
+ extern int     remote_delivery_count;  /* Number of remote addresses */
+ extern int     remote_max_parallel;    /* Maximum parallel delivery */
+ extern uschar *remote_sort_domains;    /* Remote domain sorting order */
+ extern retry_config *retries;          /* Chain of retry config information */
+--- a/src/regex.c
++++ b/src/regex.c
+@@ -95,10 +95,20 @@
+ pcre2_match_data_free(md);
+ return FAIL;
+ }
+ 
+ 
++/* reset expansion variables */
++void
++regex_vars_clear(void)
++{
++regex_match_string = NULL;
++for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
++}
++
++
++
+ int
+ regex(const uschar ** listptr)
+ {
+ unsigned long mbox_size;
+ FILE * mbox_file;
+--- a/src/smtp_in.c
++++ b/src/smtp_in.c
+@@ -2155,11 +2155,13 @@
+ prdr_requested = FALSE;
+ #endif
+ #ifdef SUPPORT_I18N
+ message_smtputf8 = FALSE;
+ #endif
++#ifdef WITH_CONTENT_SCAN
+ regex_vars_clear();
++#endif
+ body_linecount = body_zerocount = 0;
+ 
+ lookup_value = NULL;				/* Can be set by ACL */
+ sender_rate = sender_rate_limit = sender_rate_period = NULL;
+ ratelimiters_mail = NULL;           /* Updated by ratelimit ACL condition */
diff --git a/mail/exim/files/debian/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch b/mail/exim/files/debian/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch
new file mode 100644
index 000000000000..b06d89679b7e
--- /dev/null
+++ b/mail/exim/files/debian/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch
@@ -0,0 +1,45 @@
+From 32da6327e434e986a18b75a84f2d8c687ba14619 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu, 1 Sep 2022 15:54:35 +0100
+Subject: [PATCH 3/3] Fix non-WITH_CONTENT_SCAN build (3)
+
+Broken-by: d8ecc7bf97
+---
+ src/expand.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/expand.c b/src/expand.c
+index 89de56255..831ca2b75 100644
+--- a/src/expand.c
++++ b/src/expand.c
+@@ -1869,6 +1869,7 @@ if (Ustrncmp(name, "auth", 4) == 0)
+   if (!*endptr && n != 0 && n <= AUTH_VARS)
+     return auth_vars[n-1] ? auth_vars[n-1] : US"";
+   }
++#ifdef WITH_CONTENT_SCAN
+ else if (Ustrncmp(name, "regex", 5) == 0)
+   {
+   uschar *endptr;
+@@ -1876,6 +1877,7 @@ else if (Ustrncmp(name, "regex", 5) == 0)
+   if (!*endptr && n != 0 && n <= REGEX_VARS)
+     return regex_vars[n-1] ? regex_vars[n-1] : US"";
+   }
++#endif
+ 
+ /* For all other variables, search the table */
+ 
+@@ -8715,9 +8717,11 @@ assert_variable_notin() treats as const, so deconst is safe. */
+ for (int i = 0; i < AUTH_VARS; i++) if (auth_vars[i])
+   assert_variable_notin(US"auth<n>", US auth_vars[i], &e);
+ 
++#ifdef WITH_CONTENT_SCAN
+ /* check regex<n> variables. assert_variable_notin() treats as const. */
+ for (int i = 0; i < REGEX_VARS; i++) if (regex_vars[i])
+   assert_variable_notin(US"regex<n>", US regex_vars[i], &e);
++#endif
+ 
+ /* check known-name variables */
+ for (var_entry * v = var_table; v < var_table + var_table_size; v++)
+-- 
+2.35.1
+
diff --git a/mail/exim/files/debian/75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch b/mail/exim/files/debian/75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch
new file mode 100644
index 000000000000..ae2fa16f51ea
--- /dev/null
+++ b/mail/exim/files/debian/75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch
@@ -0,0 +1,114 @@
+From ece23f05d6a430a461a75639197271c23f6858ec Mon Sep 17 00:00:00 2001
+From: Jasen Betts <jasen@xnet.co.nz>
+Date: Fri, 30 Sep 2022 13:49:41 +0100
+Subject: [PATCH] GnuTLS: fix for clients offering no TLS extensions
+
+---
+ doc/ChangeLog              |  3 +++
+ src/tls-gnu.c                  |  3 ++-
+ src/tls-openssl.c              | 39 +++++++++++++++---------------
+ test/confs/2091                    |  1 +
+ test/log/2091                      |  3 +++
+ test/scripts/2090-GnuTLS-ALPN/2091 | 19 +++++++++++++++
+ test/stdout/2091                   | 21 ++++++++++++++++
+ 7 files changed, 68 insertions(+), 21 deletions(-)
+ create mode 120000 test/confs/2091
+ create mode 100644 test/log/2091
+ create mode 100644 test/scripts/2090-GnuTLS-ALPN/2091
+ create mode 100644 test/stdout/2091
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -10,10 +10,14 @@
+       more than one message arrived in a single connection a reference from
+       the earlier message could be re-used.  Often a sigsegv resulted.
+       These variables were introduced in Exim 4.87.
+       Debug help from Graeme Fowler.
+ 
++JH/10 GnuTLS: fix for (IOT?) clients offering no TLS extensions at all.
++      Find and fix by Jasen Betts.
++
++
+ 
+ Exim version 4.96
+ -----------------
+ 
+ JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
+--- a/src/tls-gnu.c
++++ b/src/tls-gnu.c
+@@ -1130,12 +1130,13 @@
+ static int
+ tls_server_clienthello_cb(gnutls_session_t session, unsigned int htype,
+   unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
+ {
+ /* Call fn for each extension seen.  3.6.3 onwards */
+-return gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg,
++int rc = gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg,
+ 			   GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO);
++return rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE ? 0 : rc;
+ }
+ 
+ 
+ # ifdef notdef_crashes
+ /* Make a note that we saw a status-response */
+--- a/src/tls-openssl.c
++++ b/src/tls-openssl.c
+@@ -940,40 +940,39 @@
+ 
+ Returns:    nothing
+ */
+ 
+ static void
+-info_callback(SSL *s, int where, int ret)
++info_callback(SSL * s, int where, int ret)
+ {
+ DEBUG(D_tls)
+   {
+-  const uschar * str;
++  gstring * g = NULL;
+ 
+-  if (where & SSL_ST_CONNECT)
+-     str = US"SSL_connect";
+-  else if (where & SSL_ST_ACCEPT)
+-     str = US"SSL_accept";
+-  else
+-     str = US"SSL info (undefined)";
++  if (where & SSL_ST_CONNECT) g = string_append_listele(g, ',', US"SSL_connect");
++  if (where & SSL_ST_ACCEPT)  g = string_append_listele(g, ',', US"SSL_accept");
++  if (where & SSL_CB_LOOP)    g = string_append_listele(g, ',', US"state_chg");
++  if (where & SSL_CB_EXIT)    g = string_append_listele(g, ',', US"hshake_exit");
++  if (where & SSL_CB_READ)    g = string_append_listele(g, ',', US"read");
++  if (where & SSL_CB_WRITE)   g = string_append_listele(g, ',', US"write");
++  if (where & SSL_CB_ALERT)   g = string_append_listele(g, ',', US"alert");
++  if (where & SSL_CB_HANDSHAKE_START) g = string_append_listele(g, ',', US"hshake_start");
++  if (where & SSL_CB_HANDSHAKE_DONE)  g = string_append_listele(g, ',', US"hshake_done");
+ 
+   if (where & SSL_CB_LOOP)
+-     debug_printf("%s: %s\n", str, SSL_state_string_long(s));
++     debug_printf("SSL %s: %s\n", g->s, SSL_state_string_long(s));
+   else if (where & SSL_CB_ALERT)
+-    debug_printf("SSL3 alert %s:%s:%s\n",
+-	  str = where & SSL_CB_READ ? US"read" : US"write",
++    debug_printf("SSL %s %s:%s\n", g->s,
+ 	  SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
+   else if (where & SSL_CB_EXIT)
+     {
+-    if (ret == 0)
+-      debug_printf("%s: failed in %s\n", str, SSL_state_string_long(s));
+-    else if (ret < 0)
+-      debug_printf("%s: error in %s\n", str, SSL_state_string_long(s));
++    if (ret <= 0)
++      debug_printf("SSL %s: %s in %s\n", g->s,
++	ret == 0 ? "failed" : "error", SSL_state_string_long(s));
+     }
+-  else if (where & SSL_CB_HANDSHAKE_START)
+-     debug_printf("%s: hshake start: %s\n", str, SSL_state_string_long(s));
+-  else if (where & SSL_CB_HANDSHAKE_DONE)
+-     debug_printf("%s: hshake done: %s\n", str, SSL_state_string_long(s));
++  else if (where & (SSL_CB_HANDSHAKE_START | SSL_CB_HANDSHAKE_DONE))
++     debug_printf("SSL %s: %s\n", g->s, SSL_state_string_long(s));
+   }
+ }
+ 
+ #ifdef OPENSSL_HAVE_KEYLOG_CB
+ static void
diff --git a/mail/exim/files/debian/75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch b/mail/exim/files/debian/75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch
new file mode 100644
index 000000000000..f261d621d67a
--- /dev/null
+++ b/mail/exim/files/debian/75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch
@@ -0,0 +1,88 @@
+From 1561c5d88b3a23a4348d8e3c1ce28554fcbcfe46 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Sat, 15 Oct 2022 19:30:58 +0200
+Subject: [PATCH 1/2] Fix: Build with libopendmarc 1.4.x (fixes 2728)
+
+---
+ doc/ChangeLog     | 3 +++
+ src/EDITME            | 7 +++++--
+ src/config.h.defaults | 1 +
+ src/dmarc.c           | 7 ++++++-
+ 4 files changed, 15 insertions(+), 3 deletions(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -13,10 +13,13 @@
+       Debug help from Graeme Fowler.
+ 
+ JH/10 GnuTLS: fix for (IOT?) clients offering no TLS extensions at all.
+       Find and fix by Jasen Betts.
+ 
++HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
++      API changes in libopendmarc.
++
+ 
+ 
+ Exim version 4.96
+ -----------------
+ 
+--- a/src/EDITME
++++ b/src/EDITME
+@@ -600,18 +600,21 @@
+ 
+ # EXPERIMENTAL_DCC=yes
+ 
+ # Uncomment the following line to add DMARC checking capability, implemented
+ # using libopendmarc libraries. You must have SPF and DKIM support enabled also.
+-# Library version libopendmarc-1.4.1-1.fc33.x86_64  (on Fedora 33) is known broken;
+-# 1.3.2-3 works.  I seems that the OpenDMARC project broke their API.
+ # SUPPORT_DMARC=yes
+ # CFLAGS += -I/usr/local/include
+ # LDFLAGS += -lopendmarc
+ # Uncomment the following if you need to change the default. You can
+ # override it at runtime (main config option dmarc_tld_file)
+ # DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
++#
++# Library version libopendmarc-1.4.1-1.fc33.x86_64  (on Fedora 33) is known broken;
++# 1.3.2-3 works.  It seems that the OpenDMARC project broke their API.
++# Use this option if you need to build with an old library (1.3.x)
++# DMARC_API=100300
+ 
+ # Uncomment the following line to add ARC (Authenticated Received Chain)
+ # support.  You must have SPF and DKIM support enabled also.
+ # EXPERIMENTAL_ARC=yes
+ 
+--- a/src/config.h.defaults
++++ b/src/config.h.defaults
+@@ -148,10 +148,11 @@
+ #define STRING_SPRINTF_BUFFER_SIZE (8192 * 4)
+ 
+ #define SUPPORT_CRYPTEQ
+ #define SUPPORT_DANE
+ #define SUPPORT_DMARC
++#define DMARC_API 100400
+ #define DMARC_TLD_FILE "/etc/exim/opendmarc.tlds"
+ #define SUPPORT_I18N
+ #define SUPPORT_I18N_2008
+ #define SUPPORT_MAILDIR
+ #define SUPPORT_MAILSTORE
+--- a/src/dmarc.c
++++ b/src/dmarc.c
+@@ -457,11 +457,16 @@
+     dkim_result = vs == PDKIM_VERIFY_PASS ? DMARC_POLICY_DKIM_OUTCOME_PASS :
+ 		  vs == PDKIM_VERIFY_FAIL ? DMARC_POLICY_DKIM_OUTCOME_FAIL :
+ 		  vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
+ 		  DMARC_POLICY_DKIM_OUTCOME_NONE;
+     libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain,
+-					       dkim_result, US"");
++/* The opendmarc project broke its API in a way we can't detect * easily.
++ * The EDITME provides a DMARC_API variable */
++#if DMARC_API >= 100400
++                                               sig->selector,
++#endif
++                                               dkim_result, US"");
+     DEBUG(D_receive)
+       debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
+     if (libdm_status != DMARC_PARSE_OKAY)
+       log_write(0, LOG_MAIN|LOG_PANIC,
+ 		"failure to store dkim (%s) for DMARC: %s",
diff --git a/mail/exim/files/debian/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch b/mail/exim/files/debian/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch
new file mode 100644
index 000000000000..e8bda9e07b35
--- /dev/null
+++ b/mail/exim/files/debian/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch
@@ -0,0 +1,39 @@
+From 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Fri, 14 Oct 2022 21:02:51 +0200
+Subject: [PATCH 2/2] DMARC: fix use-after-free in dmarc_dns_lookup
+
+This fixes a use-after-free in dmarc_dns_lookup where the result
+of dns_lookup in dnsa is freed before the required data is copied out.
+
+Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
+---
+ src/dmarc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/dmarc.c b/src/dmarc.c
+index ad0c26c91..53c2752ac 100644
+--- a/src/dmarc.c
++++ b/src/dmarc.c
+@@ -226,16 +226,17 @@ dns_scan dnss;
+ int rc = dns_lookup(dnsa, string_sprintf("_dmarc.%s", dom), T_TXT, NULL);
+ 
+ if (rc == DNS_SUCCEED)
+   for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
+        rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
+     if (rr->type == T_TXT && rr->size > 3)
+       {
++      uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
+       store_free_dns_answer(dnsa);
+-      return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
++      return record;
+       }
+ store_free_dns_answer(dnsa);
+ return NULL;
+ }
+ 
+ 
+ static int
+-- 
+2.35.1
+
diff --git a/mail/exim/files/debian/75_22-Fix-daemon-startup.-Bug-2930.patch b/mail/exim/files/debian/75_22-Fix-daemon-startup.-Bug-2930.patch
new file mode 100644
index 000000000000..2a3434f8b0b1
--- /dev/null
+++ b/mail/exim/files/debian/75_22-Fix-daemon-startup.-Bug-2930.patch
@@ -0,0 +1,68 @@
+From 221321d2c51b83d1feced80ecd6c2fe33ec5456c Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu, 3 Nov 2022 20:08:25 +0000
+Subject: [PATCH 1/2] Fix daemon startup.  Bug 2930
+
+Broken-by: 7d5055276a
+---
+ doc/ChangeLog | 4 ++++
+ src/daemon.c      | 8 ++++++--
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -16,10 +16,14 @@
+       Find and fix by Jasen Betts.
+ 
+ HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
+       API changes in libopendmarc.
+ 
++JH/12 Bug 2930: Fix daemon startup.  When started from any process apart from
++      pid 1, in the normal "background daemon" mode, having to drop process-
++      group leadership also lost track of needing to create listener sockets.
++
+ 
+ 
+ Exim version 4.96
+ -----------------
+ 
+--- a/src/daemon.c
++++ b/src/daemon.c
+@@ -1744,19 +1744,23 @@
+   {
+   /* If the parent process of this one has pid == 1, we are re-initializing the
+   daemon as the result of a SIGHUP. In this case, there is no need to do
+   anything, because the controlling terminal has long gone. Otherwise, fork, in
+   case current process is a process group leader (see 'man setsid' for an
+-  explanation) before calling setsid(). */
++  explanation) before calling setsid().
++  All other forks want daemon_listen cleared. Rather than blow a register, jsut
++  restore it here. */
+ 
+   if (getppid() != 1)
+     {
++    BOOL daemon_listen = f.daemon_listen;
+     pid_t pid = exim_fork(US"daemon");
+     if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+       "fork() failed when starting daemon: %s", strerror(errno));
+     if (pid > 0) exit(EXIT_SUCCESS);      /* in parent process, just exit */
+     (void)setsid();                       /* release controlling terminal */
++    f.daemon_listen = daemon_listen;
+     }
+   }
+ 
+ /* We are now in the disconnected, daemon process (unless debugging). Set up
+ the listening sockets if required. */
+@@ -2090,11 +2094,11 @@
+ 	      {				/* found; append port to list */
+ 	      for (p = i2->log; *p; ) p++;	/* end of existing string */
+ 	      if (*--p == '}') *p = '\0';	/* drop EOL */
+ 	      while (isdigit(*--p)) ;		/* char before port */
+ 
+-	      i2->log = *p == ':'		/* no list yet? */
++	      i2->log = *p == ':'		/* no list yet?     { */
+ 		? string_sprintf("%.*s{%s,%d}",
+ 		  (int)(p - i2->log + 1), i2->log, p+1, ipa->port)
+ 		: string_sprintf("%s,%d}", i2->log, ipa->port);
+ 	      ipa->log = NULL;
+ 	      break;
diff --git a/mail/exim/files/debian/75_23-Fix-reccipients-after-run.-.-Bug-2929.patch b/mail/exim/files/debian/75_23-Fix-reccipients-after-run.-.-Bug-2929.patch
new file mode 100644
index 000000000000..1c98ef26083b
--- /dev/null
+++ b/mail/exim/files/debian/75_23-Fix-reccipients-after-run.-.-Bug-2929.patch
@@ -0,0 +1,45 @@
+From 6b331d5834d12bdda21857cd6fffac17038ce3c7 Mon Sep 17 00:00:00 2001
+From: Ruben Jenster <r.jenster@drachenfels.de>
+Date: Thu, 3 Nov 2022 21:38:15 +0000
+Subject: [PATCH 2/2] Fix $reccipients after ${run...}.  Bug 2929
+
+Broken-by: cfe6acff2d
+---
+ doc/ChangeLog | 3 +++
+ src/transport.c   | 3 ++-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -20,10 +20,13 @@
+ 
+ JH/12 Bug 2930: Fix daemon startup.  When started from any process apart from
+       pid 1, in the normal "background daemon" mode, having to drop process-
+       group leadership also lost track of needing to create listener sockets.
+ 
++JH/13 Bug 2929: Fix using $recipients after ${run...}.  A change made for 4.96
++      resulted in the variable appearing empty.  Find and fix by Ruben Jenster.
++
+ 
+ 
+ Exim version 4.96
+ -----------------
+ 
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -2342,13 +2342,14 @@
+     /* Handle normal expansion string */
+ 
+     else
+       {
+       const uschar *expanded_arg;
++      BOOL enable_dollar_recipients_g = f.enable_dollar_recipients;
+       f.enable_dollar_recipients = allow_dollar_recipients;
+       expanded_arg = expand_cstring(argv[i]);
+-      f.enable_dollar_recipients = FALSE;
++      f.enable_dollar_recipients = enable_dollar_recipients_g;
+ 
+       if (!expanded_arg)
+         {
+         uschar *msg = string_sprintf("Expansion of \"%s\" "
+           "from command \"%s\" in %s failed: %s",
diff --git a/mail/exim/files/debian/75_31-Fix-regext-substring-capture-variables-for-null-matc.patch b/mail/exim/files/debian/75_31-Fix-regext-substring-capture-variables-for-null-matc.patch
new file mode 100644
index 000000000000..bd250f2b7191
--- /dev/null
+++ b/mail/exim/files/debian/75_31-Fix-regext-substring-capture-variables-for-null-matc.patch
@@ -0,0 +1,79 @@
+From e63825824cc406c160ccbf2b154c5d81b168604a Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 11 Nov 2022 00:05:59 +0000
+Subject: [PATCH 1/2] Fix regext substring capture variables for null matches. 
+ Bug 2933
+
+broken-by: 59d66fdc13f0
*** 1448 LINES SKIPPED ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202305261834.34QIYLQc048909>