summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabian Groffen <grobian@gentoo.org>2023-11-08 09:03:24 +0100
committerFabian Groffen <grobian@gentoo.org>2023-11-08 09:03:24 +0100
commite1634b7a70c6c987472c68a979add070fea799d6 (patch)
treebb3cb3385fc40a35d6dbe8fcd0201db58262e8fb /mail-mta/exim
parentmail-mta/exim-4.97-r1: fix build for musl (diff)
downloadgentoo-e1634b7a70c6c987472c68a979add070fea799d6.tar.gz
gentoo-e1634b7a70c6c987472c68a979add070fea799d6.tar.bz2
gentoo-e1634b7a70c6c987472c68a979add070fea799d6.zip
mail-mta/exim: cleanup
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Diffstat (limited to 'mail-mta/exim')
-rw-r--r--mail-mta/exim/Manifest2
-rw-r--r--mail-mta/exim/exim-4.94.2-r12.ebuild662
-rw-r--r--mail-mta/exim/exim-4.94.2-r7.ebuild2
-rw-r--r--mail-mta/exim/exim-4.96.1.ebuild655
-rw-r--r--mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch99
-rw-r--r--mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch24
-rw-r--r--mail-mta/exim/files/exim-4.94.2-openssl3.patch332
7 files changed, 1 insertions, 1775 deletions
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 1ad7d2a61766..2422a76d59b8 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,11 +1,9 @@
DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc
DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
-DIST exim-4.96.1.tar.xz 1879404 BLAKE2B fc6425be41ef7722f7d7b6b541c01774a4bafe55ca38152dc3fbb837e00ea52fabc39a42fcbf0500f4e0eda40deec3cbb0d746da9700a4a615f9ee4869e325c5 SHA512 ef1a0e57c59cdf4e915b3ac5dcdbc69f565b14dd92b0527f6796b2c46a9ec34f991f9790fb4171c99417f7e482cdd62d77e780cc71fab227c8bed876103f7fdd
DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed
DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
DIST exim-4.97.tar.xz 1909536 BLAKE2B b0f09d5f162853996976c222786de14e2104acdf01fd61da486f59f4cf8af1182cdfb7ea31fd55ccfd9c57256e7f442dc1b46727e08fe2eca82a296ac4ae7899 SHA512 b28cbb49fa7e143dfcc94e004d57cf98a1945013e676cd103c1ee4cf52933d49d378baa13bea2663353dba97745d6b2ab8b7b66cde870788a2d85d7abd716968
DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0
-DIST exim-pdf-4.96.1.tar.xz 2132252 BLAKE2B 7e6d756630211b6465f9162c7a6b461774b3999ad8c3c1ace157a39b7e07f86644d206c5687991b6098aec47445319def44ddb2895b2a16146f6abd1c11d47a6 SHA512 d39ee2f9a05326809a6e8454a108d717838dacfa42c2cade72f5937b1b44d70e70152fa75f4b4e9548cd4198d54f8a8c1323e14d7d1f9a0a23c99a53db1001b0
DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74
DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1
DIST exim-pdf-4.97.tar.xz 2136852 BLAKE2B df188e658e9e86d1b651d12b29e8a440677d75cc0384bab829323582a3a89b62f34e504b759ef2824b7735056696aed6ac33a4ca10a74fc5bc036f150caaac12 SHA512 defd1e7d823f4eadd2afe426d9105a395421824a1b1941b97bfda408905bdd105b5c219b713e15506d25d98fa48e965228f8daab286dc1be14a387f567c0b58b
diff --git a/mail-mta/exim/exim-4.94.2-r12.ebuild b/mail-mta/exim/exim-4.94.2-r12.ebuild
deleted file mode 100644
index c84859d97f58..000000000000
--- a/mail-mta/exim/exim-4.94.2-r12.ebuild
+++ /dev/null
@@ -1,662 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn exiscan-acl gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +srs-alt srs-native +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
- arc? ( dkim spf )
- dane? ( ssl !gnutls )
- dmarc? ( dkim spf )
- dkim? ( ssl !gnutls )
- gnutls? ( ssl )
- pkcs11? ( ssl )
- spf? ( exiscan-acl )
- srs? (
- exiscan-acl
- ^^ ( srs-alt srs-native )
- )
- || ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else. Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]] && echo /test
- [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- dev-libs/libpcre:=
- tdb? ( sys-libs/tdb:= )
- !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
- !tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
- idn? ( net-dns/libidn:= net-dns/libidn2:= )
- perl? ( dev-lang/perl:= )
- pam? ( sys-libs/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- gnutls? (
- net-libs/gnutls:0=[pkcs11?]
- dev-libs/libtasn1
- )
- !gnutls? (
- dev-libs/openssl:0=
- )
- )
- ldap? ( >=net-nds/openldap-2.0.7:= )
- elibc_glibc? (
- net-libs/libnsl:=
- nis? (
- net-libs/libtirpc:=
- >=net-libs/libnsl-1:=
- )
- )
- mysql? ( dev-db/mysql-connector-c:= )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis:= )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc:= )
- srs? ( srs-alt? ( mail-filter/libsrs_alt ) )
- X? (
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libcrypt:=
- virtual/libiconv
- "
- # added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/msmtp[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !mail-mta/ssmtp[mta]
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
- # Legacy patches which need a respin for -p1
- eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
- eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
- eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
- eapply "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
- eapply "${FILESDIR}"/exim-4.94.2-fix-crash-resolve.patch # 799368 upstr
- eapply "${FILESDIR}"/exim-4.94-CVE-2022-3559.patch # 877607 upstr
- eapply "${FILESDIR}"/exim-4.94.2-openssl3.patch # 888619 backports
-
- # for this reason we have a := dep on opendmarc, they changed their
- # API in a minor release
- if use dmarc && has_version ">=mail-filter/opendmarc-1.4" ; then
- eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
- fi
-
- if use maildir ; then
- eapply "${FILESDIR}"/exim-4.94-maildir.patch
- else
- eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- local aliases="${EPREFIX}/etc/mail/aliases"
- sed -i \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
- src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
- if use elibc_musl; then
- sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
- fi
-
- local conffile="${EPREFIX}/etc/exim/exim.conf"
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
- -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile || die
-
- # work on Local/Makefile from now on
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- EOC
-
- # configure db implementation, Exim always needs one for its hints
- # database, we prefer tdb and gdbm, since bdb is kind of getting
- # less and less support
- if use tdb ; then
- cat >> Makefile <<- EOC
- USE_TDB=yes
- DBMLIB = -ltdb
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- elif use berkdb ; then
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
- cat >> Makefile <<- EOC
- USE_DB=yes
- # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
- CFLAGS += -I$(db_includedir ${DB_VERS})
- DBMLIB = -l$(db_libname ${DB_VERS})
- EOC
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- else # must be gdbm via required_use
- cat >> Makefile <<- EOC
- USE_GDBM=yes
- DBMLIB = -lgdbm
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- fi
-
- # if we use libiconv, now is the time to tell so
- if use !elibc_glibc && use !elibc_musl ; then
- cat >> Makefile <<- EOC
- EXTRALIBS_EXIM=-liconv
- EOC
- fi
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- # support i18n/IDNA
- if use idn; then
- cat >> Makefile <<- EOC
- SUPPORT_I18N=yes
- SUPPORT_I18N_2008=yes
- EXTRALIBS_EXIM += -lidn -lidn2
- EOC
- fi
-
- #
- # mail storage formats
- #
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
- #
-
- # support passwd and directory lookups by default
- cat >> Makefile <<- EOC
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- if use elibc_glibc ; then
- cat >> Makefile <<- EOC
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
- LOOKUP_LIBS += -lnsl
- EOC
- fi
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- cat >> Makefile <<- EOC
- EXIM_MONITOR=eximon.bin
- EOC
- fi
-
- #
- # features
- #
-
- # content scanning support
- if use exiscan-acl; then
- cat >> Makefile <<- EOC
- WITH_CONTENT_SCAN=yes
- EOC
- fi
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # Transport post-delivery actions
- if use !tpda && use !dane; then
- # EVENT is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_EVENT=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
- sed -i \
- -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
- Makefile || die
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
- >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL=yes" >> Makefile
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- else
- echo "DISABLE_TLS=yes" >> Makefile
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- HAVE_LOCAL_SCAN=yes
- DLOPEN_LOCAL_SCAN=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- SUPPORT_PROXY=yes
- EOC
- fi
-
- # SOCKS5 (outbound) proxy support
- if use socks5; then
- cat >> Makefile <<- EOC
- SUPPORT_SOCKS=yes
- EOC
- fi
-
- # DANE
- if use !dane; then
- # DANE is enabled by default
- sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- SUPPORT_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- SUPPORT_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- #
- # experimental features
- #
-
- # Authenticated Receive Chain
- if use arc; then
- echo "EXPERIMENTAL_ARC=yes">> Makefile
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- # NOTE: we currently USE-default to srs-alt, because this is
- # what USE=srs used to be. Eventually we want to rid ourselves
- # of this external implementation.
- if use srs-alt; then
- # historical default, from 4.95 this becomes
- # EXPERIMENTAL_SRS_ALT
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS=yes
- EXTRALIBS_EXIM += -lsrs_alt
- EOC
- fi
- if use srs-native; then
- # this one becomes SUPPORT_SRS in 4.95
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS_NATIVE=yes
- EOC
- fi
- fi
-
- # Delivery Sender Notifications extra information in fail message
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN_INFO=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
- #
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym ../sbin/exim /usr/bin/mailq
- dosym ../sbin/exim /usr/bin/newaliases
- dosym ../sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc -r "${S}"/doc/.
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- if use exiscan-acl; then
- newins "${S}"/src/configure.default exim.conf.exiscan-acl
- fi
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- if use pam; then
- pamd_mimic system-auth exim auth account
- fi
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc10 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit \
- "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit \
- "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit \
- "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
- einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
- einfo "for using smtp auth."
- einfo "Please create ${EROOT}/etc/exim/exim.conf from"
- einfo " ${EROOT}/etc/exim/exim.conf.dist."
- fi
- if use dmarc ; then
- einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
- einfo "you can populate this file with the contents downloaded from"
- einfo " https://publicsuffix.org/list/public_suffix_list.dat"
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- if use srs ; then
- einfo "SRS support is experimental in this release of Exim"
- if use srs-alt; then
- elog "You are using libsrs_alt to implement SRS support."
- elog "In future release of Exim, the native SRS implementation"
- elog "(USE=srs-native) will become the default. Please prepare"
- elog "your package.use or switch to USE=srs-native now."
- fi
- fi
- use dsn && einfo "extra information in fail DSN message is experimental"
- einfo
- elog "Note that this release contains a tainted variable check that"
- elog "is likely to break your configuration used with Exim 4.93 and before."
- elog "Please check your transports for occurences of \$local_part, and"
- elog "use a replacement like \$local_part_data where possible."
-}
diff --git a/mail-mta/exim/exim-4.94.2-r7.ebuild b/mail-mta/exim/exim-4.94.2-r7.ebuild
index 4f2833ff82e5..8f5367aecfb8 100644
--- a/mail-mta/exim/exim-4.94.2-r7.ebuild
+++ b/mail-mta/exim/exim-4.94.2-r7.ebuild
@@ -39,7 +39,7 @@ HOMEPAGE="https://www.exim.org/"
SLOT="0"
LICENSE="GPL-2"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~ppc ppc64 sparc x86"
+KEYWORDS="sparc"
COMMON_DEPEND=">=sys-apps/sed-4.0.5
( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
diff --git a/mail-mta/exim/exim-4.96.1.ebuild b/mail-mta/exim/exim-4.96.1.ebuild
deleted file mode 100644
index 2fb3f6b6970a..000000000000
--- a/mail-mta/exim/exim-4.96.1.ebuild
+++ /dev/null
@@ -1,655 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
- arc? ( dkim spf )
- dane? ( ssl !gnutls )
- dmarc? ( dkim spf )
- dkim? ( ssl !gnutls )
- gnutls? ( ssl )
- pkcs11? ( ssl )
- || ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else. Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]] && echo /test
- [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-GPV="r0"
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
- https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- dev-libs/libpcre2:=
- tdb? ( sys-libs/tdb:= )
- !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
- !tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
- idn? ( net-dns/libidn:= net-dns/libidn2:= )
- perl? ( dev-lang/perl:= )
- pam? ( sys-libs/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- gnutls? (
- net-libs/gnutls:0=[pkcs11?]
- dev-libs/libtasn1
- )
- !gnutls? (
- dev-libs/openssl:0=
- )
- )
- ldap? ( >=net-nds/openldap-2.0.7:= )
- elibc_glibc? (
- net-libs/libnsl:=
- nis? (
- net-libs/libtirpc:=
- >=net-libs/libnsl-1:=
- )
- )
- mysql? ( dev-db/mysql-connector-c:= )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis:= )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc:= )
- X? (
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libcrypt:=
- virtual/libiconv
- "
- # added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/msmtp[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !mail-mta/ssmtp[mta]
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
- # Legacy patches which need a respin for -p1
- eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
- eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
- eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
- eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
-
- # Upstream post-release fixes :(
- local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV}
- eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
- eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
-
- # oddity, they disable berkdb as hack, and then throw an error when
- # berkdb isn't enabled
- sed -i \
- -e 's/_DB_/_DONTMESS_/' \
- -e 's/define DB void/define DONTMESS void/' \
- src/auths/call_radius.c || die
-
- # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
- # used, but 1.3 has a CVE and Gentoo (like most downstreams) only
- # has 1.4 available
- eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-
- if use maildir ; then
- eapply "${FILESDIR}"/exim-4.94-maildir.patch
- else
- eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- local aliases="${EPREFIX}/etc/mail/aliases"
- sed -i \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
- src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
- if use elibc_musl; then
- sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
- fi
-
- local conffile="${EPREFIX}/etc/exim/exim.conf"
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
- -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile || die
-
- # work on Local/Makefile from now on
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- WITH_CONTENT_SCAN=yes
- EOC
-
- # configure db implementation, Exim always needs one for its hints
- # database, we prefer tdb and gdbm, since bdb is kind of getting
- # less and less support
- if use tdb ; then
- cat >> Makefile <<- EOC
- USE_TDB=yes
- DBMLIB = -ltdb
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- elif use gdbm ; then
- cat >> Makefile <<- EOC
- USE_GDBM=yes
- DBMLIB = -lgdbm
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- else # must be berkdb via required_use
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
- cat >> Makefile <<- EOC
- USE_DB=yes
- # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
- CFLAGS += -I$(db_includedir ${DB_VERS})
- DBMLIB = -l$(db_libname ${DB_VERS})
- EOC
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- fi
-
- # if we use libiconv, now is the time to tell so
- if use !elibc_glibc && use !elibc_musl ; then
- cat >> Makefile <<- EOC
- EXTRALIBS_EXIM=-liconv
- EOC
- fi
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- # support i18n/IDNA
- if use idn; then
- cat >> Makefile <<- EOC
- SUPPORT_I18N=yes
- SUPPORT_I18N_2008=yes
- EXTRALIBS_EXIM += -lidn -lidn2
- EOC
- fi
-
- #
- # mail storage formats
- #
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
- #
-
- # support passwd and directory lookups by default
- cat >> Makefile <<- EOC
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- if use elibc_glibc ; then
- cat >> Makefile <<- EOC
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
- LOOKUP_LIBS += -lnsl
- EOC
- fi
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- cat >> Makefile <<- EOC
- EXIM_MONITOR=eximon.bin
- EOC
- fi
-
- #
- # features
- #
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # Transport post-delivery actions
- if use !tpda && use !dane; then
- # EVENT is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_EVENT=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
- sed -i \
- -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
- Makefile || die
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
- >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL=yes" >> Makefile
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- else
- echo "DISABLE_TLS=yes" >> Makefile
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- HAVE_LOCAL_SCAN=yes
- DLOPEN_LOCAL_SCAN=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- SUPPORT_PROXY=yes
- EOC
- fi
-
- # SOCKS5 (outbound) proxy support
- if use socks5; then
- cat >> Makefile <<- EOC
- SUPPORT_SOCKS=yes
- EOC
- fi
-
- # DANE
- if use !dane; then
- # DANE is enabled by default
- sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- SUPPORT_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- SUPPORT_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- #
- # experimental features
- #
-
- # Authenticated Receive Chain
- if use arc; then
- echo "EXPERIMENTAL_ARC=yes">> Makefile
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- # this one is the default/supported variant since 4.95, and the
- # only variant available since 4.96
- cat >> Makefile <<- EOC
- SUPPORT_SRS=yes
- EOC
- fi
-
- # Delivery Sender Notifications extra information in fail message
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN_INFO=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
- #
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym ../sbin/exim /usr/bin/mailq
- dosym ../sbin/exim /usr/bin/newaliases
- dosym ../sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc -r "${S}"/doc/.
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- if use pam; then
- pamd_mimic system-auth exim auth account
- fi
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc10 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit \
- "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit \
- "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit \
- "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
- einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
- einfo "for using smtp auth."
- einfo "Please create ${EROOT}/etc/exim/exim.conf from"
- einfo " ${EROOT}/etc/exim/exim.conf.dist."
- fi
- if use berkdb && ( use gdbm || use tdb ) ; then
- ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
- fi
- if use dmarc ; then
- einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
- einfo "you can populate this file with the contents downloaded from"
- einfo " https://publicsuffix.org/list/public_suffix_list.dat"
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- if use srs; then
- einfo "SRS support using libsrs_alt was dropped in this"
- einfo "release of Exim, you are now using the native SRS implementation"
- fi
- use dsn && einfo "extra information in fail DSN message is experimental"
- einfo
- elog "Note that this release contains a tainted variable check that"
- elog "is likely to break your configuration used with Exim 4.93 and before."
- elog "Please check your transports for occurences of \$local_part, and"
- elog "use a replacement like \$local_part_data where possible."
-}
diff --git a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch b/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
deleted file mode 100644
index 533aaf1f9e51..000000000000
--- a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-Patch cleaned up for Gentoo
-- applied to 4.94
-- removed unnecessary whitespace changes
-
-From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 15:37:40 +0100
-Subject: [PATCH 1/1] Fix $regex<n> use-after-free. Bug 2915
-
---- exim-4.94.2/src/exim.c 2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/exim.c 2022-10-19 09:15:58.611447982 +0200
-@@ -1886,8 +1886,6 @@
- regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
- #endif
-
--for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--
- /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
- this seems to be a generally accepted convention, since one finds symbolic
- links called "mailq" in standard OS configurations. */
-@@ -5841,7 +5839,7 @@
- deliver_localpart_data = deliver_domain_data =
- recipient_data = sender_data = NULL;
- acl_var_m = NULL;
-- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+ regex_vars_clear();
-
- store_reset(reset_point);
- }
---- exim-4.94.2/src/functions.h 2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/functions.h 2022-10-19 09:17:44.882122667 +0200
-@@ -417,6 +417,7 @@
- #endif
- extern BOOL regex_match_and_setup(const pcre *, const uschar *, int, int);
- extern const pcre *regex_must_compile(const uschar *, BOOL, BOOL);
-+extern void regex_vars_clear(void);
- extern void retry_add_item(address_item *, uschar *, int);
- extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL,
- uschar **, uschar **);
---- exim-4.94.2/src/globals.c 2022-10-19 09:14:19.344751853 +0200
-+++ exim-4.94.2/src/globals.c 2022-10-19 09:18:27.675991666 +0200
-@@ -1289,7 +1289,7 @@
- #endif
- const pcre *regex_ismsgid = NULL;
- const pcre *regex_smtp_code = NULL;
--uschar *regex_vars[REGEX_VARS];
-+uschar *regex_vars[REGEX_VARS] = { 0 };
- #ifdef WHITELIST_D_MACROS
- const pcre *regex_whitelisted_macro = NULL;
- #endif
---- exim-4.94.2/src/regex.c 2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/regex.c 2022-10-19 09:35:03.229084750 +0200
-@@ -98,7 +106,7 @@
- int ret = FAIL;
-
- /* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
-
- if (!mime_stream) /* We are in the DATA ACL */
- {
-@@ -166,8 +174,7 @@
- int mime_subject_len = 0;
- int ret;
-
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
-
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
-@@ -213,3 +205,14 @@
- }
-
- #endif /* WITH_CONTENT_SCAN */
-+
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+#ifdef WITH_CONTENT_SCAN
-+regex_match_string = NULL;
-+#endif
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
---- exim-4.94.2/src/smtp_in.c 2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/smtp_in.c 2022-10-19 09:15:58.613447975 +0200
-@@ -2161,8 +2161,10 @@
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+regex_vars_clear();
- body_linecount = body_zerocount = 0;
-
-+lookup_value = NULL; /* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */
- /* Note that ratelimiters_conn persists across resets. */
diff --git a/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch b/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch
deleted file mode 100644
index 27e68bfdd74f..000000000000
--- a/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From d4bc023436e4cce7c23c5f8bb5199e178b4cc743 Mon Sep 17 00:00:00 2001
-From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
-Date: Sun, 16 May 2021 19:11:19 +0200
-Subject: [PATCH] Fix host_name_lookup (Close 2747)
-
-https://bugs.exim.org/show_bug.cgi?id=2747
-
-(cherry picked from commit 20812729e3e47a193a21d326ecd036d67a8b2724)
----
- src/src/host.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/src/host.c b/src/src/host.c
---- a/src/host.c
-+++ b/src/host.c
-@@ -1691,7 +1691,7 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0)))
- {
- uschar **aptr = NULL;
- int ssize = 264;
-- int count = 0;
-+ int count = 1; /* need 1 more for terminating NULL */
- int old_pool = store_pool;
-
- sender_host_dnssec = dns_is_secure(dnsa);
diff --git a/mail-mta/exim/files/exim-4.94.2-openssl3.patch b/mail-mta/exim/files/exim-4.94.2-openssl3.patch
deleted file mode 100644
index f9758515bef1..000000000000
--- a/mail-mta/exim/files/exim-4.94.2-openssl3.patch
+++ /dev/null
@@ -1,332 +0,0 @@
-Original commits from upstream applied to 4.94.2 release tarball
-
-From a5d79c99f4948d9fd288a1bfaca3a44cf2caaa32 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 1 Dec 2021 17:36:18 +0000
-Subject: [PATCH] OpenSSL: use nondeprecated D-H functions under 3.0.0.
-
-From c6a290f4d8df3734b3cdc2232b4334ff8386c1da Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 1 Dec 2021 18:52:21 +0000
-Subject: [PATCH] OpenSSL: tidy DH and ECDH param setup Testsuite: expand DH
- testcase
-
-From ff7829398d74e67f1c1f40339a772fd76708e5ac Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Sat, 27 Nov 2021 21:07:15 +0000
-Subject: [PATCH] Fix build for OpenSSL 3.0.0 . Bug 2810
-
-From ca4014de81e6aa367aa0a54c49b4c3d4b137814c Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sun, 1 Jan 2023 12:18:38 +0000
-Subject: [PATCH] OpenSSL: fix tls_eccurve setting explicit curve/group. Bug
- 2954
-
-From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Mon, 2 Jan 2023 15:04:14 +0000
-Subject: [PATCH] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0. Bug
- 2954
-
-Broken-by: ca4014de81e6
-
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -227,12 +227,16 @@
- { US"no_tlsv1", SSL_OP_NO_TLSv1 },
- #endif
- #ifdef SSL_OP_NO_TLSv1_1
--#if SSL_OP_NO_TLSv1_1 == 0x00000400L
-+# if OPENSSL_VERSION_NUMBER < 0x30000000L
-+# if SSL_OP_NO_TLSv1_1 == 0x00000400L
- /* Error in chosen value in 1.0.1a; see first item in CHANGES for 1.0.1b */
--#warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring
--#else
-+# warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring
-+# define NO_SSL_OP_NO_TLSv1_1
-+# endif
-+# endif
-+# ifndef NO_SSL_OP_NO_TLSv1_1
- { US"no_tlsv1_1", SSL_OP_NO_TLSv1_1 },
--#endif
-+# endif
- #endif
- #ifdef SSL_OP_NO_TLSv1_2
- { US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 },
-@@ -1017,23 +1021,27 @@
- *************************************************/
-
- /* If dhparam is set, expand it, and load up the parameters for DH encryption.
-+Server only.
-
- Arguments:
- sctx The current SSL CTX (inbound or outbound)
- dhparam DH parameter file or fixed parameter identity string
-- host connected host, if client; NULL if server
- errstr error string pointer
-
- Returns: TRUE if OK (nothing to set up, or setup worked)
- */
-
- static BOOL
--init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host, uschar ** errstr)
-+init_dh(SSL_CTX * sctx, uschar * dhparam, uschar ** errstr)
- {
--BIO *bio;
--DH *dh;
--uschar *dhexpanded;
--const char *pem;
-+BIO * bio;
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+DH * dh;
-+#else
-+EVP_PKEY * pkey;
-+#endif
-+uschar * dhexpanded;
-+const char * pem;
- int dh_bitsize;
-
- if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr))
-@@ -1046,7 +1054,7 @@
- if (!(bio = BIO_new_file(CS dhexpanded, "r")))
- {
- tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
-- host, US strerror(errno), errstr);
-+ NULL, US strerror(errno), errstr);
- return FALSE;
- }
- }
-@@ -1061,17 +1069,23 @@
- if (!(pem = std_dh_prime_named(dhexpanded)))
- {
- tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded),
-- host, US strerror(errno), errstr);
-+ NULL, US strerror(errno), errstr);
- return FALSE;
- }
- bio = BIO_new_mem_buf(CS pem, -1);
- }
-
--if (!(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)))
-+if (!(
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)
-+#else
-+ pkey = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL)
-+#endif
-+ ) )
- {
- BIO_free(bio);
- tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded),
-- host, NULL, errstr);
-+ NULL, NULL, errstr);
- return FALSE;
- }
-
-@@ -1081,33 +1095,54 @@
- * If someone wants to dance at the edge, then they can raise the limit or use
- * current libraries. */
--#ifdef EXIM_HAVE_OPENSSL_DH_BITS
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+# ifdef EXIM_HAVE_OPENSSL_DH_BITS
- /* Added in commit 26c79d5641d; `git describe --contains` says OpenSSL_1_1_0-pre1~1022
- * This predates OpenSSL_1_1_0 (before a, b, ...) so is in all 1.1.0 */
- dh_bitsize = DH_bits(dh);
--#else
-+# else
- dh_bitsize = 8 * DH_size(dh);
-+# endif
-+#else /* 3.0.0 + */
-+dh_bitsize = EVP_PKEY_get_bits(pkey);
- #endif
-
--/* Even if it is larger, we silently return success rather than cause things
-- * to fail out, so that a too-large DH will not knock out all TLS; it's a
-- * debatable choice. */
--if (dh_bitsize > tls_dh_max_bits)
-+/* Even if it is larger, we silently return success rather than cause things to
-+fail out, so that a too-large DH will not knock out all TLS; it's a debatable
-+choice. Likewise for a failing attempt to set one. */
-+
-+if (dh_bitsize <= tls_dh_max_bits)
- {
-- DEBUG(D_tls)
-- debug_printf("dhparams file %d bits, is > tls_dh_max_bits limit of %d\n",
-- dh_bitsize, tls_dh_max_bits);
-+ if (
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+ SSL_CTX_set_tmp_dh(sctx, dh)
-+#else
-+ SSL_CTX_set0_tmp_dh_pkey(sctx, pkey)
-+#endif
-+ == 0)
-+ {
-+ ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
-+ log_write(0, LOG_MAIN|LOG_PANIC, "TLS error (D-H param setting '%s'): %s",
-+ dhexpanded ? dhexpanded : US"default", ssl_errstring);
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ /* EVP_PKEY_free(pkey); crashes */
-+#endif
-+ }
-+ else
-+ DEBUG(D_tls)
-+ debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
-+ dhexpanded ? dhexpanded : US"default", dh_bitsize);
- }
- else
-- {
-- SSL_CTX_set_tmp_dh(sctx, dh);
- DEBUG(D_tls)
-- debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
-- dhexpanded ? dhexpanded : US"default", dh_bitsize);
-- }
-+ debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
-+ dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);
-
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
- DH_free(dh);
--BIO_free(bio);
-+#endif
-+/* The EVP_PKEY ownership stays with the ctx; do not free it */
-
-+BIO_free(bio);
- return TRUE;
- }
-
-@@ -1118,7 +1154,7 @@
- * Initialize for ECDH *
- *************************************************/
-
--/* Load parameters for ECDH encryption.
-+/* Load parameters for ECDH encryption. Server only.
-
- For now, we stick to NIST P-256 because: it's simple and easy to configure;
- it avoids any patent issues that might bite redistributors; despite events in
-@@ -1136,37 +1172,40 @@
-
- Arguments:
- sctx The current SSL CTX (inbound or outbound)
-- host connected host, if client; NULL if server
- errstr error string pointer
-
- Returns: TRUE if OK (nothing to set up, or setup worked)
- */
-
- static BOOL
--init_ecdh(SSL_CTX * sctx, host_item * host, uschar ** errstr)
-+init_ecdh(SSL_CTX * sctx, uschar ** errstr)
- {
- #ifdef OPENSSL_NO_ECDH
- return TRUE;
- #else
-
--EC_KEY * ecdh;
- uschar * exp_curve;
--int nid;
--BOOL rv;
--
--if (host) /* No ECDH setup for clients, only for servers */
-- return TRUE;
-+int nid, rc;
-
- # ifndef EXIM_HAVE_ECDH
- DEBUG(D_tls)
-- debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
-+ debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n");
- return TRUE;
- # else
-
- if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
- return FALSE;
-+
-+/* Is the option deliberately empty? */
-+
- if (!exp_curve || !*exp_curve)
-+ {
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+ DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n");
-+ (void) SSL_CTX_set1_curves(sctx, &nid, 0);
-+#endif
- return TRUE;
-+ }
-
- /* "auto" needs to be handled carefully.
- * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
-@@ -1202,27 +1241,41 @@
- # endif
- )
- {
-- tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
-- host, NULL, errstr);
-+ uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve);
-+ DEBUG(D_tls) debug_printf("TLS error '%s'\n", s);
-+ if (errstr) *errstr = s;
- return FALSE;
- }
-
--if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
-- {
-- tls_error(US"Unable to create ec curve", host, NULL, errstr);
-- return FALSE;
-- }
-+# if OPENSSL_VERSION_NUMBER < 0x30000000L
-+ {
-+ EC_KEY * ecdh;
-+ if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
-+ {
-+ tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
-+ return FALSE;
-+ }
-
--/* The "tmp" in the name here refers to setting a temporary key
--not to the stability of the interface. */
-+ /* The "tmp" in the name here refers to setting a temporary key
-+ not to the stability of the interface. */
-
--if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
-- tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL, errstr);
-+ if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0)
-+ tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
-+ else
-+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
-+ EC_KEY_free(ecdh);
-+ }
-+
-+#else /* v 3.0.0 + */
-+
-+if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
-+ tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
- else
-- DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
-+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve);
-+
-+#endif
-
--EC_KEY_free(ecdh);
--return !rv;
-+return !!rc;
-
- # endif /*EXIM_HAVE_ECDH*/
- #endif /*OPENSSL_NO_ECDH*/
-@@ -1727,8 +1780,8 @@
- SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb);
- SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo);
-
--if ( !init_dh(server_sni, cbinfo->dhparam, NULL, &dummy_errstr)
-- || !init_ecdh(server_sni, NULL, &dummy_errstr)
-+if ( !init_dh(server_sni, cbinfo->dhparam, &dummy_errstr)
-+ || !init_ecdh(server_sni, &dummy_errstr)
- )
- goto bad;
-
-@@ -2213,8 +2266,8 @@
- /* Initialize with DH parameters if supplied */
- /* Initialize ECDH temp key parameter selection */
-
--if ( !init_dh(ctx, dhparam, host, errstr)
-- || !init_ecdh(ctx, host, errstr)
-+if ( !init_dh(ctx, dhparam, errstr)
-+ || !init_ecdh(ctx, errstr)
- )
- return DEFER;
-