mail/exim: update to 4.94 release

while here, convert POST-INSTALL-NOTES* to ucl

PR:		246922
Submitted by:	pi
MFH:		2020Q2

14 files changed, 58 insertions, 994 deletions

diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index f3a48bd46382..5129a5fa08b0 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	exim
 PORTVERSION?=	${EXIM_VERSION}
-PORTREVISION?=	3
+PORTREVISION?=	0
 CATEGORIES=	mail
 MASTER_SITES=	EXIM:exim
 MASTER_SITE_SUBDIR=	/exim4/:exim \
@@ -57,11 +57,13 @@ INTERNATIONAL_LIB_DEPENDS=	libidn.so:dns/libidn
 LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
 MYSQL_USES=	mysql
 OPENLDAP_USE=	openldap=yes
-PGSQL_USES=	pgsql
+PGSQL_LIB_DEPENDS=	libicudata.so:devel/icu
+PGSQL_USES=	pgsql pkgconfig
 REDIS_LIB_DEPENDS=	libhiredis.so:databases/hiredis
 SASLAUTHD_RUN_DEPENDS=	${LOCALBASE}/sbin/saslauthd:security/cyrus-sasl2-saslauthd
 SA_EXIM_RUN_DEPENDS=	${LOCALBASE}/bin/spamc:mail/spamassassin
 SPF_LIB_DEPENDS=	libspf2.so:mail/libspf2
+SQLITE_LIB_DEPENDS=	libicudata.so:devel/icu
 SQLITE_USES=	pkgconfig sqlite
 
 .include <bsd.port.options.mk>
@@ -103,7 +105,7 @@ EXTRA_PATCHES+=	${FILESDIR}/extra-patch-Local-sa-exim.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-Local-sa-exim.conf
 .endif
 
-EXIM_VERSION=	4.93.0.4
+EXIM_VERSION=	4.94
 SA_EXIM_VERSION=4.2.1
 EXIM_INSTALL_ARG+=	"-no_chown" "-no_symlink"
 EXTRA_PATCHES+=	`${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h`
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index a8ff4869504a..64c610468f1b 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1582564322
-SHA256 (exim/exim-4.93.0.4.tar.bz2) = b67336ba06f8d8233060de073d6082d75a378faaafad660c5f124bb13d75e4d9
-SIZE (exim/exim-4.93.0.4.tar.bz2) = 1974190
+TIMESTAMP = 1591032067
+SHA256 (exim/exim-4.94.tar.bz2) = 73feeaa5ddb43363782db0c307b593aacb49542dd7e4b795a2880779595affe5
+SIZE (exim/exim-4.94.tar.bz2) = 1997217
 SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1
 SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933
diff --git a/mail/exim/files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch b/mail/exim/files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch
deleted file mode 100644
index 71406b254ed2..000000000000
--- a/mail/exim/files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From dfb8f72b2237627b26767d1e803e8ed95ad659d2 Mon Sep 17 00:00:00 2001
-From: Wolfgang Breyha <wbreyha@gmx.net>
-Date: Tue, 7 Jan 2020 13:03:18 +0000
-Subject: [PATCH 19/21] SPF: fix result for case of only non-spf TXT RRs.  Bug
- 2499
-
-(cherry picked from commit 67794d2b830fc580f87b0635718d95e32b467be1)
----
- src/spf.c              |  7 ++++++-
- test/scripts/4600-SPF/4601 | 17 ++++++++---------
- test/stdout/4601           | 11 ++++++-----
- 3 files changed, 20 insertions(+), 15 deletions(-)
-
-diff --git src/spf.c src/spf.c
-index 8ead817b9..12b756b46 100644
---- src/spf.c
-+++ src/spf.c
-@@ -139,7 +139,12 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
-     srr.rr[found++] = (void *) s;
-     }
- 
--srr.num_rr = found;
-+/* Did we filter out all TXT RRs? Return NO_DATA instead of SUCCESS with
-+empty ANSWER section. */
-+
-+if (!(srr.num_rr = found))
-+  srr.herrno = NO_DATA;
-+
- /* spfrr->rr must have been malloc()d for this */
- SPF_dns_rr_dup(&spfrr, &srr);
- return spfrr;
--- 
-2.24.1
-
diff --git a/mail/exim/files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch b/mail/exim/files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch
deleted file mode 100644
index 9dbabeed91ad..000000000000
--- a/mail/exim/files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 338f36842f10ef84e684dddf59819837fd7792a3 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 15 Jan 2020 10:40:20 +0000
-Subject: [PATCH 20/21] Fix error logging for dynamically-loaded modules.  Bug
- 2507
-
-(cherry picked from commits b1c673ddfa, 3fc07bd570)
----
- doc/ChangeLog |  5 +++++
- src/drtables.c    | 13 +++++++------
- 2 files changed, 12 insertions(+), 6 deletions(-)
-
-diff --git doc/ChangeLog doc/ChangeLog
-index 32febe1f3..6e26e2f11 100644
---- doc/ChangeLog
-+++ doc/ChangeLog
-@@ -49,6 +49,11 @@ JH/16 Fix the variables set by the gsasl authenticator.  Previously a pointer to
-       library live data was being used, so the results became garbage.  Make
-       copies while it is still usable.
- 
-+JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
-+      only retrieve the errormessage once.  Previously two calls to dlerror()
-+      were used, and the second one (for mainlog/paniclog) retrieved null
-+      information.
-+
- 
- Exim version 4.93
- -----------------
-diff --git src/drtables.c src/drtables.c
-index 059756284..ca051bd20 100644
---- src/drtables.c
-+++ src/drtables.c
-@@ -740,10 +740,11 @@ init_lookup_list(void)
- 
-         dl = dlopen(CS big_buffer, RTLD_NOW);// TJ was LAZY
-         if (dl == NULL) {
--          fprintf(stderr, "Error loading %s: %s\n", name, dlerror());
--          moduleerrors++;
--          log_write(0, LOG_MAIN|LOG_PANIC, "Error loading lookup module %s: %s\n", name, dlerror());
--          continue;
-+	  errormessage = dlerror();
-+	  fprintf(stderr, "Error loading %s: %s\n", name, errormessage);
-+	  log_write(0, LOG_MAIN|LOG_PANIC, "Error loading lookup module %s: %s\n", name, errormessage);
-+	  moduleerrors++;
-+	  continue;
-         }
- 
-         /* FreeBSD nsdispatch() can trigger dlerror() errors about
-@@ -756,16 +757,16 @@ init_lookup_list(void)
-         info = (struct lookup_module_info*) dlsym(dl, "_lookup_module_info");
-         if ((errormsg = dlerror()) != NULL) {
-           fprintf(stderr, "%s does not appear to be a lookup module (%s)\n", name, errormsg);
-+          log_write(0, LOG_MAIN|LOG_PANIC, "%s does not appear to be a lookup module (%s)\n", name, errormsg);
-           dlclose(dl);
-           moduleerrors++;
--          log_write(0, LOG_MAIN|LOG_PANIC, "%s does not appear to be a lookup module (%s)\n", name, errormsg);
-           continue;
-         }
-         if (info->magic != LOOKUP_MODULE_INFO_MAGIC) {
-           fprintf(stderr, "Lookup module %s is not compatible with this version of Exim\n", name);
-+          log_write(0, LOG_MAIN|LOG_PANIC, "Lookup module %s is not compatible with this version of Exim\n", name);
-           dlclose(dl);
-           moduleerrors++;
--          log_write(0, LOG_MAIN|LOG_PANIC, "Lookup module %s is not compatible with this version of Exim\n", name);
-           continue;
-         }
- 
--- 
-2.24.1
-
diff --git a/mail/exim/files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch b/mail/exim/files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch
deleted file mode 100644
index 19723dd24099..000000000000
--- a/mail/exim/files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From bbeab68df3b3c2d5507b1fdca07509fdbb3ec5a1 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Tue, 14 Jan 2020 17:48:57 +0000
-Subject: [PATCH 21/21] heimdal auth: fix the increase of big_buffer size.  Bug
- 2501
-
-(cherry picked from commit 7a66b3afa11a70021297c176acf56831692be89a)
----
- doc/ChangeLog          |  7 ++++++-
- src/auths/README           |  2 +-
- src/auths/heimdal_gssapi.c | 10 ----------
- src/macros.h               | 13 ++++++++++---
- src/readconf.c             |  1 +
- 5 files changed, 18 insertions(+), 15 deletions(-)
-
-diff --git doc/ChangeLog doc/ChangeLog
-index 6e26e2f11..f112fc9bf 100644
---- doc/ChangeLog
-+++ doc/ChangeLog
-@@ -9,7 +9,7 @@ This is not an official release. It is just a branch, collecting
- proposed bugfixes. Depending on your environment the fixes may be
- necessary to build and/or run Exim successfully.
- 
--JH/05 Regard command-line receipients as tainted.
-+JH/05 Regard command-line recipients as tainted.
- 
- JH/07 Bug 2489: Fix crash in the "pam" expansion condition.  It seems that the
-       PAM library frees one of the arguments given to it, despite the
-@@ -54,6 +54,11 @@ JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
-       were used, and the second one (for mainlog/paniclog) retrieved null
-       information.
- 
-+JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it
-+      adjusted the size of a major service buffer; this failed because the
-+      buffer was in use at the time.  Change to a compile-time increase in the
-+      buffer size, when this authenticator is compiled into exim.
-+
- 
- Exim version 4.93
- -----------------
-diff --git src/auths/README src/auths/README
-index d4f125c30..66bdcdcf8 100644
---- src/auths/README
-+++ src/auths/README
-@@ -34,7 +34,7 @@ instance block for this configured mechanism. It must set the flags called
- the server and/or client functions are available for this authenticator.
- Typically this depends on whether server or client configuration options have
- been set, but it is also possible to have an authenticator that has only one of
--the server or client functions.
-+the server or client functions.  The function may not touch big_buffer.
- 
- SERVER AUTHENTICATION
- 
-diff --git src/auths/heimdal_gssapi.c src/auths/heimdal_gssapi.c
-index 3dfcb8c6a..523f7c69a 100644
---- src/auths/heimdal_gssapi.c
-+++ src/auths/heimdal_gssapi.c
-@@ -200,16 +200,6 @@ if (krc)
- 
- krb5_free_context(context);
- 
--/* RFC 4121 section 5.2, SHOULD support 64K input buffers */
--if (big_buffer_size < (64 * 1024))
--  {
--  uschar *newbuf;
--  big_buffer_size = 64 * 1024;
--  newbuf = store_malloc(big_buffer_size);
--  store_free(big_buffer);
--  big_buffer = newbuf;
--  }
--
- ablock->server = TRUE;
- }
- 
-diff --git src/macros.h src/macros.h
-index 76913d64e..4e6b1b8a9 100644
---- src/macros.h
-+++ src/macros.h
-@@ -152,12 +152,19 @@ enough to hold all the headers from a normal kind of message. */
- into big_buffer_size and in some circumstances increased. It should be at least
- as long as the maximum path length. */
- 
--#if defined PATH_MAX && PATH_MAX > 16384
-+#ifdef AUTH_HEIMDAL_GSSAPI
-+		/* RFC 4121 section 5.2, SHOULD support 64K input buffers */
-+# define __BIG_BUFFER_SIZE 65536
-+#else
-+# define __BIG_BUFFER_SIZE 16384
-+#endif
-+
-+#if defined PATH_MAX && PATH_MAX > __BIG_BUFFER_SIZE
- # define BIG_BUFFER_SIZE PATH_MAX
--#elif defined MAXPATHLEN && MAXPATHLEN > 16384
-+#elif defined MAXPATHLEN && MAXPATHLEN > __BIG_BUFFER_SIZE
- # define BIG_BUFFER_SIZE MAXPATHLEN
- #else
--# define BIG_BUFFER_SIZE 16384
-+# define BIG_BUFFER_SIZE __BIG_BUFFER_SIZE
- #endif
- 
- /* header size of pipe content
-diff --git src/readconf.c src/readconf.c
-index 0233019cf..62cfcfbf9 100644
---- src/readconf.c
-+++ src/readconf.c
-@@ -3788,6 +3788,7 @@ while ((buffer = get_config_line()) != NULL)
-       if (!d->driver_name)
-         log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
-           "no driver defined for %s \"%s\"", class, d->name);
-+      /* s is using big_buffer, so this call had better not */
-       (d->info->init)(d);
-       d = NULL;
-       }
--- 
-2.24.1
-
diff --git a/mail/exim/files/74_22-Taint-hybrid-checking-mode.patch b/mail/exim/files/74_22-Taint-hybrid-checking-mode.patch
deleted file mode 100644
index dc63289e1052..000000000000
--- a/mail/exim/files/74_22-Taint-hybrid-checking-mode.patch
+++ /dev/null
@@ -1,330 +0,0 @@
-From 1ccd26e24267ffa0c40b70c2c3282481fe4977c7 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 16 Jan 2020 14:12:56 +0000
-Subject: [PATCH 22/22] Taint: hybrid checking mode
-
-(cherry picked from commit 36eb5d3d77426d8cbf4243ea752f8d8cd1d5c682)
----
- doc/ChangeLog         |  8 +++++
- exim_monitor/em_version.c |  2 ++
- src/functions.h           | 58 +++++++++++++++++++++++++++++++-
- src/globals.c             |  1 +
- src/globals.h             |  1 +
- src/mytypes.h             | 62 +++++------------------------------
- src/store.c               | 40 +++++++++++++++-------
- 7 files changed, 107 insertions(+), 65 deletions(-)
-
-diff --git doc/ChangeLog doc/ChangeLog
-index f112fc9bf..508b8fa49 100644
---- doc/ChangeLog
-+++ doc/ChangeLog
-@@ -59,6 +59,14 @@ JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it
-       buffer was in use at the time.  Change to a compile-time increase in the
-       buffer size, when this authenticator is compiled into exim.
- 
-+JH/22 Taint checking: move to a hybrid approach for checking.  Previously, one
-+      of two ways was used, depending on a build-time flag.  The fast method
-+      relied on assumptions about the OS and libc malloc, which were known to
-+      not hold for the BSD-derived platforms, and discovered to not hold for
-+      32-bit Linux either.  In fact the glibc documentation describes cases
-+      where these assumptions do not hold.  The new implementation tests for
-+      the situation arising and actively switches over from fast to safe mode.
-+
- 
- Exim version 4.93
- -----------------
-diff --git exim_monitor/em_version.c exim_monitor/em_version.c
-index 52c55a4a3..9b9c7d417 100644
---- exim_monitor/em_version.c
-+++ exim_monitor/em_version.c
-@@ -5,6 +5,8 @@
- /* Copyright (c) University of Cambridge 1995 - 2018 */
- /* See the file NOTICE for conditions of use and distribution. */
- 
-+#define EM_VERSION_C
-+
- #include "mytypes.h"
- #include "store.h"
- #include "macros.h"
-diff --git src/functions.h src/functions.h
-index 87d1a04d8..0b5905562 100644
---- src/functions.h
-+++ src/functions.h
-@@ -187,6 +187,7 @@ extern void    deliver_succeeded(address_item *);
- extern uschar *deliver_get_sender_address (uschar *id);
- extern void    delivery_re_exec(int);
- 
-+extern void    die_tainted(const uschar *, const uschar *, int);
- extern BOOL    directory_make(const uschar *, const uschar *, int, BOOL);
- #ifndef DISABLE_DKIM
- extern uschar *dkim_exim_query_dns_txt(const uschar *);
-@@ -602,6 +603,61 @@ extern BOOL    write_chunk(transport_ctx *, uschar *, int);
- extern ssize_t write_to_fd_buf(int, const uschar *, size_t);
- 
- 
-+/******************************************************************************/
-+/* Predicate: if an address is in a tainted pool.
-+By extension, a variable pointing to this address is tainted.
-+*/
-+
-+static inline BOOL
-+is_tainted(const void * p)
-+{
-+#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF) || defined(EM_VERSION_C)
-+return FALSE;
-+
-+#else
-+extern BOOL is_tainted_fn(const void *);
-+extern void * tainted_base, * tainted_top;
-+
-+return f.taint_check_slow
-+  ? is_tainted_fn(p) : p >= tainted_base && p < tainted_top;
-+#endif
-+}
-+
-+/******************************************************************************/
-+/* String functions */
-+static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line)
-+{
-+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
-+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line);
-+#endif
-+return US strcat(CS dst, CCS src);
-+}
-+static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line)
-+{
-+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
-+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line);
-+#endif
-+return US strcpy(CS dst, CCS src);
-+}
-+static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line)
-+{
-+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
-+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line);
-+#endif
-+return US strncat(CS dst, CCS src, n);
-+}
-+static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line)
-+{
-+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
-+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line);
-+#endif
-+return US strncpy(CS dst, CCS src, n);
-+}
-+/*XXX will likely need unchecked copy also */
-+
-+
-+/******************************************************************************/
-+
- #if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
- /* exim_chown - in some NFSv4 setups *seemes* to be an issue with
- chown(<exim-uid>, <exim-gid>).
-@@ -634,8 +690,8 @@ exim_chown(const uschar *name, uid_t owner, gid_t group)
- return chown(CCS name, owner, group)
-   ? exim_chown_failure(-1, name, owner, group) : 0;
- }
--
- #endif	/* !MACRO_PREDEF && !COMPILE_UTILITY */
-+
- /******************************************************************************/
- /* String functions */
- 
-diff --git src/globals.c src/globals.c
-index 85a25a7f2..72449229e 100644
---- src/globals.c
-+++ src/globals.c
-@@ -311,6 +311,7 @@ struct global_flags f =
- 	.synchronous_delivery   = FALSE,
- 	.system_filtering       = FALSE,
- 
-+	.taint_check_slow       = FALSE,
- 	.tcp_fastopen_ok        = FALSE,
- 	.tcp_in_fastopen        = FALSE,
- 	.tcp_in_fastopen_data   = FALSE,
-diff --git src/globals.h src/globals.h
-index ca342acc2..ac7bb8ef3 100644
---- src/globals.h
-+++ src/globals.h
-@@ -272,6 +272,7 @@ extern struct global_flags {
-  BOOL   synchronous_delivery		:1; /* TRUE if -odi is set */
-  BOOL   system_filtering		:1; /* TRUE when running system filter */
- 
-+ BOOL   taint_check_slow		:1; /* malloc/mmap are not returning distinct ranges */
-  BOOL   tcp_fastopen_ok			:1; /* appears to be supported by kernel */
-  BOOL   tcp_in_fastopen			:1; /* conn usefully used fastopen */
-  BOOL   tcp_in_fastopen_data		:1; /* fastopen carried data */
-diff --git src/mytypes.h src/mytypes.h
-index ceb9f1b55..e31ee8c1a 100644
---- src/mytypes.h
-+++ src/mytypes.h
-@@ -100,19 +100,15 @@ functions that are called quite often; for other calls to external libraries
- #define Uread(f,b,l)       read(f,CS(b),l)
- #define Urename(s,t)       rename(CCS(s),CCS(t))
- #define Ustat(s,t)         stat(CCS(s),t)
--#define Ustrcat(s,t)       __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__)
- #define Ustrchr(s,n)       US strchr(CCS(s),n)
- #define CUstrchr(s,n)      CUS strchr(CCS(s),n)
- #define CUstrerror(n)      CUS strerror(n)
- #define Ustrcmp(s,t)       strcmp(CCS(s),CCS(t))
--#define Ustrcpy(s,t)       __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__)
- #define Ustrcpy_nt(s,t)    strcpy(CS s, CCS t)		/* no taint check */
- #define Ustrcspn(s,t)      strcspn(CCS(s),CCS(t))
- #define Ustrftime(s,m,f,t) strftime(CS(s),m,f,t)
- #define Ustrlen(s)         (int)strlen(CCS(s))
--#define Ustrncat(s,t,n)    __Ustrncat(s, CUS(t),n, __FUNCTION__, __LINE__)
- #define Ustrncmp(s,t,n)    strncmp(CCS(s),CCS(t),n)
--#define Ustrncpy(s,t,n)    __Ustrncpy(s, CUS(t),n, __FUNCTION__, __LINE__)
- #define Ustrncpy_nt(s,t,n) strncpy(CS s, CCS t, n)	/* no taint check */
- #define Ustrpbrk(s,t)      strpbrk(CCS(s),CCS(t))
- #define Ustrrchr(s,n)      US strrchr(CCS(s),n)
-@@ -125,57 +121,17 @@ functions that are called quite often; for other calls to external libraries
- #define Ustrtoul(s,t,b)    strtoul(CCS(s),CSS(t),b)
- #define Uunlink(s)         unlink(CCS(s))
- 
--extern void die_tainted(const uschar *, const uschar *, int);
--
--/* Predicate: if an address is in a tainted pool.
--By extension, a variable pointing to this address is tainted.
--*/
--
--static inline BOOL
--is_tainted(const void * p)
--{
--#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF)
--return FALSE;
--
--#elif defined(TAINT_CHECK_SLOW)
--extern BOOL is_tainted_fn(const void *);
--return is_tainted_fn(p);
--
-+#ifdef EM_VERSION_C
-+# define Ustrcat(s,t)       strcat(CS(s), CCS(t))
-+# define Ustrcpy(s,t)       strcpy(CS(s), CCS(t))
-+# define Ustrncat(s,t,n)    strncat(CS(s), CCS(t), n)
-+# define Ustrncpy(s,t,n)    strncpy(CS(s), CCS(t), n)
- #else
--extern void * tainted_base, * tainted_top;
--return p >= tainted_base && p < tainted_top;
--#endif
--}
--
--static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line)
--{
--#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
--if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line);
--#endif
--return US strcat(CS dst, CCS src);
--}
--static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line)
--{
--#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
--if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line);
--#endif
--return US strcpy(CS dst, CCS src);
--}
--static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line)
--{
--#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
--if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line);
--#endif
--return US strncat(CS dst, CCS src, n);
--}
--static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line)
--{
--#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
--if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line);
-+# define Ustrcat(s,t)       __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__)
-+# define Ustrcpy(s,t)       __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__)
-+# define Ustrncat(s,t,n)    __Ustrncat(s, CUS(t), n, __FUNCTION__, __LINE__)
-+# define Ustrncpy(s,t,n)    __Ustrncpy(s, CUS(t), n, __FUNCTION__, __LINE__)
- #endif
--return US strncpy(CS dst, CCS src, n);
--}
--/*XXX will likely need unchecked copy also */
- 
- #endif
- /* End of mytypes.h */
-diff --git src/store.c src/store.c
-index a06e1c19a..692a993e9 100644
---- src/store.c
-+++ src/store.c
-@@ -162,8 +162,14 @@ static void   internal_tainted_free(storeblock *, const char *, int linenumber);
- 
- /******************************************************************************/
- 
--/* Slower version check, for use when platform intermixes malloc and mmap area
--addresses. */
-+/* Test if a pointer refers to tainted memory.
-+
-+Slower version check, for use when platform intermixes malloc and mmap area
-+addresses. Test against the current-block of all tainted pools first, then all
-+blocks of all tainted pools.
-+
-+Return: TRUE iff tainted
-+*/
- 
- BOOL
- is_tainted_fn(const void * p)
-@@ -171,23 +177,20 @@ is_tainted_fn(const void * p)
- storeblock * b;
- int pool;
- 
--for (pool = 0; pool < nelem(chainbase); pool++)
-+for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
-   if ((b = current_block[pool]))
-     {
--    char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
--    if (CS p >= bc && CS p <= bc + b->length) goto hit;
-+    uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
-+    if (US p >= bc && US p <= bc + b->length) return TRUE;
-     }
- 
--for (pool = 0; pool < nelem(chainbase); pool++)
-+for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
-   for (b = chainbase[pool]; b; b = b->next)
-     {
--    char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
--    if (CS p >= bc && CS p <= bc + b->length) goto hit;
-+    uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
-+    if (US p >= bc && US p <= bc + b->length) return TRUE;
-     }
- return FALSE;
--
--hit:
--return pool >= POOL_TAINT_BASE;
- }
- 
- 
-@@ -198,6 +201,13 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n",
- 	msg, func, line);
- }
- 
-+static void
-+use_slow_taint_check(void)
-+{
-+DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n");
-+f.taint_check_slow = TRUE;
-+}
-+
- 
- /*************************************************
- *       Get a block from the current pool        *
-@@ -820,6 +830,14 @@ if (!(yield = malloc((size_t)size)))
-   log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: "
-     "called from line %d in %s", size, linenumber, func);
- 
-+/* If malloc ever returns apparently tainted memory, which glibc
-+malloc will as it uses mmap for larger requests, we must switch to
-+the slower checking for tainting (checking an address against all
-+the tainted pool block spans, rather than just the mmap span) */
-+
-+if (!f.taint_check_slow && is_tainted(yield))
-+  use_slow_taint_check();
-+
- return store_alloc_tail(yield, size, func, linenumber, US"Malloc");
- }
- 
--- 
-2.24.1
-
diff --git a/mail/exim/files/74_23-Fix-taint-hybrid-checking-on-BSD.patch b/mail/exim/files/74_23-Fix-taint-hybrid-checking-on-BSD.patch
deleted file mode 100644
index 792bf757e144..000000000000
--- a/mail/exim/files/74_23-Fix-taint-hybrid-checking-on-BSD.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From ccf4e2396b27b519174aa79552e61d11aafbdc36 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Fri, 17 Jan 2020 21:55:11 +0000
-Subject: [PATCH 23/23] Fix taint hybrid-checking on BSD
-
-(cherry-picked from commit 677481d4fc)
-Broken-by: 1ccd26e242
----
- src/store.c | 26 ++++++++++++++++++++++----
- 1 file changed, 22 insertions(+), 4 deletions(-)
-
-diff --git src/store.c src/store.c
-index 692a993e9..6118ef28d 100644
---- src/store.c
-+++ src/store.c
-@@ -175,16 +175,15 @@ BOOL
- is_tainted_fn(const void * p)
- {
- storeblock * b;
--int pool;
- 
--for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
-+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
-   if ((b = current_block[pool]))
-     {
-     uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
-     if (US p >= bc && US p <= bc + b->length) return TRUE;
-     }
- 
--for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
-+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
-   for (b = chainbase[pool]; b; b = b->next)
-     {
-     uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
-@@ -204,10 +203,28 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n",
- static void
- use_slow_taint_check(void)
- {
-+#ifndef COMPILE_UTILITY
- DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n");
-+#endif
- f.taint_check_slow = TRUE;
- }
- 
-+static void
-+verify_all_untainted(void)
-+{
-+for (int pool = 0; pool < POOL_TAINT_BASE; pool++)
-+  for (storeblock * b = chainbase[pool]; b; b = b->next)
-+    {
-+    uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
-+    if (is_tainted(bc))
-+      {
-+      use_slow_taint_check();
-+      return;
-+      }
-+    }
-+}
-+
-+
- 
- /*************************************************
- *       Get a block from the current pool        *
-@@ -740,7 +757,7 @@ int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
- BOOL release_ok = !tainted && store_last_get[pool] == block;
- uschar * newtext;
- 
--#ifndef MACRO_PREDEF
-+#if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
- if (is_tainted(block) != tainted)
-   die_tainted(US"store_newblock", CUS func, linenumber);
- #endif
-@@ -799,6 +816,7 @@ if (!(yield = mmap(NULL, (size_t)size,
- 
- if (yield < tainted_base) tainted_base = yield;
- if ((top = US yield + size) > tainted_top) tainted_top = top;
-+if (!f.taint_check_slow) use_slow_taint_check();
- 
- return store_alloc_tail(yield, size, func, line, US"Mmap");
- }
--- 
-2.24.1
-
diff --git a/mail/exim/files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch b/mail/exim/files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch
deleted file mode 100644
index 2a0f74fe0fe6..000000000000
--- a/mail/exim/files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 4ce411ffa737df738e18e1e7b008ad3d3ac5c398 Mon Sep 17 00:00:00 2001
-From: Brian Foley <bpfoley@google.com>
-Date: Sat, 25 Jan 2020 15:27:49 +0000
-Subject: [PATCH 24/25] TFO: even in binary built for modern Linux, handle
- error returned by old Linux kernel.  Bug 2518
-
-(cherry picked from commit c3da38a12a2372a7f6a48be97ebfd80aeceda828)
----
- src/ip.c | 40 +++++++++++++++++++++++-----------------
- 1 file changed, 23 insertions(+), 17 deletions(-)
-
-diff --git src/ip.c src/ip.c
-index 70e3e2064..43ca6a1c9 100644
---- src/ip.c
-+++ src/ip.c
-@@ -269,28 +269,34 @@ if (fastopen_blob && f.tcp_fastopen_ok)
-     /*XXX also seen on successful TFO, sigh */
-     tcp_out_fastopen = fastopen_blob->len > 0 ?  TFO_ATTEMPTED_DATA : TFO_ATTEMPTED_NODATA;
-     }
--  else if (errno == EINPROGRESS)	/* expected if we had no cookie for peer */
-+  else switch (errno)
-+    {
-+    case EINPROGRESS:	/* expected if we had no cookie for peer */
- 	/* seen for no-data, proper TFO option, both cookie-request and with-cookie cases */
- 	/*  apparently no visibility of the diffference at this point */
- 	/* seen for with-data, proper TFO opt, cookie-req */
- 	/*   with netwk delay, post-conn tcp_info sees unacked 1 for R, 2 for C; code in smtp_out.c */
- 	/* ? older Experimental TFO option behaviour ? */
--    {					/* queue unsent data */
--    DEBUG(D_transport|D_v) debug_printf(" TFO mode sendto, %s data: EINPROGRESS\n",
--      fastopen_blob->len > 0 ? "with"  : "no");
--    if (!fastopen_blob->data)
--      {
--      tcp_out_fastopen = TFO_ATTEMPTED_NODATA;		/* we tried; unknown if useful yet */
--      rc = 0;
--      }
--    else
--      rc = send(sock, fastopen_blob->data, fastopen_blob->len, 0);
--    }
--  else if(errno == EOPNOTSUPP)
--    {
--    DEBUG(D_transport)
--      debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n");
--    goto legacy_connect;
-+      DEBUG(D_transport|D_v) debug_printf(" TFO mode sendto, %s data: EINPROGRESS\n",
-+	fastopen_blob->len > 0 ? "with"  : "no");
-+      if (!fastopen_blob->data)
-+	{
-+	tcp_out_fastopen = TFO_ATTEMPTED_NODATA;		/* we tried; unknown if useful yet */
-+	rc = 0;
-+	}
-+      else					/* queue unsent data */
-+	rc = send(sock, fastopen_blob->data, fastopen_blob->len, 0);
-+      break;
-+
-+    case EOPNOTSUPP:
-+      DEBUG(D_transport)
-+	debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n");
-+      goto legacy_connect;
-+
-+    case EPIPE:
-+      DEBUG(D_transport)
-+	debug_printf("Tried TCP Fast Open but kernel too old to support it\n");
-+      goto legacy_connect;
-     }
- # endif
- # ifdef EXIM_TFO_CONNECTX
--- 
-2.24.1
-
diff --git a/mail/exim/files/74_25-Taint-slow-mode-checking-only.patch b/mail/exim/files/74_25-Taint-slow-mode-checking-only.patch
deleted file mode 100644
index a2ea80741eba..000000000000
--- a/mail/exim/files/74_25-Taint-slow-mode-checking-only.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-From 69b2f92c0b5da548eaafe4813319f4647fa9c19a Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 30 Jan 2020 11:38:30 +0000
-Subject: [PATCH 25/25] Taint: slow-mode checking only
-
-(cherry-picked from 4381d60bc9)
----
- doc/ChangeLog | 10 +++-------
- src/functions.h   |  5 +----
- src/store.c       | 43 -------------------------------------------
- 3 files changed, 4 insertions(+), 54 deletions(-)
-
-diff --git doc/ChangeLog doc/ChangeLog
-index 508b8fa49..be7ec2a8e 100644
---- doc/ChangeLog
-+++ doc/ChangeLog
-@@ -59,13 +59,9 @@ JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it
-       buffer was in use at the time.  Change to a compile-time increase in the
-       buffer size, when this authenticator is compiled into exim.
- 
--JH/22 Taint checking: move to a hybrid approach for checking.  Previously, one
--      of two ways was used, depending on a build-time flag.  The fast method
--      relied on assumptions about the OS and libc malloc, which were known to
--      not hold for the BSD-derived platforms, and discovered to not hold for
--      32-bit Linux either.  In fact the glibc documentation describes cases
--      where these assumptions do not hold.  The new implementation tests for
--      the situation arising and actively switches over from fast to safe mode.
-+JH/22 Taint-checking: move to safe-mode taint checking on all platforms.  The
-+      previous fast-mode was untenable in the face of glibs using mmap to
-+      support larger malloc requests.
- 
- 
- Exim version 4.93
-diff --git src/functions.h src/functions.h
-index 0b5905562..af633851b 100644
---- src/functions.h
-+++ src/functions.h
-@@ -616,10 +616,7 @@ return FALSE;
- 
- #else
- extern BOOL is_tainted_fn(const void *);
--extern void * tainted_base, * tainted_top;
--
--return f.taint_check_slow
--  ? is_tainted_fn(p) : p >= tainted_base && p < tainted_top;
-+return is_tainted_fn(p);
- #endif
- }
- 
-diff --git src/store.c src/store.c
-index 6118ef28d..c81744a7b 100644
---- src/store.c
-+++ src/store.c
-@@ -102,13 +102,6 @@ static storeblock *current_block[NPOOLS];
- static void *next_yield[NPOOLS];
- static int yield_length[NPOOLS] = { -1, -1, -1,  -1, -1, -1 };
- 
--/* The limits of the tainted pools.  Tracking these on new allocations enables
--a fast is_tainted implementation. We assume the kernel only allocates mmaps using
--one side or the other of data+heap, not both. */
--
--void * tainted_base = (void *)-1;
--void * tainted_top = (void *)0;
--
- /* pool_malloc holds the amount of memory used by the store pools; this goes up
- and down as store is reset or released. nonpool_malloc is the total got by
- malloc from other calls; this doesn't go down because it is just freed by
-@@ -200,30 +193,6 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n",
- 	msg, func, line);
- }
- 
--static void
--use_slow_taint_check(void)
--{
--#ifndef COMPILE_UTILITY
--DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n");
--#endif
--f.taint_check_slow = TRUE;
--}
--
--static void
--verify_all_untainted(void)
--{
--for (int pool = 0; pool < POOL_TAINT_BASE; pool++)
--  for (storeblock * b = chainbase[pool]; b; b = b->next)
--    {
--    uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
--    if (is_tainted(bc))
--      {
--      use_slow_taint_check();
--      return;
--      }
--    }
--}
--
- 
- 
- /*************************************************
-@@ -814,10 +783,6 @@ if (!(yield = mmap(NULL, (size_t)size,
-   log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to mmap %d bytes of memory: "
-     "called from line %d of %s", size, line, func);
- 
--if (yield < tainted_base) tainted_base = yield;
--if ((top = US yield + size) > tainted_top) tainted_top = top;
--if (!f.taint_check_slow) use_slow_taint_check();
--
- return store_alloc_tail(yield, size, func, line, US"Mmap");
- }
- 
-@@ -848,14 +813,6 @@ if (!(yield = malloc((size_t)size)))
-   log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: "
-     "called from line %d in %s", size, linenumber, func);
- 
--/* If malloc ever returns apparently tainted memory, which glibc
--malloc will as it uses mmap for larger requests, we must switch to
--the slower checking for tainting (checking an address against all
--the tainted pool block spans, rather than just the mmap span) */
--
--if (!f.taint_check_slow && is_tainted(yield))
--  use_slow_taint_check();
--
- return store_alloc_tail(yield, size, func, linenumber, US"Malloc");
- }
- 
--- 
-2.24.1
-
diff --git a/mail/exim/files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch b/mail/exim/files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch
deleted file mode 100644
index 0a21347a8b3f..000000000000
--- a/mail/exim/files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 59bcc75f56ffeb9fa220f1eb53d45bf254258ac7 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 13 Feb 2020 14:08:31 +0000
-Subject: [PATCH 26/27] Auths: fix cyrus-sasl driver for gssapi use.  Bug 2524
-
-Broken-by: c0fb53b74e
-Cherry-picked from: 5c329a4388
----
- doc/ChangeLog      | 6 ++++++
- src/auths/cyrus_sasl.c | 6 +++---
- 2 files changed, 9 insertions(+), 3 deletions(-)
-
-diff --git doc/ChangeLog doc/ChangeLog
-index be7ec2a8e..97fe878dc 100644
---- doc/ChangeLog
-+++ doc/ChangeLog
-@@ -63,6 +63,12 @@ JH/22 Taint-checking: move to safe-mode taint checking on all platforms.  The
-       previous fast-mode was untenable in the face of glibs using mmap to
-       support larger malloc requests.
- 
-+JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage.  A previous fix
-+      had introduced a string-copy (for ensuring NUL-termination) which was not
-+      appropriate for that case, which can include embedded NUL bytes in the
-+      block of data.  Investigation showed the copy to actually be needless, the
-+      data being length-specified.
-+
- 
- Exim version 4.93
- -----------------
-diff --git src/auths/cyrus_sasl.c src/auths/cyrus_sasl.c
-index 480010bab..19416a1bb 100644
---- src/auths/cyrus_sasl.c
-+++ src/auths/cyrus_sasl.c
-@@ -347,10 +347,10 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; )
-     }
-   else
-     {
--    /* make sure that we have a null-terminated string */
--    out2 = string_copyn(output, outlen);
-+    /* auth_get_data() takes a length-specfied block of binary
-+    which can include zeroes; no terminating NUL is needed */
- 
--    if ((rc = auth_get_data(&input, out2, outlen)) != OK)
-+    if ((rc = auth_get_data(&input, output, outlen)) != OK)
-       {
-       /* we couldn't get the data, so free up the library before
-        * returning whatever error we get */
--- 
-2.24.1
-
diff --git a/mail/exim/files/74_27-GnuTLS-fix-hanging-callout-connections.patch b/mail/exim/files/74_27-GnuTLS-fix-hanging-callout-connections.patch
deleted file mode 100644
index 82f3d749c795..000000000000
--- a/mail/exim/files/74_27-GnuTLS-fix-hanging-callout-connections.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 26b045604bd574a6d93868ed437c08503c67d289 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 13 Feb 2020 16:52:52 +0000
-Subject: [PATCH 27/27] GnuTLS: fix hanging callout connections
-
-Broken-by: 925ac8e4f1
-Cherry-picked from: bd95ffc2ba
----
- doc/ChangeLog |  5 +++++
- src/tls-gnu.c     | 11 +++++++----
- 2 files changed, 12 insertions(+), 4 deletions(-)
-
-diff --git doc/ChangeLog doc/ChangeLog
-index 97fe878dc..d9833c8e1 100644
---- doc/ChangeLog
-+++ doc/ChangeLog
-@@ -69,6 +69,11 @@ JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage.  A previous fix
-       block of data.  Investigation showed the copy to actually be needless, the
-       data being length-specified.
- 
-+JH/25 Fix use of concurrent TLS connections under GnuTLS.  When a callout was
-+      done during a receiving connection, and both used TLS, global info was
-+      used rather than per-connection info for tracking the state of data
-+      queued for transmission.  This could result in a connection hang.
-+
- 
- Exim version 4.93
- -----------------
-diff --git src/tls-gnu.c src/tls-gnu.c
-index fc426a251..574dcafd9 100644
---- src/tls-gnu.c
-+++ src/tls-gnu.c
-@@ -181,6 +181,10 @@ typedef struct exim_gnutls_state {
-   BOOL			peer_dane_verified;
-   BOOL			trigger_sni_changes;
-   BOOL			have_set_peerdn;
-+#ifdef SUPPORT_CORK
-+  BOOL			corked:1;
-+#endif
-+
-   const struct host_item *host;		/* NULL if server */
-   gnutls_x509_crt_t	peercert;
-   uschar		*peerdn;
-@@ -3309,9 +3313,8 @@ ssize_t outbytes;
- size_t left = len;
- exim_gnutls_state_st * state = ct_ctx ? ct_ctx : &state_server;
- #ifdef SUPPORT_CORK
--static BOOL corked = FALSE;
- 
--if (more && !corked) gnutls_record_cork(state->session);
-+if (more && !state->corked) gnutls_record_cork(state->session);
- #endif
- 
- DEBUG(D_tls) debug_printf("%s(%p, " SIZE_T_FMT "%s)\n", __FUNCTION__,
-@@ -3352,10 +3355,10 @@ if (len > INT_MAX)
-   }
- 
- #ifdef SUPPORT_CORK
--if (more != corked)
-+if (more != state->corked)
-   {
-   if (!more) (void) gnutls_record_uncork(state->session, 0);
--  corked = more;
-+  state->corked = more;
-   }
- #endif
- 
--- 
-2.24.1
-
diff --git a/mail/exim/files/POST-INSTALL-NOTES b/mail/exim/files/POST-INSTALL-NOTES
index cad6bf300ac5..2ff6ce5af54e 100644
--- a/mail/exim/files/POST-INSTALL-NOTES
+++ b/mail/exim/files/POST-INSTALL-NOTES
@@ -1,3 +1,6 @@
+[
+{ type: install
+  message: <<EOM
 The following documentation has been installed:
 
   man exim                              -> Exim options (command line)
@@ -40,3 +43,6 @@ You may also want to configure newsyslog(8) to rotate Exim log files:
 Additional scripts to help upgrading are installed in:
 
   %%EXAMPLESDIR%%
+EOM
+}
+]
diff --git a/mail/exim/files/POST-INSTALL-NOTES.clamd b/mail/exim/files/POST-INSTALL-NOTES.clamd
index 209fb1cde157..6837b29ae34f 100644
--- a/mail/exim/files/POST-INSTALL-NOTES.clamd
+++ b/mail/exim/files/POST-INSTALL-NOTES.clamd
@@ -1,3 +1,6 @@
+[
+{ type: install
+  message: <<EOM
 The following steps will enable clamd malware scanning using exiscan ACLs.
 It is important to follow them in sequence.
 
@@ -44,3 +47,6 @@ It is important to follow them in sequence.
 
 Sheldon Hearn <sheldonh@FreeBSD.org>
 
+EOM
+}
+]
diff --git a/mail/exim/files/patch-src-auths-call_radius.c b/mail/exim/files/patch-src-auths-call_radius.c
index 59485b0c1d96..8b6b7de07a4e 100644
--- a/mail/exim/files/patch-src-auths-call_radius.c
+++ b/mail/exim/files/patch-src-auths-call_radius.c
@@ -1,6 +1,6 @@
---- src/auths/call_radius.c.orig	2019-12-08 12:53:48 UTC
-+++ src/auths/call_radius.c
-@@ -112,37 +112,37 @@ rc_openlog("exim");
+--- src/auths/call_radius.c.orig	2020-05-30 22:35:38.000000000 +0200
++++ src/auths/call_radius.c	2020-06-01 19:54:14.402105000 +0200
+@@ -113,37 +113,37 @@
  
  #ifdef RADIUS_LIB_RADIUSCLIENT
  if (rc_read_config(RADIUS_CONFIG_FILE) != 0)
@@ -8,65 +8,65 @@
 +  *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE);
  
  else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
--  *errptr = string_sprintf("RADIUS: can't read dictionary");
+-  *errptr = US"RADIUS: can't read dictionary";
 +  *errptr = string_sprintf("%s", "RADIUS: can't read dictionary");
  
- else if (rc_avpair_add(&send, PW_USER_NAME, user, 0) == NULL)
--  *errptr = string_sprintf("RADIUS: add user name failed\n");
+ else if (!rc_avpair_add(&send, PW_USER_NAME, user, 0))
+-  *errptr = US"RADIUS: add user name failed";
 +  *errptr = string_sprintf("%s", "RADIUS: add user name failed\n");
  
- else if (rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0) == NULL)
--  *errptr = string_sprintf("RADIUS: add password failed\n");
+ else if (!rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0))
+-  *errptr = US"RADIUS: add password failed");
 +  *errptr = string_sprintf("%s", "RADIUS: add password failed\n");
  
- else if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0) == NULL)
--  *errptr = string_sprintf("RADIUS: add service type failed\n");
+ else if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0))
+-  *errptr = US"RADIUS: add service type failed";
 +  *errptr = string_sprintf("%s", "RADIUS: add service type failed\n");
  
  #else  /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */
  
- if ((h = rc_read_config(RADIUS_CONFIG_FILE)) == NULL)
+ if (!(h = rc_read_config(RADIUS_CONFIG_FILE)))
 -  *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
 +  *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE);
  
  else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0)
--  *errptr = string_sprintf("RADIUS: can't read dictionary");
+-  *errptr = US"RADIUS: can't read dictionary";
 +  *errptr = string_sprintf("%s", "RADIUS: can't read dictionary");
  
- else if (rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0) == NULL)
--  *errptr = string_sprintf("RADIUS: add user name failed\n");
+ else if (!rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0))
+-  *errptr = US"RADIUS: add user name failed";
 +  *errptr = string_sprintf("%s", "RADIUS: add user name failed\n");
  
- else if (rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args,
-     Ustrlen(radius_args), 0) == NULL)
--  *errptr = string_sprintf("RADIUS: add password failed\n");
+ else if (!rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args,
+     Ustrlen(radius_args), 0))
+-  *errptr = US"RADIUS: add password failed";
 +  *errptr = string_sprintf("%s", "RADIUS: add password failed\n");
  
- else if (rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0) == NULL)
--  *errptr = string_sprintf("RADIUS: add service type failed\n");
+ else if (!rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0))
+-  *errptr = US"RADIUS: add service type failed";
 +  *errptr = string_sprintf("%s", "RADIUS: add service type failed\n");
  
  #endif  /* RADIUS_LIB_RADIUSCLIENT */
  
-@@ -175,7 +175,7 @@ switch (result)
+@@ -176,7 +176,7 @@
  
-   default:
    case BADRESP_RC:
--  *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
-+  *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result);
-   return ERROR;
+   default:
+-    *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
++    *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result);
+     return ERROR;
    }
  
-@@ -186,7 +186,7 @@ switch (result)
- h = rad_auth_open();
- if (h == NULL)
+@@ -186,7 +186,7 @@
+ 
+ if (!(h = rad_auth_open()))
    {
 -  *errptr = string_sprintf("RADIUS: can't initialise libradius");
 +  *errptr = string_sprintf("%s", "RADIUS: can't initialise libradius");
    return ERROR;
    }
  if (rad_config(h, RADIUS_CONFIG_FILE) != 0 ||
-@@ -196,7 +196,7 @@ if (rad_config(h, RADIUS_CONFIG_FILE) != 0 ||
+@@ -196,7 +196,7 @@
      rad_put_int(h, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY) != 0 ||
      rad_put_string(h, RAD_NAS_IDENTIFIER, CS primary_hostname) != 0)
    {
@@ -75,18 +75,18 @@
    result = ERROR;
    }
  else
-@@ -214,12 +214,12 @@ else
-     break;
+@@ -211,12 +211,12 @@
+       break;
  
      case -1:
--    *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
-+    *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h));
-     result = ERROR;
-     break;
+-      *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
++      *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h));
+       result = ERROR;
+       break;
  
      default:
--    *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
-+    *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result);
-     result= ERROR;
-     break;
+-      *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
++      *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result);
+       result= ERROR;
+       break;
      }