mail/exim: port some critical upstream patches (+)

32-Fix-PAM-auth.-Bug-2813
35-Exiqgrep-check-arg-parsing.-Bug-2821
43-BSD-fix-resource-leak
45-Fix-bogus-error-message-copy.-Bug-2857
50-Fix-include_directory-in-redirect-routers.-Bug-2715
55-Specific-check-for-null-pointer

Thanks to:	ler (for runtime testing)

7 files changed, 287 insertions, 3 deletions

diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index 83bfb5aec983..9cd6deadcc29 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	exim
 PORTVERSION?=	${EXIM_VERSION}
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES=	mail
 MASTER_SITES=	EXIM:exim
 MASTER_SITE_SUBDIR=	/exim4/:exim \
@@ -68,8 +68,14 @@ SQLITE_USES=	pkgconfig sqlite
 DEBIAN_PATCHES_PREFIX=	${FILESDIR}/debian/75
 EXTRA_PATCHES= \
 		${DEBIAN_PATCHES_PREFIX}_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch:-p1 \
+		${DEBIAN_PATCHES_PREFIX}_32-Fix-PAM-auth.-Bug-2813.patch:-p1 \
+		${DEBIAN_PATCHES_PREFIX}_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch:-p1 \
 		${DEBIAN_PATCHES_PREFIX}_38-Convert-all-uses-of-select-to-poll.-Bug-2831.patch:-p1 \
-		${DEBIAN_PATCHES_PREFIX}_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch:-p1
+		${DEBIAN_PATCHES_PREFIX}_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch:-p1 \
+		${DEBIAN_PATCHES_PREFIX}_43-BSD-fix-resource-leak.patch:-p1 \
+		${DEBIAN_PATCHES_PREFIX}_45-Fix-bogus-error-message-copy.-Bug-2857.patch:-p1 \
+		${DEBIAN_PATCHES_PREFIX}_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch:-p1 \
+		${DEBIAN_PATCHES_PREFIX}_55-Specific-check-for-null-pointer.patch:-p1
 
 .include <bsd.port.options.mk>
 
@@ -327,7 +333,7 @@ SEDLIST+=	-e 's,XX_LDAP_[^ ]*_XX,,' \
 .endif
 
 .if ${PORT_OPTIONS:MBDB}
-INVALID_BDB_VER=	2 3
+INVALID_BDB_VER=	2 3 6 18
 DB_LIBS=	-L${BDB_LIB_DIR} -l${BDB_LIB_NAME}
 DB_INCLUDES=	-I${BDB_INCLUDE_DIR}
 .else
diff --git a/mail/exim/files/debian/75_32-Fix-PAM-auth.-Bug-2813.patch b/mail/exim/files/debian/75_32-Fix-PAM-auth.-Bug-2813.patch
new file mode 100644
index 000000000000..537bfed558d7
--- /dev/null
+++ b/mail/exim/files/debian/75_32-Fix-PAM-auth.-Bug-2813.patch
@@ -0,0 +1,25 @@
+From 51be321b27825c01829dffd90f11bfff256f7e42 Mon Sep 17 00:00:00 2001
+From: Adam Lackorzynski <adam@l4re.org>
+Date: Sat, 16 Oct 2021 16:30:07 +0100
+Subject: [PATCH] Fix PAM auth.  Bug 2813
+
+---
+ src/auths/call_pam.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/auths/call_pam.c b/src/auths/call_pam.c
+index 80bb23ec3..03b9be1a8 100644
+--- a/src/auths/call_pam.c
++++ b/src/auths/call_pam.c
+@@ -88,7 +88,7 @@ for (int i = 0; i < num_msg; i++)
+ 	arg = US"";
+ 	pam_arg_ended = TRUE;
+ 	}
+-      reply[i].resp = CS string_copy_malloc(arg); /* PAM frees resp */
++      reply[i].resp = strdup(CCS arg); /* Use libc malloc, PAM frees resp directly*/
+       reply[i].resp_retcode = PAM_SUCCESS;
+       break;
+ 
+-- 
+2.34.1
+
diff --git a/mail/exim/files/debian/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch b/mail/exim/files/debian/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch
new file mode 100644
index 000000000000..ec056eec9b79
--- /dev/null
+++ b/mail/exim/files/debian/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch
@@ -0,0 +1,25 @@
+From df618101a5ea15dc90c4a2968798ef2be9dba16f Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Mon, 18 Oct 2021 11:01:47 +0100
+Subject: [PATCH] Exiqgrep: check arg parsing.  Bug 2821
+
+---
+ src/exiqgrep.src | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/exiqgrep.src b/src/exiqgrep.src
+index c8762df47..04602da68 100644
+--- a/src/exiqgrep.src
++++ b/src/exiqgrep.src
+@@ -53,7 +53,7 @@ if ($ARGV[0] eq '--version') {
+         exit 0;
+ }
+ 
+-getopts('hf:r:y:o:s:C:zxlibRcaG:',\%opt);
++if (!getopts('hf:r:y:o:s:C:zxlibRcaG:',\%opt) { &help; exit;}
+ if ($ARGV[0]) { &help; exit;}
+ if ($opt{h}) { &help; exit;}
+ if ($opt{a}) { $eargs = '-bp'; }
+-- 
+2.34.1
+
diff --git a/mail/exim/files/debian/75_43-BSD-fix-resource-leak.patch b/mail/exim/files/debian/75_43-BSD-fix-resource-leak.patch
new file mode 100644
index 000000000000..0a624c30875c
--- /dev/null
+++ b/mail/exim/files/debian/75_43-BSD-fix-resource-leak.patch
@@ -0,0 +1,61 @@
+From c57309a50444d858c0a2dc1581846a850d78a9ad Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 11 Jan 2022 11:21:45 +0000
+Subject: [PATCH 077/151] BSD: fix resource leak
+
+---
+ doc/ChangeLog | 4 ++++
+ src/tls.c         | 9 +++++----
+
+diff --git a/doc/ChangeLog b/doc/ChangeLog
+index e7c7085f8..567399483 100644
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -65,6 +65,10 @@ JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
+ 
+ JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
+ 
++JH/15 Fix a resource leak in *BSD.  An off-by-one error resulted in the daemon
++      failing to close the certificates directory, every hour or any time it
++      was touched.
++
+ 
+ Exim version 4.95
+ -----------------
+diff --git a/src/tls.c b/src/tls.c
+index d5d11bcea..e6b1bf7a7 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -185,8 +185,8 @@ for (;;)
+     {
+     if ((fd1 = open(CCS filename, O_RDONLY | O_NOFOLLOW)) < 0)
+       { s = US"open file"; goto bad; }
+-    DEBUG(D_tls) debug_printf("watch file '%s'\n", filename);
+-    EV_SET(&kev[++kev_used],
++    DEBUG(D_tls) debug_printf("watch file '%s':\t%d\n", filename, fd1);
++    EV_SET(&kev[kev_used++],
+ 	(uintptr_t)fd1,
+ 	EVFILT_VNODE,
+ 	EV_ADD | EV_ENABLE | EV_ONESHOT,
+@@ -196,8 +196,8 @@ for (;;)
+ 	NULL);
+     cnt++;
+     }
+-  DEBUG(D_tls) debug_printf("watch dir  '%s'\n", s);
+-  EV_SET(&kev[++kev_used],
++  DEBUG(D_tls) debug_printf("watch dir  '%s':\t%d\n", s, fd2);
++  EV_SET(&kev[kev_used++],
+ 	(uintptr_t)fd2,
+ 	EVFILT_VNODE,
+ 	EV_ADD | EV_ENABLE | EV_ONESHOT,
+@@ -320,6 +320,7 @@ if (tls_watch_fd < 0) return;
+ /* Close the files we had open for kevent */
+ for (int i = 0; i < kev_used; i++)
+   {
++  DEBUG(D_tls) debug_printf("closing watch fd: %d\n", (int) kev[i].ident);
+   (void) close((int) kev[i].ident);
+   kev[i].ident = (uintptr_t)-1;
+   }
+-- 
+2.35.1
+
diff --git a/mail/exim/files/debian/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch b/mail/exim/files/debian/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch
new file mode 100644
index 000000000000..7a582781136d
--- /dev/null
+++ b/mail/exim/files/debian/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch
@@ -0,0 +1,38 @@
+From 7ad863f3819407559cd654639c25dcae427c190f Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun, 6 Feb 2022 19:00:26 +0000
+Subject: [PATCH] Fix bogus error message copy.  Bug 2857
+
+Broken-by: bb43acbd98
+---
+ src/parse.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/parse.c b/src/parse.c
+index 5bf97eab9..edbee2646 100644
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -1354,15 +1354,16 @@ for (;;)
+ 
+   if (special)
+     {
+-    uschar *ss = Ustrchr(s+1, ':') + 1;
++    uschar * ss = Ustrchr(s+1, ':') + 1; /* line after the special... */
+     if ((options & specopt) == specbit)
+       {
+       *error = string_sprintf("\"%.*s\" is not permitted", len, s);
+       return FF_ERROR;
+       }
+-    while (*ss && isspace(*ss)) ss++;
+-    while (s[len] && s[len] != '\n') len++;
+-    *error = string_copyn(ss, s + len - ss);
++    while (*ss && isspace(*ss)) ss++;	/* skip leading whitespace */
++    if ((len = Ustrlen(ss)) > 0)	/* ignore trailing newlines */
++      for (const uschar * t = ss + len - 1; t >= ss && *t == '\n'; t--) len--;
++    *error = string_copyn(ss, len);	/* becomes the error */
+     return special;
+     }
+ 
+-- 
+2.34.1
+
diff --git a/mail/exim/files/debian/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch b/mail/exim/files/debian/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch
new file mode 100644
index 000000000000..0344630e70b3
--- /dev/null
+++ b/mail/exim/files/debian/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch
@@ -0,0 +1,62 @@
+From 7f8394e7c983b1c199866fc6b1c14feb857b651d Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun, 13 Feb 2022 12:00:55 +0000
+Subject: [PATCH] Fix include_directory in redirect routers.  Bug 2715
+
+Broken-by: 10c50704c1
+---
+ doc/ChangeLog        | 5 +++++
+ src/parse.c              | 9 ++++++---
+ test/confs/0313              | 4 +++-
+ test/log/0313                | 2 ++
+ test/scripts/0000-Basic/0313 | 2 ++
+ 5 files changed, 18 insertions(+), 4 deletions(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -23,6 +23,11 @@ JH/15 Fix a resource leak in *BSD.  An off-by-one erro
+       failing to close the certificates directory, every hour or any time it
+       was touched.
+ 
++JH/18 Bug 2751: Fix include_directory in redirect routers.  Previously a
++      bad comparison between the option value and the name of the file to
++      be included was done, and a mismatch was wrongly identified.
++      4.88 to 4.95 are affected.
++
+ 
+ Exim version 4.95
+ -----------------
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -1422,11 +1422,13 @@
+     /* Check file name if required */
+ 
+     if (directory)
+       {
+       int len = Ustrlen(directory);
+-      uschar *p = filename + len;
++      uschar * p;
++      while (len > 0 && directory[len-1] == '/') len--;		/* ignore trailing '/' */
++      p = filename + len;
+ 
+       if (Ustrncmp(filename, directory, len) != 0 || *p != '/')
+         {
+         *error = string_sprintf("included file %s is not in directory %s",
+           filename, directory);
+@@ -1448,13 +1450,14 @@
+ 	}
+       while (*p)
+ 	{
+ 	uschar temp;
+ 	int fd2;
+-	uschar * q = p;
++	uschar * q = p + 1;		/* skip dividing '/' */
+ 
+-	while (*++p && *p != '/') ;
++	while (*q == '/') q++;		/* skip extra '/' */
++	while (*++p && *p != '/') ;	/* end of component */
+ 	temp = *p;
+ 	*p = '\0';
+ 
+ 	fd2 = exim_openat(fd, CS q, O_RDONLY|O_NOFOLLOW);
+ 	close(fd);
diff --git a/mail/exim/files/debian/75_55-Specific-check-for-null-pointer.patch b/mail/exim/files/debian/75_55-Specific-check-for-null-pointer.patch
new file mode 100644
index 000000000000..0d52bf5091a0
--- /dev/null
+++ b/mail/exim/files/debian/75_55-Specific-check-for-null-pointer.patch
@@ -0,0 +1,67 @@
+From b249717db8ced250a586385f06e61cf7107d5222 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 18 Feb 2022 15:45:37 +0000
+Subject: [PATCH] Specific check for null pointer
+
+---
+ src/smtp_out.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/src/smtp_out.c b/src/smtp_out.c
+index 608a781eb..fc1e6cecd 100644
+--- a/src/smtp_out.c
++++ b/src/smtp_out.c
+@@ -524,13 +524,21 @@ flush_buffer(smtp_outblock * outblock, int mode)
+ int rc;
+ int n = outblock->ptr - outblock->buffer;
+ BOOL more = mode == SCMD_MORE;
++client_conn_ctx * cctx;
+ 
+ HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n,
+   more ? " (more expected)" : "");
+ 
++if (!(cctx = outblock->cctx))
++  {
++  log_write(0, LOG_MAIN|LOG_PANIC, "null conn-context pointer");
++  errno = 0;
++  return FALSE;
++  }
++
+ #ifndef DISABLE_TLS
+-if (outblock->cctx->tls_ctx)
+-  rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more);
++if (cctx->tls_ctx)		/*XXX have seen a null cctx here, rvfy sending QUIT, hence check above */
++  rc = tls_write(cctx->tls_ctx, outblock->buffer, n, more);
+ else
+ #endif
+ 
+@@ -544,7 +552,7 @@ else
+     requirement: TFO with data can, in rare cases, replay the data to the
+     receiver. */
+ 
+-    if (  (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data))
++    if (  (cctx->sock = smtp_connect(outblock->conn_args, &early_data))
+        < 0)
+       return FALSE;
+     outblock->conn_args = NULL;
+@@ -552,7 +560,7 @@ else
+     }
+   else
+     {
+-    rc = send(outblock->cctx->sock, outblock->buffer, n,
++    rc = send(cctx->sock, outblock->buffer, n,
+ #ifdef MSG_MORE
+ 	      more ? MSG_MORE : 0
+ #else
+@@ -567,7 +575,7 @@ else
+     https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */
+ 
+     if (!more)
+-      setsockopt(outblock->cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off));
++      setsockopt(cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off));
+ #endif
+     }
+   }
+-- 
+2.34.1
+