mail/exim: update to 4.94.2 security release

  * New upstream security release.
    + Release based on +fixes branch.
    + Fixes multiple security vulnerabilities reported by Qualys and adds
      related robustness improvements. (Special thanks to Heiko)
      CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
      CVE-2020-28007: Link attack in Exim's log directory
      CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
      CVE-2020-28012: Missing close-on-exec flag for privileged pipe
      CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
      CVE-2020-28009: Integer overflow in get_stdinput()
      CVE-2020-28015, CVE-28021: New-line injection into spool header file
      CVE-2020-28026: Line truncation and injection in spool_read_header()
      CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
      CVE-2020-28017: Integer overflow in receive_add_recipient()
      CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
      CVE-2020-28011: Heap buffer overflow in queue_run()
      CVE-2020-28010: Heap out-of-bounds write in main()
      CVE-2020-28018: Use-after-free in tls-openssl.c
      CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
      CVE-2020-28014, CVE-2021-27216: PID file handling
      CVE-2020-28008: Assorted attacks in Exim's spool directory
      CVE-2020-28019: Failure to reset function pointer after BDAT error
  * Incorporate debian patches to turn taint failures into warnings.

1 files changed, 29 insertions, 2 deletions

diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index 03104b5be175..b66114db3c6b 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	exim
 PORTVERSION?=	${EXIM_VERSION}
-PORTREVISION?=	5
+PORTREVISION?=	0
 CATEGORIES=	mail
 MASTER_SITES=	EXIM:exim
 MASTER_SITE_SUBDIR=	/exim4/:exim \
@@ -65,6 +65,33 @@ SPF_LIB_DEPENDS=	libspf2.so:mail/libspf2
 SQLITE_LIB_DEPENDS=	libicudata.so:devel/icu
 SQLITE_USES=	pkgconfig sqlite
 
+TAINTWARN_PATCHES_PREFIX=	${FILESDIR}/debian/75
+TAINTWARN_EXTRA_PATCHES= \
+		${TAINTWARN_PATCHES_PREFIX}_01-Introduce-main-config-option-allow_insecure_tainted_.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_02-search.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_03-dbstuff.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_04-acl.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_05-parse.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_06-rda.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_07-appendfile.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_08-autoreply.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_09-pipe.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_10-deliver.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_11-directory.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_12-expand.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_13-lf_sqlperform.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_14-rf_get_transport.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_15-deliver.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_16-smtp_out.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_17-smtp.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_18-update-doc.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_21-tidy-log.c.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_22-Silence-compiler.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_24-Silence-the-compiler.patch:-p1 \
+		${TAINTWARN_PATCHES_PREFIX}_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch:-p1
+
 .include <bsd.port.options.mk>
 
 # OCSP is supported for openssl only
@@ -104,7 +131,7 @@ EXTRA_PATCHES+=	${FILESDIR}/extra-patch-Local-sa-exim.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-Local-sa-exim.conf
 .endif
 
-EXIM_VERSION=	4.94
+EXIM_VERSION=	4.94.2
 SA_EXIM_VERSION=4.2.1
 EXIM_INSTALL_ARG+=	"-no_chown" "-no_symlink"
 EXTRA_PATCHES+=	`${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h`