mail/exim: update to 4.73

Most notably, this version fixes local exim -> root escalation,
CVE-2010-4345.

Port had also gained configurable knob for disabling -D option
and make variables TRUSTED_CONFIG_LIST and WHITELIST_D_MACROS
to fine tune the behaviour of options -C and -D.

New items are documented at
  ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.73
Changelog is available at
  ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.73

Security: e4fcf020-0447-11e0-becc-0022156e8794 / CVE-2010-4345
PR: 152963 [1], 153711 [2]
Submitted by: Alexander Wittig <alexander@wittig.name> [1]
Approved by: garga (mentor)

6 files changed, 92 insertions, 43 deletions

diff --git a/UPDATING b/UPDATING
index 1e7bf333760f..05ccd42617da 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,36 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20110107:
+  AFFECTS: users of mail/exim
+  AUTHOR: rea@FreeBSD.org
+
+  [POSSIBLE CONFIG BREAKAGE] The default value for system_filter_user
+  is now the Exim run-time user, instead of root.
+
+  [POSSIBLE CONFIG BREAKAGE] ALT_CONFIG_ROOT_ONLY is no longer
+  optional and is forced on.  This is mitigated by the new build
+  option TRUSTED_CONFIG_LIST which defines a list of configuration
+  files which are trusted; one per line. If a config file is owned
+  by root and matches a pathname in the list, then it may be invoked
+  by the Exim build-time user without Exim relinquishing root
+  privileges.
+
+  [POSSIBLE CONFIG BREAKAGE] The Exim user is no longer automatically
+  trusted to supply -D<Macro[=Value]> overrides on the command-line.
+  Going forward, we recommend using TRUSTED_CONFIG_LIST with shim
+  configs that include the main config.  As a transition mechanism,
+  we are temporarily providing a work-around: the new build option
+  WHITELIST_D_MACROS provides a colon-separated list of macro names
+  which may be overriden by the Exim run-time user.  The values of
+  these macros are constrained to the regex ^[A-Za-z0-9_/.-]*$
+  (which explicitly does allow for empty values).
+
+  Upgrading users are encouraged to fully study
+    ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.73
+  and
+    ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.73
+
 20110103:
   AFFECTS: users of textproc/libwpd and graphics/libwpg
   AUTHOR: fluffy@FreeBSD.org
diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index 2a83b8ec3d36..95109ff76d38 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -27,7 +27,7 @@ MAKE_JOBS_UNSAFE=	yes
 
 .include <bsd.port.pre.mk>
 
-.if defined(WITH_SA_EXIM) 
+.if defined(WITH_SA_EXIM)
 .if defined(WITH_KAS)
 IGNORE=		You cannot select both SA_EXIM and KAS options
 .endif
@@ -58,7 +58,7 @@ PLIST_SUB+=	SO_1024=""
 PLIST_SUB+=	SO_1024="@comment "
 .endif
 
-EXIM_VERSION=	4.72
+EXIM_VERSION=	4.73
 SA_EXIM_VERSION=4.2
 SO_1024_VERSION=3.2
 
@@ -449,9 +449,32 @@ PLIST_SUB+=	DAEMON="@comment "
 SEDLIST+=	-e 's,^\# (HAVE_IPV6=),\1,'
 .endif
 
+.if defined(WITH_DISABLE_D_OPT)
+SEDLIST+=	-e 's,^\# (DISABLE_D_OPTION=),\1,'
+.else
+.if defined(WHITELIST_D_MACROS)
+SEDLIST+=	-e 's,^\# (WHITELIST_D_MACROS=).*$$,\1=${WHITELIST_D_MACROS:S/,/\\,/g},'
+.endif
+.endif
+
+.if defined(TRUSTED_CONFIG_LIST)
+SEDLIST+=	-e 's,^\# (TRUSTED_CONFIG_LIST=).*$$,\1=${TRUSTED_CONFIG_LIST:S/,/\\,/g},'
+.endif
+
 DUMMY_LDFLAGS!=	${ECHO_CMD} ${LDFLAGS} | ${SED} -e 's|-Wl,-rpath|-Wl,-DUMMYrpath|g; s|-rpath|-Wl,-rpath|g; s|-DUMMYrpath|-rpath|g'
 
 pre-everything::
+	@${ECHO} 'Exim now drops privileges when alternate configuration'
+	@${ECHO} 'files are used.  You can set make variable TRUSTED_CONFIG_LIST'
+	@${ECHO} 'to specify the list of configuration files for which'
+	@${ECHO} 'root privileges will be retained.'
+	@${ECHO} ''
+	@${ECHO} 'You can whitelist some macros using the make variable'
+	@${ECHO} 'WHITELIST_D_MACROS.  This is useful if you are running'
+	@${ECHO} 'with DISABLE_D_OPT set, but macros whitelisting will be'
+	@${ECHO} 'removed in some future Exim release, so it is better'
+	@${ECHO} 'to use TRUSTED_CONFIG_LIST to set the list of trusted'
+	@${ECHO} 'configuration files.'
 .if empty(.MAKEFLAGS:M-s) && defined(WITH_WISHLIST)
 	@${ECHO} ''
 	@${ECHO} 'Included extra patches:'
diff --git a/mail/exim/Makefile.options b/mail/exim/Makefile.options
index ceadc83bb75c..25a46b4d92fa 100644
--- a/mail/exim/Makefile.options
+++ b/mail/exim/Makefile.options
@@ -14,7 +14,7 @@
 
 AUTH_CRAM_MD5	= "Enable CRAM-MD5 authentication mechanisms"
 AUTH_DOVECOT	= "Enable Dovecot authentication mechanisms"
-AUTH_PLAINTEXT	= "Enalbe plaintext authentication"
+AUTH_PLAINTEXT	= "Enable plaintext authentication"
 AUTH_SPA	= "Enable Secure Password Authentication"
 CDB		= "Enable CDB-style lookups"
 DAEMON		= "Install scripts to run as a daemon"
@@ -35,12 +35,13 @@ PASSWD		= "Enable /etc/passwd lookups"
 SUID		= "Install the exim binary suid root"
 TLS		= "Link against OpenSSL"
 
-ALT_CONFIG_PREFIX	= "Allow alternate configuration files"
+ALT_CONFIG_PREFIX	= "Restrict the set of configuration files"
 AUTH_RADIUS	= "Enable radius (RFC 2865) authentication"
 AUTH_SASL	= "Enable use of Cyrus SASL auth library"
 CONTENT_SCAN	= "Enable exiscan email content scanner"
 DCC		= "Enable DCC at ACL support via dccifd"
 DEBUG		= "Build with debugging symbols"
+DISABLE_D_OPT	= "Disable macros overrides using option -D"
 EXIMON		= "Build eximon monitor (require XFree86!)"
 KAS		= "Build with Kaspersky AntiSpam local scan"
 MYSQL		= "Link against libmysqlclient library"
@@ -65,6 +66,7 @@ ENABLED_OPTIONS+=	\
 		AUTH_SPA \
 		CDB \
 		DAEMON \
+		DISABLE_D_OPT \
 		DNSDB \
 		DSEARCH \
 		ICONV \
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index e513820f8f82..7c146c97c29c 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,9 +1,6 @@
-MD5 (exim/exim-4.72.tar.bz2) = ccc937b533568e5e8340f181a3b3d2ff
-SHA256 (exim/exim-4.72.tar.bz2) = 4299bc3dc84a82f5c94494006b49acba159ad8a1fe5dd647f7ee2f9bfe78920b
-SIZE (exim/exim-4.72.tar.bz2) = 1559031
-MD5 (exim/sa-exim-4.2.tar.gz) = ad76f73c6b3d01caa88078e3e622745a
+SHA256 (exim/exim-4.73.tar.bz2) = a78f4a153f36ad13acf7fb9a3a99c1bc785d38bd757553704c9590afcc00bfd6
+SIZE (exim/exim-4.73.tar.bz2) = 1592788
 SHA256 (exim/sa-exim-4.2.tar.gz) = 72e0a735547f18b05785e6c58a71d24623858f0f5234a5dc0e24cb453999e99a
 SIZE (exim/sa-exim-4.2.tar.gz) = 66575
-MD5 (exim/spamooborona1024-src-3.2.tar.gz) = f7d23edf02752633377b08b1f2c413d7
 SHA256 (exim/spamooborona1024-src-3.2.tar.gz) = ab22a430f3860460045f6b213c68c89700a0cd10cbb6c7a808ece326c53787ee
 SIZE (exim/spamooborona1024-src-3.2.tar.gz) = 8537
diff --git a/mail/exim/files/patch-src::EDITME b/mail/exim/files/patch-src::EDITME
index c11da9eb79a3..636f5dd0c09f 100644
--- a/mail/exim/files/patch-src::EDITME
+++ b/mail/exim/files/patch-src::EDITME
@@ -1,8 +1,5 @@
-
-$FreeBSD$
-
---- src/EDITME.orig	2008-07-26 00:23:25.000000000 +0400
-+++ src/EDITME	2009-11-14 19:28:32.000000000 +0300
+--- src/EDITME.orig	2010-12-26 21:17:23.000000000 +0300
++++ src/EDITME	2011-01-06 11:25:01.000000000 +0300
 @@ -100,7 +100,7 @@
  # /usr/local/sbin. The installation script will try to create this directory,
  # and any superior directories, if they do not exist.
@@ -21,16 +18,16 @@ $FreeBSD$
  
  # It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
  # In this case, Exim will use the first of them that exists when it is run.
-@@ -134,7 +134,7 @@
- # owner of a local mailbox.) Specifying these values as root is very strongly
- # discouraged.
+@@ -133,7 +133,7 @@
+ # deliveries. (Local deliveries run as various non-root users, typically as the
+ # owner of a local mailbox.) Specifying these values as root is not supported.
  
 -EXIM_USER=
 +EXIM_USER=ref:XX_EXIM_USER_XX
  
  # If you specify EXIM_USER as a name, this is looked up at build time, and the
  # uid number is built into the binary. However, you can specify that this
-@@ -155,7 +155,7 @@
+@@ -154,7 +154,7 @@
  # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
  # you want to use a group other than the default group for the given user.
  
@@ -39,7 +36,7 @@ $FreeBSD$
  
  # Many sites define a user called "exim", with an appropriate default group,
  # and use
-@@ -295,6 +295,7 @@
+@@ -294,6 +294,7 @@
  # LDAP_LIB_TYPE=OPENLDAP2
  # LDAP_LIB_TYPE=NETSCAPE
  # LDAP_LIB_TYPE=SOLARIS
@@ -47,7 +44,7 @@ $FreeBSD$
  
  # If you don't set any of these, Exim assumes the original University of
  # Michigan (OpenLDAP 1) library.
-@@ -321,8 +322,10 @@
+@@ -320,8 +321,10 @@
  # specified in INCLUDE. The settings below are just examples; -lpq is for
  # PostgreSQL, -lgds is for Interbase, -lsqlite3 is for SQLite.
  
@@ -60,7 +57,7 @@ $FreeBSD$
  
  
  #------------------------------------------------------------------------------
-@@ -333,7 +336,7 @@
+@@ -332,7 +335,7 @@
  # files are defaulted in the OS/Makefile-Default file, but can be overridden in
  # local OS-specific make files.
  
@@ -69,7 +66,7 @@ $FreeBSD$
  
  
  #------------------------------------------------------------------------------
-@@ -385,6 +388,7 @@
+@@ -403,6 +406,7 @@
  
  
  
@@ -77,7 +74,7 @@ $FreeBSD$
  ###############################################################################
  #                 THESE ARE THINGS YOU MIGHT WANT TO SPECIFY                  #
  ###############################################################################
-@@ -453,6 +457,7 @@
+@@ -470,6 +474,7 @@
  
  # ALT_CONFIG_PREFIX=/some/directory/
  # ALT_CONFIG_PREFIX=/some/directory/exim.conf-
@@ -85,7 +82,7 @@ $FreeBSD$
  
  
  #------------------------------------------------------------------------------
-@@ -507,7 +512,7 @@
+@@ -548,7 +553,7 @@
  # one that is set in the headers_charset option. The default setting is
  # defined by this setting:
  
@@ -94,7 +91,7 @@ $FreeBSD$
  
  # If you are going to make use of $header_xxx expansions in your configuration
  # file, or if your users are going to use them in filter files, and the normal
-@@ -592,7 +597,7 @@
+@@ -633,7 +638,7 @@
  # SUPPORT_TLS=yes
  
  # Uncomment this setting if you are using OpenSSL
@@ -103,7 +100,7 @@ $FreeBSD$
  
  # Uncomment these settings if you are using GnuTLS
  # USE_GNUTLS=yes
-@@ -643,7 +648,7 @@
+@@ -684,7 +689,7 @@
  # Once you have done this, "make install" will build the info files and
  # install them in the directory you have defined.
  
@@ -112,7 +109,7 @@ $FreeBSD$
  
  
  #------------------------------------------------------------------------------
-@@ -656,7 +661,7 @@
+@@ -697,7 +702,7 @@
  # %s. This will be replaced by one of the strings "main", "panic", or "reject"
  # to form the final file names. Some installations may want something like this:
  
@@ -121,7 +118,7 @@ $FreeBSD$
  
  # which results in files with names /var/log/exim_mainlog, etc. The directory
  # in which the log files are placed must exist; Exim does not try to create
-@@ -732,7 +737,7 @@
+@@ -773,7 +778,7 @@
  # that the local_scan API is made available by the linker. You may also need
  # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
  
@@ -130,19 +127,18 @@ $FreeBSD$
  
  
  #------------------------------------------------------------------------------
-@@ -824,13 +829,21 @@
- # library for TCP wrappers, so you probably need something like this:
+@@ -870,6 +875,8 @@
  #
- # USE_TCP_WRAPPERS=yes
--# CFLAGS=-O -I/usr/local/include
--# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
--#
-+CFLAGS=XX_CFLAGS_XX XX_SPF_FLAGS_XX XX_SRS_FLAGS_XX XX_SQLITE_FLAGS_XX
-+EXTRALIBS=XX_TCP_WRAPPERS_LIBS_XX XX_PAM_LIBS_XX XX_ICONV_LIBS_XX XX_SPF_LIBS_XX XX_SRS_LIBS_XX XX_RADIUS_LIBS_XX XX_SQLITE_LIBS_XX
-+
  # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
  # as well.
- 
++CFLAGS=XX_CFLAGS_XX XX_SPF_FLAGS_XX XX_SRS_FLAGS_XX XX_SQLITE_FLAGS_XX
++EXTRALIBS=XX_TCP_WRAPPERS_LIBS_XX XX_PAM_LIBS_XX XX_ICONV_LIBS_XX XX_SPF_LIBS_XX XX_SRS_LIBS_XX XX_RADIUS_LIBS_XX XX_SQLITE_LIBS_XX
+ #
+ # To use a name other than exim in the tcpwrappers config file,
+ # e.g. if you're running multiple daemons with different access lists,
+@@ -878,6 +885,14 @@
+ #
+ # TCP_WRAPPERS_DAEMON_NAME="exim"
  
 +# IPv6 is coming. Exim has experimental support that has been tried out on
 +# one or two OS. See the file README.IPV6 for the current status of this
@@ -152,10 +148,10 @@ $FreeBSD$
 +# HAVE_IPV6=YES
 +
 +
+ 
  #------------------------------------------------------------------------------
  # The default action of the exim_install script (which is run by "make
- # install") is to install the Exim binary with a unique name such as
-@@ -1097,7 +1110,7 @@
+@@ -1145,7 +1160,7 @@
  # (process id) to a file so that it can easily be identified. The path of the
  # file can be specified here. Some installations may want something like this:
  
diff --git a/mail/exim/options b/mail/exim/options
index b160f3e4d6aa..8f2083bdf22a 100644
--- a/mail/exim/options
+++ b/mail/exim/options
@@ -1,8 +1,8 @@
 OPTIONS+= \
-	 ALT_CONFIG_PREFIX "Allow alternate configuration files" off \
+	 ALT_CONFIG_PREFIX "Restrict the set of configuration files" off \
 	 AUTH_CRAM_MD5 "Enable CRAM-MD5 authentication mechanisms" on \
 	 AUTH_DOVECOT "Enable Dovecot authentication mechanisms" on \
-	 AUTH_PLAINTEXT "Enalbe plaintext authentication" on \
+	 AUTH_PLAINTEXT "Enable plaintext authentication" on \
 	 AUTH_RADIUS "Enable radius (RFC 2865) authentication" off \
 	 AUTH_SASL "Enable use of Cyrus SASL auth library" off \
 	 AUTH_SPA "Enable Secure Password Authentication" on \
@@ -11,6 +11,7 @@ OPTIONS+= \
 	 DAEMON "Install scripts to run as a daemon" on \
 	 DCC "Enable DCC at ACL support via dccifd" off \
 	 DEBUG "Build with debugging symbols" off \
+	 DISABLE_D_OPT "Disable macros overrides using option -D" on \
 	 DNSDB "Enable DNS-style lookups" on \
 	 DSEARCH "Enable directory-list lookups" on \
 	 EMBEDDED_PERL "Enable embedded Perl interpreter" on \
@@ -33,7 +34,7 @@ OPTIONS+= \
 	 READLINE "Enable readline(3) library" off \
 	 SASLAUTHD "Enable use of Cyrus SASL auth daemon" off \
 	 SA_EXIM "SA-Exim support" off \
-	 SO_1024 "Build with Spamoborona-1024 local scan" off \
+	 SO_1024 "Build with Spamooborona-1024 local scan" off \
 	 SPF "Enable Sender Policy Framework checking" off \
 	 SQLITE "Enable SQLite lookups" off \
 	 SRS "Enable Sender Rewriting Scheme" off \