Add patch for Exim remote code execution in 4.88+.

https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
https://bugs.exim.org/show_bug.cgi?id=2199

There is also another issue which is at least a DoS,
https://bugs.exim.org/show_bug.cgi?id=2201 that is *not* patched yet.
The workaround below would help both cases.

From upstream:

"With immediate effect, please apply this workaround: if you are running
Exim 4.88 or newer (4.89 is current, 4.90 is upcoming) then in the main
section of your Exim configuration, set:

chunking_advertise_hosts =

That's an empty value, nothing on the right of the equals. This
disables advertising the ESMTP CHUNKING extension, making the BDAT verb
unavailable and avoids letting an attacker apply the logic. "

mail/exim/Makefile

@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.113 2017/03/08 17:05:34 sthen Exp $
+# $OpenBSD: Makefile,v 1.114 2017/11/25 13:04:53 sthen Exp $
 
 COMMENT-main =		flexible mail transfer agent
 COMMENT-eximon =	X11 monitor tool for Exim MTA
 
 VERSION =		4.89
+REVISION-main =		0
 DISTNAME =		exim-${VERSION}
 PKGNAME-main =		exim-${VERSION}
 FULLPKGNAME-eximon =	exim-eximon-${VERSION}

mail/exim/patches/patch-src_receive_c

@@ -0,0 +1,20 @@
+$OpenBSD: patch-src_receive_c,v 1.1 2017/11/25 13:04:53 sthen Exp $
+
+https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
+https://bugs.exim.org/show_bug.cgi?id=2199
+
+Index: src/receive.c
+--- src/receive.c.orig
++++ src/receive.c
+@@ -1782,9 +1782,10 @@ for (;;)
+     header_size *= 2;
+     if (!store_extend(next->text, oldsize, header_size))
+       {
++      BOOL release_ok = store_last_get[store_pool] == next->text;
+       uschar *newtext = store_get(header_size);
+       memcpy(newtext, next->text, ptr);
+-      store_release(next->text);
++      if (release_ok) store_release(next->text);
+       next->text = newtext;
+       }
+     }