summaryrefslogtreecommitdiff
path: root/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2016-06-30 20:26:57 +0000
committerEric Hameleers <alien@slackware.com>2018-05-31 23:31:18 +0200
commitd31c50870d0bee042ce660e445c9294a59a3a65b (patch)
tree6bfc0de3c95267b401b620c2c67859557dc60f97 /source/n/mailx/heirloom-mailx-12.5-fixes-1.patch
parent76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (diff)
downloadcurrent-d31c50870d0bee042ce660e445c9294a59a3a65b.tar.gz
Slackware 14.2slackware-14.2
Thu Jun 30 20:26:57 UTC 2016 Slackware 14.2 x86_64 stable is released! The long development cycle (the Linux community has lately been living in "interesting times", as they say) is finally behind us, and we're proud to announce the release of Slackware 14.2. The new release brings many updates and modern tools, has switched from udev to eudev (no systemd), and adds well over a hundred new packages to the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-)
Diffstat (limited to 'source/n/mailx/heirloom-mailx-12.5-fixes-1.patch')
-rw-r--r--source/n/mailx/heirloom-mailx-12.5-fixes-1.patch232
1 files changed, 232 insertions, 0 deletions
diff --git a/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch b/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch
new file mode 100644
index 00000000..fa6d5119
--- /dev/null
+++ b/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch
@@ -0,0 +1,232 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2014-12-27
+Initial Package Version: 12.5
+Upstream Status: Unknown
+Origin: Changes to remove SSL2 found at debian, remainder from redhat.
+Description: Removes support for SSL2 (openssl no longer supports it)
+and fixes CVE-2004-2771 [sic] and CVE-2014-7844.
+
+diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h
+--- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000
+@@ -396,7 +396,7 @@
+ int is_fileaddr(char *name);
+ struct name *usermap(struct name *names);
+ struct name *cat(struct name *n1, struct name *n2);
+-char **unpack(struct name *np);
++char **unpack(struct name *smopts, struct name *np);
+ struct name *elide(struct name *names);
+ int count(struct name *np);
+ struct name *delete_alternates(struct name *np);
+diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c
+--- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000
+@@ -43,12 +43,15 @@
+ #endif /* not lint */
+
+ #include "rcv.h"
++
++#ifndef HAVE_WORDEXP
++#error wordexp support is required
++#endif
++
+ #include <sys/stat.h>
+ #include <sys/file.h>
+ #include <sys/wait.h>
+-#ifdef HAVE_WORDEXP
+ #include <wordexp.h>
+-#endif /* HAVE_WORDEXP */
+ #include <unistd.h>
+
+ #if defined (USE_NSS)
+@@ -481,7 +484,6 @@
+ static char *
+ globname(char *name)
+ {
+-#ifdef HAVE_WORDEXP
+ wordexp_t we;
+ char *cp;
+ sigset_t nset;
+@@ -495,7 +497,7 @@
+ sigemptyset(&nset);
+ sigaddset(&nset, SIGCHLD);
+ sigprocmask(SIG_BLOCK, &nset, NULL);
+- i = wordexp(name, &we, 0);
++ i = wordexp(name, &we, WRDE_NOCMD);
+ sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ switch (i) {
+ case 0:
+@@ -527,65 +529,6 @@
+ }
+ wordfree(&we);
+ return cp;
+-#else /* !HAVE_WORDEXP */
+- char xname[PATHSIZE];
+- char cmdbuf[PATHSIZE]; /* also used for file names */
+- int pid, l;
+- char *cp, *shell;
+- int pivec[2];
+- extern int wait_status;
+- struct stat sbuf;
+-
+- if (pipe(pivec) < 0) {
+- perror("pipe");
+- return name;
+- }
+- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
+- if ((shell = value("SHELL")) == NULL)
+- shell = SHELL;
+- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
+- if (pid < 0) {
+- close(pivec[0]);
+- close(pivec[1]);
+- return NULL;
+- }
+- close(pivec[1]);
+-again:
+- l = read(pivec[0], xname, sizeof xname);
+- if (l < 0) {
+- if (errno == EINTR)
+- goto again;
+- perror("read");
+- close(pivec[0]);
+- return NULL;
+- }
+- close(pivec[0]);
+- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
+- fprintf(stderr, catgets(catd, CATSET, 81,
+- "\"%s\": Expansion failed.\n"), name);
+- return NULL;
+- }
+- if (l == 0) {
+- fprintf(stderr, catgets(catd, CATSET, 82,
+- "\"%s\": No match.\n"), name);
+- return NULL;
+- }
+- if (l == sizeof xname) {
+- fprintf(stderr, catgets(catd, CATSET, 83,
+- "\"%s\": Expansion buffer overflow.\n"), name);
+- return NULL;
+- }
+- xname[l] = 0;
+- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
+- ;
+- cp[1] = '\0';
+- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
+- fprintf(stderr, catgets(catd, CATSET, 84,
+- "\"%s\": Ambiguous.\n"), name);
+- return NULL;
+- }
+- return savestr(xname);
+-#endif /* !HAVE_WORDEXP */
+ }
+
+ /*
+diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1
+--- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000
+@@ -656,6 +656,14 @@
+ will have the system wide alias expanded
+ as all mail goes through sendmail.
+ .SS "Recipient address specifications"
++If the
++.I expandaddr
++option is not set (the default), recipient addresses must be names of
++local mailboxes or Internet mail addresses.
++.PP
++If the
++.I expandaddr
++option is set, the following rules apply:
+ When an address is used to name a recipient
+ (in any of To, Cc, or Bcc),
+ names of local mail folders
+@@ -2391,6 +2399,12 @@
+ If this option is set,
+ \fImailx\fR starts even with an empty mailbox.
+ .TP
++.B expandaddr
++Causes
++.I mailx
++to expand message recipient addresses, as explained in the section,
++Recipient address specifications.
++.TP
+ .B flipr
+ Exchanges the
+ .I Respond
+@@ -3575,7 +3589,7 @@
+ .TP
+ .B ssl-method
+ Selects a SSL/TLS protocol version;
+-valid values are `ssl2', `ssl3', and `tls1'.
++valid values are `ssl3', and `tls1'.
+ If unset, the method is selected automatically,
+ if possible.
+ .TP
+diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c
+--- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000
+@@ -268,6 +268,9 @@
+ FILE *fout, *fin;
+ int ispipe;
+
++ if (value("expandaddr") == NULL)
++ return names;
++
+ top = names;
+ np = names;
+ time(&now);
+@@ -546,7 +549,7 @@
+ * Return an error if the name list won't fit.
+ */
+ char **
+-unpack(struct name *np)
++unpack(struct name *smopts, struct name *np)
+ {
+ char **ap, **top;
+ struct name *n;
+@@ -561,7 +564,7 @@
+ * the terminating 0 pointer. Additional spots may be needed
+ * to pass along -f to the host mailer.
+ */
+- extra = 2;
++ extra = 3 + count(smopts);
+ extra++;
+ metoo = value("metoo") != NULL;
+ if (metoo)
+@@ -578,6 +581,10 @@
+ *ap++ = "-m";
+ if (verbose)
+ *ap++ = "-v";
++ for (; smopts != NULL; smopts = smopts->n_flink)
++ if ((smopts->n_type & GDEL) == 0)
++ *ap++ = smopts->n_name;
++ *ap++ = "--";
+ for (; n != NULL; n = n->n_flink)
+ if ((n->n_type & GDEL) == 0)
+ *ap++ = n->n_name;
+diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c
+--- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000
+@@ -216,9 +216,7 @@
+
+ cp = ssl_method_string(uhp);
+ if (cp != NULL) {
+- if (equal(cp, "ssl2"))
+- method = SSLv2_client_method();
+- else if (equal(cp, "ssl3"))
++ if (equal(cp, "ssl3"))
+ method = SSLv3_client_method();
+ else if (equal(cp, "tls1"))
+ method = TLSv1_client_method();
+diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c
+--- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000
+@@ -835,7 +835,7 @@
+ #endif /* HAVE_SOCKETS */
+
+ if ((smtp = value("smtp")) == NULL) {
+- args = unpack(cat(mailargs, to));
++ args = unpack(mailargs, to);
+ if (debug || value("debug")) {
+ printf(catgets(catd, CATSET, 181,
+ "Sendmail arguments:"));