diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2016-06-30 20:26:57 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 23:31:18 +0200 |
commit | d31c50870d0bee042ce660e445c9294a59a3a65b (patch) | |
tree | 6bfc0de3c95267b401b620c2c67859557dc60f97 /source/n/mailx/heirloom-mailx-12.5-fixes-1.patch | |
parent | 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (diff) | |
download | current-d31c50870d0bee042ce660e445c9294a59a3a65b.tar.gz |
Slackware 14.2slackware-14.2
Thu Jun 30 20:26:57 UTC 2016
Slackware 14.2 x86_64 stable is released!
The long development cycle (the Linux community has lately been living in
"interesting times", as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2. The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system. Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Have fun! :-)
Diffstat (limited to 'source/n/mailx/heirloom-mailx-12.5-fixes-1.patch')
-rw-r--r-- | source/n/mailx/heirloom-mailx-12.5-fixes-1.patch | 232 |
1 files changed, 232 insertions, 0 deletions
diff --git a/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch b/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch new file mode 100644 index 00000000..fa6d5119 --- /dev/null +++ b/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch @@ -0,0 +1,232 @@ +Submitted By: Ken Moffat <ken at linuxfromscratch dot org> +Date: 2014-12-27 +Initial Package Version: 12.5 +Upstream Status: Unknown +Origin: Changes to remove SSL2 found at debian, remainder from redhat. +Description: Removes support for SSL2 (openssl no longer supports it) +and fixes CVE-2004-2771 [sic] and CVE-2014-7844. + +diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h +--- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000 +@@ -396,7 +396,7 @@ + int is_fileaddr(char *name); + struct name *usermap(struct name *names); + struct name *cat(struct name *n1, struct name *n2); +-char **unpack(struct name *np); ++char **unpack(struct name *smopts, struct name *np); + struct name *elide(struct name *names); + int count(struct name *np); + struct name *delete_alternates(struct name *np); +diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c +--- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000 +@@ -43,12 +43,15 @@ + #endif /* not lint */ + + #include "rcv.h" ++ ++#ifndef HAVE_WORDEXP ++#error wordexp support is required ++#endif ++ + #include <sys/stat.h> + #include <sys/file.h> + #include <sys/wait.h> +-#ifdef HAVE_WORDEXP + #include <wordexp.h> +-#endif /* HAVE_WORDEXP */ + #include <unistd.h> + + #if defined (USE_NSS) +@@ -481,7 +484,6 @@ + static char * + globname(char *name) + { +-#ifdef HAVE_WORDEXP + wordexp_t we; + char *cp; + sigset_t nset; +@@ -495,7 +497,7 @@ + sigemptyset(&nset); + sigaddset(&nset, SIGCHLD); + sigprocmask(SIG_BLOCK, &nset, NULL); +- i = wordexp(name, &we, 0); ++ i = wordexp(name, &we, WRDE_NOCMD); + sigprocmask(SIG_UNBLOCK, &nset, NULL); + switch (i) { + case 0: +@@ -527,65 +529,6 @@ + } + wordfree(&we); + return cp; +-#else /* !HAVE_WORDEXP */ +- char xname[PATHSIZE]; +- char cmdbuf[PATHSIZE]; /* also used for file names */ +- int pid, l; +- char *cp, *shell; +- int pivec[2]; +- extern int wait_status; +- struct stat sbuf; +- +- if (pipe(pivec) < 0) { +- perror("pipe"); +- return name; +- } +- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name); +- if ((shell = value("SHELL")) == NULL) +- shell = SHELL; +- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL); +- if (pid < 0) { +- close(pivec[0]); +- close(pivec[1]); +- return NULL; +- } +- close(pivec[1]); +-again: +- l = read(pivec[0], xname, sizeof xname); +- if (l < 0) { +- if (errno == EINTR) +- goto again; +- perror("read"); +- close(pivec[0]); +- return NULL; +- } +- close(pivec[0]); +- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) { +- fprintf(stderr, catgets(catd, CATSET, 81, +- "\"%s\": Expansion failed.\n"), name); +- return NULL; +- } +- if (l == 0) { +- fprintf(stderr, catgets(catd, CATSET, 82, +- "\"%s\": No match.\n"), name); +- return NULL; +- } +- if (l == sizeof xname) { +- fprintf(stderr, catgets(catd, CATSET, 83, +- "\"%s\": Expansion buffer overflow.\n"), name); +- return NULL; +- } +- xname[l] = 0; +- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--) +- ; +- cp[1] = '\0'; +- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) { +- fprintf(stderr, catgets(catd, CATSET, 84, +- "\"%s\": Ambiguous.\n"), name); +- return NULL; +- } +- return savestr(xname); +-#endif /* !HAVE_WORDEXP */ + } + + /* +diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1 +--- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000 +@@ -656,6 +656,14 @@ + will have the system wide alias expanded + as all mail goes through sendmail. + .SS "Recipient address specifications" ++If the ++.I expandaddr ++option is not set (the default), recipient addresses must be names of ++local mailboxes or Internet mail addresses. ++.PP ++If the ++.I expandaddr ++option is set, the following rules apply: + When an address is used to name a recipient + (in any of To, Cc, or Bcc), + names of local mail folders +@@ -2391,6 +2399,12 @@ + If this option is set, + \fImailx\fR starts even with an empty mailbox. + .TP ++.B expandaddr ++Causes ++.I mailx ++to expand message recipient addresses, as explained in the section, ++Recipient address specifications. ++.TP + .B flipr + Exchanges the + .I Respond +@@ -3575,7 +3589,7 @@ + .TP + .B ssl-method + Selects a SSL/TLS protocol version; +-valid values are `ssl2', `ssl3', and `tls1'. ++valid values are `ssl3', and `tls1'. + If unset, the method is selected automatically, + if possible. + .TP +diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c +--- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000 +@@ -268,6 +268,9 @@ + FILE *fout, *fin; + int ispipe; + ++ if (value("expandaddr") == NULL) ++ return names; ++ + top = names; + np = names; + time(&now); +@@ -546,7 +549,7 @@ + * Return an error if the name list won't fit. + */ + char ** +-unpack(struct name *np) ++unpack(struct name *smopts, struct name *np) + { + char **ap, **top; + struct name *n; +@@ -561,7 +564,7 @@ + * the terminating 0 pointer. Additional spots may be needed + * to pass along -f to the host mailer. + */ +- extra = 2; ++ extra = 3 + count(smopts); + extra++; + metoo = value("metoo") != NULL; + if (metoo) +@@ -578,6 +581,10 @@ + *ap++ = "-m"; + if (verbose) + *ap++ = "-v"; ++ for (; smopts != NULL; smopts = smopts->n_flink) ++ if ((smopts->n_type & GDEL) == 0) ++ *ap++ = smopts->n_name; ++ *ap++ = "--"; + for (; n != NULL; n = n->n_flink) + if ((n->n_type & GDEL) == 0) + *ap++ = n->n_name; +diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c +--- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000 +@@ -216,9 +216,7 @@ + + cp = ssl_method_string(uhp); + if (cp != NULL) { +- if (equal(cp, "ssl2")) +- method = SSLv2_client_method(); +- else if (equal(cp, "ssl3")) ++ if (equal(cp, "ssl3")) + method = SSLv3_client_method(); + else if (equal(cp, "tls1")) + method = TLSv1_client_method(); +diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c +--- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000 +@@ -835,7 +835,7 @@ + #endif /* HAVE_SOCKETS */ + + if ((smtp = value("smtp")) == NULL) { +- args = unpack(cat(mailargs, to)); ++ args = unpack(mailargs, to); + if (debug || value("debug")) { + printf(catgets(catd, CATSET, 181, + "Sendmail arguments:")); |