src_prepare/src_prepare-overlay
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'Adding-SSL-into-mailx' into 'master'

Browse Source 
Added fix patch

See merge request src_prepare/src_prepare-overlay!136
This commit is contained in:
Marcin Woźniak 2020-12-22 20:31:04 +00:00
commit 9be74c5959
1 changed files with 32 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

253
mail-client/heirloom-mailx/files/heirloom-mailx-12.5-fixes-1.patch
View File

@ -1,232 +1,41 @@
Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2014-12-27
Initial Package Version: 12.5
Upstream Status: Unknown
Origin: Changes to remove SSL2 found at debian, remainder from redhat.
Description: Removes support for SSL2 (openssl no longer supports it)
and fixes CVE-2004-2771 [sic] and CVE-2014-7844.
diff --git a/openssl.c b/openssl.c
index b4e33fc..9d1eaf4 100644
--- a/openssl.c
+++ b/openssl.c
@@ -136,6 +136,7 @@ ssl_rand_init(void)
int state = 0;
diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h
--- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000
@@ -396,7 +396,7 @@
int is_fileaddr(char *name);
struct name *usermap(struct name *names);
struct name *cat(struct name *n1, struct name *n2);
-char **unpack(struct name *np);
+char **unpack(struct name *smopts, struct name *np);
struct name *elide(struct name *names);
int count(struct name *np);
struct name *delete_alternates(struct name *np);
diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c
--- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000
@@ -43,12 +43,15 @@
#endif /* not lint */
#include "rcv.h"
+
+#ifndef HAVE_WORDEXP
+#error wordexp support is required
if ((cp = value("ssl-rand-egd")) != NULL) {
+#ifndef OPENSSL_NO_EGD
cp = expand(cp);
if (RAND_egd(cp) == -1) {
fprintf(stderr, catgets(catd, CATSET, 245,
@@ -143,6 +144,9 @@ ssl_rand_init(void)
cp);
} else
state = 1;
+#else
+ fprintf(stderr, "entropy daemon not available\n");
+#endif
+
#include <sys/stat.h>
#include <sys/file.h>
#include <sys/wait.h>
-#ifdef HAVE_WORDEXP
#include <wordexp.h>
-#endif /* HAVE_WORDEXP */
#include <unistd.h>
#if defined (USE_NSS)
@@ -481,7 +484,6 @@
static char *
globname(char *name)
{
-#ifdef HAVE_WORDEXP
wordexp_t we;
char *cp;
sigset_t nset;
@@ -495,7 +497,7 @@
sigemptyset(&nset);
sigaddset(&nset, SIGCHLD);
sigprocmask(SIG_BLOCK, &nset, NULL);
- i = wordexp(name, &we, 0);
+ i = wordexp(name, &we, WRDE_NOCMD);
sigprocmask(SIG_UNBLOCK, &nset, NULL);
switch (i) {
case 0:
@@ -527,65 +529,6 @@
}
wordfree(&we);
return cp;
-#else /* !HAVE_WORDEXP */
- char xname[PATHSIZE];
- char cmdbuf[PATHSIZE]; /* also used for file names */
- int pid, l;
- char *cp, *shell;
- int pivec[2];
- extern int wait_status;
- struct stat sbuf;
-
- if (pipe(pivec) < 0) {
- perror("pipe");
- return name;
- }
- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
- if ((shell = value("SHELL")) == NULL)
- shell = SHELL;
- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
- if (pid < 0) {
- close(pivec[0]);
- close(pivec[1]);
- return NULL;
- }
- close(pivec[1]);
-again:
- l = read(pivec[0], xname, sizeof xname);
- if (l < 0) {
- if (errno == EINTR)
- goto again;
- perror("read");
- close(pivec[0]);
- return NULL;
- }
- close(pivec[0]);
- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
- fprintf(stderr, catgets(catd, CATSET, 81,
- "\"%s\": Expansion failed.\n"), name);
- return NULL;
- }
- if (l == 0) {
- fprintf(stderr, catgets(catd, CATSET, 82,
- "\"%s\": No match.\n"), name);
- return NULL;
- }
- if (l == sizeof xname) {
- fprintf(stderr, catgets(catd, CATSET, 83,
- "\"%s\": Expansion buffer overflow.\n"), name);
- return NULL;
- }
- xname[l] = 0;
- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
- ;
- cp[1] = '\0';
- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
- fprintf(stderr, catgets(catd, CATSET, 84,
- "\"%s\": Ambiguous.\n"), name);
- return NULL;
- }
- return savestr(xname);
-#endif /* !HAVE_WORDEXP */
}
/*
diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1
--- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000
@@ -656,6 +656,14 @@
will have the system wide alias expanded
as all mail goes through sendmail.
.SS "Recipient address specifications"
+If the
+.I expandaddr
+option is not set (the default), recipient addresses must be names of
+local mailboxes or Internet mail addresses.
+.PP
+If the
+.I expandaddr
+option is set, the following rules apply:
When an address is used to name a recipient
(in any of To, Cc, or Bcc),
names of local mail folders
@@ -2391,6 +2399,12 @@
If this option is set,
\fImailx\fR starts even with an empty mailbox.
.TP
+.B expandaddr
+Causes
+.I mailx
+to expand message recipient addresses, as explained in the section,
+Recipient address specifications.
+.TP
.B flipr
Exchanges the
.I Respond
@@ -3575,7 +3589,7 @@
.TP
.B ssl-method
Selects a SSL/TLS protocol version;
-valid values are `ssl2', `ssl3', and `tls1'.
+valid values are `ssl3', and `tls1'.
If unset, the method is selected automatically,
if possible.
.TP
diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c
--- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000
@@ -268,6 +268,9 @@
FILE *fout, *fin;
int ispipe;
+ if (value("expandaddr") == NULL)
+ return names;
+
top = names;
np = names;
time(&now);
@@ -546,7 +549,7 @@
* Return an error if the name list won't fit.
*/
char **
-unpack(struct name *np)
+unpack(struct name *smopts, struct name *np)
{
char **ap, **top;
struct name *n;
@@ -561,7 +564,7 @@
* the terminating 0 pointer. Additional spots may be needed
* to pass along -f to the host mailer.
*/
- extra = 2;
+ extra = 3 + count(smopts);
extra++;
metoo = value("metoo") != NULL;
if (metoo)
@@ -578,6 +581,10 @@
*ap++ = "-m";
if (verbose)
*ap++ = "-v";
+ for (; smopts != NULL; smopts = smopts->n_flink)
+ if ((smopts->n_type & GDEL) == 0)
+ *ap++ = smopts->n_name;
+ *ap++ = "--";
for (; n != NULL; n = n->n_flink)
if ((n->n_type & GDEL) == 0)
*ap++ = n->n_name;
diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c
--- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000
@@ -216,9 +216,7 @@
} else if ((cp = value("ssl-rand-file")) != NULL) {
cp = expand(cp);
if (RAND_load_file(cp, 1024) == -1) {
@@ -216,9 +220,16 @@ ssl_select_method(const char *uhp)
cp = ssl_method_string(uhp);
if (cp != NULL) {
- if (equal(cp, "ssl2"))
- method = SSLv2_client_method();
+ if (equal(cp, "ssl2")) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000
method = SSLv2_client_method();
- else if (equal(cp, "ssl3"))
+ if (equal(cp, "ssl3"))
+#else
+ /* SSLv2 support was removed in OpenSSL 1.1.0 */
+ fprintf(stderr, catgets(catd, CATSET, 244,
+ "Unsupported SSL method \"%s\"\n"), cp);
+ method = SSLv23_client_method();
+#endif
+ } else if (equal(cp, "ssl3"))
method = SSLv3_client_method();
else if (equal(cp, "tls1"))
method = TLSv1_client_method();
diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c
--- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000
@@ -835,7 +835,7 @@
#endif /* HAVE_SOCKETS */
if ((smtp = value("smtp")) == NULL) {
- args = unpack(cat(mailargs, to));
+ args = unpack(mailargs, to);
if (debug || value("debug")) {
printf(catgets(catd, CATSET, 181,
"Sendmail arguments:"));