From b12c032558e6a107321dcc3399f3bc3e2954a1c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Wo=C5=BAniak?= Date: Tue, 22 Dec 2020 21:17:27 +0100 Subject: [PATCH] Added fix patch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marcin Woźniak --- .../files/heirloom-mailx-12.5-fixes-1.patch | 255 +++--------------- 1 file changed, 32 insertions(+), 223 deletions(-) diff --git a/mail-client/heirloom-mailx/files/heirloom-mailx-12.5-fixes-1.patch b/mail-client/heirloom-mailx/files/heirloom-mailx-12.5-fixes-1.patch index fa6d511..4ea33cf 100644 --- a/mail-client/heirloom-mailx/files/heirloom-mailx-12.5-fixes-1.patch +++ b/mail-client/heirloom-mailx/files/heirloom-mailx-12.5-fixes-1.patch @@ -1,232 +1,41 @@ -Submitted By: Ken Moffat -Date: 2014-12-27 -Initial Package Version: 12.5 -Upstream Status: Unknown -Origin: Changes to remove SSL2 found at debian, remainder from redhat. -Description: Removes support for SSL2 (openssl no longer supports it) -and fixes CVE-2004-2771 [sic] and CVE-2014-7844. +diff --git a/openssl.c b/openssl.c +index b4e33fc..9d1eaf4 100644 +--- a/openssl.c ++++ b/openssl.c +@@ -136,6 +136,7 @@ ssl_rand_init(void) + int state = 0; -diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h ---- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000 -@@ -396,7 +396,7 @@ - int is_fileaddr(char *name); - struct name *usermap(struct name *names); - struct name *cat(struct name *n1, struct name *n2); --char **unpack(struct name *np); -+char **unpack(struct name *smopts, struct name *np); - struct name *elide(struct name *names); - int count(struct name *np); - struct name *delete_alternates(struct name *np); -diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c ---- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000 -@@ -43,12 +43,15 @@ - #endif /* not lint */ - - #include "rcv.h" -+ -+#ifndef HAVE_WORDEXP -+#error wordexp support is required + if ((cp = value("ssl-rand-egd")) != NULL) { ++#ifndef OPENSSL_NO_EGD + cp = expand(cp); + if (RAND_egd(cp) == -1) { + fprintf(stderr, catgets(catd, CATSET, 245, +@@ -143,6 +144,9 @@ ssl_rand_init(void) + cp); + } else + state = 1; ++#else ++ fprintf(stderr, "entropy daemon not available\n"); +#endif -+ - #include - #include - #include --#ifdef HAVE_WORDEXP - #include --#endif /* HAVE_WORDEXP */ - #include - - #if defined (USE_NSS) -@@ -481,7 +484,6 @@ - static char * - globname(char *name) - { --#ifdef HAVE_WORDEXP - wordexp_t we; - char *cp; - sigset_t nset; -@@ -495,7 +497,7 @@ - sigemptyset(&nset); - sigaddset(&nset, SIGCHLD); - sigprocmask(SIG_BLOCK, &nset, NULL); -- i = wordexp(name, &we, 0); -+ i = wordexp(name, &we, WRDE_NOCMD); - sigprocmask(SIG_UNBLOCK, &nset, NULL); - switch (i) { - case 0: -@@ -527,65 +529,6 @@ - } - wordfree(&we); - return cp; --#else /* !HAVE_WORDEXP */ -- char xname[PATHSIZE]; -- char cmdbuf[PATHSIZE]; /* also used for file names */ -- int pid, l; -- char *cp, *shell; -- int pivec[2]; -- extern int wait_status; -- struct stat sbuf; -- -- if (pipe(pivec) < 0) { -- perror("pipe"); -- return name; -- } -- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name); -- if ((shell = value("SHELL")) == NULL) -- shell = SHELL; -- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL); -- if (pid < 0) { -- close(pivec[0]); -- close(pivec[1]); -- return NULL; -- } -- close(pivec[1]); --again: -- l = read(pivec[0], xname, sizeof xname); -- if (l < 0) { -- if (errno == EINTR) -- goto again; -- perror("read"); -- close(pivec[0]); -- return NULL; -- } -- close(pivec[0]); -- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) { -- fprintf(stderr, catgets(catd, CATSET, 81, -- "\"%s\": Expansion failed.\n"), name); -- return NULL; -- } -- if (l == 0) { -- fprintf(stderr, catgets(catd, CATSET, 82, -- "\"%s\": No match.\n"), name); -- return NULL; -- } -- if (l == sizeof xname) { -- fprintf(stderr, catgets(catd, CATSET, 83, -- "\"%s\": Expansion buffer overflow.\n"), name); -- return NULL; -- } -- xname[l] = 0; -- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--) -- ; -- cp[1] = '\0'; -- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) { -- fprintf(stderr, catgets(catd, CATSET, 84, -- "\"%s\": Ambiguous.\n"), name); -- return NULL; -- } -- return savestr(xname); --#endif /* !HAVE_WORDEXP */ - } - - /* -diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1 ---- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000 -@@ -656,6 +656,14 @@ - will have the system wide alias expanded - as all mail goes through sendmail. - .SS "Recipient address specifications" -+If the -+.I expandaddr -+option is not set (the default), recipient addresses must be names of -+local mailboxes or Internet mail addresses. -+.PP -+If the -+.I expandaddr -+option is set, the following rules apply: - When an address is used to name a recipient - (in any of To, Cc, or Bcc), - names of local mail folders -@@ -2391,6 +2399,12 @@ - If this option is set, - \fImailx\fR starts even with an empty mailbox. - .TP -+.B expandaddr -+Causes -+.I mailx -+to expand message recipient addresses, as explained in the section, -+Recipient address specifications. -+.TP - .B flipr - Exchanges the - .I Respond -@@ -3575,7 +3589,7 @@ - .TP - .B ssl-method - Selects a SSL/TLS protocol version; --valid values are `ssl2', `ssl3', and `tls1'. -+valid values are `ssl3', and `tls1'. - If unset, the method is selected automatically, - if possible. - .TP -diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c ---- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000 -@@ -268,6 +268,9 @@ - FILE *fout, *fin; - int ispipe; - -+ if (value("expandaddr") == NULL) -+ return names; -+ - top = names; - np = names; - time(&now); -@@ -546,7 +549,7 @@ - * Return an error if the name list won't fit. - */ - char ** --unpack(struct name *np) -+unpack(struct name *smopts, struct name *np) - { - char **ap, **top; - struct name *n; -@@ -561,7 +564,7 @@ - * the terminating 0 pointer. Additional spots may be needed - * to pass along -f to the host mailer. - */ -- extra = 2; -+ extra = 3 + count(smopts); - extra++; - metoo = value("metoo") != NULL; - if (metoo) -@@ -578,6 +581,10 @@ - *ap++ = "-m"; - if (verbose) - *ap++ = "-v"; -+ for (; smopts != NULL; smopts = smopts->n_flink) -+ if ((smopts->n_type & GDEL) == 0) -+ *ap++ = smopts->n_name; -+ *ap++ = "--"; - for (; n != NULL; n = n->n_flink) - if ((n->n_type & GDEL) == 0) - *ap++ = n->n_name; -diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c ---- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000 -@@ -216,9 +216,7 @@ - + } else if ((cp = value("ssl-rand-file")) != NULL) { + cp = expand(cp); + if (RAND_load_file(cp, 1024) == -1) { +@@ -216,9 +220,16 @@ ssl_select_method(const char *uhp) + cp = ssl_method_string(uhp); if (cp != NULL) { - if (equal(cp, "ssl2")) -- method = SSLv2_client_method(); ++ if (equal(cp, "ssl2")) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + method = SSLv2_client_method(); - else if (equal(cp, "ssl3")) -+ if (equal(cp, "ssl3")) ++#else ++ /* SSLv2 support was removed in OpenSSL 1.1.0 */ ++ fprintf(stderr, catgets(catd, CATSET, 244, ++ "Unsupported SSL method \"%s\"\n"), cp); ++ method = SSLv23_client_method(); ++#endif ++ } else if (equal(cp, "ssl3")) method = SSLv3_client_method(); else if (equal(cp, "tls1")) method = TLSv1_client_method(); -diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c ---- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000 -@@ -835,7 +835,7 @@ - #endif /* HAVE_SOCKETS */ - - if ((smtp = value("smtp")) == NULL) { -- args = unpack(cat(mailargs, to)); -+ args = unpack(mailargs, to); - if (debug || value("debug")) { - printf(catgets(catd, CATSET, 181, - "Sendmail arguments:"));