Added fix patch
Signed-off-by: Marcin Woźniak <y0rune@aol.com>
This commit is contained in:
parent
1daabf7869
commit
b12c032558
@ -1,232 +1,41 @@
|
||||
Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
|
||||
Date: 2014-12-27
|
||||
Initial Package Version: 12.5
|
||||
Upstream Status: Unknown
|
||||
Origin: Changes to remove SSL2 found at debian, remainder from redhat.
|
||||
Description: Removes support for SSL2 (openssl no longer supports it)
|
||||
and fixes CVE-2004-2771 [sic] and CVE-2014-7844.
|
||||
diff --git a/openssl.c b/openssl.c
|
||||
index b4e33fc..9d1eaf4 100644
|
||||
--- a/openssl.c
|
||||
+++ b/openssl.c
|
||||
@@ -136,6 +136,7 @@ ssl_rand_init(void)
|
||||
int state = 0;
|
||||
|
||||
diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h
|
||||
--- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100
|
||||
+++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000
|
||||
@@ -396,7 +396,7 @@
|
||||
int is_fileaddr(char *name);
|
||||
struct name *usermap(struct name *names);
|
||||
struct name *cat(struct name *n1, struct name *n2);
|
||||
-char **unpack(struct name *np);
|
||||
+char **unpack(struct name *smopts, struct name *np);
|
||||
struct name *elide(struct name *names);
|
||||
int count(struct name *np);
|
||||
struct name *delete_alternates(struct name *np);
|
||||
diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c
|
||||
--- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100
|
||||
+++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000
|
||||
@@ -43,12 +43,15 @@
|
||||
#endif /* not lint */
|
||||
|
||||
#include "rcv.h"
|
||||
+
|
||||
+#ifndef HAVE_WORDEXP
|
||||
+#error wordexp support is required
|
||||
if ((cp = value("ssl-rand-egd")) != NULL) {
|
||||
+#ifndef OPENSSL_NO_EGD
|
||||
cp = expand(cp);
|
||||
if (RAND_egd(cp) == -1) {
|
||||
fprintf(stderr, catgets(catd, CATSET, 245,
|
||||
@@ -143,6 +144,9 @@ ssl_rand_init(void)
|
||||
cp);
|
||||
} else
|
||||
state = 1;
|
||||
+#else
|
||||
+ fprintf(stderr, "entropy daemon not available\n");
|
||||
+#endif
|
||||
+
|
||||
#include <sys/stat.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/wait.h>
|
||||
-#ifdef HAVE_WORDEXP
|
||||
#include <wordexp.h>
|
||||
-#endif /* HAVE_WORDEXP */
|
||||
#include <unistd.h>
|
||||
|
||||
#if defined (USE_NSS)
|
||||
@@ -481,7 +484,6 @@
|
||||
static char *
|
||||
globname(char *name)
|
||||
{
|
||||
-#ifdef HAVE_WORDEXP
|
||||
wordexp_t we;
|
||||
char *cp;
|
||||
sigset_t nset;
|
||||
@@ -495,7 +497,7 @@
|
||||
sigemptyset(&nset);
|
||||
sigaddset(&nset, SIGCHLD);
|
||||
sigprocmask(SIG_BLOCK, &nset, NULL);
|
||||
- i = wordexp(name, &we, 0);
|
||||
+ i = wordexp(name, &we, WRDE_NOCMD);
|
||||
sigprocmask(SIG_UNBLOCK, &nset, NULL);
|
||||
switch (i) {
|
||||
case 0:
|
||||
@@ -527,65 +529,6 @@
|
||||
}
|
||||
wordfree(&we);
|
||||
return cp;
|
||||
-#else /* !HAVE_WORDEXP */
|
||||
- char xname[PATHSIZE];
|
||||
- char cmdbuf[PATHSIZE]; /* also used for file names */
|
||||
- int pid, l;
|
||||
- char *cp, *shell;
|
||||
- int pivec[2];
|
||||
- extern int wait_status;
|
||||
- struct stat sbuf;
|
||||
-
|
||||
- if (pipe(pivec) < 0) {
|
||||
- perror("pipe");
|
||||
- return name;
|
||||
- }
|
||||
- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
|
||||
- if ((shell = value("SHELL")) == NULL)
|
||||
- shell = SHELL;
|
||||
- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
|
||||
- if (pid < 0) {
|
||||
- close(pivec[0]);
|
||||
- close(pivec[1]);
|
||||
- return NULL;
|
||||
- }
|
||||
- close(pivec[1]);
|
||||
-again:
|
||||
- l = read(pivec[0], xname, sizeof xname);
|
||||
- if (l < 0) {
|
||||
- if (errno == EINTR)
|
||||
- goto again;
|
||||
- perror("read");
|
||||
- close(pivec[0]);
|
||||
- return NULL;
|
||||
- }
|
||||
- close(pivec[0]);
|
||||
- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
|
||||
- fprintf(stderr, catgets(catd, CATSET, 81,
|
||||
- "\"%s\": Expansion failed.\n"), name);
|
||||
- return NULL;
|
||||
- }
|
||||
- if (l == 0) {
|
||||
- fprintf(stderr, catgets(catd, CATSET, 82,
|
||||
- "\"%s\": No match.\n"), name);
|
||||
- return NULL;
|
||||
- }
|
||||
- if (l == sizeof xname) {
|
||||
- fprintf(stderr, catgets(catd, CATSET, 83,
|
||||
- "\"%s\": Expansion buffer overflow.\n"), name);
|
||||
- return NULL;
|
||||
- }
|
||||
- xname[l] = 0;
|
||||
- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
|
||||
- ;
|
||||
- cp[1] = '\0';
|
||||
- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
|
||||
- fprintf(stderr, catgets(catd, CATSET, 84,
|
||||
- "\"%s\": Ambiguous.\n"), name);
|
||||
- return NULL;
|
||||
- }
|
||||
- return savestr(xname);
|
||||
-#endif /* !HAVE_WORDEXP */
|
||||
}
|
||||
|
||||
/*
|
||||
diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1
|
||||
--- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100
|
||||
+++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000
|
||||
@@ -656,6 +656,14 @@
|
||||
will have the system wide alias expanded
|
||||
as all mail goes through sendmail.
|
||||
.SS "Recipient address specifications"
|
||||
+If the
|
||||
+.I expandaddr
|
||||
+option is not set (the default), recipient addresses must be names of
|
||||
+local mailboxes or Internet mail addresses.
|
||||
+.PP
|
||||
+If the
|
||||
+.I expandaddr
|
||||
+option is set, the following rules apply:
|
||||
When an address is used to name a recipient
|
||||
(in any of To, Cc, or Bcc),
|
||||
names of local mail folders
|
||||
@@ -2391,6 +2399,12 @@
|
||||
If this option is set,
|
||||
\fImailx\fR starts even with an empty mailbox.
|
||||
.TP
|
||||
+.B expandaddr
|
||||
+Causes
|
||||
+.I mailx
|
||||
+to expand message recipient addresses, as explained in the section,
|
||||
+Recipient address specifications.
|
||||
+.TP
|
||||
.B flipr
|
||||
Exchanges the
|
||||
.I Respond
|
||||
@@ -3575,7 +3589,7 @@
|
||||
.TP
|
||||
.B ssl-method
|
||||
Selects a SSL/TLS protocol version;
|
||||
-valid values are `ssl2', `ssl3', and `tls1'.
|
||||
+valid values are `ssl3', and `tls1'.
|
||||
If unset, the method is selected automatically,
|
||||
if possible.
|
||||
.TP
|
||||
diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c
|
||||
--- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100
|
||||
+++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000
|
||||
@@ -268,6 +268,9 @@
|
||||
FILE *fout, *fin;
|
||||
int ispipe;
|
||||
|
||||
+ if (value("expandaddr") == NULL)
|
||||
+ return names;
|
||||
+
|
||||
top = names;
|
||||
np = names;
|
||||
time(&now);
|
||||
@@ -546,7 +549,7 @@
|
||||
* Return an error if the name list won't fit.
|
||||
*/
|
||||
char **
|
||||
-unpack(struct name *np)
|
||||
+unpack(struct name *smopts, struct name *np)
|
||||
{
|
||||
char **ap, **top;
|
||||
struct name *n;
|
||||
@@ -561,7 +564,7 @@
|
||||
* the terminating 0 pointer. Additional spots may be needed
|
||||
* to pass along -f to the host mailer.
|
||||
*/
|
||||
- extra = 2;
|
||||
+ extra = 3 + count(smopts);
|
||||
extra++;
|
||||
metoo = value("metoo") != NULL;
|
||||
if (metoo)
|
||||
@@ -578,6 +581,10 @@
|
||||
*ap++ = "-m";
|
||||
if (verbose)
|
||||
*ap++ = "-v";
|
||||
+ for (; smopts != NULL; smopts = smopts->n_flink)
|
||||
+ if ((smopts->n_type & GDEL) == 0)
|
||||
+ *ap++ = smopts->n_name;
|
||||
+ *ap++ = "--";
|
||||
for (; n != NULL; n = n->n_flink)
|
||||
if ((n->n_type & GDEL) == 0)
|
||||
*ap++ = n->n_name;
|
||||
diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c
|
||||
--- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100
|
||||
+++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000
|
||||
@@ -216,9 +216,7 @@
|
||||
|
||||
} else if ((cp = value("ssl-rand-file")) != NULL) {
|
||||
cp = expand(cp);
|
||||
if (RAND_load_file(cp, 1024) == -1) {
|
||||
@@ -216,9 +220,16 @@ ssl_select_method(const char *uhp)
|
||||
|
||||
cp = ssl_method_string(uhp);
|
||||
if (cp != NULL) {
|
||||
- if (equal(cp, "ssl2"))
|
||||
- method = SSLv2_client_method();
|
||||
+ if (equal(cp, "ssl2")) {
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000
|
||||
method = SSLv2_client_method();
|
||||
- else if (equal(cp, "ssl3"))
|
||||
+ if (equal(cp, "ssl3"))
|
||||
+#else
|
||||
+ /* SSLv2 support was removed in OpenSSL 1.1.0 */
|
||||
+ fprintf(stderr, catgets(catd, CATSET, 244,
|
||||
+ "Unsupported SSL method \"%s\"\n"), cp);
|
||||
+ method = SSLv23_client_method();
|
||||
+#endif
|
||||
+ } else if (equal(cp, "ssl3"))
|
||||
method = SSLv3_client_method();
|
||||
else if (equal(cp, "tls1"))
|
||||
method = TLSv1_client_method();
|
||||
diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c
|
||||
--- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100
|
||||
+++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000
|
||||
@@ -835,7 +835,7 @@
|
||||
#endif /* HAVE_SOCKETS */
|
||||
|
||||
if ((smtp = value("smtp")) == NULL) {
|
||||
- args = unpack(cat(mailargs, to));
|
||||
+ args = unpack(mailargs, to);
|
||||
if (debug || value("debug")) {
|
||||
printf(catgets(catd, CATSET, 181,
|
||||
"Sendmail arguments:"));
|
||||
|
Loading…
Reference in New Issue
Block a user