summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--user/mailx/APKBUILD33
-rw-r--r--user/mailx/Mail2
-rw-r--r--user/mailx/mailx-12.4-cve.patch232
-rw-r--r--user/mailx/mailx-12.4-openssl.patch72
4 files changed, 339 insertions, 0 deletions
diff --git a/user/mailx/APKBUILD b/user/mailx/APKBUILD
new file mode 100644
index 000000000..8901df5c1
--- /dev/null
+++ b/user/mailx/APKBUILD
@@ -0,0 +1,33 @@
+# Contributor: A. Wilcox <awilfox@adelielinux.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
+
+pkgname=mailx
+pkgver=12.4
+pkgrel=0
+pkgdesc="Send and receive Internet mail"
+url="http://heirloom.sourceforge.net/mailx.html"
+arch="all"
+license="BSD-4-Clause MIT MPL-1.1"
+depends=""
+makedepends="openssl-dev"
+subpackages="$pkgname-doc"
+source="http://downloads.sourceforge.net/heirloom/$pkgname-$pkgver.tar.bz2
+ Mail
+ mailx-12.4-openssl.patch
+ mailx-12.4-cve.patch"
+
+build() {
+ cd "$builddir"
+ make PREFIX="/usr" SYSCONFDIR="/etc" STRIP=":"
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" PREFIX="/usr" SYSCONFDIR="/etc" STRIP=":" UCBINSTALL="`command -v install`" install
+ install -m 755 "$srcdir"/Mail "$pkgdir"/usr/bin/Mail
+}
+
+sha512sums="a0e29972f552bd630ce1a14f70e61661815118520bcd4a00b6cad53f3270d3d08c835ff6982ba8800eb380a5b46f54eb6e60fb7533b5f41c916af45d29605af8 mailx-12.4.tar.bz2
+8715bcdbcc5170f406df2a78dc9bac144c5d73eb90ba4832162cd3c5d72c938a32a86e622e64c7e786c05343a37d7b94245cc636511261d1d4f817def04087d2 Mail
+a74f85b5a4a9f9cd9a38e244498a11394c42189bbd0601656b6ed56fa55bf596820ef2f995c6878d322a1eca135bd1b1822467c4086adb849c81d65229845663 mailx-12.4-openssl.patch
+1e77cd6ea251793ca48ae86b265580cd70fe33838b0b4e1f522af07f4f34bc909e1bab52dc0180516d44399c4227a54be7718c76ebbc4f886f372fdc5c19278f mailx-12.4-cve.patch"
diff --git a/user/mailx/Mail b/user/mailx/Mail
new file mode 100644
index 000000000..454f3c10d
--- /dev/null
+++ b/user/mailx/Mail
@@ -0,0 +1,2 @@
+#!/bin/sh
+mailx -S bsdcompat
diff --git a/user/mailx/mailx-12.4-cve.patch b/user/mailx/mailx-12.4-cve.patch
new file mode 100644
index 000000000..fa6d51197
--- /dev/null
+++ b/user/mailx/mailx-12.4-cve.patch
@@ -0,0 +1,232 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2014-12-27
+Initial Package Version: 12.5
+Upstream Status: Unknown
+Origin: Changes to remove SSL2 found at debian, remainder from redhat.
+Description: Removes support for SSL2 (openssl no longer supports it)
+and fixes CVE-2004-2771 [sic] and CVE-2014-7844.
+
+diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h
+--- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000
+@@ -396,7 +396,7 @@
+ int is_fileaddr(char *name);
+ struct name *usermap(struct name *names);
+ struct name *cat(struct name *n1, struct name *n2);
+-char **unpack(struct name *np);
++char **unpack(struct name *smopts, struct name *np);
+ struct name *elide(struct name *names);
+ int count(struct name *np);
+ struct name *delete_alternates(struct name *np);
+diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c
+--- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000
+@@ -43,12 +43,15 @@
+ #endif /* not lint */
+
+ #include "rcv.h"
++
++#ifndef HAVE_WORDEXP
++#error wordexp support is required
++#endif
++
+ #include <sys/stat.h>
+ #include <sys/file.h>
+ #include <sys/wait.h>
+-#ifdef HAVE_WORDEXP
+ #include <wordexp.h>
+-#endif /* HAVE_WORDEXP */
+ #include <unistd.h>
+
+ #if defined (USE_NSS)
+@@ -481,7 +484,6 @@
+ static char *
+ globname(char *name)
+ {
+-#ifdef HAVE_WORDEXP
+ wordexp_t we;
+ char *cp;
+ sigset_t nset;
+@@ -495,7 +497,7 @@
+ sigemptyset(&nset);
+ sigaddset(&nset, SIGCHLD);
+ sigprocmask(SIG_BLOCK, &nset, NULL);
+- i = wordexp(name, &we, 0);
++ i = wordexp(name, &we, WRDE_NOCMD);
+ sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ switch (i) {
+ case 0:
+@@ -527,65 +529,6 @@
+ }
+ wordfree(&we);
+ return cp;
+-#else /* !HAVE_WORDEXP */
+- char xname[PATHSIZE];
+- char cmdbuf[PATHSIZE]; /* also used for file names */
+- int pid, l;
+- char *cp, *shell;
+- int pivec[2];
+- extern int wait_status;
+- struct stat sbuf;
+-
+- if (pipe(pivec) < 0) {
+- perror("pipe");
+- return name;
+- }
+- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
+- if ((shell = value("SHELL")) == NULL)
+- shell = SHELL;
+- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
+- if (pid < 0) {
+- close(pivec[0]);
+- close(pivec[1]);
+- return NULL;
+- }
+- close(pivec[1]);
+-again:
+- l = read(pivec[0], xname, sizeof xname);
+- if (l < 0) {
+- if (errno == EINTR)
+- goto again;
+- perror("read");
+- close(pivec[0]);
+- return NULL;
+- }
+- close(pivec[0]);
+- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
+- fprintf(stderr, catgets(catd, CATSET, 81,
+- "\"%s\": Expansion failed.\n"), name);
+- return NULL;
+- }
+- if (l == 0) {
+- fprintf(stderr, catgets(catd, CATSET, 82,
+- "\"%s\": No match.\n"), name);
+- return NULL;
+- }
+- if (l == sizeof xname) {
+- fprintf(stderr, catgets(catd, CATSET, 83,
+- "\"%s\": Expansion buffer overflow.\n"), name);
+- return NULL;
+- }
+- xname[l] = 0;
+- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
+- ;
+- cp[1] = '\0';
+- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
+- fprintf(stderr, catgets(catd, CATSET, 84,
+- "\"%s\": Ambiguous.\n"), name);
+- return NULL;
+- }
+- return savestr(xname);
+-#endif /* !HAVE_WORDEXP */
+ }
+
+ /*
+diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1
+--- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000
+@@ -656,6 +656,14 @@
+ will have the system wide alias expanded
+ as all mail goes through sendmail.
+ .SS "Recipient address specifications"
++If the
++.I expandaddr
++option is not set (the default), recipient addresses must be names of
++local mailboxes or Internet mail addresses.
++.PP
++If the
++.I expandaddr
++option is set, the following rules apply:
+ When an address is used to name a recipient
+ (in any of To, Cc, or Bcc),
+ names of local mail folders
+@@ -2391,6 +2399,12 @@
+ If this option is set,
+ \fImailx\fR starts even with an empty mailbox.
+ .TP
++.B expandaddr
++Causes
++.I mailx
++to expand message recipient addresses, as explained in the section,
++Recipient address specifications.
++.TP
+ .B flipr
+ Exchanges the
+ .I Respond
+@@ -3575,7 +3589,7 @@
+ .TP
+ .B ssl-method
+ Selects a SSL/TLS protocol version;
+-valid values are `ssl2', `ssl3', and `tls1'.
++valid values are `ssl3', and `tls1'.
+ If unset, the method is selected automatically,
+ if possible.
+ .TP
+diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c
+--- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000
+@@ -268,6 +268,9 @@
+ FILE *fout, *fin;
+ int ispipe;
+
++ if (value("expandaddr") == NULL)
++ return names;
++
+ top = names;
+ np = names;
+ time(&now);
+@@ -546,7 +549,7 @@
+ * Return an error if the name list won't fit.
+ */
+ char **
+-unpack(struct name *np)
++unpack(struct name *smopts, struct name *np)
+ {
+ char **ap, **top;
+ struct name *n;
+@@ -561,7 +564,7 @@
+ * the terminating 0 pointer. Additional spots may be needed
+ * to pass along -f to the host mailer.
+ */
+- extra = 2;
++ extra = 3 + count(smopts);
+ extra++;
+ metoo = value("metoo") != NULL;
+ if (metoo)
+@@ -578,6 +581,10 @@
+ *ap++ = "-m";
+ if (verbose)
+ *ap++ = "-v";
++ for (; smopts != NULL; smopts = smopts->n_flink)
++ if ((smopts->n_type & GDEL) == 0)
++ *ap++ = smopts->n_name;
++ *ap++ = "--";
+ for (; n != NULL; n = n->n_flink)
+ if ((n->n_type & GDEL) == 0)
+ *ap++ = n->n_name;
+diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c
+--- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000
+@@ -216,9 +216,7 @@
+
+ cp = ssl_method_string(uhp);
+ if (cp != NULL) {
+- if (equal(cp, "ssl2"))
+- method = SSLv2_client_method();
+- else if (equal(cp, "ssl3"))
++ if (equal(cp, "ssl3"))
+ method = SSLv3_client_method();
+ else if (equal(cp, "tls1"))
+ method = TLSv1_client_method();
+diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c
+--- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100
++++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000
+@@ -835,7 +835,7 @@
+ #endif /* HAVE_SOCKETS */
+
+ if ((smtp = value("smtp")) == NULL) {
+- args = unpack(cat(mailargs, to));
++ args = unpack(mailargs, to);
+ if (debug || value("debug")) {
+ printf(catgets(catd, CATSET, 181,
+ "Sendmail arguments:"));
diff --git a/user/mailx/mailx-12.4-openssl.patch b/user/mailx/mailx-12.4-openssl.patch
new file mode 100644
index 000000000..e8adcde5c
--- /dev/null
+++ b/user/mailx/mailx-12.4-openssl.patch
@@ -0,0 +1,72 @@
+http://bugs.gentoo.org/328363
+http://repos.archlinux.org/wsvn/community/mailx-heirloom/trunk/mailx-heirloom-openssl-1.0.patch
+
+--- a/openssl.c
++++ b/openssl.c
+@@ -105,7 +105,7 @@
+ static void ssl_load_verifications(struct sock *sp);
+ static void ssl_certificate(struct sock *sp, const char *uhp);
+ static enum okay ssl_check_host(const char *server, struct sock *sp);
+-static int smime_verify(struct message *m, int n, STACK *chain,
++static int smime_verify(struct message *m, int n, STACK_OF(X509) *chain,
+ X509_STORE *store);
+ static EVP_CIPHER *smime_cipher(const char *name);
+ static int ssl_password_cb(char *buf, int size, int rwflag, void *userdata);
+@@ -308,7 +308,7 @@
+ X509 *cert;
+ X509_NAME *subj;
+ char data[256];
+- /*GENERAL_NAMES*/STACK *gens;
++ /*GENERAL_NAMES*/STACK_OF(GENERAL_NAMES) *gens;
+ GENERAL_NAME *gen;
+ int i;
+
+@@ -496,7 +496,7 @@
+ }
+
+ static int
+-smime_verify(struct message *m, int n, STACK *chain, X509_STORE *store)
++smime_verify(struct message *m, int n, STACK_OF(X509) *chain, X509_STORE *store)
+ {
+ struct message *x;
+ char *cp, *sender, *to, *cc, *cnttype;
+@@ -505,7 +505,8 @@
+ off_t size;
+ BIO *fb, *pb;
+ PKCS7 *pkcs7;
+- STACK *certs, *gens;
++ STACK_OF(X509) *certs;
++ STACK_OF(GENERAL_NAMES) *gens;
+ X509 *cert;
+ X509_NAME *subj;
+ char data[LINESIZE];
+@@ -614,7 +615,7 @@
+ {
+ int *msgvec = vp, *ip;
+ int ec = 0;
+- STACK *chain = NULL;
++ STACK_OF(X509) *chain = NULL;
+ X509_STORE *store;
+ char *ca_dir, *ca_file;
+
+@@ -687,7 +688,7 @@
+ X509 *cert;
+ PKCS7 *pkcs7;
+ BIO *bb, *yb;
+- STACK *certs;
++ STACK_OF(X509) *certs;
+ EVP_CIPHER *cipher;
+
+ certfile = expand((char *)certfile);
+@@ -950,9 +951,9 @@
+ off_t size;
+ BIO *fb, *pb;
+ PKCS7 *pkcs7;
+- STACK *certs;
++ STACK_OF(X509) *certs;
+ X509 *cert;
+- STACK *chain = NULL;
++ STACK_OF(X509) *chain = NULL;
+ enum okay ok = OKAY;
+
+ message_number = n;