diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/mailx/APKBUILD | 33 | ||||
-rw-r--r-- | system/mailx/Mail | 2 | ||||
-rw-r--r-- | system/mailx/mailx-12.4-cve.patch | 232 | ||||
-rw-r--r-- | system/mailx/mailx-12.4-openssl.patch | 72 |
4 files changed, 339 insertions, 0 deletions
diff --git a/system/mailx/APKBUILD b/system/mailx/APKBUILD new file mode 100644 index 000000000..062b40286 --- /dev/null +++ b/system/mailx/APKBUILD @@ -0,0 +1,33 @@ +# Contributor: A. Wilcox <awilfox@adelielinux.org> +# Maintainer: A. Wilcox <awilfox@adelielinux.org> +pkgname=mailx +pkgver=12.4 +pkgrel=0 +pkgdesc="Send and receive Internet mail" +url="http://heirloom.sourceforge.net/mailx.html" +arch="all" +options="!check" # No test suite. +license="BSD-4-Clause AND MIT AND MPL-1.1" +depends="" +makedepends="openssl-dev" +subpackages="$pkgname-doc" +source="http://downloads.sourceforge.net/heirloom/$pkgname-$pkgver.tar.bz2 + Mail + mailx-12.4-openssl.patch + mailx-12.4-cve.patch" + +build() { + cd "$builddir" + make PREFIX="/usr" SYSCONFDIR="/etc" STRIP=":" +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" PREFIX="/usr" SYSCONFDIR="/etc" STRIP=":" UCBINSTALL="`command -v install`" install + install -m 755 "$srcdir"/Mail "$pkgdir"/usr/bin/Mail +} + +sha512sums="a0e29972f552bd630ce1a14f70e61661815118520bcd4a00b6cad53f3270d3d08c835ff6982ba8800eb380a5b46f54eb6e60fb7533b5f41c916af45d29605af8 mailx-12.4.tar.bz2 +8715bcdbcc5170f406df2a78dc9bac144c5d73eb90ba4832162cd3c5d72c938a32a86e622e64c7e786c05343a37d7b94245cc636511261d1d4f817def04087d2 Mail +a74f85b5a4a9f9cd9a38e244498a11394c42189bbd0601656b6ed56fa55bf596820ef2f995c6878d322a1eca135bd1b1822467c4086adb849c81d65229845663 mailx-12.4-openssl.patch +1e77cd6ea251793ca48ae86b265580cd70fe33838b0b4e1f522af07f4f34bc909e1bab52dc0180516d44399c4227a54be7718c76ebbc4f886f372fdc5c19278f mailx-12.4-cve.patch" diff --git a/system/mailx/Mail b/system/mailx/Mail new file mode 100644 index 000000000..454f3c10d --- /dev/null +++ b/system/mailx/Mail @@ -0,0 +1,2 @@ +#!/bin/sh +mailx -S bsdcompat diff --git a/system/mailx/mailx-12.4-cve.patch b/system/mailx/mailx-12.4-cve.patch new file mode 100644 index 000000000..fa6d51197 --- /dev/null +++ b/system/mailx/mailx-12.4-cve.patch @@ -0,0 +1,232 @@ +Submitted By: Ken Moffat <ken at linuxfromscratch dot org> +Date: 2014-12-27 +Initial Package Version: 12.5 +Upstream Status: Unknown +Origin: Changes to remove SSL2 found at debian, remainder from redhat. +Description: Removes support for SSL2 (openssl no longer supports it) +and fixes CVE-2004-2771 [sic] and CVE-2014-7844. + +diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h +--- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000 +@@ -396,7 +396,7 @@ + int is_fileaddr(char *name); + struct name *usermap(struct name *names); + struct name *cat(struct name *n1, struct name *n2); +-char **unpack(struct name *np); ++char **unpack(struct name *smopts, struct name *np); + struct name *elide(struct name *names); + int count(struct name *np); + struct name *delete_alternates(struct name *np); +diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c +--- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000 +@@ -43,12 +43,15 @@ + #endif /* not lint */ + + #include "rcv.h" ++ ++#ifndef HAVE_WORDEXP ++#error wordexp support is required ++#endif ++ + #include <sys/stat.h> + #include <sys/file.h> + #include <sys/wait.h> +-#ifdef HAVE_WORDEXP + #include <wordexp.h> +-#endif /* HAVE_WORDEXP */ + #include <unistd.h> + + #if defined (USE_NSS) +@@ -481,7 +484,6 @@ + static char * + globname(char *name) + { +-#ifdef HAVE_WORDEXP + wordexp_t we; + char *cp; + sigset_t nset; +@@ -495,7 +497,7 @@ + sigemptyset(&nset); + sigaddset(&nset, SIGCHLD); + sigprocmask(SIG_BLOCK, &nset, NULL); +- i = wordexp(name, &we, 0); ++ i = wordexp(name, &we, WRDE_NOCMD); + sigprocmask(SIG_UNBLOCK, &nset, NULL); + switch (i) { + case 0: +@@ -527,65 +529,6 @@ + } + wordfree(&we); + return cp; +-#else /* !HAVE_WORDEXP */ +- char xname[PATHSIZE]; +- char cmdbuf[PATHSIZE]; /* also used for file names */ +- int pid, l; +- char *cp, *shell; +- int pivec[2]; +- extern int wait_status; +- struct stat sbuf; +- +- if (pipe(pivec) < 0) { +- perror("pipe"); +- return name; +- } +- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name); +- if ((shell = value("SHELL")) == NULL) +- shell = SHELL; +- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL); +- if (pid < 0) { +- close(pivec[0]); +- close(pivec[1]); +- return NULL; +- } +- close(pivec[1]); +-again: +- l = read(pivec[0], xname, sizeof xname); +- if (l < 0) { +- if (errno == EINTR) +- goto again; +- perror("read"); +- close(pivec[0]); +- return NULL; +- } +- close(pivec[0]); +- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) { +- fprintf(stderr, catgets(catd, CATSET, 81, +- "\"%s\": Expansion failed.\n"), name); +- return NULL; +- } +- if (l == 0) { +- fprintf(stderr, catgets(catd, CATSET, 82, +- "\"%s\": No match.\n"), name); +- return NULL; +- } +- if (l == sizeof xname) { +- fprintf(stderr, catgets(catd, CATSET, 83, +- "\"%s\": Expansion buffer overflow.\n"), name); +- return NULL; +- } +- xname[l] = 0; +- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--) +- ; +- cp[1] = '\0'; +- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) { +- fprintf(stderr, catgets(catd, CATSET, 84, +- "\"%s\": Ambiguous.\n"), name); +- return NULL; +- } +- return savestr(xname); +-#endif /* !HAVE_WORDEXP */ + } + + /* +diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1 +--- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000 +@@ -656,6 +656,14 @@ + will have the system wide alias expanded + as all mail goes through sendmail. + .SS "Recipient address specifications" ++If the ++.I expandaddr ++option is not set (the default), recipient addresses must be names of ++local mailboxes or Internet mail addresses. ++.PP ++If the ++.I expandaddr ++option is set, the following rules apply: + When an address is used to name a recipient + (in any of To, Cc, or Bcc), + names of local mail folders +@@ -2391,6 +2399,12 @@ + If this option is set, + \fImailx\fR starts even with an empty mailbox. + .TP ++.B expandaddr ++Causes ++.I mailx ++to expand message recipient addresses, as explained in the section, ++Recipient address specifications. ++.TP + .B flipr + Exchanges the + .I Respond +@@ -3575,7 +3589,7 @@ + .TP + .B ssl-method + Selects a SSL/TLS protocol version; +-valid values are `ssl2', `ssl3', and `tls1'. ++valid values are `ssl3', and `tls1'. + If unset, the method is selected automatically, + if possible. + .TP +diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c +--- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000 +@@ -268,6 +268,9 @@ + FILE *fout, *fin; + int ispipe; + ++ if (value("expandaddr") == NULL) ++ return names; ++ + top = names; + np = names; + time(&now); +@@ -546,7 +549,7 @@ + * Return an error if the name list won't fit. + */ + char ** +-unpack(struct name *np) ++unpack(struct name *smopts, struct name *np) + { + char **ap, **top; + struct name *n; +@@ -561,7 +564,7 @@ + * the terminating 0 pointer. Additional spots may be needed + * to pass along -f to the host mailer. + */ +- extra = 2; ++ extra = 3 + count(smopts); + extra++; + metoo = value("metoo") != NULL; + if (metoo) +@@ -578,6 +581,10 @@ + *ap++ = "-m"; + if (verbose) + *ap++ = "-v"; ++ for (; smopts != NULL; smopts = smopts->n_flink) ++ if ((smopts->n_type & GDEL) == 0) ++ *ap++ = smopts->n_name; ++ *ap++ = "--"; + for (; n != NULL; n = n->n_flink) + if ((n->n_type & GDEL) == 0) + *ap++ = n->n_name; +diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c +--- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000 +@@ -216,9 +216,7 @@ + + cp = ssl_method_string(uhp); + if (cp != NULL) { +- if (equal(cp, "ssl2")) +- method = SSLv2_client_method(); +- else if (equal(cp, "ssl3")) ++ if (equal(cp, "ssl3")) + method = SSLv3_client_method(); + else if (equal(cp, "tls1")) + method = TLSv1_client_method(); +diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c +--- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000 +@@ -835,7 +835,7 @@ + #endif /* HAVE_SOCKETS */ + + if ((smtp = value("smtp")) == NULL) { +- args = unpack(cat(mailargs, to)); ++ args = unpack(mailargs, to); + if (debug || value("debug")) { + printf(catgets(catd, CATSET, 181, + "Sendmail arguments:")); diff --git a/system/mailx/mailx-12.4-openssl.patch b/system/mailx/mailx-12.4-openssl.patch new file mode 100644 index 000000000..e8adcde5c --- /dev/null +++ b/system/mailx/mailx-12.4-openssl.patch @@ -0,0 +1,72 @@ +http://bugs.gentoo.org/328363 +http://repos.archlinux.org/wsvn/community/mailx-heirloom/trunk/mailx-heirloom-openssl-1.0.patch + +--- a/openssl.c ++++ b/openssl.c +@@ -105,7 +105,7 @@ + static void ssl_load_verifications(struct sock *sp); + static void ssl_certificate(struct sock *sp, const char *uhp); + static enum okay ssl_check_host(const char *server, struct sock *sp); +-static int smime_verify(struct message *m, int n, STACK *chain, ++static int smime_verify(struct message *m, int n, STACK_OF(X509) *chain, + X509_STORE *store); + static EVP_CIPHER *smime_cipher(const char *name); + static int ssl_password_cb(char *buf, int size, int rwflag, void *userdata); +@@ -308,7 +308,7 @@ + X509 *cert; + X509_NAME *subj; + char data[256]; +- /*GENERAL_NAMES*/STACK *gens; ++ /*GENERAL_NAMES*/STACK_OF(GENERAL_NAMES) *gens; + GENERAL_NAME *gen; + int i; + +@@ -496,7 +496,7 @@ + } + + static int +-smime_verify(struct message *m, int n, STACK *chain, X509_STORE *store) ++smime_verify(struct message *m, int n, STACK_OF(X509) *chain, X509_STORE *store) + { + struct message *x; + char *cp, *sender, *to, *cc, *cnttype; +@@ -505,7 +505,8 @@ + off_t size; + BIO *fb, *pb; + PKCS7 *pkcs7; +- STACK *certs, *gens; ++ STACK_OF(X509) *certs; ++ STACK_OF(GENERAL_NAMES) *gens; + X509 *cert; + X509_NAME *subj; + char data[LINESIZE]; +@@ -614,7 +615,7 @@ + { + int *msgvec = vp, *ip; + int ec = 0; +- STACK *chain = NULL; ++ STACK_OF(X509) *chain = NULL; + X509_STORE *store; + char *ca_dir, *ca_file; + +@@ -687,7 +688,7 @@ + X509 *cert; + PKCS7 *pkcs7; + BIO *bb, *yb; +- STACK *certs; ++ STACK_OF(X509) *certs; + EVP_CIPHER *cipher; + + certfile = expand((char *)certfile); +@@ -950,9 +951,9 @@ + off_t size; + BIO *fb, *pb; + PKCS7 *pkcs7; +- STACK *certs; ++ STACK_OF(X509) *certs; + X509 *cert; +- STACK *chain = NULL; ++ STACK_OF(X509) *chain = NULL; + enum okay ok = OKAY; + + message_number = n; |