diff options
Diffstat (limited to 'user/mailx/mailx-12.4-cve.patch')
-rw-r--r-- | user/mailx/mailx-12.4-cve.patch | 232 |
1 files changed, 0 insertions, 232 deletions
diff --git a/user/mailx/mailx-12.4-cve.patch b/user/mailx/mailx-12.4-cve.patch deleted file mode 100644 index fa6d51197..000000000 --- a/user/mailx/mailx-12.4-cve.patch +++ /dev/null @@ -1,232 +0,0 @@ -Submitted By: Ken Moffat <ken at linuxfromscratch dot org> -Date: 2014-12-27 -Initial Package Version: 12.5 -Upstream Status: Unknown -Origin: Changes to remove SSL2 found at debian, remainder from redhat. -Description: Removes support for SSL2 (openssl no longer supports it) -and fixes CVE-2004-2771 [sic] and CVE-2014-7844. - -diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h ---- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000 -@@ -396,7 +396,7 @@ - int is_fileaddr(char *name); - struct name *usermap(struct name *names); - struct name *cat(struct name *n1, struct name *n2); --char **unpack(struct name *np); -+char **unpack(struct name *smopts, struct name *np); - struct name *elide(struct name *names); - int count(struct name *np); - struct name *delete_alternates(struct name *np); -diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c ---- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000 -@@ -43,12 +43,15 @@ - #endif /* not lint */ - - #include "rcv.h" -+ -+#ifndef HAVE_WORDEXP -+#error wordexp support is required -+#endif -+ - #include <sys/stat.h> - #include <sys/file.h> - #include <sys/wait.h> --#ifdef HAVE_WORDEXP - #include <wordexp.h> --#endif /* HAVE_WORDEXP */ - #include <unistd.h> - - #if defined (USE_NSS) -@@ -481,7 +484,6 @@ - static char * - globname(char *name) - { --#ifdef HAVE_WORDEXP - wordexp_t we; - char *cp; - sigset_t nset; -@@ -495,7 +497,7 @@ - sigemptyset(&nset); - sigaddset(&nset, SIGCHLD); - sigprocmask(SIG_BLOCK, &nset, NULL); -- i = wordexp(name, &we, 0); -+ i = wordexp(name, &we, WRDE_NOCMD); - sigprocmask(SIG_UNBLOCK, &nset, NULL); - switch (i) { - case 0: -@@ -527,65 +529,6 @@ - } - wordfree(&we); - return cp; --#else /* !HAVE_WORDEXP */ -- char xname[PATHSIZE]; -- char cmdbuf[PATHSIZE]; /* also used for file names */ -- int pid, l; -- char *cp, *shell; -- int pivec[2]; -- extern int wait_status; -- struct stat sbuf; -- -- if (pipe(pivec) < 0) { -- perror("pipe"); -- return name; -- } -- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name); -- if ((shell = value("SHELL")) == NULL) -- shell = SHELL; -- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL); -- if (pid < 0) { -- close(pivec[0]); -- close(pivec[1]); -- return NULL; -- } -- close(pivec[1]); --again: -- l = read(pivec[0], xname, sizeof xname); -- if (l < 0) { -- if (errno == EINTR) -- goto again; -- perror("read"); -- close(pivec[0]); -- return NULL; -- } -- close(pivec[0]); -- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) { -- fprintf(stderr, catgets(catd, CATSET, 81, -- "\"%s\": Expansion failed.\n"), name); -- return NULL; -- } -- if (l == 0) { -- fprintf(stderr, catgets(catd, CATSET, 82, -- "\"%s\": No match.\n"), name); -- return NULL; -- } -- if (l == sizeof xname) { -- fprintf(stderr, catgets(catd, CATSET, 83, -- "\"%s\": Expansion buffer overflow.\n"), name); -- return NULL; -- } -- xname[l] = 0; -- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--) -- ; -- cp[1] = '\0'; -- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) { -- fprintf(stderr, catgets(catd, CATSET, 84, -- "\"%s\": Ambiguous.\n"), name); -- return NULL; -- } -- return savestr(xname); --#endif /* !HAVE_WORDEXP */ - } - - /* -diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1 ---- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000 -@@ -656,6 +656,14 @@ - will have the system wide alias expanded - as all mail goes through sendmail. - .SS "Recipient address specifications" -+If the -+.I expandaddr -+option is not set (the default), recipient addresses must be names of -+local mailboxes or Internet mail addresses. -+.PP -+If the -+.I expandaddr -+option is set, the following rules apply: - When an address is used to name a recipient - (in any of To, Cc, or Bcc), - names of local mail folders -@@ -2391,6 +2399,12 @@ - If this option is set, - \fImailx\fR starts even with an empty mailbox. - .TP -+.B expandaddr -+Causes -+.I mailx -+to expand message recipient addresses, as explained in the section, -+Recipient address specifications. -+.TP - .B flipr - Exchanges the - .I Respond -@@ -3575,7 +3589,7 @@ - .TP - .B ssl-method - Selects a SSL/TLS protocol version; --valid values are `ssl2', `ssl3', and `tls1'. -+valid values are `ssl3', and `tls1'. - If unset, the method is selected automatically, - if possible. - .TP -diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c ---- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000 -@@ -268,6 +268,9 @@ - FILE *fout, *fin; - int ispipe; - -+ if (value("expandaddr") == NULL) -+ return names; -+ - top = names; - np = names; - time(&now); -@@ -546,7 +549,7 @@ - * Return an error if the name list won't fit. - */ - char ** --unpack(struct name *np) -+unpack(struct name *smopts, struct name *np) - { - char **ap, **top; - struct name *n; -@@ -561,7 +564,7 @@ - * the terminating 0 pointer. Additional spots may be needed - * to pass along -f to the host mailer. - */ -- extra = 2; -+ extra = 3 + count(smopts); - extra++; - metoo = value("metoo") != NULL; - if (metoo) -@@ -578,6 +581,10 @@ - *ap++ = "-m"; - if (verbose) - *ap++ = "-v"; -+ for (; smopts != NULL; smopts = smopts->n_flink) -+ if ((smopts->n_type & GDEL) == 0) -+ *ap++ = smopts->n_name; -+ *ap++ = "--"; - for (; n != NULL; n = n->n_flink) - if ((n->n_type & GDEL) == 0) - *ap++ = n->n_name; -diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c ---- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000 -@@ -216,9 +216,7 @@ - - cp = ssl_method_string(uhp); - if (cp != NULL) { -- if (equal(cp, "ssl2")) -- method = SSLv2_client_method(); -- else if (equal(cp, "ssl3")) -+ if (equal(cp, "ssl3")) - method = SSLv3_client_method(); - else if (equal(cp, "tls1")) - method = TLSv1_client_method(); -diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c ---- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000 -@@ -835,7 +835,7 @@ - #endif /* HAVE_SOCKETS */ - - if ((smtp = value("smtp")) == NULL) { -- args = unpack(cat(mailargs, to)); -+ args = unpack(mailargs, to); - if (debug || value("debug")) { - printf(catgets(catd, CATSET, 181, - "Sendmail arguments:")); |