Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2014-12-27
Initial Package Version: 12.5
Upstream Status: Unknown
Origin: Changes to remove SSL2 found at debian, remainder from redhat.
Description: Removes support for SSL2 (openssl no longer supports it)
and fixes CVE-2004-2771 [sic] and CVE-2014-7844.

diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h
--- heirloom-mailx-12.5/extern.h	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/extern.h	2014-12-27 01:26:59.654169487 +0000
@@ -396,7 +396,7 @@
 int is_fileaddr(char *name);
 struct name *usermap(struct name *names);
 struct name *cat(struct name *n1, struct name *n2);
-char **unpack(struct name *np);
+char **unpack(struct name *smopts, struct name *np);
 struct name *elide(struct name *names);
 int count(struct name *np);
 struct name *delete_alternates(struct name *np);
diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c
--- heirloom-mailx-12.5/fio.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/fio.c	2014-12-27 01:27:15.634561413 +0000
@@ -43,12 +43,15 @@
 #endif /* not lint */
 
 #include "rcv.h"
+
+#ifndef HAVE_WORDEXP
+#error wordexp support is required
+#endif
+
 #include <sys/stat.h>
 #include <sys/file.h>
 #include <sys/wait.h>
-#ifdef	HAVE_WORDEXP
 #include <wordexp.h>
-#endif	/* HAVE_WORDEXP */
 #include <unistd.h>
 
 #if defined (USE_NSS)
@@ -481,7 +484,6 @@
 static char *
 globname(char *name)
 {
-#ifdef	HAVE_WORDEXP
 	wordexp_t we;
 	char *cp;
 	sigset_t nset;
@@ -495,7 +497,7 @@
 	sigemptyset(&nset);
 	sigaddset(&nset, SIGCHLD);
 	sigprocmask(SIG_BLOCK, &nset, NULL);
-	i = wordexp(name, &we, 0);
+	i = wordexp(name, &we, WRDE_NOCMD);
 	sigprocmask(SIG_UNBLOCK, &nset, NULL);
 	switch (i) {
 	case 0:
@@ -527,65 +529,6 @@
 	}
 	wordfree(&we);
 	return cp;
-#else	/* !HAVE_WORDEXP */
-	char xname[PATHSIZE];
-	char cmdbuf[PATHSIZE];		/* also used for file names */
-	int pid, l;
-	char *cp, *shell;
-	int pivec[2];
-	extern int wait_status;
-	struct stat sbuf;
-
-	if (pipe(pivec) < 0) {
-		perror("pipe");
-		return name;
-	}
-	snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
-	if ((shell = value("SHELL")) == NULL)
-		shell = SHELL;
-	pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
-	if (pid < 0) {
-		close(pivec[0]);
-		close(pivec[1]);
-		return NULL;
-	}
-	close(pivec[1]);
-again:
-	l = read(pivec[0], xname, sizeof xname);
-	if (l < 0) {
-		if (errno == EINTR)
-			goto again;
-		perror("read");
-		close(pivec[0]);
-		return NULL;
-	}
-	close(pivec[0]);
-	if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
-		fprintf(stderr, catgets(catd, CATSET, 81,
-				"\"%s\": Expansion failed.\n"), name);
-		return NULL;
-	}
-	if (l == 0) {
-		fprintf(stderr, catgets(catd, CATSET, 82,
-					"\"%s\": No match.\n"), name);
-		return NULL;
-	}
-	if (l == sizeof xname) {
-		fprintf(stderr, catgets(catd, CATSET, 83,
-				"\"%s\": Expansion buffer overflow.\n"), name);
-		return NULL;
-	}
-	xname[l] = 0;
-	for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
-		;
-	cp[1] = '\0';
-	if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
-		fprintf(stderr, catgets(catd, CATSET, 84,
-				"\"%s\": Ambiguous.\n"), name);
-		return NULL;
-	}
-	return savestr(xname);
-#endif	/* !HAVE_WORDEXP */
 }
 
 /*
diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1
--- heirloom-mailx-12.5/mailx.1	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/mailx.1	2014-12-27 01:26:53.838026857 +0000
@@ -656,6 +656,14 @@
 will have the system wide alias expanded
 as all mail goes through sendmail.
 .SS "Recipient address specifications"
+If the
+.I expandaddr
+option is not set (the default), recipient addresses must be names of
+local mailboxes or Internet mail addresses.
+.PP
+If the
+.I expandaddr
+option is set, the following rules apply:
 When an address is used to name a recipient
 (in any of To, Cc, or Bcc),
 names of local mail folders
@@ -2391,6 +2399,12 @@
 If this option is set,
 \fImailx\fR starts even with an empty mailbox.
 .TP
+.B expandaddr
+Causes
+.I mailx
+to expand message recipient addresses, as explained in the section,
+Recipient address specifications.
+.TP
 .B flipr
 Exchanges the
 .I Respond
@@ -3575,7 +3589,7 @@
 .TP
 .B ssl-method
 Selects a SSL/TLS protocol version;
-valid values are `ssl2', `ssl3', and `tls1'.
+valid values are `ssl3', and `tls1'.
 If unset, the method is selected automatically,
 if possible.
 .TP
diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c
--- heirloom-mailx-12.5/names.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/names.c	2014-12-27 01:26:59.654169487 +0000
@@ -268,6 +268,9 @@
 	FILE *fout, *fin;
 	int ispipe;
 
+	if (value("expandaddr") == NULL)
+		return names;
+
 	top = names;
 	np = names;
 	time(&now);
@@ -546,7 +549,7 @@
  * Return an error if the name list won't fit.
  */
 char **
-unpack(struct name *np)
+unpack(struct name *smopts, struct name *np)
 {
 	char **ap, **top;
 	struct name *n;
@@ -561,7 +564,7 @@
 	 * the terminating 0 pointer.  Additional spots may be needed
 	 * to pass along -f to the host mailer.
 	 */
-	extra = 2;
+	extra = 3 + count(smopts);
 	extra++;
 	metoo = value("metoo") != NULL;
 	if (metoo)
@@ -578,6 +581,10 @@
 		*ap++ = "-m";
 	if (verbose)
 		*ap++ = "-v";
+	for (; smopts != NULL; smopts = smopts->n_flink)
+		if ((smopts->n_type & GDEL) == 0)
+			*ap++ = smopts->n_name;
+	*ap++ = "--";
 	for (; n != NULL; n = n->n_flink)
 		if ((n->n_type & GDEL) == 0)
 			*ap++ = n->n_name;
diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c
--- heirloom-mailx-12.5/openssl.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/openssl.c	2014-12-27 01:26:34.385549867 +0000
@@ -216,9 +216,7 @@
 
 	cp = ssl_method_string(uhp);
 	if (cp != NULL) {
-		if (equal(cp, "ssl2"))
-			method = SSLv2_client_method();
-		else if (equal(cp, "ssl3"))
+		if (equal(cp, "ssl3"))
 			method = SSLv3_client_method();
 		else if (equal(cp, "tls1"))
 			method = TLSv1_client_method();
diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c
--- heirloom-mailx-12.5/sendout.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/sendout.c	2014-12-27 01:26:59.654169487 +0000
@@ -835,7 +835,7 @@
 #endif	/* HAVE_SOCKETS */
 
 	if ((smtp = value("smtp")) == NULL) {
-		args = unpack(cat(mailargs, to));
+		args = unpack(mailargs, to);
 		if (debug || value("debug")) {
 			printf(catgets(catd, CATSET, 181,
 					"Sendmail arguments:"));