summaryrefslogtreecommitdiff
path: root/user/mailx/mailx-12.4-cve.patch
blob: fa6d51197397ebecbefd990f8b931fe8d611004e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2014-12-27
Initial Package Version: 12.5
Upstream Status: Unknown
Origin: Changes to remove SSL2 found at debian, remainder from redhat.
Description: Removes support for SSL2 (openssl no longer supports it)
and fixes CVE-2004-2771 [sic] and CVE-2014-7844.

diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h
--- heirloom-mailx-12.5/extern.h	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/extern.h	2014-12-27 01:26:59.654169487 +0000
@@ -396,7 +396,7 @@
 int is_fileaddr(char *name);
 struct name *usermap(struct name *names);
 struct name *cat(struct name *n1, struct name *n2);
-char **unpack(struct name *np);
+char **unpack(struct name *smopts, struct name *np);
 struct name *elide(struct name *names);
 int count(struct name *np);
 struct name *delete_alternates(struct name *np);
diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c
--- heirloom-mailx-12.5/fio.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/fio.c	2014-12-27 01:27:15.634561413 +0000
@@ -43,12 +43,15 @@
 #endif /* not lint */
 
 #include "rcv.h"
+
+#ifndef HAVE_WORDEXP
+#error wordexp support is required
+#endif
+
 #include <sys/stat.h>
 #include <sys/file.h>
 #include <sys/wait.h>
-#ifdef	HAVE_WORDEXP
 #include <wordexp.h>
-#endif	/* HAVE_WORDEXP */
 #include <unistd.h>
 
 #if defined (USE_NSS)
@@ -481,7 +484,6 @@
 static char *
 globname(char *name)
 {
-#ifdef	HAVE_WORDEXP
 	wordexp_t we;
 	char *cp;
 	sigset_t nset;
@@ -495,7 +497,7 @@
 	sigemptyset(&nset);
 	sigaddset(&nset, SIGCHLD);
 	sigprocmask(SIG_BLOCK, &nset, NULL);
-	i = wordexp(name, &we, 0);
+	i = wordexp(name, &we, WRDE_NOCMD);
 	sigprocmask(SIG_UNBLOCK, &nset, NULL);
 	switch (i) {
 	case 0:
@@ -527,65 +529,6 @@
 	}
 	wordfree(&we);
 	return cp;
-#else	/* !HAVE_WORDEXP */
-	char xname[PATHSIZE];
-	char cmdbuf[PATHSIZE];		/* also used for file names */
-	int pid, l;
-	char *cp, *shell;
-	int pivec[2];
-	extern int wait_status;
-	struct stat sbuf;
-
-	if (pipe(pivec) < 0) {
-		perror("pipe");
-		return name;
-	}
-	snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
-	if ((shell = value("SHELL")) == NULL)
-		shell = SHELL;
-	pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
-	if (pid < 0) {
-		close(pivec[0]);
-		close(pivec[1]);
-		return NULL;
-	}
-	close(pivec[1]);
-again:
-	l = read(pivec[0], xname, sizeof xname);
-	if (l < 0) {
-		if (errno == EINTR)
-			goto again;
-		perror("read");
-		close(pivec[0]);
-		return NULL;
-	}
-	close(pivec[0]);
-	if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
-		fprintf(stderr, catgets(catd, CATSET, 81,
-				"\"%s\": Expansion failed.\n"), name);
-		return NULL;
-	}
-	if (l == 0) {
-		fprintf(stderr, catgets(catd, CATSET, 82,
-					"\"%s\": No match.\n"), name);
-		return NULL;
-	}
-	if (l == sizeof xname) {
-		fprintf(stderr, catgets(catd, CATSET, 83,
-				"\"%s\": Expansion buffer overflow.\n"), name);
-		return NULL;
-	}
-	xname[l] = 0;
-	for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
-		;
-	cp[1] = '\0';
-	if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
-		fprintf(stderr, catgets(catd, CATSET, 84,
-				"\"%s\": Ambiguous.\n"), name);
-		return NULL;
-	}
-	return savestr(xname);
-#endif	/* !HAVE_WORDEXP */
 }
 
 /*
diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1
--- heirloom-mailx-12.5/mailx.1	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/mailx.1	2014-12-27 01:26:53.838026857 +0000
@@ -656,6 +656,14 @@
 will have the system wide alias expanded
 as all mail goes through sendmail.
 .SS "Recipient address specifications"
+If the
+.I expandaddr
+option is not set (the default), recipient addresses must be names of
+local mailboxes or Internet mail addresses.
+.PP
+If the
+.I expandaddr
+option is set, the following rules apply:
 When an address is used to name a recipient
 (in any of To, Cc, or Bcc),
 names of local mail folders
@@ -2391,6 +2399,12 @@
 If this option is set,
 \fImailx\fR starts even with an empty mailbox.
 .TP
+.B expandaddr
+Causes
+.I mailx
+to expand message recipient addresses, as explained in the section,
+Recipient address specifications.
+.TP
 .B flipr
 Exchanges the
 .I Respond
@@ -3575,7 +3589,7 @@
 .TP
 .B ssl-method
 Selects a SSL/TLS protocol version;
-valid values are `ssl2', `ssl3', and `tls1'.
+valid values are `ssl3', and `tls1'.
 If unset, the method is selected automatically,
 if possible.
 .TP
diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c
--- heirloom-mailx-12.5/names.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/names.c	2014-12-27 01:26:59.654169487 +0000
@@ -268,6 +268,9 @@
 	FILE *fout, *fin;
 	int ispipe;
 
+	if (value("expandaddr") == NULL)
+		return names;
+
 	top = names;
 	np = names;
 	time(&now);
@@ -546,7 +549,7 @@
  * Return an error if the name list won't fit.
  */
 char **
-unpack(struct name *np)
+unpack(struct name *smopts, struct name *np)
 {
 	char **ap, **top;
 	struct name *n;
@@ -561,7 +564,7 @@
 	 * the terminating 0 pointer.  Additional spots may be needed
 	 * to pass along -f to the host mailer.
 	 */
-	extra = 2;
+	extra = 3 + count(smopts);
 	extra++;
 	metoo = value("metoo") != NULL;
 	if (metoo)
@@ -578,6 +581,10 @@
 		*ap++ = "-m";
 	if (verbose)
 		*ap++ = "-v";
+	for (; smopts != NULL; smopts = smopts->n_flink)
+		if ((smopts->n_type & GDEL) == 0)
+			*ap++ = smopts->n_name;
+	*ap++ = "--";
 	for (; n != NULL; n = n->n_flink)
 		if ((n->n_type & GDEL) == 0)
 			*ap++ = n->n_name;
diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c
--- heirloom-mailx-12.5/openssl.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/openssl.c	2014-12-27 01:26:34.385549867 +0000
@@ -216,9 +216,7 @@
 
 	cp = ssl_method_string(uhp);
 	if (cp != NULL) {
-		if (equal(cp, "ssl2"))
-			method = SSLv2_client_method();
-		else if (equal(cp, "ssl3"))
+		if (equal(cp, "ssl3"))
 			method = SSLv3_client_method();
 		else if (equal(cp, "tls1"))
 			method = TLSv1_client_method();
diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c
--- heirloom-mailx-12.5/sendout.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/sendout.c	2014-12-27 01:26:59.654169487 +0000
@@ -835,7 +835,7 @@
 #endif	/* HAVE_SOCKETS */
 
 	if ((smtp = value("smtp")) == NULL) {
-		args = unpack(cat(mailargs, to));
+		args = unpack(mailargs, to);
 		if (debug || value("debug")) {
 			printf(catgets(catd, CATSET, 181,
 					"Sendmail arguments:"));