diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-28 19:12:29 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 23:39:35 +0200 |
commit | 646a5c1cbfd95873950a87b5f75d52073a967023 (patch) | |
tree | b8b8d2ab3b0d432ea69ad1a64d1c789649d65020 /source/n/mailx | |
parent | d31c50870d0bee042ce660e445c9294a59a3a65b (diff) | |
download | current-646a5c1cbfd95873950a87b5f75d52073a967023.tar.gz |
Mon May 28 19:12:29 UTC 201820180528191229
a/pkgtools-15.0-noarch-13.txz: Rebuilt.
installpkg: default line length for --terselength is the number of columns.
removepkg: added --terse mode.
upgradepkg: default line length for --terselength is the number of columns.
upgradepkg: accept -option in addition to --option.
ap/vim-8.1.0026-x86_64-1.txz: Upgraded.
d/bison-3.0.5-x86_64-1.txz: Upgraded.
e/emacs-26.1-x86_64-1.txz: Upgraded.
kde/kopete-4.14.3-x86_64-8.txz: Rebuilt.
Recompiled against libidn-1.35.
n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded.
n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded.
n/libnftnl-1.1.0-x86_64-1.txz: Upgraded.
n/links-2.16-x86_64-2.txz: Rebuilt.
Rebuilt to enable X driver for -g mode.
n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded.
n/nftables-0.8.5-x86_64-1.txz: Upgraded.
n/p11-kit-0.23.11-x86_64-1.txz: Upgraded.
n/ulogd-2.0.7-x86_64-1.txz: Upgraded.
n/whois-5.3.1-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/mailx')
-rw-r--r-- | source/n/mailx/heirloom-mailx-12.5-fixes-1.patch | 232 | ||||
-rw-r--r-- | source/n/mailx/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch | 25 | ||||
-rw-r--r-- | source/n/mailx/mailx-12.5-openssl.patch | 41 | ||||
-rw-r--r-- | source/n/mailx/mailx-12.5-outof-Introduce-expandaddr-flag.patch | 64 | ||||
-rwxr-xr-x | source/n/mailx/mailx.SlackBuild | 25 | ||||
-rw-r--r-- | source/n/mailx/slack-desc | 6 |
6 files changed, 151 insertions, 242 deletions
diff --git a/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch b/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch deleted file mode 100644 index fa6d5119..00000000 --- a/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch +++ /dev/null @@ -1,232 +0,0 @@ -Submitted By: Ken Moffat <ken at linuxfromscratch dot org> -Date: 2014-12-27 -Initial Package Version: 12.5 -Upstream Status: Unknown -Origin: Changes to remove SSL2 found at debian, remainder from redhat. -Description: Removes support for SSL2 (openssl no longer supports it) -and fixes CVE-2004-2771 [sic] and CVE-2014-7844. - -diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h ---- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000 -@@ -396,7 +396,7 @@ - int is_fileaddr(char *name); - struct name *usermap(struct name *names); - struct name *cat(struct name *n1, struct name *n2); --char **unpack(struct name *np); -+char **unpack(struct name *smopts, struct name *np); - struct name *elide(struct name *names); - int count(struct name *np); - struct name *delete_alternates(struct name *np); -diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c ---- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000 -@@ -43,12 +43,15 @@ - #endif /* not lint */ - - #include "rcv.h" -+ -+#ifndef HAVE_WORDEXP -+#error wordexp support is required -+#endif -+ - #include <sys/stat.h> - #include <sys/file.h> - #include <sys/wait.h> --#ifdef HAVE_WORDEXP - #include <wordexp.h> --#endif /* HAVE_WORDEXP */ - #include <unistd.h> - - #if defined (USE_NSS) -@@ -481,7 +484,6 @@ - static char * - globname(char *name) - { --#ifdef HAVE_WORDEXP - wordexp_t we; - char *cp; - sigset_t nset; -@@ -495,7 +497,7 @@ - sigemptyset(&nset); - sigaddset(&nset, SIGCHLD); - sigprocmask(SIG_BLOCK, &nset, NULL); -- i = wordexp(name, &we, 0); -+ i = wordexp(name, &we, WRDE_NOCMD); - sigprocmask(SIG_UNBLOCK, &nset, NULL); - switch (i) { - case 0: -@@ -527,65 +529,6 @@ - } - wordfree(&we); - return cp; --#else /* !HAVE_WORDEXP */ -- char xname[PATHSIZE]; -- char cmdbuf[PATHSIZE]; /* also used for file names */ -- int pid, l; -- char *cp, *shell; -- int pivec[2]; -- extern int wait_status; -- struct stat sbuf; -- -- if (pipe(pivec) < 0) { -- perror("pipe"); -- return name; -- } -- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name); -- if ((shell = value("SHELL")) == NULL) -- shell = SHELL; -- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL); -- if (pid < 0) { -- close(pivec[0]); -- close(pivec[1]); -- return NULL; -- } -- close(pivec[1]); --again: -- l = read(pivec[0], xname, sizeof xname); -- if (l < 0) { -- if (errno == EINTR) -- goto again; -- perror("read"); -- close(pivec[0]); -- return NULL; -- } -- close(pivec[0]); -- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) { -- fprintf(stderr, catgets(catd, CATSET, 81, -- "\"%s\": Expansion failed.\n"), name); -- return NULL; -- } -- if (l == 0) { -- fprintf(stderr, catgets(catd, CATSET, 82, -- "\"%s\": No match.\n"), name); -- return NULL; -- } -- if (l == sizeof xname) { -- fprintf(stderr, catgets(catd, CATSET, 83, -- "\"%s\": Expansion buffer overflow.\n"), name); -- return NULL; -- } -- xname[l] = 0; -- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--) -- ; -- cp[1] = '\0'; -- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) { -- fprintf(stderr, catgets(catd, CATSET, 84, -- "\"%s\": Ambiguous.\n"), name); -- return NULL; -- } -- return savestr(xname); --#endif /* !HAVE_WORDEXP */ - } - - /* -diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1 ---- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000 -@@ -656,6 +656,14 @@ - will have the system wide alias expanded - as all mail goes through sendmail. - .SS "Recipient address specifications" -+If the -+.I expandaddr -+option is not set (the default), recipient addresses must be names of -+local mailboxes or Internet mail addresses. -+.PP -+If the -+.I expandaddr -+option is set, the following rules apply: - When an address is used to name a recipient - (in any of To, Cc, or Bcc), - names of local mail folders -@@ -2391,6 +2399,12 @@ - If this option is set, - \fImailx\fR starts even with an empty mailbox. - .TP -+.B expandaddr -+Causes -+.I mailx -+to expand message recipient addresses, as explained in the section, -+Recipient address specifications. -+.TP - .B flipr - Exchanges the - .I Respond -@@ -3575,7 +3589,7 @@ - .TP - .B ssl-method - Selects a SSL/TLS protocol version; --valid values are `ssl2', `ssl3', and `tls1'. -+valid values are `ssl3', and `tls1'. - If unset, the method is selected automatically, - if possible. - .TP -diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c ---- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000 -@@ -268,6 +268,9 @@ - FILE *fout, *fin; - int ispipe; - -+ if (value("expandaddr") == NULL) -+ return names; -+ - top = names; - np = names; - time(&now); -@@ -546,7 +549,7 @@ - * Return an error if the name list won't fit. - */ - char ** --unpack(struct name *np) -+unpack(struct name *smopts, struct name *np) - { - char **ap, **top; - struct name *n; -@@ -561,7 +564,7 @@ - * the terminating 0 pointer. Additional spots may be needed - * to pass along -f to the host mailer. - */ -- extra = 2; -+ extra = 3 + count(smopts); - extra++; - metoo = value("metoo") != NULL; - if (metoo) -@@ -578,6 +581,10 @@ - *ap++ = "-m"; - if (verbose) - *ap++ = "-v"; -+ for (; smopts != NULL; smopts = smopts->n_flink) -+ if ((smopts->n_type & GDEL) == 0) -+ *ap++ = smopts->n_name; -+ *ap++ = "--"; - for (; n != NULL; n = n->n_flink) - if ((n->n_type & GDEL) == 0) - *ap++ = n->n_name; -diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c ---- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000 -@@ -216,9 +216,7 @@ - - cp = ssl_method_string(uhp); - if (cp != NULL) { -- if (equal(cp, "ssl2")) -- method = SSLv2_client_method(); -- else if (equal(cp, "ssl3")) -+ if (equal(cp, "ssl3")) - method = SSLv3_client_method(); - else if (equal(cp, "tls1")) - method = TLSv1_client_method(); -diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c ---- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100 -+++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000 -@@ -835,7 +835,7 @@ - #endif /* HAVE_SOCKETS */ - - if ((smtp = value("smtp")) == NULL) { -- args = unpack(cat(mailargs, to)); -+ args = unpack(mailargs, to); - if (debug || value("debug")) { - printf(catgets(catd, CATSET, 181, - "Sendmail arguments:")); diff --git a/source/n/mailx/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch b/source/n/mailx/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch new file mode 100644 index 00000000..a7fb9d36 --- /dev/null +++ b/source/n/mailx/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch @@ -0,0 +1,25 @@ +From 73fefa0c1ac70043ec84f2d8b8f9f683213f168d Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Mon, 17 Nov 2014 13:11:32 +0100 +Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771) + +--- + fio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fio.c b/fio.c +index 1529236..774a204 100644 +--- a/fio.c ++++ b/fio.c +@@ -497,7 +497,7 @@ globname(char *name) + sigemptyset(&nset); + sigaddset(&nset, SIGCHLD); + sigprocmask(SIG_BLOCK, &nset, NULL); +- i = wordexp(name, &we, 0); ++ i = wordexp(name, &we, WRDE_NOCMD); + sigprocmask(SIG_UNBLOCK, &nset, NULL); + switch (i) { + case 0: +-- +1.9.3 + diff --git a/source/n/mailx/mailx-12.5-openssl.patch b/source/n/mailx/mailx-12.5-openssl.patch new file mode 100644 index 00000000..210890bc --- /dev/null +++ b/source/n/mailx/mailx-12.5-openssl.patch @@ -0,0 +1,41 @@ +diff --git a/openssl.c b/openssl.c +index b4e33fc..9d1eaf4 100644 +--- a/openssl.c ++++ b/openssl.c +@@ -136,6 +136,7 @@ ssl_rand_init(void) + int state = 0; + + if ((cp = value("ssl-rand-egd")) != NULL) { ++#ifndef OPENSSL_NO_EGD + cp = expand(cp); + if (RAND_egd(cp) == -1) { + fprintf(stderr, catgets(catd, CATSET, 245, +@@ -143,6 +144,9 @@ ssl_rand_init(void) + cp); + } else + state = 1; ++#else ++ fprintf(stderr, "entropy daemon not available\n"); ++#endif + } else if ((cp = value("ssl-rand-file")) != NULL) { + cp = expand(cp); + if (RAND_load_file(cp, 1024) == -1) { +@@ -216,9 +220,16 @@ ssl_select_method(const char *uhp) + + cp = ssl_method_string(uhp); + if (cp != NULL) { +- if (equal(cp, "ssl2")) ++ if (equal(cp, "ssl2")) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + method = SSLv2_client_method(); +- else if (equal(cp, "ssl3")) ++#else ++ /* SSLv2 support was removed in OpenSSL 1.1.0 */ ++ fprintf(stderr, catgets(catd, CATSET, 244, ++ "Unsupported SSL method \"%s\"\n"), cp); ++ method = SSLv23_client_method(); ++#endif ++ } else if (equal(cp, "ssl3")) + method = SSLv3_client_method(); + else if (equal(cp, "tls1")) + method = TLSv1_client_method(); diff --git a/source/n/mailx/mailx-12.5-outof-Introduce-expandaddr-flag.patch b/source/n/mailx/mailx-12.5-outof-Introduce-expandaddr-flag.patch new file mode 100644 index 00000000..c3479e28 --- /dev/null +++ b/source/n/mailx/mailx-12.5-outof-Introduce-expandaddr-flag.patch @@ -0,0 +1,64 @@ +From 9984ae5cb0ea0d61df1612b06952a61323c083d9 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Mon, 17 Nov 2014 11:13:38 +0100 +Subject: [PATCH 1/4] outof: Introduce expandaddr flag + +Document that address expansion is disabled unless the expandaddr +binary option is set. + +This has been assigned CVE-2014-7844 for BSD mailx, but it is not +a vulnerability in Heirloom mailx because this feature was documented. +--- + mailx.1 | 14 ++++++++++++++ + names.c | 3 +++ + 2 files changed, 17 insertions(+) + +diff --git a/mailx.1 b/mailx.1 +index 70a7859..22a171b 100644 +--- a/mailx.1 ++++ b/mailx.1 +@@ -656,6 +656,14 @@ but any reply returned to the machine + will have the system wide alias expanded + as all mail goes through sendmail. + .SS "Recipient address specifications" ++If the ++.I expandaddr ++option is not set (the default), recipient addresses must be names of ++local mailboxes or Internet mail addresses. ++.PP ++If the ++.I expandaddr ++option is set, the following rules apply: + When an address is used to name a recipient + (in any of To, Cc, or Bcc), + names of local mail folders +@@ -2391,6 +2399,12 @@ and exits immediately. + If this option is set, + \fImailx\fR starts even with an empty mailbox. + .TP ++.B expandaddr ++Causes ++.I mailx ++to expand message recipient addresses, as explained in the section, ++Recipient address specifications. ++.TP + .B flipr + Exchanges the + .I Respond +diff --git a/names.c b/names.c +index 66e976b..c69560f 100644 +--- a/names.c ++++ b/names.c +@@ -268,6 +268,9 @@ outof(struct name *names, FILE *fo, struct header *hp) + FILE *fout, *fin; + int ispipe; + ++ if (value("expandaddr") == NULL) ++ return names; ++ + top = names; + np = names; + time(&now); +-- +1.9.3 + diff --git a/source/n/mailx/mailx.SlackBuild b/source/n/mailx/mailx.SlackBuild index 1495b41e..5f9835b9 100755 --- a/source/n/mailx/mailx.SlackBuild +++ b/source/n/mailx/mailx.SlackBuild @@ -1,6 +1,6 @@ -#!/bin/sh +#!/bin/bash -# Copyright 2008, 2009, 2010, 2016 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2016, 2018 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -20,9 +20,11 @@ # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +cd $(dirname $0) ; CWD=$(pwd) +PKGNAM=mailx VERSION=12.5 -BUILD=${BUILD:-2} +BUILD=${BUILD:-4} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -34,6 +36,14 @@ if [ -z "$ARCH" ]; then esac fi +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + NUMJOBS=${NUMJOBS:-" -j7 "} if [ "$ARCH" = "i586" ]; then @@ -46,7 +56,6 @@ else SLKCFLAGS="-O2" fi -CWD=$(pwd) TMP=${TMP:-/tmp} PKG=$TMP/package-mailx rm -rf $PKG @@ -57,7 +66,9 @@ rm -rf mailx-$VERSION tar xvf $CWD/mailx-$VERSION.tar.?z* || exit 1 cd mailx-$VERSION || exit 1 -zcat $CWD/heirloom-mailx-12.5-fixes-1.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/mailx-12.5-openssl.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/mailx-12.5-outof-Introduce-expandaddr-flag.patch.gz | patch -p1 --verbose || exit 1 chown -R root:root . find . \ @@ -71,7 +82,7 @@ make CFLAGS="$SLKCFLAGS" \ MANDIR=/usr/man \ MAILSPOOL=/var/spool/mail \ UCBINSTALL=/usr/bin/install \ - SENDMAIL=/usr/sbin/sendmail + SENDMAIL=/usr/sbin/sendmail || exit 1 make install DESTDIR=$PKG \ CFLAGS="$SLKCFLAGS" \ @@ -79,7 +90,7 @@ make install DESTDIR=$PKG \ MANDIR=/usr/man \ MAILSPOOL=/var/spool/mail \ UCBINSTALL=/usr/bin/install \ - SENDMAIL=/usr/sbin/sendmail + SENDMAIL=/usr/sbin/sendmail || exit 1 # We put symlinks in /bin since some things still expect '/bin/mail' or '/bin/Mail': mkdir -p $PKG/bin diff --git a/source/n/mailx/slack-desc b/source/n/mailx/slack-desc index d02c6f03..76c010d7 100644 --- a/source/n/mailx/slack-desc +++ b/source/n/mailx/slack-desc @@ -1,8 +1,8 @@ # HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line +# The "handy ruler" below makes it easier to edit a package description. Line # up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. |-----handy-ruler------------------------------------------------------| |