update to 12.5 [release 12.5-1mamba;Sat Apr 30 2016]

2024-01-06 06:53:03 +01:00 · 2024-01-06 06:53:03 +01:00 · 27b798f638
commit 27b798f638
parent 5ef1672b54
3 changed files with 244 additions and 182 deletions
--- a/mailx-12.4-openssl_1.0.0_build_fix-1.patch
+++ b/mailx-12.4-openssl_1.0.0_build_fix-1.patch
@ -1,177 +0,0 @@
-Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
-Date: 2010-10-01
-Initial Package Version: 12.4
-Upstream Status: Applied
-Origin: Upstream, patch originally from Bernhard Rosenkränzer
-Description: Let mailx compile with openssl-1.0.0 and later.
-Comment: Upstream is still at http://nail.cvs.sourceforge.net/viewvc/nail/nail/
-
-diff -Naur mailx-12.4.orig//makeconfig mailx-12.4/makeconfig
--- mailx-12.4.orig//makeconfig	2007-04-14 16:24:28.000000000 +0100
-+++ mailx-12.4/makeconfig	2010-09-01 20:38:30.604945969 +0100
-@@ -1,7 +1,7 @@
- #!/bin/sh
- 
- #
-# Sccsid @(#)makeconfig	1.43 (gritter) 4/14/07
-+# Sccsid @(#)makeconfig	1.44 (gritter) 5/26/09
- #
- 
- tmp=___build$$
-@@ -393,6 +393,25 @@
- !
- fi
- 
-+if test x$have_openssl = xyes
-+then
-+	compile_check stack_of 'for STACK_OF()' '#define HAVE_STACK_OF' <<\!
-+#include <openssl/ssl.h>
-+#include <openssl/err.h>
-+#include <openssl/x509v3.h>
-+#include <openssl/x509.h>
-+#include <openssl/rand.h>
-+
-+int main(void)
-+{
-+	STACK_OF(GENERAL_NAME)	*gens = NULL;
-+	printf("%p", gens);	/* to make it used */
-+	SSLv23_client_method();
-+	PEM_read_PrivateKey(0, 0, 0, 0);
-+	return 0;
-+}
-+!
-+fi
- 
- cat >$tmp2.c <<\!
- #include <gssapi/gssapi.h>
-diff -Naur mailx-12.4.orig//openssl.c mailx-12.4/openssl.c
--- mailx-12.4.orig//openssl.c	2007-08-04 12:38:03.000000000 +0100
-+++ mailx-12.4/openssl.c	2010-09-01 20:38:41.220028132 +0100
-@@ -38,7 +38,7 @@
- 
- #ifndef lint
- #ifdef	DOSCCS
-static char sccsid[] = "@(#)openssl.c	1.25 (gritter) 8/4/07";
-+static char sccsid[] = "@(#)openssl.c	1.26 (gritter) 5/26/09";
- #endif
- #endif /* not lint */
- 
-@@ -101,12 +101,17 @@
- static int ssl_rand_init(void);
- static void ssl_init(void);
- static int ssl_verify_cb(int success, X509_STORE_CTX *store);
-static SSL_METHOD *ssl_select_method(const char *uhp);
-+static const SSL_METHOD *ssl_select_method(const char *uhp);
- static void ssl_load_verifications(struct sock *sp);
- static void ssl_certificate(struct sock *sp, const char *uhp);
- static enum okay ssl_check_host(const char *server, struct sock *sp);
-+#ifdef HAVE_STACK_OF
-+static int smime_verify(struct message *m, int n, STACK_OF(X509) *chain,
-+		X509_STORE *store);
-+#else
- static int smime_verify(struct message *m, int n, STACK *chain,
- 		X509_STORE *store);
-+#endif
- static EVP_CIPHER *smime_cipher(const char *name);
- static int ssl_password_cb(char *buf, int size, int rwflag, void *userdata);
- static FILE *smime_sign_cert(const char *xname, const char *xname2, int warn);
-@@ -203,10 +208,10 @@
- 	return 1;
- }
- 
-static SSL_METHOD *
-+static const SSL_METHOD *
- ssl_select_method(const char *uhp)
- {
-	SSL_METHOD *method;
-+	const SSL_METHOD *method;
- 	char	*cp;
- 
- 	cp = ssl_method_string(uhp);
-@@ -308,7 +313,11 @@
- 	X509 *cert;
- 	X509_NAME *subj;
- 	char data[256];
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(GENERAL_NAME)	*gens;
-+#else
- 	/*GENERAL_NAMES*/STACK	*gens;
-+#endif
- 	GENERAL_NAME	*gen;
- 	int	i;
- 
-@@ -357,7 +366,8 @@
- 
- 	ssl_init();
- 	ssl_set_vrfy_level(uhp);
-	if ((sp->s_ctx = SSL_CTX_new(ssl_select_method(uhp))) == NULL) {
-+	if ((sp->s_ctx =
-+	     SSL_CTX_new((SSL_METHOD *)ssl_select_method(uhp))) == NULL) {
- 		ssl_gen_err(catgets(catd, CATSET, 261, "SSL_CTX_new() failed"));
- 		return STOP;
- 	}
-@@ -496,7 +506,11 @@
- }
- 
- static int
-+#ifdef HAVE_STACK_OF
-+smime_verify(struct message *m, int n, STACK_OF(X509) *chain, X509_STORE *store)
-+#else
- smime_verify(struct message *m, int n, STACK *chain, X509_STORE *store)
-+#endif
- {
- 	struct message	*x;
- 	char	*cp, *sender, *to, *cc, *cnttype;
-@@ -505,7 +519,12 @@
- 	off_t	size;
- 	BIO	*fb, *pb;
- 	PKCS7	*pkcs7;
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(X509)	*certs;
-+	STACK_OF(GENERAL_NAME)	*gens;
-+#else
- 	STACK	*certs, *gens;
-+#endif
- 	X509	*cert;
- 	X509_NAME	*subj;
- 	char	data[LINESIZE];
-@@ -614,7 +633,11 @@
- {
- 	int	*msgvec = vp, *ip;
- 	int	ec = 0;
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(X509)	*chain = NULL;
-+#else
- 	STACK	*chain = NULL;
-+#endif
- 	X509_STORE	*store;
- 	char	*ca_dir, *ca_file;
- 
-@@ -687,7 +710,11 @@
- 	X509	*cert;
- 	PKCS7	*pkcs7;
- 	BIO	*bb, *yb;
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(X509)	*certs;
-+#else
- 	STACK	*certs;
-+#endif
- 	EVP_CIPHER	*cipher;
- 
- 	certfile = expand((char *)certfile);
-@@ -950,9 +977,14 @@
- 	off_t	size;
- 	BIO	*fb, *pb;
- 	PKCS7	*pkcs7;
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(X509)	*certs;
-+	STACK_OF(X509)	*chain = NULL;
-+#else
- 	STACK	*certs;
-	X509	*cert;
- 	STACK	*chain = NULL;
-+#endif
-+	X509	*cert;
- 	enum okay	ok = OKAY;
- 
- 	message_number = n;
--- a/mailx-12.5-openssl-1.0.2.patch
+++ b/mailx-12.5-openssl-1.0.2.patch
@ -0,0 +1,232 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2014-12-27
+Initial Package Version: 12.5
+Upstream Status: Unknown
+Origin: Changes to remove SSL2 found at debian, remainder from redhat.
+Description: Removes support for SSL2 (openssl no longer supports it)
+and fixes CVE-2004-2771 [sic] and CVE-2014-7844.
+
+diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h
+--- heirloom-mailx-12.5/extern.h	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/extern.h	2014-12-27 01:26:59.654169487 +0000
+@@ -396,7 +396,7 @@
+ int is_fileaddr(char *name);
+ struct name *usermap(struct name *names);
+ struct name *cat(struct name *n1, struct name *n2);
+-char **unpack(struct name *np);
+char **unpack(struct name *smopts, struct name *np);
+ struct name *elide(struct name *names);
+ int count(struct name *np);
+ struct name *delete_alternates(struct name *np);
+diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c
+--- heirloom-mailx-12.5/fio.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/fio.c	2014-12-27 01:27:15.634561413 +0000
+@@ -43,12 +43,15 @@
+ #endif /* not lint */
+ 
+ #include "rcv.h"
+
+#ifndef HAVE_WORDEXP
+#error wordexp support is required
+#endif
+
+ #include <sys/stat.h>
+ #include <sys/file.h>
+ #include <sys/wait.h>
+-#ifdef	HAVE_WORDEXP
+ #include <wordexp.h>
+-#endif	/* HAVE_WORDEXP */
+ #include <unistd.h>
+ 
+ #if defined (USE_NSS)
+@@ -481,7 +484,6 @@
+ static char *
+ globname(char *name)
+ {
+-#ifdef	HAVE_WORDEXP
+ 	wordexp_t we;
+ 	char *cp;
+ 	sigset_t nset;
+@@ -495,7 +497,7 @@
+ 	sigemptyset(&nset);
+ 	sigaddset(&nset, SIGCHLD);
+ 	sigprocmask(SIG_BLOCK, &nset, NULL);
+-	i = wordexp(name, &we, 0);
+	i = wordexp(name, &we, WRDE_NOCMD);
+ 	sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ 	switch (i) {
+ 	case 0:
+@@ -527,65 +529,6 @@
+ 	}
+ 	wordfree(&we);
+ 	return cp;
+-#else	/* !HAVE_WORDEXP */
+-	char xname[PATHSIZE];
+-	char cmdbuf[PATHSIZE];		/* also used for file names */
+-	int pid, l;
+-	char *cp, *shell;
+-	int pivec[2];
+-	extern int wait_status;
+-	struct stat sbuf;
+-
+-	if (pipe(pivec) < 0) {
+-		perror("pipe");
+-		return name;
+-	}
+-	snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
+-	if ((shell = value("SHELL")) == NULL)
+-		shell = SHELL;
+-	pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
+-	if (pid < 0) {
+-		close(pivec[0]);
+-		close(pivec[1]);
+-		return NULL;
+-	}
+-	close(pivec[1]);
+-again:
+-	l = read(pivec[0], xname, sizeof xname);
+-	if (l < 0) {
+-		if (errno == EINTR)
+-			goto again;
+-		perror("read");
+-		close(pivec[0]);
+-		return NULL;
+-	}
+-	close(pivec[0]);
+-	if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
+-		fprintf(stderr, catgets(catd, CATSET, 81,
+-				"\"%s\": Expansion failed.\n"), name);
+-		return NULL;
+-	}
+-	if (l == 0) {
+-		fprintf(stderr, catgets(catd, CATSET, 82,
+-					"\"%s\": No match.\n"), name);
+-		return NULL;
+-	}
+-	if (l == sizeof xname) {
+-		fprintf(stderr, catgets(catd, CATSET, 83,
+-				"\"%s\": Expansion buffer overflow.\n"), name);
+-		return NULL;
+-	}
+-	xname[l] = 0;
+-	for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
+-		;
+-	cp[1] = '\0';
+-	if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
+-		fprintf(stderr, catgets(catd, CATSET, 84,
+-				"\"%s\": Ambiguous.\n"), name);
+-		return NULL;
+-	}
+-	return savestr(xname);
+-#endif	/* !HAVE_WORDEXP */
+ }
+ 
+ /*
+diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1
+--- heirloom-mailx-12.5/mailx.1	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/mailx.1	2014-12-27 01:26:53.838026857 +0000
+@@ -656,6 +656,14 @@
+ will have the system wide alias expanded
+ as all mail goes through sendmail.
+ .SS "Recipient address specifications"
+If the
+.I expandaddr
+option is not set (the default), recipient addresses must be names of
+local mailboxes or Internet mail addresses.
+.PP
+If the
+.I expandaddr
+option is set, the following rules apply:
+ When an address is used to name a recipient
+ (in any of To, Cc, or Bcc),
+ names of local mail folders
+@@ -2391,6 +2399,12 @@
+ If this option is set,
+ \fImailx\fR starts even with an empty mailbox.
+ .TP
+.B expandaddr
+Causes
+.I mailx
+to expand message recipient addresses, as explained in the section,
+Recipient address specifications.
+.TP
+ .B flipr
+ Exchanges the
+ .I Respond
+@@ -3575,7 +3589,7 @@
+ .TP
+ .B ssl-method
+ Selects a SSL/TLS protocol version;
+-valid values are `ssl2', `ssl3', and `tls1'.
+valid values are `ssl3', and `tls1'.
+ If unset, the method is selected automatically,
+ if possible.
+ .TP
+diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c
+--- heirloom-mailx-12.5/names.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/names.c	2014-12-27 01:26:59.654169487 +0000
+@@ -268,6 +268,9 @@
+ 	FILE *fout, *fin;
+ 	int ispipe;
+ 
+	if (value("expandaddr") == NULL)
+		return names;
+
+ 	top = names;
+ 	np = names;
+ 	time(&now);
+@@ -546,7 +549,7 @@
+  * Return an error if the name list won't fit.
+  */
+ char **
+-unpack(struct name *np)
+unpack(struct name *smopts, struct name *np)
+ {
+ 	char **ap, **top;
+ 	struct name *n;
+@@ -561,7 +564,7 @@
+ 	 * the terminating 0 pointer.  Additional spots may be needed
+ 	 * to pass along -f to the host mailer.
+ 	 */
+-	extra = 2;
+	extra = 3 + count(smopts);
+ 	extra++;
+ 	metoo = value("metoo") != NULL;
+ 	if (metoo)
+@@ -578,6 +581,10 @@
+ 		*ap++ = "-m";
+ 	if (verbose)
+ 		*ap++ = "-v";
+	for (; smopts != NULL; smopts = smopts->n_flink)
+		if ((smopts->n_type & GDEL) == 0)
+			*ap++ = smopts->n_name;
+	*ap++ = "--";
+ 	for (; n != NULL; n = n->n_flink)
+ 		if ((n->n_type & GDEL) == 0)
+ 			*ap++ = n->n_name;
+diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c
+--- heirloom-mailx-12.5/openssl.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/openssl.c	2014-12-27 01:26:34.385549867 +0000
+@@ -216,9 +216,7 @@
+ 
+ 	cp = ssl_method_string(uhp);
+ 	if (cp != NULL) {
+-		if (equal(cp, "ssl2"))
+-			method = SSLv2_client_method();
+-		else if (equal(cp, "ssl3"))
+		if (equal(cp, "ssl3"))
+ 			method = SSLv3_client_method();
+ 		else if (equal(cp, "tls1"))
+ 			method = TLSv1_client_method();
+diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c
+--- heirloom-mailx-12.5/sendout.c	2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/sendout.c	2014-12-27 01:26:59.654169487 +0000
+@@ -835,7 +835,7 @@
+ #endif	/* HAVE_SOCKETS */
+ 
+ 	if ((smtp = value("smtp")) == NULL) {
+-		args = unpack(cat(mailargs, to));
+		args = unpack(mailargs, to);
+ 		if (debug || value("debug")) {
+ 			printf(catgets(catd, CATSET, 181,
+ 					"Sendmail arguments:"));
--- a/mailx.spec
+++ b/mailx.spec
@ -1,19 +1,20 @@
 Name:          mailx
-Version:       12.4
-Release:       2mamba
+Version:       12.5
+Release:       1mamba
 Summary:       A simple mail user agent for Unix systems derived from Berkeley Mail
 Group:         Applications/Networking
 Vendor:        openmamba
 Distribution:  openmamba
 Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           http://heirloom.sourceforge.net/mailx.html
-Source:        http://ovh.dl.sourceforge.net/sourceforge/heirloom/mailx-%{version}.tar.bz2
-Patch0:        %{name}-12.4-openssl_1.0.0_build_fix-1.patch
+Source:        http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_%{version}.orig.tar.gz
+Patch0:        mailx-12.5-openssl-1.0.2.patch
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
 BuildRequires: libgss-devel
 BuildRequires: libopenssl-devel
 ## AUTOBUILDREQ-END
+BuildRequires: libopenssl-devel >= 1.0.2
 License:       GPL
 BuildRoot:     %{_tmppath}/%{name}-%{version}-root

@ -23,7 +24,7 @@ Heirloom mailx (previously known as nail) is a mail user agent for Unix systems.
 - Is a free implementation of the System V mailx command and features an interface like that by default.

 %prep
-%setup -q
+%setup -q -n heirloom-mailx-%{version}
 %patch0 -p1

 %build
@ -42,6 +43,12 @@ Heirloom mailx (previously known as nail) is a mail user agent for Unix systems.
 %{_mandir}/man1/mailx.1.gz

 %changelog
+* Sat Apr 30 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 12.5-1mamba
+- update to 12.5
+
+* Sat Apr 30 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 12.4-3mamba
+- rebuilt with openssl 1.0.2g
+
 * Mon Mar 14 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 12.4-2mamba
 - rebuilt with openssl 1.0