diff --git a/mailx-12.4-openssl_1.0.0_build_fix-1.patch b/mailx-12.4-openssl_1.0.0_build_fix-1.patch deleted file mode 100644 index 52df8d5..0000000 --- a/mailx-12.4-openssl_1.0.0_build_fix-1.patch +++ /dev/null @@ -1,177 +0,0 @@ -Submitted By: Ken Moffat -Date: 2010-10-01 -Initial Package Version: 12.4 -Upstream Status: Applied -Origin: Upstream, patch originally from Bernhard Rosenkränzer -Description: Let mailx compile with openssl-1.0.0 and later. -Comment: Upstream is still at http://nail.cvs.sourceforge.net/viewvc/nail/nail/ - -diff -Naur mailx-12.4.orig//makeconfig mailx-12.4/makeconfig ---- mailx-12.4.orig//makeconfig 2007-04-14 16:24:28.000000000 +0100 -+++ mailx-12.4/makeconfig 2010-09-01 20:38:30.604945969 +0100 -@@ -1,7 +1,7 @@ - #!/bin/sh - - # --# Sccsid @(#)makeconfig 1.43 (gritter) 4/14/07 -+# Sccsid @(#)makeconfig 1.44 (gritter) 5/26/09 - # - - tmp=___build$$ -@@ -393,6 +393,25 @@ - ! - fi - -+if test x$have_openssl = xyes -+then -+ compile_check stack_of 'for STACK_OF()' '#define HAVE_STACK_OF' <<\! -+#include -+#include -+#include -+#include -+#include -+ -+int main(void) -+{ -+ STACK_OF(GENERAL_NAME) *gens = NULL; -+ printf("%p", gens); /* to make it used */ -+ SSLv23_client_method(); -+ PEM_read_PrivateKey(0, 0, 0, 0); -+ return 0; -+} -+! -+fi - - cat >$tmp2.c <<\! - #include -diff -Naur mailx-12.4.orig//openssl.c mailx-12.4/openssl.c ---- mailx-12.4.orig//openssl.c 2007-08-04 12:38:03.000000000 +0100 -+++ mailx-12.4/openssl.c 2010-09-01 20:38:41.220028132 +0100 -@@ -38,7 +38,7 @@ - - #ifndef lint - #ifdef DOSCCS --static char sccsid[] = "@(#)openssl.c 1.25 (gritter) 8/4/07"; -+static char sccsid[] = "@(#)openssl.c 1.26 (gritter) 5/26/09"; - #endif - #endif /* not lint */ - -@@ -101,12 +101,17 @@ - static int ssl_rand_init(void); - static void ssl_init(void); - static int ssl_verify_cb(int success, X509_STORE_CTX *store); --static SSL_METHOD *ssl_select_method(const char *uhp); -+static const SSL_METHOD *ssl_select_method(const char *uhp); - static void ssl_load_verifications(struct sock *sp); - static void ssl_certificate(struct sock *sp, const char *uhp); - static enum okay ssl_check_host(const char *server, struct sock *sp); -+#ifdef HAVE_STACK_OF -+static int smime_verify(struct message *m, int n, STACK_OF(X509) *chain, -+ X509_STORE *store); -+#else - static int smime_verify(struct message *m, int n, STACK *chain, - X509_STORE *store); -+#endif - static EVP_CIPHER *smime_cipher(const char *name); - static int ssl_password_cb(char *buf, int size, int rwflag, void *userdata); - static FILE *smime_sign_cert(const char *xname, const char *xname2, int warn); -@@ -203,10 +208,10 @@ - return 1; - } - --static SSL_METHOD * -+static const SSL_METHOD * - ssl_select_method(const char *uhp) - { -- SSL_METHOD *method; -+ const SSL_METHOD *method; - char *cp; - - cp = ssl_method_string(uhp); -@@ -308,7 +313,11 @@ - X509 *cert; - X509_NAME *subj; - char data[256]; -+#ifdef HAVE_STACK_OF -+ STACK_OF(GENERAL_NAME) *gens; -+#else - /*GENERAL_NAMES*/STACK *gens; -+#endif - GENERAL_NAME *gen; - int i; - -@@ -357,7 +366,8 @@ - - ssl_init(); - ssl_set_vrfy_level(uhp); -- if ((sp->s_ctx = SSL_CTX_new(ssl_select_method(uhp))) == NULL) { -+ if ((sp->s_ctx = -+ SSL_CTX_new((SSL_METHOD *)ssl_select_method(uhp))) == NULL) { - ssl_gen_err(catgets(catd, CATSET, 261, "SSL_CTX_new() failed")); - return STOP; - } -@@ -496,7 +506,11 @@ - } - - static int -+#ifdef HAVE_STACK_OF -+smime_verify(struct message *m, int n, STACK_OF(X509) *chain, X509_STORE *store) -+#else - smime_verify(struct message *m, int n, STACK *chain, X509_STORE *store) -+#endif - { - struct message *x; - char *cp, *sender, *to, *cc, *cnttype; -@@ -505,7 +519,12 @@ - off_t size; - BIO *fb, *pb; - PKCS7 *pkcs7; -+#ifdef HAVE_STACK_OF -+ STACK_OF(X509) *certs; -+ STACK_OF(GENERAL_NAME) *gens; -+#else - STACK *certs, *gens; -+#endif - X509 *cert; - X509_NAME *subj; - char data[LINESIZE]; -@@ -614,7 +633,11 @@ - { - int *msgvec = vp, *ip; - int ec = 0; -+#ifdef HAVE_STACK_OF -+ STACK_OF(X509) *chain = NULL; -+#else - STACK *chain = NULL; -+#endif - X509_STORE *store; - char *ca_dir, *ca_file; - -@@ -687,7 +710,11 @@ - X509 *cert; - PKCS7 *pkcs7; - BIO *bb, *yb; -+#ifdef HAVE_STACK_OF -+ STACK_OF(X509) *certs; -+#else - STACK *certs; -+#endif - EVP_CIPHER *cipher; - - certfile = expand((char *)certfile); -@@ -950,9 +977,14 @@ - off_t size; - BIO *fb, *pb; - PKCS7 *pkcs7; -+#ifdef HAVE_STACK_OF -+ STACK_OF(X509) *certs; -+ STACK_OF(X509) *chain = NULL; -+#else - STACK *certs; -- X509 *cert; - STACK *chain = NULL; -+#endif -+ X509 *cert; - enum okay ok = OKAY; - - message_number = n; diff --git a/mailx-12.5-openssl-1.0.2.patch b/mailx-12.5-openssl-1.0.2.patch new file mode 100644 index 0000000..fa6d511 --- /dev/null +++ b/mailx-12.5-openssl-1.0.2.patch @@ -0,0 +1,232 @@ +Submitted By: Ken Moffat +Date: 2014-12-27 +Initial Package Version: 12.5 +Upstream Status: Unknown +Origin: Changes to remove SSL2 found at debian, remainder from redhat. +Description: Removes support for SSL2 (openssl no longer supports it) +and fixes CVE-2004-2771 [sic] and CVE-2014-7844. + +diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h +--- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000 +@@ -396,7 +396,7 @@ + int is_fileaddr(char *name); + struct name *usermap(struct name *names); + struct name *cat(struct name *n1, struct name *n2); +-char **unpack(struct name *np); ++char **unpack(struct name *smopts, struct name *np); + struct name *elide(struct name *names); + int count(struct name *np); + struct name *delete_alternates(struct name *np); +diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c +--- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000 +@@ -43,12 +43,15 @@ + #endif /* not lint */ + + #include "rcv.h" ++ ++#ifndef HAVE_WORDEXP ++#error wordexp support is required ++#endif ++ + #include + #include + #include +-#ifdef HAVE_WORDEXP + #include +-#endif /* HAVE_WORDEXP */ + #include + + #if defined (USE_NSS) +@@ -481,7 +484,6 @@ + static char * + globname(char *name) + { +-#ifdef HAVE_WORDEXP + wordexp_t we; + char *cp; + sigset_t nset; +@@ -495,7 +497,7 @@ + sigemptyset(&nset); + sigaddset(&nset, SIGCHLD); + sigprocmask(SIG_BLOCK, &nset, NULL); +- i = wordexp(name, &we, 0); ++ i = wordexp(name, &we, WRDE_NOCMD); + sigprocmask(SIG_UNBLOCK, &nset, NULL); + switch (i) { + case 0: +@@ -527,65 +529,6 @@ + } + wordfree(&we); + return cp; +-#else /* !HAVE_WORDEXP */ +- char xname[PATHSIZE]; +- char cmdbuf[PATHSIZE]; /* also used for file names */ +- int pid, l; +- char *cp, *shell; +- int pivec[2]; +- extern int wait_status; +- struct stat sbuf; +- +- if (pipe(pivec) < 0) { +- perror("pipe"); +- return name; +- } +- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name); +- if ((shell = value("SHELL")) == NULL) +- shell = SHELL; +- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL); +- if (pid < 0) { +- close(pivec[0]); +- close(pivec[1]); +- return NULL; +- } +- close(pivec[1]); +-again: +- l = read(pivec[0], xname, sizeof xname); +- if (l < 0) { +- if (errno == EINTR) +- goto again; +- perror("read"); +- close(pivec[0]); +- return NULL; +- } +- close(pivec[0]); +- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) { +- fprintf(stderr, catgets(catd, CATSET, 81, +- "\"%s\": Expansion failed.\n"), name); +- return NULL; +- } +- if (l == 0) { +- fprintf(stderr, catgets(catd, CATSET, 82, +- "\"%s\": No match.\n"), name); +- return NULL; +- } +- if (l == sizeof xname) { +- fprintf(stderr, catgets(catd, CATSET, 83, +- "\"%s\": Expansion buffer overflow.\n"), name); +- return NULL; +- } +- xname[l] = 0; +- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--) +- ; +- cp[1] = '\0'; +- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) { +- fprintf(stderr, catgets(catd, CATSET, 84, +- "\"%s\": Ambiguous.\n"), name); +- return NULL; +- } +- return savestr(xname); +-#endif /* !HAVE_WORDEXP */ + } + + /* +diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1 +--- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000 +@@ -656,6 +656,14 @@ + will have the system wide alias expanded + as all mail goes through sendmail. + .SS "Recipient address specifications" ++If the ++.I expandaddr ++option is not set (the default), recipient addresses must be names of ++local mailboxes or Internet mail addresses. ++.PP ++If the ++.I expandaddr ++option is set, the following rules apply: + When an address is used to name a recipient + (in any of To, Cc, or Bcc), + names of local mail folders +@@ -2391,6 +2399,12 @@ + If this option is set, + \fImailx\fR starts even with an empty mailbox. + .TP ++.B expandaddr ++Causes ++.I mailx ++to expand message recipient addresses, as explained in the section, ++Recipient address specifications. ++.TP + .B flipr + Exchanges the + .I Respond +@@ -3575,7 +3589,7 @@ + .TP + .B ssl-method + Selects a SSL/TLS protocol version; +-valid values are `ssl2', `ssl3', and `tls1'. ++valid values are `ssl3', and `tls1'. + If unset, the method is selected automatically, + if possible. + .TP +diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c +--- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000 +@@ -268,6 +268,9 @@ + FILE *fout, *fin; + int ispipe; + ++ if (value("expandaddr") == NULL) ++ return names; ++ + top = names; + np = names; + time(&now); +@@ -546,7 +549,7 @@ + * Return an error if the name list won't fit. + */ + char ** +-unpack(struct name *np) ++unpack(struct name *smopts, struct name *np) + { + char **ap, **top; + struct name *n; +@@ -561,7 +564,7 @@ + * the terminating 0 pointer. Additional spots may be needed + * to pass along -f to the host mailer. + */ +- extra = 2; ++ extra = 3 + count(smopts); + extra++; + metoo = value("metoo") != NULL; + if (metoo) +@@ -578,6 +581,10 @@ + *ap++ = "-m"; + if (verbose) + *ap++ = "-v"; ++ for (; smopts != NULL; smopts = smopts->n_flink) ++ if ((smopts->n_type & GDEL) == 0) ++ *ap++ = smopts->n_name; ++ *ap++ = "--"; + for (; n != NULL; n = n->n_flink) + if ((n->n_type & GDEL) == 0) + *ap++ = n->n_name; +diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c +--- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000 +@@ -216,9 +216,7 @@ + + cp = ssl_method_string(uhp); + if (cp != NULL) { +- if (equal(cp, "ssl2")) +- method = SSLv2_client_method(); +- else if (equal(cp, "ssl3")) ++ if (equal(cp, "ssl3")) + method = SSLv3_client_method(); + else if (equal(cp, "tls1")) + method = TLSv1_client_method(); +diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c +--- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100 ++++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000 +@@ -835,7 +835,7 @@ + #endif /* HAVE_SOCKETS */ + + if ((smtp = value("smtp")) == NULL) { +- args = unpack(cat(mailargs, to)); ++ args = unpack(mailargs, to); + if (debug || value("debug")) { + printf(catgets(catd, CATSET, 181, + "Sendmail arguments:")); diff --git a/mailx.spec b/mailx.spec index a0e854c..8a3d545 100644 --- a/mailx.spec +++ b/mailx.spec @@ -1,19 +1,20 @@ Name: mailx -Version: 12.4 -Release: 2mamba +Version: 12.5 +Release: 1mamba Summary: A simple mail user agent for Unix systems derived from Berkeley Mail Group: Applications/Networking Vendor: openmamba Distribution: openmamba Packager: Silvan Calarco URL: http://heirloom.sourceforge.net/mailx.html -Source: http://ovh.dl.sourceforge.net/sourceforge/heirloom/mailx-%{version}.tar.bz2 -Patch0: %{name}-12.4-openssl_1.0.0_build_fix-1.patch +Source: http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_%{version}.orig.tar.gz +Patch0: mailx-12.5-openssl-1.0.2.patch ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel BuildRequires: libgss-devel BuildRequires: libopenssl-devel ## AUTOBUILDREQ-END +BuildRequires: libopenssl-devel >= 1.0.2 License: GPL BuildRoot: %{_tmppath}/%{name}-%{version}-root @@ -23,7 +24,7 @@ Heirloom mailx (previously known as nail) is a mail user agent for Unix systems. - Is a free implementation of the System V mailx command and features an interface like that by default. %prep -%setup -q +%setup -q -n heirloom-mailx-%{version} %patch0 -p1 %build @@ -42,6 +43,12 @@ Heirloom mailx (previously known as nail) is a mail user agent for Unix systems. %{_mandir}/man1/mailx.1.gz %changelog +* Sat Apr 30 2016 Silvan Calarco 12.5-1mamba +- update to 12.5 + +* Sat Apr 30 2016 Silvan Calarco 12.4-3mamba +- rebuilt with openssl 1.0.2g + * Mon Mar 14 2011 Silvan Calarco 12.4-2mamba - rebuilt with openssl 1.0