rebuilt with debug package and openssl 1.1 patch [release 12.5-2mamba;Tue Dec 15 2020]

This commit is contained in:
Silvan Calarco 2024-01-06 06:53:03 +01:00
parent 27b798f638
commit 40a96586a8
3 changed files with 59 additions and 239 deletions

View File

@ -1,232 +0,0 @@
Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2014-12-27
Initial Package Version: 12.5
Upstream Status: Unknown
Origin: Changes to remove SSL2 found at debian, remainder from redhat.
Description: Removes support for SSL2 (openssl no longer supports it)
and fixes CVE-2004-2771 [sic] and CVE-2014-7844.
diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h
--- heirloom-mailx-12.5/extern.h 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/extern.h 2014-12-27 01:26:59.654169487 +0000
@@ -396,7 +396,7 @@
int is_fileaddr(char *name);
struct name *usermap(struct name *names);
struct name *cat(struct name *n1, struct name *n2);
-char **unpack(struct name *np);
+char **unpack(struct name *smopts, struct name *np);
struct name *elide(struct name *names);
int count(struct name *np);
struct name *delete_alternates(struct name *np);
diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c
--- heirloom-mailx-12.5/fio.c 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/fio.c 2014-12-27 01:27:15.634561413 +0000
@@ -43,12 +43,15 @@
#endif /* not lint */
#include "rcv.h"
+
+#ifndef HAVE_WORDEXP
+#error wordexp support is required
+#endif
+
#include <sys/stat.h>
#include <sys/file.h>
#include <sys/wait.h>
-#ifdef HAVE_WORDEXP
#include <wordexp.h>
-#endif /* HAVE_WORDEXP */
#include <unistd.h>
#if defined (USE_NSS)
@@ -481,7 +484,6 @@
static char *
globname(char *name)
{
-#ifdef HAVE_WORDEXP
wordexp_t we;
char *cp;
sigset_t nset;
@@ -495,7 +497,7 @@
sigemptyset(&nset);
sigaddset(&nset, SIGCHLD);
sigprocmask(SIG_BLOCK, &nset, NULL);
- i = wordexp(name, &we, 0);
+ i = wordexp(name, &we, WRDE_NOCMD);
sigprocmask(SIG_UNBLOCK, &nset, NULL);
switch (i) {
case 0:
@@ -527,65 +529,6 @@
}
wordfree(&we);
return cp;
-#else /* !HAVE_WORDEXP */
- char xname[PATHSIZE];
- char cmdbuf[PATHSIZE]; /* also used for file names */
- int pid, l;
- char *cp, *shell;
- int pivec[2];
- extern int wait_status;
- struct stat sbuf;
-
- if (pipe(pivec) < 0) {
- perror("pipe");
- return name;
- }
- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
- if ((shell = value("SHELL")) == NULL)
- shell = SHELL;
- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
- if (pid < 0) {
- close(pivec[0]);
- close(pivec[1]);
- return NULL;
- }
- close(pivec[1]);
-again:
- l = read(pivec[0], xname, sizeof xname);
- if (l < 0) {
- if (errno == EINTR)
- goto again;
- perror("read");
- close(pivec[0]);
- return NULL;
- }
- close(pivec[0]);
- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
- fprintf(stderr, catgets(catd, CATSET, 81,
- "\"%s\": Expansion failed.\n"), name);
- return NULL;
- }
- if (l == 0) {
- fprintf(stderr, catgets(catd, CATSET, 82,
- "\"%s\": No match.\n"), name);
- return NULL;
- }
- if (l == sizeof xname) {
- fprintf(stderr, catgets(catd, CATSET, 83,
- "\"%s\": Expansion buffer overflow.\n"), name);
- return NULL;
- }
- xname[l] = 0;
- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
- ;
- cp[1] = '\0';
- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
- fprintf(stderr, catgets(catd, CATSET, 84,
- "\"%s\": Ambiguous.\n"), name);
- return NULL;
- }
- return savestr(xname);
-#endif /* !HAVE_WORDEXP */
}
/*
diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1
--- heirloom-mailx-12.5/mailx.1 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/mailx.1 2014-12-27 01:26:53.838026857 +0000
@@ -656,6 +656,14 @@
will have the system wide alias expanded
as all mail goes through sendmail.
.SS "Recipient address specifications"
+If the
+.I expandaddr
+option is not set (the default), recipient addresses must be names of
+local mailboxes or Internet mail addresses.
+.PP
+If the
+.I expandaddr
+option is set, the following rules apply:
When an address is used to name a recipient
(in any of To, Cc, or Bcc),
names of local mail folders
@@ -2391,6 +2399,12 @@
If this option is set,
\fImailx\fR starts even with an empty mailbox.
.TP
+.B expandaddr
+Causes
+.I mailx
+to expand message recipient addresses, as explained in the section,
+Recipient address specifications.
+.TP
.B flipr
Exchanges the
.I Respond
@@ -3575,7 +3589,7 @@
.TP
.B ssl-method
Selects a SSL/TLS protocol version;
-valid values are `ssl2', `ssl3', and `tls1'.
+valid values are `ssl3', and `tls1'.
If unset, the method is selected automatically,
if possible.
.TP
diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c
--- heirloom-mailx-12.5/names.c 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/names.c 2014-12-27 01:26:59.654169487 +0000
@@ -268,6 +268,9 @@
FILE *fout, *fin;
int ispipe;
+ if (value("expandaddr") == NULL)
+ return names;
+
top = names;
np = names;
time(&now);
@@ -546,7 +549,7 @@
* Return an error if the name list won't fit.
*/
char **
-unpack(struct name *np)
+unpack(struct name *smopts, struct name *np)
{
char **ap, **top;
struct name *n;
@@ -561,7 +564,7 @@
* the terminating 0 pointer. Additional spots may be needed
* to pass along -f to the host mailer.
*/
- extra = 2;
+ extra = 3 + count(smopts);
extra++;
metoo = value("metoo") != NULL;
if (metoo)
@@ -578,6 +581,10 @@
*ap++ = "-m";
if (verbose)
*ap++ = "-v";
+ for (; smopts != NULL; smopts = smopts->n_flink)
+ if ((smopts->n_type & GDEL) == 0)
+ *ap++ = smopts->n_name;
+ *ap++ = "--";
for (; n != NULL; n = n->n_flink)
if ((n->n_type & GDEL) == 0)
*ap++ = n->n_name;
diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c
--- heirloom-mailx-12.5/openssl.c 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/openssl.c 2014-12-27 01:26:34.385549867 +0000
@@ -216,9 +216,7 @@
cp = ssl_method_string(uhp);
if (cp != NULL) {
- if (equal(cp, "ssl2"))
- method = SSLv2_client_method();
- else if (equal(cp, "ssl3"))
+ if (equal(cp, "ssl3"))
method = SSLv3_client_method();
else if (equal(cp, "tls1"))
method = TLSv1_client_method();
diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c
--- heirloom-mailx-12.5/sendout.c 2011-04-26 22:23:22.000000000 +0100
+++ heirloom-mailx-12.5-patched/sendout.c 2014-12-27 01:26:59.654169487 +0000
@@ -835,7 +835,7 @@
#endif /* HAVE_SOCKETS */
if ((smtp = value("smtp")) == NULL) {
- args = unpack(cat(mailargs, to));
+ args = unpack(mailargs, to);
if (debug || value("debug")) {
printf(catgets(catd, CATSET, 181,
"Sendmail arguments:"));

View File

@ -0,0 +1,41 @@
diff --git a/openssl.c b/openssl.c
index b4e33fc..9d1eaf4 100644
--- a/openssl.c
+++ b/openssl.c
@@ -136,6 +136,7 @@ ssl_rand_init(void)
int state = 0;
if ((cp = value("ssl-rand-egd")) != NULL) {
+#ifndef OPENSSL_NO_EGD
cp = expand(cp);
if (RAND_egd(cp) == -1) {
fprintf(stderr, catgets(catd, CATSET, 245,
@@ -143,6 +144,9 @@ ssl_rand_init(void)
cp);
} else
state = 1;
+#else
+ fprintf(stderr, "entropy daemon not available\n");
+#endif
} else if ((cp = value("ssl-rand-file")) != NULL) {
cp = expand(cp);
if (RAND_load_file(cp, 1024) == -1) {
@@ -216,9 +220,16 @@ ssl_select_method(const char *uhp)
cp = ssl_method_string(uhp);
if (cp != NULL) {
- if (equal(cp, "ssl2"))
+ if (equal(cp, "ssl2")) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000
method = SSLv2_client_method();
- else if (equal(cp, "ssl3"))
+#else
+ /* SSLv2 support was removed in OpenSSL 1.1.0 */
+ fprintf(stderr, catgets(catd, CATSET, 244,
+ "Unsupported SSL method \"%s\"\n"), cp);
+ method = SSLv23_client_method();
+#endif
+ } else if (equal(cp, "ssl3"))
method = SSLv3_client_method();
else if (equal(cp, "tls1"))
method = TLSv1_client_method();

View File

@ -1,6 +1,6 @@
Name: mailx Name: mailx
Version: 12.5 Version: 12.5
Release: 1mamba Release: 2mamba
Summary: A simple mail user agent for Unix systems derived from Berkeley Mail Summary: A simple mail user agent for Unix systems derived from Berkeley Mail
Group: Applications/Networking Group: Applications/Networking
Vendor: openmamba Vendor: openmamba
@ -8,13 +8,13 @@ Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it> Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://heirloom.sourceforge.net/mailx.html URL: http://heirloom.sourceforge.net/mailx.html
Source: http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_%{version}.orig.tar.gz Source: http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_%{version}.orig.tar.gz
Patch0: mailx-12.5-openssl-1.0.2.patch Patch0: mailx-12.5-openssl-1.1.patch
## AUTOBUILDREQ-BEGIN ## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel BuildRequires: glibc-devel
BuildRequires: ldconfig
BuildRequires: libgss-devel BuildRequires: libgss-devel
BuildRequires: libopenssl-devel BuildRequires: libopenssl-devel
## AUTOBUILDREQ-END ## AUTOBUILDREQ-END
BuildRequires: libopenssl-devel >= 1.0.2
License: GPL License: GPL
BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRoot: %{_tmppath}/%{name}-%{version}-root
@ -23,6 +23,8 @@ Heirloom mailx (previously known as nail) is a mail user agent for Unix systems.
- Derived from Berkeley Mail 8.1. An interface like the original Berkeley one is still optionally available; - Derived from Berkeley Mail 8.1. An interface like the original Berkeley one is still optionally available;
- Is a free implementation of the System V mailx command and features an interface like that by default. - Is a free implementation of the System V mailx command and features an interface like that by default.
%debug_package
%prep %prep
%setup -q -n heirloom-mailx-%{version} %setup -q -n heirloom-mailx-%{version}
%patch0 -p1 %patch0 -p1
@ -31,18 +33,27 @@ Heirloom mailx (previously known as nail) is a mail user agent for Unix systems.
%make PREFIX=/ %make PREFIX=/
%install %install
%makeinstall PREFIX=/ MANDIR=%{_mandir} UCBINSTALL=%{__install} DESTDIR=%{buildroot} [ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%makeinstall \
PREFIX=/ \
MANDIR=%{_mandir} \
UCBINSTALL=%{__install} \
DESTDIR=%{buildroot} \
STRIP=/bin/true
%clean %clean
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" [ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%files %files
%defattr(-,root,root) %defattr(-,root,root)
/bin/mailx
%config(noreplace) %{_sysconfdir}/nail.rc %config(noreplace) %{_sysconfdir}/nail.rc
%{_mandir}/man1/mailx.1.gz /bin/mailx
%{_mandir}/man1/mailx.1*
%changelog %changelog
* Tue Dec 15 2020 Silvan Calarco <silvan.calarco@mambasoft.it> 12.5-2mamba
- rebuilt with debug package and openssl 1.1 patch
* Sat Apr 30 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 12.5-1mamba * Sat Apr 30 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 12.5-1mamba
- update to 12.5 - update to 12.5
@ -64,5 +75,5 @@ Heirloom mailx (previously known as nail) is a mail user agent for Unix systems.
* Tue Jun 17 2003 Silvan Calarco <silvan.calarco@qinet.it> 8.1.1-2qilnx * Tue Jun 17 2003 Silvan Calarco <silvan.calarco@qinet.it> 8.1.1-2qilnx
- added /bin/mailx symlink to /bin/mail - added /bin/mailx symlink to /bin/mail
* Tue Jun 12 2003 Silvan Calarco <silvan.calarco@qinet.it> 8.1.1-1qilnx * Thu Jun 12 2003 Silvan Calarco <silvan.calarco@qinet.it> 8.1.1-1qilnx
- first build - first build