From a8c11731c28e19eba3381a0e8fb852203a44eaa9 Mon Sep 17 00:00:00 2001 From: basebuilder_pel7ppc64lebuilder0 Date: Mon, 9 Sep 2019 15:11:17 +0200 Subject: [PATCH] mailx package update Signed-off-by: basebuilder_pel7ppc64lebuilder0 --- SOURCES/get-upstream-tarball.sh | 34 ++ SOURCES/mailx-12.3-pager.patch | 12 + SOURCES/mailx-12.5-collect.patch | 13 + SOURCES/mailx-12.5-empty-from.patch | 61 ++++ SOURCES/mailx-12.5-encsplit.patch | 174 ++++++++++ ...onditionally-require-wordexp-support.patch | 108 ++++++ SOURCES/mailx-12.5-fname-null.patch | 12 + ...wordexp-with-WRDE_NOCMD-CVE-2004-277.patch | 25 ++ SOURCES/mailx-12.5-lzw.patch | 12 + ...x-12.5-mailx.1-environment-variables.patch | 26 ++ SOURCES/mailx-12.5-mailx.1-from-syntax.patch | 31 ++ SOURCES/mailx-12.5-nss_check_host-fix.patch | 25 ++ ...12.5-outof-Introduce-expandaddr-flag.patch | 64 ++++ ...ption-processing-for-email-addresses.patch | 74 ++++ SOURCES/mailx-12.5-usage.patch | 12 + SOURCES/nail-11.25-config.patch | 11 + SPECS/mailx.spec | 326 ++++++++++++++++++ 17 files changed, 1020 insertions(+) create mode 100755 SOURCES/get-upstream-tarball.sh create mode 100644 SOURCES/mailx-12.3-pager.patch create mode 100644 SOURCES/mailx-12.5-collect.patch create mode 100644 SOURCES/mailx-12.5-empty-from.patch create mode 100644 SOURCES/mailx-12.5-encsplit.patch create mode 100644 SOURCES/mailx-12.5-fio.c-Unconditionally-require-wordexp-support.patch create mode 100644 SOURCES/mailx-12.5-fname-null.patch create mode 100644 SOURCES/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch create mode 100644 SOURCES/mailx-12.5-lzw.patch create mode 100644 SOURCES/mailx-12.5-mailx.1-environment-variables.patch create mode 100644 SOURCES/mailx-12.5-mailx.1-from-syntax.patch create mode 100644 SOURCES/mailx-12.5-nss_check_host-fix.patch create mode 100644 SOURCES/mailx-12.5-outof-Introduce-expandaddr-flag.patch create mode 100644 SOURCES/mailx-12.5-unpack-Disable-option-processing-for-email-addresses.patch create mode 100644 SOURCES/mailx-12.5-usage.patch create mode 100644 SOURCES/nail-11.25-config.patch create mode 100644 SPECS/mailx.spec diff --git a/SOURCES/get-upstream-tarball.sh b/SOURCES/get-upstream-tarball.sh new file mode 100755 index 00000000..ecaf2269 --- /dev/null +++ b/SOURCES/get-upstream-tarball.sh @@ -0,0 +1,34 @@ +#!/bin/sh +# +# Mailx's upstream provides only the CVS method of downloading source code. +# This script can be used for downloading the CVS repository and creating +# the tarball. +# +# Usage: ./get-upstream-tarball.sh +# +# This code is in the public domain; do with it what you wish. +# +# Copyright (C) 2012 Peter Schiffer +# + +newdir=new-upstream-tarball + +mkdir $newdir +cd $newdir + +# checkout cvs +echo "== Just press Enter ==" +cvs -d:pserver:anonymous@nail.cvs.sourceforge.net:/cvsroot/nail login +cvs -d:pserver:anonymous@nail.cvs.sourceforge.net:/cvsroot/nail co nail + +# remove CVS folders +rm -rf nail/CVS nail/catd/CVS + +# find version in nail/version.c file defined as: #define V "xxx" +ver=$(sed -rn 's/#define\s+V\s+\"([0-9.]+)\"/\1/p' nail/version.c) + +mv nail mailx-$ver +tar cJf mailx-$ver.tar.xz mailx-$ver + +rm -rf mailx-$ver + diff --git a/SOURCES/mailx-12.3-pager.patch b/SOURCES/mailx-12.3-pager.patch new file mode 100644 index 00000000..d4b24392 --- /dev/null +++ b/SOURCES/mailx-12.3-pager.patch @@ -0,0 +1,12 @@ +diff -Nrbu mailx-12.3/cmd1.c mailx-12.3-OK/cmd1.c +--- mailx-12.3/cmd1.c 2007-06-16 16:48:39.000000000 +0400 ++++ mailx-12.3-OK/cmd1.c 2008-06-26 19:57:38.000000000 +0400 +@@ -78,7 +78,7 @@ + + cp = value("PAGER"); + if (cp == NULL || *cp == '\0') +- cp = value("bsdcompat") ? "more" : "pg"; ++ cp = value("bsdcompat") ? "more" : "less"; + return cp; + } + diff --git a/SOURCES/mailx-12.5-collect.patch b/SOURCES/mailx-12.5-collect.patch new file mode 100644 index 00000000..b84d2e8f --- /dev/null +++ b/SOURCES/mailx-12.5-collect.patch @@ -0,0 +1,13 @@ +--- mailx-12.4.orig/collect.c 2012-09-12 16:07:53.653103796 -0400 ++++ mailx-12.4/collect.c 2012-09-12 21:27:05.092259236 -0400 +@@ -905,7 +905,9 @@ err: + if (collf != NULL) { + Fclose(collf); + collf = NULL; +- } ++ } else { ++ exit(1); ++ } + out: + if (collf != NULL) { + if ((cp = value("MAILX_TAIL")) != NULL) { diff --git a/SOURCES/mailx-12.5-empty-from.patch b/SOURCES/mailx-12.5-empty-from.patch new file mode 100644 index 00000000..51178566 --- /dev/null +++ b/SOURCES/mailx-12.5-empty-from.patch @@ -0,0 +1,61 @@ +From dc22d0df73a7ecb036d73cfa1814ddf998ff131b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 17 Jan 2017 14:03:00 +0100 +Subject: [PATCH] Fix SIGSEGV crash in smtp_auth_var() +Add warning message for empty from variable + +--- + sendout.c | 13 +++++++++++++ + smtp.c | 5 ++++- + 2 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/sendout.c b/sendout.c +index c52f15d..f83952a 100644 +--- a/sendout.c ++++ b/sendout.c +@@ -966,6 +966,19 @@ mail1(struct header *hp, int printheaders, struct message *quote, + return STOP; + } + #endif ++ ++ /* ++ * Variable "from" is set but empty, let user know ++ * that something is wrong. ++ */ ++ if ((cp = value("from")) != NULL && !*cp) { ++ fprintf(stderr, "From address is empty. "); ++ fprintf(stderr, "Check your mail config "); ++ fprintf(stderr, "file for typos. E.g. no "); ++ fprintf(stderr, "whitespace after set from="); ++ fprintf(stderr, "\n"); ++ } ++ + if ((cp = value("autocc")) != NULL && *cp) + hp->h_cc = cat(hp->h_cc, checkaddrs(sextract(cp, GCC|GFULL))); + if ((cp = value("autobcc")) != NULL && *cp) +diff --git a/smtp.c b/smtp.c +index b4561e3..baab5d1 100644 +--- a/smtp.c ++++ b/smtp.c +@@ -135,7 +135,7 @@ myaddrs(struct header *hp) + if (hp->h_from->n_name) + return savestr(hp->h_from->n_name); + } +- if ((cp = value("from")) != NULL) ++ if ((cp = value("from")) != NULL && *cp) + return cp; + /* + * When invoking sendmail directly, it's its task +@@ -177,6 +177,9 @@ smtp_auth_var(const char *type, const char *addr) + char *var, *cp; + int len; + ++ if (type == NULL || addr == NULL) ++ return NULL; ++ + var = ac_alloc(len = strlen(type) + strlen(addr) + 7); + snprintf(var, len, "smtp-auth%s-%s", type, addr); + if ((cp = value(var)) != NULL) +-- +2.7.4 + diff --git a/SOURCES/mailx-12.5-encsplit.patch b/SOURCES/mailx-12.5-encsplit.patch new file mode 100644 index 00000000..8e9d5550 --- /dev/null +++ b/SOURCES/mailx-12.5-encsplit.patch @@ -0,0 +1,174 @@ +diff --git a/mime.c b/mime.c +index 45de80a..f9fbadf 100644 +--- a/mime.c ++++ b/mime.c +@@ -1109,16 +1109,34 @@ fromhdr_end: + } + + /* ++ * return length of this UTF-8 codepoint in bytes ++ */ ++static size_t ++codepointsize(char tc) ++{ ++ int rv = 0; ++ if ( ! ( tc & 0x80 ) ) ++ return 1; ++ while ( tc & 0x80 ) ++ { ++ rv++; ++ tc = tc<<1; ++ } ++ return rv; ++} ++ ++/* + * Convert header fields to RFC 1522 format and write to the file fo. + */ + static size_t + mime_write_tohdr(struct str *in, FILE *fo) + { + char *upper, *wbeg, *wend, *charset, *lastwordend = NULL, *lastspc, b, +- *charset7; ++ *charset7, *cp; + struct str cin, cout; +- size_t sz = 0, col = 0, wr, charsetlen, charset7len; ++ size_t sz = 0, col = 0, wr, charsetlen, charset7len, cpsz; + int quoteany, mustquote, broken, ++ maxin, maxout, curin, cps, + maxcol = 65 /* there is the header field's name, too */; + + upper = in->s + in->l; +@@ -1134,41 +1152,75 @@ mime_write_tohdr(struct str *in, FILE *fo) + if (mustquote_hdr(wbeg, wbeg == in->s, wbeg == &upper[-1])) + quoteany++; + } ++ ++ /* ++ * rfc2047 says we cannot split multi-byte characters over ++ * encoded words, so we need to know if we're a multi-byte ++ * source stream (UTF-8 specifically) or just an 8 bit ++ * stream like ISO-8859-15 ++ * so test beginning of charset since it is valid to include ++ * language in charset "UTF-8*DE" etc as per rfc 2184/2231 ++ */ ++ char *thisset = b&0200 ? charset : charset7; ++ int is_utf8 = ( strncasecmp( thisset, "utf-8", 5 ) == 0 ); ++ + if (2 * quoteany > in->l) { + /* + * Print the entire field in base64. + */ +- for (wbeg = in->s; wbeg < upper; wbeg = wend) { ++ for (wbeg = in->s; wbeg < upper; ) { + wend = upper; + cin.s = wbeg; +- for (;;) { +- cin.l = wend - wbeg; +- if (cin.l * 4/3 + 7 + charsetlen +- < maxcol - col) { +- fprintf(fo, "=?%s?B?", +- b&0200 ? charset : charset7); +- wr = mime_write_tob64(&cin, fo, 1); +- fwrite("?=", sizeof (char), 2, fo); +- wr += 7 + charsetlen; +- sz += wr, col += wr; +- if (wend < upper) { +- fwrite("\n ", sizeof (char), +- 2, fo); +- sz += 2; +- col = 0; +- maxcol = 76; ++ /* ++ * we calculate the maximum number of bytes ++ * we can use on this output line, and then what ++ * this equates to as base64 encoded source bytes ++ */ ++ maxout = maxcol - col - 7 - charsetlen; ++ maxin = (maxout - (maxout & 0x03)) * 3/4; ++ ++ /* short enough to finish ? */ ++ if (maxin > upper - wbeg ) ++ { ++ curin = upper - wbeg; ++ wbeg += curin; ++ }else ++ { ++ if (is_utf8) ++ { ++ /* ++ * now scan the input from the beginning ++ * to see how many codepoints will fit ++ */ ++ curin = 0; ++ while (curin < maxin ++ && (cpsz = codepointsize(*wbeg)) <= (maxin - curin)) ++ { ++ curin += cpsz; ++ wbeg += cpsz; + } +- break; +- } else { +- if (col) { +- fprintf(fo, "\n "); +- sz += 2; +- col = 0; +- maxcol = 76; +- } else +- wend -= 4; ++ }else ++ { ++ curin = maxin; ++ wbeg += maxin; + } + } ++ cin.l = curin; ++ fprintf(fo, "%s=?%s?B?", (cin.s != in->s) ? " " : "", thisset ); ++ wr = mime_write_tob64(&cin, fo, 1); ++ ++ if (wbeg < upper) ++ { ++ wr += fwrite("?=\n ", sizeof (char), 4, fo) * sizeof (char); ++ }else ++ { ++ wr += fwrite("?=", sizeof (char), 2, fo) * sizeof (char); ++ } ++ ++ /* and shuffle pointers and counts */ ++ col = 1; ++ maxcol = 76; ++ sz += wr + 7 + charsetlen + ((cin.s != in->s) ? 1 : 0 ); + } + } else { + /* +@@ -1243,7 +1295,29 @@ mime_write_tohdr(struct str *in, FILE *fo) + maxcol -= wbeg - + lastspc; + } else { +- wend -= 4; ++ if (is_utf8) ++ { ++ /* ++ * make sure wend is not pointing to ++ * the middle of a codepoint ++ */ ++ cp = wend; ++ while (--cp > wbeg) ++ { ++ cps = codepointsize(*cp); ++ if (cps > 1) ++ { ++ if (wend - cp - cps > 4) ++ wend -= 4; ++ else ++ wend = cp; ++ break; ++ } ++ } ++ if (cp == wbeg) ++ wend -= 4; ++ } else ++ wend -= 4; + } + free(cout.s); + } diff --git a/SOURCES/mailx-12.5-fio.c-Unconditionally-require-wordexp-support.patch b/SOURCES/mailx-12.5-fio.c-Unconditionally-require-wordexp-support.patch new file mode 100644 index 00000000..7544ab27 --- /dev/null +++ b/SOURCES/mailx-12.5-fio.c-Unconditionally-require-wordexp-support.patch @@ -0,0 +1,108 @@ +From 2bae8ecf04ec2ba6bb9f0af5b80485dd0edb427d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 17 Nov 2014 12:48:25 +0100 +Subject: [PATCH 3/4] fio.c: Unconditionally require wordexp support + +--- + fio.c | 67 +++++-------------------------------------------------------------- + 1 file changed, 5 insertions(+), 62 deletions(-) + +diff --git a/fio.c b/fio.c +index 65e8f10..1529236 100644 +--- a/fio.c ++++ b/fio.c +@@ -43,12 +43,15 @@ static char sccsid[] = "@(#)fio.c 2.76 (gritter) 9/16/09"; + #endif /* not lint */ + + #include "rcv.h" ++ ++#ifndef HAVE_WORDEXP ++#error wordexp support is required ++#endif ++ + #include + #include + #include +-#ifdef HAVE_WORDEXP + #include +-#endif /* HAVE_WORDEXP */ + #include + + #if defined (USE_NSS) +@@ -481,7 +484,6 @@ next: + static char * + globname(char *name) + { +-#ifdef HAVE_WORDEXP + wordexp_t we; + char *cp; + sigset_t nset; +@@ -527,65 +529,6 @@ globname(char *name) + } + wordfree(&we); + return cp; +-#else /* !HAVE_WORDEXP */ +- char xname[PATHSIZE]; +- char cmdbuf[PATHSIZE]; /* also used for file names */ +- int pid, l; +- char *cp, *shell; +- int pivec[2]; +- extern int wait_status; +- struct stat sbuf; +- +- if (pipe(pivec) < 0) { +- perror("pipe"); +- return name; +- } +- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name); +- if ((shell = value("SHELL")) == NULL) +- shell = SHELL; +- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL); +- if (pid < 0) { +- close(pivec[0]); +- close(pivec[1]); +- return NULL; +- } +- close(pivec[1]); +-again: +- l = read(pivec[0], xname, sizeof xname); +- if (l < 0) { +- if (errno == EINTR) +- goto again; +- perror("read"); +- close(pivec[0]); +- return NULL; +- } +- close(pivec[0]); +- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) { +- fprintf(stderr, catgets(catd, CATSET, 81, +- "\"%s\": Expansion failed.\n"), name); +- return NULL; +- } +- if (l == 0) { +- fprintf(stderr, catgets(catd, CATSET, 82, +- "\"%s\": No match.\n"), name); +- return NULL; +- } +- if (l == sizeof xname) { +- fprintf(stderr, catgets(catd, CATSET, 83, +- "\"%s\": Expansion buffer overflow.\n"), name); +- return NULL; +- } +- xname[l] = 0; +- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--) +- ; +- cp[1] = '\0'; +- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) { +- fprintf(stderr, catgets(catd, CATSET, 84, +- "\"%s\": Ambiguous.\n"), name); +- return NULL; +- } +- return savestr(xname); +-#endif /* !HAVE_WORDEXP */ + } + + /* +-- +1.9.3 + diff --git a/SOURCES/mailx-12.5-fname-null.patch b/SOURCES/mailx-12.5-fname-null.patch new file mode 100644 index 00000000..056e97f9 --- /dev/null +++ b/SOURCES/mailx-12.5-fname-null.patch @@ -0,0 +1,12 @@ +diff -upr mailx-12.5.orig/names.c mailx-12.5/names.c +--- mailx-12.5.orig/names.c 2006-03-04 01:32:16.000000000 +0100 ++++ mailx-12.5/names.c 2012-11-01 15:28:43.883573793 +0100 +@@ -357,7 +357,7 @@ outof(struct name *names, FILE *fo, stru + free_child(pid); + } else { + int f; +- if ((fout = Zopen(fname, "a", NULL)) == NULL) { ++ if ((fname == NULL) || ((fout = Zopen(fname, "a", NULL)) == NULL)) { + perror(fname); + senderr++; + goto cant; diff --git a/SOURCES/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch b/SOURCES/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch new file mode 100644 index 00000000..a7fb9d36 --- /dev/null +++ b/SOURCES/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch @@ -0,0 +1,25 @@ +From 73fefa0c1ac70043ec84f2d8b8f9f683213f168d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 17 Nov 2014 13:11:32 +0100 +Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771) + +--- + fio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fio.c b/fio.c +index 1529236..774a204 100644 +--- a/fio.c ++++ b/fio.c +@@ -497,7 +497,7 @@ globname(char *name) + sigemptyset(&nset); + sigaddset(&nset, SIGCHLD); + sigprocmask(SIG_BLOCK, &nset, NULL); +- i = wordexp(name, &we, 0); ++ i = wordexp(name, &we, WRDE_NOCMD); + sigprocmask(SIG_UNBLOCK, &nset, NULL); + switch (i) { + case 0: +-- +1.9.3 + diff --git a/SOURCES/mailx-12.5-lzw.patch b/SOURCES/mailx-12.5-lzw.patch new file mode 100644 index 00000000..2dc1fbcc --- /dev/null +++ b/SOURCES/mailx-12.5-lzw.patch @@ -0,0 +1,12 @@ +diff -Nrbu mailx-12.5/lzw.c mailx-12.5-OK/lzw.c +--- mailx-12.5/lzw.c 2006-03-04 03:32:16.000000000 +0300 ++++ mailx-12.5-OK/lzw.c 2011-08-17 16:30:01.000000000 +0400 +@@ -516,6 +516,8 @@ + + /* Generate output characters in reverse order. */ + while (code >= 256) { ++ if (stackp - de_stack >= HSIZE - 1) ++ return -1; + *stackp++ = tab_suffixof(code); + code = tab_prefixof(code); + } diff --git a/SOURCES/mailx-12.5-mailx.1-environment-variables.patch b/SOURCES/mailx-12.5-mailx.1-environment-variables.patch new file mode 100644 index 00000000..5719327a --- /dev/null +++ b/SOURCES/mailx-12.5-mailx.1-environment-variables.patch @@ -0,0 +1,26 @@ +From 046f297e41ea7e53c7b2172bf22b6681112efa5f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Fri, 10 Feb 2017 15:02:28 +0100 +Subject: [PATCH] mailx.1: environment vairables + +--- + mailx.1 | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/mailx.1 b/mailx.1 +index 05cea6b..6adbada 100644 +--- a/mailx.1 ++++ b/mailx.1 +@@ -2197,7 +2197,8 @@ if it is passed to \fImailx\fR + as part of the environment + (this is not restricted to specific variables as in the POSIX standard). + A value given in a startup file overrides +-a value imported from the environment. ++a value imported from the environment, but it is not possible to unset ++an environment variable in a startup file. + Options may be either binary, + in which case it is only significant + to see whether they are set or not; +-- +2.7.4 + diff --git a/SOURCES/mailx-12.5-mailx.1-from-syntax.patch b/SOURCES/mailx-12.5-mailx.1-from-syntax.patch new file mode 100644 index 00000000..0420aab5 --- /dev/null +++ b/SOURCES/mailx-12.5-mailx.1-from-syntax.patch @@ -0,0 +1,31 @@ +From bf8f5a6197bb0ad26609f8014ae545a1a0b6c2ea Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Fri, 10 Feb 2017 15:10:17 +0100 +Subject: [PATCH] mailx.1: addition to FROM syntax + +--- + mailx.1 | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/mailx.1 b/mailx.1 +index 6adbada..1184cbf 100644 +--- a/mailx.1 ++++ b/mailx.1 +@@ -219,6 +219,14 @@ and, in case of a string option, + assigns + .I value + to it. ++Note, that when setting ++.I from ++variable, domain name of host is automatically added if value does not contain any. ++If you want to enter ++.I from ++address with owner's name, you can use, for example, following format: ++.B -S ++.I \(dqfrom=System User \(dq + .TP + .BI \-T \ name + Writes the `Message-Id:' and `Article-Id:' header fields +-- +2.7.4 + diff --git a/SOURCES/mailx-12.5-nss_check_host-fix.patch b/SOURCES/mailx-12.5-nss_check_host-fix.patch new file mode 100644 index 00000000..5d49b348 --- /dev/null +++ b/SOURCES/mailx-12.5-nss_check_host-fix.patch @@ -0,0 +1,25 @@ +From 21d9c635ed43326a5517c876f4dd9008929de497 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 17 Jan 2017 14:14:11 +0100 +Subject: [PATCH] Fix return value of nss_check_host() + +--- + nss.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nss.c b/nss.c +index 96b0ea3..2acbd5f 100644 +--- a/nss.c ++++ b/nss.c +@@ -189,7 +189,7 @@ nss_check_host(const char *server, struct sock *sp) + fprintf(stderr, + "Comparing DNS name: \"%s\"\n", + dn); +- if (rfc2595_hostname_match(server, dn) ++ if ((ok = rfc2595_hostname_match(server, dn)) + == OKAY) { + ac_free(dn); + goto out; +-- +2.7.4 + diff --git a/SOURCES/mailx-12.5-outof-Introduce-expandaddr-flag.patch b/SOURCES/mailx-12.5-outof-Introduce-expandaddr-flag.patch new file mode 100644 index 00000000..c3479e28 --- /dev/null +++ b/SOURCES/mailx-12.5-outof-Introduce-expandaddr-flag.patch @@ -0,0 +1,64 @@ +From 9984ae5cb0ea0d61df1612b06952a61323c083d9 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 17 Nov 2014 11:13:38 +0100 +Subject: [PATCH 1/4] outof: Introduce expandaddr flag + +Document that address expansion is disabled unless the expandaddr +binary option is set. + +This has been assigned CVE-2014-7844 for BSD mailx, but it is not +a vulnerability in Heirloom mailx because this feature was documented. +--- + mailx.1 | 14 ++++++++++++++ + names.c | 3 +++ + 2 files changed, 17 insertions(+) + +diff --git a/mailx.1 b/mailx.1 +index 70a7859..22a171b 100644 +--- a/mailx.1 ++++ b/mailx.1 +@@ -656,6 +656,14 @@ but any reply returned to the machine + will have the system wide alias expanded + as all mail goes through sendmail. + .SS "Recipient address specifications" ++If the ++.I expandaddr ++option is not set (the default), recipient addresses must be names of ++local mailboxes or Internet mail addresses. ++.PP ++If the ++.I expandaddr ++option is set, the following rules apply: + When an address is used to name a recipient + (in any of To, Cc, or Bcc), + names of local mail folders +@@ -2391,6 +2399,12 @@ and exits immediately. + If this option is set, + \fImailx\fR starts even with an empty mailbox. + .TP ++.B expandaddr ++Causes ++.I mailx ++to expand message recipient addresses, as explained in the section, ++Recipient address specifications. ++.TP + .B flipr + Exchanges the + .I Respond +diff --git a/names.c b/names.c +index 66e976b..c69560f 100644 +--- a/names.c ++++ b/names.c +@@ -268,6 +268,9 @@ outof(struct name *names, FILE *fo, struct header *hp) + FILE *fout, *fin; + int ispipe; + ++ if (value("expandaddr") == NULL) ++ return names; ++ + top = names; + np = names; + time(&now); +-- +1.9.3 + diff --git a/SOURCES/mailx-12.5-unpack-Disable-option-processing-for-email-addresses.patch b/SOURCES/mailx-12.5-unpack-Disable-option-processing-for-email-addresses.patch new file mode 100644 index 00000000..d20bb4a9 --- /dev/null +++ b/SOURCES/mailx-12.5-unpack-Disable-option-processing-for-email-addresses.patch @@ -0,0 +1,74 @@ +From e34e2ac67b80497080ebecccec40c3b61456167d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 17 Nov 2014 11:14:06 +0100 +Subject: [PATCH 2/4] unpack: Disable option processing for email addresses + when calling sendmail + +--- + extern.h | 2 +- + names.c | 8 ++++++-- + sendout.c | 2 +- + 3 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/extern.h b/extern.h +index 6b85ba0..8873fe8 100644 +--- a/extern.h ++++ b/extern.h +@@ -396,7 +396,7 @@ struct name *outof(struct name *names, FILE *fo, struct header *hp); + int is_fileaddr(char *name); + struct name *usermap(struct name *names); + struct name *cat(struct name *n1, struct name *n2); +-char **unpack(struct name *np); ++char **unpack(struct name *smopts, struct name *np); + struct name *elide(struct name *names); + int count(struct name *np); + struct name *delete_alternates(struct name *np); +diff --git a/names.c b/names.c +index c69560f..45bbaed 100644 +--- a/names.c ++++ b/names.c +@@ -549,7 +549,7 @@ cat(struct name *n1, struct name *n2) + * Return an error if the name list won't fit. + */ + char ** +-unpack(struct name *np) ++unpack(struct name *smopts, struct name *np) + { + char **ap, **top; + struct name *n; +@@ -564,7 +564,7 @@ unpack(struct name *np) + * the terminating 0 pointer. Additional spots may be needed + * to pass along -f to the host mailer. + */ +- extra = 2; ++ extra = 3 + count(smopts); + extra++; + metoo = value("metoo") != NULL; + if (metoo) +@@ -581,6 +581,10 @@ unpack(struct name *np) + *ap++ = "-m"; + if (verbose) + *ap++ = "-v"; ++ for (; smopts != NULL; smopts = smopts->n_flink) ++ if ((smopts->n_type & GDEL) == 0) ++ *ap++ = smopts->n_name; ++ *ap++ = "--"; + for (; n != NULL; n = n->n_flink) + if ((n->n_type & GDEL) == 0) + *ap++ = n->n_name; +diff --git a/sendout.c b/sendout.c +index 7b7f2eb..c52f15d 100644 +--- a/sendout.c ++++ b/sendout.c +@@ -835,7 +835,7 @@ start_mta(struct name *to, struct name *mailargs, FILE *input, + #endif /* HAVE_SOCKETS */ + + if ((smtp = value("smtp")) == NULL) { +- args = unpack(cat(mailargs, to)); ++ args = unpack(mailargs, to); + if (debug || value("debug")) { + printf(catgets(catd, CATSET, 181, + "Sendmail arguments:")); +-- +1.9.3 + diff --git a/SOURCES/mailx-12.5-usage.patch b/SOURCES/mailx-12.5-usage.patch new file mode 100644 index 00000000..3c375ade --- /dev/null +++ b/SOURCES/mailx-12.5-usage.patch @@ -0,0 +1,12 @@ +diff -upr mailx-12.5.orig/main.c mailx-12.5/main.c +--- mailx-12.5.orig/main.c 2007-10-02 14:15:50.000000000 +0200 ++++ mailx-12.5/main.c 2013-07-22 16:06:56.960765683 +0200 +@@ -353,7 +353,7 @@ main(int argc, char *argv[]) + case '?': + usage: + fprintf(stderr, catgets(catd, CATSET, 135, +-"Usage: %s -eiIUdEFntBDNHRV~ -T FILE -u USER -h hops -r address -s SUBJECT -a FILE -q FILE -f FILE -A ACCOUNT -b USERS -c USERS -S OPTION users\n"), progname); ++"Usage: %s -eiIUdEFntBDNHRVv~ -T FILE -u USER -h hops -r address -s SUBJECT -a FILE -q FILE -f FILE -A ACCOUNT -b USERS -c USERS -S OPTION users\n"), progname); + exit(2); + } + } diff --git a/SOURCES/nail-11.25-config.patch b/SOURCES/nail-11.25-config.patch new file mode 100644 index 00000000..b1dd7e09 --- /dev/null +++ b/SOURCES/nail-11.25-config.patch @@ -0,0 +1,11 @@ +diff -Nrbu nail-11.25/nail.rc nail-11.25-OK/nail.rc +--- nail-11.25/nail.rc 2005-01-15 17:33:16.000000000 +0300 ++++ nail-11.25-OK/nail.rc 2005-08-19 16:55:09.000000000 +0400 +@@ -60,3 +60,7 @@ + + # Only include selected header fields when forwarding messages. + fwdretain subject date from to ++ ++# For Linux and BSD, this should be set. ++set bsdcompat ++ diff --git a/SPECS/mailx.spec b/SPECS/mailx.spec new file mode 100644 index 00000000..82858ac4 --- /dev/null +++ b/SPECS/mailx.spec @@ -0,0 +1,326 @@ +%global use_nss 1 +%global mailrc %{_sysconfdir}/mail.rc + +Summary: Enhanced implementation of the mailx command +Name: mailx +Version: 12.5 +Release: 19%{?dist} +# MPLv1.1 .. nss.c, nsserr.c +License: BSD with advertising and MPLv1.1 +Group: Applications/Internet +URL: http://heirloom.sourceforge.net/mailx.html +# Mailx's upstream provides only the CVS method of downloading source code. +# Use get-upstream-tarball.sh script to download current version of mailx. +Source0: mailx-%{version}.tar.xz +Source1: get-upstream-tarball.sh + +Patch0: nail-11.25-config.patch +Patch1: mailx-12.3-pager.patch +Patch2: mailx-12.5-lzw.patch +# resolves: #805410 +Patch3: mailx-12.5-fname-null.patch +# resolves: #857120 +Patch4: mailx-12.5-collect.patch +# resolves: #948869 +Patch5: mailx-12.5-usage.patch +# resolves: #1171178 +Patch6: mailx-12.5-outof-Introduce-expandaddr-flag.patch +Patch7: mailx-12.5-unpack-Disable-option-processing-for-email-addresses.patch +Patch8: mailx-12.5-fio.c-Unconditionally-require-wordexp-support.patch +Patch9: mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch +# resolves: #1113611 +Patch10: mailx-12.5-empty-from.patch +# resolves: #1290043 +Patch11: mailx-12.5-nss_check_host-fix.patch +# resolves: #1147568 +Patch12: mailx-12.5-mailx.1-environment-variables.patch +# resolves: #1147570 +Patch13: mailx-12.5-mailx.1-from-syntax.patch +# resolves: #1474130 +Patch14: mailx-12.5-encsplit.patch + +%if %{use_nss} +BuildRequires: nss-devel, pkgconfig, krb5-devel +%else +BuildRequires: openssl-devel +%endif + +Obsoletes: nail < %{version} +Provides: nail = %{version} + + +%description +Mailx is an enhanced mail command, which provides the functionality +of the POSIX mailx command, as well as SysV mail and Berkeley Mail +(from which it is derived). + +Additionally to the POSIX features, mailx can work with Maildir/ e-mail +storage format (as well as mailboxes), supports IMAP, POP3 and SMTP +protocols (including over SSL) to operate with remote hosts, handles mime +types and different charsets. There are a lot of other useful features, +see mailx(1). + +And as its ancient analogues, mailx can be used as a mail script language, +both for sending and receiving mail. + +Besides the "mailx" command, this package provides "mail" and "Mail" +(which should be compatible with its predecessors from the mailx-8.x source), +as well as "nail" (the initial name of this project). + + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +sed -i 's,/etc/nail.rc,%{mailrc},g' mailx.1 + + +%build +%if %{use_nss} +INCLUDES="$INCLUDES `pkg-config --cflags-only-I nss`" +export INCLUDES +%endif + +echo PREFIX=%{_prefix} \ + BINDIR=/bin \ + MANDIR=%{_mandir} \ + SYSCONFDIR=%{_sysconfdir} \ + MAILRC=%{mailrc} \ + MAILSPOOL=%{_localstatedir}/mail \ + SENDMAIL=%{_sbindir}/sendmail \ + UCBINSTALL=install \ +> makeflags + +# %{?_smp_mflags} cannot be used here +make `cat makeflags` \ + CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" \ + IPv6=-DHAVE_IPv6_FUNCS + + +%install +make DESTDIR=$RPM_BUILD_ROOT STRIP=: `cat makeflags` install + +ln -s mailx $RPM_BUILD_ROOT/bin/mail + +install -d $RPM_BUILD_ROOT%{_bindir} +pref=`echo %{_bindir} | sed 's,/[^/]*,../,g'` + +pushd $RPM_BUILD_ROOT%{_bindir} +ln -s ${pref}bin/mailx Mail +ln -s ${pref}bin/mailx nail +popd + +pushd $RPM_BUILD_ROOT%{_mandir}/man1 +ln -s mailx.1 mail.1 +ln -s mailx.1 Mail.1 +ln -s mailx.1 nail.1 +popd + + +%triggerpostun -- mailx < 12 +[[ -f %{mailrc}.rpmnew ]] && { + # old config was changed. Merge both together. + ( echo '# The settings above was inherited from the old mailx-8.x config' + echo + cat %{mailrc}.rpmnew + ) >>%{mailrc} +} || : + + +%triggerpostun -- nail <= 12.3 +[[ -f %{_sysconfdir}/nail.rc.rpmsave ]] && { + # old config was changed... + save=%{mailrc}.rpmnew + [[ -f $save ]] && save=%{mailrc}.rpmsave + + mv -f %{mailrc} $save + mv -f %{_sysconfdir}/nail.rc.rpmsave %{mailrc} +} || : + + +%files +%doc COPYING AUTHORS README +%config(noreplace) %{mailrc} +/bin/* +%{_bindir}/* +%{_mandir}/*/* + + +%changelog +* Wed Feb 07 2018 Nikola Forró - 12.5-19 +- fix also quoted-printable encoded words + related: #1474130 + +* Wed Nov 22 2017 Nikola Forró - 12.5-18 +- add missing linear whitespace to encsplit patch + related: #1474130 + +* Mon Aug 07 2017 Nikola Forró - 12.5-17 +- fix multi-byte encoded line-folding + resolves: #1474130 + +* Fri Feb 10 2017 Nikola Forró - 12.5-16 +- extend description of FROM syntax + resolves: #1147570 + +* Fri Feb 10 2017 Nikola Forró - 12.5-15 +- correct information about environment variables + resolves: #1147568 + +* Tue Jan 17 2017 Nikola Forró - 12.5-14 +- fix return value of nss_check_host() + resolves: #1290043 + +* Tue Jan 17 2017 Nikola Forró - 12.5-13 +- fix SIGSEGV crash in smtp_auth_var() +- add warning message for empty from variable + resolves: #1113611 + +* Wed Dec 10 2014 jchaloup - 12.5-12 +- CVE-2004-2771 mailx: command execution flaw + resolves: #1171178 + +* Fri Jan 24 2014 Daniel Mach - 12.5-11 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 12.5-10 +- Mass rebuild 2013-12-27 + +* Mon Jul 22 2013 Peter Schiffer - 12.5-9 +- related: #912785 + used -D_FILE_OFFSET_BITS=64 flag at the compile time +- return error code when TMPDIR is set to an invalid path while sending email +- added missing -v option to the usage message + +* Thu Feb 14 2013 Fedora Release Engineering - 12.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 5 2012 Peter Schiffer - 12.5-7 +- cleaned .spec file +- resolves: #805410 + fixed SIGSEGV crash in which_protocol() function +- updated get-upstream-tarball.sh script and added it as additional source + +* Thu Jul 19 2012 Fedora Release Engineering - 12.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 12.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Aug 17 2011 Dmitry Butskoy - 12.5-4 +- Fix decompress lzw issues (#731342) + +* Wed Feb 09 2011 Fedora Release Engineering - 12.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Jan 27 2011 Dmitry Butskoy - 12.5-2 +- rebuild for new krb5-libs + +* Tue Oct 26 2010 Dmitry Butskoy - 12.5-1 +- update to 12.5 +- drop patches applied upstream + +* Fri Oct 1 2010 Ivana Hutarova Varekova - 12.4-7 +- fix the typo in man-page + +* Mon Dec 21 2009 Ivana Hutarova Varekova - 12.4-6 +- fix source tag + +* Fri Dec 18 2009 Ivana Hutarova Varekova - 12.4-5 +- fix license tag + +* Sat Dec 12 2009 Robert Scheck - 12.4-4 +- Make OpenSSL support working again if NSS flag is disabled + +* Sat Jul 25 2009 Fedora Release Engineering - 12.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 12.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Aug 11 2008 Dmitry Butskoy - 12.4-1 +- update to 12.4 + +* Tue Jul 29 2008 Dmitry Butskoy - 12.3-1 +- Place mailx to /bin/mailx, to avoid extra symlink in redhat-lsb package +- /bin/mailx is now a base binary, another symlinked to it. + +* Thu Jun 26 2008 Dmitry Butskoy +- add missed BR for krb5-devel +- activate IPv6 support +- change config to /etc/mail.rc for compatibility +- add triggerpostun scriptlets against previous mailx and nail + to check and merge (when possible) their user config changes +- use proper config filename in manuals +- use "less" instead of non-provided "pg" for nobsdcompat mode + +* Wed Jun 18 2008 Dmitry Butskoy - 12.3-0 +- Change the name from "nail" to upstream's "mailx". + Merge with the ordinary "mailx" cvs tree for Fedora 10. + Now this stuff supersedes the old ancient mailx-8.x in Fedora. +- Build with nss instead of openssl, for "Security Consolidation" process. + +* Mon Feb 18 2008 Fedora Release Engineering - 12.3-4 +- Autorebuild for GCC 4.3 + +* Wed Dec 05 2007 Release Engineering - 12.3-3 + - Rebuild for deps + +* Tue Aug 28 2007 Fedora Release Engineering - 12.3-2 +- Rebuild for selinux ppc32 issue. + +* Fri Aug 17 2007 Dmitry Butskoy +- Change License tag to "BSD with advertising" + +* Tue Jul 24 2007 Dmitry Butskoy - 12.3-1 +- update to 12.3 + +* Fri Jan 12 2007 Dmitry Butskoy - 12.2-1 +- update to 12.2 +- spec file cleanups + +* Fri Jun 16 2006 Dmitry Butskoy - 12.1-1 +- update to 12.1 + +* Wed Mar 22 2006 Dmitry Butskoy - 12.0-2 +- complete "mailx to nail" changes in the manual and config files +- drop _smp_mflags: it caused make to work incorrectly. + +* Tue Mar 21 2006 Dmitry Butskoy - 12.0-1 +- upgrade to 12.0 +- change new upstream name "mailx" to the old name "nail" to avoid + conflicts with the Core mailx package. +- drop Source1, use package's html file instead. + +* Mon Oct 17 2005 Dmitry Butskoy - 11.25-4 +- don't strip binaries on makeinstall (#170972) + +* Mon Oct 3 2005 Dmitry Butskoy +- clear buildroot before install (Michael Schwendt) + +* Mon Sep 26 2005 Dmitry Butskoy - 11.25-3 +- more spec file cleanups +- accepted for Fedora Extra + (review by Aurelien Bompard ) + +* Mon Aug 22 2005 Dmitry Butskoy - 11.25-2 +- spec file cleanups (#166343) + +* Fri Aug 19 2005 Dmitry Butskoy - 11.25-1 +- initial release +- add "set bsdcompat" to nail.rc as default +- copy nail web page to doc +