debian/0000775000000000000000000000000012524420213007163 5ustar debian/docs0000664000000000000000000000001512443641401010036 0ustar README TODO debian/menu0000664000000000000000000000025112443641400010053 0ustar ?package(heirloom-mailx):\ needs="text"\ section="Applications/Network/Communication"\ title="heirloom-mailx"\ command="/usr/bin/heirloom-mailx"\ hints="Mail" debian/rules0000775000000000000000000000406712443641767010275 0ustar #!/usr/bin/make -f # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 CFLAGS=-Wall -g ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS+=-O0 else CFLAGS+=-O2 endif build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: dh_testdir $(MAKE) \ PREFIX=/usr \ CFLAGS="$(CFLAGS)" \ CPPFLAGS=-D_GNU_SOURCE \ UCBINSTALL=/usr/bin/install \ IPv6=-DHAVE_IPv6_FUNCS \ STRIP=true touch build-stamp debian/copyright: debian/copyright.head AUTHORS COPYING dh_testdir (cat debian/copyright.head; \ echo 'Upstream Authors:'; \ echo '-----------------'; echo; \ cat AUTHORS; echo; \ echo 'Copyright:'; \ echo '----------'; echo; \ cat COPYING) > debian/copyright clean: dh_testdir dh_testroot rm -f build-stamp $(MAKE) clean rm -f LIBS config.h config.log rm -f debian/copyright dh_clean install: debian/copyright build dh_testdir dh_testroot dh_clean -k dh_installdirs $(MAKE) install DESTDIR=$(CURDIR)/debian/heirloom-mailx/ \ PREFIX=/usr \ UCBINSTALL=/usr/bin/install \ STRIP=true # This should change once we rename the package. mv $(CURDIR)/debian/heirloom-mailx/usr/bin/mailx \ $(CURDIR)/debian/heirloom-mailx/usr/bin/heirloom-mailx mv $(CURDIR)/debian/heirloom-mailx/usr/share/man/man1/mailx.1 \ $(CURDIR)/debian/heirloom-mailx/usr/share/man/man1/heirloom-mailx.1 # This is dangerous!! If you really need dot locking, enable at your own risk. # chgrp mail $(CURDIR)/debian/heirloom-mailx/usr/bin/heirloom-mailx # chmod 2755 $(CURDIR)/debian/heirloom-mailx/usr/bin/heirloom-mailx binary-indep: build install binary-arch: build install dh_testdir dh_testroot dh_installdocs dh_installexamples dh_installmenu dh_installchangelogs ChangeLog dh_link dh_strip dh_compress dh_fixperms -X/usr/bin/heirloom-mailx dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure # vim:nosta debian/copyright.head0000664000000000000000000000041412443641400012020 0ustar This package was debianized by Arthur Korn on Sat, 20 Jan 2001 16:28:10 +0100. As of Tue, 29 Apr 2003 02:13:58 +0200, this package is maintained by Hilko Bengen . The sources were downloaded from http://heirloom.sourceforge.net/ debian/changelog0000664000000000000000000003252212524420212011040 0ustar heirloom-mailx (12.5-2+deb7u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Steve Beattie Tue, 12 May 2015 08:47:22 -0700 heirloom-mailx (12.5-2+deb7u1) wheezy-security; urgency=high * Apply patches from Red Hat to address command execution issues: + 0011-outof-Introduce-expandaddr-flag.patch Disable command execution in email addresses (CVE-2014-7844) + 0012-unpack-Disable-option-processing-for-email-addresses.patch + 0013-fio.c-Unconditionally-require-wordexp-support.patch + 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch (CVE-2004-2771) -- Florian Weimer Mon, 15 Dec 2014 21:27:14 +0100 heirloom-mailx (12.5-2) unstable; urgency=low * now Provides: mail-reader (Closes: #663384), imap-client * Moved custom build parameters from Makefile to debian/rules * Switched to source format 3 (quilt) * Attended to some Lintian warnings -- Hilko Bengen Sat, 14 Apr 2012 20:24:57 +0200 heirloom-mailx (12.5-1) unstable; urgency=low * New upstream version - Fixes FTBFS with OpenSSL 1.0.0. Closes: #622060 * Patched out SSL2 support since it is no longer supported by OpenSSL. * Removed watch file since upstream no longer distributes tarballs. * Removed HTML version of manpage. -- Hilko Bengen Tue, 26 Apr 2011 23:52:57 +0200 heirloom-mailx (12.4-2) unstable; urgency=low * Got rid of the "nail" binary package * postinst: removed unnecessary check around update-alternatives(8) that gave a bogus error message on new installs. Thanks to Petter Reinholdtsen for spotting this. Closes: #579287 * package maintenance: bumped debhelper compat level, Standards-Version -- Hilko Bengen Fri, 28 May 2010 23:09:44 +0200 heirloom-mailx (12.4-1.1) unstable; urgency=high * Non-maintainer upload. * Don't reuse weak symbol optopt (Closes: #535660). -- Luk Claes Sat, 11 Jul 2009 07:44:12 +0000 heirloom-mailx (12.4-1) unstable; urgency=low * New upstream version * Fixed nail.1.gz link (Closes: #511639) -- Hilko Bengen Tue, 13 Jan 2009 22:32:54 +0100 heirloom-mailx (12.3+cvs20080629-1) unstable; urgency=high * New release from upstream CVS - Closes: #487019. * This should take care of #465484, too, therefore reverting the earlier fix: No longer set `ttycharset' in the global configuration file. * Now Provides: mailx * Added symlinks to nail package; changed description accordingly. * Updated Standards-Version. * Changed doc-base section. -- Hilko Bengen Fri, 04 Jul 2008 00:00:21 +0200 heirloom-mailx (12.3-4) unstable; urgency=low * Modified system-wide config file so that UTF-8 is accepted if no locale is set. Closes: #465484 * Turned .N into .B in manpage. Thanks, lintian! * Removed the -1 from the libssl-dev dependency. -- Hilko Bengen Mon, 18 Feb 2008 20:45:00 +0100 heirloom-mailx (12.3-3) unstable; urgency=low * Renamed package * Made /usr/bin/mailx a possible candidate for mailx (Closes: #272256) * Fixed watch file (Closes: #449803) * Added `Homepage:' header -- Hilko Bengen Mon, 10 Dec 2007 23:57:48 +0100 nail (12.3-2) unstable; urgency=low * Updated menu file (Closes: #444895) -- Hilko Bengen Mon, 01 Oct 2007 23:50:37 +0200 nail (12.3-1) unstable; urgency=low * New upstream version * Build process now honors the nostrip build option (Closes: #437602) -- Hilko Bengen Tue, 21 Aug 2007 23:29:34 +0200 nail (12.2-1) unstable; urgency=low * New upstream release * Include nail.1.html (Closes: #408168) -- Hilko Bengen Tue, 23 Jan 2007 23:42:51 +0100 nail (12.1-1) unstable; urgency=low * New upstream version (Closes: #392191) We'll keep the original name for the binary, nail, for now. -- Hilko Bengen Thu, 12 Oct 2006 00:05:49 +0200 nail (11.25-2) unstable; urgency=low * Depend on newer libssl-dev for OpenSSL transition -- Hilko Bengen Mon, 10 Oct 2005 17:03:29 +0200 nail (11.25-1) unstable; urgency=low * New upstream version * Includes fix for IMAP/POP3 segfault in connection with OpenSSL -- Hilko Bengen Tue, 2 Aug 2005 22:01:06 +0200 nail (11.24-2) unstable; urgency=low * Fixed a bug in base64 encoding which affected SMTP AUTH * Fixed typo in nail.1 -- Hilko Bengen Fri, 22 Jul 2005 17:24:02 +0200 nail (11.24-1) unstable; urgency=low * New upstream version -- Hilko Bengen Fri, 15 Jul 2005 19:32:40 +0200 nail (11.23-2) unstable; urgency=low * Added HTML manual * Fixed two bogs discussed on the nail-devel mailing list - Off-by-one bug (tty.c) - Segfault (sendout.c) -- Hilko Bengen Fri, 8 Jul 2005 13:36:02 +0200 nail (11.23-1) unstable; urgency=low * New upstream version -- Hilko Bengen Tue, 28 Jun 2005 23:22:06 +0200 nail (11.22-1) unstable; urgency=low * New upstream version -- Hilko Bengen Sun, 20 Mar 2005 20:39:55 +0100 nail (11.21-1) unstable; urgency=low * New upstream version -- Hilko Bengen Fri, 25 Feb 2005 01:30:06 +0100 nail (11.20-1) unstable; urgency=low * New upstream version -- Hilko Bengen Thu, 13 Jan 2005 23:00:48 +0100 nail (11.19-1) unstable; urgency=low * New upstream version -- Hilko Bengen Tue, 4 Jan 2005 22:56:23 +0100 nail (11.18-1) unstable; urgency=low * New upstream version -- Hilko Bengen Thu, 9 Dec 2004 22:14:00 +0100 nail (11.17-1) unstable; urgency=low * New upstream version (Two new releases per day -- Not bad, man...) -- Hilko Bengen Sat, 20 Nov 2004 00:20:54 +0100 nail (11.15-1) unstable; urgency=low * New upstream version -- Hilko Bengen Thu, 11 Nov 2004 11:37:54 +0100 nail (11.14-1) unstable; urgency=low * New upstream version * Defined _GNU_SOURCE, so junk.c compiles cleanly -- Hilko Bengen Fri, 5 Nov 2004 18:57:40 +0100 nail (11.13-1) unstable; urgency=low * New upstream version -- Hilko Bengen Thu, 28 Oct 2004 09:34:39 +0200 nail (11.12-1) unstable; urgency=low * New upstream version -- Hilko Bengen Fri, 22 Oct 2004 14:33:41 +0200 nail (11.11-1) unstable; urgency=medium * New upstream version (Schnapszahl!) -- Hilko Bengen Wed, 13 Oct 2004 21:39:37 +0200 nail (11.10-1) unstable; urgency=low * New upstream version - 11.9-1 wan't uploaded. -- Hilko Bengen Sun, 3 Oct 2004 18:07:06 +0200 nail (11.9-1) unstable; urgency=low * New upstream version -- Hilko Bengen Sun, 3 Oct 2004 03:33:08 +0200 nail (11.8-1) unstable; urgency=low * New upstream version -- Hilko Bengen Fri, 24 Sep 2004 01:23:24 +0200 nail (11.7-1) unstable; urgency=low * New upstream version -- Hilko Bengen Mon, 20 Sep 2004 23:29:43 +0200 nail (11.6-1) unstable; urgency=low * New upstream version -- Hilko Bengen Wed, 8 Sep 2004 19:42:35 +0200 nail (11.5-1) unstable; urgency=low * New upstream version -- Hilko Bengen Mon, 6 Sep 2004 13:57:28 +0200 nail (11.4-1) unstable; urgency=low * New upstream version -- Hilko Bengen Tue, 31 Aug 2004 12:50:53 +0200 nail (11.3-1) unstable; urgency=low * New upstream version * Build-Depends on libkrb5-dev -- Hilko Bengen Wed, 18 Aug 2004 23:06:39 +0200 nail (11.2-1) unstable; urgency=low * New upstream version -- Hilko Bengen Mon, 16 Aug 2004 20:30:24 +0200 nail (11.1-1) unstable; urgency=low * New upstream version - Enhanced IMAP support, speed improvements, IMAP offline operations -- Hilko Bengen Sun, 8 Aug 2004 19:23:52 +0200 nail (11.0-1) unstable; urgency=low * New upstream version * Build with IPv6 * Added TODO to the documentation directory * Updated description -- Hilko Bengen Sun, 1 Aug 2004 02:59:00 +0200 nail (10.8-1) unstable; urgency=low * New upstream version -- Hilko Bengen Mon, 5 Jul 2004 21:42:47 +0200 nail (10.7-1) unstable; urgency=low * New upstream version (includes portions of IEEE Std 1003.1 docs) * Updated Standards-Version -- Hilko Bengen Thu, 1 Apr 2004 12:58:06 +0200 nail (10.6-2) unstable; urgency=low * Added Benjamin C. W. Sittler's patch to cure base64 decoding problems (Closes: #233717) -- Hilko Bengen Fri, 20 Feb 2004 14:21:16 +0100 nail (10.6-1) unstable; urgency=low * New upstream version * Changed dependency (Closes: #228559) -- Hilko Bengen Tue, 20 Jan 2004 11:59:33 +0100 nail (10.5-1) unstable; urgency=low * New maintainer (Closes: #188806) * New upstream release. * Removed cruft from changelog * Removed autogenerated files from .diff.gz. -- Hilko Bengen Tue, 29 Apr 2003 02:13:58 +0200 nail (10.4-2) unstable; urgency=low * ORPHANED: changed maintainer to packages@qa.debian.org -- Arthur Korn Fri, 11 Apr 2003 20:41:30 +0200 nail (10.4-1) unstable; urgency=low * New upstream release - IPv6 support for network client functionality. -- Arthur Korn Tue, 21 Jan 2003 14:33:15 +0100 nail (10.3-1) unstable; urgency=low * New upstream release - bugfixes * added watchfile for uscan * rules: don't use automake/autoconf anymore * rules: clean uses make clean, not make distclean * control: removed build dependency on automake -- Arthur Korn Wed, 11 Dec 2002 22:59:56 +0100 nail (10.2-1) unstable; urgency=low * New upstream release - integrated #169461 patch - SSL capable POP3 client - lots of fixes and new options/commands * Now using sensible-{editor,pager} instead of editor/pager * New dependency to libssl / build-dep to libssl-dev. I didn't split the package for convenience and because I figure most people using nail in space restricted applications will have ssh around anyway, and the rest can easily recomplie --without-openssl in debian/rules. * added debian/compat to avoid duplicated conffiles. * upgrading to policy version 0.5.8.0 - building with -g per default, accepting DEB_BUILD_OPTIONS=noopt for setting -O0. -- Arthur Korn Fri, 29 Nov 2002 10:45:41 +0100 nail (10.1-3) unstable; urgency=low * actually, those getc(c) vars need to be int, I'm learning closes: #169461 -- Arthur Korn Thu, 21 Nov 2002 09:43:31 +0100 nail (10.1-2) unstable; urgency=low * explicitely make chars signed when necessery, closes: #169461 -- Arthur Korn Wed, 20 Nov 2002 22:57:15 +0100 nail (10.1-1) unstable; urgency=low * New upstream release -- Arthur Korn Tue, 29 Oct 2002 17:20:00 +0100 nail (9.31-1) unstable; urgency=low * New upstream release - new escape for attachment list editing: ~@ (replaces ~a) * now Provides: mail-reader, closes: #140489 -- Arthur Korn Thu, 20 Jun 2002 12:42:03 +0200 nail (9.30-1) unstable; urgency=low * New upstream release -- Arthur Korn Sat, 9 Mar 2002 18:45:58 +0100 nail (9.29-1) unstable; urgency=low * New upstream release -- Arthur Korn Mon, 10 Dec 2001 22:03:43 +0100 nail (9.28-1) unstable; urgency=low * New upstream release -- Arthur Korn Tue, 23 Oct 2001 20:21:57 +0200 nail (9.27-2) unstable; urgency=low * Standards-Version 3.5.4.0 - Explicitely setting mailspool to /var/mail with --with-mailspool=/var/mail/ in debian/rules. - dependency on base-files (>= 2.2.0). * removed dh_testversion from debian/rules. -- Arthur Korn Sun, 3 Jun 2001 18:07:40 +0200 nail (9.27-1) unstable; urgency=low * New upstream release -- Arthur Korn Sun, 13 May 2001 22:56:59 +0200 nail (9.26-2) unstable; urgency=low * The download location in "copyright" showed a "403 Forbidden", using the homepage of nail instead. -- Arthur Korn Sun, 13 May 2001 22:43:29 +0200 nail (9.26-1) unstable; urgency=high * New upstream release * Removed SGID mail, thus no more dot locking (you can uncomment it in the debian/rules file in the source and rebuild if you really need it) because of a buffer overflow (see http://www.debian.org/security/2001/dsa-044). Mailx was never written to run S[UG]ID. -- Arthur Korn Thu, 15 Mar 2001 17:54:00 +0100 nail (9.25-2) unstable; urgency=low * Fixed Makefile.am and misc/Makefile.am to allow use of DESTDIR. -- Arthur Korn Thu, 1 Feb 2001 21:26:00 +0100 nail (9.25-1) unstable; urgency=low * New upstream release * Don't have to run autoconf anymore in debian/rules. -- Arthur Korn Thu, 25 Jan 2001 18:15:24 +0100 nail (9.24-1) unstable; urgency=low * Initial Release. (closes: Bug#82960) * Hacked up configure.in to allow for other fallbacks for editor and pager. -- Arthur Korn Sat, 20 Jan 2001 16:28:10 +0100 debian/control0000664000000000000000000000170112443641767010610 0ustar Source: heirloom-mailx Section: mail Priority: optional Maintainer: Hilko Bengen Build-Depends: debhelper (>> 5), libssl-dev (>= 0.9.8), libkrb5-dev Standards-Version: 3.8.4 Homepage: http://heirloom.sourceforge.net/mailx.html Package: heirloom-mailx Architecture: any Depends: base-files (>= 2.2.0), ${shlibs:Depends}, ${misc:Depends} Replaces: nail Conflicts: mailutils (<< 1:1.1+dfsg1-4), mailx (<< 1:20071201) Suggests: exim4 | mail-transport-agent Provides: mailx, mail-reader, imap-client Description: feature-rich BSD mail(1) Workalike of the classical mail(1). Heirloom mailx can produce and read MIME and S/MIME messages and has greatly improved character-set handling, including support for UTF-8. . It can send messages through a local /usr/bin/sendmail interface or SMTP, using a smarthost. Mail can be read from local mailboxes as well as via POP3 or IMAP connections. Network protocols can be encrypted using SSL/TLS. debian/postinst0000775000000000000000000000117212443641401011001 0ustar #!/bin/sh set -e bindir=/usr/bin mandir=/usr/share/man/man1 program=heirloom-mailx priority=60 if [ "$1" = "configure" ]; then update-alternatives \ --install "$bindir/mailx" mailx "$bindir/$program" "$priority" \ --slave "$bindir/mail" mail "$bindir/$program" \ --slave "$bindir/Mail" Mail "$bindir/$program" \ --slave "$mandir/mailx.1.gz" mailx.1.gz "$mandir/$program.1.gz" \ --slave "$mandir/mail.1.gz" mail.1.gz "$mandir/$program.1.gz" \ --slave "$mandir/Mail.1.gz" Mail.1.gz "$mandir/$program.1.gz" fi #DEBHELPER# debian/patches/0000775000000000000000000000000012443643075010627 5ustar debian/patches/0011-outof-Introduce-expandaddr-flag.patch0000664000000000000000000000325512443643075020341 0ustar From 9984ae5cb0ea0d61df1612b06952a61323c083d9 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 17 Nov 2014 11:13:38 +0100 Subject: [PATCH 1/4] outof: Introduce expandaddr flag Document that address expansion is disabled unless the expandaddr binary option is set. This has been assigned CVE-2014-7844 for BSD mailx, but it is not a vulnerability in Heirloom mailx because this feature was documented. --- mailx.1 | 14 ++++++++++++++ names.c | 3 +++ 2 files changed, 17 insertions(+) diff --git a/mailx.1 b/mailx.1 index 70a7859..22a171b 100644 --- a/mailx.1 +++ b/mailx.1 @@ -656,6 +656,14 @@ but any reply returned to the machine will have the system wide alias expanded as all mail goes through sendmail. .SS "Recipient address specifications" +If the +.I expandaddr +option is not set (the default), recipient addresses must be names of +local mailboxes or Internet mail addresses. +.PP +If the +.I expandaddr +option is set, the following rules apply: When an address is used to name a recipient (in any of To, Cc, or Bcc), names of local mail folders @@ -2391,6 +2399,12 @@ and exits immediately. If this option is set, \fImailx\fR starts even with an empty mailbox. .TP +.B expandaddr +Causes +.I mailx +to expand message recipient addresses, as explained in the section, +Recipient address specifications. +.TP .B flipr Exchanges the .I Respond diff --git a/names.c b/names.c index 66e976b..c69560f 100644 --- a/names.c +++ b/names.c @@ -268,6 +268,9 @@ outof(struct name *names, FILE *fo, struct header *hp) FILE *fout, *fin; int ispipe; + if (value("expandaddr") == NULL) + return names; + top = names; np = names; time(&now); -- 1.9.3 debian/patches/0013-fio.c-Unconditionally-require-wordexp-support.patch0000664000000000000000000000471512443643075023261 0ustar From 2bae8ecf04ec2ba6bb9f0af5b80485dd0edb427d Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 17 Nov 2014 12:48:25 +0100 Subject: [PATCH 3/4] fio.c: Unconditionally require wordexp support --- fio.c | 67 +++++-------------------------------------------------------------- 1 file changed, 5 insertions(+), 62 deletions(-) diff --git a/fio.c b/fio.c index 65e8f10..1529236 100644 --- a/fio.c +++ b/fio.c @@ -43,12 +43,15 @@ static char sccsid[] = "@(#)fio.c 2.76 (gritter) 9/16/09"; #endif /* not lint */ #include "rcv.h" + +#ifndef HAVE_WORDEXP +#error wordexp support is required +#endif + #include #include #include -#ifdef HAVE_WORDEXP #include -#endif /* HAVE_WORDEXP */ #include #if defined (USE_NSS) @@ -481,7 +484,6 @@ next: static char * globname(char *name) { -#ifdef HAVE_WORDEXP wordexp_t we; char *cp; sigset_t nset; @@ -527,65 +529,6 @@ globname(char *name) } wordfree(&we); return cp; -#else /* !HAVE_WORDEXP */ - char xname[PATHSIZE]; - char cmdbuf[PATHSIZE]; /* also used for file names */ - int pid, l; - char *cp, *shell; - int pivec[2]; - extern int wait_status; - struct stat sbuf; - - if (pipe(pivec) < 0) { - perror("pipe"); - return name; - } - snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name); - if ((shell = value("SHELL")) == NULL) - shell = SHELL; - pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL); - if (pid < 0) { - close(pivec[0]); - close(pivec[1]); - return NULL; - } - close(pivec[1]); -again: - l = read(pivec[0], xname, sizeof xname); - if (l < 0) { - if (errno == EINTR) - goto again; - perror("read"); - close(pivec[0]); - return NULL; - } - close(pivec[0]); - if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) { - fprintf(stderr, catgets(catd, CATSET, 81, - "\"%s\": Expansion failed.\n"), name); - return NULL; - } - if (l == 0) { - fprintf(stderr, catgets(catd, CATSET, 82, - "\"%s\": No match.\n"), name); - return NULL; - } - if (l == sizeof xname) { - fprintf(stderr, catgets(catd, CATSET, 83, - "\"%s\": Expansion buffer overflow.\n"), name); - return NULL; - } - xname[l] = 0; - for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--) - ; - cp[1] = '\0'; - if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) { - fprintf(stderr, catgets(catd, CATSET, 84, - "\"%s\": Ambiguous.\n"), name); - return NULL; - } - return savestr(xname); -#endif /* !HAVE_WORDEXP */ } /* -- 1.9.3 debian/patches/0012-unpack-Disable-option-processing-for-email-addresses.patch0000664000000000000000000000423712443643075024364 0ustar From e34e2ac67b80497080ebecccec40c3b61456167d Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 17 Nov 2014 11:14:06 +0100 Subject: [PATCH 2/4] unpack: Disable option processing for email addresses when calling sendmail --- extern.h | 2 +- names.c | 8 ++++++-- sendout.c | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/extern.h b/extern.h index 6b85ba0..8873fe8 100644 --- a/extern.h +++ b/extern.h @@ -396,7 +396,7 @@ struct name *outof(struct name *names, FILE *fo, struct header *hp); int is_fileaddr(char *name); struct name *usermap(struct name *names); struct name *cat(struct name *n1, struct name *n2); -char **unpack(struct name *np); +char **unpack(struct name *smopts, struct name *np); struct name *elide(struct name *names); int count(struct name *np); struct name *delete_alternates(struct name *np); diff --git a/names.c b/names.c index c69560f..45bbaed 100644 --- a/names.c +++ b/names.c @@ -549,7 +549,7 @@ cat(struct name *n1, struct name *n2) * Return an error if the name list won't fit. */ char ** -unpack(struct name *np) +unpack(struct name *smopts, struct name *np) { char **ap, **top; struct name *n; @@ -564,7 +564,7 @@ unpack(struct name *np) * the terminating 0 pointer. Additional spots may be needed * to pass along -f to the host mailer. */ - extra = 2; + extra = 3 + count(smopts); extra++; metoo = value("metoo") != NULL; if (metoo) @@ -581,6 +581,10 @@ unpack(struct name *np) *ap++ = "-m"; if (verbose) *ap++ = "-v"; + for (; smopts != NULL; smopts = smopts->n_flink) + if ((smopts->n_type & GDEL) == 0) + *ap++ = smopts->n_name; + *ap++ = "--"; for (; n != NULL; n = n->n_flink) if ((n->n_type & GDEL) == 0) *ap++ = n->n_name; diff --git a/sendout.c b/sendout.c index 7b7f2eb..c52f15d 100644 --- a/sendout.c +++ b/sendout.c @@ -835,7 +835,7 @@ start_mta(struct name *to, struct name *mailargs, FILE *input, #endif /* HAVE_SOCKETS */ if ((smtp = value("smtp")) == NULL) { - args = unpack(cat(mailargs, to)); + args = unpack(mailargs, to); if (debug || value("debug")) { printf(catgets(catd, CATSET, 181, "Sendmail arguments:")); -- 1.9.3 debian/patches/series0000664000000000000000000000062312443642733012045 0ustar 0001-Don-t-reuse-weak-symbol-optopt-to-fix-FTBFS-on-mips.patch 0002-Patched-out-SSL2-support-since-it-is-no-longer-suppo.patch 0003-Fixed-Lintian-warning-warning-macro-N-not-defined.patch 0011-outof-Introduce-expandaddr-flag.patch 0012-unpack-Disable-option-processing-for-email-addresses.patch 0013-fio.c-Unconditionally-require-wordexp-support.patch 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch debian/patches/0003-Fixed-Lintian-warning-warning-macro-N-not-defined.patch0000664000000000000000000000073112443641401023445 0ustar From: Hilko Bengen Date: Sat, 14 Apr 2012 20:22:43 +0200 Subject: Fixed Lintian warning (warning: macro `N' not defined) --- mailx.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mailx.1 b/mailx.1 index a02e430..b0723bd 100644 --- a/mailx.1 +++ b/mailx.1 @@ -3781,7 +3781,7 @@ you could examine the first message by giving the command: .sp .fi which might cause -.N mailx +.I mailx to respond with, for example: .nf .sp debian/patches/0002-Patched-out-SSL2-support-since-it-is-no-longer-suppo.patch0000664000000000000000000000204512443641401024013 0ustar From: Hilko Bengen Date: Wed, 27 Apr 2011 00:18:42 +0200 Subject: Patched out SSL2 support since it is no longer supported by OpenSSL. --- mailx.1 | 2 +- openssl.c | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/mailx.1 b/mailx.1 index 417ea04..a02e430 100644 --- a/mailx.1 +++ b/mailx.1 @@ -3575,7 +3575,7 @@ Only applicable if SSL/TLS support is built using OpenSSL. .TP .B ssl-method Selects a SSL/TLS protocol version; -valid values are `ssl2', `ssl3', and `tls1'. +valid values are `ssl3', and `tls1'. If unset, the method is selected automatically, if possible. .TP diff --git a/openssl.c b/openssl.c index b4e33fc..44fe4e5 100644 --- a/openssl.c +++ b/openssl.c @@ -216,9 +216,7 @@ ssl_select_method(const char *uhp) cp = ssl_method_string(uhp); if (cp != NULL) { - if (equal(cp, "ssl2")) - method = SSLv2_client_method(); - else if (equal(cp, "ssl3")) + if (equal(cp, "ssl3")) method = SSLv3_client_method(); else if (equal(cp, "tls1")) method = TLSv1_client_method(); debian/patches/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch0000664000000000000000000000121512443643075021364 0ustar From 73fefa0c1ac70043ec84f2d8b8f9f683213f168d Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 17 Nov 2014 13:11:32 +0100 Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771) --- fio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fio.c b/fio.c index 1529236..774a204 100644 --- a/fio.c +++ b/fio.c @@ -497,7 +497,7 @@ globname(char *name) sigemptyset(&nset); sigaddset(&nset, SIGCHLD); sigprocmask(SIG_BLOCK, &nset, NULL); - i = wordexp(name, &we, 0); + i = wordexp(name, &we, WRDE_NOCMD); sigprocmask(SIG_UNBLOCK, &nset, NULL); switch (i) { case 0: -- 1.9.3 debian/patches/0001-Don-t-reuse-weak-symbol-optopt-to-fix-FTBFS-on-mips.patch0000664000000000000000000000240512443641401023521 0ustar From: Luk Claes Date: Sat, 4 Jul 2009 10:54:53 +0200 Subject: Don't reuse weak symbol optopt to fix FTBFS on mips* --- getopt.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/getopt.c b/getopt.c index 83ce628..82e983c 100644 --- a/getopt.c +++ b/getopt.c @@ -43,7 +43,7 @@ typedef int ssize_t; char *optarg; int optind = 1; int opterr = 1; -int optopt; +int optoptc; static void error(const char *s, int c) @@ -69,7 +69,7 @@ error(const char *s, int c) *bp++ = *s++; while (*msg) *bp++ = *msg++; - *bp++ = optopt; + *bp++ = optoptc; *bp++ = '\n'; write(2, buf, bp - buf); ac_free(buf); @@ -101,13 +101,13 @@ getopt(int argc, char *const argv[], const char *optstring) } curp = &argv[optind][1]; } - optopt = curp[0] & 0377; + optoptc = curp[0] & 0377; while (optstring[0]) { if (optstring[0] == ':') { optstring++; continue; } - if ((optstring[0] & 0377) == optopt) { + if ((optstring[0] & 0377) == optoptc) { if (optstring[1] == ':') { if (curp[1] != '\0') { optarg = (char *)&curp[1]; @@ -127,7 +127,7 @@ getopt(int argc, char *const argv[], const char *optstring) optind++; optarg = 0; } - return optopt; + return optoptc; } optstring++; } debian/compat0000664000000000000000000000000212443641767010404 0ustar 5 debian/prerm0000664000000000000000000000020412443641400010232 0ustar #!/bin/sh set -e if [ "$1" = "remove" ]; then update-alternatives --remove "mailx" "/usr/bin/heirloom-mailx" fi #DEBHELPER# debian/source/0000775000000000000000000000000012443641401010467 5ustar debian/source/format0000664000000000000000000000001412443641401011675 0ustar 3.0 (quilt)