aboutsummaryrefslogtreecommitdiffstats
path: root/testing/heirloom-mailx/0001-outof-Introduce-expandaddr-flag.patch
diff options
context:
space:
mode:
authorIsaac Dunham <ibid.ag@gmail.com>2015-01-27 21:35:30 -0800
committerNatanael Copa <ncopa@alpinelinux.org>2015-01-30 10:14:12 +0000
commit61ff788630422f3a99da03034c34e0a5d0c24910 (patch)
treea3993005aa5d1f0b868a3c272e4cec3c3b38ea03 /testing/heirloom-mailx/0001-outof-Introduce-expandaddr-flag.patch
parenta1bb1663fd7682effa65665509b72eb834eb3516 (diff)
downloadaports-61ff788630422f3a99da03034c34e0a5d0c24910.tar.bz2
aports-61ff788630422f3a99da03034c34e0a5d0c24910.tar.xz
testing/heirloom-mailx: new aport
heirloom-mailx is a clone of System V "mailx", based on Berkeley Mail 8.1. It has been enhanced to provide all the command line options required by POSIX, as well as several other features: * support for MIME, S/MIME, and attachments * support for SMTP(S), POP3(S), and IMAP(S) * support for maildir-format email archives ... and much more. This is updated from CVS to get current OpenSSL compat. NSS could be used instead of OpenSSL. Some security fixes from Florian Weimer are included - see http://seclists.org/oss-sec/2014/q4/1066 krb5 is used for IMAP authentication over GSS; our libgss doesn't work (and might not be OK to link with openssl?) and using libgssglue will probably require some patching of the makefile.
Diffstat (limited to 'testing/heirloom-mailx/0001-outof-Introduce-expandaddr-flag.patch')
-rw-r--r--testing/heirloom-mailx/0001-outof-Introduce-expandaddr-flag.patch65
1 files changed, 65 insertions, 0 deletions
diff --git a/testing/heirloom-mailx/0001-outof-Introduce-expandaddr-flag.patch b/testing/heirloom-mailx/0001-outof-Introduce-expandaddr-flag.patch
new file mode 100644
index 0000000000..c56e8a79a7
--- /dev/null
+++ b/testing/heirloom-mailx/0001-outof-Introduce-expandaddr-flag.patch
@@ -0,0 +1,65 @@
+>From 9984ae5cb0ea0d61df1612b06952a61323c083d9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer () redhat com>
+Date: Mon, 17 Nov 2014 11:13:38 +0100
+Subject: [PATCH 1/4] outof: Introduce expandaddr flag
+
+Document that address expansion is disabled unless the expandaddr
+binary option is set.
+
+This has been assigned CVE-2014-7844 for BSD mailx, but it is not
+a vulnerability in Heirloom mailx because this feature was documented.
+---
+ mailx.1 | 14 ++++++++++++++
+ names.c | 3 +++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/mailx.1 b/mailx.1
+index 70a7859..22a171b 100644
+--- a/mailx.1
++++ b/mailx.1
+@@ -656,6 +656,14 @@ but any reply returned to the machine
+ will have the system wide alias expanded
+ as all mail goes through sendmail.
+ .SS "Recipient address specifications"
++If the
++.I expandaddr
++option is not set (the default), recipient addresses must be names of
++local mailboxes or Internet mail addresses.
++.PP
++If the
++.I expandaddr
++option is set, the following rules apply:
+ When an address is used to name a recipient
+ (in any of To, Cc, or Bcc),
+ names of local mail folders
+@@ -2391,6 +2399,12 @@ and exits immediately.
+ If this option is set,
+ \fImailx\fR starts even with an empty mailbox.
+ .TP
++.B expandaddr
++Causes
++.I mailx
++to expand message recipient addresses, as explained in the section,
++Recipient address specifications.
++.TP
+ .B flipr
+ Exchanges the
+ .I Respond
+diff --git a/names.c b/names.c
+index 66e976b..c69560f 100644
+--- a/names.c
++++ b/names.c
+@@ -268,6 +268,9 @@ outof(struct name *names, FILE *fo, struct header *hp)
+ FILE *fout, *fin;
+ int ispipe;
+
++ if (value("expandaddr") == NULL)
++ return names;
++
+ top = names;
+ np = names;
+ time(&now);
+--
+1.9.3
+
+