testing/heirloom-mailx: new aport

heirloom-mailx is a clone of System V "mailx", based on Berkeley Mail 8.1.

It has been enhanced to provide all the command line options
required by POSIX, as well as several other features:
* support for MIME, S/MIME, and attachments
* support for SMTP(S), POP3(S), and IMAP(S)
* support for maildir-format email archives
... and much  more.

This is updated from CVS to get current OpenSSL compat.
NSS could be used instead of OpenSSL.
Some security fixes from Florian Weimer are included - see
 http://seclists.org/oss-sec/2014/q4/1066

krb5 is used for IMAP authentication over GSS; our libgss doesn't work
(and might not be OK to link with openssl?) and using libgssglue
will probably require some patching of the makefile.

1 files changed, 26 insertions, 0 deletions

diff --git a/testing/heirloom-mailx/0004-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch b/testing/heirloom-mailx/0004-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch
new file mode 100644
index 0000000000..173378f36a
--- /dev/null
+++ b/testing/heirloom-mailx/0004-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch
@@ -0,0 +1,26 @@
+>From 73fefa0c1ac70043ec84f2d8b8f9f683213f168d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer () redhat com>
+Date: Mon, 17 Nov 2014 13:11:32 +0100
+Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771)
+
+---
+ fio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fio.c b/fio.c
+index 1529236..774a204 100644
+--- a/fio.c
++++ b/fio.c
+@@ -497,7 +497,7 @@ globname(char *name)
+ 	sigemptyset(&nset);
+ 	sigaddset(&nset, SIGCHLD);
+ 	sigprocmask(SIG_BLOCK, &nset, NULL);
+-	i = wordexp(name, &we, 0);
++	i = wordexp(name, &we, WRDE_NOCMD);
+ 	sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ 	switch (i) {
+ 	case 0:
+-- 
+1.9.3
+
+