Update heirloom-mailx to 12.5. From maintainer in PR pkg/49492.

Significant changes:
- MASTER_SITES now points at ${MASTER_SITE_DEBIAN:=pool/main/h/heirloom-mailx/}
- LICENSE filled out based on content of COPYING file in source
- addresses CVE-2004-2771 and CVE-2014-7844; address expansion disabled by
  default
- remove SSL2 related code to match state of OpenSSL

13 files changed, 348 insertions, 208 deletions

diff --git a/mail/heirloom-mailx/Makefile b/mail/heirloom-mailx/Makefile
index 009c07c076b..5f6066ca5fd 100644
--- a/mail/heirloom-mailx/Makefile
+++ b/mail/heirloom-mailx/Makefile
@@ -1,16 +1,18 @@
-# $NetBSD: Makefile,v 1.6 2014/02/12 23:18:07 tron Exp $
+# $NetBSD: Makefile,v 1.7 2014/12/28 14:16:14 bsiegert Exp $
 #
 
-DISTNAME=	mailx-12.4
-PKGNAME=	heirloom-${DISTNAME}
-PKGREVISION=	3
+DISTNAME=	heirloom-mailx_12.5.orig
+PKGNAME=	heirloom-mailx-12.5
 CATEGORIES=	mail
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=heirloom/}
-EXTRACT_SUFX=	.tar.bz2
+MASTER_SITES=	${MASTER_SITE_DEBIAN:=pool/main/h/heirloom-mailx/}
+EXTRACT_SUFX=	.tar.gz
 
-MAINTAINER=	jgw@freeshell.org
+MAINTAINER=	jgw@sdf.org
 HOMEPAGE=	http://heirloom.sourceforge.net/mailx.html
 COMMENT=	BSD mail utility with MIME extensions
+LICENSE=	 original-bsd AND osl AND mpl1.1
+
+WRKSRC=		${WRKDIR}/heirloom-mailx-12.5
 
 MAKE_JOBS_SAFE=		no
 
@@ -50,7 +52,6 @@ CONF_FILES=	${EGDIR}/nail.rc ${PKG_SYSCONFDIR}/nail.rc
 
 post-install:
 	${INSTALL_DATA_DIR} ${DESTDIR}${DOCDIR}
-	${INSTALL_DATA} ${WRKSRC}/mailx.1.html ${DESTDIR}${DOCDIR}
 
 .include "../../converters/libiconv/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
diff --git a/mail/heirloom-mailx/PLIST b/mail/heirloom-mailx/PLIST
index 74028b32ca8..069ea88861b 100644
--- a/mail/heirloom-mailx/PLIST
+++ b/mail/heirloom-mailx/PLIST
@@ -1,5 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2009/06/14 18:04:34 joerg Exp $
+@comment $NetBSD: PLIST,v 1.3 2014/12/28 14:16:14 bsiegert Exp $
 bin/mailx
 man/man1/mailx.1
-share/doc/mailx/mailx.1.html
 share/examples/mailx/nail.rc
diff --git a/mail/heirloom-mailx/distinfo b/mail/heirloom-mailx/distinfo
index 4ef29c95851..3767f055fe9 100644
--- a/mail/heirloom-mailx/distinfo
+++ b/mail/heirloom-mailx/distinfo
@@ -1,11 +1,15 @@
-$NetBSD: distinfo,v 1.2 2011/10/01 11:49:19 shattered Exp $
+$NetBSD: distinfo,v 1.3 2014/12/28 14:16:14 bsiegert Exp $
 
-SHA1 (mailx-12.4.tar.bz2) = b1e105adf9d36269daf317dedf68b6e4cca404a7
-RMD160 (mailx-12.4.tar.bz2) = 8244d04d0a0058fdbe9867ca503c7cda8d580154
-Size (mailx-12.4.tar.bz2) = 271482 bytes
-SHA1 (patch-aa) = 797ebb4b536f6576112bb1a0ba871298d21b0a2b
-SHA1 (patch-ab) = 604a85e40301ff38b8bf28bcca337469f784eeaf
+SHA1 (heirloom-mailx_12.5.orig.tar.gz) = 2fa7f300dea7747e5880d61fd691a103d70863ba
+RMD160 (heirloom-mailx_12.5.orig.tar.gz) = 9722c9ecd2cae6b2b47a598e5c32544c1320502f
+Size (heirloom-mailx_12.5.orig.tar.gz) = 324085 bytes
 SHA1 (patch-ac) = cb9d4b12f26bb5f90947e1dbcb06960de8144f11
 SHA1 (patch-ae) = 257317452b39d0b609885c637242145cf4e04c4d
-SHA1 (patch-af) = 22676bcb00593de777cf897c450e14130f3f0616
 SHA1 (patch-ag) = 20e3429d4f1164c5235a23c8ab772ff2b7fa7951
+SHA1 (patch-extern.h) = 1595b01d8331b366929d2598637f64082c5bd3d6
+SHA1 (patch-fio.c) = 0f850a28fb7c6d511af8b398eda283068b80d00f
+SHA1 (patch-getopt.c) = b238221ae17fdc7285febd1e9209ac9acac92069
+SHA1 (patch-mailx.1) = 070ae8af60dc22d0acc1c68caf66384ff390379e
+SHA1 (patch-names.c) = 5a7f4bd255f30a425114b5371430012079511d88
+SHA1 (patch-openssl.c) = 45160c726bc93382a2455c44947ca6c4cc9e8a12
+SHA1 (patch-sendout.c) = 1270c454ec7956ef4c3c3f3f71e847928bbbd2e3
diff --git a/mail/heirloom-mailx/patches/patch-aa b/mail/heirloom-mailx/patches/patch-aa
deleted file mode 100644
index ca59e884da4..00000000000
--- a/mail/heirloom-mailx/patches/patch-aa
+++ /dev/null
@@ -1,39 +0,0 @@
-$NetBSD: patch-aa,v 1.1 2011/10/01 11:49:20 shattered Exp $
-
---- makeconfig.orig	2007-04-14 15:24:28.000000000 +0000
-+++ makeconfig
-@@ -1,7 +1,7 @@
- #!/bin/sh
- 
- #
--# Sccsid @(#)makeconfig	1.43 (gritter) 4/14/07
-+# Sccsid @(#)makeconfig	1.44 (gritter) 5/26/09
- #
- 
- tmp=___build$$
-@@ -393,6 +393,25 @@ CERTAltNameEncodedContext	foo;
- !
- fi
- 
-+if test x$have_openssl = xyes
-+then
-+	compile_check stack_of 'for STACK_OF()' '#define HAVE_STACK_OF' <<\!
-+#include <openssl/ssl.h>
-+#include <openssl/err.h>
-+#include <openssl/x509v3.h>
-+#include <openssl/x509.h>
-+#include <openssl/rand.h>
-+
-+int main(void)
-+{
-+	STACK_OF(GENERAL_NAME)	*gens = NULL;
-+	printf("%p", gens);	/* to make it used */
-+	SSLv23_client_method();
-+	PEM_read_PrivateKey(0, 0, 0, 0);
-+	return 0;
-+}
-+!
-+fi
- 
- cat >$tmp2.c <<\!
- #include <gssapi/gssapi.h>
diff --git a/mail/heirloom-mailx/patches/patch-ab b/mail/heirloom-mailx/patches/patch-ab
deleted file mode 100644
index 4a48e5f02ca..00000000000
--- a/mail/heirloom-mailx/patches/patch-ab
+++ /dev/null
@@ -1,132 +0,0 @@
-$NetBSD: patch-ab,v 1.1 2011/10/01 11:49:20 shattered Exp $
-
---- openssl.c.orig	2007-08-04 11:38:03.000000000 +0000
-+++ openssl.c
-@@ -38,7 +38,7 @@
- 
- #ifndef lint
- #ifdef	DOSCCS
--static char sccsid[] = "@(#)openssl.c	1.25 (gritter) 8/4/07";
-+static char sccsid[] = "@(#)openssl.c	1.26 (gritter) 5/26/09";
- #endif
- #endif /* not lint */
- 
-@@ -101,12 +101,17 @@ static void sslcatch(int s);
- static int ssl_rand_init(void);
- static void ssl_init(void);
- static int ssl_verify_cb(int success, X509_STORE_CTX *store);
--static SSL_METHOD *ssl_select_method(const char *uhp);
-+static const SSL_METHOD *ssl_select_method(const char *uhp);
- static void ssl_load_verifications(struct sock *sp);
- static void ssl_certificate(struct sock *sp, const char *uhp);
- static enum okay ssl_check_host(const char *server, struct sock *sp);
-+#ifdef HAVE_STACK_OF
-+static int smime_verify(struct message *m, int n, STACK_OF(X509) *chain,
-+		X509_STORE *store);
-+#else
- static int smime_verify(struct message *m, int n, STACK *chain,
- 		X509_STORE *store);
-+#endif
- static EVP_CIPHER *smime_cipher(const char *name);
- static int ssl_password_cb(char *buf, int size, int rwflag, void *userdata);
- static FILE *smime_sign_cert(const char *xname, const char *xname2, int warn);
-@@ -203,10 +208,10 @@ ssl_verify_cb(int success, X509_STORE_CT
- 	return 1;
- }
- 
--static SSL_METHOD *
-+static const SSL_METHOD *
- ssl_select_method(const char *uhp)
- {
--	SSL_METHOD *method;
-+	const SSL_METHOD *method;
- 	char	*cp;
- 
- 	cp = ssl_method_string(uhp);
-@@ -308,7 +313,11 @@ ssl_check_host(const char *server, struc
- 	X509 *cert;
- 	X509_NAME *subj;
- 	char data[256];
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(GENERAL_NAME)	*gens;
-+#else
- 	/*GENERAL_NAMES*/STACK	*gens;
-+#endif
- 	GENERAL_NAME	*gen;
- 	int	i;
- 
-@@ -357,7 +366,8 @@ ssl_open(const char *server, struct sock
- 
- 	ssl_init();
- 	ssl_set_vrfy_level(uhp);
--	if ((sp->s_ctx = SSL_CTX_new(ssl_select_method(uhp))) == NULL) {
-+	if ((sp->s_ctx =
-+	     SSL_CTX_new((SSL_METHOD *)ssl_select_method(uhp))) == NULL) {
- 		ssl_gen_err(catgets(catd, CATSET, 261, "SSL_CTX_new() failed"));
- 		return STOP;
- 	}
-@@ -496,7 +506,11 @@ smime_sign(FILE *ip, struct header *head
- }
- 
- static int
-+#ifdef HAVE_STACK_OF
-+smime_verify(struct message *m, int n, STACK_OF(X509) *chain, X509_STORE *store)
-+#else
- smime_verify(struct message *m, int n, STACK *chain, X509_STORE *store)
-+#endif
- {
- 	struct message	*x;
- 	char	*cp, *sender, *to, *cc, *cnttype;
-@@ -505,7 +519,12 @@ smime_verify(struct message *m, int n, S
- 	off_t	size;
- 	BIO	*fb, *pb;
- 	PKCS7	*pkcs7;
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(X509)	*certs;
-+	STACK_OF(GENERAL_NAME)	*gens;
-+#else
- 	STACK	*certs, *gens;
-+#endif
- 	X509	*cert;
- 	X509_NAME	*subj;
- 	char	data[LINESIZE];
-@@ -614,7 +633,11 @@ cverify(void *vp)
- {
- 	int	*msgvec = vp, *ip;
- 	int	ec = 0;
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(X509)	*chain = NULL;
-+#else
- 	STACK	*chain = NULL;
-+#endif
- 	X509_STORE	*store;
- 	char	*ca_dir, *ca_file;
- 
-@@ -687,7 +710,11 @@ smime_encrypt(FILE *ip, const char *cert
- 	X509	*cert;
- 	PKCS7	*pkcs7;
- 	BIO	*bb, *yb;
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(X509)	*certs;
-+#else
- 	STACK	*certs;
-+#endif
- 	EVP_CIPHER	*cipher;
- 
- 	certfile = expand((char *)certfile);
-@@ -950,9 +977,14 @@ smime_certsave(struct message *m, int n,
- 	off_t	size;
- 	BIO	*fb, *pb;
- 	PKCS7	*pkcs7;
-+#ifdef HAVE_STACK_OF
-+	STACK_OF(X509)	*certs;
-+	STACK_OF(X509)	*chain = NULL;
-+#else
- 	STACK	*certs;
--	X509	*cert;
- 	STACK	*chain = NULL;
-+#endif
-+	X509	*cert;
- 	enum okay	ok = OKAY;
- 
- 	message_number = n;
diff --git a/mail/heirloom-mailx/patches/patch-af b/mail/heirloom-mailx/patches/patch-af
deleted file mode 100644
index 32e02a29d83..00000000000
--- a/mail/heirloom-mailx/patches/patch-af
+++ /dev/null
@@ -1,20 +0,0 @@
-$NetBSD: patch-af,v 1.1.1.1 2008/10/30 13:01:00 obache Exp $
-
---- sendout.c.orig	2008-07-04 06:09:57.000000000 +0000
-+++ sendout.c
-@@ -51,6 +51,15 @@ static char sccsid[] = "@(#)sendout.c	2.
- #include <time.h>
- #include "md5.h"
- 
-+#ifdef HAVE_PATHS_H
-+#include <paths.h>
-+#endif
-+
-+#ifdef _PATH_SENDMAIL
-+#undef SENDMAIL
-+#define SENDMAIL _PATH_SENDMAIL
-+#endif
-+
- /*
-  * Mail -- a mail program
-  *
diff --git a/mail/heirloom-mailx/patches/patch-extern.h b/mail/heirloom-mailx/patches/patch-extern.h
new file mode 100644
index 00000000000..7d2124065a3
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-extern.h
@@ -0,0 +1,16 @@
+$NetBSD: patch-extern.h,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- unpack: disable option processing for email addresses when calling sendmail
+
+--- extern.h.orig	2011-04-26 21:23:22.000000000 +0000
++++ extern.h
+@@ -396,7 +396,7 @@ struct name *outof(struct name *names, F
+ int is_fileaddr(char *name);
+ struct name *usermap(struct name *names);
+ struct name *cat(struct name *n1, struct name *n2);
+-char **unpack(struct name *np);
++char **unpack(struct name *smopts, struct name *np);
+ struct name *elide(struct name *names);
+ int count(struct name *np);
+ struct name *delete_alternates(struct name *np);
diff --git a/mail/heirloom-mailx/patches/patch-fio.c b/mail/heirloom-mailx/patches/patch-fio.c
new file mode 100644
index 00000000000..b8dc2f6562d
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-fio.c
@@ -0,0 +1,109 @@
+$NetBSD: patch-fio.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- fioc: unconditionally require wordexp support
+- globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771)
+
+--- fio.c.orig	2011-04-26 21:23:22.000000000 +0000
++++ fio.c
+@@ -43,12 +43,15 @@ static char sccsid[] = "@(#)fio.c	2.76 (
+ #endif /* not lint */
+ 
+ #include "rcv.h"
++
++#ifndef HAVE_WORDEXP
++#error wordexp support is required
++#endif
++
+ #include <sys/stat.h>
+ #include <sys/file.h>
+ #include <sys/wait.h>
+-#ifdef	HAVE_WORDEXP
+ #include <wordexp.h>
+-#endif	/* HAVE_WORDEXP */
+ #include <unistd.h>
+ 
+ #if defined (USE_NSS)
+@@ -481,7 +484,6 @@ next:
+ static char *
+ globname(char *name)
+ {
+-#ifdef	HAVE_WORDEXP
+ 	wordexp_t we;
+ 	char *cp;
+ 	sigset_t nset;
+@@ -495,7 +497,7 @@ globname(char *name)
+ 	sigemptyset(&nset);
+ 	sigaddset(&nset, SIGCHLD);
+ 	sigprocmask(SIG_BLOCK, &nset, NULL);
+-	i = wordexp(name, &we, 0);
++        i = wordexp(name, &we, WRDE_NOCMD);
+ 	sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ 	switch (i) {
+ 	case 0:
+@@ -527,65 +529,6 @@ globname(char *name)
+ 	}
+ 	wordfree(&we);
+ 	return cp;
+-#else	/* !HAVE_WORDEXP */
+-	char xname[PATHSIZE];
+-	char cmdbuf[PATHSIZE];		/* also used for file names */
+-	int pid, l;
+-	char *cp, *shell;
+-	int pivec[2];
+-	extern int wait_status;
+-	struct stat sbuf;
+-
+-	if (pipe(pivec) < 0) {
+-		perror("pipe");
+-		return name;
+-	}
+-	snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
+-	if ((shell = value("SHELL")) == NULL)
+-		shell = SHELL;
+-	pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
+-	if (pid < 0) {
+-		close(pivec[0]);
+-		close(pivec[1]);
+-		return NULL;
+-	}
+-	close(pivec[1]);
+-again:
+-	l = read(pivec[0], xname, sizeof xname);
+-	if (l < 0) {
+-		if (errno == EINTR)
+-			goto again;
+-		perror("read");
+-		close(pivec[0]);
+-		return NULL;
+-	}
+-	close(pivec[0]);
+-	if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
+-		fprintf(stderr, catgets(catd, CATSET, 81,
+-				"\"%s\": Expansion failed.\n"), name);
+-		return NULL;
+-	}
+-	if (l == 0) {
+-		fprintf(stderr, catgets(catd, CATSET, 82,
+-					"\"%s\": No match.\n"), name);
+-		return NULL;
+-	}
+-	if (l == sizeof xname) {
+-		fprintf(stderr, catgets(catd, CATSET, 83,
+-				"\"%s\": Expansion buffer overflow.\n"), name);
+-		return NULL;
+-	}
+-	xname[l] = 0;
+-	for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
+-		;
+-	cp[1] = '\0';
+-	if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
+-		fprintf(stderr, catgets(catd, CATSET, 84,
+-				"\"%s\": Ambiguous.\n"), name);
+-		return NULL;
+-	}
+-	return savestr(xname);
+-#endif	/* !HAVE_WORDEXP */
+ }
+ 
+ /*
diff --git a/mail/heirloom-mailx/patches/patch-getopt.c b/mail/heirloom-mailx/patches/patch-getopt.c
new file mode 100644
index 00000000000..3173f2be98e
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-getopt.c
@@ -0,0 +1,50 @@
+$NetBSD: patch-getopt.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- don't reuse weak symbol optopt to fix FTBFS on mips*
+
+--- getopt.c.orig	2011-04-26 21:23:22.000000000 +0000
++++ getopt.c
+@@ -43,7 +43,7 @@ typedef	int	ssize_t;
+ char	*optarg;
+ int	optind = 1;
+ int	opterr = 1;
+-int	optopt;
++int	optoptc;
+ 
+ static void
+ error(const char *s, int c)
+@@ -69,7 +69,7 @@ error(const char *s, int c)
+ 		*bp++ = *s++;
+ 	while (*msg)
+ 		*bp++ = *msg++;
+-	*bp++ = optopt;
++	*bp++ = optoptc;
+ 	*bp++ = '\n';
+ 	write(2, buf, bp - buf);
+ 	ac_free(buf);
+@@ -101,13 +101,13 @@ getopt(int argc, char *const argv[], con
+ 		}
+ 		curp = &argv[optind][1];
+ 	}
+-	optopt = curp[0] & 0377;
++	optoptc = curp[0] & 0377;
+ 	while (optstring[0]) {
+ 		if (optstring[0] == ':') {
+ 			optstring++;
+ 			continue;
+ 		}
+-		if ((optstring[0] & 0377) == optopt) {
++		if ((optstring[0] & 0377) == optoptc) {
+ 			if (optstring[1] == ':') {
+ 				if (curp[1] != '\0') {
+ 					optarg = (char *)&curp[1];
+@@ -127,7 +127,7 @@ getopt(int argc, char *const argv[], con
+ 					optind++;
+ 				optarg = 0;
+ 			}
+-			return optopt;
++			return optoptc;
+ 		}
+ 		optstring++;
+ 	}
diff --git a/mail/heirloom-mailx/patches/patch-mailx.1 b/mail/heirloom-mailx/patches/patch-mailx.1
new file mode 100644
index 00000000000..bc7639e05ba
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-mailx.1
@@ -0,0 +1,58 @@
+$NetBSD: patch-mailx.1,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- remove SSL2 references since it is no longer supported by OpenSSL.
+- fixed Lintian warning (warning: macro `N' not defined)
+- document that address expansion is disabled unless the expandaddr binary
+  option is set.  This has been assigned CVE-2014-7844 for BSD mailx, but it
+  is not a vulnerability in Heirloom mailx because this feature was documented.
+
+
+--- mailx.1.orig	2011-04-26 21:23:22.000000000 +0000
++++ mailx.1
+@@ -656,6 +656,14 @@ but any reply returned to the machine
+ will have the system wide alias expanded
+ as all mail goes through sendmail.
+ .SS "Recipient address specifications"
++If the
++.I expandaddr
++option is not set (the default), recipient addresses must be names of
++local mailboxes or Internet mail addresses.
++.PP
++If the
++.I expandaddr
++option is set, the following rules apply:
+ When an address is used to name a recipient
+ (in any of To, Cc, or Bcc),
+ names of local mail folders
+@@ -2391,6 +2399,12 @@ and exits immediately.
+ If this option is set,
+ \fImailx\fR starts even with an empty mailbox.
+ .TP
++.B expandaddr
++Causes
++.I mailx
++to expand message recipient addresses, as explained in the section,
++Recipient address specifications.
++.TP
+ .B flipr
+ Exchanges the
+ .I Respond
+@@ -3575,7 +3589,7 @@ Only applicable if SSL/TLS support is bu
+ .TP
+ .B ssl-method
+ Selects a SSL/TLS protocol version;
+-valid values are `ssl2', `ssl3', and `tls1'.
++valid values are `ssl3', and `tls1'.
+ If unset, the method is selected automatically,
+ if possible.
+ .TP
+@@ -3781,7 +3795,7 @@ you could examine the first message by g
+ .sp
+ .fi
+ which might cause
+-.N mailx
++.I mailx
+ to respond with, for example:
+ .nf
+ .sp
diff --git a/mail/heirloom-mailx/patches/patch-names.c b/mail/heirloom-mailx/patches/patch-names.c
new file mode 100644
index 00000000000..b81d762790d
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-names.c
@@ -0,0 +1,42 @@
+$NetBSD: patch-names.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- document that address expansion is disabled unless the expandaddr
+  binary option is set.  This has been assigned CVE-2014-7844 for
+  BSD mailx, but it is not a vulnerability in Heirloom mailx because
+  this feature was documented.
+
+- disable option processing for email addresses when calling sendmail
+
+Change "send-mail" to "sendmail" to match /etc/mailer.conf
+
+--- names.c.orig	2011-04-26 21:23:22.000000000 +0000
++++ names.c
+@@ -268,6 +268,9 @@ outof(struct name *names, FILE *fo, stru
+ 	FILE *fout, *fin;
+ 	int ispipe;
+ 
++        if (value("expandaddr") == NULL)
++                return names;
++
+ 	top = names;
+ 	np = names;
+ 	time(&now);
+@@ -546,7 +549,7 @@ cat(struct name *n1, struct name *n2)
+  * Return an error if the name list won't fit.
+  */
+ char **
+-unpack(struct name *np)
++unpack(struct name *smopts, struct name *np)
+ {
+ 	char **ap, **top;
+ 	struct name *n;
+@@ -572,7 +575,7 @@ unpack(struct name *np)
+ 	/*LINTED*/
+ 	top = (char **)salloc((t + extra) * sizeof *top);
+ 	ap = top;
+-	*ap++ = "send-mail";
++	*ap++ = "sendmail";
+ 	*ap++ = "-i";
+ 	if (metoo)
+ 		*ap++ = "-m";
diff --git a/mail/heirloom-mailx/patches/patch-openssl.c b/mail/heirloom-mailx/patches/patch-openssl.c
new file mode 100644
index 00000000000..f7bc293409b
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-openssl.c
@@ -0,0 +1,18 @@
+$NetBSD: patch-openssl.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- remove SSL2 support since it is no longer supported by OpenSSL.
+
+--- openssl.c.orig	2011-04-26 21:23:22.000000000 +0000
++++ openssl.c
+@@ -216,9 +216,7 @@ ssl_select_method(const char *uhp)
+ 
+ 	cp = ssl_method_string(uhp);
+ 	if (cp != NULL) {
+-		if (equal(cp, "ssl2"))
+-			method = SSLv2_client_method();
+-		else if (equal(cp, "ssl3"))
++		if (equal(cp, "ssl3"))
+ 			method = SSLv3_client_method();
+ 		else if (equal(cp, "tls1"))
+ 			method = TLSv1_client_method();
diff --git a/mail/heirloom-mailx/patches/patch-sendout.c b/mail/heirloom-mailx/patches/patch-sendout.c
new file mode 100644
index 00000000000..d6f739e3b1e
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-sendout.c
@@ -0,0 +1,34 @@
+$NetBSD: patch-sendout.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- disable option processing for email addresses when calling sendmail
+
+Ref: patch-af,v 1.1.1.1 2008/10/30 13:01:00 obache
+
+--- sendout.c.orig	2011-04-26 21:23:22.000000000 +0000
++++ sendout.c
+@@ -51,6 +51,15 @@ static char sccsid[] = "@(#)sendout.c	2.
+ #include <time.h>
+ #include "md5.h"
+ 
++#ifdef HAVE_PATHS_H
++#include <paths.h>
++#endif
++
++#ifdef _PATH_SENDMAIL
++#undef SENDMAIL
++#define SENDMAIL _PATH_SENDMAIL
++#endif
++
+ /*
+  * Mail -- a mail program
+  *
+@@ -835,7 +844,7 @@ start_mta(struct name *to, struct name *
+ #endif	/* HAVE_SOCKETS */
+ 
+ 	if ((smtp = value("smtp")) == NULL) {
+-		args = unpack(cat(mailargs, to));
++                args = unpack(mailargs, to);
+ 		if (debug || value("debug")) {
+ 			printf(catgets(catd, CATSET, 181,
+ 					"Sendmail arguments:"));