summaryrefslogtreecommitdiff
path: root/mail
diff options
context:
space:
mode:
authorbsiegert <bsiegert@pkgsrc.org>2014-12-28 14:16:14 +0000
committerbsiegert <bsiegert@pkgsrc.org>2014-12-28 14:16:14 +0000
commit421a14e0471114e17c79ef1a34f6441dc0ef4cbd (patch)
tree9f93e4155d5d0a59e2a350099e95c520c9c7ebe9 /mail
parent546f37ecf04890c6473e9741cd711c99e6da4733 (diff)
downloadpkgsrc-421a14e0471114e17c79ef1a34f6441dc0ef4cbd.tar.gz
Update heirloom-mailx to 12.5. From maintainer in PR pkg/49492.
Significant changes: - MASTER_SITES now points at ${MASTER_SITE_DEBIAN:=pool/main/h/heirloom-mailx/} - LICENSE filled out based on content of COPYING file in source - addresses CVE-2004-2771 and CVE-2014-7844; address expansion disabled by default - remove SSL2 related code to match state of OpenSSL
Diffstat (limited to 'mail')
-rw-r--r--mail/heirloom-mailx/Makefile17
-rw-r--r--mail/heirloom-mailx/PLIST3
-rw-r--r--mail/heirloom-mailx/distinfo18
-rw-r--r--mail/heirloom-mailx/patches/patch-aa39
-rw-r--r--mail/heirloom-mailx/patches/patch-ab132
-rw-r--r--mail/heirloom-mailx/patches/patch-af20
-rw-r--r--mail/heirloom-mailx/patches/patch-extern.h16
-rw-r--r--mail/heirloom-mailx/patches/patch-fio.c109
-rw-r--r--mail/heirloom-mailx/patches/patch-getopt.c50
-rw-r--r--mail/heirloom-mailx/patches/patch-mailx.158
-rw-r--r--mail/heirloom-mailx/patches/patch-names.c42
-rw-r--r--mail/heirloom-mailx/patches/patch-openssl.c18
-rw-r--r--mail/heirloom-mailx/patches/patch-sendout.c34
13 files changed, 348 insertions, 208 deletions
diff --git a/mail/heirloom-mailx/Makefile b/mail/heirloom-mailx/Makefile
index 009c07c076b..5f6066ca5fd 100644
--- a/mail/heirloom-mailx/Makefile
+++ b/mail/heirloom-mailx/Makefile
@@ -1,16 +1,18 @@
-# $NetBSD: Makefile,v 1.6 2014/02/12 23:18:07 tron Exp $
+# $NetBSD: Makefile,v 1.7 2014/12/28 14:16:14 bsiegert Exp $
#
-DISTNAME= mailx-12.4
-PKGNAME= heirloom-${DISTNAME}
-PKGREVISION= 3
+DISTNAME= heirloom-mailx_12.5.orig
+PKGNAME= heirloom-mailx-12.5
CATEGORIES= mail
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=heirloom/}
-EXTRACT_SUFX= .tar.bz2
+MASTER_SITES= ${MASTER_SITE_DEBIAN:=pool/main/h/heirloom-mailx/}
+EXTRACT_SUFX= .tar.gz
-MAINTAINER= jgw@freeshell.org
+MAINTAINER= jgw@sdf.org
HOMEPAGE= http://heirloom.sourceforge.net/mailx.html
COMMENT= BSD mail utility with MIME extensions
+LICENSE= original-bsd AND osl AND mpl1.1
+
+WRKSRC= ${WRKDIR}/heirloom-mailx-12.5
MAKE_JOBS_SAFE= no
@@ -50,7 +52,6 @@ CONF_FILES= ${EGDIR}/nail.rc ${PKG_SYSCONFDIR}/nail.rc
post-install:
${INSTALL_DATA_DIR} ${DESTDIR}${DOCDIR}
- ${INSTALL_DATA} ${WRKSRC}/mailx.1.html ${DESTDIR}${DOCDIR}
.include "../../converters/libiconv/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
diff --git a/mail/heirloom-mailx/PLIST b/mail/heirloom-mailx/PLIST
index 74028b32ca8..069ea88861b 100644
--- a/mail/heirloom-mailx/PLIST
+++ b/mail/heirloom-mailx/PLIST
@@ -1,5 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2009/06/14 18:04:34 joerg Exp $
+@comment $NetBSD: PLIST,v 1.3 2014/12/28 14:16:14 bsiegert Exp $
bin/mailx
man/man1/mailx.1
-share/doc/mailx/mailx.1.html
share/examples/mailx/nail.rc
diff --git a/mail/heirloom-mailx/distinfo b/mail/heirloom-mailx/distinfo
index 4ef29c95851..3767f055fe9 100644
--- a/mail/heirloom-mailx/distinfo
+++ b/mail/heirloom-mailx/distinfo
@@ -1,11 +1,15 @@
-$NetBSD: distinfo,v 1.2 2011/10/01 11:49:19 shattered Exp $
+$NetBSD: distinfo,v 1.3 2014/12/28 14:16:14 bsiegert Exp $
-SHA1 (mailx-12.4.tar.bz2) = b1e105adf9d36269daf317dedf68b6e4cca404a7
-RMD160 (mailx-12.4.tar.bz2) = 8244d04d0a0058fdbe9867ca503c7cda8d580154
-Size (mailx-12.4.tar.bz2) = 271482 bytes
-SHA1 (patch-aa) = 797ebb4b536f6576112bb1a0ba871298d21b0a2b
-SHA1 (patch-ab) = 604a85e40301ff38b8bf28bcca337469f784eeaf
+SHA1 (heirloom-mailx_12.5.orig.tar.gz) = 2fa7f300dea7747e5880d61fd691a103d70863ba
+RMD160 (heirloom-mailx_12.5.orig.tar.gz) = 9722c9ecd2cae6b2b47a598e5c32544c1320502f
+Size (heirloom-mailx_12.5.orig.tar.gz) = 324085 bytes
SHA1 (patch-ac) = cb9d4b12f26bb5f90947e1dbcb06960de8144f11
SHA1 (patch-ae) = 257317452b39d0b609885c637242145cf4e04c4d
-SHA1 (patch-af) = 22676bcb00593de777cf897c450e14130f3f0616
SHA1 (patch-ag) = 20e3429d4f1164c5235a23c8ab772ff2b7fa7951
+SHA1 (patch-extern.h) = 1595b01d8331b366929d2598637f64082c5bd3d6
+SHA1 (patch-fio.c) = 0f850a28fb7c6d511af8b398eda283068b80d00f
+SHA1 (patch-getopt.c) = b238221ae17fdc7285febd1e9209ac9acac92069
+SHA1 (patch-mailx.1) = 070ae8af60dc22d0acc1c68caf66384ff390379e
+SHA1 (patch-names.c) = 5a7f4bd255f30a425114b5371430012079511d88
+SHA1 (patch-openssl.c) = 45160c726bc93382a2455c44947ca6c4cc9e8a12
+SHA1 (patch-sendout.c) = 1270c454ec7956ef4c3c3f3f71e847928bbbd2e3
diff --git a/mail/heirloom-mailx/patches/patch-aa b/mail/heirloom-mailx/patches/patch-aa
deleted file mode 100644
index ca59e884da4..00000000000
--- a/mail/heirloom-mailx/patches/patch-aa
+++ /dev/null
@@ -1,39 +0,0 @@
-$NetBSD: patch-aa,v 1.1 2011/10/01 11:49:20 shattered Exp $
-
---- makeconfig.orig 2007-04-14 15:24:28.000000000 +0000
-+++ makeconfig
-@@ -1,7 +1,7 @@
- #!/bin/sh
-
- #
--# Sccsid @(#)makeconfig 1.43 (gritter) 4/14/07
-+# Sccsid @(#)makeconfig 1.44 (gritter) 5/26/09
- #
-
- tmp=___build$$
-@@ -393,6 +393,25 @@ CERTAltNameEncodedContext foo;
- !
- fi
-
-+if test x$have_openssl = xyes
-+then
-+ compile_check stack_of 'for STACK_OF()' '#define HAVE_STACK_OF' <<\!
-+#include <openssl/ssl.h>
-+#include <openssl/err.h>
-+#include <openssl/x509v3.h>
-+#include <openssl/x509.h>
-+#include <openssl/rand.h>
-+
-+int main(void)
-+{
-+ STACK_OF(GENERAL_NAME) *gens = NULL;
-+ printf("%p", gens); /* to make it used */
-+ SSLv23_client_method();
-+ PEM_read_PrivateKey(0, 0, 0, 0);
-+ return 0;
-+}
-+!
-+fi
-
- cat >$tmp2.c <<\!
- #include <gssapi/gssapi.h>
diff --git a/mail/heirloom-mailx/patches/patch-ab b/mail/heirloom-mailx/patches/patch-ab
deleted file mode 100644
index 4a48e5f02ca..00000000000
--- a/mail/heirloom-mailx/patches/patch-ab
+++ /dev/null
@@ -1,132 +0,0 @@
-$NetBSD: patch-ab,v 1.1 2011/10/01 11:49:20 shattered Exp $
-
---- openssl.c.orig 2007-08-04 11:38:03.000000000 +0000
-+++ openssl.c
-@@ -38,7 +38,7 @@
-
- #ifndef lint
- #ifdef DOSCCS
--static char sccsid[] = "@(#)openssl.c 1.25 (gritter) 8/4/07";
-+static char sccsid[] = "@(#)openssl.c 1.26 (gritter) 5/26/09";
- #endif
- #endif /* not lint */
-
-@@ -101,12 +101,17 @@ static void sslcatch(int s);
- static int ssl_rand_init(void);
- static void ssl_init(void);
- static int ssl_verify_cb(int success, X509_STORE_CTX *store);
--static SSL_METHOD *ssl_select_method(const char *uhp);
-+static const SSL_METHOD *ssl_select_method(const char *uhp);
- static void ssl_load_verifications(struct sock *sp);
- static void ssl_certificate(struct sock *sp, const char *uhp);
- static enum okay ssl_check_host(const char *server, struct sock *sp);
-+#ifdef HAVE_STACK_OF
-+static int smime_verify(struct message *m, int n, STACK_OF(X509) *chain,
-+ X509_STORE *store);
-+#else
- static int smime_verify(struct message *m, int n, STACK *chain,
- X509_STORE *store);
-+#endif
- static EVP_CIPHER *smime_cipher(const char *name);
- static int ssl_password_cb(char *buf, int size, int rwflag, void *userdata);
- static FILE *smime_sign_cert(const char *xname, const char *xname2, int warn);
-@@ -203,10 +208,10 @@ ssl_verify_cb(int success, X509_STORE_CT
- return 1;
- }
-
--static SSL_METHOD *
-+static const SSL_METHOD *
- ssl_select_method(const char *uhp)
- {
-- SSL_METHOD *method;
-+ const SSL_METHOD *method;
- char *cp;
-
- cp = ssl_method_string(uhp);
-@@ -308,7 +313,11 @@ ssl_check_host(const char *server, struc
- X509 *cert;
- X509_NAME *subj;
- char data[256];
-+#ifdef HAVE_STACK_OF
-+ STACK_OF(GENERAL_NAME) *gens;
-+#else
- /*GENERAL_NAMES*/STACK *gens;
-+#endif
- GENERAL_NAME *gen;
- int i;
-
-@@ -357,7 +366,8 @@ ssl_open(const char *server, struct sock
-
- ssl_init();
- ssl_set_vrfy_level(uhp);
-- if ((sp->s_ctx = SSL_CTX_new(ssl_select_method(uhp))) == NULL) {
-+ if ((sp->s_ctx =
-+ SSL_CTX_new((SSL_METHOD *)ssl_select_method(uhp))) == NULL) {
- ssl_gen_err(catgets(catd, CATSET, 261, "SSL_CTX_new() failed"));
- return STOP;
- }
-@@ -496,7 +506,11 @@ smime_sign(FILE *ip, struct header *head
- }
-
- static int
-+#ifdef HAVE_STACK_OF
-+smime_verify(struct message *m, int n, STACK_OF(X509) *chain, X509_STORE *store)
-+#else
- smime_verify(struct message *m, int n, STACK *chain, X509_STORE *store)
-+#endif
- {
- struct message *x;
- char *cp, *sender, *to, *cc, *cnttype;
-@@ -505,7 +519,12 @@ smime_verify(struct message *m, int n, S
- off_t size;
- BIO *fb, *pb;
- PKCS7 *pkcs7;
-+#ifdef HAVE_STACK_OF
-+ STACK_OF(X509) *certs;
-+ STACK_OF(GENERAL_NAME) *gens;
-+#else
- STACK *certs, *gens;
-+#endif
- X509 *cert;
- X509_NAME *subj;
- char data[LINESIZE];
-@@ -614,7 +633,11 @@ cverify(void *vp)
- {
- int *msgvec = vp, *ip;
- int ec = 0;
-+#ifdef HAVE_STACK_OF
-+ STACK_OF(X509) *chain = NULL;
-+#else
- STACK *chain = NULL;
-+#endif
- X509_STORE *store;
- char *ca_dir, *ca_file;
-
-@@ -687,7 +710,11 @@ smime_encrypt(FILE *ip, const char *cert
- X509 *cert;
- PKCS7 *pkcs7;
- BIO *bb, *yb;
-+#ifdef HAVE_STACK_OF
-+ STACK_OF(X509) *certs;
-+#else
- STACK *certs;
-+#endif
- EVP_CIPHER *cipher;
-
- certfile = expand((char *)certfile);
-@@ -950,9 +977,14 @@ smime_certsave(struct message *m, int n,
- off_t size;
- BIO *fb, *pb;
- PKCS7 *pkcs7;
-+#ifdef HAVE_STACK_OF
-+ STACK_OF(X509) *certs;
-+ STACK_OF(X509) *chain = NULL;
-+#else
- STACK *certs;
-- X509 *cert;
- STACK *chain = NULL;
-+#endif
-+ X509 *cert;
- enum okay ok = OKAY;
-
- message_number = n;
diff --git a/mail/heirloom-mailx/patches/patch-af b/mail/heirloom-mailx/patches/patch-af
deleted file mode 100644
index 32e02a29d83..00000000000
--- a/mail/heirloom-mailx/patches/patch-af
+++ /dev/null
@@ -1,20 +0,0 @@
-$NetBSD: patch-af,v 1.1.1.1 2008/10/30 13:01:00 obache Exp $
-
---- sendout.c.orig 2008-07-04 06:09:57.000000000 +0000
-+++ sendout.c
-@@ -51,6 +51,15 @@ static char sccsid[] = "@(#)sendout.c 2.
- #include <time.h>
- #include "md5.h"
-
-+#ifdef HAVE_PATHS_H
-+#include <paths.h>
-+#endif
-+
-+#ifdef _PATH_SENDMAIL
-+#undef SENDMAIL
-+#define SENDMAIL _PATH_SENDMAIL
-+#endif
-+
- /*
- * Mail -- a mail program
- *
diff --git a/mail/heirloom-mailx/patches/patch-extern.h b/mail/heirloom-mailx/patches/patch-extern.h
new file mode 100644
index 00000000000..7d2124065a3
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-extern.h
@@ -0,0 +1,16 @@
+$NetBSD: patch-extern.h,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- unpack: disable option processing for email addresses when calling sendmail
+
+--- extern.h.orig 2011-04-26 21:23:22.000000000 +0000
++++ extern.h
+@@ -396,7 +396,7 @@ struct name *outof(struct name *names, F
+ int is_fileaddr(char *name);
+ struct name *usermap(struct name *names);
+ struct name *cat(struct name *n1, struct name *n2);
+-char **unpack(struct name *np);
++char **unpack(struct name *smopts, struct name *np);
+ struct name *elide(struct name *names);
+ int count(struct name *np);
+ struct name *delete_alternates(struct name *np);
diff --git a/mail/heirloom-mailx/patches/patch-fio.c b/mail/heirloom-mailx/patches/patch-fio.c
new file mode 100644
index 00000000000..b8dc2f6562d
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-fio.c
@@ -0,0 +1,109 @@
+$NetBSD: patch-fio.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- fioc: unconditionally require wordexp support
+- globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771)
+
+--- fio.c.orig 2011-04-26 21:23:22.000000000 +0000
++++ fio.c
+@@ -43,12 +43,15 @@ static char sccsid[] = "@(#)fio.c 2.76 (
+ #endif /* not lint */
+
+ #include "rcv.h"
++
++#ifndef HAVE_WORDEXP
++#error wordexp support is required
++#endif
++
+ #include <sys/stat.h>
+ #include <sys/file.h>
+ #include <sys/wait.h>
+-#ifdef HAVE_WORDEXP
+ #include <wordexp.h>
+-#endif /* HAVE_WORDEXP */
+ #include <unistd.h>
+
+ #if defined (USE_NSS)
+@@ -481,7 +484,6 @@ next:
+ static char *
+ globname(char *name)
+ {
+-#ifdef HAVE_WORDEXP
+ wordexp_t we;
+ char *cp;
+ sigset_t nset;
+@@ -495,7 +497,7 @@ globname(char *name)
+ sigemptyset(&nset);
+ sigaddset(&nset, SIGCHLD);
+ sigprocmask(SIG_BLOCK, &nset, NULL);
+- i = wordexp(name, &we, 0);
++ i = wordexp(name, &we, WRDE_NOCMD);
+ sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ switch (i) {
+ case 0:
+@@ -527,65 +529,6 @@ globname(char *name)
+ }
+ wordfree(&we);
+ return cp;
+-#else /* !HAVE_WORDEXP */
+- char xname[PATHSIZE];
+- char cmdbuf[PATHSIZE]; /* also used for file names */
+- int pid, l;
+- char *cp, *shell;
+- int pivec[2];
+- extern int wait_status;
+- struct stat sbuf;
+-
+- if (pipe(pivec) < 0) {
+- perror("pipe");
+- return name;
+- }
+- snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
+- if ((shell = value("SHELL")) == NULL)
+- shell = SHELL;
+- pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
+- if (pid < 0) {
+- close(pivec[0]);
+- close(pivec[1]);
+- return NULL;
+- }
+- close(pivec[1]);
+-again:
+- l = read(pivec[0], xname, sizeof xname);
+- if (l < 0) {
+- if (errno == EINTR)
+- goto again;
+- perror("read");
+- close(pivec[0]);
+- return NULL;
+- }
+- close(pivec[0]);
+- if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
+- fprintf(stderr, catgets(catd, CATSET, 81,
+- "\"%s\": Expansion failed.\n"), name);
+- return NULL;
+- }
+- if (l == 0) {
+- fprintf(stderr, catgets(catd, CATSET, 82,
+- "\"%s\": No match.\n"), name);
+- return NULL;
+- }
+- if (l == sizeof xname) {
+- fprintf(stderr, catgets(catd, CATSET, 83,
+- "\"%s\": Expansion buffer overflow.\n"), name);
+- return NULL;
+- }
+- xname[l] = 0;
+- for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
+- ;
+- cp[1] = '\0';
+- if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
+- fprintf(stderr, catgets(catd, CATSET, 84,
+- "\"%s\": Ambiguous.\n"), name);
+- return NULL;
+- }
+- return savestr(xname);
+-#endif /* !HAVE_WORDEXP */
+ }
+
+ /*
diff --git a/mail/heirloom-mailx/patches/patch-getopt.c b/mail/heirloom-mailx/patches/patch-getopt.c
new file mode 100644
index 00000000000..3173f2be98e
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-getopt.c
@@ -0,0 +1,50 @@
+$NetBSD: patch-getopt.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- don't reuse weak symbol optopt to fix FTBFS on mips*
+
+--- getopt.c.orig 2011-04-26 21:23:22.000000000 +0000
++++ getopt.c
+@@ -43,7 +43,7 @@ typedef int ssize_t;
+ char *optarg;
+ int optind = 1;
+ int opterr = 1;
+-int optopt;
++int optoptc;
+
+ static void
+ error(const char *s, int c)
+@@ -69,7 +69,7 @@ error(const char *s, int c)
+ *bp++ = *s++;
+ while (*msg)
+ *bp++ = *msg++;
+- *bp++ = optopt;
++ *bp++ = optoptc;
+ *bp++ = '\n';
+ write(2, buf, bp - buf);
+ ac_free(buf);
+@@ -101,13 +101,13 @@ getopt(int argc, char *const argv[], con
+ }
+ curp = &argv[optind][1];
+ }
+- optopt = curp[0] & 0377;
++ optoptc = curp[0] & 0377;
+ while (optstring[0]) {
+ if (optstring[0] == ':') {
+ optstring++;
+ continue;
+ }
+- if ((optstring[0] & 0377) == optopt) {
++ if ((optstring[0] & 0377) == optoptc) {
+ if (optstring[1] == ':') {
+ if (curp[1] != '\0') {
+ optarg = (char *)&curp[1];
+@@ -127,7 +127,7 @@ getopt(int argc, char *const argv[], con
+ optind++;
+ optarg = 0;
+ }
+- return optopt;
++ return optoptc;
+ }
+ optstring++;
+ }
diff --git a/mail/heirloom-mailx/patches/patch-mailx.1 b/mail/heirloom-mailx/patches/patch-mailx.1
new file mode 100644
index 00000000000..bc7639e05ba
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-mailx.1
@@ -0,0 +1,58 @@
+$NetBSD: patch-mailx.1,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- remove SSL2 references since it is no longer supported by OpenSSL.
+- fixed Lintian warning (warning: macro `N' not defined)
+- document that address expansion is disabled unless the expandaddr binary
+ option is set. This has been assigned CVE-2014-7844 for BSD mailx, but it
+ is not a vulnerability in Heirloom mailx because this feature was documented.
+
+
+--- mailx.1.orig 2011-04-26 21:23:22.000000000 +0000
++++ mailx.1
+@@ -656,6 +656,14 @@ but any reply returned to the machine
+ will have the system wide alias expanded
+ as all mail goes through sendmail.
+ .SS "Recipient address specifications"
++If the
++.I expandaddr
++option is not set (the default), recipient addresses must be names of
++local mailboxes or Internet mail addresses.
++.PP
++If the
++.I expandaddr
++option is set, the following rules apply:
+ When an address is used to name a recipient
+ (in any of To, Cc, or Bcc),
+ names of local mail folders
+@@ -2391,6 +2399,12 @@ and exits immediately.
+ If this option is set,
+ \fImailx\fR starts even with an empty mailbox.
+ .TP
++.B expandaddr
++Causes
++.I mailx
++to expand message recipient addresses, as explained in the section,
++Recipient address specifications.
++.TP
+ .B flipr
+ Exchanges the
+ .I Respond
+@@ -3575,7 +3589,7 @@ Only applicable if SSL/TLS support is bu
+ .TP
+ .B ssl-method
+ Selects a SSL/TLS protocol version;
+-valid values are `ssl2', `ssl3', and `tls1'.
++valid values are `ssl3', and `tls1'.
+ If unset, the method is selected automatically,
+ if possible.
+ .TP
+@@ -3781,7 +3795,7 @@ you could examine the first message by g
+ .sp
+ .fi
+ which might cause
+-.N mailx
++.I mailx
+ to respond with, for example:
+ .nf
+ .sp
diff --git a/mail/heirloom-mailx/patches/patch-names.c b/mail/heirloom-mailx/patches/patch-names.c
new file mode 100644
index 00000000000..b81d762790d
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-names.c
@@ -0,0 +1,42 @@
+$NetBSD: patch-names.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- document that address expansion is disabled unless the expandaddr
+ binary option is set. This has been assigned CVE-2014-7844 for
+ BSD mailx, but it is not a vulnerability in Heirloom mailx because
+ this feature was documented.
+
+- disable option processing for email addresses when calling sendmail
+
+Change "send-mail" to "sendmail" to match /etc/mailer.conf
+
+--- names.c.orig 2011-04-26 21:23:22.000000000 +0000
++++ names.c
+@@ -268,6 +268,9 @@ outof(struct name *names, FILE *fo, stru
+ FILE *fout, *fin;
+ int ispipe;
+
++ if (value("expandaddr") == NULL)
++ return names;
++
+ top = names;
+ np = names;
+ time(&now);
+@@ -546,7 +549,7 @@ cat(struct name *n1, struct name *n2)
+ * Return an error if the name list won't fit.
+ */
+ char **
+-unpack(struct name *np)
++unpack(struct name *smopts, struct name *np)
+ {
+ char **ap, **top;
+ struct name *n;
+@@ -572,7 +575,7 @@ unpack(struct name *np)
+ /*LINTED*/
+ top = (char **)salloc((t + extra) * sizeof *top);
+ ap = top;
+- *ap++ = "send-mail";
++ *ap++ = "sendmail";
+ *ap++ = "-i";
+ if (metoo)
+ *ap++ = "-m";
diff --git a/mail/heirloom-mailx/patches/patch-openssl.c b/mail/heirloom-mailx/patches/patch-openssl.c
new file mode 100644
index 00000000000..f7bc293409b
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-openssl.c
@@ -0,0 +1,18 @@
+$NetBSD: patch-openssl.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- remove SSL2 support since it is no longer supported by OpenSSL.
+
+--- openssl.c.orig 2011-04-26 21:23:22.000000000 +0000
++++ openssl.c
+@@ -216,9 +216,7 @@ ssl_select_method(const char *uhp)
+
+ cp = ssl_method_string(uhp);
+ if (cp != NULL) {
+- if (equal(cp, "ssl2"))
+- method = SSLv2_client_method();
+- else if (equal(cp, "ssl3"))
++ if (equal(cp, "ssl3"))
+ method = SSLv3_client_method();
+ else if (equal(cp, "tls1"))
+ method = TLSv1_client_method();
diff --git a/mail/heirloom-mailx/patches/patch-sendout.c b/mail/heirloom-mailx/patches/patch-sendout.c
new file mode 100644
index 00000000000..d6f739e3b1e
--- /dev/null
+++ b/mail/heirloom-mailx/patches/patch-sendout.c
@@ -0,0 +1,34 @@
+$NetBSD: patch-sendout.c,v 1.1 2014/12/28 14:16:14 bsiegert Exp $
+
+Imported Debian package fixes:
+- disable option processing for email addresses when calling sendmail
+
+Ref: patch-af,v 1.1.1.1 2008/10/30 13:01:00 obache
+
+--- sendout.c.orig 2011-04-26 21:23:22.000000000 +0000
++++ sendout.c
+@@ -51,6 +51,15 @@ static char sccsid[] = "@(#)sendout.c 2.
+ #include <time.h>
+ #include "md5.h"
+
++#ifdef HAVE_PATHS_H
++#include <paths.h>
++#endif
++
++#ifdef _PATH_SENDMAIL
++#undef SENDMAIL
++#define SENDMAIL _PATH_SENDMAIL
++#endif
++
+ /*
+ * Mail -- a mail program
+ *
+@@ -835,7 +844,7 @@ start_mta(struct name *to, struct name *
+ #endif /* HAVE_SOCKETS */
+
+ if ((smtp = value("smtp")) == NULL) {
+- args = unpack(cat(mailargs, to));
++ args = unpack(mailargs, to);
+ if (debug || value("debug")) {
+ printf(catgets(catd, CATSET, 181,
+ "Sendmail arguments:"));