diff options
Diffstat (limited to 'mail-client/mailx/files')
| -rw-r--r-- | mail-client/mailx/files/digest-mailx-8.1.1.11 | 1 | ||||
| -rw-r--r-- | mail-client/mailx/files/digest-mailx-8.1.2.20021129 | 1 | ||||
| -rw-r--r-- | mail-client/mailx/files/digest-mailx-8.1.2.20021129-r1 | 3 | ||||
| -rw-r--r-- | mail-client/mailx/files/digest-mailx-8.1.2.20021129-r2 | 3 | ||||
| -rw-r--r-- | mail-client/mailx/files/mailx-64bit.diff | 190 | ||||
| -rw-r--r-- | mail-client/mailx/files/mailx-8.1.1.11-Makefile.diff | 19 | ||||
| -rw-r--r-- | mail-client/mailx/files/mailx-8.1.1.11-version.diff | 8 | ||||
| -rw-r--r-- | mail-client/mailx/files/mailx-8.1.1.11.diff | 2171 |
8 files changed, 2396 insertions, 0 deletions
diff --git a/mail-client/mailx/files/digest-mailx-8.1.1.11 b/mail-client/mailx/files/digest-mailx-8.1.1.11 new file mode 100644 index 000000000000..ab658e38e44a --- /dev/null +++ b/mail-client/mailx/files/digest-mailx-8.1.1.11 @@ -0,0 +1 @@ +MD5 c779002cb043b57fd5198ec2032cacb0 mailx_8.1.1.orig.tar.gz 89069 diff --git a/mail-client/mailx/files/digest-mailx-8.1.2.20021129 b/mail-client/mailx/files/digest-mailx-8.1.2.20021129 new file mode 100644 index 000000000000..ab658e38e44a --- /dev/null +++ b/mail-client/mailx/files/digest-mailx-8.1.2.20021129 @@ -0,0 +1 @@ +MD5 c779002cb043b57fd5198ec2032cacb0 mailx_8.1.1.orig.tar.gz 89069 diff --git a/mail-client/mailx/files/digest-mailx-8.1.2.20021129-r1 b/mail-client/mailx/files/digest-mailx-8.1.2.20021129-r1 new file mode 100644 index 000000000000..abbfdc5927fd --- /dev/null +++ b/mail-client/mailx/files/digest-mailx-8.1.2.20021129-r1 @@ -0,0 +1,3 @@ +MD5 c779002cb043b57fd5198ec2032cacb0 mailx_8.1.1.orig.tar.gz 89069 +MD5 49a4dbee10b9997127dd4d3001bd5b04 multifix.diff.gz 91955 +MD5 c75f19ddb9dd35d6d22e5d63e8b96d06 20021129-cvs.diff.bz2 64969 diff --git a/mail-client/mailx/files/digest-mailx-8.1.2.20021129-r2 b/mail-client/mailx/files/digest-mailx-8.1.2.20021129-r2 new file mode 100644 index 000000000000..abbfdc5927fd --- /dev/null +++ b/mail-client/mailx/files/digest-mailx-8.1.2.20021129-r2 @@ -0,0 +1,3 @@ +MD5 c779002cb043b57fd5198ec2032cacb0 mailx_8.1.1.orig.tar.gz 89069 +MD5 49a4dbee10b9997127dd4d3001bd5b04 multifix.diff.gz 91955 +MD5 c75f19ddb9dd35d6d22e5d63e8b96d06 20021129-cvs.diff.bz2 64969 diff --git a/mail-client/mailx/files/mailx-64bit.diff b/mail-client/mailx/files/mailx-64bit.diff new file mode 100644 index 000000000000..b50974f0d9c9 --- /dev/null +++ b/mail-client/mailx/files/mailx-64bit.diff @@ -0,0 +1,190 @@ +diff -ur mailx-8.1.1.orig.orig/Makefile mailx-8.1.1.orig/Makefile +--- mailx-8.1.1.orig.orig/Makefile 2003-09-17 17:10:17.000000000 -0500 ++++ mailx-8.1.1.orig/Makefile 2003-09-17 17:11:05.000000000 -0500 +@@ -6,7 +6,7 @@ + + # use second line starting from hamm release + #CPPFLAGS=-I/usr/include/bsd -D_BSD_SOURCE -DIOSAFE +-CPPFLAGS=-D_BSD_SOURCE ++CPPFLAGS=-D_BSD_SOURCE -D_XOPEN_SOURCE + + CFLAGS=-g + SRCS= version.c aux.c cmd1.c cmd2.c cmd3.c cmdtab.c collect.c \ +diff -ur mailx-8.1.1.orig.orig/cmd1.c mailx-8.1.1.orig/cmd1.c +--- mailx-8.1.1.orig.orig/cmd1.c 2003-09-17 17:10:17.000000000 -0500 ++++ mailx-8.1.1.orig/cmd1.c 2003-09-17 17:11:58.000000000 -0500 +@@ -162,7 +162,7 @@ + int *msgvec = v; + register int *ip; + +- for (ip = msgvec; *ip != NULL; ip++) ++ for (ip = msgvec; *ip != 0; ip++) + printhead(*ip); + if (--ip >= msgvec) + dot = &message[*ip - 1]; +diff -ur mailx-8.1.1.orig.orig/cmd2.c mailx-8.1.1.orig/cmd2.c +--- mailx-8.1.1.orig.orig/cmd2.c 2003-09-17 17:10:17.000000000 -0500 ++++ mailx-8.1.1.orig/cmd2.c 2003-09-17 17:12:35.000000000 -0500 +@@ -67,7 +67,7 @@ + register int *ip, *ip2; + int list[2], mdot; + +- if (*msgvec != NULL) { ++ if (*msgvec != 0) { + + /* + * If some messages were supplied, find the +@@ -82,10 +82,10 @@ + * message list which follows dot. + */ + +- for (ip = msgvec; *ip != NULL; ip++) ++ for (ip = msgvec; *ip != 0; ip++) + if (*ip > mdot) + break; +- if (*ip == NULL) ++ if (*ip == 0) + ip = msgvec; + ip2 = ip; + do { +@@ -94,9 +94,9 @@ + dot = mp; + goto hitit; + } +- if (*ip2 != NULL) ++ if (*ip2 != 0) + ip2++; +- if (*ip2 == NULL) ++ if (*ip2 == 0) + ip2 = msgvec; + } while (ip2 != ip); + printf("No messages applicable\n"); +@@ -130,7 +130,7 @@ + */ + + list[0] = dot - &message[0] + 1; +- list[1] = NULL; ++ list[1] = 0; + return(type(list)); + } + +@@ -181,11 +181,11 @@ + return(1); + if (!f) { + *msgvec = first(0, MMNORM); +- if (*msgvec == NULL) { ++ if (*msgvec == 0) { + printf("No messages to %s.\n", cmd); + return(1); + } +- msgvec[1] = NULL; ++ msgvec[1] = 0; + } + if (f && getmsglist(str, msgvec, 0) < 0) + return(1); +@@ -305,7 +305,7 @@ + list[0] = dot - &message[0] + 1; + if (list[0] > lastdot) { + touch(dot); +- list[1] = NULL; ++ list[1] = 0; + return(type(list)); + } + printf("At EOF\n"); +@@ -327,18 +327,18 @@ + register *ip; + int last; + +- last = NULL; +- for (ip = msgvec; *ip != NULL; ip++) { ++ last = 0; ++ for (ip = msgvec; *ip != 0; ip++) { + mp = &message[*ip - 1]; + touch(mp); + mp->m_flag |= MDELETED|MTOUCH; + mp->m_flag &= ~(MPRESERVE|MSAVED|MBOX); + last = *ip; + } +- if (last != NULL) { ++ if (last != 0) { + dot = &message[last-1]; + last = first(0, MDELETED); +- if (last != NULL) { ++ if (last != 0) { + dot = &message[last-1]; + return(0); + } +diff -ur mailx-8.1.1.orig.orig/cmd3.c mailx-8.1.1.orig/cmd3.c +--- mailx-8.1.1.orig.orig/cmd3.c 2003-09-17 17:10:17.000000000 -0500 ++++ mailx-8.1.1.orig/cmd3.c 2003-09-17 17:12:50.000000000 -0500 +@@ -309,7 +309,7 @@ + printf("Cannot \"preserve\" in edit mode\n"); + return(1); + } +- for (ip = msgvec; *ip != NULL; ip++) { ++ for (ip = msgvec; *ip != 0; ip++) { + mesg = *ip; + mp = &message[mesg-1]; + mp->m_flag |= MPRESERVE; +@@ -329,7 +329,7 @@ + int *msgvec = v; + register int *ip; + +- for (ip = msgvec; *ip != NULL; ip++) { ++ for (ip = msgvec; *ip != 0; ip++) { + dot = &message[*ip-1]; + dot->m_flag &= ~(MREAD|MTOUCH); + dot->m_flag |= MSTATUS; +@@ -348,7 +348,7 @@ + register struct message *mp; + register int *ip, mesg; + +- for (ip = msgvec; *ip != NULL; ip++) { ++ for (ip = msgvec; *ip != 0; ip++) { + mesg = *ip; + mp = &message[mesg-1]; + printf("%d: %d/%ld\n", mesg, mp->m_lines, mp->m_size); +diff -ur mailx-8.1.1.orig.orig/collect.c mailx-8.1.1.orig/collect.c +--- mailx-8.1.1.orig.orig/collect.c 2003-09-17 17:10:17.000000000 -0500 ++++ mailx-8.1.1.orig/collect.c 2003-09-17 17:12:59.000000000 -0500 +@@ -564,11 +564,11 @@ + return(0); + if (*msgvec == 0) { + *msgvec = first(0, MMNORM); +- if (*msgvec == NULL) { ++ if (*msgvec == 0) { + printf("No appropriate messages\n"); + return(0); + } +- msgvec[1] = NULL; ++ msgvec[1] = 0; + } + if (f == 'f' || f == 'F') + tabst = NOSTR; +diff -ur mailx-8.1.1.orig.orig/def.h mailx-8.1.1.orig/def.h +--- mailx-8.1.1.orig.orig/def.h 2003-09-17 17:10:17.000000000 -0500 ++++ mailx-8.1.1.orig/def.h 2003-09-17 17:13:40.000000000 -0500 +@@ -44,7 +44,7 @@ + + #include <sys/param.h> + #include <sys/stat.h> +-#include <sys/time.h> ++#include <time.h> + + #include <signal.h> + #include <termios.h> +diff -ur mailx-8.1.1.orig.orig/lex.c mailx-8.1.1.orig/lex.c +--- mailx-8.1.1.orig.orig/lex.c 2003-09-17 17:10:17.000000000 -0500 ++++ mailx-8.1.1.orig/lex.c 2003-09-17 17:13:07.000000000 -0500 +@@ -355,9 +355,9 @@ + if (c == 0) { + *msgvec = first(com->c_msgflag, + com->c_msgmask); +- msgvec[1] = NULL; ++ msgvec[1] = 0; + } +- if (*msgvec == NULL) { ++ if (*msgvec == 0) { + printf("No applicable messages\n"); + break; + } diff --git a/mail-client/mailx/files/mailx-8.1.1.11-Makefile.diff b/mail-client/mailx/files/mailx-8.1.1.11-Makefile.diff new file mode 100644 index 000000000000..482c370d8276 --- /dev/null +++ b/mail-client/mailx/files/mailx-8.1.1.11-Makefile.diff @@ -0,0 +1,19 @@ +*** Makefile.orig Thu Sep 13 00:57:10 2001 +--- Makefile Thu Sep 13 00:57:48 2001 +*************** +*** 39,45 **** + rm -f $(PROG) *.o *~ + + install: +! install -c -m 755 -o root -g mail -s $(PROG) $(DESTDIR)/usr/bin/ +! install -c -m 644 $(MFILES) $(DESTDIR)/usr/man/man1/ + cd misc && install -c -m 644 $(EFILES) $(DESTDIR)/etc/ + cd misc && install -c -m 644 $(SFILES) $(DESTDIR)/usr/lib/ +--- 39,45 ---- + rm -f $(PROG) *.o *~ + + install: +! install -c -m 755 -o root -g mail -s $(PROG) $(DESTDIR)/bin/ +! install -c -m 644 $(MFILES) $(DESTDIR)/usr/share/man/man1/ + cd misc && install -c -m 644 $(EFILES) $(DESTDIR)/etc/ + cd misc && install -c -m 644 $(SFILES) $(DESTDIR)/usr/lib/ diff --git a/mail-client/mailx/files/mailx-8.1.1.11-version.diff b/mail-client/mailx/files/mailx-8.1.1.11-version.diff new file mode 100644 index 000000000000..b1e5cb08a3a1 --- /dev/null +++ b/mail-client/mailx/files/mailx-8.1.1.11-version.diff @@ -0,0 +1,8 @@ +--- mailx-8.1.1/version.c Fri Jun 14 10:27:09 1996 ++++ mailx-8.1.1/version.c.hack Fri Jul 21 18:02:53 2000 +@@ -46,4 +46,4 @@ + * Just keep track of the date/sid of this version of Mail. + * Load this file first to get a "total" Mail version. + */ +-char *version = "8.1 6/6/93"; ++char *version = "8.1.1-11 6/6/93"; diff --git a/mail-client/mailx/files/mailx-8.1.1.11.diff b/mail-client/mailx/files/mailx-8.1.1.11.diff new file mode 100644 index 000000000000..563b6464f992 --- /dev/null +++ b/mail-client/mailx/files/mailx-8.1.1.11.diff @@ -0,0 +1,2171 @@ +--- mailx-8.1.1.orig/USD.doc/Makefile ++++ mailx-8.1.1/USD.doc/Makefile +@@ -4,8 +4,10 @@ + SRCS= mail0.nr mail1.nr mail2.nr mail3.nr mail4.nr mail5.nr mail6.nr \ + mail7.nr mail8.nr mail9.nr maila.nr + MACROS= -me ++TBL=tbl ++manual.ps: ${SRCS} ++ ${TBL} ${SRCS} | groff ${MACROS} -Tps > $@ + +-paper.ps: ${SRCS} +- ${TBL} ${SRCS} | ${ROFF} > ${.TARGET} ++clean : ++ -rm manual.ps + +-.include <bsd.doc.mk> +--- mailx-8.1.1.orig/misc/mail.rc ++++ mailx-8.1.1/misc/mail.rc +@@ -1,2 +1,2 @@ +-set append dot save asksub ++set ask askcc append dot save crt + ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via +--- mailx-8.1.1.orig/pathnames.h ++++ mailx-8.1.1/pathnames.h +@@ -37,10 +37,34 @@ + * $NetBSD: pathnames.h,v 1.4 1996/06/08 19:48:34 christos Exp $ + */ + +-#include <paths.h> ++/* mail installed files */ ++#define _PATH_HELP "/usr/lib/mail.help" ++#define _PATH_TILDE "/usr/lib/mail.tildehelp" ++#define _PATH_MASTER_RC "/etc/mail.rc" + +-#define _PATH_EX "/usr/bin/ex" +-#define _PATH_HELP "/usr/share/misc/mail.help" +-#define _PATH_TILDE "/usr/share/misc/mail.tildehelp" +-#define _PATH_MASTER_RC "/etc/mail.rc" +-#define _PATH_MORE "/usr/bin/more" ++/* mail runtime files */ ++#ifndef _PATH_MAILDIR ++#define _PATH_MAILDIR "/var/mail:/var/spool/mail" ++#endif ++ ++/* executables */ ++#ifndef _PATH_CSHELL ++#define _PATH_CSHELL "/bin/csh" ++#endif ++#ifndef _PATH_MORE ++#define _PATH_MORE "/bin/more" ++#endif ++#ifndef _PATH_EX ++#define _PATH_EX "/usr/bin/ex" ++#endif ++#ifndef _PATH_VI ++#define _PATH_VI "/usr/bin/vi" ++#endif ++#ifndef _PATH_SENDMAIL ++#define _PATH_SENDMAIL "/usr/sbin/sendmail" ++#endif ++ ++/* directories */ ++#ifndef _PATH_TMP ++#define _PATH_TMP "/tmp/" ++#endif +--- mailx-8.1.1.orig/Makefile ++++ mailx-8.1.1/Makefile +@@ -2,22 +2,44 @@ + # $NetBSD: Makefile,v 1.8 1996/06/08 19:48:09 christos Exp $ + + PROG= mail +-SRCS= version.c aux.c cmd1.c cmd2.c cmd3.c cmdtab.c collect.c dotlock.c \ ++CC=gcc ++ ++# use second line starting from hamm release ++#CPPFLAGS=-I/usr/include/bsd -D_BSD_SOURCE -DIOSAFE ++CPPFLAGS=-D_BSD_SOURCE ++ ++CFLAGS=-g ++SRCS= version.c aux.c cmd1.c cmd2.c cmd3.c cmdtab.c collect.c \ + edit.c fio.c getname.c head.c v7.local.c lex.c list.c main.c names.c \ + popen.c quit.c send.c strings.c temp.c tty.c vars.c ++ ++OBJS=$(SRCS:%.c=%.o) ++LIBS=-llockfile ++ + SFILES= mail.help mail.tildehelp + EFILES= mail.rc + LINKS= ${BINDIR}/mail ${BINDIR}/Mail ${BINDIR}/mail ${BINDIR}/mailx +-MLINKS= mail.1 Mail.1 mail.1 mailx.1 ++MFILES= mail.1 + +-beforeinstall: +- cd ${.CURDIR}/misc; install -c -o ${BINOWN} -g ${BINGRP} \ +- -m 444 ${SFILES} ${DESTDIR}/usr/share/misc +- cd ${.CURDIR}/misc; install -c -o root -g wheel \ +- -m 644 ${EFILES} ${DESTDIR}/etc +- +-.if make(install) +-SUBDIR+= USD.doc +-.endif ++default: all + +-.include <bsd.prog.mk> ++ all: $(PROG) ++ ++ $(PROG): $(OBJS) ++ $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $(OBJS) $(LIBS) ++ ++ .c.o: ++ $(CC) $(CPPFLAGS) $(CFLAGS) -c $< ++ ++ .y.c: ++ bison $< ++ mv -f $*.tab.c $@ ++ ++ clean: ++ rm -f $(PROG) *.o *~ ++ ++ install: ++ install -c -m 755 -o root -g mail -s $(PROG) $(DESTDIR)/usr/bin/ ++ install -c -m 644 $(MFILES) $(DESTDIR)/usr/man/man1/ ++ cd misc && install -c -m 644 $(EFILES) $(DESTDIR)/etc/ ++ cd misc && install -c -m 644 $(SFILES) $(DESTDIR)/usr/lib/ +--- mailx-8.1.1.orig/aux.c ++++ mailx-8.1.1/aux.c +@@ -280,16 +280,22 @@ + * Copy a string, lowercasing it as we go. + */ + void +-istrcpy(dest, src) ++istrcpy(dest, src, size) + register char *dest, *src; ++ int size; + { ++ register char *max; + +- do { +- if (isupper(*src)) ++ max=dest+size-1; ++ while (dest<=max) { ++ if (isupper(*src)) { + *dest++ = tolower(*src); +- else ++ } else { + *dest++ = *src; +- } while (*src++ != 0); ++ } ++ if (*src++ == 0) ++ break; ++ } + } + + /* +@@ -606,10 +612,13 @@ + break; + cp++; + if (first) { +- strcpy(namebuf, cp); ++ strncpy(namebuf, cp, LINESIZE); + first = 0; +- } else +- strcpy(rindex(namebuf, '!')+1, cp); ++ } else { ++ cp2=rindex(namebuf, '!')+1; ++ strncpy(cp2, cp, (namebuf+LINESIZE)-cp2); ++ } ++ namebuf[LINESIZE-2]='\0'; + strcat(namebuf, "!"); + goto newname; + } +@@ -691,7 +700,8 @@ + * Lower-case the string, so that "Status" and "status" + * will hash to the same place. + */ +- istrcpy(realfld, field); ++ istrcpy(realfld, field, BUFSIZ); ++ realfld[BUFSIZ-1]='\0'; + if (ignore[1].i_count > 0) + return (!member(realfld, ignore + 1)); + else +--- mailx-8.1.1.orig/cmd1.c ++++ mailx-8.1.1/cmd1.c +@@ -465,7 +465,7 @@ + char dirname[BUFSIZ]; + char *cmd; + +- if (getfold(dirname) < 0) { ++ if (getfold(dirname, BUFSIZ) < 0) { + printf("No value set for \"folder\"\n"); + return 1; + } +--- mailx-8.1.1.orig/cmd2.c ++++ mailx-8.1.1/cmd2.c +@@ -496,7 +496,8 @@ + if (*list == NOSTR) + return igshow(tab, which); + for (ap = list; *ap != 0; ap++) { +- istrcpy(field, *ap); ++ istrcpy(field, *ap, BUFSIZ); ++ field[BUFSIZ-1]='\0'; + if (member(field, tab)) + continue; + h = hash(field); +--- mailx-8.1.1.orig/cmd3.c ++++ mailx-8.1.1/cmd3.c +@@ -65,8 +65,9 @@ + char *shell; + char cmd[BUFSIZ]; + +- (void) strcpy(cmd, str); +- if (bangexp(cmd) < 0) ++ (void) strncpy(cmd, str, BUFSIZ); ++ cmd[BUFSIZ-1]='\0'; ++ if (bangexp(cmd, BUFSIZ) < 0) + return 1; + if ((shell = value("SHELL")) == NOSTR) + shell = _PATH_CSHELL; +@@ -103,8 +104,9 @@ + char lastbang[128]; + + int +-bangexp(str) ++bangexp(str, size) + char *str; ++ int size; + { + char bangbuf[BUFSIZ]; + register char *cp, *cp2; +@@ -144,7 +146,8 @@ + printf("!%s\n", bangbuf); + fflush(stdout); + } +- strcpy(str, bangbuf); ++ strncpy(str, bangbuf, size); ++ str[size-1]='\0'; + strncpy(lastbang, bangbuf, 128); + lastbang[127] = 0; + return(0); +--- mailx-8.1.1.orig/collect.c ++++ mailx-8.1.1/collect.c +@@ -52,6 +52,11 @@ + #include "rcv.h" + #include "extern.h" + ++#ifdef IOSAFE ++/* to interact betzeen interrupt handlers and IO routines in fio.c */ ++int got_interrupt; ++ ++#endif + /* + * Read a message from standard output and return a read file to it + * or NULL on error. +@@ -143,6 +148,9 @@ + escape = ESCAPE; + eofcount = 0; + hadintr = 0; ++#ifdef IOSAFE ++ got_interrupt = 0; ++#endif + + if (!setjmp(colljmp)) { + if (getsub) +@@ -166,6 +174,12 @@ + for (;;) { + colljmp_p = 1; + c = readline(stdin, linebuf, LINESIZE); ++#ifdef IOSAFE ++ if (got_interrupt) { ++ got_interrupt = 0; ++ longjmp(colljmp,1); ++ } ++#endif + colljmp_p = 0; + if (c < 0) { + if (value("interactive") != NOSTR && +@@ -268,7 +282,8 @@ + hp->h_bcc = cat(hp->h_bcc, extract(&linebuf[2], GBCC)); + break; + case 'd': +- strcpy(linebuf + 2, getdeadletter()); ++ strncpy(linebuf + 2, getdeadletter(), LINESIZE - 2); ++ linebuf[LINESIZE-1]='\0'; + /* fall into . . . */ + case 'r': + case '<': +@@ -392,7 +407,11 @@ + sigemptyset(&nset); + sigaddset(&nset, SIGINT); + sigaddset(&nset, SIGHUP); ++#ifndef OLDBUG ++ sigprocmask(SIG_BLOCK, &nset, NULL); ++#else + sigprocmask(SIG_BLOCK, &nset, &oset); ++#endif + signal(SIGINT, saveint); + signal(SIGHUP, savehup); + signal(SIGTSTP, savetstp); +@@ -427,6 +446,8 @@ + fprintf(stderr, "File exists\n"); + return(-1); + } ++ /* FIXME: Fopen with "w" will currently prevent writing to an existig file ++ (/dev/null), for now I am not sure this would even marginally useful to allow */ + if ((of = Fopen(name, "w")) == NULL) { + perror(NOSTR); + return(-1); +@@ -589,10 +610,16 @@ + if (colljmp_p) { + colljmp_p = 0; + hadintr = 0; ++#ifdef IOSAFE ++ got_interrupt = s; ++#else + longjmp(colljmp, 1); ++#endif ++ + } + } + ++ + /* + * On interrupt, come here to save the partial message in ~/dead.letter. + * Then jump out of the collection loop. +@@ -613,7 +640,12 @@ + return; + } + hadintr = 1; ++#ifdef IOSAFE ++ got_interrupt = s; ++ return; ++#else + longjmp(colljmp, 1); ++#endif + } + rewind(collf); + if (value("nosave") == NOSTR) +--- mailx-8.1.1.orig/dotlock.c ++++ mailx-8.1.1/dotlock.c +@@ -48,11 +48,33 @@ + #include <signal.h> + + #include "extern.h" ++#include "rcv.h" + + #ifndef O_SYNC + #define O_SYNC 0 + #endif + ++/* ++ * Set the gid if the path is in the normal mail spool ++ */ ++static int perhaps_setgid (name, gid) ++char *name; ++gid_t gid; ++{ ++ char safelist[] = _PATH_MAILDIR; ++ char *safepath, *p = safelist; ++ int len; ++ ++ while ((safepath = strtok(p, ":"))) { ++ p = 0; ++ len = strlen(safepath); ++ if (strncmp (name, safepath, len) == 0 && name[len] == '/') ++ return (setgid (gid)); ++ } ++ return 0; ++} ++ ++ + static int create_exclusive __P((const char *)); + /* + * Create a unique file. O_EXCL does not really work over NFS so we follow +@@ -69,11 +91,12 @@ + const char *fname; + { + char path[MAXPATHLEN], hostname[MAXHOSTNAMELEN]; ++ char apid[40]; /* sufficient for storign 128 bits pids */ + const char *ptr; + struct timeval tv; + pid_t pid; + size_t ntries, cookie; +- int fd, serrno; ++ int fd, serrno, cc; + struct stat st; + + (void) gettimeofday(&tv, NULL); +@@ -93,12 +116,17 @@ + (void) snprintf(path, sizeof(path), "%.*s.%s.%x", + ptr - fname, fname, hostname, cookie); + ++ + /* + * We try to create the unique filename. + */ + for (ntries = 0; ntries < 5; ntries++) { ++ perhaps_setgid(path, effectivegid); + fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL|O_SYNC, 0); ++ setgid(realgid); + if (fd != -1) { ++ sprintf(apid,"%d",getpid()); ++ write(fd, apid, strlen(apid)); + (void) close(fd); + break; + } +@@ -107,11 +135,14 @@ + else + return -1; + } +- + /* + * We link the path to the name + */ +- if (link(path, fname) == -1) ++ perhaps_setgid(fname, effectivegid); ++ cc = link(path, fname); ++ setgid(realgid); ++ ++ if (cc == -1) + goto bad; + + /* +@@ -121,7 +152,9 @@ + if (stat(path, &st) == -1) + goto bad; + ++ perhaps_setgid(fname, effectivegid); + (void) unlink(path); ++ setgid(realgid); + + /* + * If the number of links was two (one for the unique file and one +@@ -149,6 +182,7 @@ + { + char path[MAXPATHLEN]; + sigset_t nset, oset; ++ int i; + + sigemptyset(&nset); + sigaddset(&nset, SIGHUP); +@@ -162,7 +196,7 @@ + + (void) snprintf(path, sizeof(path), "%s.lock", fname); + +- for (;;) { ++ for (i=0;i<15;i++) { + (void) sigprocmask(SIG_BLOCK, &nset, &oset); + if (create_exclusive(path) != -1) { + (void) sigprocmask(SIG_SETMASK, &oset, NULL); +@@ -185,6 +219,8 @@ + sleep(pollinterval); + } + } ++ fprintf(stderr,"%s seems a stale lock? Need to be removed by hand?\n",path); ++ return -1; + } + + void +@@ -194,5 +230,7 @@ + char path[MAXPATHLEN]; + + (void) snprintf(path, sizeof(path), "%s.lock", fname); ++ perhaps_setgid(path, effectivegid); + (void) unlink(path); ++ setgid(realgid); + } +--- mailx-8.1.1.orig/edit.c ++++ mailx-8.1.1/edit.c +@@ -159,7 +159,7 @@ + struct stat statb; + extern char *tempEdit; + +- if ((t = creat(tempEdit, readonly ? 0400 : 0600)) < 0) { ++ if ((t = open(tempEdit, O_CREAT|O_WRONLY|O_EXCL, readonly ? 0400 : 0600)) < 0) { + perror(tempEdit); + goto out; + } +--- mailx-8.1.1.orig/extern.h ++++ mailx-8.1.1/extern.h +@@ -50,6 +50,7 @@ + struct name *put __P((struct name *, struct name *)); + struct name *tailof __P((struct name *)); + struct name *usermap __P((struct name *)); ++FILE *safe_fopen __P((char *, char *)); + FILE *Fdopen __P((int, char *)); + FILE *Fopen __P((char *, char *)); + FILE *Popen __P((char *, char *)); +@@ -79,7 +80,7 @@ + char *username __P((void)); + char *value __P((char [])); + char *vcopy __P((char [])); +-char *yankword __P((char *, char [])); ++char *yankword __P((char *, char [], int)); + int Fclose __P((FILE *)); + int More __P((void *)); + int Pclose __P((FILE *)); +@@ -94,7 +95,7 @@ + int append __P((struct message *, FILE *)); + int argcount __P((char **)); + void assign __P((char [], char [])); +-int bangexp __P((char *)); ++int bangexp __P((char *, int)); + int blankline __P((char [])); + void brokpipe __P((int)); + int charcount __P((char *, int)); +@@ -115,8 +116,8 @@ + int deltype __P((void *)); + void demail __P((void)); + int dosh __P((void *)); +-int dot_lock __P((const char *, int, FILE *, const char *)); +-void dot_unlock __P((const char *)); ++int spool_lock __P((const char *)); ++int spool_unlock __P((const char *)); + int echo __P((void *)); + int edit1 __P((int *, int)); + int editor __P((void *)); +@@ -130,7 +131,7 @@ + int file __P((void *)); + struct grouphead * + findgroup __P((char [])); +-void findmail __P((char *, char *)); ++void findmail __P((char *, char *, int)); + int first __P((int, int)); + void fixhead __P((struct header *, struct name *)); + void fmt __P((char *, struct name *, FILE *, int)); +@@ -139,7 +140,7 @@ + void free_child __P((int)); + int from __P((void *)); + off_t fsize __P((FILE *)); +-int getfold __P((char *)); ++int getfold __P((char *, int)); + int gethfield __P((FILE *, char [], int, char **)); + int getmsglist __P((char *, int *, int)); + int getrawlist __P((char [], char **, int)); +@@ -164,7 +165,7 @@ + int ishead __P((char [])); + int isign __P((char *, struct ignoretab [])); + int isprefix __P((char *, char *)); +-void istrcpy __P((char *, char *)); ++void istrcpy __P((char *, char *, int)); + const struct cmd * + lex __P((char [])); + void load __P((char *)); +--- mailx-8.1.1.orig/fio.c ++++ mailx-8.1.1/fio.c +@@ -74,7 +74,7 @@ + char linebuf[LINESIZE]; + + /* Get temporary file. */ +- (void)sprintf(linebuf, "%s/mail.XXXXXX", tmpdir); ++ (void)snprintf(linebuf,LINESIZE,"%s/mail.XXXXXX", tmpdir); + if ((c = mkstemp(linebuf)) == -1 || + (mestmp = Fdopen(c, "r+")) == NULL) { + (void)fprintf(stderr, "mail: can't open %s\n", linebuf); +@@ -178,14 +178,54 @@ + char *linebuf; + int linesize; + { +- register int n; +- ++ register int n,oldfl; ++ char *res; + clearerr(ibuf); +- if (fgets(linebuf, linesize, ibuf) == NULL) +- return -1; ++#ifdef IOSAFE ++ /* we want to be able to get interrupts while waiting user-input ++ we cannot to safely inside a stdio call, so we first ensure there ++ is now data in the stdio buffer by doing the stdio call with the descriptor ++ in non-blocking state and then do a select. ++ Hope it is safe (the libc should not break on a EAGAIN) ++ lprylli@graville.fdn.fr*/ ++ n = 0; /* number of caracters already read */ ++ while (n < linesize - 1) { ++ errno = 0; ++ oldfl = fcntl(fileno(ibuf),F_GETFL); ++ fcntl(fileno(ibuf),F_SETFL,oldfl | O_NONBLOCK); ++ res = fgets(linebuf + n, linesize-n, ibuf); ++ fcntl(fileno(ibuf),F_SETFL,oldfl); ++ if (res != NULL) { ++ n = strlen(linebuf); ++ if (n > 0 && linebuf[n-1] == '\n') ++ break; ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ clearerr(ibuf); ++ } else { ++ /* probably EOF one the file descriptors */ ++ if (n > 0) ++ break; ++ else ++ return -1; ++ ++ }{ ++ extern int got_interrupt; ++ fd_set rds; ++ FD_ZERO(&rds); ++ FD_SET(fileno(ibuf),&rds); ++ select(fileno(ibuf)+1,&rds,NULL,NULL,NULL); ++ /* if an interrupt occur drops the current line and returns */ ++ if (got_interrupt) ++ return -1; ++ } ++ } ++#else ++ if (fgets(linebuf, linesize, ibuf) == NULL) ++ return -1; ++#endif + n = strlen(linebuf); + if (n > 0 && linebuf[n - 1] == '\n') +- linebuf[--n] = '\0'; ++ linebuf[--n] = '\0'; + return n; + } + +@@ -336,7 +376,7 @@ + */ + switch (*name) { + case '%': +- findmail(name[1] ? name + 1 : myname, xname); ++ findmail(name[1] ? name + 1 : myname, xname, PATHSIZE); + return savestr(xname); + case '#': + if (name[1] != 0) +@@ -351,13 +391,13 @@ + name = "~/mbox"; + /* fall through */ + } +- if (name[0] == '+' && getfold(cmdbuf) >= 0) { +- sprintf(xname, "%s/%s", cmdbuf, name + 1); ++ if (name[0] == '+' && getfold(cmdbuf, PATHSIZE) >= 0) { ++ snprintf(xname, PATHSIZE, "%s/%s", cmdbuf, name + 1); + name = savestr(xname); + } + /* catch the most common shell meta character */ + if (name[0] == '~' && (name[1] == '/' || name[1] == '\0')) { +- sprintf(xname, "%s%s", homedir, name + 1); ++ snprintf(xname, PATHSIZE, "%s%s", homedir, name + 1); + name = savestr(xname); + } + if (!anyof(name, "~{[*?$`'\"\\")) +@@ -366,7 +406,7 @@ + perror("pipe"); + return name; + } +- sprintf(cmdbuf, "echo %s", name); ++ snprintf(cmdbuf, PATHSIZE, "echo %s", name); + if ((shell = value("SHELL")) == NOSTR) + shell = _PATH_CSHELL; + pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NOSTR); +@@ -376,21 +416,22 @@ + return NOSTR; + } + close(pivec[1]); +- l = read(pivec[0], xname, BUFSIZ); ++ l = read(pivec[0], xname, PATHSIZE); ++ if (l < 0) { ++ perror("read"); ++ close(pivec[0]); ++ return NOSTR; ++ } + close(pivec[0]); + if (wait_child(pid) < 0 && wait_status.w_termsig != SIGPIPE) { + fprintf(stderr, "\"%s\": Expansion failed.\n", name); + return NOSTR; + } +- if (l < 0) { +- perror("read"); +- return NOSTR; +- } + if (l == 0) { + fprintf(stderr, "\"%s\": No match.\n", name); + return NOSTR; + } +- if (l == BUFSIZ) { ++ if (l == PATHSIZE) { + fprintf(stderr, "\"%s\": Expansion buffer overflow.\n", name); + return NOSTR; + } +@@ -409,17 +450,20 @@ + * Determine the current folder directory name. + */ + int +-getfold(name) ++getfold(name, size) + char *name; ++ int size; + { + char *folder; + + if ((folder = value("folder")) == NOSTR) + return (-1); +- if (*folder == '/') +- strcpy(name, folder); +- else +- sprintf(name, "%s/%s", homedir, folder); ++ if (*folder == '/') { ++ strncpy(name, folder, size); ++ name[size-1]='\0'; ++ } else { ++ snprintf(name, size, "%s/%s", homedir, folder); ++ } + return (0); + } + +@@ -436,7 +480,7 @@ + else if (*cp != '/') { + char buf[PATHSIZE]; + +- (void) sprintf(buf, "~/%s", cp); ++ (void) snprintf(buf, PATHSIZE, "~/%s", cp); + cp = expand(buf); + } + return cp; +--- mailx-8.1.1.orig/glob.h ++++ mailx-8.1.1/glob.h +@@ -83,6 +83,8 @@ + int screenheight; /* Screen height, or best guess, + for "header" command */ + int realscreenheight; /* the real screen height */ ++gid_t effectivegid; /* Saved from when we started up */ ++gid_t realgid; /* Saved from when we started up */ + + #include <setjmp.h> + +--- mailx-8.1.1.orig/head.c ++++ mailx-8.1.1/head.c +@@ -73,10 +73,13 @@ + fail(linebuf, "No from or date field"); + return (0); + } ++ /* be very tolerant about the date */ ++#if 0 + if (!isdate(hl.l_date)) { + fail(linebuf, "Date field not legal date"); + return (0); + } ++#endif + /* + * I guess we got it! + */ +--- mailx-8.1.1.orig/lex.c ++++ mailx-8.1.1/lex.c +@@ -134,16 +134,19 @@ + } + shudclob = 1; + edit = isedit; +- strcpy(prevfile, mailname); +- if (name != mailname) +- strcpy(mailname, name); ++ strncpy(prevfile, mailname, PATHSIZE); ++ prevfile[PATHSIZE-1]='\0'; ++ if (name != mailname) { ++ strncpy(mailname, name, PATHSIZE); ++ mailname[PATHSIZE-1]='\0'; ++ } + mailsize = fsize(ibuf); +- if ((otf = fopen(tempMesg, "w")) == NULL) { ++ if ((otf = safe_fopen(tempMesg, "w")) == NULL) { + perror(tempMesg); + exit(1); + } + (void) fcntl(fileno(otf), F_SETFD, 1); +- if ((itf = fopen(tempMesg, "r")) == NULL) { ++ if ((itf = safe_fopen(tempMesg, "r")) == NULL) { + perror(tempMesg); + exit(1); + } +@@ -616,10 +619,10 @@ + s++; + } + ename = mailname; +- if (getfold(fname) >= 0) { ++ if (getfold(fname, BUFSIZ-1) >= 0) { + strcat(fname, "/"); + if (strncmp(fname, mailname, strlen(fname)) == 0) { +- sprintf(zname, "+%s", mailname + strlen(fname)); ++ snprintf(zname, BUFSIZ, "+%s", mailname + strlen(fname)); + ename = zname; + } + } +--- mailx-8.1.1.orig/list.c ++++ mailx-8.1.1/list.c +@@ -515,7 +515,8 @@ + int quotec; + + if (regretp >= 0) { +- strcpy(lexstring, string_stack[regretp]); ++ strncpy(lexstring, string_stack[regretp], STRINGLEN); ++ lexstring[STRINGLEN-1]='\0'; + lexnumber = numberstack[regretp]; + return(regretstack[regretp--]); + } +@@ -695,10 +696,12 @@ + register char *cp, *cp2, *backup; + + str++; +- if (strlen(str) == 0) ++ if (strlen(str) == 0) { + str = lastscan; +- else +- strcpy(lastscan, str); ++ } else { ++ strncpy(lastscan, str, 128); ++ lastscan[127]='\0'; ++ } + mp = &message[mesg-1]; + + /* +--- mailx-8.1.1.orig/mail.1 ++++ mailx-8.1.1/mail.1 +@@ -109,7 +109,7 @@ + .It Fl u + Is equivalent to: + .Pp +-.Dl mail -f /var/mail/user ++.Dl mail -f /var/spool/mail/user + .El + .Ss Sending mail + To send a message to one or more people, +@@ -990,8 +990,8 @@ + .Ev USER + environment variables. + .Sh FILES +-.Bl -tag -width /usr/share/misc/mail.*help -compact +-.It Pa /var/mail/* ++.Bl -tag -width /usr/lib/mail.*help -compact ++.It Pa /var/spool/mail/* + Post office. + .It ~/mbox + User's old mail. +@@ -999,7 +999,7 @@ + File giving initial mail commands. + .It Pa /tmp/R* + Temporary files. +-.It Pa /usr/share/misc/mail.*help ++.It Pa /usr/lib/mail.*help + Help files. + .It Pa /etc/mail.rc + System initialization file. +@@ -1029,8 +1029,5 @@ + Most are + not useful to the general user. + .Pp +-Usually, +-.Nm mail +-is just a link to +-.Nm Mail , +-which can be confusing. ++.\" This bug is not the case in this particular distribution. ++.\" Usually, .Nm mail is just a link to .Nm Mail, which can be confusing. +--- mailx-8.1.1.orig/main.c ++++ mailx-8.1.1/main.c +@@ -48,6 +48,12 @@ + #endif + #endif /* not lint */ + ++/* ++ * Most strcpy/sprintf functions have been changed to strncpy/snprintf to ++ * correct several buffer overruns (at least one ot them was exploitable). ++ * Sat Jun 20 04:58:09 CEST 1998 Alvaro Martinez Echevarria <alvaro@lander.es> ++ */ ++ + #include "rcv.h" + #include <fcntl.h> + #include <sys/ioctl.h> +@@ -70,9 +76,24 @@ + struct name *to, *cc, *bcc, *smopts; + char *subject; + char *ef; ++ char* cmd; + char nosrc = 0; + sig_t prevint; + ++ /* ++ * Absolutely the first thing we do is save our egid ++ * and set it to the rgid, so that we can safely run ++ * setgid. We use the sgid (saved set-gid) to allow ourselves ++ * to revert to the egid if we want (temporarily) to become ++ * priveliged. ++ */ ++ effectivegid = getegid(); ++ realgid = getgid(); ++ if (setgid (realgid) < 0) { ++ perror("setgid"); ++ exit(1); ++ } ++ + /* + * Set up a reasonable environment. + * Figure out whether we are being run interactively, +@@ -81,6 +102,26 @@ + (void) signal(SIGCHLD, sigchild); + if (isatty(0)) + assign("interactive", ""); ++ ++ /* ++ * Grab some stuff from the environment we might use ++ */ ++ ++ if (cmd = getenv("PAGER")) ++ assign("PAGER", cmd); ++ if (cmd = getenv("LISTER")) ++ assign("LISTER", cmd); ++ if (cmd = getenv("SHELL")) ++ assign("SHELL", cmd); ++ if (cmd = getenv("EDITOR")) ++ assign("EDITOR", cmd); ++ if (cmd = getenv("VISUAL")) ++ assign("VISUAL", cmd); ++ if (cmd = getenv("MBOX")) ++ assign("MBOX", cmd); ++ if (cmd = getenv("DEAD")) ++ assign("DEAD", cmd); ++ + image = -1; + /* + * Now, determine how we are being used. +@@ -287,12 +328,12 @@ + if (ioctl(1, TIOCGWINSZ, (char *) &ws) < 0) + ws.ws_col = ws.ws_row = 0; + if (tcgetattr(1, &tbuf) < 0) +- ospeed = 9600; ++ ospeed = B9600; + else + ospeed = cfgetospeed(&tbuf); +- if (ospeed < 1200) ++ if (ospeed < B1200) + screenheight = 9; +- else if (ospeed == 1200) ++ else if (ospeed == B1200) + screenheight = 14; + else if (ws.ws_row != 0) + screenheight = ws.ws_row; +--- mailx-8.1.1.orig/names.c ++++ mailx-8.1.1/names.c +@@ -108,7 +108,7 @@ + top = NIL; + np = NIL; + cp = line; +- while ((cp = yankword(cp, nbuf)) != NOSTR) { ++ while ((cp = yankword(cp, nbuf, BUFSIZ)) != NOSTR) { + t = nalloc(nbuf, ntype); + if (top == NIL) + top = t; +@@ -171,10 +171,12 @@ + * Throw away things between ()'s, and take anything between <>. + */ + char * +-yankword(ap, wbuf) ++yankword(ap, wbuf, maxsize) + char *ap, wbuf[]; ++ int maxsize; + { + register char *cp, *cp2; ++ int used = 0; + + cp = ap; + for (;;) { +@@ -201,10 +203,11 @@ + break; + } + if (*cp == '<') +- for (cp2 = wbuf; *cp && (*cp2++ = *cp++) != '>';) ++ /* Pre-increment "used" so we leave room for the trailing zero */ ++ for (cp2 = wbuf; *cp && (++used < maxsize) && (*cp2++ = *cp++) != '>';) + ; + else +- for (cp2 = wbuf; *cp && !index(" \t,(", *cp); *cp2++ = *cp++) ++ for (cp2 = wbuf; *cp && (++used < maxsize) && !index(" \t,(", *cp); *cp2++ = *cp++) + ; + *cp2 = '\0'; + return cp; +@@ -253,7 +256,8 @@ + */ + + if (image < 0) { +- if ((fout = Fopen(tempEdit, "a")) == NULL) { ++ /* hopefully we always create the file, so I change the "a" to "w" the line below */ ++ if ((fout = Fopen(tempEdit, "w")) == NULL) { + perror(tempEdit); + senderr++; + goto cant; +--- mailx-8.1.1.orig/quit.c ++++ mailx-8.1.1/quit.c +@@ -118,8 +118,11 @@ + Fclose(fbuf); + return; + } +- if (dot_lock(mailname, 1, stdout, ".") == -1) +- goto nolock; ++ if (!spool_lock(mailname)) { ++ (void)Fclose(fbuf); ++ return; /* lockspool printed error for us */ ++ } ++ + rbuf = NULL; + if (fstat(fileno(fbuf), &minfo) >= 0 && minfo.st_size > mailsize) { + printf("New mail has arrived.\n"); +@@ -192,14 +195,14 @@ + printf("Held %d message%s in %s\n", + p, p == 1 ? "" : "s", mailname); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + if (c == 0) { + if (p != 0) { + writeback(rbuf); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + goto cream; +@@ -218,7 +221,7 @@ + if ((obuf = Fopen(tempQuit, "w")) == NULL) { + perror(tempQuit); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + if ((ibuf = Fopen(tempQuit, "r")) == NULL) { +@@ -226,7 +229,7 @@ + rm(tempQuit); + Fclose(obuf); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + rm(tempQuit); +@@ -240,7 +243,7 @@ + Fclose(ibuf); + Fclose(obuf); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + Fclose(obuf); +@@ -249,7 +252,7 @@ + perror(mbox); + Fclose(ibuf); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + } +@@ -257,7 +260,7 @@ + if ((obuf = Fopen(mbox, "a")) == NULL) { + perror(mbox); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + fchmod(fileno(obuf), 0600); +@@ -266,10 +269,11 @@ + if (mp->m_flag & MBOX) + if (send(mp, obuf, saveignore, NOSTR) < 0) { + perror(mbox); +- Fclose(ibuf); ++ if (ibuf) ++ Fclose(ibuf); + Fclose(obuf); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + +@@ -296,7 +300,7 @@ + perror(mbox); + Fclose(obuf); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + Fclose(obuf); +@@ -313,7 +317,7 @@ + if (p != 0) { + writeback(rbuf); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + +@@ -334,19 +338,19 @@ + Fclose(abuf); + alter(mailname); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + } + demail(); + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + return; + + newmail: + printf("Thou hast new mail.\n"); + if (fbuf != NULL) { + Fclose(fbuf); +- dot_unlock(mailname); ++ spool_unlock(mailname); + } + } + +--- mailx-8.1.1.orig/tty.c ++++ mailx-8.1.1/tty.c +@@ -50,6 +50,8 @@ + + #include "rcv.h" + #include "extern.h" ++#include <errno.h> ++#include <fcntl.h> + #include <sys/ioctl.h> + + static cc_t c_erase; /* Current erase char */ +@@ -60,6 +62,10 @@ + static int ttyset; /* We must now do erase/kill */ + #endif + ++#ifdef IOSAFE ++static int got_interrupt; ++#endif ++ + /* + * Read all relevant header fields. + */ +@@ -104,8 +110,15 @@ + if ((savequit = signal(SIGQUIT, SIG_IGN)) == SIG_DFL) + signal(SIGQUIT, SIG_DFL); + #else +- if (setjmp(intjmp)) ++#ifdef IOSAFE ++ got_interrupt = 0; ++#endif ++ if (setjmp(intjmp)) { ++ /* avoid garbled output with C-c */ ++ printf("\n"); ++ fflush(stdout); + goto out; ++ } + saveint = signal(SIGINT, ttyint); + #endif + if (gflags & GTO) { +@@ -207,14 +220,26 @@ + cp2 = cp; + if (setjmp(rewrite)) + goto redo; ++#ifdef IOSAFE ++ got_interrupt = 0; ++#endif + signal(SIGTSTP, ttystop); + signal(SIGTTOU, ttystop); + signal(SIGTTIN, ttystop); + clearerr(stdin); + while (cp2 < canonb + BUFSIZ) { ++#ifdef IOSAFE ++ c = safegetc(stdin); ++ /* this is full of ACE but hopefully, interrupts will only occur in the above read */ ++ if (got_interrupt == SIGINT) ++ longjmp(intjmp,1); ++ else if (got_interrupt) ++ longjmp(rewrite,1); ++#else + c = getc(stdin); ++#endif + if (c == EOF || c == '\n') +- break; ++ break; + *cp2++ = c; + } + *cp2 = 0; +@@ -280,6 +305,9 @@ + kill(0, s); + sigprocmask(SIG_UNBLOCK, &nset, NULL); + signal(s, old_action); ++#ifdef IOSAFE ++ got_interrupt = s; ++#endif + longjmp(rewrite, 1); + } + +@@ -288,5 +316,40 @@ + ttyint(s) + int s; + { ++#ifdef IOSAFE ++ got_interrupt = s; ++#else + longjmp(intjmp, 1); ++#endif ++} ++ ++#ifdef IOSAFE ++/* it is very awful, but only way I see to be able to do a interruptable stdio call */ ++int safegetc(FILE *ibuf) ++{ ++ int oldfl; ++ int res; ++ while (1) { ++ errno = 0; ++ oldfl = fcntl(fileno(ibuf),F_GETFL); ++ fcntl(fileno(ibuf),F_SETFL,oldfl | O_NONBLOCK); ++ res = getc(ibuf); ++ fcntl(fileno(ibuf),F_SETFL,oldfl); ++ if (res != EOF) ++ return res; ++ else if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ fd_set rds; ++ clearerr(ibuf); ++ FD_ZERO(&rds); ++ FD_SET(fileno(ibuf),&rds); ++ select(fileno(ibuf)+1,&rds,NULL,NULL,NULL); ++ /* if an interrupt occur drops the current line and returns */ ++ if (got_interrupt) ++ return EOF; ++ } else { ++ /* probably EOF one the file descriptors */ ++ return EOF; ++ } ++ } + } ++#endif +--- mailx-8.1.1.orig/v7.local.c ++++ mailx-8.1.1/v7.local.c +@@ -60,15 +60,26 @@ + * mail is queued). + */ + void +-findmail(user, buf) ++findmail(user, buf, size) + char *user, *buf; ++ int size; + { + char *mbox; + +- if (!(mbox = getenv("MAIL"))) +- (void)sprintf(buf, "%s/%s", _PATH_MAILDIR, user); +- else +- (void)strcpy(buf, mbox); ++ if (!(mbox = getenv("MAIL"))) { ++ char safelist[] = _PATH_MAILDIR; ++ char *safepath, *p = safelist; ++ while ((safepath = strtok(p, ":"))) { ++ p = 0; ++ (void)snprintf(buf, size, "%s/%s", safepath, user); ++ if (access(buf, F_OK) == 0) ++ break; ++ } ++ } else { ++ (void)strncpy(buf, mbox, size); ++ buf[size-1]='\0'; ++ } ++ + } + + /* +--- mailx-8.1.1.orig/vars.c ++++ mailx-8.1.1/vars.c +@@ -83,7 +83,7 @@ + vfree(cp) + char *cp; + { +- if (*cp) ++ if (cp && *cp) + free(cp); + } + +@@ -99,6 +99,8 @@ + char *new; + unsigned len; + ++ if (str == NULL) ++ return NULL; + if (*str == '\0') + return ""; + len = strlen(str) + 1; +@@ -120,7 +122,7 @@ + register struct var *vp; + + if ((vp = lookup(name)) == NOVAR) +- return(getenv(name)); ++ return NULL; + return(vp->v_value); + } + +--- mailx-8.1.1.orig/popen.c ++++ mailx-8.1.1/popen.c +@@ -45,6 +45,8 @@ + #include "rcv.h" + #include <sys/wait.h> + #include <fcntl.h> ++#include <errno.h> ++#include <lockfile.h> + #include "extern.h" + + #define READ 0 +@@ -71,12 +73,42 @@ + static int file_pid __P((FILE *)); + + FILE * ++safe_fopen(file, mode) ++ char *file, *mode; ++{ ++ int omode, fd; ++ ++ if (!strcmp(mode, "r")) { ++ omode = O_RDONLY; ++ } else if (!strcmp(mode, "w")) { ++ omode = O_WRONLY | O_CREAT | O_EXCL; ++ } else if (!strcmp(mode, "a")) { ++ omode = O_WRONLY | O_APPEND | O_CREAT; ++ } else if (!strcmp(mode, "a+")) { ++ omode = O_RDWR | O_APPEND; ++ } else if (!strcmp(mode, "r+")) { ++ omode = O_RDWR; ++ } else if (!strcmp(mode, "w+")) { ++ omode = O_RDWR | O_CREAT | O_EXCL; ++ } else { ++ fprintf(stderr, ++ "Internal error: bad stdio open mode %s\n", mode); ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ if ((fd = open(file, omode, 0666)) < 0) ++ return NULL; ++ return fdopen(fd, mode); ++} ++ ++FILE * + Fopen(file, mode) + char *file, *mode; + { + FILE *fp; + +- if ((fp = fopen(file, mode)) != NULL) { ++ if ((fp = safe_fopen(file, mode)) != NULL) { + register_file(fp, 0, 0); + (void) fcntl(fileno(fp), F_SETFD, 1); + } +@@ -397,4 +429,89 @@ + else + cp->free = 1; + sigprocmask(SIG_SETMASK, &oset, NULL); ++} ++ ++/* ++ * Lock(1)/unlock(0) mail spool using liblockfile ++ * Returns 1 for success, 0 for failure, -1 for bad usage. ++ */ ++static int ++handle_spool_locks(mailname, action) ++ const char *mailname; ++ int action; ++{ ++ int retval; ++ char lockpath[PATHSIZE]; ++ ++ snprintf(lockpath, PATHSIZE - 1, "%s.lock", mailname); ++ lockpath[PATHSIZE - 1] = '\0'; ++ ++ if (action == 0) { ++ /* Clear the lock */ ++ retval = lockfile_remove(lockpath); ++ if (retval == 0) ++ return(1); ++ else ++ warn("Cannot remove lockfile %s", lockpath); ++ ++ } else if (action == 1) { ++ ++ retval = lockfile_create(lockpath, 3, 0); ++ switch (retval) { ++ case L_SUCCESS: ++ return(1); ++ ++ case L_NAMELEN: ++ warnx( "Cannot create lockfile %s: %s", ++ lockpath, ++ "Recipient name too long." ++ ); ++ break; ++ ++ case L_TMPLOCK: ++ warnx( "Cannot create lockfile %s: %s", ++ lockpath, ++ "Error creating temporary lockfile" ++ ); ++ break; ++ ++ case L_TMPWRITE: ++ warnx( "Cannot create lockfile %s: %s", ++ lockpath, ++ "Failed to write pid into tmp lockfile." ++ ); ++ break; ++ ++ case L_MAXTRYS: ++ warnx( "Cannot create lockfile %s: %s", ++ lockpath, ++ "Failed after max tries." ++ ); ++ break; ++ ++ case L_ERROR: ++ default: ++ warn( "Cannot create lockfile %s", ++ lockpath ++ ); ++ break; ++ ++ } ++ } ++ ++ return(0); ++} ++ ++int ++spool_lock(mailname) ++ const char * mailname; ++{ ++ return(handle_spool_locks(mailname, 1)); ++} ++ ++int ++spool_unlock(mailname) ++ const char * mailname; ++{ ++ return(handle_spool_locks(mailname, 0)); + } +--- mailx-8.1.1.orig/changelog ++++ mailx-8.1.1/changelog +@@ -0,0 +1,159 @@ ++mailx (1:8.1.1-10.1.3) frozen unstable; urgency=high ++ ++ * More security fixes ++ * Don't allow to set interactive in mailrc (or interactively) ++ * Modify the variable-handling code to grok NULL values ++ ++ -- Wichert Akkerman <wakkerma@debian.org> Mon, 7 Aug 2000 17:22:57 -0700 ++ ++mailx (1:8.1.1-10.1.2) frozen unstable; urgency=high ++ ++ * Another security problem: refuse to get the interactive variable ++ from the environment by explicitly setting it in the hashtable. ++ ++ -- Wichert Akkerman <wakkerma@debian.org> Mon, 7 Aug 2000 12:36:10 -0700 ++ ++mailx (1:8.1.1-10.1.1) frozen unstable; urgency=high ++ ++ * NMU to fix RC bug. Now accepts both /var/mail and /var/spool/mail as ++ allowed places for setgid file manipulation. fixes:#64238 ++ ++ -- Paul Slootman <paul@debian.org> Thu, 8 Jun 2000 19:51:14 +0200 ++ ++mailx (1:8.1.1-10.1) stable frozen unstable; urgency=high ++ ++ * Security fix for a GID=mail shell. ++ ++ -- Daniel Jacobowitz <dan@debian.org> Sun, 4 Jun 2000 22:45:19 -0700 ++ ++mailx (1:8.1.1-10) frozen unstable; urgency=high ++ ++ * correct major security flaw, patch from Alvaro Martinez Echevarria ++ <alvaro@lander.es>, bug#23880, bug#23901 ++ ++ * other potential buffer overflow, patch from Juan-Mariano de Goyeneche ++ <jmseyas@selva.dit.upm.es>, bug #22937 ++ ++ ++ -- Loic Prylli <Loic.Prylli@graville.fdn.fr> Sun, 28 Jun 1998 20:15:18 -0400 ++ ++mailx (1:8.1.1-9) frozen unstable; urgency=high ++ ++ * recompile without the signal handling workarounds (lo ++ that eliminate critical bugs where message parts can be lost ++ (#20798) and (#20558) ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Thu, 9 Apr 1998 02:11:26 +0200 ++ ++mailx (1:8.1.1-8) frozen unstable; urgency=high ++ ++ * previous patch broke most file accesses, corrected safe_open (#20634) ++ * try to check every access to Fopen, change "a" into "w" for new files, ++ to suit behaviour of safe_open. ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 4 Apr 1998 22:01:19 +0200 ++ ++mailx (1:8.1.1-7) frozen; urgency=medium ++ ++ * security fix for tmp races patch from Martin Schulze (#20059) ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Mon, 23 Mar 1998 22:52:35 +0100 ++ ++mailx (1:8.1.1-6) unstable; urgency=low ++ ++ * convert to debhelper ++ * changelog now compressed (bug#15431) ++ * removed .orig and .rej from source (bug#18409) ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 14 Feb 1998 14:34:22 +0100 ++ ++mailx (1:8.1.1-5) unstable; urgency=low ++ ++ * apply David Brown patch so mailx choose the right window size ++ (#12197) ++ * correct Depends: in control file. ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 15 Nov 1997 00:30:38 +0100 ++ ++mailx (1:8.1.1-4) unstable; urgency=high ++ ++ * mailx was sending empty message, ignoring user input ++ add clearerr when EAGAIN occur in "IOSAFE" code (#14263) ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Tue, 11 Nov 1997 20:22:35 +0100 ++ ++mailx (1:8.1.1-3.1) unstable; urgency=low ++ ++ * Non-maintainer release. ++ * Libc6 compile. (#11705) ++ * Install missing symlink to manpage. (#7274) ++ ++ -- Martin Mitchell <martin@debian.org> Wed, 29 Oct 1997 04:34:39 +1100 ++ ++mailx (1:8.1.1-3) unstable; urgency=low ++ ++ * add dpkg --assert-working-epoch in preinst bug#6850 ++ * add writing of pid in mailbox locking file ++ * fix:mailx was not removing temporary lock files ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 1 Feb 1997 11:44:04 +0100 ++ ++mailx (1:8.1.1-2) unstable; urgency=low ++ ++ * correct bug #2733 (occur when no space left) dans quit.c ++ * detection of From_ lines with tring to match the date bug#2010 ++ * corrected garble output bug #2284 ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 28 Dec 1996 15:02:22 +0100 ++ ++mailx (1:8.1.1-1) unstable; urgency=medium ++ ++ * recreate completely starting from OpenBSD mail version (we loose a lot ++ of extension but we have a working program now) ++ * OpenBSD base version is the last one in december 96 ++ * rechange the numbering of version, so epoch 1+8.1 is from 4.4BSD, the ++ last upstream digit is to change each time we update to a new openbsd ++ version. ++ * fix the problem of longjmp inside signals inside stdio calls ++ * reincorporate a patch to be dot file locking+setgid safe ++ * some fix in signal handling ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Mon, 23 Dec 1996 01:57:44 +0100 ++ ++Mon Apr 29 17:21:42 1996 Sven Rudolph <sr1@inf.tu-dresden.de> ++ ++ * releasing 8.5.5-1 ++ ++ * added symlink /usr/bin/Mail -> /usr/bin/mailx ++ ++Thu Apr 25 23:55:36 1996 Sven Rudolph <sr1@inf.tu-dresden.de> ++ ++ * set version number to 8.5.5 because it has to superseed 8.1 ++ ++ * switched back to mailx-5.5-kw (see mailx-5.5-kw.diff.README) ++ ++ * no POP support ++ ++mailx 8.1 Debian 5 - 10/19/95 Sven Rudolph <sr1@inf.tu-dresden.de> ++* uses now BSD signal emulation (/usr/include/bsd/signal.h) ++* added virtual package names in Depends: and Provides fields (Bug#1460) ++* added Section: field ++* created symlink for mailx manpage (Bug#1114) ++ ++mailx 8.1 Debian 4 - 5/20/95 Carl Streeter <streeter@cae.wisc.edu> ++* Added diffs from Delman Lee <delman@mipg.upenn.edu>: ++ ++ Hi! I got mailx-8.1-3 from the Linux Debian distribution, and have ++ added a "hold-pop" option to hold messages on the POP server after ++ retrieving them. (Also fixed a minor bug with mailx thinking that there ++ is mail even if the POP mailbox is empty. Code around stat() below.) ++ ++mailx 8.1 Debian 3 - 4/18/95 Carl Streeter <streeter@cae.wisc.edu> ++* Fixed control file to depend on smail|sendmail. Updated to latest ++ guidelines ++ ++ ++ ++Local variables: ++mode: debian-changelog ++End: +--- mailx-8.1.1.orig/debian/README.debian ++++ mailx-8.1.1/debian/README.debian +@@ -0,0 +1,159 @@ ++mailx for DEBIAN ++---------------------- ++ ++The history of this package is quite complicated. The changelog ++includes a summary with the different maintainers. ++ ++At the beginning of debian, I think this package was based on a BSD 5.5 mail version ++from FreeBSD. ++ ++There has been a lot on work on the package shipped with Debian ++0.93R6, which was based a BSD 8.1 mail version from BSD4.4Lite. The ++extensions includes support for dotfile locking, setgid support, POP ++support, signal handling hacks. ++ ++here is a README originally found: ++ + README for Berkely mailx version 8.1 with POP extension ++ + ++ + This is "mailx", a simple program for sending and receiving email. ++ + ++ + This is based on mailx version 8.1 (as distributed with BSD 4.4lite). ++ + ++ + It has been extended to support the post-office protocol (POP). Run ++ + "mail -p" and it will retrive your email from a POP server rather than ++ + from your local mail queue. See the manual page for more details. ++ + ++ + The POP support was written by Jonathan I. Kamens for version mailx 5.5 ++ + (as distributed with BSD 4.3.) ++ + ++ + The POP support was integrated into version 8.1 by Salvatore Valente ++ + for no particular reason. (It would have been simpler for me to ++ + simply use Jonathan's 5.5 source tree. There are no major differences ++ + between the two versions.) ++ + ++ + Have a nice day. ++ + -Salvatore Valente. <svalente@athena.mit.edu> ++ + 5/12/94 ++ + ++ + ++ + PORTING ++ + ++ + Before attempting to compile this for _any_ system, you should do two ++ + things: ++ + ++ + Edit CFLAGS in Makefile. ++ + Edit pathnames.h. ++ + ++ + These sources are _extremely_ BSDish. I have successfully built this ++ + for Linux, BSD 4.3, NetBSD, Ultrix, Aix, and SunOS. I have never ++ + successfully gotten it to build for Solaris or any System 5ish system. ++ + If you want to try, here are some issues you will face: ++ + ++ + It uses BSD signal() semantics. Use sigaction(). ++ + It uses BSD longjmp() semantics. Use siglongjmp(). ++ + It uses BSD sgtty. Use termios. ++ + It uses BSD signal mask functions. Use posix sigmask functions. ++ + ++ + There will probably be other hurdles too. Good luck. ++ ++ ++With Debian1.1 a switch was done to a version base on a BSD5.5 mail ++program, because of signal handling problems (which I think were due ++to bad compilation options). So no more POP support. Some patches ++from Ken Whang <Kenneth.C.Whang-1@umn.edu> included, the corresponding ++README was: ++ + mailx-5.5-kw 5/30/95 ++ + ++ + ++ + WHAT'S IN THIS PATCH ++ + ++ + There are a bunch of little features, common in System V and SunOS ++ + versions of mailx, that are missing from the NetBSD-based version ++ + distributed with Linux. This patch attempts to fill in some of what's ++ + missing. ++ + ++ + Changes from debian mailx-5.5 include: ++ + ++ + 5/4/95: ++ + ++ + -- interpret prompt variable ++ + -- interpret ~a and ~A tilde escapes ++ + -- updated tildehelp list ++ + -- changed mail.rc to ignore nothing (just my personal preference) ++ + -- accept From lines with times of the form hh:mm (formerly took only hh:mm:ss) ++ + ++ + 5/7/95: ++ + ++ + -- Save (S) command saves to mailbox named after author ++ + -- take startup commands from file named by environment variable MAILRC ++ + ++ + 5/30/95: ++ + ++ + -- -H switch for header summary only ++ + ++ + Still to be done: ++ + ++ + -- pipe ~p output through PAGER (see type1 in cmd1.c for an example) ++ + -- save (s) by default to MBOX (instead of "No file specified.") ++ + -- ~q should save to dead.letter, ~x is not known ++ + -- update man page ++ + -- allnet and showto ("showto" shows recipient instead of sender if sender ++ + is current user) ++ + ++ + Possibly difficult: ++ + ++ + -- interpret editheaders variable as in SunOS version ++ + ++ + Bugs: ++ + ++ + -- ~a,~A tilde escapes leave an extra trailing blank on each line ++ + -- to conform to original style, I should really be using char *cp ++ + instead of new variables sig and prompt to be looking up variables ++ + -- -H switch implementation is kind of gross. grep for "hdronly" in ++ + source files; much room for improvement! ++ + ++ + ++ + HOW TO INSTALL ++ + ++ + Apply Sal Valente's debian patch first, so: ++ + ++ + tar xvfz mailx-5.5.tar.gz ++ + cd mailx-5.5 ++ + zcat ../mailx-5.5.debian.diff.gz | patch -p1 ++ + zcat ../mailx-5.5-kw.diff.gz | patch -p1 ++ + make ++ + ++ + Or you may wish to just uncompress the diff file and pick and choose ++ + the changes that you like. ++ + ++ + ++ + AUTHOR ++ + ++ + Ken Whang <Kenneth.C.Whang-1@umn.edu> ++ ++This version has no provision for the debian mail policy (permission ++on /var/mail+dotfile locking), so Loic Prylli ++<lprylli@graville.fdn.fr> finally recreate a package based on the OpenBSD ++mail with the minimum number of patches to make it suited for debian ++(see changelog). There is no more POP support, nor the added ++functionality from Ken Whang, but all these patches are archived, so ++mail <lprylli@graville.fdn.fr> if you want them to be incorporated. ++ ++ ++Loic Prylli <lprylli@graville.fdn.fr>, Mon, 23 Dec 1996 00:13:13 +0100 ++ ++ ++Sat Apr 4 14:05:38 CEST 1998: ++After a security patch to fix tmp races, a number of things broke. ++Here is what I have tried to fix them: ++The rationale is to have all file openings go through safe_open: ++File opened in mode "w", "w+", are created with O_EXCL mode, ++ (should coincide with temporary files or new files) ++Files with "a" "a+" et "r+" mode do not require the O_EXCL files. "a+" et "r+" do not creat the file. ++ ++ ++Still to do: check creat calls ++ ++ ++ ++ +--- mailx-8.1.1.orig/debian/changelog ++++ mailx-8.1.1/debian/changelog +@@ -0,0 +1,184 @@ ++mailx (1:8.1.1-11) stable; urgency=medium ++ ++ * New maintainer. ++ * Upload to stable to fix problems introduced in the last security upgrade: ++ + Use the liblockfile library for mailbox locking (closes: #90446). ++ Patch backported from current sid version of mailx. ++ + Remove bashism from postinst (closes: #89642). ++ * Add Build-Depends field. ++ ++ -- Robert Luberda <robert@debian.org> Fri, 30 Mar 2001 21:12:03 +0200 ++ ++mailx (1:8.1.1-10.1.5) stable; urgency=high ++ ++ * Another non-maintainer upload ++ * If suidregister kept mail set mail setgid explain to the admin ++ that that is not a very good idea and offer to change it ++ ++ -- Wichert Akkerman <wakkerma@debian.org> Tue, 13 Mar 2001 15:59:55 +0100 ++ ++mailx (1:8.1.1-10.1.4) stable; urgency=high ++ ++ * Another non-maintainer upload ++ * No longer install mailx setgid, the source is just too unsafe ++ ++ -- Wichert Akkerman <wakkerma@debian.org> Sat, 10 Mar 2001 00:13:22 +0100 ++ ++mailx (1:8.1.1-10.1.3) frozen unstable; urgency=high ++ ++ * Fix the security fix: only accept a couple environment variables ++ instead of blindly using them all ++ ++ -- Wichert Akkerman <wakkerma@debian.org> Tue, 8 Aug 2000 11:42:02 -0700 ++ ++mailx (1:8.1.1-10.1.2) frozen unstable; urgency=high ++ ++ * Another security problem: refuse to get the interactive variable ++ from the environment by explicitly setting it in the hashtable. ++ ++ -- Wichert Akkerman <wakkerma@debian.org> Mon, 7 Aug 2000 12:36:10 -0700 ++ ++mailx (1:8.1.1-10.1.1) frozen unstable; urgency=high ++ ++ * NMU to fix RC bug. Now accepts both /var/mail and /var/spool/mail as ++ allowed places for setgid file manipulation. fixes:#64238 ++ ++ -- Paul Slootman <paul@debian.org> Thu, 8 Jun 2000 19:51:14 +0200 ++ ++mailx (1:8.1.1-10.1) stable frozen unstable; urgency=high ++ ++ * Security fix for a GID=mail shell. ++ ++ -- Daniel Jacobowitz <dan@debian.org> Sun, 4 Jun 2000 22:45:19 -0700 ++ ++mailx (1:8.1.1-10) frozen unstable; urgency=high ++ ++ * correct major security flaw, patch from Alvaro Martinez Echevarria ++ <alvaro@lander.es>, bug#23880, bug#23901 ++ ++ * other potential buffer overflow, patch from Juan-Mariano de Goyeneche ++ <jmseyas@selva.dit.upm.es>, bug #22937 ++ ++ ++ -- Loic Prylli <Loic.Prylli@graville.fdn.fr> Sun, 28 Jun 1998 20:15:18 -0400 ++ ++mailx (1:8.1.1-9) frozen unstable; urgency=high ++ ++ * recompile without the signal handling workarounds (lo ++ that eliminate critical bugs where message parts can be lost ++ (#20798) and (#20558) ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Thu, 9 Apr 1998 02:11:26 +0200 ++ ++mailx (1:8.1.1-8) frozen unstable; urgency=high ++ ++ * previous patch broke most file accesses, corrected safe_open (#20634) ++ * try to check every access to Fopen, change "a" into "w" for new files, ++ to suit behaviour of safe_open. ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 4 Apr 1998 22:01:19 +0200 ++ ++mailx (1:8.1.1-7) frozen; urgency=medium ++ ++ * security fix for tmp races patch from Martin Schulze (#20059) ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Mon, 23 Mar 1998 22:52:35 +0100 ++ ++mailx (1:8.1.1-6) unstable; urgency=low ++ ++ * convert to debhelper ++ * changelog now compressed (bug#15431) ++ * removed .orig and .rej from source (bug#18409) ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 14 Feb 1998 14:34:22 +0100 ++ ++mailx (1:8.1.1-5) unstable; urgency=low ++ ++ * apply David Brown patch so mailx choose the right window size ++ (#12197) ++ * correct Depends: in control file. ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 15 Nov 1997 00:30:38 +0100 ++ ++mailx (1:8.1.1-4) unstable; urgency=high ++ ++ * mailx was sending empty message, ignoring user input ++ add clearerr when EAGAIN occur in "IOSAFE" code (#14263) ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Tue, 11 Nov 1997 20:22:35 +0100 ++ ++mailx (1:8.1.1-3.1) unstable; urgency=low ++ ++ * Non-maintainer release. ++ * Libc6 compile. (#11705) ++ * Install missing symlink to manpage. (#7274) ++ ++ -- Martin Mitchell <martin@debian.org> Wed, 29 Oct 1997 04:34:39 +1100 ++ ++mailx (1:8.1.1-3) unstable; urgency=low ++ ++ * add dpkg --assert-working-epoch in preinst bug#6850 ++ * add writing of pid in mailbox locking file ++ * fix:mailx was not removing temporary lock files ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 1 Feb 1997 11:44:04 +0100 ++ ++mailx (1:8.1.1-2) unstable; urgency=low ++ ++ * correct bug #2733 (occur when no space left) dans quit.c ++ * detection of From_ lines with tring to match the date bug#2010 ++ * corrected garble output bug #2284 ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Sat, 28 Dec 1996 15:02:22 +0100 ++ ++mailx (1:8.1.1-1) unstable; urgency=medium ++ ++ * recreate completely starting from OpenBSD mail version (we loose a lot ++ of extension but we have a working program now) ++ * OpenBSD base version is the last one in december 96 ++ * rechange the numbering of version, so epoch 1+8.1 is from 4.4BSD, the ++ last upstream digit is to change each time we update to a new openbsd ++ version. ++ * fix the problem of longjmp inside signals inside stdio calls ++ * reincorporate a patch to be dot file locking+setgid safe ++ * some fix in signal handling ++ ++ -- Loic Prylli <lprylli@graville.fdn.fr> Mon, 23 Dec 1996 01:57:44 +0100 ++ ++Mon Apr 29 17:21:42 1996 Sven Rudolph <sr1@inf.tu-dresden.de> ++ ++ * releasing 8.5.5-1 ++ ++ * added symlink /usr/bin/Mail -> /usr/bin/mailx ++ ++Thu Apr 25 23:55:36 1996 Sven Rudolph <sr1@inf.tu-dresden.de> ++ ++ * set version number to 8.5.5 because it has to superseed 8.1 ++ ++ * switched back to mailx-5.5-kw (see mailx-5.5-kw.diff.README) ++ ++ * no POP support ++ ++mailx 8.1 Debian 5 - 10/19/95 Sven Rudolph <sr1@inf.tu-dresden.de> ++* uses now BSD signal emulation (/usr/include/bsd/signal.h) ++* added virtual package names in Depends: and Provides fields (Bug#1460) ++* added Section: field ++* created symlink for mailx manpage (Bug#1114) ++ ++mailx 8.1 Debian 4 - 5/20/95 Carl Streeter <streeter@cae.wisc.edu> ++* Added diffs from Delman Lee <delman@mipg.upenn.edu>: ++ ++ Hi! I got mailx-8.1-3 from the Linux Debian distribution, and have ++ added a "hold-pop" option to hold messages on the POP server after ++ retrieving them. (Also fixed a minor bug with mailx thinking that there ++ is mail even if the POP mailbox is empty. Code around stat() below.) ++ ++mailx 8.1 Debian 3 - 4/18/95 Carl Streeter <streeter@cae.wisc.edu> ++* Fixed control file to depend on smail|sendmail. Updated to latest ++ guidelines ++ ++ ++ ++Local variables: ++mode: debian-changelog ++End: +--- mailx-8.1.1.orig/debian/conffiles ++++ mailx-8.1.1/debian/conffiles +@@ -0,0 +1 @@ ++/etc/mail.rc +--- mailx-8.1.1.orig/debian/control ++++ mailx-8.1.1/debian/control +@@ -0,0 +1,14 @@ ++Source: mailx ++Section: mail ++Priority: important ++Maintainer: Robert Luberda <robert@debian.org> ++Standards-Version: 2.1.1.0 ++Build-Depends: debhelper (>= 2), groff, liblockfile-dev ++ ++Package: mailx ++Architecture: any ++Depends: ${shlibs:Depends}, smail | mail-transport-agent ++Provides: mail-reader ++Description: A simple mail user agent. ++ mailx is the traditional command-line-mode mail user agent. ++ Even if you don't use it it may be required by other programmes. +--- mailx-8.1.1.orig/debian/copyright ++++ mailx-8.1.1/debian/copyright +@@ -0,0 +1,45 @@ ++This package was debianized by Loic Prylli lprylli@graville.fdn.fr on ++Mon, 23 Dec 1996 00:13:13 +0100. ++ ++It is now based on OpenBSD in directory src/usr.bin/mail on a lot of major ftp sites ++See the debian.README (and changelog) for the complicated history of the debian package ++ ++The changes from upstream involve: ++ - because of debian mailbox locking, some code needed to make mail setgid safe ++ - the original code do longjmp in the middle of IO when signals occur, ++ this breaks the Linux libc, so I rewrite some IO loops. ++ ++ ++Copyright: ++ ++ Copyright (c) 1980, 1993 ++ The Regents of the University of California. All rights reserved. ++ ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions ++ are met: ++ 1. Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++ 2. Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ 3. All advertising materials mentioning features or use of this software ++ must display the following acknowledgement: ++ This product includes software developed by the University of ++ California, Berkeley and its contributors. ++ 4. Neither the name of the University nor the names of its contributors ++ may be used to endorse or promote products derived from this software ++ without specific prior written permission. ++ ++ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ SUCH DAMAGE. ++ +--- mailx-8.1.1.orig/debian/dirs ++++ mailx-8.1.1/debian/dirs +@@ -0,0 +1,4 @@ ++usr/bin ++usr/man/man1 ++usr/lib ++etc +--- mailx-8.1.1.orig/debian/postinst ++++ mailx-8.1.1/debian/postinst +@@ -0,0 +1,43 @@ ++#! /bin/sh ++ ++set -e ++ ++#DEBHELPER# ++ ++[ "$1" = "configure" ] || exit 0 ++ ++# We only need to ask about removing the setgid bit if the previous version ++# of this package did not ask. This prevents us from asking the same question ++# on every upgrade ++dpkg --compare-versions "$2" ge "1:8.1.1-10.1.5" && exit 0 ++ ++if [ -g /usr/bin/mail ] ; then ++ echo "Your /usr/bin/mail application is currently setgid mail." ++ echo "This is needed to properly lock your mailbox if you use mail" ++ echo "to read your email. However, mail is not written to be a secure" ++ echo "probably so local users might be able to use it to gain access" ++ echo "to email from other users." ++ echo ++ echo "It is therefore recommended to make mail non-setgid and use" ++ echo "another program like elm or mutt to read email." ++ echo ++ while : ; do ++ echo -n "Should I make this change [Y/n]? " ++ read a ++ if test -z "$a" -o "$a" = "Y" -o "$a" = "y" ; then ++ # Please note we don't check for suidregster presence, ++ # since mail can only still be setgid of suidregister ++ # did that. ++ suidregister -s mailx /usr/bin/mail root root 0755 ++ break ++ elif test "$a" = "N" -o "$a" = "n" ; then ++ break ++ fi ++ echo ++ echo "Illegal answer!" ++ echo ++ done ++fi ++ ++exit 0 ++ +--- mailx-8.1.1.orig/debian/preinst ++++ mailx-8.1.1/debian/preinst +@@ -0,0 +1,8 @@ ++#!/bin/sh ++ ++set -e ++ ++dpkg --assert-working-epoch 2>/dev/null || { ++ echo -e "\nYou must upgrade dpkg before installing this package.\n" ++ false ++} +--- mailx-8.1.1.orig/debian/rules ++++ mailx-8.1.1/debian/rules +@@ -0,0 +1,83 @@ ++#!/usr/bin/make -f ++# Sample debian.rules file - for GNU Hello (1.3). ++# Copyright 1994,1995 by Ian Jackson. ++# I hereby give you perpetual unlimited permission to copy, ++# modify and relicense this file, provided that you do not remove ++# my name from the file itself. (I assert my moral right of ++# paternity under the Copyright, Designs and Patents Act 1988.) ++# This file may have to be extensively modified ++# ++ ++package=mailx ++ ++CFLAGS=-O2 ++CC=gcc ++ ++build: ++ dh_testdir ++ make CFLAGS="$(CFLAGS)" CC="$(CC)" ++ cd USD.doc && make ++ touch build ++ ++clean: ++ dh_testdir ++ dh_testroot ++ -rm -f build ++ -make clean ++ -rm USD.doc/manual.ps ++ dh_clean ++ ++binary-indep: build ++# There are no architecture-independent files to be uploaded ++# generated by this package. If there were any they would be ++# made here. ++ ++binary-arch: build ++ dh_testdir ++ dh_testroot ++ dh_clean -k ++ dh_installdirs ++ make install DESTDIR=`pwd`/debian/tmp ++ cd debian/tmp/usr/bin && ln -fs mail mailx ++ cd debian/tmp/usr/bin && ln -fs mail Mail ++# if no debstd, uncomment following lines (taken from Martin Mitchell) ++# install -d debian/tmp/usr/doc/mailx debian/tmp/DEBIAN ++# gzip -9v debian/tmp/usr/man/man1/* ++# cd debian/tmp/usr/man/man1 && ln -fs mail.1.gz mailx.1.gz ++# cd debian/tmp/usr/man/man1 && ln -fs mail.1.gz Mail.1.gz ++# cp debian/changelog debian/README.debian USD.doc/manual.ps debian/tmp/usr/doc/mailx ++# gzip -9v debian/tmp/usr/doc/mailx/* ++# cp debian/copyright debian/tmp/usr/doc/mailx ++# cp debian/{control,conffiles,preinst} debian/tmp/DEBIAN ++# dpkg-shlibdeps debian/tmp/usr/bin/mail ++# Must have debmake installed for this to work. Otherwise please copy ++# /usr/bin/debstd into the debian directory and change debstd to debian/debstd ++ cd debian/tmp/usr/man/man1 && ln -fs mail.1 mailx.1 ++ cd debian/tmp/usr/man/man1 && ln -fs mail.1 Mail.1 ++ dh_installdocs USD.doc/manual.ps ++# dh_installexamples ++# dh_installmenu ++# dh_installcron ++# dh_installmanpages ++ dh_installchangelogs ++ dh_strip ++ dh_compress ++ dh_fixperms ++ dh_suidregister /usr/bin/mail ++ dh_installdeb ++ dh_shlibdeps ++ dh_gencontrol ++# dh_makeshlibs ++ dh_md5sums ++ dh_builddeb ++ ++# Below here is fairly generic really ++ ++binary: binary-indep binary-arch ++ ++ ++.PHONY: binary binary-arch binary-indep clean ++ ++# Local Variables: ++# mode: makefile ++# End variables |