--- mailx-8.1.1.orig/USD.doc/Makefile +++ mailx-8.1.1/USD.doc/Makefile @@ -4,8 +4,10 @@ SRCS= mail0.nr mail1.nr mail2.nr mail3.nr mail4.nr mail5.nr mail6.nr \ mail7.nr mail8.nr mail9.nr maila.nr MACROS= -me +TBL=tbl +manual.ps: ${SRCS} + ${TBL} ${SRCS} | groff ${MACROS} -Tps > $@ -paper.ps: ${SRCS} - ${TBL} ${SRCS} | ${ROFF} > ${.TARGET} +clean : + -rm manual.ps -.include --- mailx-8.1.1.orig/misc/mail.rc +++ mailx-8.1.1/misc/mail.rc @@ -1,2 +1,2 @@ -set append dot save asksub +set ask askcc append dot save crt ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via --- mailx-8.1.1.orig/pathnames.h +++ mailx-8.1.1/pathnames.h @@ -37,10 +37,34 @@ * $NetBSD: pathnames.h,v 1.4 1996/06/08 19:48:34 christos Exp $ */ -#include +/* mail installed files */ +#define _PATH_HELP "/usr/lib/mail.help" +#define _PATH_TILDE "/usr/lib/mail.tildehelp" +#define _PATH_MASTER_RC "/etc/mail.rc" -#define _PATH_EX "/usr/bin/ex" -#define _PATH_HELP "/usr/share/misc/mail.help" -#define _PATH_TILDE "/usr/share/misc/mail.tildehelp" -#define _PATH_MASTER_RC "/etc/mail.rc" -#define _PATH_MORE "/usr/bin/more" +/* mail runtime files */ +#ifndef _PATH_MAILDIR +#define _PATH_MAILDIR "/var/mail:/var/spool/mail" +#endif + +/* executables */ +#ifndef _PATH_CSHELL +#define _PATH_CSHELL "/bin/csh" +#endif +#ifndef _PATH_MORE +#define _PATH_MORE "/bin/more" +#endif +#ifndef _PATH_EX +#define _PATH_EX "/usr/bin/ex" +#endif +#ifndef _PATH_VI +#define _PATH_VI "/usr/bin/vi" +#endif +#ifndef _PATH_SENDMAIL +#define _PATH_SENDMAIL "/usr/sbin/sendmail" +#endif + +/* directories */ +#ifndef _PATH_TMP +#define _PATH_TMP "/tmp/" +#endif --- mailx-8.1.1.orig/Makefile +++ mailx-8.1.1/Makefile @@ -2,22 +2,44 @@ # $NetBSD: Makefile,v 1.8 1996/06/08 19:48:09 christos Exp $ PROG= mail -SRCS= version.c aux.c cmd1.c cmd2.c cmd3.c cmdtab.c collect.c dotlock.c \ +CC=gcc + +# use second line starting from hamm release +#CPPFLAGS=-I/usr/include/bsd -D_BSD_SOURCE -DIOSAFE +CPPFLAGS=-D_BSD_SOURCE + +CFLAGS=-g +SRCS= version.c aux.c cmd1.c cmd2.c cmd3.c cmdtab.c collect.c \ edit.c fio.c getname.c head.c v7.local.c lex.c list.c main.c names.c \ popen.c quit.c send.c strings.c temp.c tty.c vars.c + +OBJS=$(SRCS:%.c=%.o) +LIBS=-llockfile + SFILES= mail.help mail.tildehelp EFILES= mail.rc LINKS= ${BINDIR}/mail ${BINDIR}/Mail ${BINDIR}/mail ${BINDIR}/mailx -MLINKS= mail.1 Mail.1 mail.1 mailx.1 +MFILES= mail.1 -beforeinstall: - cd ${.CURDIR}/misc; install -c -o ${BINOWN} -g ${BINGRP} \ - -m 444 ${SFILES} ${DESTDIR}/usr/share/misc - cd ${.CURDIR}/misc; install -c -o root -g wheel \ - -m 644 ${EFILES} ${DESTDIR}/etc - -.if make(install) -SUBDIR+= USD.doc -.endif +default: all -.include + all: $(PROG) + + $(PROG): $(OBJS) + $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $(OBJS) $(LIBS) + + .c.o: + $(CC) $(CPPFLAGS) $(CFLAGS) -c $< + + .y.c: + bison $< + mv -f $*.tab.c $@ + + clean: + rm -f $(PROG) *.o *~ + + install: + install -c -m 755 -o root -g mail -s $(PROG) $(DESTDIR)/usr/bin/ + install -c -m 644 $(MFILES) $(DESTDIR)/usr/man/man1/ + cd misc && install -c -m 644 $(EFILES) $(DESTDIR)/etc/ + cd misc && install -c -m 644 $(SFILES) $(DESTDIR)/usr/lib/ --- mailx-8.1.1.orig/aux.c +++ mailx-8.1.1/aux.c @@ -280,16 +280,22 @@ * Copy a string, lowercasing it as we go. */ void -istrcpy(dest, src) +istrcpy(dest, src, size) register char *dest, *src; + int size; { + register char *max; - do { - if (isupper(*src)) + max=dest+size-1; + while (dest<=max) { + if (isupper(*src)) { *dest++ = tolower(*src); - else + } else { *dest++ = *src; - } while (*src++ != 0); + } + if (*src++ == 0) + break; + } } /* @@ -606,10 +612,13 @@ break; cp++; if (first) { - strcpy(namebuf, cp); + strncpy(namebuf, cp, LINESIZE); first = 0; - } else - strcpy(rindex(namebuf, '!')+1, cp); + } else { + cp2=rindex(namebuf, '!')+1; + strncpy(cp2, cp, (namebuf+LINESIZE)-cp2); + } + namebuf[LINESIZE-2]='\0'; strcat(namebuf, "!"); goto newname; } @@ -691,7 +700,8 @@ * Lower-case the string, so that "Status" and "status" * will hash to the same place. */ - istrcpy(realfld, field); + istrcpy(realfld, field, BUFSIZ); + realfld[BUFSIZ-1]='\0'; if (ignore[1].i_count > 0) return (!member(realfld, ignore + 1)); else --- mailx-8.1.1.orig/cmd1.c +++ mailx-8.1.1/cmd1.c @@ -465,7 +465,7 @@ char dirname[BUFSIZ]; char *cmd; - if (getfold(dirname) < 0) { + if (getfold(dirname, BUFSIZ) < 0) { printf("No value set for \"folder\"\n"); return 1; } --- mailx-8.1.1.orig/cmd2.c +++ mailx-8.1.1/cmd2.c @@ -496,7 +496,8 @@ if (*list == NOSTR) return igshow(tab, which); for (ap = list; *ap != 0; ap++) { - istrcpy(field, *ap); + istrcpy(field, *ap, BUFSIZ); + field[BUFSIZ-1]='\0'; if (member(field, tab)) continue; h = hash(field); --- mailx-8.1.1.orig/cmd3.c +++ mailx-8.1.1/cmd3.c @@ -65,8 +65,9 @@ char *shell; char cmd[BUFSIZ]; - (void) strcpy(cmd, str); - if (bangexp(cmd) < 0) + (void) strncpy(cmd, str, BUFSIZ); + cmd[BUFSIZ-1]='\0'; + if (bangexp(cmd, BUFSIZ) < 0) return 1; if ((shell = value("SHELL")) == NOSTR) shell = _PATH_CSHELL; @@ -103,8 +104,9 @@ char lastbang[128]; int -bangexp(str) +bangexp(str, size) char *str; + int size; { char bangbuf[BUFSIZ]; register char *cp, *cp2; @@ -144,7 +146,8 @@ printf("!%s\n", bangbuf); fflush(stdout); } - strcpy(str, bangbuf); + strncpy(str, bangbuf, size); + str[size-1]='\0'; strncpy(lastbang, bangbuf, 128); lastbang[127] = 0; return(0); --- mailx-8.1.1.orig/collect.c +++ mailx-8.1.1/collect.c @@ -52,6 +52,11 @@ #include "rcv.h" #include "extern.h" +#ifdef IOSAFE +/* to interact betzeen interrupt handlers and IO routines in fio.c */ +int got_interrupt; + +#endif /* * Read a message from standard output and return a read file to it * or NULL on error. @@ -143,6 +148,9 @@ escape = ESCAPE; eofcount = 0; hadintr = 0; +#ifdef IOSAFE + got_interrupt = 0; +#endif if (!setjmp(colljmp)) { if (getsub) @@ -166,6 +174,12 @@ for (;;) { colljmp_p = 1; c = readline(stdin, linebuf, LINESIZE); +#ifdef IOSAFE + if (got_interrupt) { + got_interrupt = 0; + longjmp(colljmp,1); + } +#endif colljmp_p = 0; if (c < 0) { if (value("interactive") != NOSTR && @@ -268,7 +282,8 @@ hp->h_bcc = cat(hp->h_bcc, extract(&linebuf[2], GBCC)); break; case 'd': - strcpy(linebuf + 2, getdeadletter()); + strncpy(linebuf + 2, getdeadletter(), LINESIZE - 2); + linebuf[LINESIZE-1]='\0'; /* fall into . . . */ case 'r': case '<': @@ -392,7 +407,11 @@ sigemptyset(&nset); sigaddset(&nset, SIGINT); sigaddset(&nset, SIGHUP); +#ifndef OLDBUG + sigprocmask(SIG_BLOCK, &nset, NULL); +#else sigprocmask(SIG_BLOCK, &nset, &oset); +#endif signal(SIGINT, saveint); signal(SIGHUP, savehup); signal(SIGTSTP, savetstp); @@ -427,6 +446,8 @@ fprintf(stderr, "File exists\n"); return(-1); } + /* FIXME: Fopen with "w" will currently prevent writing to an existig file + (/dev/null), for now I am not sure this would even marginally useful to allow */ if ((of = Fopen(name, "w")) == NULL) { perror(NOSTR); return(-1); @@ -589,10 +610,16 @@ if (colljmp_p) { colljmp_p = 0; hadintr = 0; +#ifdef IOSAFE + got_interrupt = s; +#else longjmp(colljmp, 1); +#endif + } } + /* * On interrupt, come here to save the partial message in ~/dead.letter. * Then jump out of the collection loop. @@ -613,7 +640,12 @@ return; } hadintr = 1; +#ifdef IOSAFE + got_interrupt = s; + return; +#else longjmp(colljmp, 1); +#endif } rewind(collf); if (value("nosave") == NOSTR) --- mailx-8.1.1.orig/dotlock.c +++ mailx-8.1.1/dotlock.c @@ -48,11 +48,33 @@ #include #include "extern.h" +#include "rcv.h" #ifndef O_SYNC #define O_SYNC 0 #endif +/* + * Set the gid if the path is in the normal mail spool + */ +static int perhaps_setgid (name, gid) +char *name; +gid_t gid; +{ + char safelist[] = _PATH_MAILDIR; + char *safepath, *p = safelist; + int len; + + while ((safepath = strtok(p, ":"))) { + p = 0; + len = strlen(safepath); + if (strncmp (name, safepath, len) == 0 && name[len] == '/') + return (setgid (gid)); + } + return 0; +} + + static int create_exclusive __P((const char *)); /* * Create a unique file. O_EXCL does not really work over NFS so we follow @@ -69,11 +91,12 @@ const char *fname; { char path[MAXPATHLEN], hostname[MAXHOSTNAMELEN]; + char apid[40]; /* sufficient for storign 128 bits pids */ const char *ptr; struct timeval tv; pid_t pid; size_t ntries, cookie; - int fd, serrno; + int fd, serrno, cc; struct stat st; (void) gettimeofday(&tv, NULL); @@ -93,12 +116,17 @@ (void) snprintf(path, sizeof(path), "%.*s.%s.%x", ptr - fname, fname, hostname, cookie); + /* * We try to create the unique filename. */ for (ntries = 0; ntries < 5; ntries++) { + perhaps_setgid(path, effectivegid); fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL|O_SYNC, 0); + setgid(realgid); if (fd != -1) { + sprintf(apid,"%d",getpid()); + write(fd, apid, strlen(apid)); (void) close(fd); break; } @@ -107,11 +135,14 @@ else return -1; } - /* * We link the path to the name */ - if (link(path, fname) == -1) + perhaps_setgid(fname, effectivegid); + cc = link(path, fname); + setgid(realgid); + + if (cc == -1) goto bad; /* @@ -121,7 +152,9 @@ if (stat(path, &st) == -1) goto bad; + perhaps_setgid(fname, effectivegid); (void) unlink(path); + setgid(realgid); /* * If the number of links was two (one for the unique file and one @@ -149,6 +182,7 @@ { char path[MAXPATHLEN]; sigset_t nset, oset; + int i; sigemptyset(&nset); sigaddset(&nset, SIGHUP); @@ -162,7 +196,7 @@ (void) snprintf(path, sizeof(path), "%s.lock", fname); - for (;;) { + for (i=0;i<15;i++) { (void) sigprocmask(SIG_BLOCK, &nset, &oset); if (create_exclusive(path) != -1) { (void) sigprocmask(SIG_SETMASK, &oset, NULL); @@ -185,6 +219,8 @@ sleep(pollinterval); } } + fprintf(stderr,"%s seems a stale lock? Need to be removed by hand?\n",path); + return -1; } void @@ -194,5 +230,7 @@ char path[MAXPATHLEN]; (void) snprintf(path, sizeof(path), "%s.lock", fname); + perhaps_setgid(path, effectivegid); (void) unlink(path); + setgid(realgid); } --- mailx-8.1.1.orig/edit.c +++ mailx-8.1.1/edit.c @@ -159,7 +159,7 @@ struct stat statb; extern char *tempEdit; - if ((t = creat(tempEdit, readonly ? 0400 : 0600)) < 0) { + if ((t = open(tempEdit, O_CREAT|O_WRONLY|O_EXCL, readonly ? 0400 : 0600)) < 0) { perror(tempEdit); goto out; } --- mailx-8.1.1.orig/extern.h +++ mailx-8.1.1/extern.h @@ -50,6 +50,7 @@ struct name *put __P((struct name *, struct name *)); struct name *tailof __P((struct name *)); struct name *usermap __P((struct name *)); +FILE *safe_fopen __P((char *, char *)); FILE *Fdopen __P((int, char *)); FILE *Fopen __P((char *, char *)); FILE *Popen __P((char *, char *)); @@ -79,7 +80,7 @@ char *username __P((void)); char *value __P((char [])); char *vcopy __P((char [])); -char *yankword __P((char *, char [])); +char *yankword __P((char *, char [], int)); int Fclose __P((FILE *)); int More __P((void *)); int Pclose __P((FILE *)); @@ -94,7 +95,7 @@ int append __P((struct message *, FILE *)); int argcount __P((char **)); void assign __P((char [], char [])); -int bangexp __P((char *)); +int bangexp __P((char *, int)); int blankline __P((char [])); void brokpipe __P((int)); int charcount __P((char *, int)); @@ -115,8 +116,8 @@ int deltype __P((void *)); void demail __P((void)); int dosh __P((void *)); -int dot_lock __P((const char *, int, FILE *, const char *)); -void dot_unlock __P((const char *)); +int spool_lock __P((const char *)); +int spool_unlock __P((const char *)); int echo __P((void *)); int edit1 __P((int *, int)); int editor __P((void *)); @@ -130,7 +131,7 @@ int file __P((void *)); struct grouphead * findgroup __P((char [])); -void findmail __P((char *, char *)); +void findmail __P((char *, char *, int)); int first __P((int, int)); void fixhead __P((struct header *, struct name *)); void fmt __P((char *, struct name *, FILE *, int)); @@ -139,7 +140,7 @@ void free_child __P((int)); int from __P((void *)); off_t fsize __P((FILE *)); -int getfold __P((char *)); +int getfold __P((char *, int)); int gethfield __P((FILE *, char [], int, char **)); int getmsglist __P((char *, int *, int)); int getrawlist __P((char [], char **, int)); @@ -164,7 +165,7 @@ int ishead __P((char [])); int isign __P((char *, struct ignoretab [])); int isprefix __P((char *, char *)); -void istrcpy __P((char *, char *)); +void istrcpy __P((char *, char *, int)); const struct cmd * lex __P((char [])); void load __P((char *)); --- mailx-8.1.1.orig/fio.c +++ mailx-8.1.1/fio.c @@ -74,7 +74,7 @@ char linebuf[LINESIZE]; /* Get temporary file. */ - (void)sprintf(linebuf, "%s/mail.XXXXXX", tmpdir); + (void)snprintf(linebuf,LINESIZE,"%s/mail.XXXXXX", tmpdir); if ((c = mkstemp(linebuf)) == -1 || (mestmp = Fdopen(c, "r+")) == NULL) { (void)fprintf(stderr, "mail: can't open %s\n", linebuf); @@ -178,14 +178,54 @@ char *linebuf; int linesize; { - register int n; - + register int n,oldfl; + char *res; clearerr(ibuf); - if (fgets(linebuf, linesize, ibuf) == NULL) - return -1; +#ifdef IOSAFE + /* we want to be able to get interrupts while waiting user-input + we cannot to safely inside a stdio call, so we first ensure there + is now data in the stdio buffer by doing the stdio call with the descriptor + in non-blocking state and then do a select. + Hope it is safe (the libc should not break on a EAGAIN) + lprylli@graville.fdn.fr*/ + n = 0; /* number of caracters already read */ + while (n < linesize - 1) { + errno = 0; + oldfl = fcntl(fileno(ibuf),F_GETFL); + fcntl(fileno(ibuf),F_SETFL,oldfl | O_NONBLOCK); + res = fgets(linebuf + n, linesize-n, ibuf); + fcntl(fileno(ibuf),F_SETFL,oldfl); + if (res != NULL) { + n = strlen(linebuf); + if (n > 0 && linebuf[n-1] == '\n') + break; + } else if (errno == EAGAIN || errno == EWOULDBLOCK) { + clearerr(ibuf); + } else { + /* probably EOF one the file descriptors */ + if (n > 0) + break; + else + return -1; + + }{ + extern int got_interrupt; + fd_set rds; + FD_ZERO(&rds); + FD_SET(fileno(ibuf),&rds); + select(fileno(ibuf)+1,&rds,NULL,NULL,NULL); + /* if an interrupt occur drops the current line and returns */ + if (got_interrupt) + return -1; + } + } +#else + if (fgets(linebuf, linesize, ibuf) == NULL) + return -1; +#endif n = strlen(linebuf); if (n > 0 && linebuf[n - 1] == '\n') - linebuf[--n] = '\0'; + linebuf[--n] = '\0'; return n; } @@ -336,7 +376,7 @@ */ switch (*name) { case '%': - findmail(name[1] ? name + 1 : myname, xname); + findmail(name[1] ? name + 1 : myname, xname, PATHSIZE); return savestr(xname); case '#': if (name[1] != 0) @@ -351,13 +391,13 @@ name = "~/mbox"; /* fall through */ } - if (name[0] == '+' && getfold(cmdbuf) >= 0) { - sprintf(xname, "%s/%s", cmdbuf, name + 1); + if (name[0] == '+' && getfold(cmdbuf, PATHSIZE) >= 0) { + snprintf(xname, PATHSIZE, "%s/%s", cmdbuf, name + 1); name = savestr(xname); } /* catch the most common shell meta character */ if (name[0] == '~' && (name[1] == '/' || name[1] == '\0')) { - sprintf(xname, "%s%s", homedir, name + 1); + snprintf(xname, PATHSIZE, "%s%s", homedir, name + 1); name = savestr(xname); } if (!anyof(name, "~{[*?$`'\"\\")) @@ -366,7 +406,7 @@ perror("pipe"); return name; } - sprintf(cmdbuf, "echo %s", name); + snprintf(cmdbuf, PATHSIZE, "echo %s", name); if ((shell = value("SHELL")) == NOSTR) shell = _PATH_CSHELL; pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NOSTR); @@ -376,21 +416,22 @@ return NOSTR; } close(pivec[1]); - l = read(pivec[0], xname, BUFSIZ); + l = read(pivec[0], xname, PATHSIZE); + if (l < 0) { + perror("read"); + close(pivec[0]); + return NOSTR; + } close(pivec[0]); if (wait_child(pid) < 0 && wait_status.w_termsig != SIGPIPE) { fprintf(stderr, "\"%s\": Expansion failed.\n", name); return NOSTR; } - if (l < 0) { - perror("read"); - return NOSTR; - } if (l == 0) { fprintf(stderr, "\"%s\": No match.\n", name); return NOSTR; } - if (l == BUFSIZ) { + if (l == PATHSIZE) { fprintf(stderr, "\"%s\": Expansion buffer overflow.\n", name); return NOSTR; } @@ -409,17 +450,20 @@ * Determine the current folder directory name. */ int -getfold(name) +getfold(name, size) char *name; + int size; { char *folder; if ((folder = value("folder")) == NOSTR) return (-1); - if (*folder == '/') - strcpy(name, folder); - else - sprintf(name, "%s/%s", homedir, folder); + if (*folder == '/') { + strncpy(name, folder, size); + name[size-1]='\0'; + } else { + snprintf(name, size, "%s/%s", homedir, folder); + } return (0); } @@ -436,7 +480,7 @@ else if (*cp != '/') { char buf[PATHSIZE]; - (void) sprintf(buf, "~/%s", cp); + (void) snprintf(buf, PATHSIZE, "~/%s", cp); cp = expand(buf); } return cp; --- mailx-8.1.1.orig/glob.h +++ mailx-8.1.1/glob.h @@ -83,6 +83,8 @@ int screenheight; /* Screen height, or best guess, for "header" command */ int realscreenheight; /* the real screen height */ +gid_t effectivegid; /* Saved from when we started up */ +gid_t realgid; /* Saved from when we started up */ #include --- mailx-8.1.1.orig/head.c +++ mailx-8.1.1/head.c @@ -73,10 +73,13 @@ fail(linebuf, "No from or date field"); return (0); } + /* be very tolerant about the date */ +#if 0 if (!isdate(hl.l_date)) { fail(linebuf, "Date field not legal date"); return (0); } +#endif /* * I guess we got it! */ --- mailx-8.1.1.orig/lex.c +++ mailx-8.1.1/lex.c @@ -134,16 +134,19 @@ } shudclob = 1; edit = isedit; - strcpy(prevfile, mailname); - if (name != mailname) - strcpy(mailname, name); + strncpy(prevfile, mailname, PATHSIZE); + prevfile[PATHSIZE-1]='\0'; + if (name != mailname) { + strncpy(mailname, name, PATHSIZE); + mailname[PATHSIZE-1]='\0'; + } mailsize = fsize(ibuf); - if ((otf = fopen(tempMesg, "w")) == NULL) { + if ((otf = safe_fopen(tempMesg, "w")) == NULL) { perror(tempMesg); exit(1); } (void) fcntl(fileno(otf), F_SETFD, 1); - if ((itf = fopen(tempMesg, "r")) == NULL) { + if ((itf = safe_fopen(tempMesg, "r")) == NULL) { perror(tempMesg); exit(1); } @@ -616,10 +619,10 @@ s++; } ename = mailname; - if (getfold(fname) >= 0) { + if (getfold(fname, BUFSIZ-1) >= 0) { strcat(fname, "/"); if (strncmp(fname, mailname, strlen(fname)) == 0) { - sprintf(zname, "+%s", mailname + strlen(fname)); + snprintf(zname, BUFSIZ, "+%s", mailname + strlen(fname)); ename = zname; } } --- mailx-8.1.1.orig/list.c +++ mailx-8.1.1/list.c @@ -515,7 +515,8 @@ int quotec; if (regretp >= 0) { - strcpy(lexstring, string_stack[regretp]); + strncpy(lexstring, string_stack[regretp], STRINGLEN); + lexstring[STRINGLEN-1]='\0'; lexnumber = numberstack[regretp]; return(regretstack[regretp--]); } @@ -695,10 +696,12 @@ register char *cp, *cp2, *backup; str++; - if (strlen(str) == 0) + if (strlen(str) == 0) { str = lastscan; - else - strcpy(lastscan, str); + } else { + strncpy(lastscan, str, 128); + lastscan[127]='\0'; + } mp = &message[mesg-1]; /* --- mailx-8.1.1.orig/mail.1 +++ mailx-8.1.1/mail.1 @@ -109,7 +109,7 @@ .It Fl u Is equivalent to: .Pp -.Dl mail -f /var/mail/user +.Dl mail -f /var/spool/mail/user .El .Ss Sending mail To send a message to one or more people, @@ -990,8 +990,8 @@ .Ev USER environment variables. .Sh FILES -.Bl -tag -width /usr/share/misc/mail.*help -compact -.It Pa /var/mail/* +.Bl -tag -width /usr/lib/mail.*help -compact +.It Pa /var/spool/mail/* Post office. .It ~/mbox User's old mail. @@ -999,7 +999,7 @@ File giving initial mail commands. .It Pa /tmp/R* Temporary files. -.It Pa /usr/share/misc/mail.*help +.It Pa /usr/lib/mail.*help Help files. .It Pa /etc/mail.rc System initialization file. @@ -1029,8 +1029,5 @@ Most are not useful to the general user. .Pp -Usually, -.Nm mail -is just a link to -.Nm Mail , -which can be confusing. +.\" This bug is not the case in this particular distribution. +.\" Usually, .Nm mail is just a link to .Nm Mail, which can be confusing. --- mailx-8.1.1.orig/main.c +++ mailx-8.1.1/main.c @@ -48,6 +48,12 @@ #endif #endif /* not lint */ +/* + * Most strcpy/sprintf functions have been changed to strncpy/snprintf to + * correct several buffer overruns (at least one ot them was exploitable). + * Sat Jun 20 04:58:09 CEST 1998 Alvaro Martinez Echevarria + */ + #include "rcv.h" #include #include @@ -70,9 +76,24 @@ struct name *to, *cc, *bcc, *smopts; char *subject; char *ef; + char* cmd; char nosrc = 0; sig_t prevint; + /* + * Absolutely the first thing we do is save our egid + * and set it to the rgid, so that we can safely run + * setgid. We use the sgid (saved set-gid) to allow ourselves + * to revert to the egid if we want (temporarily) to become + * priveliged. + */ + effectivegid = getegid(); + realgid = getgid(); + if (setgid (realgid) < 0) { + perror("setgid"); + exit(1); + } + /* * Set up a reasonable environment. * Figure out whether we are being run interactively, @@ -81,6 +102,26 @@ (void) signal(SIGCHLD, sigchild); if (isatty(0)) assign("interactive", ""); + + /* + * Grab some stuff from the environment we might use + */ + + if (cmd = getenv("PAGER")) + assign("PAGER", cmd); + if (cmd = getenv("LISTER")) + assign("LISTER", cmd); + if (cmd = getenv("SHELL")) + assign("SHELL", cmd); + if (cmd = getenv("EDITOR")) + assign("EDITOR", cmd); + if (cmd = getenv("VISUAL")) + assign("VISUAL", cmd); + if (cmd = getenv("MBOX")) + assign("MBOX", cmd); + if (cmd = getenv("DEAD")) + assign("DEAD", cmd); + image = -1; /* * Now, determine how we are being used. @@ -287,12 +328,12 @@ if (ioctl(1, TIOCGWINSZ, (char *) &ws) < 0) ws.ws_col = ws.ws_row = 0; if (tcgetattr(1, &tbuf) < 0) - ospeed = 9600; + ospeed = B9600; else ospeed = cfgetospeed(&tbuf); - if (ospeed < 1200) + if (ospeed < B1200) screenheight = 9; - else if (ospeed == 1200) + else if (ospeed == B1200) screenheight = 14; else if (ws.ws_row != 0) screenheight = ws.ws_row; --- mailx-8.1.1.orig/names.c +++ mailx-8.1.1/names.c @@ -108,7 +108,7 @@ top = NIL; np = NIL; cp = line; - while ((cp = yankword(cp, nbuf)) != NOSTR) { + while ((cp = yankword(cp, nbuf, BUFSIZ)) != NOSTR) { t = nalloc(nbuf, ntype); if (top == NIL) top = t; @@ -171,10 +171,12 @@ * Throw away things between ()'s, and take anything between <>. */ char * -yankword(ap, wbuf) +yankword(ap, wbuf, maxsize) char *ap, wbuf[]; + int maxsize; { register char *cp, *cp2; + int used = 0; cp = ap; for (;;) { @@ -201,10 +203,11 @@ break; } if (*cp == '<') - for (cp2 = wbuf; *cp && (*cp2++ = *cp++) != '>';) + /* Pre-increment "used" so we leave room for the trailing zero */ + for (cp2 = wbuf; *cp && (++used < maxsize) && (*cp2++ = *cp++) != '>';) ; else - for (cp2 = wbuf; *cp && !index(" \t,(", *cp); *cp2++ = *cp++) + for (cp2 = wbuf; *cp && (++used < maxsize) && !index(" \t,(", *cp); *cp2++ = *cp++) ; *cp2 = '\0'; return cp; @@ -253,7 +256,8 @@ */ if (image < 0) { - if ((fout = Fopen(tempEdit, "a")) == NULL) { + /* hopefully we always create the file, so I change the "a" to "w" the line below */ + if ((fout = Fopen(tempEdit, "w")) == NULL) { perror(tempEdit); senderr++; goto cant; --- mailx-8.1.1.orig/quit.c +++ mailx-8.1.1/quit.c @@ -118,8 +118,11 @@ Fclose(fbuf); return; } - if (dot_lock(mailname, 1, stdout, ".") == -1) - goto nolock; + if (!spool_lock(mailname)) { + (void)Fclose(fbuf); + return; /* lockspool printed error for us */ + } + rbuf = NULL; if (fstat(fileno(fbuf), &minfo) >= 0 && minfo.st_size > mailsize) { printf("New mail has arrived.\n"); @@ -192,14 +195,14 @@ printf("Held %d message%s in %s\n", p, p == 1 ? "" : "s", mailname); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } if (c == 0) { if (p != 0) { writeback(rbuf); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } goto cream; @@ -218,7 +221,7 @@ if ((obuf = Fopen(tempQuit, "w")) == NULL) { perror(tempQuit); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } if ((ibuf = Fopen(tempQuit, "r")) == NULL) { @@ -226,7 +229,7 @@ rm(tempQuit); Fclose(obuf); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } rm(tempQuit); @@ -240,7 +243,7 @@ Fclose(ibuf); Fclose(obuf); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } Fclose(obuf); @@ -249,7 +252,7 @@ perror(mbox); Fclose(ibuf); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } } @@ -257,7 +260,7 @@ if ((obuf = Fopen(mbox, "a")) == NULL) { perror(mbox); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } fchmod(fileno(obuf), 0600); @@ -266,10 +269,11 @@ if (mp->m_flag & MBOX) if (send(mp, obuf, saveignore, NOSTR) < 0) { perror(mbox); - Fclose(ibuf); + if (ibuf) + Fclose(ibuf); Fclose(obuf); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } @@ -296,7 +300,7 @@ perror(mbox); Fclose(obuf); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } Fclose(obuf); @@ -313,7 +317,7 @@ if (p != 0) { writeback(rbuf); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } @@ -334,19 +338,19 @@ Fclose(abuf); alter(mailname); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; } demail(); Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); return; newmail: printf("Thou hast new mail.\n"); if (fbuf != NULL) { Fclose(fbuf); - dot_unlock(mailname); + spool_unlock(mailname); } } --- mailx-8.1.1.orig/tty.c +++ mailx-8.1.1/tty.c @@ -50,6 +50,8 @@ #include "rcv.h" #include "extern.h" +#include +#include #include static cc_t c_erase; /* Current erase char */ @@ -60,6 +62,10 @@ static int ttyset; /* We must now do erase/kill */ #endif +#ifdef IOSAFE +static int got_interrupt; +#endif + /* * Read all relevant header fields. */ @@ -104,8 +110,15 @@ if ((savequit = signal(SIGQUIT, SIG_IGN)) == SIG_DFL) signal(SIGQUIT, SIG_DFL); #else - if (setjmp(intjmp)) +#ifdef IOSAFE + got_interrupt = 0; +#endif + if (setjmp(intjmp)) { + /* avoid garbled output with C-c */ + printf("\n"); + fflush(stdout); goto out; + } saveint = signal(SIGINT, ttyint); #endif if (gflags & GTO) { @@ -207,14 +220,26 @@ cp2 = cp; if (setjmp(rewrite)) goto redo; +#ifdef IOSAFE + got_interrupt = 0; +#endif signal(SIGTSTP, ttystop); signal(SIGTTOU, ttystop); signal(SIGTTIN, ttystop); clearerr(stdin); while (cp2 < canonb + BUFSIZ) { +#ifdef IOSAFE + c = safegetc(stdin); + /* this is full of ACE but hopefully, interrupts will only occur in the above read */ + if (got_interrupt == SIGINT) + longjmp(intjmp,1); + else if (got_interrupt) + longjmp(rewrite,1); +#else c = getc(stdin); +#endif if (c == EOF || c == '\n') - break; + break; *cp2++ = c; } *cp2 = 0; @@ -280,6 +305,9 @@ kill(0, s); sigprocmask(SIG_UNBLOCK, &nset, NULL); signal(s, old_action); +#ifdef IOSAFE + got_interrupt = s; +#endif longjmp(rewrite, 1); } @@ -288,5 +316,40 @@ ttyint(s) int s; { +#ifdef IOSAFE + got_interrupt = s; +#else longjmp(intjmp, 1); +#endif +} + +#ifdef IOSAFE +/* it is very awful, but only way I see to be able to do a interruptable stdio call */ +int safegetc(FILE *ibuf) +{ + int oldfl; + int res; + while (1) { + errno = 0; + oldfl = fcntl(fileno(ibuf),F_GETFL); + fcntl(fileno(ibuf),F_SETFL,oldfl | O_NONBLOCK); + res = getc(ibuf); + fcntl(fileno(ibuf),F_SETFL,oldfl); + if (res != EOF) + return res; + else if (errno == EAGAIN || errno == EWOULDBLOCK) { + fd_set rds; + clearerr(ibuf); + FD_ZERO(&rds); + FD_SET(fileno(ibuf),&rds); + select(fileno(ibuf)+1,&rds,NULL,NULL,NULL); + /* if an interrupt occur drops the current line and returns */ + if (got_interrupt) + return EOF; + } else { + /* probably EOF one the file descriptors */ + return EOF; + } + } } +#endif --- mailx-8.1.1.orig/v7.local.c +++ mailx-8.1.1/v7.local.c @@ -60,15 +60,26 @@ * mail is queued). */ void -findmail(user, buf) +findmail(user, buf, size) char *user, *buf; + int size; { char *mbox; - if (!(mbox = getenv("MAIL"))) - (void)sprintf(buf, "%s/%s", _PATH_MAILDIR, user); - else - (void)strcpy(buf, mbox); + if (!(mbox = getenv("MAIL"))) { + char safelist[] = _PATH_MAILDIR; + char *safepath, *p = safelist; + while ((safepath = strtok(p, ":"))) { + p = 0; + (void)snprintf(buf, size, "%s/%s", safepath, user); + if (access(buf, F_OK) == 0) + break; + } + } else { + (void)strncpy(buf, mbox, size); + buf[size-1]='\0'; + } + } /* --- mailx-8.1.1.orig/vars.c +++ mailx-8.1.1/vars.c @@ -83,7 +83,7 @@ vfree(cp) char *cp; { - if (*cp) + if (cp && *cp) free(cp); } @@ -99,6 +99,8 @@ char *new; unsigned len; + if (str == NULL) + return NULL; if (*str == '\0') return ""; len = strlen(str) + 1; @@ -120,7 +122,7 @@ register struct var *vp; if ((vp = lookup(name)) == NOVAR) - return(getenv(name)); + return NULL; return(vp->v_value); } --- mailx-8.1.1.orig/popen.c +++ mailx-8.1.1/popen.c @@ -45,6 +45,8 @@ #include "rcv.h" #include #include +#include +#include #include "extern.h" #define READ 0 @@ -71,12 +73,42 @@ static int file_pid __P((FILE *)); FILE * +safe_fopen(file, mode) + char *file, *mode; +{ + int omode, fd; + + if (!strcmp(mode, "r")) { + omode = O_RDONLY; + } else if (!strcmp(mode, "w")) { + omode = O_WRONLY | O_CREAT | O_EXCL; + } else if (!strcmp(mode, "a")) { + omode = O_WRONLY | O_APPEND | O_CREAT; + } else if (!strcmp(mode, "a+")) { + omode = O_RDWR | O_APPEND; + } else if (!strcmp(mode, "r+")) { + omode = O_RDWR; + } else if (!strcmp(mode, "w+")) { + omode = O_RDWR | O_CREAT | O_EXCL; + } else { + fprintf(stderr, + "Internal error: bad stdio open mode %s\n", mode); + errno = EINVAL; + return NULL; + } + + if ((fd = open(file, omode, 0666)) < 0) + return NULL; + return fdopen(fd, mode); +} + +FILE * Fopen(file, mode) char *file, *mode; { FILE *fp; - if ((fp = fopen(file, mode)) != NULL) { + if ((fp = safe_fopen(file, mode)) != NULL) { register_file(fp, 0, 0); (void) fcntl(fileno(fp), F_SETFD, 1); } @@ -397,4 +429,89 @@ else cp->free = 1; sigprocmask(SIG_SETMASK, &oset, NULL); +} + +/* + * Lock(1)/unlock(0) mail spool using liblockfile + * Returns 1 for success, 0 for failure, -1 for bad usage. + */ +static int +handle_spool_locks(mailname, action) + const char *mailname; + int action; +{ + int retval; + char lockpath[PATHSIZE]; + + snprintf(lockpath, PATHSIZE - 1, "%s.lock", mailname); + lockpath[PATHSIZE - 1] = '\0'; + + if (action == 0) { + /* Clear the lock */ + retval = lockfile_remove(lockpath); + if (retval == 0) + return(1); + else + warn("Cannot remove lockfile %s", lockpath); + + } else if (action == 1) { + + retval = lockfile_create(lockpath, 3, 0); + switch (retval) { + case L_SUCCESS: + return(1); + + case L_NAMELEN: + warnx( "Cannot create lockfile %s: %s", + lockpath, + "Recipient name too long." + ); + break; + + case L_TMPLOCK: + warnx( "Cannot create lockfile %s: %s", + lockpath, + "Error creating temporary lockfile" + ); + break; + + case L_TMPWRITE: + warnx( "Cannot create lockfile %s: %s", + lockpath, + "Failed to write pid into tmp lockfile." + ); + break; + + case L_MAXTRYS: + warnx( "Cannot create lockfile %s: %s", + lockpath, + "Failed after max tries." + ); + break; + + case L_ERROR: + default: + warn( "Cannot create lockfile %s", + lockpath + ); + break; + + } + } + + return(0); +} + +int +spool_lock(mailname) + const char * mailname; +{ + return(handle_spool_locks(mailname, 1)); +} + +int +spool_unlock(mailname) + const char * mailname; +{ + return(handle_spool_locks(mailname, 0)); } --- mailx-8.1.1.orig/changelog +++ mailx-8.1.1/changelog @@ -0,0 +1,159 @@ +mailx (1:8.1.1-10.1.3) frozen unstable; urgency=high + + * More security fixes + * Don't allow to set interactive in mailrc (or interactively) + * Modify the variable-handling code to grok NULL values + + -- Wichert Akkerman Mon, 7 Aug 2000 17:22:57 -0700 + +mailx (1:8.1.1-10.1.2) frozen unstable; urgency=high + + * Another security problem: refuse to get the interactive variable + from the environment by explicitly setting it in the hashtable. + + -- Wichert Akkerman Mon, 7 Aug 2000 12:36:10 -0700 + +mailx (1:8.1.1-10.1.1) frozen unstable; urgency=high + + * NMU to fix RC bug. Now accepts both /var/mail and /var/spool/mail as + allowed places for setgid file manipulation. fixes:#64238 + + -- Paul Slootman Thu, 8 Jun 2000 19:51:14 +0200 + +mailx (1:8.1.1-10.1) stable frozen unstable; urgency=high + + * Security fix for a GID=mail shell. + + -- Daniel Jacobowitz Sun, 4 Jun 2000 22:45:19 -0700 + +mailx (1:8.1.1-10) frozen unstable; urgency=high + + * correct major security flaw, patch from Alvaro Martinez Echevarria + , bug#23880, bug#23901 + + * other potential buffer overflow, patch from Juan-Mariano de Goyeneche + , bug #22937 + + + -- Loic Prylli Sun, 28 Jun 1998 20:15:18 -0400 + +mailx (1:8.1.1-9) frozen unstable; urgency=high + + * recompile without the signal handling workarounds (lo + that eliminate critical bugs where message parts can be lost + (#20798) and (#20558) + + -- Loic Prylli Thu, 9 Apr 1998 02:11:26 +0200 + +mailx (1:8.1.1-8) frozen unstable; urgency=high + + * previous patch broke most file accesses, corrected safe_open (#20634) + * try to check every access to Fopen, change "a" into "w" for new files, + to suit behaviour of safe_open. + + -- Loic Prylli Sat, 4 Apr 1998 22:01:19 +0200 + +mailx (1:8.1.1-7) frozen; urgency=medium + + * security fix for tmp races patch from Martin Schulze (#20059) + + -- Loic Prylli Mon, 23 Mar 1998 22:52:35 +0100 + +mailx (1:8.1.1-6) unstable; urgency=low + + * convert to debhelper + * changelog now compressed (bug#15431) + * removed .orig and .rej from source (bug#18409) + + -- Loic Prylli Sat, 14 Feb 1998 14:34:22 +0100 + +mailx (1:8.1.1-5) unstable; urgency=low + + * apply David Brown patch so mailx choose the right window size + (#12197) + * correct Depends: in control file. + + -- Loic Prylli Sat, 15 Nov 1997 00:30:38 +0100 + +mailx (1:8.1.1-4) unstable; urgency=high + + * mailx was sending empty message, ignoring user input + add clearerr when EAGAIN occur in "IOSAFE" code (#14263) + + -- Loic Prylli Tue, 11 Nov 1997 20:22:35 +0100 + +mailx (1:8.1.1-3.1) unstable; urgency=low + + * Non-maintainer release. + * Libc6 compile. (#11705) + * Install missing symlink to manpage. (#7274) + + -- Martin Mitchell Wed, 29 Oct 1997 04:34:39 +1100 + +mailx (1:8.1.1-3) unstable; urgency=low + + * add dpkg --assert-working-epoch in preinst bug#6850 + * add writing of pid in mailbox locking file + * fix:mailx was not removing temporary lock files + + -- Loic Prylli Sat, 1 Feb 1997 11:44:04 +0100 + +mailx (1:8.1.1-2) unstable; urgency=low + + * correct bug #2733 (occur when no space left) dans quit.c + * detection of From_ lines with tring to match the date bug#2010 + * corrected garble output bug #2284 + + -- Loic Prylli Sat, 28 Dec 1996 15:02:22 +0100 + +mailx (1:8.1.1-1) unstable; urgency=medium + + * recreate completely starting from OpenBSD mail version (we loose a lot + of extension but we have a working program now) + * OpenBSD base version is the last one in december 96 + * rechange the numbering of version, so epoch 1+8.1 is from 4.4BSD, the + last upstream digit is to change each time we update to a new openbsd + version. + * fix the problem of longjmp inside signals inside stdio calls + * reincorporate a patch to be dot file locking+setgid safe + * some fix in signal handling + + -- Loic Prylli Mon, 23 Dec 1996 01:57:44 +0100 + +Mon Apr 29 17:21:42 1996 Sven Rudolph + + * releasing 8.5.5-1 + + * added symlink /usr/bin/Mail -> /usr/bin/mailx + +Thu Apr 25 23:55:36 1996 Sven Rudolph + + * set version number to 8.5.5 because it has to superseed 8.1 + + * switched back to mailx-5.5-kw (see mailx-5.5-kw.diff.README) + + * no POP support + +mailx 8.1 Debian 5 - 10/19/95 Sven Rudolph +* uses now BSD signal emulation (/usr/include/bsd/signal.h) +* added virtual package names in Depends: and Provides fields (Bug#1460) +* added Section: field +* created symlink for mailx manpage (Bug#1114) + +mailx 8.1 Debian 4 - 5/20/95 Carl Streeter +* Added diffs from Delman Lee : + + Hi! I got mailx-8.1-3 from the Linux Debian distribution, and have + added a "hold-pop" option to hold messages on the POP server after + retrieving them. (Also fixed a minor bug with mailx thinking that there + is mail even if the POP mailbox is empty. Code around stat() below.) + +mailx 8.1 Debian 3 - 4/18/95 Carl Streeter +* Fixed control file to depend on smail|sendmail. Updated to latest + guidelines + + + +Local variables: +mode: debian-changelog +End: --- mailx-8.1.1.orig/debian/README.debian +++ mailx-8.1.1/debian/README.debian @@ -0,0 +1,159 @@ +mailx for DEBIAN +---------------------- + +The history of this package is quite complicated. The changelog +includes a summary with the different maintainers. + +At the beginning of debian, I think this package was based on a BSD 5.5 mail version +from FreeBSD. + +There has been a lot on work on the package shipped with Debian +0.93R6, which was based a BSD 8.1 mail version from BSD4.4Lite. The +extensions includes support for dotfile locking, setgid support, POP +support, signal handling hacks. + +here is a README originally found: + + README for Berkely mailx version 8.1 with POP extension + + + + This is "mailx", a simple program for sending and receiving email. + + + + This is based on mailx version 8.1 (as distributed with BSD 4.4lite). + + + + It has been extended to support the post-office protocol (POP). Run + + "mail -p" and it will retrive your email from a POP server rather than + + from your local mail queue. See the manual page for more details. + + + + The POP support was written by Jonathan I. Kamens for version mailx 5.5 + + (as distributed with BSD 4.3.) + + + + The POP support was integrated into version 8.1 by Salvatore Valente + + for no particular reason. (It would have been simpler for me to + + simply use Jonathan's 5.5 source tree. There are no major differences + + between the two versions.) + + + + Have a nice day. + + -Salvatore Valente. + + 5/12/94 + + + + + + PORTING + + + + Before attempting to compile this for _any_ system, you should do two + + things: + + + + Edit CFLAGS in Makefile. + + Edit pathnames.h. + + + + These sources are _extremely_ BSDish. I have successfully built this + + for Linux, BSD 4.3, NetBSD, Ultrix, Aix, and SunOS. I have never + + successfully gotten it to build for Solaris or any System 5ish system. + + If you want to try, here are some issues you will face: + + + + It uses BSD signal() semantics. Use sigaction(). + + It uses BSD longjmp() semantics. Use siglongjmp(). + + It uses BSD sgtty. Use termios. + + It uses BSD signal mask functions. Use posix sigmask functions. + + + + There will probably be other hurdles too. Good luck. + + +With Debian1.1 a switch was done to a version base on a BSD5.5 mail +program, because of signal handling problems (which I think were due +to bad compilation options). So no more POP support. Some patches +from Ken Whang included, the corresponding +README was: + + mailx-5.5-kw 5/30/95 + + + + + + WHAT'S IN THIS PATCH + + + + There are a bunch of little features, common in System V and SunOS + + versions of mailx, that are missing from the NetBSD-based version + + distributed with Linux. This patch attempts to fill in some of what's + + missing. + + + + Changes from debian mailx-5.5 include: + + + + 5/4/95: + + + + -- interpret prompt variable + + -- interpret ~a and ~A tilde escapes + + -- updated tildehelp list + + -- changed mail.rc to ignore nothing (just my personal preference) + + -- accept From lines with times of the form hh:mm (formerly took only hh:mm:ss) + + + + 5/7/95: + + + + -- Save (S) command saves to mailbox named after author + + -- take startup commands from file named by environment variable MAILRC + + + + 5/30/95: + + + + -- -H switch for header summary only + + + + Still to be done: + + + + -- pipe ~p output through PAGER (see type1 in cmd1.c for an example) + + -- save (s) by default to MBOX (instead of "No file specified.") + + -- ~q should save to dead.letter, ~x is not known + + -- update man page + + -- allnet and showto ("showto" shows recipient instead of sender if sender + + is current user) + + + + Possibly difficult: + + + + -- interpret editheaders variable as in SunOS version + + + + Bugs: + + + + -- ~a,~A tilde escapes leave an extra trailing blank on each line + + -- to conform to original style, I should really be using char *cp + + instead of new variables sig and prompt to be looking up variables + + -- -H switch implementation is kind of gross. grep for "hdronly" in + + source files; much room for improvement! + + + + + + HOW TO INSTALL + + + + Apply Sal Valente's debian patch first, so: + + + + tar xvfz mailx-5.5.tar.gz + + cd mailx-5.5 + + zcat ../mailx-5.5.debian.diff.gz | patch -p1 + + zcat ../mailx-5.5-kw.diff.gz | patch -p1 + + make + + + + Or you may wish to just uncompress the diff file and pick and choose + + the changes that you like. + + + + + + AUTHOR + + + + Ken Whang + +This version has no provision for the debian mail policy (permission +on /var/mail+dotfile locking), so Loic Prylli + finally recreate a package based on the OpenBSD +mail with the minimum number of patches to make it suited for debian +(see changelog). There is no more POP support, nor the added +functionality from Ken Whang, but all these patches are archived, so +mail if you want them to be incorporated. + + +Loic Prylli , Mon, 23 Dec 1996 00:13:13 +0100 + + +Sat Apr 4 14:05:38 CEST 1998: +After a security patch to fix tmp races, a number of things broke. +Here is what I have tried to fix them: +The rationale is to have all file openings go through safe_open: +File opened in mode "w", "w+", are created with O_EXCL mode, + (should coincide with temporary files or new files) +Files with "a" "a+" et "r+" mode do not require the O_EXCL files. "a+" et "r+" do not creat the file. + + +Still to do: check creat calls + + + + --- mailx-8.1.1.orig/debian/changelog +++ mailx-8.1.1/debian/changelog @@ -0,0 +1,184 @@ +mailx (1:8.1.1-11) stable; urgency=medium + + * New maintainer. + * Upload to stable to fix problems introduced in the last security upgrade: + + Use the liblockfile library for mailbox locking (closes: #90446). + Patch backported from current sid version of mailx. + + Remove bashism from postinst (closes: #89642). + * Add Build-Depends field. + + -- Robert Luberda Fri, 30 Mar 2001 21:12:03 +0200 + +mailx (1:8.1.1-10.1.5) stable; urgency=high + + * Another non-maintainer upload + * If suidregister kept mail set mail setgid explain to the admin + that that is not a very good idea and offer to change it + + -- Wichert Akkerman Tue, 13 Mar 2001 15:59:55 +0100 + +mailx (1:8.1.1-10.1.4) stable; urgency=high + + * Another non-maintainer upload + * No longer install mailx setgid, the source is just too unsafe + + -- Wichert Akkerman Sat, 10 Mar 2001 00:13:22 +0100 + +mailx (1:8.1.1-10.1.3) frozen unstable; urgency=high + + * Fix the security fix: only accept a couple environment variables + instead of blindly using them all + + -- Wichert Akkerman Tue, 8 Aug 2000 11:42:02 -0700 + +mailx (1:8.1.1-10.1.2) frozen unstable; urgency=high + + * Another security problem: refuse to get the interactive variable + from the environment by explicitly setting it in the hashtable. + + -- Wichert Akkerman Mon, 7 Aug 2000 12:36:10 -0700 + +mailx (1:8.1.1-10.1.1) frozen unstable; urgency=high + + * NMU to fix RC bug. Now accepts both /var/mail and /var/spool/mail as + allowed places for setgid file manipulation. fixes:#64238 + + -- Paul Slootman Thu, 8 Jun 2000 19:51:14 +0200 + +mailx (1:8.1.1-10.1) stable frozen unstable; urgency=high + + * Security fix for a GID=mail shell. + + -- Daniel Jacobowitz Sun, 4 Jun 2000 22:45:19 -0700 + +mailx (1:8.1.1-10) frozen unstable; urgency=high + + * correct major security flaw, patch from Alvaro Martinez Echevarria + , bug#23880, bug#23901 + + * other potential buffer overflow, patch from Juan-Mariano de Goyeneche + , bug #22937 + + + -- Loic Prylli Sun, 28 Jun 1998 20:15:18 -0400 + +mailx (1:8.1.1-9) frozen unstable; urgency=high + + * recompile without the signal handling workarounds (lo + that eliminate critical bugs where message parts can be lost + (#20798) and (#20558) + + -- Loic Prylli Thu, 9 Apr 1998 02:11:26 +0200 + +mailx (1:8.1.1-8) frozen unstable; urgency=high + + * previous patch broke most file accesses, corrected safe_open (#20634) + * try to check every access to Fopen, change "a" into "w" for new files, + to suit behaviour of safe_open. + + -- Loic Prylli Sat, 4 Apr 1998 22:01:19 +0200 + +mailx (1:8.1.1-7) frozen; urgency=medium + + * security fix for tmp races patch from Martin Schulze (#20059) + + -- Loic Prylli Mon, 23 Mar 1998 22:52:35 +0100 + +mailx (1:8.1.1-6) unstable; urgency=low + + * convert to debhelper + * changelog now compressed (bug#15431) + * removed .orig and .rej from source (bug#18409) + + -- Loic Prylli Sat, 14 Feb 1998 14:34:22 +0100 + +mailx (1:8.1.1-5) unstable; urgency=low + + * apply David Brown patch so mailx choose the right window size + (#12197) + * correct Depends: in control file. + + -- Loic Prylli Sat, 15 Nov 1997 00:30:38 +0100 + +mailx (1:8.1.1-4) unstable; urgency=high + + * mailx was sending empty message, ignoring user input + add clearerr when EAGAIN occur in "IOSAFE" code (#14263) + + -- Loic Prylli Tue, 11 Nov 1997 20:22:35 +0100 + +mailx (1:8.1.1-3.1) unstable; urgency=low + + * Non-maintainer release. + * Libc6 compile. (#11705) + * Install missing symlink to manpage. (#7274) + + -- Martin Mitchell Wed, 29 Oct 1997 04:34:39 +1100 + +mailx (1:8.1.1-3) unstable; urgency=low + + * add dpkg --assert-working-epoch in preinst bug#6850 + * add writing of pid in mailbox locking file + * fix:mailx was not removing temporary lock files + + -- Loic Prylli Sat, 1 Feb 1997 11:44:04 +0100 + +mailx (1:8.1.1-2) unstable; urgency=low + + * correct bug #2733 (occur when no space left) dans quit.c + * detection of From_ lines with tring to match the date bug#2010 + * corrected garble output bug #2284 + + -- Loic Prylli Sat, 28 Dec 1996 15:02:22 +0100 + +mailx (1:8.1.1-1) unstable; urgency=medium + + * recreate completely starting from OpenBSD mail version (we loose a lot + of extension but we have a working program now) + * OpenBSD base version is the last one in december 96 + * rechange the numbering of version, so epoch 1+8.1 is from 4.4BSD, the + last upstream digit is to change each time we update to a new openbsd + version. + * fix the problem of longjmp inside signals inside stdio calls + * reincorporate a patch to be dot file locking+setgid safe + * some fix in signal handling + + -- Loic Prylli Mon, 23 Dec 1996 01:57:44 +0100 + +Mon Apr 29 17:21:42 1996 Sven Rudolph + + * releasing 8.5.5-1 + + * added symlink /usr/bin/Mail -> /usr/bin/mailx + +Thu Apr 25 23:55:36 1996 Sven Rudolph + + * set version number to 8.5.5 because it has to superseed 8.1 + + * switched back to mailx-5.5-kw (see mailx-5.5-kw.diff.README) + + * no POP support + +mailx 8.1 Debian 5 - 10/19/95 Sven Rudolph +* uses now BSD signal emulation (/usr/include/bsd/signal.h) +* added virtual package names in Depends: and Provides fields (Bug#1460) +* added Section: field +* created symlink for mailx manpage (Bug#1114) + +mailx 8.1 Debian 4 - 5/20/95 Carl Streeter +* Added diffs from Delman Lee : + + Hi! I got mailx-8.1-3 from the Linux Debian distribution, and have + added a "hold-pop" option to hold messages on the POP server after + retrieving them. (Also fixed a minor bug with mailx thinking that there + is mail even if the POP mailbox is empty. Code around stat() below.) + +mailx 8.1 Debian 3 - 4/18/95 Carl Streeter +* Fixed control file to depend on smail|sendmail. Updated to latest + guidelines + + + +Local variables: +mode: debian-changelog +End: --- mailx-8.1.1.orig/debian/conffiles +++ mailx-8.1.1/debian/conffiles @@ -0,0 +1 @@ +/etc/mail.rc --- mailx-8.1.1.orig/debian/control +++ mailx-8.1.1/debian/control @@ -0,0 +1,14 @@ +Source: mailx +Section: mail +Priority: important +Maintainer: Robert Luberda +Standards-Version: 2.1.1.0 +Build-Depends: debhelper (>= 2), groff, liblockfile-dev + +Package: mailx +Architecture: any +Depends: ${shlibs:Depends}, smail | mail-transport-agent +Provides: mail-reader +Description: A simple mail user agent. + mailx is the traditional command-line-mode mail user agent. + Even if you don't use it it may be required by other programmes. --- mailx-8.1.1.orig/debian/copyright +++ mailx-8.1.1/debian/copyright @@ -0,0 +1,45 @@ +This package was debianized by Loic Prylli lprylli@graville.fdn.fr on +Mon, 23 Dec 1996 00:13:13 +0100. + +It is now based on OpenBSD in directory src/usr.bin/mail on a lot of major ftp sites +See the debian.README (and changelog) for the complicated history of the debian package + +The changes from upstream involve: + - because of debian mailbox locking, some code needed to make mail setgid safe + - the original code do longjmp in the middle of IO when signals occur, + this breaks the Linux libc, so I rewrite some IO loops. + + +Copyright: + + Copyright (c) 1980, 1993 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. + 4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + --- mailx-8.1.1.orig/debian/dirs +++ mailx-8.1.1/debian/dirs @@ -0,0 +1,4 @@ +usr/bin +usr/man/man1 +usr/lib +etc --- mailx-8.1.1.orig/debian/postinst +++ mailx-8.1.1/debian/postinst @@ -0,0 +1,43 @@ +#! /bin/sh + +set -e + +#DEBHELPER# + +[ "$1" = "configure" ] || exit 0 + +# We only need to ask about removing the setgid bit if the previous version +# of this package did not ask. This prevents us from asking the same question +# on every upgrade +dpkg --compare-versions "$2" ge "1:8.1.1-10.1.5" && exit 0 + +if [ -g /usr/bin/mail ] ; then + echo "Your /usr/bin/mail application is currently setgid mail." + echo "This is needed to properly lock your mailbox if you use mail" + echo "to read your email. However, mail is not written to be a secure" + echo "probably so local users might be able to use it to gain access" + echo "to email from other users." + echo + echo "It is therefore recommended to make mail non-setgid and use" + echo "another program like elm or mutt to read email." + echo + while : ; do + echo -n "Should I make this change [Y/n]? " + read a + if test -z "$a" -o "$a" = "Y" -o "$a" = "y" ; then + # Please note we don't check for suidregster presence, + # since mail can only still be setgid of suidregister + # did that. + suidregister -s mailx /usr/bin/mail root root 0755 + break + elif test "$a" = "N" -o "$a" = "n" ; then + break + fi + echo + echo "Illegal answer!" + echo + done +fi + +exit 0 + --- mailx-8.1.1.orig/debian/preinst +++ mailx-8.1.1/debian/preinst @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +dpkg --assert-working-epoch 2>/dev/null || { + echo -e "\nYou must upgrade dpkg before installing this package.\n" + false +} --- mailx-8.1.1.orig/debian/rules +++ mailx-8.1.1/debian/rules @@ -0,0 +1,83 @@ +#!/usr/bin/make -f +# Sample debian.rules file - for GNU Hello (1.3). +# Copyright 1994,1995 by Ian Jackson. +# I hereby give you perpetual unlimited permission to copy, +# modify and relicense this file, provided that you do not remove +# my name from the file itself. (I assert my moral right of +# paternity under the Copyright, Designs and Patents Act 1988.) +# This file may have to be extensively modified +# + +package=mailx + +CFLAGS=-O2 +CC=gcc + +build: + dh_testdir + make CFLAGS="$(CFLAGS)" CC="$(CC)" + cd USD.doc && make + touch build + +clean: + dh_testdir + dh_testroot + -rm -f build + -make clean + -rm USD.doc/manual.ps + dh_clean + +binary-indep: build +# There are no architecture-independent files to be uploaded +# generated by this package. If there were any they would be +# made here. + +binary-arch: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + make install DESTDIR=`pwd`/debian/tmp + cd debian/tmp/usr/bin && ln -fs mail mailx + cd debian/tmp/usr/bin && ln -fs mail Mail +# if no debstd, uncomment following lines (taken from Martin Mitchell) +# install -d debian/tmp/usr/doc/mailx debian/tmp/DEBIAN +# gzip -9v debian/tmp/usr/man/man1/* +# cd debian/tmp/usr/man/man1 && ln -fs mail.1.gz mailx.1.gz +# cd debian/tmp/usr/man/man1 && ln -fs mail.1.gz Mail.1.gz +# cp debian/changelog debian/README.debian USD.doc/manual.ps debian/tmp/usr/doc/mailx +# gzip -9v debian/tmp/usr/doc/mailx/* +# cp debian/copyright debian/tmp/usr/doc/mailx +# cp debian/{control,conffiles,preinst} debian/tmp/DEBIAN +# dpkg-shlibdeps debian/tmp/usr/bin/mail +# Must have debmake installed for this to work. Otherwise please copy +# /usr/bin/debstd into the debian directory and change debstd to debian/debstd + cd debian/tmp/usr/man/man1 && ln -fs mail.1 mailx.1 + cd debian/tmp/usr/man/man1 && ln -fs mail.1 Mail.1 + dh_installdocs USD.doc/manual.ps +# dh_installexamples +# dh_installmenu +# dh_installcron +# dh_installmanpages + dh_installchangelogs + dh_strip + dh_compress + dh_fixperms + dh_suidregister /usr/bin/mail + dh_installdeb + dh_shlibdeps + dh_gencontrol +# dh_makeshlibs + dh_md5sums + dh_builddeb + +# Below here is fairly generic really + +binary: binary-indep binary-arch + + +.PHONY: binary binary-arch binary-indep clean + +# Local Variables: +# mode: makefile +# End variables