Mon May 28 19:12:29 UTC 201820180528191229

a/pkgtools-15.0-noarch-13.txz:  Rebuilt.
  installpkg: default line length for --terselength is the number of columns.
  removepkg: added --terse mode.
  upgradepkg: default line length for --terselength is the number of columns.
  upgradepkg: accept -option in addition to --option.
ap/vim-8.1.0026-x86_64-1.txz:  Upgraded.
d/bison-3.0.5-x86_64-1.txz:  Upgraded.
e/emacs-26.1-x86_64-1.txz:  Upgraded.
kde/kopete-4.14.3-x86_64-8.txz:  Rebuilt.
  Recompiled against libidn-1.35.
n/conntrack-tools-1.4.5-x86_64-1.txz:  Upgraded.
n/libnetfilter_conntrack-1.0.7-x86_64-1.txz:  Upgraded.
n/libnftnl-1.1.0-x86_64-1.txz:  Upgraded.
n/links-2.16-x86_64-2.txz:  Rebuilt.
  Rebuilt to enable X driver for -g mode.
n/lynx-2.8.9dev.19-x86_64-1.txz:  Upgraded.
n/nftables-0.8.5-x86_64-1.txz:  Upgraded.
n/p11-kit-0.23.11-x86_64-1.txz:  Upgraded.
n/ulogd-2.0.7-x86_64-1.txz:  Upgraded.
n/whois-5.3.1-x86_64-1.txz:  Upgraded.
xap/network-manager-applet-1.8.12-x86_64-1.txz:  Upgraded.
xap/vim-gvim-8.1.0026-x86_64-1.txz:  Upgraded.

6 files changed, 151 insertions, 242 deletions

diff --git a/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch b/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch
deleted file mode 100644
index fa6d51197..000000000
--- a/source/n/mailx/heirloom-mailx-12.5-fixes-1.patch
+++ /dev/null
@@ -1,232 +0,0 @@
-Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
-Date: 2014-12-27
-Initial Package Version: 12.5
-Upstream Status: Unknown
-Origin: Changes to remove SSL2 found at debian, remainder from redhat.
-Description: Removes support for SSL2 (openssl no longer supports it)
-and fixes CVE-2004-2771 [sic] and CVE-2014-7844.
-
-diff -Naur heirloom-mailx-12.5/extern.h heirloom-mailx-12.5-patched/extern.h
---- heirloom-mailx-12.5/extern.h	2011-04-26 22:23:22.000000000 +0100
-+++ heirloom-mailx-12.5-patched/extern.h	2014-12-27 01:26:59.654169487 +0000
-@@ -396,7 +396,7 @@
- int is_fileaddr(char *name);
- struct name *usermap(struct name *names);
- struct name *cat(struct name *n1, struct name *n2);
--char **unpack(struct name *np);
-+char **unpack(struct name *smopts, struct name *np);
- struct name *elide(struct name *names);
- int count(struct name *np);
- struct name *delete_alternates(struct name *np);
-diff -Naur heirloom-mailx-12.5/fio.c heirloom-mailx-12.5-patched/fio.c
---- heirloom-mailx-12.5/fio.c	2011-04-26 22:23:22.000000000 +0100
-+++ heirloom-mailx-12.5-patched/fio.c	2014-12-27 01:27:15.634561413 +0000
-@@ -43,12 +43,15 @@
- #endif /* not lint */
- 
- #include "rcv.h"
-+
-+#ifndef HAVE_WORDEXP
-+#error wordexp support is required
-+#endif
-+
- #include <sys/stat.h>
- #include <sys/file.h>
- #include <sys/wait.h>
--#ifdef	HAVE_WORDEXP
- #include <wordexp.h>
--#endif	/* HAVE_WORDEXP */
- #include <unistd.h>
- 
- #if defined (USE_NSS)
-@@ -481,7 +484,6 @@
- static char *
- globname(char *name)
- {
--#ifdef	HAVE_WORDEXP
- 	wordexp_t we;
- 	char *cp;
- 	sigset_t nset;
-@@ -495,7 +497,7 @@
- 	sigemptyset(&nset);
- 	sigaddset(&nset, SIGCHLD);
- 	sigprocmask(SIG_BLOCK, &nset, NULL);
--	i = wordexp(name, &we, 0);
-+	i = wordexp(name, &we, WRDE_NOCMD);
- 	sigprocmask(SIG_UNBLOCK, &nset, NULL);
- 	switch (i) {
- 	case 0:
-@@ -527,65 +529,6 @@
- 	}
- 	wordfree(&we);
- 	return cp;
--#else	/* !HAVE_WORDEXP */
--	char xname[PATHSIZE];
--	char cmdbuf[PATHSIZE];		/* also used for file names */
--	int pid, l;
--	char *cp, *shell;
--	int pivec[2];
--	extern int wait_status;
--	struct stat sbuf;
--
--	if (pipe(pivec) < 0) {
--		perror("pipe");
--		return name;
--	}
--	snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
--	if ((shell = value("SHELL")) == NULL)
--		shell = SHELL;
--	pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
--	if (pid < 0) {
--		close(pivec[0]);
--		close(pivec[1]);
--		return NULL;
--	}
--	close(pivec[1]);
--again:
--	l = read(pivec[0], xname, sizeof xname);
--	if (l < 0) {
--		if (errno == EINTR)
--			goto again;
--		perror("read");
--		close(pivec[0]);
--		return NULL;
--	}
--	close(pivec[0]);
--	if (wait_child(pid) < 0 && WTERMSIG(wait_status) != SIGPIPE) {
--		fprintf(stderr, catgets(catd, CATSET, 81,
--				"\"%s\": Expansion failed.\n"), name);
--		return NULL;
--	}
--	if (l == 0) {
--		fprintf(stderr, catgets(catd, CATSET, 82,
--					"\"%s\": No match.\n"), name);
--		return NULL;
--	}
--	if (l == sizeof xname) {
--		fprintf(stderr, catgets(catd, CATSET, 83,
--				"\"%s\": Expansion buffer overflow.\n"), name);
--		return NULL;
--	}
--	xname[l] = 0;
--	for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
--		;
--	cp[1] = '\0';
--	if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
--		fprintf(stderr, catgets(catd, CATSET, 84,
--				"\"%s\": Ambiguous.\n"), name);
--		return NULL;
--	}
--	return savestr(xname);
--#endif	/* !HAVE_WORDEXP */
- }
- 
- /*
-diff -Naur heirloom-mailx-12.5/mailx.1 heirloom-mailx-12.5-patched/mailx.1
---- heirloom-mailx-12.5/mailx.1	2011-04-26 22:23:22.000000000 +0100
-+++ heirloom-mailx-12.5-patched/mailx.1	2014-12-27 01:26:53.838026857 +0000
-@@ -656,6 +656,14 @@
- will have the system wide alias expanded
- as all mail goes through sendmail.
- .SS "Recipient address specifications"
-+If the
-+.I expandaddr
-+option is not set (the default), recipient addresses must be names of
-+local mailboxes or Internet mail addresses.
-+.PP
-+If the
-+.I expandaddr
-+option is set, the following rules apply:
- When an address is used to name a recipient
- (in any of To, Cc, or Bcc),
- names of local mail folders
-@@ -2391,6 +2399,12 @@
- If this option is set,
- \fImailx\fR starts even with an empty mailbox.
- .TP
-+.B expandaddr
-+Causes
-+.I mailx
-+to expand message recipient addresses, as explained in the section,
-+Recipient address specifications.
-+.TP
- .B flipr
- Exchanges the
- .I Respond
-@@ -3575,7 +3589,7 @@
- .TP
- .B ssl-method
- Selects a SSL/TLS protocol version;
--valid values are `ssl2', `ssl3', and `tls1'.
-+valid values are `ssl3', and `tls1'.
- If unset, the method is selected automatically,
- if possible.
- .TP
-diff -Naur heirloom-mailx-12.5/names.c heirloom-mailx-12.5-patched/names.c
---- heirloom-mailx-12.5/names.c	2011-04-26 22:23:22.000000000 +0100
-+++ heirloom-mailx-12.5-patched/names.c	2014-12-27 01:26:59.654169487 +0000
-@@ -268,6 +268,9 @@
- 	FILE *fout, *fin;
- 	int ispipe;
- 
-+	if (value("expandaddr") == NULL)
-+		return names;
-+
- 	top = names;
- 	np = names;
- 	time(&now);
-@@ -546,7 +549,7 @@
-  * Return an error if the name list won't fit.
-  */
- char **
--unpack(struct name *np)
-+unpack(struct name *smopts, struct name *np)
- {
- 	char **ap, **top;
- 	struct name *n;
-@@ -561,7 +564,7 @@
- 	 * the terminating 0 pointer.  Additional spots may be needed
- 	 * to pass along -f to the host mailer.
- 	 */
--	extra = 2;
-+	extra = 3 + count(smopts);
- 	extra++;
- 	metoo = value("metoo") != NULL;
- 	if (metoo)
-@@ -578,6 +581,10 @@
- 		*ap++ = "-m";
- 	if (verbose)
- 		*ap++ = "-v";
-+	for (; smopts != NULL; smopts = smopts->n_flink)
-+		if ((smopts->n_type & GDEL) == 0)
-+			*ap++ = smopts->n_name;
-+	*ap++ = "--";
- 	for (; n != NULL; n = n->n_flink)
- 		if ((n->n_type & GDEL) == 0)
- 			*ap++ = n->n_name;
-diff -Naur heirloom-mailx-12.5/openssl.c heirloom-mailx-12.5-patched/openssl.c
---- heirloom-mailx-12.5/openssl.c	2011-04-26 22:23:22.000000000 +0100
-+++ heirloom-mailx-12.5-patched/openssl.c	2014-12-27 01:26:34.385549867 +0000
-@@ -216,9 +216,7 @@
- 
- 	cp = ssl_method_string(uhp);
- 	if (cp != NULL) {
--		if (equal(cp, "ssl2"))
--			method = SSLv2_client_method();
--		else if (equal(cp, "ssl3"))
-+		if (equal(cp, "ssl3"))
- 			method = SSLv3_client_method();
- 		else if (equal(cp, "tls1"))
- 			method = TLSv1_client_method();
-diff -Naur heirloom-mailx-12.5/sendout.c heirloom-mailx-12.5-patched/sendout.c
---- heirloom-mailx-12.5/sendout.c	2011-04-26 22:23:22.000000000 +0100
-+++ heirloom-mailx-12.5-patched/sendout.c	2014-12-27 01:26:59.654169487 +0000
-@@ -835,7 +835,7 @@
- #endif	/* HAVE_SOCKETS */
- 
- 	if ((smtp = value("smtp")) == NULL) {
--		args = unpack(cat(mailargs, to));
-+		args = unpack(mailargs, to);
- 		if (debug || value("debug")) {
- 			printf(catgets(catd, CATSET, 181,
- 					"Sendmail arguments:"));
diff --git a/source/n/mailx/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch b/source/n/mailx/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch
new file mode 100644
index 000000000..a7fb9d362
--- /dev/null
+++ b/source/n/mailx/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch
@@ -0,0 +1,25 @@
+From 73fefa0c1ac70043ec84f2d8b8f9f683213f168d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 17 Nov 2014 13:11:32 +0100
+Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771)
+
+---
+ fio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fio.c b/fio.c
+index 1529236..774a204 100644
+--- a/fio.c
++++ b/fio.c
+@@ -497,7 +497,7 @@ globname(char *name)
+ 	sigemptyset(&nset);
+ 	sigaddset(&nset, SIGCHLD);
+ 	sigprocmask(SIG_BLOCK, &nset, NULL);
+-	i = wordexp(name, &we, 0);
++	i = wordexp(name, &we, WRDE_NOCMD);
+ 	sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ 	switch (i) {
+ 	case 0:
+-- 
+1.9.3
+
diff --git a/source/n/mailx/mailx-12.5-openssl.patch b/source/n/mailx/mailx-12.5-openssl.patch
new file mode 100644
index 000000000..210890bc4
--- /dev/null
+++ b/source/n/mailx/mailx-12.5-openssl.patch
@@ -0,0 +1,41 @@
+diff --git a/openssl.c b/openssl.c
+index b4e33fc..9d1eaf4 100644
+--- a/openssl.c
++++ b/openssl.c
+@@ -136,6 +136,7 @@ ssl_rand_init(void)
+ 	int state = 0;
+ 
+ 	if ((cp = value("ssl-rand-egd")) != NULL) {
++#ifndef OPENSSL_NO_EGD
+ 		cp = expand(cp);
+ 		if (RAND_egd(cp) == -1) {
+ 			fprintf(stderr, catgets(catd, CATSET, 245,
+@@ -143,6 +144,9 @@ ssl_rand_init(void)
+ 					cp);
+ 		} else
+ 			state = 1;
++#else
++		fprintf(stderr, "entropy daemon not available\n");
++#endif
+ 	} else if ((cp = value("ssl-rand-file")) != NULL) {
+ 		cp = expand(cp);
+ 		if (RAND_load_file(cp, 1024) == -1) {
+@@ -216,9 +220,16 @@ ssl_select_method(const char *uhp)
+ 
+ 	cp = ssl_method_string(uhp);
+ 	if (cp != NULL) {
+-		if (equal(cp, "ssl2"))
++		if (equal(cp, "ssl2")) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ 			method = SSLv2_client_method();
+-		else if (equal(cp, "ssl3"))
++#else
++	/* SSLv2 support was removed in OpenSSL 1.1.0 */
++			fprintf(stderr, catgets(catd, CATSET, 244,
++					"Unsupported SSL method \"%s\"\n"), cp);
++			method = SSLv23_client_method();
++#endif
++		} else if (equal(cp, "ssl3"))
+ 			method = SSLv3_client_method();
+ 		else if (equal(cp, "tls1"))
+ 			method = TLSv1_client_method();
diff --git a/source/n/mailx/mailx-12.5-outof-Introduce-expandaddr-flag.patch b/source/n/mailx/mailx-12.5-outof-Introduce-expandaddr-flag.patch
new file mode 100644
index 000000000..c3479e284
--- /dev/null
+++ b/source/n/mailx/mailx-12.5-outof-Introduce-expandaddr-flag.patch
@@ -0,0 +1,64 @@
+From 9984ae5cb0ea0d61df1612b06952a61323c083d9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 17 Nov 2014 11:13:38 +0100
+Subject: [PATCH 1/4] outof: Introduce expandaddr flag
+
+Document that address expansion is disabled unless the expandaddr
+binary option is set.
+
+This has been assigned CVE-2014-7844 for BSD mailx, but it is not
+a vulnerability in Heirloom mailx because this feature was documented.
+---
+ mailx.1 | 14 ++++++++++++++
+ names.c |  3 +++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/mailx.1 b/mailx.1
+index 70a7859..22a171b 100644
+--- a/mailx.1
++++ b/mailx.1
+@@ -656,6 +656,14 @@ but any reply returned to the machine
+ will have the system wide alias expanded
+ as all mail goes through sendmail.
+ .SS "Recipient address specifications"
++If the
++.I expandaddr
++option is not set (the default), recipient addresses must be names of
++local mailboxes or Internet mail addresses.
++.PP
++If the
++.I expandaddr
++option is set, the following rules apply:
+ When an address is used to name a recipient
+ (in any of To, Cc, or Bcc),
+ names of local mail folders
+@@ -2391,6 +2399,12 @@ and exits immediately.
+ If this option is set,
+ \fImailx\fR starts even with an empty mailbox.
+ .TP
++.B expandaddr
++Causes
++.I mailx
++to expand message recipient addresses, as explained in the section,
++Recipient address specifications.
++.TP
+ .B flipr
+ Exchanges the
+ .I Respond
+diff --git a/names.c b/names.c
+index 66e976b..c69560f 100644
+--- a/names.c
++++ b/names.c
+@@ -268,6 +268,9 @@ outof(struct name *names, FILE *fo, struct header *hp)
+ 	FILE *fout, *fin;
+ 	int ispipe;
+ 
++	if (value("expandaddr") == NULL)
++		return names;
++
+ 	top = names;
+ 	np = names;
+ 	time(&now);
+-- 
+1.9.3
+
diff --git a/source/n/mailx/mailx.SlackBuild b/source/n/mailx/mailx.SlackBuild
index 1495b41ed..5f9835b93 100755
--- a/source/n/mailx/mailx.SlackBuild
+++ b/source/n/mailx/mailx.SlackBuild
@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/bash
 
-# Copyright 2008, 2009, 2010, 2016  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2016, 2018  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -20,9 +20,11 @@
 #  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+cd $(dirname $0) ; CWD=$(pwd)
 
+PKGNAM=mailx
 VERSION=12.5
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-4}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -34,6 +36,14 @@ if [ -z "$ARCH" ]; then
   esac
 fi
 
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+  exit 0
+fi
+
 NUMJOBS=${NUMJOBS:-" -j7 "}
 
 if [ "$ARCH" = "i586" ]; then
@@ -46,7 +56,6 @@ else
   SLKCFLAGS="-O2"
 fi
 
-CWD=$(pwd)
 TMP=${TMP:-/tmp}
 PKG=$TMP/package-mailx
 rm -rf $PKG
@@ -57,7 +66,9 @@ rm -rf mailx-$VERSION
 tar xvf $CWD/mailx-$VERSION.tar.?z* || exit 1
 cd mailx-$VERSION || exit 1
 
-zcat $CWD/heirloom-mailx-12.5-fixes-1.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/mailx-12.5-openssl.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/mailx-12.5-globname-Invoke-wordexp-with-WRDE_NOCMD-CVE-2004-277.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/mailx-12.5-outof-Introduce-expandaddr-flag.patch.gz | patch -p1 --verbose || exit 1
 
 chown -R root:root .
 find . \
@@ -71,7 +82,7 @@ make CFLAGS="$SLKCFLAGS" \
      MANDIR=/usr/man \
      MAILSPOOL=/var/spool/mail \
      UCBINSTALL=/usr/bin/install \
-     SENDMAIL=/usr/sbin/sendmail
+     SENDMAIL=/usr/sbin/sendmail || exit 1
 
 make install DESTDIR=$PKG \
              CFLAGS="$SLKCFLAGS" \
@@ -79,7 +90,7 @@ make install DESTDIR=$PKG \
              MANDIR=/usr/man \
              MAILSPOOL=/var/spool/mail \
              UCBINSTALL=/usr/bin/install \
-             SENDMAIL=/usr/sbin/sendmail
+             SENDMAIL=/usr/sbin/sendmail || exit 1
 
 # We put symlinks in /bin since some things still expect '/bin/mail' or '/bin/Mail':
 mkdir -p $PKG/bin
diff --git a/source/n/mailx/slack-desc b/source/n/mailx/slack-desc
index d02c6f03f..76c010d76 100644
--- a/source/n/mailx/slack-desc
+++ b/source/n/mailx/slack-desc
@@ -1,8 +1,8 @@
 # HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description.  Line
+# The "handy ruler" below makes it easier to edit a package description. Line
 # up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in.  You must
-# make exactly 11 lines for the formatting to be correct.  It's also
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
 # customary to leave one space after the ':'.
 
      |-----handy-ruler------------------------------------------------------|