j...@sdf.org wrote: |Just saw this today and thought I'd forward to the list since these days |probably many heirloom-mailx users are building from source and so may |not get the usual distro package security audit notices. It looks like |the Debian package maintainer has already addressed the issues for 12.5; |both the original and patching tarballs are here:
If you like BSD Mail consider to give S-nail a try. It's a long long way to go, but it is getting better, and i'm still hoping i can go all the way. ?0[steffen@sherwood nail.git]$ git co heirloom Switched to branch 'heirloom' ?0[steffen@sherwood nail.git]$ for i in /tmp/debian/patches/00*; do \ > s-patch < $i; done patching file getopt.c patching file mailx.1 patching file openssl.c patching file mailx.1 Hunk #1 FAILED at 3781. 1 out of 1 hunk FAILED -- saving rejects to file mailx.1.rej patching file mailx.1 patching file names.c patching file extern.h patching file names.c patching file sendout.c patching file fio.c patching file fio.c ?0[steffen@sherwood nail.git]$ make /bin/sh ./makeconfig ... ?0[steffen@sherwood nail.git]$ echo bla | > MAILRC=~/.plain-nailrc ./mailx -Atest -vvd -s sup ./OUT '|cat' user = steffen, homedir = /home/steffen TEST ACCOUNT >>> EHLO localhost >>> AUTH PLAIN >>> AHVzZXIxAHBhc3Mx >>> MAIL FROM:<test@localhost> >>> RCPT TO:<./OUT> >>> RCPT TO:<|cat> Seen that? These are really sloppy patches. But it is not that i cannot understand that. :-) >>> DATA >>> Date: Sat, 20 Dec 2014 23:39:09 +0100 >>> From: test@localhost >>> To: |cat >>> Subject: sup >>> Message-ID: <5495fa8d.iyPNl17GBwSvXHnScwuQRSJh@localhost> >>> User-Agent: Heirloom mailx 12.5 7/5/10 >>> MIME-Version: 1.0 >>> Content-Type: text/plain; charset=us-ascii >>> Content-Transfer-Encoding: 7bit >>> >>> bla >>> . >>> QUIT ?0[steffen@sherwood nail.git]$ echo bla | > s-nail-14.7.10 -Atsmtp -vvd -s sup ./OUT '|cat' Unknown command: `mlist' Unknown command: `mlsubscribe' Unknown command: `}' TEST ACCOUNT SMTP user = steffen, homedir = /home/steffen File or pipe addressees disallowed according to *expandaddr* "/tmp/steffen-dead.letter" 11/258 A bit too rigid, changed again on [next]: ?4[steffen@sherwood nail.git]$ echo bla | > s-nail -Atsmtp -vvd -s sup ./OUT '|cat' smemreset: freed 66 chunks/8626 bytes smemreset: freed 196 chunks/65583 bytes TEST ACCOUNT SMTP user = steffen, homedir = /home/steffen "|cat": *expandaddr* doesn't allow file or pipe address "./OUT": *expandaddr* doesn't allow file or pipe address No recipients specified But in this case, no other receivers ... "/tmp/steffen-dead.letter" 10/267 smemreset: freed 59 chunks/11718 bytes ?4[steffen@sherwood nail.git]$ echo bla | > s-nail -Atsmtp -vvd -Sexpandaddr=restrict -~ -s sup ./OUT '|cat' smemreset: freed 67 chunks/8694 bytes smemreset: freed 196 chunks/65583 bytes TEST ACCOUNT SMTP user = steffen, homedir = /home/steffen >>> Would write message via "./OUT" >>> Would write message via "|cat" smemreset: freed 59 chunks/11666 bytes ?0[steffen@sherwood nail.git]$ echo bla | > s-nail -Atsmtp -vvd -Sexpandaddr=restrict -~ -s sup ./OUT '|cat' u@2 smemreset: freed 68 chunks/8746 bytes smemreset: freed 196 chunks/65583 bytes TEST ACCOUNT SMTP user = steffen, homedir = /home/steffen Credentials: host `localhost:4433', user `user1', pass `pass1' >>> Would write message via "./OUT" >>> Would write message via "|cat" >>> HELO localhost >>> MAIL FROM:<test@localhost> >>> RCPT TO:<u@2> >>> DATA >>> Date: Sat, 20 Dec 2014 23:40:51 +0100 >>> From: test@localhost >>> To: u@2 >>> Subject: sup >>> Message-ID: <20141220224051.dB5uvNQjKIuQeAUy@localhost> >>> User-Agent: s-nail v14.7.10-101-g0690357 >>> MIME-Version: 1.0 >>> Content-Type: text/plain; charset=US-ASCII >>> Content-Transfer-Encoding: 7bit >>> >>> bla >>> . >>> QUIT smemreset: freed 66 chunks/12159 bytes ?0[steffen@sherwood nail.git]$ Finally: ?0[steffen@sherwood nail.git]$ echo bla | > s-nail -Atsmtp -vvd -s sup ./OUT '|cat' u@2 smemreset: freed 67 chunks/8678 bytes smemreset: freed 196 chunks/65583 bytes TEST ACCOUNT SMTP user = steffen, homedir = /home/steffen "|cat": *expandaddr* doesn't allow file or pipe address "./OUT": *expandaddr* doesn't allow file or pipe address Credentials: host `localhost:4433', user `user1', pass `pass1' >>> HELO localhost >>> MAIL FROM:<test@localhost> >>> RCPT TO:<u@2> >>> DATA >>> Date: Sat, 20 Dec 2014 23:47:41 +0100 >>> From: test@localhost >>> To: u@2 >>> Subject: sup >>> Message-ID: <20141220224741.HOf66tl9QYbFvnVY@localhost> >>> User-Agent: s-nail v14.7.10-101-g0690357 >>> MIME-Version: 1.0 >>> Content-Type: text/plain; charset=US-ASCII >>> Content-Transfer-Encoding: 7bit >>> >>> bla >>> . >>> QUIT smemreset: freed 63 chunks/11966 bytes ?0[steffen@sherwood nail.git]$ ^ No senderror again, but this is also not right. Well, the next subminor (v14.8) will take some more time. Have a nice rest-weekend and.. Ciao, --steffen ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ nail-devel mailing list nail-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nail-devel
