FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2) When doing attachments set the "name=" parameter of the
Content-Type field, in addition to the (already) set "filename="
parameter of the Content-Disposition field. Some utilities (e.g.,
metamail) use this parameter for the filename even though (I believe)
the "filename=" parameter of the Content-Disposition field is
preferred by the standard (I can't find this explicitly except for
"application/octet-stream" types - see RFC1521 sec 7.4.1 and RFC2046
sec 4.5.1). My impression is that the "name=" parameter of the
Content-Types field is really intended for use when retrieving a file
not in the message, e.g., "message/external-body" Content-Types, and
not for the filename.
(Thanks to wiz@ for noticing this in his spam logs.)
3) Be more careful when determining the Content-Type of 1-byte
attachments. libmagic(3) isn't helpful on such small files.
1) Add support for message selection based on the message body. The
pattern matching is done on the MIME decoded body as would be seen by
the print command.
2) Don't hook editline when doing headers only: that mode is never
interactive and it messes up piping if output is redirected to a
command that expects tty input, such as 'more'.
1) When detaching, don't try to close things we shouldn't (after
doing the header). Specifically, mip->mi_head_end was not
getting set correctly in mime_sendmessage().
2) Change paging to be closer to its old behavior: next, dt, and dp
should only page if the crt variable is set; and don't automatically
page most other commands - the user can always pipe them into more.
Partially restore the "crt" variable: if set, the [pP]rint and [tT]ype
commands invoke the PAGER making them identical to the [pP]age and
[mM]more commands. Its value is now ignored. If anyone really
objects, I will do my best to restore the old behavior, but it really
doesn't fit very well into the current paging architecture.
1) Statification of modules.
2) Implement the 'detach' and 'Detach' commands for extracting mime
parts from messages.
3) Teach mail to output "In-Reply-To" and "References" header fields
when replying so others can thread us.
4) Implement threading, sorting, and tagging, supported by the
following commands: 'flatten', 'reverse', 'sort', 'thread',
'unthread', 'down', 'tset', 'up', 'expose', 'hide', 'tag',
'untag', 'invtags', 'tagbelow', 'hidetags', 'showtags'.
See the manpage for details (when available - soon).
5) Implement a 'deldups' command to delete duplicate messages based on
their "Message-Id" field, e.g., in replies to a mailing list that
are also CCed to a subscriber. (This can also be accomplished with
the threading and tagging commands.)
6) Implement 'ifdef' and 'ifndef' commands, and make the conditionals
nestable (i.e., implement a conditional stack). The if/else/endif
commands existed before, but they were primitive and undocumented.
The 'if' command currently recognizes the "receiving", "sending",
and "headersonly" mode keywords.
7) Teach the message selecting routine to understand regular
expressions if "regex-search" is defined. Otherwise only case
insensitive substring matches are done (as in the past).
8) Teach the message selection routine to understand boolean
expressions. Improved "colon-modifier" support. See the manpage
for details (when available - soon).
9) Extend paging to all commands (where relevant).
10) Add shell like piping and redirection of (standard) output (if
"enable-piping" is defined). Extend completion to these contexts.
11) The manpage should follow soon!!!!
The problem is that mime_decode_close() closes all files registered
after mip->mi_pipe_end and this is getting set in mime_sendmessage()
after a fflush().
When you print a large number of messages fflush() blocks and prevents
mip->mi_pipe_end from getting set before the SIGPIPE comes in and
jumps to the close block that calls mime_decode_close(). As a result,
mime_decode_close() was closing all the registered files including
obuf (mi_pipe_end was NULL).
1) Removed the -B flag (it was stupid on my part) and added a short
description indicating how to accomplish the same thing under the
"Sending Mail" section of man mail(1).
2) Added a -H flag to dump the headers and exit. It takes optional
flags to restrict to old, new, read, unread, and deleted messages
(the later being kind of useless - it shares code with something
that already had it).
3) Restored the 'Save' command which somehow got mistakenly removed in
the last commit and add documentation for it! (My apologies to
its author.)
4) Added a 'mkread' command to mark messages as read (the inverse of
'unread'). Should we also have a 'mknew' command?
5) Added a 'smopts' command to keep a database of addresses and
sendmail options to be used when sending messages to those
addresses. See man mail(1) for a fuller description.
6) Added 'indentpreamble' and 'indentpostscript' variables whose
values are inserted before and after a quoted message (~m or ~M
escapes).
=20
7) Added string formatting abilities for the 'prompt', 'insertpreamble',
'insertpostscript', and header display strings. These strings
support all the strftime() format parameters as well as many more
specific to mail (see man mail(1)).
8) Fix the -a flag so that it only takes a single filename, unless
"mime-attach-list" is defined. This is more conventional and avoids
unexpected whitespace issues.