Package: release.debian.org Severity: normal X-Debbugs-Cc: [email protected] Control: affects -1 + src:bsd-mailx User: [email protected] Usertags: unblock
Please unblock package bsd-mailx [ Reason ] Allow through to trixie a simple fix to missing behaviour in bsd-mailx (let the TMPDIR override the hard-coded selection of /tmp) that has 'severe' impact on other packages such as chkroot run by logcheck needing to send security alerts with a read-only /tmp (#1108377). [ Impact ] This fixes RC bug #1108377 so if this fix is not unblocked, bsd-mailx will be removed from trixie and the 20 packages listing it as their first default MUA will become RC-buggy. Alternatively, if this bug is waived for trixie, then other system services that have been hardened with an unusable /tmp, like chkrootkit when launched by logcheck under systemd, will fail to send potentially critical e-mails to the administrator when bsd-mailx is the default /usr/bin/mail. [ Tests ] I ran manual checks that the mail command performed or failed to perform as expected with different or no values for TMPDIR with or without the patch. The member of the pkg-security team who handled the bug report when it landed on 'chkrootkit' reproduced the submitter's failing case and verified that this fix to bsd-mailx solves the originally-reported problem. [ Risks ] By inspection, this is a very low risk two-line change. There could be unintended consequences if another tool or test relied upon the broken original behaviour. This seems sufficiently unlikely that we are better off handling this if it happens than accepting the impact above. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] This package is currently awaiting sponsorship so this is initially a pre-approval request; I will retitle accordingly if this package gets uploaded before any unblock is granted. - Relevant bug report #1108377 (originally against chkrootkit, moved to bsd-mailx): https://bugs.debian.org/1108377 - Request for sponsorship for fixed package: https://bugs.debian.org/1109081 unblock bsd-mailx/8.1.2-0.20220412cvs-1.1
diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/changelog bsd-mailx-8.1.2-0.20220412cvs/debian/changelog --- bsd-mailx-8.1.2-0.20220412cvs/debian/changelog 2022-04-14 20:52:05.000000000 +0100 +++ bsd-mailx-8.1.2-0.20220412cvs/debian/changelog 2025-07-09 23:03:16.000000000 +0100 @@ -1,3 +1,11 @@ +bsd-mailx (8.1.2-0.20220412cvs-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Patch to honour TMPDIR. (Closes: #1108377) + Thanks: Richard Lewis, Holger Levsen. + + -- Andrew Bower <[email protected]> Wed, 09 Jul 2025 23:03:16 +0100 + bsd-mailx (8.1.2-0.20220412cvs-1) unstable; urgency=low [ Debian Janitor ] diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch --- bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch 1970-01-01 01:00:00.000000000 +0100 +++ bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch 2025-07-09 23:03:16.000000000 +0100 @@ -0,0 +1,26 @@ +From: Andrew Bower <[email protected]> +Date: Wed, 9 Jul 2025 22:28:37 +0100 +Bug-Debian: https://bugs.debian.org/1108377 +Forwarded: no +Subject: Honour TMPDIR environment variable + +Thanks: diagnosis by Richard Lewis and Holger Levsen. + +--- + temp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/temp.c b/temp.c +index b2c6308..b88aaa4 100644 +--- a/temp.c ++++ b/temp.c +@@ -47,7 +47,8 @@ tinit(void) + { + char *cp; + +- tmpdir = _PATH_TMP; ++ if ((tmpdir = getenv("TMPDIR")) == NULL) ++ tmpdir = _PATH_TMP; + if ((tmpdir = strdup(tmpdir)) == NULL) + err(1, "strdup"); + diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series --- bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series 2022-04-14 20:52:05.000000000 +0100 +++ bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series 2025-07-09 23:03:16.000000000 +0100 @@ -32,3 +32,4 @@ 33-Add-MIME-headers.patch 34-Fix-strnvis.patch 35-Fix-new-warnings-and-error.patch +36-Honour-TMPDIR.patch
signature.asc
Description: PGP signature
