Your message dated Sun, 13 Jul 2025 19:18:22 +0000
with message-id <[email protected]>
and subject line unblock bsd-mailx
has caused the Debian Bug report #1109085,
regarding unblock: bsd-mailx/8.1.2-0.20220412cvs-1.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109085
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:bsd-mailx
User: [email protected]
Usertags: unblock
Please unblock package bsd-mailx
[ Reason ]
Allow through to trixie a simple fix to missing behaviour in bsd-mailx (let the
TMPDIR override the hard-coded selection of /tmp) that has 'severe' impact on
other packages such as chkroot run by logcheck needing to send security alerts
with a read-only /tmp (#1108377).
[ Impact ]
This fixes RC bug #1108377 so if this fix is not unblocked, bsd-mailx will be
removed from trixie and the 20 packages listing it as their first default MUA
will become RC-buggy.
Alternatively, if this bug is waived for trixie, then other system services
that have been hardened with an unusable /tmp, like chkrootkit when launched by
logcheck under systemd, will fail to send potentially critical e-mails to the
administrator when bsd-mailx is the default /usr/bin/mail.
[ Tests ]
I ran manual checks that the mail command performed or failed to perform as
expected with different or no values for TMPDIR with or without the patch.
The member of the pkg-security team who handled the bug report when it landed
on 'chkrootkit' reproduced the submitter's failing case and verified that this
fix to bsd-mailx solves the originally-reported problem.
[ Risks ]
By inspection, this is a very low risk two-line change.
There could be unintended consequences if another tool or test relied upon the
broken original behaviour. This seems sufficiently unlikely that we are better
off handling this if it happens than accepting the impact above.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
This package is currently awaiting sponsorship so this is initially a
pre-approval request; I will retitle accordingly if this package gets uploaded
before any unblock is granted.
- Relevant bug report #1108377 (originally against chkrootkit, moved to
bsd-mailx): https://bugs.debian.org/1108377
- Request for sponsorship for fixed package: https://bugs.debian.org/1109081
unblock bsd-mailx/8.1.2-0.20220412cvs-1.1
diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/changelog
bsd-mailx-8.1.2-0.20220412cvs/debian/changelog
--- bsd-mailx-8.1.2-0.20220412cvs/debian/changelog 2022-04-14
20:52:05.000000000 +0100
+++ bsd-mailx-8.1.2-0.20220412cvs/debian/changelog 2025-07-09
23:03:16.000000000 +0100
@@ -1,3 +1,11 @@
+bsd-mailx (8.1.2-0.20220412cvs-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Patch to honour TMPDIR. (Closes: #1108377)
+ Thanks: Richard Lewis, Holger Levsen.
+
+ -- Andrew Bower <[email protected]> Wed, 09 Jul 2025 23:03:16 +0100
+
bsd-mailx (8.1.2-0.20220412cvs-1) unstable; urgency=low
[ Debian Janitor ]
diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch
bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch
--- bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch
1970-01-01 01:00:00.000000000 +0100
+++ bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch
2025-07-09 23:03:16.000000000 +0100
@@ -0,0 +1,26 @@
+From: Andrew Bower <[email protected]>
+Date: Wed, 9 Jul 2025 22:28:37 +0100
+Bug-Debian: https://bugs.debian.org/1108377
+Forwarded: no
+Subject: Honour TMPDIR environment variable
+
+Thanks: diagnosis by Richard Lewis and Holger Levsen.
+
+---
+ temp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/temp.c b/temp.c
+index b2c6308..b88aaa4 100644
+--- a/temp.c
++++ b/temp.c
+@@ -47,7 +47,8 @@ tinit(void)
+ {
+ char *cp;
+
+- tmpdir = _PATH_TMP;
++ if ((tmpdir = getenv("TMPDIR")) == NULL)
++ tmpdir = _PATH_TMP;
+ if ((tmpdir = strdup(tmpdir)) == NULL)
+ err(1, "strdup");
+
diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series
bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series
--- bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series 2022-04-14
20:52:05.000000000 +0100
+++ bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series 2025-07-09
23:03:16.000000000 +0100
@@ -32,3 +32,4 @@
33-Add-MIME-headers.patch
34-Fix-strnvis.patch
35-Fix-new-warnings-and-error.patch
+36-Honour-TMPDIR.patch
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
