Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:bsd-mailx
User: [email protected]
Usertags: unblock
Please unblock package bsd-mailx
[ Reason ]
Allow through to trixie a simple fix to missing behaviour in bsd-mailx (let the
TMPDIR override the hard-coded selection of /tmp) that has 'severe' impact on
other packages such as chkroot run by logcheck needing to send security alerts
with a read-only /tmp (#1108377).
[ Impact ]
This fixes RC bug #1108377 so if this fix is not unblocked, bsd-mailx will be
removed from trixie and the 20 packages listing it as their first default MUA
will become RC-buggy.
Alternatively, if this bug is waived for trixie, then other system services
that have been hardened with an unusable /tmp, like chkrootkit when launched by
logcheck under systemd, will fail to send potentially critical e-mails to the
administrator when bsd-mailx is the default /usr/bin/mail.
[ Tests ]
I ran manual checks that the mail command performed or failed to perform as
expected with different or no values for TMPDIR with or without the patch.
The member of the pkg-security team who handled the bug report when it landed
on 'chkrootkit' reproduced the submitter's failing case and verified that this
fix to bsd-mailx solves the originally-reported problem.
[ Risks ]
By inspection, this is a very low risk two-line change.
There could be unintended consequences if another tool or test relied upon the
broken original behaviour. This seems sufficiently unlikely that we are better
off handling this if it happens than accepting the impact above.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
This package is currently awaiting sponsorship so this is initially a
pre-approval request; I will retitle accordingly if this package gets uploaded
before any unblock is granted.
- Relevant bug report #1108377 (originally against chkrootkit, moved to
bsd-mailx): https://bugs.debian.org/1108377
- Request for sponsorship for fixed package: https://bugs.debian.org/1109081
unblock bsd-mailx/8.1.2-0.20220412cvs-1.1
diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/changelog
bsd-mailx-8.1.2-0.20220412cvs/debian/changelog
--- bsd-mailx-8.1.2-0.20220412cvs/debian/changelog 2022-04-14
20:52:05.0 +0100
+++ bsd-mailx-8.1.2-0.20220412cvs/debian/changelog 2025-07-09
23:03:16.0 +0100
@@ -1,3 +1,11 @@
+bsd-mailx (8.1.2-0.20220412cvs-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Patch to honour TMPDIR. (Closes: #1108377)
+Thanks: Richard Lewis, Holger Levsen.
+
+ -- Andrew Bower Wed, 09 Jul 2025 23:03:16 +0100
+
bsd-mailx (8.1.2-0.20220412cvs-1) unstable; urgency=low
[ Debian Janitor ]
diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch
bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch
--- bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch
1970-01-01 01:00:00.0 +0100
+++ bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch
2025-07-09 23:03:16.0 +0100
@@ -0,0 +1,26 @@
+From: Andrew Bower
+Date: Wed, 9 Jul 2025 22:28:37 +0100
+Bug-Debian: https://bugs.debian.org/1108377
+Forwarded: no
+Subject: Honour TMPDIR environment variable
+
+Thanks: diagnosis by Richard Lewis and Holger Levsen.
+
+---
+ temp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/temp.c b/temp.c
+index b2c6308..b88aaa4 100644
+--- a/temp.c
b/temp.c
+@@ -47,7 +47,8 @@ tinit(void)
+ {
+ char *cp;
+
+- tmpdir = _PATH_TMP;
++ if ((tmpdir = getenv("TMPDIR")) == NULL)
++ tmpdir = _PATH_TMP;
+ if ((tmpdir = strdup(tmpdir)) == NULL)
+ err(1, "strdup");
+
diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series
bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series
--- bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series 2022-04-14
20:52:05.0 +0100
+++ bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series 2025-07-09
23:03:16.0 +0100
@@ -32,3 +32,4 @@
33-Add-MIME-headers.patch
34-Fix-strnvis.patch
35-Fix-new-warnings-and-error.patch
+36-Honour-TMPDIR.patch
signature.asc
Description: PGP signature
