[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#773478: marked as done (unblock: bsd-mailx/8.1.2-0.20141216cvs-1)

Your message dated Fri, 19 Dec 2014 00:14:26 +0100
with message-id <20141218231426.GO1260@betterave.cristau.org>
and subject line Re: Bug#773478: unblock: bsd-mailx/8.1.2-0.20141216cvs-1
has caused the Debian Bug report #773478,
regarding unblock: bsd-mailx/8.1.2-0.20141216cvs-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
773478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773478
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock the following version of bsd-mailx:
bsd-mailx (8.1.2-0.20141216cvs-1) unstable; urgency=high

  * New upstream version from OpenBSD cvs repository. The version consists of:

    - The changes that are part of the following recent stable security update
      by Florian Weimer:

        bsd-mailx (8.1.2-0.20111106cvs-1+deb7u1) wheezy-security; urgency=high
          * Apply OpenBSD patches from Todd Miller:
            + 80-remove_T.patch (remove undocumented/obsolete -T option)
            + 81-minus_f.patch (adjust -f processing)
            + 82-expandaddr.patch (fix CVE-2014-7844)
            + 83-nosendmail.patch (make -- work for option parsing suppression)

    - A simple change in lex.c related to preferring mkostemp(O_CLOEXEC) over
      mkstemp()+fcntl(F_SETFD) and fopen("re") over fopen("r")+fcntl(F_SETFD).

    - A change in fio.c to use glob() to expand filenames. The change however
      is not enabled in the Debian package (i.e. outside of `#ifdef DEBIAN'
      code) as wordexp() function instead has been used in Debian for last
      10 years.

  * Bump Standards-Version to 3.9.6.

 -- Robert Luberda <robert@debian.org>  Thu, 18 Dec 2014 00:45:40 +0100


I'm attaching the full debdiff to this e-mail. 
To make the review easier please find below the upstream code 
differencies between 
- previous version (8.1.2-0.20140825cvs-1) with all Florian's patches 
  from wheezy security applied
- and the version I've just uploaded.


diff -Nur -x debian -x CVS -x .pc -x .git bsd-mailx.patches/fio.c bsd-mailx/fio.c
--- bsd-mailx.patches/fio.c	2014-12-17 23:54:58.000000000 +0100
+++ bsd-mailx/fio.c	2014-12-18 20:05:45.000000000 +0100
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fio.c,v 1.33 2014/01/17 18:42:30 okan Exp $	*/
+/*	$OpenBSD: fio.c,v 1.34 2014/12/16 18:31:06 millert Exp $	*/
 /*	$NetBSD: fio.c,v 1.8 1997/07/07 22:57:55 phil Exp $	*/
 
 /*
@@ -37,6 +37,9 @@
 #include <unistd.h>
 #include <paths.h>
 #include <errno.h>
+#ifndef DEBIAN
+#include <glob.h>
+#endif
 #include "extern.h"
 
 #ifdef DEBIAN
@@ -424,17 +427,13 @@
 char *
 expand(char *name)
 {
+#ifndef DEBIAN
+	const int flags = GLOB_BRACE|GLOB_TILDE|GLOB_NOSORT;
+#endif
 	char xname[PATHSIZE];
 	char cmdbuf[PATHSIZE];		/* also used for file names */
 #ifdef DEBIAN
 	wordexp_t p;
-#else
-	pid_t pid;
-	int l;
-	char *cp, *shell;
-	int pivec[2];
-	struct stat sbuf;
-	extern int wait_status;
 #endif
 
 	/*
@@ -511,47 +510,23 @@
 
 	}
 #else
// [ RL - note the whole block is not applicable to Debian, as it is
// #else branch for #ifdef DEBIAN ]
-
-	/* XXX - just use glob(3) and env expansion instead? */
-	if (pipe(pivec) < 0) {
-		warn("pipe");
-		return(name);
-	}
-	(void)snprintf(cmdbuf, sizeof(cmdbuf), "echo %s", name);
-	shell = value("SHELL");
-	pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NULL);
-	if (pid < 0) {
-		(void)close(pivec[0]);
-		(void)close(pivec[1]);
-		return(NULL);
-	}
-	(void)close(pivec[1]);
-	l = myread(pivec[0], xname, PATHSIZE);
-	if (l < 0)
-		warn("read"); /* report error before errno changes */
-	(void)close(pivec[0]);
-	if (wait_child(pid) < 0 && WIFSIGNALED(wait_status) &&
-	    WTERMSIG(wait_status) != SIGPIPE) {
-		fprintf(stderr, "\"%s\": Expansion failed.\n", name);
-		return(NULL);
-	}
-	if (l < 0)
-		return(NULL);
-	if (l == 0) {
+	/* XXX - does not expand enviroment variables. */
+	switch (glob(name, flags, NULL, &names)) {
+	case 0:
+		if (names.gl_pathc == 1)
+			match = savestr(names.gl_pathv[0]);
+		else
+			fprintf(stderr, "\"%s\": Ambiguous.\n", name);
+		break;
+	case GLOB_NOSPACE:
+		fprintf(stderr, "\"%s\": Out of memory.\n", name);
+		break;
+	case GLOB_NOMATCH:
 		fprintf(stderr, "\"%s\": No match.\n", name);
-		return(NULL);
-	}
-	if (l == PATHSIZE) {
-		fprintf(stderr, "\"%s\": Expansion buffer overflow.\n", name);
-		return(NULL);
-	}
-	xname[l] = '\0';
-	for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--)
-		;
-	cp[1] = '\0';
-	if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) {
-		fprintf(stderr, "\"%s\": Ambiguous.\n", name);
-		return(NULL);
+		break;
+	default:
+		fprintf(stderr, "\"%s\": Expansion failed.\n", name);
+		break;
 	}
 	return(savestr(xname));
 #endif
diff -Nur -x debian -x CVS -x .pc -x .git bsd-mailx.patches/glob.h bsd-mailx/glob.h
--- bsd-mailx.patches/glob.h	2014-12-17 23:54:59.000000000 +0100
+++ bsd-mailx/glob.h	2014-12-18 00:04:44.000000000 +0100
@@ -1,4 +1,4 @@
-/*	$OpenBSD: glob.h,v 1.7 2003/06/03 02:56:11 millert Exp $	*/
+/*	$OpenBSD: glob.h,v 1.8 2014/11/24 20:01:43 millert Exp $	*/
 /*	$NetBSD: glob.h,v 1.4 1996/06/08 19:48:25 christos Exp $	*/
 
 /*
diff -Nur -x debian -x CVS -x .pc -x .git bsd-mailx.patches/lex.c bsd-mailx/lex.c
--- bsd-mailx.patches/lex.c	2014-12-17 23:54:59.000000000 +0100
+++ bsd-mailx/lex.c	2014-12-18 20:05:45.000000000 +0100
@@ -1,4 +1,4 @@
-/*	$OpenBSD: lex.c,v 1.37 2014/05/20 01:25:23 guenther Exp $	*/
+/*	$OpenBSD: lex.c,v 1.38 2014/10/26 20:38:13 guenther Exp $	*/
 /*	$NetBSD: lex.c,v 1.10 1997/05/17 19:55:13 pk Exp $	*/
 
 /*
@@ -125,13 +125,11 @@
// [ RL - this is the mkostemp change mentioned in changelog. In case
// you don't like the change, I can make new version with a patch that 
// will revert it ]
 	mailsize = fsize(ibuf);
 	(void)snprintf(tempname, sizeof(tempname),
 	    "%s/mail.RxXXXXXXXXXX", tmpdir);
-	if ((fd = mkstemp(tempname)) == -1 ||
+	if ((fd = mkostemp(tempname, O_CLOEXEC)) == -1 ||
 	    (otf = fdopen(fd, "w")) == NULL)
 		err(1, "%s", tempname);
-	(void)fcntl(fileno(otf), F_SETFD, FD_CLOEXEC);
-	if ((itf = fopen(tempname, "r")) == NULL)
+	if ((itf = fopen(tempname, "re")) == NULL)
 		err(1, "%s", tempname);
-	(void)fcntl(fileno(itf), F_SETFD, FD_CLOEXEC);
 	(void)rm(tempname);
 	setptr(ibuf, (off_t)0);
 	setmsize(msgCount);
diff -Nur -x debian -x CVS -x .pc -x .git bsd-mailx.patches/mail.1 bsd-mailx/mail.1
--- bsd-mailx.patches/mail.1	2014-12-17 23:56:58.000000000 +0100
+++ bsd-mailx/mail.1	2014-12-18 20:05:45.000000000 +0100
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: mail.1,v 1.65 2014/03/27 13:08:24 jmc Exp $
+.\"	$OpenBSD: mail.1,v 1.70 2014/12/16 18:37:17 millert Exp $
 .\"
 .\" Copyright (c) 1980, 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"	@(#)mail.1	8.8 (Berkeley) 4/28/95
 .\"
-.Dd $Mdocdate: March 27 2014 $
+.Dd $Mdocdate: December 16 2014 $
 .Dt MAIL 1
 .Os
 .Sh NAME
@@ -970,6 +970,11 @@
 .Nm mail
 to interpret a period alone on a line as the terminator
 of a message you are sending.
+.It Ar expandaddr
+Causes
+.Nm mail
+to expand message recipient addresses, as explained in the section
+.Sx Recipient address specifications .
 .It Ar hold
 This option is used to hold messages in the system mailbox
 by default.
diff -Nur -x debian -x CVS -x .pc -x .git bsd-mailx.patches/main.c bsd-mailx/main.c
--- bsd-mailx.patches/main.c	2014-12-17 23:56:58.000000000 +0100
+++ bsd-mailx/main.c	2014-12-18 20:05:45.000000000 +0100
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.23 2009/10/27 23:59:40 deraadt Exp $	*/
+/*	$OpenBSD: main.c,v 1.26 2014/12/16 18:37:17 millert Exp $	*/
 /*	$NetBSD: main.c,v 1.7 1997/05/13 06:15:57 mikel Exp $	*/
 
 /*
diff -Nur -x debian -x CVS -x .pc -x .git bsd-mailx.patches/names.c bsd-mailx/names.c
--- bsd-mailx.patches/names.c	2014-12-17 23:56:12.000000000 +0100
+++ bsd-mailx/names.c	2014-12-18 20:05:45.000000000 +0100
@@ -1,4 +1,4 @@
-/*	$OpenBSD: names.c,v 1.20 2014/08/15 03:51:40 guenther Exp $	*/
+/*	$OpenBSD: names.c,v 1.21 2014/12/16 18:36:46 millert Exp $	*/
 /*	$NetBSD: names.c,v 1.5 1996/06/08 19:48:32 christos Exp $	*/
 
 /*
diff -Nur -x debian -x CVS -x .pc -x .git bsd-mailx.patches/quit.c bsd-mailx/quit.c
--- bsd-mailx.patches/quit.c	2014-12-17 23:54:59.000000000 +0100
+++ bsd-mailx/quit.c	2014-12-18 20:05:45.000000000 +0100
@@ -1,4 +1,4 @@
-/*	$OpenBSD: quit.c,v 1.20 2009/10/27 23:59:40 deraadt Exp $	*/
+/*	$OpenBSD: quit.c,v 1.21 2014/11/24 20:01:43 millert Exp $	*/
 /*	$NetBSD: quit.c,v 1.6 1996/12/28 07:11:07 tls Exp $	*/
 
 /*



unblock bsd-mailx/8.1.2-0.20141216cvs-1

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (200, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.16-3-686-pae (SMP w/1 CPU core)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Attachment: bsd-mailx_8.1.2-0.20141216cvs-1.debdiff.gz
Description: application/gzip


--- End Message ---
--- Begin Message --- 
On Thu, Dec 18, 2014 at 20:22:52 +0100, Robert Luberda wrote:

> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock the following version of bsd-mailx:
> bsd-mailx (8.1.2-0.20141216cvs-1) unstable; urgency=high
> 
Unblocked.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: