Bug#779997: unblock: (pre-approval) mksh/50d-4
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package mksh
With upstream hat, I found and fixed a security-relevant
(privacy related) bug in mksh and would kindly like to
request its inclusion into jessie.
The bug is: when HISTFILE has been set to a filename,
persistent history writing (logging of commands) is
enabled. Running “unset HISTFILE” is a no-op, instead
of, like with the other shells, disabling file logging
again. (Running “HISTFILE=” sort-of works, as it tries
to call open(2) with an empty string as argument, fails
and then leaves logging disabled.)
The fix is a straight backport of the upstream fix, in
two portions: the histrap.c part makes a NULL and empty
string argument ① do the same, and ② disable history
without relying on “open("", …)” to fail; the var.c
part calls the routine in the “unset” case. The other
patches (check.t and sh.h) adjust the shell version to
note that this is a vendor-patched version; it’s something
I (as upstream) request (though not absolutely require)
from distributions to do when they deviate from upstream
sources.
The full debdiff is attached. I plan to upload using a
sponsor (I have several at hand) if I get the approval,
but have no problem against an RT or Security Team member
uploading the package instead either. The package builds
cleanly in jessie and sid (i386 cowbuilder), passes its
testsuite and is lintian-clean.
The package is kept in collab-maint/mksh.git using the
“single-debian-patch” style packaging, which means that
debian/patches/debian-changes accumulates those patches.
Feel free to inspect the git repository for the actual
commit to the upstream sources instead. The package builds
without any non-standard helpers (e.g. gbp), by just invoking
dpkg-buildpackage after placing the .orig.tar.gz into
the parent directory.
unblock mksh/50d-4
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
diff -Nru mksh-50d/debian/changelog mksh-50d/debian/changelog
--- mksh-50d/debian/changelog 2014-10-23 11:20:27.000000000 +0200
+++ mksh-50d/debian/changelog 2015-03-07 22:17:11.000000000 +0100
@@ -1,3 +1,12 @@
+mksh (50d-4) unstable; urgency=medium
+
+ * QA upload.
+ * Backport upstream fix:
+ - [tg] SECURITY: make unset HISTFILE actually work
+ * Adjust shell version accordingly
+
+ -- Thorsten Glaser <tg@mirbsd.de> Sat, 07 Mar 2015 22:16:53 +0100
+
mksh (50d-3) unstable; urgency=high
* QA upload.
diff -Nru mksh-50d/debian/patches/debian-changes mksh-50d/debian/patches/debian-changes
--- mksh-50d/debian/patches/debian-changes 2014-10-23 11:24:49.000000000 +0200
+++ mksh-50d/debian/patches/debian-changes 2015-03-07 22:19:12.000000000 +0100
@@ -18,7 +18,7 @@
expected-stdout:
- @(#)MIRBSD KSH R50 2014/10/07
-+ @(#)MIRBSD KSH R50 2014/10/19
++ @(#)MIRBSD KSH R50 2014/10/19 Debian-4
description:
Check version of shell.
stdin:
@@ -27,7 +27,7 @@
---
expected-stdout:
- @(#)LEGACY KSH R50 2014/10/07
-+ @(#)LEGACY KSH R50 2014/10/19
++ @(#)LEGACY KSH R50 2014/10/19 Debian-4
description:
Check version of legacy shell.
stdin:
@@ -531,6 +531,39 @@
/* set $# and $* */
if (setargs) {
wp += argi - 1;
+--- mksh-50d.orig/histrap.c
++++ mksh-50d/histrap.c
+@@ -563,7 +563,7 @@ sethistfile(const char *name)
+ return;
+
+ /* if the name is the same as the name we have */
+- if (hname && strcmp(hname, name) == 0)
++ if (hname && name && !strcmp(hname, name))
+ return;
+
+ /*
+@@ -581,7 +581,8 @@ sethistfile(const char *name)
+ hist_source->line = 0;
+ }
+
+- hist_init(hist_source);
++ if (name)
++ hist_init(hist_source);
+ }
+ #endif
+
+@@ -713,8 +714,10 @@ hist_init(Source *s)
+ hist_source = s;
+
+ #if HAVE_PERSISTENT_HISTORY
+- if ((hname = str_val(global("HISTFILE"))) == NULL)
++ if (((hname = str_val(global("HISTFILE"))) == NULL) || !*hname) {
++ hname = NULL;
+ return;
++ }
+ strdupx(hname, hname, APERM);
+ hs = hist_init_first;
+
--- mksh-50d.orig/main.c
+++ mksh-50d/main.c
@@ -34,7 +34,7 @@
@@ -561,7 +594,7 @@
+__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.701 2014/10/19 21:53:08 tg Exp $");
#endif
-#define MKSH_VERSION "R50 2014/10/07"
-+#define MKSH_VERSION "R50 2014/10/19"
++#define MKSH_VERSION "R50 2014/10/19 Debian-4"
/* arithmetic types: C implementation */
#if !HAVE_CAN_INTTYPES
@@ -585,3 +618,17 @@
#define X_EXTRA 20 /* this many extra bytes in X string */
+--- mksh-50d.orig/var.c
++++ mksh-50d/var.c
+@@ -1351,6 +1351,11 @@ unsetspec(struct tbl *vp)
+ */
+
+ switch (special(vp->name)) {
++#if HAVE_PERSISTENT_HISTORY
++ case V_HISTFILE:
++ sethistfile(NULL);
++ return;
++#endif
+ case V_IFS:
+ setctypes(TC_IFSWS, C_IFS);
+ ifs0 = ' ';
Reply to: