Bug#1109085: marked as done (unblock: bsd-mailx/8.1.2-0.20220412cvs-1.1)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 13 Jul 2025 19:18:22 +0000
with message-id <E1ub2DO-000cW1-1C@respighi.debian.org>
and subject line unblock bsd-mailx
has caused the Debian Bug report #1109085,
regarding unblock: bsd-mailx/8.1.2-0.20220412cvs-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1109085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109085
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: bsd-mailx/8.1.2-0.20220412cvs-1.1 (pre-approval)
• From: Andrew Bower <andrew@bower.uk>
• Date: Fri, 11 Jul 2025 06:44:29 +0100
• Message-id: <[🔎] aHCkvde4JT5Q9-w7@shenstone.ab8.net>

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: bsd-mailx@packages.debian.org
Control: affects -1 + src:bsd-mailx
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package bsd-mailx

[ Reason ]
Allow through to trixie a simple fix to missing behaviour in bsd-mailx (let the
TMPDIR override the hard-coded selection of /tmp) that has 'severe' impact on
other packages such as chkroot run by logcheck needing to send security alerts
with a read-only /tmp (#1108377).

[ Impact ]
This fixes RC bug #1108377 so if this fix is not unblocked, bsd-mailx will be
removed from trixie and the 20 packages listing it as their first default MUA
will become RC-buggy.

Alternatively, if this bug is waived for trixie, then other system services
that have been hardened with an unusable /tmp, like chkrootkit when launched by
logcheck under systemd, will fail to send potentially critical e-mails to the
administrator when bsd-mailx is the default /usr/bin/mail.

[ Tests ]
I ran manual checks that the mail command performed or failed to perform as
expected with different or no values for TMPDIR with or without the patch.

The member of the pkg-security team who handled the bug report when it landed
on 'chkrootkit' reproduced the submitter's failing case and verified that this
fix to bsd-mailx solves the originally-reported problem.

[ Risks ]
By inspection, this is a very low risk two-line change.

There could be unintended consequences if another tool or test relied upon the
broken original behaviour. This seems sufficiently unlikely that we are better
off handling this if it happens than accepting the impact above.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
This package is currently awaiting sponsorship so this is initially a
pre-approval request; I will retitle accordingly if this package gets uploaded
before any unblock is granted.

 - Relevant bug report #1108377 (originally against chkrootkit, moved to
   bsd-mailx): https://bugs.debian.org/1108377
 - Request for sponsorship for fixed package: https://bugs.debian.org/1109081

unblock bsd-mailx/8.1.2-0.20220412cvs-1.1

diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/changelog bsd-mailx-8.1.2-0.20220412cvs/debian/changelog
--- bsd-mailx-8.1.2-0.20220412cvs/debian/changelog	2022-04-14 20:52:05.000000000 +0100
+++ bsd-mailx-8.1.2-0.20220412cvs/debian/changelog	2025-07-09 23:03:16.000000000 +0100
@@ -1,3 +1,11 @@
+bsd-mailx (8.1.2-0.20220412cvs-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Patch to honour TMPDIR. (Closes: #1108377)
+    Thanks: Richard Lewis, Holger Levsen.
+
+ -- Andrew Bower <andrew@bower.uk>  Wed, 09 Jul 2025 23:03:16 +0100
+
 bsd-mailx (8.1.2-0.20220412cvs-1) unstable; urgency=low
 
   [ Debian Janitor ]
diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch
--- bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch	1970-01-01 01:00:00.000000000 +0100
+++ bsd-mailx-8.1.2-0.20220412cvs/debian/patches/36-Honour-TMPDIR.patch	2025-07-09 23:03:16.000000000 +0100
@@ -0,0 +1,26 @@
+From: Andrew Bower <andrew@bower.uk>
+Date: Wed, 9 Jul 2025 22:28:37 +0100
+Bug-Debian: https://bugs.debian.org/1108377
+Forwarded: no
+Subject: Honour TMPDIR environment variable
+
+Thanks: diagnosis by Richard Lewis and Holger Levsen.
+
+---
+ temp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/temp.c b/temp.c
+index b2c6308..b88aaa4 100644
+--- a/temp.c
++++ b/temp.c
+@@ -47,7 +47,8 @@ tinit(void)
+ {
+ 	char *cp;
+ 
+-	tmpdir = _PATH_TMP;
++	if ((tmpdir = getenv("TMPDIR")) == NULL)
++		tmpdir = _PATH_TMP;
+ 	if ((tmpdir = strdup(tmpdir)) == NULL)
+ 		err(1, "strdup");
+ 
diff -Nru bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series
--- bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series	2022-04-14 20:52:05.000000000 +0100
+++ bsd-mailx-8.1.2-0.20220412cvs/debian/patches/series	2025-07-09 23:03:16.000000000 +0100
@@ -32,3 +32,4 @@
 33-Add-MIME-headers.patch
 34-Fix-strnvis.patch
 35-Fix-new-warnings-and-error.patch
+36-Honour-TMPDIR.patch

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

• To: 1109085-done@bugs.debian.org
• Subject: unblock bsd-mailx
• From: Sebastian Ramacher <sramacher@respighi.debian.org>
• Date: Sun, 13 Jul 2025 19:18:22 +0000
• Message-id: <E1ub2DO-000cW1-1C@respighi.debian.org>

Unblocked.

--- End Message ---