Bug#779997: unblock: (pre-approval) mksh/50d-4

Sat, 07 Mar 2015 13:27:47 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package mksh

With upstream hat, I found and fixed a security-relevant
(privacy related) bug in mksh and would kindly like to
request its inclusion into jessie.

The bug is: when HISTFILE has been set to a filename,
persistent history writing (logging of commands) is
enabled. Running “unset HISTFILE” is a no-op, instead
of, like with the other shells, disabling file logging
again. (Running “HISTFILE=” sort-of works, as it tries
to call open(2) with an empty string as argument, fails
and then leaves logging disabled.)

The fix is a straight backport of the upstream fix, in
two portions: the histrap.c part makes a NULL and empty
string argument ① do the same, and ② disable history
without relying on “open("", …)” to fail; the var.c
part calls the routine in the “unset” case. The other
patches (check.t and sh.h) adjust the shell version to
note that this is a vendor-patched version; it’s something
I (as upstream) request (though not absolutely require)
from distributions to do when they deviate from upstream
sources.

The full debdiff is attached. I plan to upload using a
sponsor (I have several at hand) if I get the approval,
but have no problem against an RT or Security Team member
uploading the package instead either. The package builds
cleanly in jessie and sid (i386 cowbuilder), passes its
testsuite and is lintian-clean.

The package is kept in collab-maint/mksh.git using the
“single-debian-patch” style packaging, which means that
debian/patches/debian-changes accumulates those patches.
Feel free to inspect the git repository for the actual
commit to the upstream sources instead. The package builds
without any non-standard helpers (e.g. gbp), by just invoking
dpkg-buildpackage after placing the .orig.tar.gz into
the parent directory.

unblock mksh/50d-4

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

diff -Nru mksh-50d/debian/changelog mksh-50d/debian/changelog
--- mksh-50d/debian/changelog	2014-10-23 11:20:27.000000000 +0200
+++ mksh-50d/debian/changelog	2015-03-07 22:17:11.000000000 +0100
@@ -1,3 +1,12 @@
+mksh (50d-4) unstable; urgency=medium
+
+  * QA upload.
+  * Backport upstream fix:
+    - [tg] SECURITY: make unset HISTFILE actually work
+  * Adjust shell version accordingly
+
+ -- Thorsten Glaser <t...@mirbsd.de>  Sat, 07 Mar 2015 22:16:53 +0100
+
 mksh (50d-3) unstable; urgency=high
 
   * QA upload.
diff -Nru mksh-50d/debian/patches/debian-changes mksh-50d/debian/patches/debian-changes
--- mksh-50d/debian/patches/debian-changes	2014-10-23 11:24:49.000000000 +0200
+++ mksh-50d/debian/patches/debian-changes	2015-03-07 22:19:12.000000000 +0100
@@ -18,7 +18,7 @@
  
  expected-stdout:
 -	@(#)MIRBSD KSH R50 2014/10/07
-+	@(#)MIRBSD KSH R50 2014/10/19
++	@(#)MIRBSD KSH R50 2014/10/19 Debian-4
  description:
  	Check version of shell.
  stdin:
@@ -27,7 +27,7 @@
  ---
  expected-stdout:
 -	@(#)LEGACY KSH R50 2014/10/07
-+	@(#)LEGACY KSH R50 2014/10/19
++	@(#)LEGACY KSH R50 2014/10/19 Debian-4
  description:
  	Check version of legacy shell.
  stdin:
@@ -531,6 +531,39 @@
  	/* set $# and $* */
  	if (setargs) {
  		wp += argi - 1;
+--- mksh-50d.orig/histrap.c
++++ mksh-50d/histrap.c
+@@ -563,7 +563,7 @@ sethistfile(const char *name)
+ 		return;
+ 
+ 	/* if the name is the same as the name we have */
+-	if (hname && strcmp(hname, name) == 0)
++	if (hname && name && !strcmp(hname, name))
+ 		return;
+ 
+ 	/*
+@@ -581,7 +581,8 @@ sethistfile(const char *name)
+ 		hist_source->line = 0;
+ 	}
+ 
+-	hist_init(hist_source);
++	if (name)
++		hist_init(hist_source);
+ }
+ #endif
+ 
+@@ -713,8 +714,10 @@ hist_init(Source *s)
+ 	hist_source = s;
+ 
+ #if HAVE_PERSISTENT_HISTORY
+-	if ((hname = str_val(global("HISTFILE"))) == NULL)
++	if (((hname = str_val(global("HISTFILE"))) == NULL) || !*hname) {
++		hname = NULL;
+ 		return;
++	}
+ 	strdupx(hname, hname, APERM);
+ 	hs = hist_init_first;
+ 
 --- mksh-50d.orig/main.c
 +++ mksh-50d/main.c
 @@ -34,7 +34,7 @@
@@ -561,7 +594,7 @@
 +__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.701 2014/10/19 21:53:08 tg Exp $");
  #endif
 -#define MKSH_VERSION "R50 2014/10/07"
-+#define MKSH_VERSION "R50 2014/10/19"
++#define MKSH_VERSION "R50 2014/10/19 Debian-4"
  
  /* arithmetic types: C implementation */
  #if !HAVE_CAN_INTTYPES
@@ -585,3 +618,17 @@
  
  #define X_EXTRA	20	/* this many extra bytes in X string */
  
+--- mksh-50d.orig/var.c
++++ mksh-50d/var.c
+@@ -1351,6 +1351,11 @@ unsetspec(struct tbl *vp)
+ 	 */
+ 
+ 	switch (special(vp->name)) {
++#if HAVE_PERSISTENT_HISTORY
++	case V_HISTFILE:
++		sethistfile(NULL);
++		return;
++#endif
+ 	case V_IFS:
+ 		setctypes(TC_IFSWS, C_IFS);
+ 		ifs0 = ' ';

Reply via email to