Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: m...@packages.debian.org, t...@mirbsd.de
Control: affects -1 + src:mksh
User: release.debian....@packages.debian.org
Usertags: pu
I would like to ask for pre-approval to uploading a
proposed stable update for mksh.
[ Reason ]
There was a discussion on d-devel that ended in suggesting that
the /etc/shells file should have both aliased paths for shells,
not just the canonical paths, since users could have $SHELL set
to either, and some software checks that $SHELL is in shells(5)
for security reasons. This change landed in sid and is included
here. I’ve also fixed the path wildcards for musl on ARM EABI.
I’ve also taken liberty to cherry-pick a few upstream bugfixes
and their relevant tests and to include two tiny FAQ updates
regarding POSIX compliance and future compatibility/directions.
[ Impact ]
Users of mksh can run into problems with privilege elevation
tools if they are on a usrmerge’d system if this is not applied,
and shell scripts can fail or even segfault.
[ Tests ]
The backported fixes have tests covering them, which all pass
when I build this in a nōn-usrmerged bookworm cowbuilder chroot
(mirroring the buildd setup). I tested the maintainer script
changes by installing the resulting .deb in a copy of both the
nōn-usrmerged bookworm chroot and a usrmerged sid chroot.
[ Risks ]
The patches are small and easy to review and have been in use
in sid for a while, except the three-line postinst change, which
I manually tested (and inspected both dash and bash to ensure
that test -ef does the right thing), so the risk is low.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
(see Reason above)
[ Other info ]
I’ve split the fixes into easier to review individual patches
for this upload, as git is “patches-applied” here, but I also
verified the resulting trees are identical.
While the test if the system is merged could possibly be
removed, I decided to leave it in as it’s easier to backport
this way. (When merging later, either the next upgrade or
dpkg-reconfigure of mksh fixes up /etc/shells next, or the
usrmerge utility does so.)
diff -Nru mksh-59c/debian/changelog mksh-59c/debian/changelog
--- mksh-59c/debian/changelog 2023-04-28 23:34:20.000000000 +0200
+++ mksh-59c/debian/changelog 2024-04-03 14:19:25.000000000 +0200
@@ -1,3 +1,15 @@
+mksh (59c-28+deb12u1) bookworm; urgency=low
+
+ * d/p/typeset-p-fix.diff, d/p/dot-args-fix.diff,
+ d/p/crash-nest-bashism.diff: cherry-pick upstream bugfixes
+ * d/p/metadata-update.diff: cherry-pick relevant documentation
+ changes and adjust user-visible version to indicate the
+ above fixes were applied
+ * fix paths missing wildcards in lintian overrides, postinst, prerm
+ * cherry-pick usrmerge /etc/shells change (Closes: #1063905)
+
+ -- Thorsten Glaser <t...@mirbsd.de> Wed, 03 Apr 2024 14:19:25 +0200
+
mksh (59c-28) unstable; urgency=medium
* Revert 59c-27 changes as mksh is, surprisingly, still a key
diff -Nru mksh-59c/debian/mksh.lintian-overrides
mksh-59c/debian/mksh.lintian-overrides
--- mksh-59c/debian/mksh.lintian-overrides 2023-04-28 23:00:04.000000000
+0200
+++ mksh-59c/debian/mksh.lintian-overrides 2024-04-03 13:25:50.000000000
+0200
@@ -17,8 +17,8 @@
# correct placement
mksh: executable-in-usr-lib [usr/lib/diet/bin/mksh]
mksh: executable-in-usr-lib [usr/lib/klibc/bin/mksh]
-mksh: executable-in-usr-lib [usr/lib/*-linux-musl/bin/mksh]
+mksh: executable-in-usr-lib [usr/lib/*-linux-musl*/bin/mksh]
# these are to clean old add-shell(8) damage, not actually dereferenced
-mksh: bin-sbin-mismatch usr/bin/mksh -> bin/mksh [postinst]
-mksh: bin-sbin-mismatch usr/bin/mksh -> bin/mksh [prerm]
+mksh: bin-sbin-mismatch usr/bin/mksh* -> bin/mksh* [postinst]
+mksh: bin-sbin-mismatch usr/bin/mksh* -> bin/mksh* [prerm]
diff -Nru mksh-59c/debian/mksh.postinst mksh-59c/debian/mksh.postinst
--- mksh-59c/debian/mksh.postinst 2023-04-28 23:00:04.000000000 +0200
+++ mksh-59c/debian/mksh.postinst 2024-04-03 13:27:52.000000000 +0200
@@ -151,14 +151,18 @@
test -e /usr/bin/ksh || test -h /usr/bin/ksh || \
ln -s /bin/ksh /usr/bin/ksh
+ # determine usrmerge status
+ um=+
+ test /usr/bin/mksh -ef /bin/mksh || um=-
+
# add us to /etc/shells and clean up old add-shell-caused damage
# shellcheck disable=SC2046
mogrifyshells + /bin/mksh /bin/mksh-static \
- - /usr/bin/mksh /usr/bin/mksh-static \
- $(for x in \
+ $um /usr/bin/mksh /usr/bin/mksh-static \
+ - $(for x in \
/usr/lib/klibc/bin \
/usr/lib/diet/bin \
- /usr/lib/*-linux-musl/bin \
+ /usr/lib/*-linux-musl*/bin \
; do echo "$x/mksh" "$x/mksh-static"; done)
;;
diff -Nru mksh-59c/debian/mksh.prerm mksh-59c/debian/mksh.prerm
--- mksh-59c/debian/mksh.prerm 2023-04-28 23:00:04.000000000 +0200
+++ mksh-59c/debian/mksh.prerm 2024-04-03 13:26:33.000000000 +0200
@@ -140,7 +140,7 @@
$(for x in \
/usr/lib/klibc/bin \
/usr/lib/diet/bin \
- /usr/lib/*-linux-musl/bin \
+ /usr/lib/*-linux-musl*/bin \
; do echo "$x/mksh" "$x/mksh-static"; done)
;;
diff -Nru mksh-59c/debian/patches/crash-nest-bashism.diff
mksh-59c/debian/patches/crash-nest-bashism.diff
--- mksh-59c/debian/patches/crash-nest-bashism.diff 1970-01-01
01:00:00.000000000 +0100
+++ mksh-59c/debian/patches/crash-nest-bashism.diff 2024-04-03
14:19:25.000000000 +0200
@@ -0,0 +1,44 @@
+Description: fix crash in $(…&>…) construction
+Origin: commit:10064DCD4C310F8C650
+
+--- a/check.t
++++ b/check.t
+@@ -11361,11 +11361,11 @@ stdin:
+ echo tri >&3
+ }
+ threeout &>foo
+- echo ===
++ echo === "$("$__progname" -c "echo $(: &>/dev/null) ok")"
+ cat foo
+ expected-stdout:
+ tri
+- ===
++ === ok
+ ras
+ dwa
+ ---
+--- a/syn.c
++++ b/syn.c
+@@ -223,17 +223,13 @@ synio(int cf)
+ iop->ioname = yylval.cp;
+
+ if (iop->ioflag & IOBASH) {
+- char *cp;
+-
+ iop->ioflag &= ~IOBASH;
+
+- cp = alloc(sizeof(struct ioword) + 3U, ATEMP);
+- yylval.iop = (void *)cp;
+- cp += sizeof(struct ioword);
+- yylval.iop->ioname = cp;
+- *cp++ = CHAR;
+- *cp++ = digits_lc[iop->unit];
+- *cp = EOS;
++ yylval.iop = alloc(sizeof(struct ioword), ATEMP);
++ yylval.iop->ioname = alloc(3U, ATEMP);
++ yylval.iop->ioname[0] = CHAR;
++ yylval.iop->ioname[1] = digits_lc[iop->unit];
++ yylval.iop->ioname[2] = EOS;
+ yylval.iop->delim = NULL;
+ yylval.iop->heredoc = NULL;
+ yylval.iop->ioflag = IODUP | IOSYNIONEXT;
diff -Nru mksh-59c/debian/patches/dot-args-fix.diff
mksh-59c/debian/patches/dot-args-fix.diff
--- mksh-59c/debian/patches/dot-args-fix.diff 1970-01-01 01:00:00.000000000
+0100
+++ mksh-59c/debian/patches/dot-args-fix.diff 2024-04-03 14:19:25.000000000
+0200
@@ -0,0 +1,35 @@
+Description: fix arguments to the dot command
+Origin: commit:10065062FD520C74183
+
+--- a/check.t
++++ b/check.t
+@@ -10649,6 +10649,18 @@ stdin:
+ expected-stdout:
+ 1 0 .
+ ---
++name: dot-args
++description:
++ Ensure dot can take arguments
++file-setup: file 644 "t"
++ print -r -- "$#,${1-},${2-},${3-}"
++stdin:
++ "$__progname" -c '. ./t a b'
++ "$__progname" -c 'source t c d'
++expected-stdout:
++ 2,a,b,
++ 2,c,d,
++---
+ name: alias-function-no-conflict
+ description:
+ make aliases not conflict with function definitions
+--- a/main.c
++++ b/main.c
+@@ -848,7 +848,7 @@ include(const char *name, const char **a
+ if (argv) {
+ e->loc->argv = argv;
+ e->loc->argc = 0;
+- while (argv[e->loc->argc])
++ while (argv[e->loc->argc + 1])
+ ++e->loc->argc;
+ }
+ s = pushs(SFILE, ATEMP);
diff -Nru mksh-59c/debian/patches/metadata-update.diff
mksh-59c/debian/patches/metadata-update.diff
--- mksh-59c/debian/patches/metadata-update.diff 1970-01-01
01:00:00.000000000 +0100
+++ mksh-59c/debian/patches/metadata-update.diff 2024-04-03
14:19:25.000000000 +0200
@@ -0,0 +1,51 @@
+Description: update FAQ and version
+ - cherry-pick a relevant FAQ change for future directions
+ - cherry-pick a FAQ statement regarding POSIX compliance
+ - assign a synthetic version number: upstream did not use
+ the 2023/04/xx range at all, so just bump the synthetic
+ date we already had by one
+Author: mirabilos <t...@debian.org>
+Forwarded: not-needed
+
+--- a/check.t
++++ b/check.t
+@@ -31,7 +31,7 @@
+ # (2013/12/02 20:39:44)
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress/bin/ksh/?sortby=date
+
+ expected-stdout:
+- KSH R59 2023/04/28
++ KSH R59 2023/04/29
+ description:
+ Check base version of full shell
+ stdin:
+--- a/mksh.faq
++++ b/mksh.faq
+@@ -567,7 +567,7 @@ Title: How POSIX compliant is mksh? Also
+ the PUA; however, there is ambiguity if encountering those UTF-8-encoded, so
+ it changed for R60.) The <tt>Arithmetic expressions</tt> and <tt>CAVEATS</tt>
+ sections in mksh(1) contain more details about encoding and mapping.</p>
+-<p>As of R60, <tt>utf8-mode</tt> maps “raw octets” to U-10000080‥U-100000FF,
++<p>As of R60, <tt>utf8-mode</tt> maps “raw octets” to U-001BBB80‥U-001BBBFF,
+ which is outside the UCS and therefore collision-free. There’s work underway
+ to make the shell support the full 21-bit UCS range for R60.</p>
+ <p class="boxhead">The following POSIX sh-compatible code toggles the
+@@ -590,6 +590,8 @@ Title: How POSIX compliant is mksh? Also
+ <p>The shell is pretty close to POSIX, when run as <tt>lksh -o posix</tt>
+ under the "C" locale it is intended to match. It does not do everything
+ like other POSIX-compatible or ‑compliant shells, though.</p>
++<p>Like pretty much all other POSIX-compatible shells, builtins are
++ <em>independent</em> of paths and always recognised in mksh.</p>
+ ----
+ ToC: function-local-scopes
+ Title: What differences in function-local scopes are there?
+--- a/sh.h
++++ b/sh.h
+@@ -235,7 +235,7 @@
+ #define __SCCSID(x) __IDSTRING(sccsid,x)
+ #endif
+
+-#define MKSH_VERSION "R59 2023/04/28"
++#define MKSH_VERSION "R59 2023/04/29"
+
+ /* shell types */
+ typedef unsigned char kby; /* byte */
diff -Nru mksh-59c/debian/patches/series mksh-59c/debian/patches/series
--- mksh-59c/debian/patches/series 2023-04-28 23:34:20.000000000 +0200
+++ mksh-59c/debian/patches/series 2024-04-03 14:05:03.000000000 +0200
@@ -1 +1,5 @@
debian-changes
+typeset-p-fix.diff
+dot-args-fix.diff
+crash-nest-bashism.diff
+metadata-update.diff
diff -Nru mksh-59c/debian/patches/typeset-p-fix.diff
mksh-59c/debian/patches/typeset-p-fix.diff
--- mksh-59c/debian/patches/typeset-p-fix.diff 1970-01-01 01:00:00.000000000
+0100
+++ mksh-59c/debian/patches/typeset-p-fix.diff 2024-04-03 14:19:25.000000000
+0200
@@ -0,0 +1,60 @@
+Description: fix typeset -p confusion between empty and unset
+Origin: commit:10065BC69BE555D6721
+
+--- a/check.t
++++ b/check.t
+@@ -8993,6 +8993,41 @@ expected-stdout:
+ <12345678910 345678920
+ < . aẞ> 2)
+ ---
++name: typeset-unset
++description:
++ Check that typeset -p correctly distinguishes unset and empty
++stdin:
++ unset u
++ typeset -p u
++ echo 1 ${u-a} ${u:-b} .
++ x1=$(typeset -p u)
++ export u
++ typeset -p u
++ echo 2 ${u-a} ${u:-b} .
++ x2=$(typeset -p u)
++ u=
++ typeset -p u
++ echo 3 ${u-a} ${u:-b} .
++ x3=$(typeset -p u)
++ unset u
++ eval "$x1"
++ echo 4 ${u-a} ${u:-b} .
++ unset u
++ eval "$x2"
++ echo 5 ${u-a} ${u:-b} .
++ unset u
++ eval "$x3"
++ echo 6 ${u-a} ${u:-b} .
++expected-stdout:
++ 1 a b .
++ typeset -x u
++ 2 a b .
++ typeset -x u=''
++ 3 b .
++ 4 a b .
++ 5 a b .
++ 6 b .
++---
+ name: utf8bom-1
+ description:
+ Check that the UTF-8 Byte Order Mark is not ignored any more
+--- a/var.c
++++ b/var.c
+@@ -2313,8 +2313,8 @@ c_typeset_vardump(struct tbl *vp, kui fl
+ shf_puts(vp->name, shl_stdout);
+ if (any_set)
+ shprintf(Tf_SQlu, arrayindex(vp));
+- if ((!thing && !flag && pflag) ||
+- (thing == '-' && (vp->flag & ISSET))) {
++ if (((!thing && !flag && pflag) || thing == '-') &&
++ (vp->flag & ISSET)) {
+ shf_putc('=', shl_stdout);
+ if (baseone)
+ shprintf(vp->val.u > 0xFF ? "16#%04X" :
