[Pkg-shadow-devel] [shadow] 01/07: Import Debian changes 1:4.4-4.1

Sun Sep 17 21:43:36 UTC 2017

This is an automated email from the git hooks/post-receive script.

rbalint pushed a commit to branch master
in repository shadow.

commit d7f24f954e4c6420e252064cbe512f79231a263c
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Wed May 17 13:59:59 2017 +0200

    Import Debian changes 1:4.4-4.1
    
    shadow (1:4.4-4.1) unstable; urgency=high
    
      * Non-maintainer upload.
      * Reset pid_child only if waitpid was successful.
        This is a regression fix for CVE-2017-2616. If su receives a signal like
        SIGTERM, it is not propagated to the child. (Closes: #862806)
---
 .gitignore                                         |  1 +
 debian/changelog                                   |  9 +++++++
 ...-pid_child-only-if-waitpid-was-successful.patch | 29 ++++++++++++++++++++++
 debian/patches/series                              |  2 ++
 4 files changed, 41 insertions(+)

diff --git a/.gitignore b/.gitignore
index 743e3d7..960696c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ lib*.a
 .deps
 .libs
 
+*.patch
 *.rej
 *.orig
 
diff --git a/debian/changelog b/debian/changelog
index be0028d..b9d894d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+shadow (1:4.4-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Reset pid_child only if waitpid was successful.
+    This is a regression fix for CVE-2017-2616. If su receives a signal like
+    SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso <carnil at debian.org>  Wed, 17 May 2017 13:59:59 +0200
+
 shadow (1:4.4-4) unstable; urgency=high
 
   * su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
diff --git a/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch b/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
new file mode 100644
index 0000000..64aeb34
--- /dev/null
+++ b/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
@@ -0,0 +1,29 @@
+From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias at stoeckmann.org>
+Date: Sun, 14 May 2017 17:58:10 +0200
+Subject: [PATCH] Reset pid_child only if waitpid was successful.
+
+Do not reset the pid_child to 0 if the child process is still
+running. This else-condition can be reached with pid being -1,
+therefore explicitly test this condition.
+
+This is a regression fix for CVE-2017-2616. If su receives a
+signal like SIGTERM, it is not propagated to the child.
+
+Reported-by: Radu Duta <raduduta at gmail.com>
+Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
+---
+ src/su.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/su.c
++++ b/src/su.c
+@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
+ 				/* wake child when resumed */
+ 				kill (pid, SIGCONT);
+ 				stop = false;
+-			} else {
++			} else if (   (pid_t)-1 != pid) {
+ 				pid_child = 0;
+ 			}
+ 		} while (!stop);
diff --git a/debian/patches/series b/debian/patches/series
index 553c190..d2bff0e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,6 +6,8 @@
 0006-French-manpage-translation.patch
 0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
 0008-su-properly-clear-child-PID.patch
+301-Reset-pid_child-only-if-waitpid-was-successful.patch
+
 # These patches are only for the testsuite:
 #900_testsuite_groupmems
 #901_testsuite_gcov

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shadow/shadow.git

