[Pkg-shadow-devel] [shadow] 01/07: Import Debian changes 1:4.4-4.1
Balint Reczey
rbalint at debian.org
Sun Sep 17 21:43:36 UTC 2017
This is an automated email from the git hooks/post-receive script.
rbalint pushed a commit to branch master
in repository shadow.
commit d7f24f954e4c6420e252064cbe512f79231a263c
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Wed May 17 13:59:59 2017 +0200
Import Debian changes 1:4.4-4.1
shadow (1:4.4-4.1) unstable; urgency=high
* Non-maintainer upload.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)
---
.gitignore | 1 +
debian/changelog | 9 +++++++
...-pid_child-only-if-waitpid-was-successful.patch | 29 ++++++++++++++++++++++
debian/patches/series | 2 ++
4 files changed, 41 insertions(+)
diff --git a/.gitignore b/.gitignore
index 743e3d7..960696c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ lib*.a
.deps
.libs
+*.patch
*.rej
*.orig
diff --git a/debian/changelog b/debian/changelog
index be0028d..b9d894d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+shadow (1:4.4-4.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Reset pid_child only if waitpid was successful.
+ This is a regression fix for CVE-2017-2616. If su receives a signal like
+ SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Wed, 17 May 2017 13:59:59 +0200
+
shadow (1:4.4-4) unstable; urgency=high
* su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
diff --git a/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch b/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
new file mode 100644
index 0000000..64aeb34
--- /dev/null
+++ b/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
@@ -0,0 +1,29 @@
+From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias at stoeckmann.org>
+Date: Sun, 14 May 2017 17:58:10 +0200
+Subject: [PATCH] Reset pid_child only if waitpid was successful.
+
+Do not reset the pid_child to 0 if the child process is still
+running. This else-condition can be reached with pid being -1,
+therefore explicitly test this condition.
+
+This is a regression fix for CVE-2017-2616. If su receives a
+signal like SIGTERM, it is not propagated to the child.
+
+Reported-by: Radu Duta <raduduta at gmail.com>
+Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
+---
+ src/su.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/su.c
++++ b/src/su.c
+@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
+ /* wake child when resumed */
+ kill (pid, SIGCONT);
+ stop = false;
+- } else {
++ } else if ( (pid_t)-1 != pid) {
+ pid_child = 0;
+ }
+ } while (!stop);
diff --git a/debian/patches/series b/debian/patches/series
index 553c190..d2bff0e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,6 +6,8 @@
0006-French-manpage-translation.patch
0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
0008-su-properly-clear-child-PID.patch
+301-Reset-pid_child-only-if-waitpid-was-successful.patch
+
# These patches are only for the testsuite:
#900_testsuite_groupmems
#901_testsuite_gcov
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shadow/shadow.git
More information about the Pkg-shadow-devel
mailing list