* Raisethe security issue at the top of the debian changelog.

* Refreshed patches
2012-01-24 19:36:45 +00:00
parent 2a2cee4a95
commit f35045dcf1
5 changed files with 12 additions and 12 deletions
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,14 +4,14 @@ shadow (1:4.1.5-1) unstable; urgency=low

  [ Nicolas FRANCOIS (Nekral) ]
  * New upstream release:
+    - su: Fix possible tty hijacking by dropping the controlling terminal when
+      executing a command (CVE-2005-4890). Closes: #628843
    - userdel: Check the existence of the user's mail spool before trying to
      remove it. If it does not exist, a warning is issued, but no failure.
      Closes: #617295
    - userdel: Do not remove a group with the same name as the user
      (usergroup) if this group isn't the user's primary group.
      Closes: #584868
-    - su: Fix possible tty hijacking by dropping the controlling terminal when
-      executing a command. Closes: #628843
    - su: Close the PAM session as root (fix issues with pam_mount and
      pam_systemd). Closes: #580434
    - Fix several typos in manpages. Thanks to Simon Brandmair.
--- a/debian/patches/401_cppw_src.dpatch
+++ b/debian/patches/401_cppw_src.dpatch
@@ -266,7 +266,7 @@
 groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
 --- a/po/POTFILES.in
 +++ b/po/POTFILES.in
-@@ -83,6 +83,7 @@
+@@ -85,6 +85,7 @@
 src/chgpasswd.c
 src/chpasswd.c
 src/chsh.c
--- a/debian/patches/501_commonio_group_shadow
+++ b/debian/patches/501_commonio_group_shadow
@@ -10,9 +10,9 @@ Fixes: #166793
 #include <signal.h>
 +#include <grp.h>
 #include "nscd.h"
- #ifdef WITH_SELINUX
- #include <selinux/selinux.h>
-@@ -988,13 +989,20 @@
+ #ifdef WITH_TCB
+ #include <tcb.h>
+@@ -966,13 +967,20 @@
 			goto fail;
 		}
 	} else {
--- a/debian/patches/506_relaxed_usernames
+++ b/debian/patches/506_relaxed_usernames
@@ -54,7 +54,7 @@ Details:
 }
 --- a/man/useradd.8.xml
 +++ b/man/useradd.8.xml
-@@ -631,12 +631,20 @@
+@@ -635,12 +635,20 @@
     </para>
 
     <para>
@@ -78,7 +78,7 @@ Details:
   </refsect1>
 --- a/man/groupadd.8.xml
 +++ b/man/groupadd.8.xml
-@@ -237,12 +237,18 @@
+@@ -240,12 +240,18 @@
    <refsect1 id='caveats'>
      <title>CAVEATS</title>
      <para>
--- a/debian/patches/542_useradd-O_option
+++ b/debian/patches/542_useradd-O_option
@@ -21,19 +21,19 @@ Status wrt upstream: not included as this is just specific
       <varlistentry>
 --- a/src/useradd.c
 +++ b/src/useradd.c
-@@ -1009,9 +1009,9 @@
+@@ -1011,9 +1011,9 @@
 		};
 		while ((c = getopt_long (argc, argv,
 #ifdef WITH_SELINUX
 -		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
 +		                         "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:",
- #else
+ #else				/* !WITH_SELINUX */
 -		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
 +		                         "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U",
- #endif
+ #endif				/* !WITH_SELINUX */
 		                         long_options, NULL)) != -1) {
 			switch (c) {
-@@ -1134,6 +1134,7 @@
+@@ -1136,6 +1136,7 @@
 				kflg = true;
 				break;
 			case 'K':