Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| bd62b6b2fb | |||
| 096c5f276b |
Vendored
+17
@@ -1,3 +1,20 @@
|
||||
shadow (1:4.2-3+deb8u4) jessie-security; urgency=high
|
||||
|
||||
* Non-maintainer upload by the Security Team.
|
||||
* Reset pid_child only if waitpid was successful.
|
||||
This is a regression fix for CVE-2017-2616. If su receives a signal like
|
||||
SIGTERM, it is not propagated to the child. (Closes: #862806)
|
||||
|
||||
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 17 May 2017 12:58:54 +0200
|
||||
|
||||
shadow (1:4.2-3+deb8u3) jessie-security; urgency=high
|
||||
|
||||
* Fix integer overflow in getulong.c (CVE-2016-6252) (Closes: #832170)
|
||||
* Refresh patches
|
||||
* Add myself to uploaders replacing Nicolas FRANCOIS (Nekral)
|
||||
|
||||
-- Balint Reczey <balint@balintreczey.hu> Fri, 24 Feb 2017 00:57:31 +0100
|
||||
|
||||
shadow (1:4.2-3+deb8u2) jessie-security; urgency=high
|
||||
|
||||
* Non-maintainer upload by the Security Team.
|
||||
|
||||
Vendored
+2
-1
@@ -3,7 +3,8 @@ Section: admin
|
||||
Priority: required
|
||||
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
||||
Standards-Version: 3.9.5
|
||||
Uploaders: Christian Perrier <bubulle@debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
|
||||
Uploaders: Christian Perrier <bubulle@debian.org>,
|
||||
Balint Reczey <balint@balintreczey.hu>
|
||||
Build-Depends: dh-autoreconf, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3), bison, libaudit-dev [linux-any]
|
||||
,hardening-wrapper
|
||||
Vcs-Git: git://anonscm.debian.org/git/pkg-shadow/shadow.git
|
||||
|
||||
@@ -0,0 +1,46 @@
|
||||
From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
|
||||
From: Sebastian Krahmer <krahmer@suse.com>
|
||||
Date: Wed, 3 Aug 2016 11:51:07 -0500
|
||||
Subject: [PATCH] Simplify getulong
|
||||
|
||||
Use strtoul to read an unsigned long, rather than reading
|
||||
a signed long long and casting it.
|
||||
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=979282
|
||||
---
|
||||
lib/getulong.c | 9 +++------
|
||||
1 file changed, 3 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/getulong.c b/lib/getulong.c
|
||||
index 61579ca..08d2c1a 100644
|
||||
--- a/lib/getulong.c
|
||||
+++ b/lib/getulong.c
|
||||
@@ -44,22 +44,19 @@
|
||||
*/
|
||||
int getulong (const char *numstr, /*@out@*/unsigned long int *result)
|
||||
{
|
||||
- long long int val;
|
||||
+ unsigned long int val;
|
||||
char *endptr;
|
||||
|
||||
errno = 0;
|
||||
- val = strtoll (numstr, &endptr, 0);
|
||||
+ val = strtoul (numstr, &endptr, 0);
|
||||
if ( ('\0' == *numstr)
|
||||
|| ('\0' != *endptr)
|
||||
|| (ERANGE == errno)
|
||||
- /*@+ignoresigns@*/
|
||||
- || (val != (unsigned long int)val)
|
||||
- /*@=ignoresigns@*/
|
||||
) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
- *result = (unsigned long int)val;
|
||||
+ *result = val;
|
||||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Sun, 14 May 2017 17:58:10 +0200
|
||||
Subject: [PATCH] Reset pid_child only if waitpid was successful.
|
||||
|
||||
Do not reset the pid_child to 0 if the child process is still
|
||||
running. This else-condition can be reached with pid being -1,
|
||||
therefore explicitly test this condition.
|
||||
|
||||
This is a regression fix for CVE-2017-2616. If su receives a
|
||||
signal like SIGTERM, it is not propagated to the child.
|
||||
|
||||
Reported-by: Radu Duta <raduduta@gmail.com>
|
||||
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
---
|
||||
src/su.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/src/su.c
|
||||
+++ b/src/su.c
|
||||
@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
|
||||
/* wake child when resumed */
|
||||
kill (pid, SIGCONT);
|
||||
stop = false;
|
||||
- } else {
|
||||
+ } else if ( (pid_t)-1 != pid) {
|
||||
pid_child = 0;
|
||||
}
|
||||
} while (!stop);
|
||||
+3
-5
@@ -8,11 +8,9 @@ Status wrt upstream: This is a Debian specific patch.
|
||||
Note: the fix of the man page is still missing.
|
||||
(to be taken from the trunk)
|
||||
|
||||
Index: git/src/su.c
|
||||
===================================================================
|
||||
--- git.orig/src/su.c
|
||||
+++ git/src/su.c
|
||||
@@ -1152,6 +1152,35 @@
|
||||
--- a/src/su.c
|
||||
+++ b/src/su.c
|
||||
@@ -1167,6 +1167,35 @@
|
||||
argv[0] = "-c";
|
||||
argv[1] = command;
|
||||
}
|
||||
|
||||
@@ -8,10 +8,8 @@ Etch.
|
||||
|
||||
Status wrt upstream: This patch is Debian specific.
|
||||
|
||||
Index: git/src/su.c
|
||||
===================================================================
|
||||
--- git.orig/src/su.c
|
||||
+++ git/src/su.c
|
||||
--- a/src/su.c
|
||||
+++ b/src/su.c
|
||||
@@ -104,6 +104,19 @@
|
||||
/* If nonzero, change some environment vars to indicate the user su'd to. */
|
||||
static bool change_environment = true;
|
||||
@@ -32,7 +30,7 @@ Index: git/src/su.c
|
||||
#ifdef USE_PAM
|
||||
static pam_handle_t *pamh = NULL;
|
||||
static int caught = 0;
|
||||
@@ -949,6 +962,8 @@
|
||||
@@ -964,6 +977,8 @@
|
||||
int ret;
|
||||
#endif /* USE_PAM */
|
||||
|
||||
@@ -41,7 +39,7 @@ Index: git/src/su.c
|
||||
(void) setlocale (LC_ALL, "");
|
||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
(void) textdomain (PACKAGE);
|
||||
@@ -1156,7 +1171,7 @@
|
||||
@@ -1171,7 +1186,7 @@
|
||||
* resulting string is always given to the shell with its
|
||||
* -c option.
|
||||
*/
|
||||
|
||||
Vendored
+2
@@ -5,6 +5,8 @@
|
||||
503_shadowconfig.8
|
||||
008_login_log_failure_in_FTMP
|
||||
301-CVE-2017-2616-su-properly-clear-child-PID.patch
|
||||
302-CVE-2016-6252-fix-integer-overflow.patch
|
||||
303-Reset-pid_child-only-if-waitpid-was-successful.patch
|
||||
429_login_FAILLOG_ENAB
|
||||
401_cppw_src.dpatch
|
||||
# 402 should be merged in 401, but should be reviewed by SE Linux experts first
|
||||
|
||||
Reference in New Issue
Block a user