Bug#863148: marked as done (unblock: shadow/1:4.4-4.1)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 22 May 2017 18:30:00 +0000
with message-id <6ac861e3-d382-e2ae-afe8-92b6c9a73a33@thykier.net>
and subject line Re: Bug#863148: unblock: shadow/1:4.4-4.1
has caused the Debian Bug report #863148,
regarding unblock: shadow/1:4.4-4.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
863148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863148
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: shadow/1:4.4-4.1
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Mon, 22 May 2017 19:48:18 +0200
• Message-id: <[🔎] 149547529894.21402.8165693974638340455.reportbug@eldamar.local>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi

Please unblock package shadow

It fixes a regression introduced in the last upload, from the fix for
CVE-2017-2616. If su recieves a signal like SIGTERM, it was not
propagated to the child.

Changelog:

+shadow (1:4.4-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Reset pid_child only if waitpid was successful.
+    This is a regression fix for CVE-2017-2616. If su receives a signal like
+    SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 17 May 2017 13:59:59 +0200

unblock shadow/1:4.4-4.1

Regards,
Salvatore

diff -Nru shadow-4.4/debian/changelog shadow-4.4/debian/changelog
--- shadow-4.4/debian/changelog	2017-02-24 01:50:13.000000000 +0100
+++ shadow-4.4/debian/changelog	2017-05-17 13:59:59.000000000 +0200
@@ -1,3 +1,12 @@
+shadow (1:4.4-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Reset pid_child only if waitpid was successful.
+    This is a regression fix for CVE-2017-2616. If su receives a signal like
+    SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 17 May 2017 13:59:59 +0200
+
 shadow (1:4.4-4) unstable; urgency=high
 
   * su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
diff -Nru shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
--- shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch	1970-01-01 01:00:00.000000000 +0100
+++ shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch	2017-05-17 13:59:59.000000000 +0200
@@ -0,0 +1,29 @@
+From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sun, 14 May 2017 17:58:10 +0200
+Subject: [PATCH] Reset pid_child only if waitpid was successful.
+
+Do not reset the pid_child to 0 if the child process is still
+running. This else-condition can be reached with pid being -1,
+therefore explicitly test this condition.
+
+This is a regression fix for CVE-2017-2616. If su receives a
+signal like SIGTERM, it is not propagated to the child.
+
+Reported-by: Radu Duta <raduduta@gmail.com>
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+---
+ src/su.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/su.c
++++ b/src/su.c
+@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
+ 				/* wake child when resumed */
+ 				kill (pid, SIGCONT);
+ 				stop = false;
+-			} else {
++			} else if (   (pid_t)-1 != pid) {
+ 				pid_child = 0;
+ 			}
+ 		} while (!stop);
diff -Nru shadow-4.4/debian/patches/series shadow-4.4/debian/patches/series
--- shadow-4.4/debian/patches/series	2017-02-24 01:50:13.000000000 +0100
+++ shadow-4.4/debian/patches/series	2017-05-17 13:59:59.000000000 +0200
@@ -6,6 +6,8 @@
 0006-French-manpage-translation.patch
 0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
 0008-su-properly-clear-child-PID.patch
+301-Reset-pid_child-only-if-waitpid-was-successful.patch
+
 # These patches are only for the testsuite:
 #900_testsuite_groupmems
 #901_testsuite_gcov

--- End Message ---

--- Begin Message ---

• To: Salvatore Bonaccorso <carnil@debian.org>, 863148-done@bugs.debian.org
• Subject: Re: Bug#863148: unblock: shadow/1:4.4-4.1
• From: Niels Thykier <niels@thykier.net>
• Date: Mon, 22 May 2017 18:30:00 +0000
• Message-id: <6ac861e3-d382-e2ae-afe8-92b6c9a73a33@thykier.net>
• In-reply-to: <[🔎] 149547529894.21402.8165693974638340455.reportbug@eldamar.local>
• References: <[🔎] 149547529894.21402.8165693974638340455.reportbug@eldamar.local>

Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi
> 
> Please unblock package shadow
> 
> It fixes a regression introduced in the last upload, from the fix for
> CVE-2017-2616. If su recieves a signal like SIGTERM, it was not
> propagated to the child.
> 
> Changelog:
> 
> [...]
> 
> unblock shadow/1:4.4-4.1
> 
> Regards,
> Salvatore
> 

Unblocked, thanks.

~Niels

--- End Message ---