Bug#930610: marked as done (unblock: tenshi/0.13-2.1)

To: Ivo De Decker <ivodd@respighi.debian.org>
Subject: Bug#930610: marked as done (unblock: tenshi/0.13-2.1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 16 Jun 2019 14:27:07 +0000
Message-id: <[🔎] handler.930610.D930610.15606951069264.ackdone@bugs.debian.org>
Reply-to: 930610@bugs.debian.org
References: <E1hcW5f-0006or-Nv@respighi.debian.org> <[🔎] 156068839291.1808.8525917530425213167.reportbug@zam581.zam.kfa-juelich.de>

Your message dated Sun, 16 Jun 2019 14:25:03 +0000
with message-id <E1hcW5f-0006or-Nv@respighi.debian.org>
and subject line unblock tenshi
has caused the Debian Bug report #930610,
regarding unblock: tenshi/0.13-2.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
930610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930610
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: tenshi/0.13-2.1
From: Andreas Beckmann <anbe@debian.org>
Date: Sun, 16 Jun 2019 14:33:12 +0200
Message-id: <[🔎] 156068839291.1808.8525917530425213167.reportbug@zam581.zam.kfa-juelich.de>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package tenshi

This upload is primarily intended to fix the version ordering violation
introduced by the CVE fix in wheezy-lts that never went into sid or
stretch:

 tenshi | 0.11-2        | squeeze         | source, all
 tenshi | 0.13-2        | wheezy          | source, all
 tenshi | 0.13-2        | stretch         | source, all
 tenshi | 0.13-2        | buster          | source, all
 tenshi | 0.13-2        | sid             | source, all
 tenshi | 0.13-2+deb7u1 | wheezy-security | source, all

This is a rebuild of 0.13-2+deb7u1 for sid. I'll follow up with
0.13-2.1~deb9u1 for stretch.

unblock tenshi/0.13-2.1

Andreas

diff -Nru tenshi-0.13/debian/changelog tenshi-0.13/debian/changelog
--- tenshi-0.13/debian/changelog	2012-02-13 05:30:17.000000000 +0100
+++ tenshi-0.13/debian/changelog	2019-06-16 14:24:39.000000000 +0200
@@ -1,3 +1,19 @@
+tenshi (0.13-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Upload to unstable.
+  * Drop DMUA.
+
+ -- Andreas Beckmann <anbe@debian.org>  Sun, 16 Jun 2019 14:24:39 +0200
+
+tenshi (0.13-2+deb7u1) wheezy-security; urgency=high
+
+  * Non-maintainer upload by the Debian LTS team.
+  * Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary
+    processes  (Closes: #871321)
+
+ -- Lucas Kanashiro <kanashiro@debian.org>  Sun, 27 Aug 2017 14:47:19 -0300
+
 tenshi (0.13-2) unstable; urgency=low
 
   * debian/init:
diff -Nru tenshi-0.13/debian/control tenshi-0.13/debian/control
--- tenshi-0.13/debian/control	2012-02-10 05:23:20.000000000 +0100
+++ tenshi-0.13/debian/control	2019-06-16 13:55:10.000000000 +0200
@@ -2,7 +2,6 @@
 Section: admin
 Priority: optional
 Maintainer: Ignace Mouzannar <mouzannar@gmail.com>
-DM-Upload-Allowed: yes
 Build-Depends: debhelper (>= 7.0.8)
 Standards-Version: 3.9.2
 Vcs-Svn: svn://svn.debian.org/collab-maint/ext-maint/tenshi/trunk/
diff -Nru tenshi-0.13/debian/patches/CVE-2017-11746.patch tenshi-0.13/debian/patches/CVE-2017-11746.patch
--- tenshi-0.13/debian/patches/CVE-2017-11746.patch	1970-01-01 01:00:00.000000000 +0100
+++ tenshi-0.13/debian/patches/CVE-2017-11746.patch	2017-08-27 19:53:26.000000000 +0200
@@ -0,0 +1,36 @@
+Description: save PID after forking but before changing privileges
+ This is an adaptation of upstream commit
+ (d0e7f28c13ffbd5888b31d6532c2faf78f10f176) that fixes CVE-2017-11746. It was
+ written by Andrea Barisani.
+Author: Lucas Kanashiro <kanashiro@debian.org>
+Last-Updated: 2017-08-27
+
+--- a/tenshi
++++ b/tenshi
+@@ -122,8 +122,6 @@ if ($listen) {
+ 
+ $SIG{'CHLD'} = sub { $debug && debug(5,'CHLD') ; print RED "[ERROR] Child died. Bailing out\n"; $time_to_die = 1; };
+ 
+-prepare_process();
+-
+ #
+ # sanity checks
+ #
+@@ -242,8 +240,6 @@ if (!($debug || $profile || $foreground)
+     daemonize();
+ }
+ 
+-save_pid();
+-
+ while (!$time_to_die) {
+     my $now = time;
+ 
+@@ -963,6 +959,8 @@ sub daemonize {
+     defined(my $pid = fork)     or clean_up and die RED "[ERROR] can't fork: $!\n";
+     exit if $pid;
+     setsid()                    or clean_up and die RED "[ERROR] can't start a new session: $!\n";
++    save_pid();
++    prepare_process();
+ }
+ 
+ sub save_pid {
diff -Nru tenshi-0.13/debian/patches/series tenshi-0.13/debian/patches/series
--- tenshi-0.13/debian/patches/series	2012-02-10 04:37:37.000000000 +0100
+++ tenshi-0.13/debian/patches/series	2017-08-26 20:50:46.000000000 +0200
@@ -1,2 +1,3 @@
 10-Makefile.diff
 20-manpage.diff
+CVE-2017-11746.patch

--- End Message ---

--- Begin Message ---

To: 930610-done@bugs.debian.org

Subject: unblock tenshi

From: Ivo De Decker <ivodd@respighi.debian.org>

Date: Sun, 16 Jun 2019 14:25:03 +0000

Message-id: <E1hcW5f-0006or-Nv@respighi.debian.org>
Unblocked tenshi.
--- End Message ---

Reply to:

References:
- Bug#930610: unblock: tenshi/0.13-2.1
  - From: Andreas Beckmann <anbe@debian.org>

Prev by Date: Bug#930615: marked as done (unblock: qscintilla2/2.10.4+dfsg-2.1)
Next by Date: Bug#930617: marked as done (unblock: debian-security-support/2019.06.13)
Previous by thread: Bug#930610: unblock: tenshi/0.13-2.1
Next by thread: Bug#930615: unblock: qscintilla2/2.10.4+dfsg-2.1
Index(es):
- Date
- Thread