Bug#863148: marked as done (unblock: shadow/1:4.4-4.1)

[Debian Bug Tracking System]

Your message dated Mon, 22 May 2017 18:30:00 +0000
with message-id <6ac861e3-d382-e2ae-afe8-92b6c9a73...@thykier.net>
and subject line Re: Bug#863148: unblock: shadow/1:4.4-4.1
has caused the Debian Bug report #863148,
regarding unblock: shadow/1:4.4-4.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863148
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Hi

Please unblock package shadow

It fixes a regression introduced in the last upload, from the fix for
CVE-2017-2616. If su recieves a signal like SIGTERM, it was not
propagated to the child.

Changelog:

+shadow (1:4.4-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Reset pid_child only if waitpid was successful.
+    This is a regression fix for CVE-2017-2616. If su receives a signal like
+    SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Wed, 17 May 2017 13:59:59 +0200

unblock shadow/1:4.4-4.1

Regards,
Salvatore

diff -Nru shadow-4.4/debian/changelog shadow-4.4/debian/changelog
--- shadow-4.4/debian/changelog 2017-02-24 01:50:13.000000000 +0100
+++ shadow-4.4/debian/changelog 2017-05-17 13:59:59.000000000 +0200
@@ -1,3 +1,12 @@
+shadow (1:4.4-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Reset pid_child only if waitpid was successful.
+    This is a regression fix for CVE-2017-2616. If su receives a signal like
+    SIGTERM, it is not propagated to the child. (Closes: #862806)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Wed, 17 May 2017 13:59:59 +0200
+
 shadow (1:4.4-4) unstable; urgency=high
 
   * su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
diff -Nru 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
--- 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
  1970-01-01 01:00:00.000000000 +0100
+++ 
shadow-4.4/debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
  2017-05-17 13:59:59.000000000 +0200
@@ -0,0 +1,29 @@
+From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tob...@stoeckmann.org>
+Date: Sun, 14 May 2017 17:58:10 +0200
+Subject: [PATCH] Reset pid_child only if waitpid was successful.
+
+Do not reset the pid_child to 0 if the child process is still
+running. This else-condition can be reached with pid being -1,
+therefore explicitly test this condition.
+
+This is a regression fix for CVE-2017-2616. If su receives a
+signal like SIGTERM, it is not propagated to the child.
+
+Reported-by: Radu Duta <radud...@gmail.com>
+Signed-off-by: Tobias Stoeckmann <tob...@stoeckmann.org>
+---
+ src/su.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/su.c
++++ b/src/su.c
+@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
+                               /* wake child when resumed */
+                               kill (pid, SIGCONT);
+                               stop = false;
+-                      } else {
++                      } else if (   (pid_t)-1 != pid) {
+                               pid_child = 0;
+                       }
+               } while (!stop);
diff -Nru shadow-4.4/debian/patches/series shadow-4.4/debian/patches/series
--- shadow-4.4/debian/patches/series    2017-02-24 01:50:13.000000000 +0100
+++ shadow-4.4/debian/patches/series    2017-05-17 13:59:59.000000000 +0200
@@ -6,6 +6,8 @@
 0006-French-manpage-translation.patch
 0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
 0008-su-properly-clear-child-PID.patch
+301-Reset-pid_child-only-if-waitpid-was-successful.patch
+
 # These patches are only for the testsuite:
 #900_testsuite_groupmems
 #901_testsuite_gcov

--- End Message ---

--- Begin Message ---

Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: release.debian....@packages.debian.org
> Usertags: unblock
> 
> Hi
> 
> Please unblock package shadow
> 
> It fixes a regression introduced in the last upload, from the fix for
> CVE-2017-2616. If su recieves a signal like SIGTERM, it was not
> propagated to the child.
> 
> Changelog:
> 
> [...]
> 
> unblock shadow/1:4.4-4.1
> 
> Regards,
> Salvatore
> 

Unblocked, thanks.

~Niels

--- End Message ---