summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-05-17 19:20:11 -0400
committerLeo Famulari <leo@famulari.name>2017-05-17 21:20:29 -0400
commitb193fb2851eaa64e20cc4c01f7298c0a8a076a8c (patch)
tree391e790d4323539445c2480853171c9bb01d2ba6 /gnu
parent6aa095f10c53588e3ac67a25539e53655256bbc0 (diff)
downloadguix-b193fb2851eaa64e20cc4c01f7298c0a8a076a8c.tar.gz
gnu: shadow: Update to 4.5.
This fixes a regression introduced by the fix for CVE-2017-2616.
See <https://github.com/shadow-maint/shadow/pull/72> for more information.

* gnu/packages/admin.scm (shadow): Update to 4.5.
[source]: Remove patches.
* gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch,
gnu/packages/patches/shadow-CVE-2017-2616.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/admin.scm6
-rw-r--r--gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch31
-rw-r--r--gnu/packages/patches/shadow-CVE-2017-2616.patch72
4 files changed, 2 insertions, 109 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 1be412db3a..7dd45c892e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -967,8 +967,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/screen-fix-info-syntax-error.patch	\
   %D%/packages/patches/sdl-libx11-1.6.patch			\
   %D%/packages/patches/seq24-rename-mutex.patch			\
-  %D%/packages/patches/shadow-4.4-su-snprintf-fix.patch         \
-  %D%/packages/patches/shadow-CVE-2017-2616.patch		\
   %D%/packages/patches/slim-session.patch			\
   %D%/packages/patches/slim-config.patch			\
   %D%/packages/patches/slim-sigusr1.patch			\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 1610729c44..aa6ccc0a73 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -281,17 +281,15 @@ client and server, a telnet client and server, and an rsh client and server.")
 (define-public shadow
   (package
     (name "shadow")
-    (version "4.4")
+    (version "4.5")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://github.com/shadow-maint/shadow/releases/"
                     "download/" version "/shadow-" version ".tar.xz"))
-              (patches (search-patches "shadow-4.4-su-snprintf-fix.patch"
-                                       "shadow-CVE-2017-2616.patch"))
               (sha256
                (base32
-                "0g7hf55ar2pafg5g3ldx0fwzjk36wf4xb21p4ndanbjm3c2a9ab1"))))
+                "0hdpai78n63l3v3fgr3kkiqzhd0awrpfnnzz4mf7lmxdh61qb37w"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Assume System V `setpgrp (void)', which is the default on GNU
diff --git a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
deleted file mode 100644
index 3f357c4924..0000000000
--- a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Patch copied from upstream source repository:
-
-https://github.com/shadow-maint/shadow/commit/67d2bb6e0a5ac124ce1f026dd5723217b1493194
-
-From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
-From: Serge Hallyn <serge@hallyn.com>
-Date: Sun, 18 Sep 2016 21:31:18 -0500
-Subject: [PATCH] su.c: fix missing length argument to snprintf
-
----
- src/su.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/su.c b/src/su.c
-index 0c50a9456afd..93ffd2fbe2b4 100644
---- a/src/su.c
-+++ b/src/su.c
-@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
- 		              stderr);
- 		(void) kill (-pid_child, caught);
- 
--		snprintf (kill_msg, _(" ...killed.\n"));
--		snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
-+		snprintf (kill_msg, 256, _(" ...killed.\n"));
-+		snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
- 
- 		(void) signal (SIGALRM, kill_child);
- 		(void) alarm (2);
--- 
-2.11.0.rc2
-
diff --git a/gnu/packages/patches/shadow-CVE-2017-2616.patch b/gnu/packages/patches/shadow-CVE-2017-2616.patch
deleted file mode 100644
index f88aac40bc..0000000000
--- a/gnu/packages/patches/shadow-CVE-2017-2616.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Fix CVE-2017-2616:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
-http://seclists.org/oss-sec/2017/q1/490
-http://seclists.org/oss-sec/2017/q1/474
-
-Patch copied from upstream source repository:
-
-https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686
-
-From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Thu, 23 Feb 2017 09:47:29 -0600
-Subject: [PATCH] su: properly clear child PID
-
-If su is compiled with PAM support, it is possible for any local user
-to send SIGKILL to other processes with root privileges. There are
-only two conditions. First, the user must be able to perform su with
-a successful login. This does NOT have to be the root user, even using
-su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
-can only be sent to processes which were executed after the su process.
-It is not possible to send SIGKILL to processes which were already
-running. I consider this as a security vulnerability, because I was
-able to write a proof of concept which unlocked a screen saver of
-another user this way.
----
- src/su.c | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/src/su.c b/src/su.c
-index f20d230..d86aa86 100644
---- a/src/su.c
-+++ b/src/su.c
-@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void)
- 				/* wake child when resumed */
- 				kill (pid, SIGCONT);
- 				stop = false;
-+			} else {
-+				pid_child = 0;
- 			}
- 		} while (!stop);
- 	}
- 
--	if (0 != caught) {
-+	if (0 != caught && 0 != pid_child) {
- 		(void) fputs ("\n", stderr);
- 		(void) fputs (_("Session terminated, terminating shell..."),
- 		              stderr);
-@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void)
- 		snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n"));
- 
- 		(void) signal (SIGALRM, kill_child);
-+		(void) signal (SIGCHLD, catch_signals);
- 		(void) alarm (2);
- 
--		(void) wait (&status);
-+		sigemptyset (&ourset);
-+		if ((sigaddset (&ourset, SIGALRM) != 0)
-+		    || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
-+			fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
-+			kill_child (0);
-+		} else {
-+			while (0 == waitpid (pid_child, &status, WNOHANG)) {
-+				sigsuspend (&ourset);
-+			}
-+			pid_child = 0;
-+			(void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
-+		}
-+
- 		(void) fputs (_(" ...terminated.\n"), stderr);
- 	}
-