aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2017-11-29 16:22:49 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2017-11-29 16:25:19 +0000
commitfe20e8da2f8b7fb6f208cccf8f369400d947a6a2 (patch)
tree70741c6972793be929492690674bf786596f43ca
parentda5ea802a3975665ace500b89e647ebf4007b232 (diff)
downloadaports-fe20e8da2f8b7fb6f208cccf8f369400d947a6a2.tar.gz
aports-fe20e8da2f8b7fb6f208cccf8f369400d947a6a2.tar.bz2
aports-fe20e8da2f8b7fb6f208cccf8f369400d947a6a2.tar.xz
community/shadow: upgrade to 4.5
-rw-r--r--community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch59
-rw-r--r--community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch46
-rw-r--r--community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch29
-rw-r--r--community/shadow/APKBUILD26
-rw-r--r--community/shadow/cross-size-checks.patch42
-rw-r--r--community/shadow/verbose-error-when-uid-doesnt-match.patch75
6 files changed, 10 insertions, 267 deletions
diff --git a/community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch b/community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch
deleted file mode 100644
index 8f6f4e92e9..0000000000
--- a/community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Thu, 23 Feb 2017 09:47:29 -0600
-Subject: [PATCH] su: properly clear child PID
-
-If su is compiled with PAM support, it is possible for any local user
-to send SIGKILL to other processes with root privileges. There are
-only two conditions. First, the user must be able to perform su with
-a successful login. This does NOT have to be the root user, even using
-su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
-can only be sent to processes which were executed after the su process.
-It is not possible to send SIGKILL to processes which were already
-running. I consider this as a security vulnerability, because I was
-able to write a proof of concept which unlocked a screen saver of
-another user this way.
----
- src/su.c | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
-
---- a/src/su.c
-+++ b/src/su.c
-@@ -363,20 +363,35 @@ static void prepare_pam_close_session (v
- /* wake child when resumed */
- kill (pid, SIGCONT);
- stop = false;
-+ } else {
-+ pid_child = 0;
- }
- } while (!stop);
- }
-
-- if (0 != caught) {
-+ if (0 != caught && 0 != pid_child) {
- (void) fputs ("\n", stderr);
- (void) fputs (_("Session terminated, terminating shell..."),
- stderr);
- (void) kill (-pid_child, caught);
-
- (void) signal (SIGALRM, kill_child);
-+ (void) signal (SIGCHLD, catch_signals);
- (void) alarm (2);
-
-- (void) wait (&status);
-+ sigemptyset (&ourset);
-+ if ((sigaddset (&ourset, SIGALRM) != 0)
-+ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
-+ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
-+ kill_child (0);
-+ } else {
-+ while (0 == waitpid (pid_child, &status, WNOHANG)) {
-+ sigsuspend (&ourset);
-+ }
-+ pid_child = 0;
-+ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
-+ }
-+
- (void) fputs (_(" ...terminated.\n"), stderr);
- }
-
diff --git a/community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch b/community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch
deleted file mode 100644
index 2f2195b401..0000000000
--- a/community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
-From: Sebastian Krahmer <krahmer@suse.com>
-Date: Wed, 3 Aug 2016 11:51:07 -0500
-Subject: [PATCH] Simplify getulong
-
-Use strtoul to read an unsigned long, rather than reading
-a signed long long and casting it.
-
-https://bugzilla.suse.com/show_bug.cgi?id=979282
----
- lib/getulong.c | 9 +++------
- 1 file changed, 3 insertions(+), 6 deletions(-)
-
-diff --git a/lib/getulong.c b/lib/getulong.c
-index 61579ca..08d2c1a 100644
---- a/lib/getulong.c
-+++ b/lib/getulong.c
-@@ -44,22 +44,19 @@
- */
- int getulong (const char *numstr, /*@out@*/unsigned long int *result)
- {
-- long long int val;
-+ unsigned long int val;
- char *endptr;
-
- errno = 0;
-- val = strtoll (numstr, &endptr, 0);
-+ val = strtoul (numstr, &endptr, 0);
- if ( ('\0' == *numstr)
- || ('\0' != *endptr)
- || (ERANGE == errno)
-- /*@+ignoresigns@*/
-- || (val != (unsigned long int)val)
-- /*@=ignoresigns@*/
- ) {
- return 0;
- }
-
-- *result = (unsigned long int)val;
-+ *result = val;
- return 1;
- }
-
---
-2.1.4
-
diff --git a/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch b/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch
deleted file mode 100644
index 64aeb34131..0000000000
--- a/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 14 May 2017 17:58:10 +0200
-Subject: [PATCH] Reset pid_child only if waitpid was successful.
-
-Do not reset the pid_child to 0 if the child process is still
-running. This else-condition can be reached with pid being -1,
-therefore explicitly test this condition.
-
-This is a regression fix for CVE-2017-2616. If su receives a
-signal like SIGTERM, it is not propagated to the child.
-
-Reported-by: Radu Duta <raduduta@gmail.com>
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
----
- src/su.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/su.c
-+++ b/src/su.c
-@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
- /* wake child when resumed */
- kill (pid, SIGCONT);
- stop = false;
-- } else {
-+ } else if ( (pid_t)-1 != pid) {
- pid_child = 0;
- }
- } while (!stop);
diff --git a/community/shadow/APKBUILD b/community/shadow/APKBUILD
index 3264772979..13dc98d7ae 100644
--- a/community/shadow/APKBUILD
+++ b/community/shadow/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
pkgname=shadow
-pkgver=4.2.1
-pkgrel=11
+pkgver=4.5
+pkgrel=0
pkgdesc="PAM-using login and passwd utilities (usermod, useradd, ...)"
url="http://pkg-shadow.alioth.debian.org/"
arch="all"
@@ -11,20 +11,19 @@ license="GPL"
depends=""
makedepends="linux-pam-dev"
subpackages="$pkgname-doc $pkgname-dbg $pkgname-uidmap"
-source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz
+source="https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz
login.pamd
dots-in-usernames.patch
- cross-size-checks.patch
- verbose-error-when-uid-doesnt-match.patch
- 301-CVE-2017-2616-su-properly-clear-child-PID.patch
- 302-CVE-2016-6252-fix-integer-overflow.patch
- 303-Reset-pid_child-only-if-waitpid-was-successful.patch
useradd-usergroups.patch
pam-useradd.patch
"
# secfixes:
-# - CVE-2016-6252
-# - CVE-2017-2616 (+ regression fix)
+# 4.5-r0:
+# - CVE-2017-12424
+# 4.2.1-r11:
+# - CVE-2017-2616
+# 4.2.1-r7:
+# - CVE-2016-6252
options="suid"
builddir="$srcdir/shadow-$pkgver"
@@ -104,13 +103,8 @@ uidmap() {
touch etc/subuid etc/subgid
}
-sha512sums="7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0 shadow-4.2.1.tar.xz
+sha512sums="e57f8db54df23301c229d4be30d4cbb67efa1d1809cffcff79adc480b6019fb2b5fd09e112e82a3f00ad5a6b2994592adac93f70a631cf666b6f4723b61c87b5 shadow-4.5.tar.xz
46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d login.pamd
745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d dots-in-usernames.patch
-c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4 cross-size-checks.patch
-1b3513772a7a0294b587723213e4464cc5a1a42ae6a79e9b9f9ea20083684a21d81e362f44d87ce2e6de2daf396d8422b39019923c0b0cbb44fa4c4c24613c0c verbose-error-when-uid-doesnt-match.patch
-0954920ce9307948848d8f9ca5ea5bba4db8394793ef314ab5c6770948e96071748192b52ba8c31d543fe71ce0e6e2a7f3a2a92862966a940639a19df1048634 301-CVE-2017-2616-su-properly-clear-child-PID.patch
-36f494347cb980d85ea82331ec620a949be45f5f2c400a3b13f409a8d9c932c0f822cb0baa2ee78c6f356e7bf93de51c1b0f20730e8f3af36a746a5632d19bbe 302-CVE-2016-6252-fix-integer-overflow.patch
-e36d54759b71d48c62aefc4032e63deccafa69d22f8bae772b4c0ca135b431db9cd35a1a2a2adf5c76996e76e13ab82e1cf19bba70c6ca4414b3979a43c292c2 303-Reset-pid_child-only-if-waitpid-was-successful.patch
49f1d5ded82d2d479805c77d7cc6274c30233596e375b28306b31a33f8fbfc3611dbc77d606081b8300247908c267297dbb6c5d1a30d56095dda53c6a636fb56 useradd-usergroups.patch
0b4587e263cb6be12fa5ae6bc3b3fc4d3696dae355bc67d085dc58c52ff96edb4d163b95db2092b8c2f3310839430cac03c7af356641b42e24ee4aa6410f5cf1 pam-useradd.patch"
diff --git a/community/shadow/cross-size-checks.patch b/community/shadow/cross-size-checks.patch
deleted file mode 100644
index bd451ba1bb..0000000000
--- a/community/shadow/cross-size-checks.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
-From: James Le Cuirot <chewi@aura-online.co.uk>
-Date: Sat, 23 Aug 2014 09:46:39 +0100
-Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
-
-This built-in check is simpler than the previous method and, most
-importantly, works when cross-compiling.
-
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- configure.in | 14 ++++----------
- 1 file changed, 4 insertions(+), 10 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 1a3f841..4a4d6d0 100644
---- a/configure.in
-+++ b/configure.in
-@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
- dnl
- dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
- dnl
-- AC_RUN_IFELSE([AC_LANG_SOURCE([
--#include <sys/types.h>
--int main(void) {
-- uid_t u;
-- gid_t g;
-- return (sizeof u < 4) || (sizeof g < 4);
--}
-- ])], [id32bit="yes"], [id32bit="no"])
--
-- if test "x$id32bit" = "xyes"; then
-+ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
-+ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
-+
-+ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
- AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
- enable_subids="yes"
- else
---
-2.3.6
-
-
diff --git a/community/shadow/verbose-error-when-uid-doesnt-match.patch b/community/shadow/verbose-error-when-uid-doesnt-match.patch
deleted file mode 100644
index 6f104b438c..0000000000
--- a/community/shadow/verbose-error-when-uid-doesnt-match.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From: Hank Leininger <hlein@korelogic.com>
-Date: Mon, 6 Apr 2015 08:22:48 -0500
-Subject: [PATCH] Expand the error message when newuidmap / newgidmap do not
- like the user/group ownership of their target process.
-
-Currently the error is just:
-
-newuidmap: Target [pid] is owned by a different user
-
-With this patch it will be like:
-
-newuidmap: Target [pid] is owned by a different user: uid:0 pw_uid:0 st_uid:0, gid:0 pw_gid:0 st_gid:99
-
-Why is this useful? Well, in my case...
-
-The grsecurity kernel-hardening patch includes an option to make parts
-of /proc unreadable, such as /proc/pid/ dirs for processes not owned by
-the current uid. This comes with an option to make /proc/pid/
-directories readable by a specific gid; sysadmins and the like are then
-put into that group so they can see a full 'ps'.
-
-This means that the check in new[ug]idmap fails, as in the above quoted
-error - /proc/[targetpid] is owned by root, but the group is 99 so that
-users in group 99 can see the process.
-
-Some Googling finds dozens of people hitting this problem, but not
-*knowing* that they have hit this problem, because the errors and
-circumstances are non-obvious.
-
-Some graceful way of handling this and not failing, will be next ;) But
-in the meantime it'd be nice to have new[ug]idmap emit a more useful
-error, so that it's easier to troubleshoot.
-
-Thanks!
-
-Signed-off-by: Hank Leininger <hlein@korelogic.com>
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- src/newgidmap.c | 6 ++++--
- src/newuidmap.c | 6 ++++--
- 2 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/src/newgidmap.c b/src/newgidmap.c
-index a532b45..451c6a6 100644
---- a/src/newgidmap.c
-+++ b/src/newgidmap.c
-@@ -161,8 +161,10 @@ int main(int argc, char **argv)
- (getgid() != pw->pw_gid) ||
- (pw->pw_uid != st.st_uid) ||
- (pw->pw_gid != st.st_gid)) {
-- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
-- Prog, target);
-+ fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-+ Prog, target,
-+ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-+ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
- return EXIT_FAILURE;
- }
-
-diff --git a/src/newuidmap.c b/src/newuidmap.c
-index 5150078..9c8bc1b 100644
---- a/src/newuidmap.c
-+++ b/src/newuidmap.c
-@@ -161,8 +161,10 @@ int main(int argc, char **argv)
- (getgid() != pw->pw_gid) ||
- (pw->pw_uid != st.st_uid) ||
- (pw->pw_gid != st.st_gid)) {
-- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
-- Prog, target);
-+ fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-+ Prog, target,
-+ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-+ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
- return EXIT_FAILURE;
- } \ No newline at end of file