From 6a677844125bf74f4dac1fc2e4e7181281f7ae39 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Sat, 17 Nov 2018 03:03:49 +0000 Subject: Sat Nov 17 03:03:49 UTC 2018 a/acpid-2.0.31-x86_64-1.txz: Upgraded. a/shadow-4.6-x86_64-1.txz: Upgraded. l/gsettings-desktop-schemas-3.28.1-x86_64-1.txz: Upgraded. l/libkarma-0.1.2-x86_64-1.txz: Upgraded. l/v4l-utils-1.16.2-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-60.3.1-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/60.3.1/releasenotes/ --- source/a/acpid/acpid.url | 1 - source/a/shadow/doinst.sh | 1 + source/a/shadow/patches/README_PATCHES | 10 ------ source/a/shadow/shadow.CVE-2017-2616.diff | 55 ------------------------------- source/a/shadow/shadow.SlackBuild | 18 ++++------ source/a/shadow/slack-desc | 2 +- 6 files changed, 9 insertions(+), 78 deletions(-) delete mode 100644 source/a/acpid/acpid.url delete mode 100644 source/a/shadow/patches/README_PATCHES delete mode 100644 source/a/shadow/shadow.CVE-2017-2616.diff (limited to 'source/a') diff --git a/source/a/acpid/acpid.url b/source/a/acpid/acpid.url deleted file mode 100644 index 5b352a804..000000000 --- a/source/a/acpid/acpid.url +++ /dev/null @@ -1 +0,0 @@ -http://downloads.sourceforge.net/project/acpid2/acpid-2.0.30.tar.xz diff --git a/source/a/shadow/doinst.sh b/source/a/shadow/doinst.sh index 88fefb3af..2bc40e545 100644 --- a/source/a/shadow/doinst.sh +++ b/source/a/shadow/doinst.sh @@ -10,6 +10,7 @@ config() { # Otherwise, we leave the .new copy for the admin to consider... } +config etc/default/useradd.new config etc/login.access.new config etc/login.defs.new config var/log/faillog.new diff --git a/source/a/shadow/patches/README_PATCHES b/source/a/shadow/patches/README_PATCHES deleted file mode 100644 index 1d1f2173a..000000000 --- a/source/a/shadow/patches/README_PATCHES +++ /dev/null @@ -1,10 +0,0 @@ - -r3054.diff: Fixed wrong format string -r3055.diff: Help output to stderr not stdout. -r3060.diff: Fix memory leaks -r3062.diff: Avoid memzero() on a possibly NULL pointer. -r3096.diff: Fix parsing of gshadow entries. -r3090.diff: Fix improper sanitizing of locale variables. -r3160.diff: Fixed limits support (non PAM enabled versions only) -r3194.diff: shell's name must be -su when a su fakes a login. -r3299.diff: man/ru/Makefile.am: Remove double inclusion of $(man_nopam) diff --git a/source/a/shadow/shadow.CVE-2017-2616.diff b/source/a/shadow/shadow.CVE-2017-2616.diff deleted file mode 100644 index 4a5c44222..000000000 --- a/source/a/shadow/shadow.CVE-2017-2616.diff +++ /dev/null @@ -1,55 +0,0 @@ -su: properly clear child PID - -If su is compiled with PAM support, it is possible for any local user -to send SIGKILL to other processes with root privileges. There are -only two conditions. First, the user must be able to perform su with -a successful login. This does NOT have to be the root user, even using -su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL -can only be sent to processes which were executed after the su process. -It is not possible to send SIGKILL to processes which were already -running. I consider this as a security vulnerability, because I was -able to write a proof of concept which unlocked a screen saver of -another user this way. - -diff --git a/src/su.c b/src/su.c -index f20d230..d86aa86 100644 ---- a/src/su.c -+++ b/src/su.c -@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void) - /* wake child when resumed */ - kill (pid, SIGCONT); - stop = false; -+ } else { -+ pid_child = 0; - } - } while (!stop); - } - -- if (0 != caught) { -+ if (0 != caught && 0 != pid_child) { - (void) fputs ("\n", stderr); - (void) fputs (_("Session terminated, terminating shell..."), - stderr); -@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void) - snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n")); - - (void) signal (SIGALRM, kill_child); -+ (void) signal (SIGCHLD, catch_signals); - (void) alarm (2); - -- (void) wait (&status); -+ sigemptyset (&ourset); -+ if ((sigaddset (&ourset, SIGALRM) != 0) -+ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { -+ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); -+ kill_child (0); -+ } else { -+ while (0 == waitpid (pid_child, &status, WNOHANG)) { -+ sigsuspend (&ourset); -+ } -+ pid_child = 0; -+ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); -+ } -+ - (void) fputs (_(" ...terminated.\n"), stderr); - } diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild index d6ee4c9e0..c227b0f11 100755 --- a/source/a/shadow/shadow.SlackBuild +++ b/source/a/shadow/shadow.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=shadow VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-5} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -78,16 +78,6 @@ done # breakage: zcat $CWD/shadow.CVE-2005-4890.relax.diff.gz | patch -p1 --verbose || exit 1 -# Patch a race condition that allows a user to kill processes that they don't -# own. Note that the bug requires that shadow is using PAM, which is not yet -# the case on Slackware. So we're unaffected, but patching this anyway in -# -current, because you never know... -zcat $CWD/shadow.CVE-2017-2616.diff.gz | patch -p1 --verbose || exit 1 - -# Re-run automake because of r3299 patch to man/ru/Makefile.am: -# (not used because it doesn't work... above patch does the intended fix) -#automake -f - # Even if gethostname() returns the FQDN (long hostname), just display the # short version up to the first '.' on the login prompt: zcat $CWD/shadow.login.display.short.hostname.diff.gz | patch -p1 --verbose || exit 1 @@ -99,12 +89,17 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \; +if [ ! -r ./configure ]; then + ./autogen.sh +fi + CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/man \ --docdir=/usr/doc/shadow-$VERSION \ + --enable-man \ --enable-subordinate-ids \ --disable-shared \ --without-libcrack \ @@ -117,6 +112,7 @@ make install DESTDIR=$PKG || exit 1 # Fix user group = 100: zcat $CWD/useradd.gz > $PKG/etc/default/useradd +mv $PKG/etc/default/useradd $PKG/etc/default/useradd.new # /bin/groups is provided by coreutils. rm -f $PKG/bin/groups diff --git a/source/a/shadow/slack-desc b/source/a/shadow/slack-desc index d8b2266de..7263ee77d 100644 --- a/source/a/shadow/slack-desc +++ b/source/a/shadow/slack-desc @@ -15,5 +15,5 @@ shadow: system crackers obtain encrypted passwords. It was written by shadow: Julianne Frances Haugh and the Linux port is maintained by Tomasz shadow: Kloczko. shadow: -shadow: This package provides 'login', which is needed to log into the system. +shadow: Homepage: https://github.com/shadow-maint/shadow shadow: -- cgit v1.2.3-79-gdb01