diff options
| author | Balint Reczey <balint@balintreczey.hu> | 2017-02-24 00:57:31 +0100 |
|---|---|---|
| committer | Balint Reczey <balint@balintreczey.hu> | 2017-02-26 11:37:09 +0100 |
| commit | 096c5f276b00c51f89a531e2fd61ec1bd6b7ef2f (patch) | |
| tree | e255d68516679b4b7397cdcb330182fcb1f95c60 | |
| parent | ba9a0dec9da2c5939070aa99c93b0f84b93725ee (diff) | |
| download | shadow-jessie.tar.gz | |
Imported Debian patch 1:4.2-3+deb8u3debian/1%4.2-3+deb8u3jessie
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | debian/control | 3 | ||||
| -rw-r--r-- | debian/patches/302-CVE-2016-6252-fix-integer-overflow.patch | 46 | ||||
| -rw-r--r-- | debian/patches/523_su_arguments_are_concatenated | 8 | ||||
| -rw-r--r-- | debian/patches/523_su_arguments_are_no_more_concatenated_by_default | 10 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
6 files changed, 64 insertions, 12 deletions
diff --git a/debian/changelog b/debian/changelog index 0066bf0f..ef5a7e10 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +shadow (1:4.2-3+deb8u3) jessie-security; urgency=high + + * Fix integer overflow in getulong.c (CVE-2016-6252) (Closes: #832170) + * Refresh patches + * Add myself to uploaders replacing Nicolas FRANCOIS (Nekral) + + -- Balint Reczey <balint@balintreczey.hu> Fri, 24 Feb 2017 00:57:31 +0100 + shadow (1:4.2-3+deb8u2) jessie-security; urgency=high * Non-maintainer upload by the Security Team. diff --git a/debian/control b/debian/control index 6f06f5ba..232dc912 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,8 @@ Section: admin Priority: required Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> Standards-Version: 3.9.5 -Uploaders: Christian Perrier <bubulle@debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> +Uploaders: Christian Perrier <bubulle@debian.org>, + Balint Reczey <balint@balintreczey.hu> Build-Depends: dh-autoreconf, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3), bison, libaudit-dev [linux-any] ,hardening-wrapper Vcs-Git: git://anonscm.debian.org/git/pkg-shadow/shadow.git diff --git a/debian/patches/302-CVE-2016-6252-fix-integer-overflow.patch b/debian/patches/302-CVE-2016-6252-fix-integer-overflow.patch new file mode 100644 index 00000000..2f2195b4 --- /dev/null +++ b/debian/patches/302-CVE-2016-6252-fix-integer-overflow.patch @@ -0,0 +1,46 @@ +From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer <krahmer@suse.com> +Date: Wed, 3 Aug 2016 11:51:07 -0500 +Subject: [PATCH] Simplify getulong + +Use strtoul to read an unsigned long, rather than reading +a signed long long and casting it. + +https://bugzilla.suse.com/show_bug.cgi?id=979282 +--- + lib/getulong.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/lib/getulong.c b/lib/getulong.c +index 61579ca..08d2c1a 100644 +--- a/lib/getulong.c ++++ b/lib/getulong.c +@@ -44,22 +44,19 @@ + */ + int getulong (const char *numstr, /*@out@*/unsigned long int *result) + { +- long long int val; ++ unsigned long int val; + char *endptr; + + errno = 0; +- val = strtoll (numstr, &endptr, 0); ++ val = strtoul (numstr, &endptr, 0); + if ( ('\0' == *numstr) + || ('\0' != *endptr) + || (ERANGE == errno) +- /*@+ignoresigns@*/ +- || (val != (unsigned long int)val) +- /*@=ignoresigns@*/ + ) { + return 0; + } + +- *result = (unsigned long int)val; ++ *result = val; + return 1; + } + +-- +2.1.4 + diff --git a/debian/patches/523_su_arguments_are_concatenated b/debian/patches/523_su_arguments_are_concatenated index 6d994e23..9a22d22d 100644 --- a/debian/patches/523_su_arguments_are_concatenated +++ b/debian/patches/523_su_arguments_are_concatenated @@ -8,11 +8,9 @@ Status wrt upstream: This is a Debian specific patch. Note: the fix of the man page is still missing. (to be taken from the trunk) -Index: git/src/su.c -=================================================================== ---- git.orig/src/su.c -+++ git/src/su.c -@@ -1152,6 +1152,35 @@ +--- a/src/su.c ++++ b/src/su.c +@@ -1167,6 +1167,35 @@ argv[0] = "-c"; argv[1] = command; } diff --git a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default b/debian/patches/523_su_arguments_are_no_more_concatenated_by_default index e148d8d9..34f0248d 100644 --- a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default +++ b/debian/patches/523_su_arguments_are_no_more_concatenated_by_default @@ -8,10 +8,8 @@ Etch. Status wrt upstream: This patch is Debian specific. -Index: git/src/su.c -=================================================================== ---- git.orig/src/su.c -+++ git/src/su.c +--- a/src/su.c ++++ b/src/su.c @@ -104,6 +104,19 @@ /* If nonzero, change some environment vars to indicate the user su'd to. */ static bool change_environment = true; @@ -32,7 +30,7 @@ Index: git/src/su.c #ifdef USE_PAM static pam_handle_t *pamh = NULL; static int caught = 0; -@@ -949,6 +962,8 @@ +@@ -964,6 +977,8 @@ int ret; #endif /* USE_PAM */ @@ -41,7 +39,7 @@ Index: git/src/su.c (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); -@@ -1156,7 +1171,7 @@ +@@ -1171,7 +1186,7 @@ * resulting string is always given to the shell with its * -c option. */ diff --git a/debian/patches/series b/debian/patches/series index ceb25e02..56790820 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,6 +5,7 @@ 503_shadowconfig.8 008_login_log_failure_in_FTMP 301-CVE-2017-2616-su-properly-clear-child-PID.patch +302-CVE-2016-6252-fix-integer-overflow.patch 429_login_FAILLOG_ENAB 401_cppw_src.dpatch # 402 should be merged in 401, but should be reviewed by SE Linux experts first |