Your message dated Sun, 16 Jun 2019 14:25:03 +0000
with message-id <e1hcw5f-0006or...@respighi.debian.org>
and subject line unblock tenshi
has caused the Debian Bug report #930610,
regarding unblock: tenshi/0.13-2.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930610
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package tenshi
This upload is primarily intended to fix the version ordering violation
introduced by the CVE fix in wheezy-lts that never went into sid or
stretch:
tenshi | 0.11-2 | squeeze | source, all
tenshi | 0.13-2 | wheezy | source, all
tenshi | 0.13-2 | stretch | source, all
tenshi | 0.13-2 | buster | source, all
tenshi | 0.13-2 | sid | source, all
tenshi | 0.13-2+deb7u1 | wheezy-security | source, all
This is a rebuild of 0.13-2+deb7u1 for sid. I'll follow up with
0.13-2.1~deb9u1 for stretch.
unblock tenshi/0.13-2.1
Andreas
diff -Nru tenshi-0.13/debian/changelog tenshi-0.13/debian/changelog
--- tenshi-0.13/debian/changelog 2012-02-13 05:30:17.000000000 +0100
+++ tenshi-0.13/debian/changelog 2019-06-16 14:24:39.000000000 +0200
@@ -1,3 +1,19 @@
+tenshi (0.13-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Upload to unstable.
+ * Drop DMUA.
+
+ -- Andreas Beckmann <a...@debian.org> Sun, 16 Jun 2019 14:24:39 +0200
+
+tenshi (0.13-2+deb7u1) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Debian LTS team.
+ * Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary
+ processes (Closes: #871321)
+
+ -- Lucas Kanashiro <kanash...@debian.org> Sun, 27 Aug 2017 14:47:19 -0300
+
tenshi (0.13-2) unstable; urgency=low
* debian/init:
diff -Nru tenshi-0.13/debian/control tenshi-0.13/debian/control
--- tenshi-0.13/debian/control 2012-02-10 05:23:20.000000000 +0100
+++ tenshi-0.13/debian/control 2019-06-16 13:55:10.000000000 +0200
@@ -2,7 +2,6 @@
Section: admin
Priority: optional
Maintainer: Ignace Mouzannar <mouzan...@gmail.com>
-DM-Upload-Allowed: yes
Build-Depends: debhelper (>= 7.0.8)
Standards-Version: 3.9.2
Vcs-Svn: svn://svn.debian.org/collab-maint/ext-maint/tenshi/trunk/
diff -Nru tenshi-0.13/debian/patches/CVE-2017-11746.patch
tenshi-0.13/debian/patches/CVE-2017-11746.patch
--- tenshi-0.13/debian/patches/CVE-2017-11746.patch 1970-01-01
01:00:00.000000000 +0100
+++ tenshi-0.13/debian/patches/CVE-2017-11746.patch 2017-08-27
19:53:26.000000000 +0200
@@ -0,0 +1,36 @@
+Description: save PID after forking but before changing privileges
+ This is an adaptation of upstream commit
+ (d0e7f28c13ffbd5888b31d6532c2faf78f10f176) that fixes CVE-2017-11746. It was
+ written by Andrea Barisani.
+Author: Lucas Kanashiro <kanash...@debian.org>
+Last-Updated: 2017-08-27
+
+--- a/tenshi
++++ b/tenshi
+@@ -122,8 +122,6 @@ if ($listen) {
+
+ $SIG{'CHLD'} = sub { $debug && debug(5,'CHLD') ; print RED "[ERROR] Child
died. Bailing out\n"; $time_to_die = 1; };
+
+-prepare_process();
+-
+ #
+ # sanity checks
+ #
+@@ -242,8 +240,6 @@ if (!($debug || $profile || $foreground)
+ daemonize();
+ }
+
+-save_pid();
+-
+ while (!$time_to_die) {
+ my $now = time;
+
+@@ -963,6 +959,8 @@ sub daemonize {
+ defined(my $pid = fork) or clean_up and die RED "[ERROR] can't fork:
$!\n";
+ exit if $pid;
+ setsid() or clean_up and die RED "[ERROR] can't start
a new session: $!\n";
++ save_pid();
++ prepare_process();
+ }
+
+ sub save_pid {
diff -Nru tenshi-0.13/debian/patches/series tenshi-0.13/debian/patches/series
--- tenshi-0.13/debian/patches/series 2012-02-10 04:37:37.000000000 +0100
+++ tenshi-0.13/debian/patches/series 2017-08-26 20:50:46.000000000 +0200
@@ -1,2 +1,3 @@
10-Makefile.diff
20-manpage.diff
+CVE-2017-11746.patch
--- End Message ---
--- Begin Message ---
Unblocked tenshi.
--- End Message ---