Bug#930610: marked as done (unblock: tenshi/0.13-2.1)

Debian Bug Tracking System Sun, 16 Jun 2019 07:27:58 -0700

Your message dated Sun, 16 Jun 2019 14:25:03 +0000
with message-id <e1hcw5f-0006or...@respighi.debian.org>
and subject line unblock tenshi
has caused the Debian Bug report #930610,
regarding unblock: tenshi/0.13-2.1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
930610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930610
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package tenshi

This upload is primarily intended to fix the version ordering violation
introduced by the CVE fix in wheezy-lts that never went into sid or
stretch:

 tenshi | 0.11-2        | squeeze         | source, all
 tenshi | 0.13-2        | wheezy          | source, all
 tenshi | 0.13-2        | stretch         | source, all
 tenshi | 0.13-2        | buster          | source, all
 tenshi | 0.13-2        | sid             | source, all
 tenshi | 0.13-2+deb7u1 | wheezy-security | source, all

This is a rebuild of 0.13-2+deb7u1 for sid. I'll follow up with
0.13-2.1~deb9u1 for stretch.

unblock tenshi/0.13-2.1

Andreas

diff -Nru tenshi-0.13/debian/changelog tenshi-0.13/debian/changelog
--- tenshi-0.13/debian/changelog        2012-02-13 05:30:17.000000000 +0100
+++ tenshi-0.13/debian/changelog        2019-06-16 14:24:39.000000000 +0200
@@ -1,3 +1,19 @@
+tenshi (0.13-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Upload to unstable.
+  * Drop DMUA.
+
+ -- Andreas Beckmann <a...@debian.org>  Sun, 16 Jun 2019 14:24:39 +0200
+
+tenshi (0.13-2+deb7u1) wheezy-security; urgency=high
+
+  * Non-maintainer upload by the Debian LTS team.
+  * Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary
+    processes  (Closes: #871321)
+
+ -- Lucas Kanashiro <kanash...@debian.org>  Sun, 27 Aug 2017 14:47:19 -0300
+
 tenshi (0.13-2) unstable; urgency=low
 
   * debian/init:
diff -Nru tenshi-0.13/debian/control tenshi-0.13/debian/control
--- tenshi-0.13/debian/control  2012-02-10 05:23:20.000000000 +0100
+++ tenshi-0.13/debian/control  2019-06-16 13:55:10.000000000 +0200
@@ -2,7 +2,6 @@
 Section: admin
 Priority: optional
 Maintainer: Ignace Mouzannar <mouzan...@gmail.com>
-DM-Upload-Allowed: yes
 Build-Depends: debhelper (>= 7.0.8)
 Standards-Version: 3.9.2
 Vcs-Svn: svn://svn.debian.org/collab-maint/ext-maint/tenshi/trunk/
diff -Nru tenshi-0.13/debian/patches/CVE-2017-11746.patch 
tenshi-0.13/debian/patches/CVE-2017-11746.patch
--- tenshi-0.13/debian/patches/CVE-2017-11746.patch     1970-01-01 
01:00:00.000000000 +0100
+++ tenshi-0.13/debian/patches/CVE-2017-11746.patch     2017-08-27 
19:53:26.000000000 +0200
@@ -0,0 +1,36 @@
+Description: save PID after forking but before changing privileges
+ This is an adaptation of upstream commit
+ (d0e7f28c13ffbd5888b31d6532c2faf78f10f176) that fixes CVE-2017-11746. It was
+ written by Andrea Barisani.
+Author: Lucas Kanashiro <kanash...@debian.org>
+Last-Updated: 2017-08-27
+
+--- a/tenshi
++++ b/tenshi
+@@ -122,8 +122,6 @@ if ($listen) {
+ 
+ $SIG{'CHLD'} = sub { $debug && debug(5,'CHLD') ; print RED "[ERROR] Child 
died. Bailing out\n"; $time_to_die = 1; };
+ 
+-prepare_process();
+-
+ #
+ # sanity checks
+ #
+@@ -242,8 +240,6 @@ if (!($debug || $profile || $foreground)
+     daemonize();
+ }
+ 
+-save_pid();
+-
+ while (!$time_to_die) {
+     my $now = time;
+ 
+@@ -963,6 +959,8 @@ sub daemonize {
+     defined(my $pid = fork)     or clean_up and die RED "[ERROR] can't fork: 
$!\n";
+     exit if $pid;
+     setsid()                    or clean_up and die RED "[ERROR] can't start 
a new session: $!\n";
++    save_pid();
++    prepare_process();
+ }
+ 
+ sub save_pid {
diff -Nru tenshi-0.13/debian/patches/series tenshi-0.13/debian/patches/series
--- tenshi-0.13/debian/patches/series   2012-02-10 04:37:37.000000000 +0100
+++ tenshi-0.13/debian/patches/series   2017-08-26 20:50:46.000000000 +0200
@@ -1,2 +1,3 @@
 10-Makefile.diff
 20-manpage.diff
+CVE-2017-11746.patch

--- End Message ---

--- Begin Message ---
Unblocked tenshi.
--- End Message ---

Bug#930610: marked as done (unblock: tenshi/0.13-2.1)

Reply via email to