Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

This upload is primarily intended to fix the version ordering violation
introduced by the CVE fix from 2017 in wheezy-lts that only went to sid
(and got unblocked for buster) today:

 tenshi | 0.11-2        | squeeze         | source, all
 tenshi | 0.13-2        | wheezy          | source, all
 tenshi | 0.13-2        | stretch         | source, all
 tenshi | 0.13-2        | buster          | source, all
 tenshi | 0.13-2+deb7u1 | wheezy-security | source, all
 tenshi | 0.13-2.1      | sid             | source, all

This is a rebuild of 0.13-2.1 from sid (which itself was a rebuild of
0.13-2+deb7u1 from wheezy-lts).

The package is already uploaded.


Andreas
diff -Nru tenshi-0.13/debian/changelog tenshi-0.13/debian/changelog
--- tenshi-0.13/debian/changelog        2012-02-13 05:30:17.000000000 +0100
+++ tenshi-0.13/debian/changelog        2019-06-16 23:43:59.000000000 +0200
@@ -1,3 +1,26 @@
+tenshi (0.13-2.1~deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann <a...@debian.org>  Sun, 16 Jun 2019 23:43:59 +0200
+
+tenshi (0.13-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Upload to unstable.
+  * Drop DMUA.
+
+ -- Andreas Beckmann <a...@debian.org>  Sun, 16 Jun 2019 14:24:39 +0200
+
+tenshi (0.13-2+deb7u1) wheezy-security; urgency=high
+
+  * Non-maintainer upload by the Debian LTS team.
+  * Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary
+    processes  (Closes: #871321)
+
+ -- Lucas Kanashiro <kanash...@debian.org>  Sun, 27 Aug 2017 14:47:19 -0300
+
 tenshi (0.13-2) unstable; urgency=low
 
   * debian/init:
diff -Nru tenshi-0.13/debian/control tenshi-0.13/debian/control
--- tenshi-0.13/debian/control  2012-02-10 05:23:20.000000000 +0100
+++ tenshi-0.13/debian/control  2019-06-16 13:55:10.000000000 +0200
@@ -2,7 +2,6 @@
 Section: admin
 Priority: optional
 Maintainer: Ignace Mouzannar <mouzan...@gmail.com>
-DM-Upload-Allowed: yes
 Build-Depends: debhelper (>= 7.0.8)
 Standards-Version: 3.9.2
 Vcs-Svn: svn://svn.debian.org/collab-maint/ext-maint/tenshi/trunk/
diff -Nru tenshi-0.13/debian/patches/CVE-2017-11746.patch 
tenshi-0.13/debian/patches/CVE-2017-11746.patch
--- tenshi-0.13/debian/patches/CVE-2017-11746.patch     1970-01-01 
01:00:00.000000000 +0100
+++ tenshi-0.13/debian/patches/CVE-2017-11746.patch     2017-08-27 
19:53:26.000000000 +0200
@@ -0,0 +1,36 @@
+Description: save PID after forking but before changing privileges
+ This is an adaptation of upstream commit
+ (d0e7f28c13ffbd5888b31d6532c2faf78f10f176) that fixes CVE-2017-11746. It was
+ written by Andrea Barisani.
+Author: Lucas Kanashiro <kanash...@debian.org>
+Last-Updated: 2017-08-27
+
+--- a/tenshi
++++ b/tenshi
+@@ -122,8 +122,6 @@ if ($listen) {
+ 
+ $SIG{'CHLD'} = sub { $debug && debug(5,'CHLD') ; print RED "[ERROR] Child 
died. Bailing out\n"; $time_to_die = 1; };
+ 
+-prepare_process();
+-
+ #
+ # sanity checks
+ #
+@@ -242,8 +240,6 @@ if (!($debug || $profile || $foreground)
+     daemonize();
+ }
+ 
+-save_pid();
+-
+ while (!$time_to_die) {
+     my $now = time;
+ 
+@@ -963,6 +959,8 @@ sub daemonize {
+     defined(my $pid = fork)     or clean_up and die RED "[ERROR] can't fork: 
$!\n";
+     exit if $pid;
+     setsid()                    or clean_up and die RED "[ERROR] can't start 
a new session: $!\n";
++    save_pid();
++    prepare_process();
+ }
+ 
+ sub save_pid {
diff -Nru tenshi-0.13/debian/patches/series tenshi-0.13/debian/patches/series
--- tenshi-0.13/debian/patches/series   2012-02-10 04:37:37.000000000 +0100
+++ tenshi-0.13/debian/patches/series   2017-08-26 20:50:46.000000000 +0200
@@ -1,2 +1,3 @@
 10-Makefile.diff
 20-manpage.diff
+CVE-2017-11746.patch

Reply via email to