Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu
This upload is primarily intended to fix the version ordering violation
introduced by the CVE fix from 2017 in wheezy-lts that only went to sid
(and got unblocked for buster) today:
tenshi | 0.11-2 | squeeze | source, all
tenshi | 0.13-2 | wheezy | source, all
tenshi | 0.13-2 | stretch | source, all
tenshi | 0.13-2 | buster | source, all
tenshi | 0.13-2+deb7u1 | wheezy-security | source, all
tenshi | 0.13-2.1 | sid | source, all
This is a rebuild of 0.13-2.1 from sid (which itself was a rebuild of
0.13-2+deb7u1 from wheezy-lts).
The package is already uploaded.
Andreas
diff -Nru tenshi-0.13/debian/changelog tenshi-0.13/debian/changelog
--- tenshi-0.13/debian/changelog 2012-02-13 05:30:17.000000000 +0100
+++ tenshi-0.13/debian/changelog 2019-06-16 23:43:59.000000000 +0200
@@ -1,3 +1,26 @@
+tenshi (0.13-2.1~deb9u1) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Rebuild for stretch.
+
+ -- Andreas Beckmann <a...@debian.org> Sun, 16 Jun 2019 23:43:59 +0200
+
+tenshi (0.13-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Upload to unstable.
+ * Drop DMUA.
+
+ -- Andreas Beckmann <a...@debian.org> Sun, 16 Jun 2019 14:24:39 +0200
+
+tenshi (0.13-2+deb7u1) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Debian LTS team.
+ * Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary
+ processes (Closes: #871321)
+
+ -- Lucas Kanashiro <kanash...@debian.org> Sun, 27 Aug 2017 14:47:19 -0300
+
tenshi (0.13-2) unstable; urgency=low
* debian/init:
diff -Nru tenshi-0.13/debian/control tenshi-0.13/debian/control
--- tenshi-0.13/debian/control 2012-02-10 05:23:20.000000000 +0100
+++ tenshi-0.13/debian/control 2019-06-16 13:55:10.000000000 +0200
@@ -2,7 +2,6 @@
Section: admin
Priority: optional
Maintainer: Ignace Mouzannar <mouzan...@gmail.com>
-DM-Upload-Allowed: yes
Build-Depends: debhelper (>= 7.0.8)
Standards-Version: 3.9.2
Vcs-Svn: svn://svn.debian.org/collab-maint/ext-maint/tenshi/trunk/
diff -Nru tenshi-0.13/debian/patches/CVE-2017-11746.patch
tenshi-0.13/debian/patches/CVE-2017-11746.patch
--- tenshi-0.13/debian/patches/CVE-2017-11746.patch 1970-01-01
01:00:00.000000000 +0100
+++ tenshi-0.13/debian/patches/CVE-2017-11746.patch 2017-08-27
19:53:26.000000000 +0200
@@ -0,0 +1,36 @@
+Description: save PID after forking but before changing privileges
+ This is an adaptation of upstream commit
+ (d0e7f28c13ffbd5888b31d6532c2faf78f10f176) that fixes CVE-2017-11746. It was
+ written by Andrea Barisani.
+Author: Lucas Kanashiro <kanash...@debian.org>
+Last-Updated: 2017-08-27
+
+--- a/tenshi
++++ b/tenshi
+@@ -122,8 +122,6 @@ if ($listen) {
+
+ $SIG{'CHLD'} = sub { $debug && debug(5,'CHLD') ; print RED "[ERROR] Child
died. Bailing out\n"; $time_to_die = 1; };
+
+-prepare_process();
+-
+ #
+ # sanity checks
+ #
+@@ -242,8 +240,6 @@ if (!($debug || $profile || $foreground)
+ daemonize();
+ }
+
+-save_pid();
+-
+ while (!$time_to_die) {
+ my $now = time;
+
+@@ -963,6 +959,8 @@ sub daemonize {
+ defined(my $pid = fork) or clean_up and die RED "[ERROR] can't fork:
$!\n";
+ exit if $pid;
+ setsid() or clean_up and die RED "[ERROR] can't start
a new session: $!\n";
++ save_pid();
++ prepare_process();
+ }
+
+ sub save_pid {
diff -Nru tenshi-0.13/debian/patches/series tenshi-0.13/debian/patches/series
--- tenshi-0.13/debian/patches/series 2012-02-10 04:37:37.000000000 +0100
+++ tenshi-0.13/debian/patches/series 2017-08-26 20:50:46.000000000 +0200
@@ -1,2 +1,3 @@
10-Makefile.diff
20-manpage.diff
+CVE-2017-11746.patch
