From 1d311009fe34a7b22814cc6a3386375ff9142d51 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 23 Feb 2017 14:49:47 -0500 Subject: gnu: util-linux: Fix CVE-2017-2616. * gnu/packages/patches/util-linux-CVE-2017-2616.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (util-linux)[replacement]: New field. (util-linux/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 12 ++++ .../patches/util-linux-CVE-2017-2616.patch | 65 ++++++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 gnu/packages/patches/util-linux-CVE-2017-2616.patch diff --git a/gnu/local.mk b/gnu/local.mk index 2954549759..515b154b9a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -953,6 +953,7 @@ dist_patch_DATA = \ %D%/packages/patches/unzip-overflow-long-fsize.patch \ %D%/packages/patches/unzip-remove-build-date.patch \ %D%/packages/patches/util-linux-tests.patch \ + %D%/packages/patches/util-linux-CVE-2017-2616.patch \ %D%/packages/patches/upower-builddir.patch \ %D%/packages/patches/valgrind-enable-arm.patch \ %D%/packages/patches/vdirsyncer-test-suite-slow-machines.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index a6c564b275..304c9f0512 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -495,6 +495,7 @@ providing the system administrator with some help in common tasks.") (define-public util-linux (package (name "util-linux") + (replacement util-linux/fixed) (version "2.28.1") (source (origin (method url-fetch) @@ -575,6 +576,17 @@ block devices, UUIDs, TTYs, and many other tools.") (license (list license:gpl3+ license:gpl2+ license:gpl2 license:lgpl2.0+ license:bsd-4 license:public-domain)))) +(define util-linux/fixed + (package + (inherit util-linux) + (source + (origin + (inherit (package-source util-linux)) + (patches + (append + (origin-patches (package-source util-linux)) + (search-patches "util-linux-CVE-2017-2616.patch"))))))) + (define-public procps (package (name "procps") diff --git a/gnu/packages/patches/util-linux-CVE-2017-2616.patch b/gnu/packages/patches/util-linux-CVE-2017-2616.patch new file mode 100644 index 0000000000..2c82fb06d2 --- /dev/null +++ b/gnu/packages/patches/util-linux-CVE-2017-2616.patch @@ -0,0 +1,65 @@ +Fix CVE-2017-2616: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 +http://seclists.org/oss-sec/2017/q1/474 + +Patch copied from upstream source repository: + +https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=dffab154d29a288aa171ff50263ecc8f2e14a891 + +From b018571132cb8c9fece3d75ed240cc74cdb5f0f7 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 1 Feb 2017 11:58:09 +0100 +Subject: [PATCH] su: properly clear child PID +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reported-by: Tobias Stöckmann +Signed-off-by: Karel Zak +--- + login-utils/su-common.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 0ea4e40bd..b1720f037 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -376,6 +376,9 @@ create_watching_parent (void) + } + else + status = WEXITSTATUS (status); ++ ++ /* child is gone, don't use the PID anymore */ ++ child = (pid_t) -1; + } + else if (caught_signal) + status = caught_signal + 128; +@@ -385,7 +388,7 @@ create_watching_parent (void) + else + status = 1; + +- if (caught_signal) ++ if (caught_signal && child != (pid_t)-1) + { + fprintf (stderr, _("\nSession terminated, killing shell...")); + kill (child, SIGTERM); +@@ -395,9 +398,12 @@ create_watching_parent (void) + + if (caught_signal) + { +- sleep (2); +- kill (child, SIGKILL); +- fprintf (stderr, _(" ...killed.\n")); ++ if (child != (pid_t)-1) ++ { ++ sleep (2); ++ kill (child, SIGKILL); ++ fprintf (stderr, _(" ...killed.\n")); ++ } + + /* Let's terminate itself with the received signal. + * +-- +2.11.1 + -- cgit v1.2.3