mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 13:58:15 -05:00
gnu: util-linux: Fix CVE-2017-2616.
* gnu/packages/patches/util-linux-CVE-2017-2616.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (util-linux)[replacement]: New field. (util-linux/fixed): New variable.
This commit is contained in:
parent
1c851cbe0c
commit
1d311009fe
3 changed files with 78 additions and 0 deletions
|
@ -953,6 +953,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/unzip-overflow-long-fsize.patch \
|
||||
%D%/packages/patches/unzip-remove-build-date.patch \
|
||||
%D%/packages/patches/util-linux-tests.patch \
|
||||
%D%/packages/patches/util-linux-CVE-2017-2616.patch \
|
||||
%D%/packages/patches/upower-builddir.patch \
|
||||
%D%/packages/patches/valgrind-enable-arm.patch \
|
||||
%D%/packages/patches/vdirsyncer-test-suite-slow-machines.patch \
|
||||
|
|
|
@ -495,6 +495,7 @@ (define-public psmisc
|
|||
(define-public util-linux
|
||||
(package
|
||||
(name "util-linux")
|
||||
(replacement util-linux/fixed)
|
||||
(version "2.28.1")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
|
@ -575,6 +576,17 @@ (define-public util-linux
|
|||
(license (list license:gpl3+ license:gpl2+ license:gpl2 license:lgpl2.0+
|
||||
license:bsd-4 license:public-domain))))
|
||||
|
||||
(define util-linux/fixed
|
||||
(package
|
||||
(inherit util-linux)
|
||||
(source
|
||||
(origin
|
||||
(inherit (package-source util-linux))
|
||||
(patches
|
||||
(append
|
||||
(origin-patches (package-source util-linux))
|
||||
(search-patches "util-linux-CVE-2017-2616.patch")))))))
|
||||
|
||||
(define-public procps
|
||||
(package
|
||||
(name "procps")
|
||||
|
|
65
gnu/packages/patches/util-linux-CVE-2017-2616.patch
Normal file
65
gnu/packages/patches/util-linux-CVE-2017-2616.patch
Normal file
|
@ -0,0 +1,65 @@
|
|||
Fix CVE-2017-2616:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
|
||||
http://seclists.org/oss-sec/2017/q1/474
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=dffab154d29a288aa171ff50263ecc8f2e14a891
|
||||
|
||||
From b018571132cb8c9fece3d75ed240cc74cdb5f0f7 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Wed, 1 Feb 2017 11:58:09 +0100
|
||||
Subject: [PATCH] su: properly clear child PID
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Reported-by: Tobias Stöckmann <tobias@stoeckmann.org>
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
---
|
||||
login-utils/su-common.c | 14 ++++++++++----
|
||||
1 file changed, 10 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
|
||||
index 0ea4e40bd..b1720f037 100644
|
||||
--- a/login-utils/su-common.c
|
||||
+++ b/login-utils/su-common.c
|
||||
@@ -376,6 +376,9 @@ create_watching_parent (void)
|
||||
}
|
||||
else
|
||||
status = WEXITSTATUS (status);
|
||||
+
|
||||
+ /* child is gone, don't use the PID anymore */
|
||||
+ child = (pid_t) -1;
|
||||
}
|
||||
else if (caught_signal)
|
||||
status = caught_signal + 128;
|
||||
@@ -385,7 +388,7 @@ create_watching_parent (void)
|
||||
else
|
||||
status = 1;
|
||||
|
||||
- if (caught_signal)
|
||||
+ if (caught_signal && child != (pid_t)-1)
|
||||
{
|
||||
fprintf (stderr, _("\nSession terminated, killing shell..."));
|
||||
kill (child, SIGTERM);
|
||||
@@ -395,9 +398,12 @@ create_watching_parent (void)
|
||||
|
||||
if (caught_signal)
|
||||
{
|
||||
- sleep (2);
|
||||
- kill (child, SIGKILL);
|
||||
- fprintf (stderr, _(" ...killed.\n"));
|
||||
+ if (child != (pid_t)-1)
|
||||
+ {
|
||||
+ sleep (2);
|
||||
+ kill (child, SIGKILL);
|
||||
+ fprintf (stderr, _(" ...killed.\n"));
|
||||
+ }
|
||||
|
||||
/* Let's terminate itself with the received signal.
|
||||
*
|
||||
--
|
||||
2.11.1
|
||||
|
Loading…
Reference in a new issue