community/shadow: upgrade to 4.5

author: Natanael Copa <ncopa@alpinelinux.org> 2017-11-29 16:22:49 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2017-11-29 16:25:19 +0000
commit: fe20e8da2f8b7fb6f208cccf8f369400d947a6a2 (patch)
tree: 70741c6972793be929492690674bf786596f43ca
parent: da5ea802a3975665ace500b89e647ebf4007b232 (diff)
download: alpine_aports-fe20e8da2f8b7fb6f208cccf8f369400d947a6a2.tar.bz2
alpine_aports-fe20e8da2f8b7fb6f208cccf8f369400d947a6a2.tar.xz
alpine_aports-fe20e8da2f8b7fb6f208cccf8f369400d947a6a2.zip
6 files changed, 10 insertions, 267 deletions
diff --git a/community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch b/community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch
deleted file mode 100644
index 8f6f4e92e9..0000000000
--- a/community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Thu, 23 Feb 2017 09:47:29 -0600
-Subject: [PATCH] su: properly clear child PID
-If su is compiled with PAM support, it is possible for any local user
-to send SIGKILL to other processes with root privileges. There are
-only two conditions. First, the user must be able to perform su with
-a successful login. This does NOT have to be the root user, even using
-su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
-can only be sent to processes which were executed after the su process.
-It is not possible to send SIGKILL to processes which were already
-running. I consider this as a security vulnerability, because I was
-able to write a proof of concept which unlocked a screen saver of
-another user this way.
---
- src/su.c | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
--- a/src/su.c
-+++ b/src/su.c
-@@ -363,20 +363,35 @@ static void prepare_pam_close_session (v
-                                /* wake child when resumed */
-                                kill (pid, SIGCONT);
-                                stop = false;
-+                       } else {
-+                               pid_child = 0;
-                        }
-                } while (!stop);
-        }
- 
-       if (0 != caught) {
-+       if (0 != caught && 0 != pid_child) {
-                (void) fputs ("\n", stderr);
-                (void) fputs (_("Session terminated, terminating shell..."),
-                              stderr);
-                (void) kill (-pid_child, caught);
- 
-                (void) signal (SIGALRM, kill_child);
-+               (void) signal (SIGCHLD, catch_signals);
-                (void) alarm (2);
- 
-               (void) wait (&status);
-+               sigemptyset (&ourset);
-+               if ((sigaddset (&ourset, SIGALRM) != 0)
-+                   || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
-+                       fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
-+                       kill_child (0);
-+               } else {
-+                       while (0 == waitpid (pid_child, &status, WNOHANG)) {
-+                               sigsuspend (&ourset);
-+                       }
-+                       pid_child = 0;
-+                       (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
-+               }
-+
-                (void) fputs (_(" ...terminated.\n"), stderr);
-        }
- 
diff --git a/community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch b/community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch
deleted file mode 100644
index 2f2195b401..0000000000
--- a/community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
-From: Sebastian Krahmer <krahmer@suse.com>
-Date: Wed, 3 Aug 2016 11:51:07 -0500
-Subject: [PATCH] Simplify getulong
-Use strtoul to read an unsigned long, rather than reading
-a signed long long and casting it.
-https://bugzilla.suse.com/show_bug.cgi?id=979282
---
- lib/getulong.c | 9 +++------
- 1 file changed, 3 insertions(+), 6 deletions(-)
-diff --git a/lib/getulong.c b/lib/getulong.c
-index 61579ca..08d2c1a 100644
--- a/lib/getulong.c
-+++ b/lib/getulong.c
-@@ -44,22 +44,19 @@
-  */
- int getulong (const char *numstr, /*@out@*/unsigned long int *result)
- {
-       long long int val;
-+       unsigned long int val;
-        char *endptr;
- 
-        errno = 0;
-       val = strtoll (numstr, &endptr, 0);
-+       val = strtoul (numstr, &endptr, 0);
-        if (    ('\0' == *numstr)
-             || ('\0' != *endptr)
-             || (ERANGE == errno)
-            /*@+ignoresigns@*/
-            || (val != (unsigned long int)val)
-            /*@=ignoresigns@*/
-           ) {
-                return 0;
-        }
- 
-       *result = (unsigned long int)val;
-+       *result = val;
-        return 1;
- }
- 
-- 
-2.1.4
diff --git a/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch b/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch
deleted file mode 100644
index 64aeb34131..0000000000
--- a/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 14 May 2017 17:58:10 +0200
-Subject: [PATCH] Reset pid_child only if waitpid was successful.
-Do not reset the pid_child to 0 if the child process is still
-running. This else-condition can be reached with pid being -1,
-therefore explicitly test this condition.
-This is a regression fix for CVE-2017-2616. If su receives a
-signal like SIGTERM, it is not propagated to the child.
-Reported-by: Radu Duta <raduduta@gmail.com>
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
- src/su.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/su.c
-+++ b/src/su.c
-@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
-                                /* wake child when resumed */
-                                kill (pid, SIGCONT);
-                                stop = false;
-                       } else {
-+                       } else if (   (pid_t)-1 != pid) {
-                                pid_child = 0;
-                        }
-                } while (!stop);
diff --git a/community/shadow/APKBUILD b/community/shadow/APKBUILD
index 3264772979..13dc98d7ae 100644
--- a/community/shadow/APKBUILD
+++ b/community/shadow/APKBUILD
@@ -2,8 +2,8 @@
 # Contributor: Jakub Jirutka <jakub@jirutka.cz>
 # Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
 pkgname=shadow
-pkgver=4.2.1
+pkgver=4.5
-pkgrel=11
+pkgrel=0
 pkgdesc="PAM-using login and passwd utilities (usermod, useradd, ...)"
 url="http://pkg-shadow.alioth.debian.org/"
 arch="all"
@@ -11,20 +11,19 @@ license="GPL"
 depends=""
 makedepends="linux-pam-dev"
 subpackages="$pkgname-doc $pkgname-dbg $pkgname-uidmap"
-source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz
+source="https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz
        login.pamd
        dots-in-usernames.patch
-        cross-size-checks.patch
-        verbose-error-when-uid-doesnt-match.patch
-        301-CVE-2017-2616-su-properly-clear-child-PID.patch
-        302-CVE-2016-6252-fix-integer-overflow.patch
-        303-Reset-pid_child-only-if-waitpid-was-successful.patch
        useradd-usergroups.patch
        pam-useradd.patch
        "
 # secfixes:
-#     - CVE-2016-6252
+#   4.5-r0:
-#     - CVE-2017-2616 (+ regression fix)
+#   - CVE-2017-12424
+#   4.2.1-r11:
+#   - CVE-2017-2616
+#   4.2.1-r7:
+#   - CVE-2016-6252
 options="suid"
 builddir="$srcdir/shadow-$pkgver"
@@ -104,13 +103,8 @@ uidmap() {
        touch etc/subuid etc/subgid
 }
-sha512sums="7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0  shadow-4.2.1.tar.xz
+sha512sums="e57f8db54df23301c229d4be30d4cbb67efa1d1809cffcff79adc480b6019fb2b5fd09e112e82a3f00ad5a6b2994592adac93f70a631cf666b6f4723b61c87b5  shadow-4.5.tar.xz
 46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd
 745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d  dots-in-usernames.patch
-c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4  cross-size-checks.patch
-1b3513772a7a0294b587723213e4464cc5a1a42ae6a79e9b9f9ea20083684a21d81e362f44d87ce2e6de2daf396d8422b39019923c0b0cbb44fa4c4c24613c0c  verbose-error-when-uid-doesnt-match.patch
-0954920ce9307948848d8f9ca5ea5bba4db8394793ef314ab5c6770948e96071748192b52ba8c31d543fe71ce0e6e2a7f3a2a92862966a940639a19df1048634  301-CVE-2017-2616-su-properly-clear-child-PID.patch
-36f494347cb980d85ea82331ec620a949be45f5f2c400a3b13f409a8d9c932c0f822cb0baa2ee78c6f356e7bf93de51c1b0f20730e8f3af36a746a5632d19bbe  302-CVE-2016-6252-fix-integer-overflow.patch
-e36d54759b71d48c62aefc4032e63deccafa69d22f8bae772b4c0ca135b431db9cd35a1a2a2adf5c76996e76e13ab82e1cf19bba70c6ca4414b3979a43c292c2  303-Reset-pid_child-only-if-waitpid-was-successful.patch
 49f1d5ded82d2d479805c77d7cc6274c30233596e375b28306b31a33f8fbfc3611dbc77d606081b8300247908c267297dbb6c5d1a30d56095dda53c6a636fb56  useradd-usergroups.patch
 0b4587e263cb6be12fa5ae6bc3b3fc4d3696dae355bc67d085dc58c52ff96edb4d163b95db2092b8c2f3310839430cac03c7af356641b42e24ee4aa6410f5cf1  pam-useradd.patch"
diff --git a/community/shadow/cross-size-checks.patch b/community/shadow/cross-size-checks.patch
deleted file mode 100644
index bd451ba1bb..0000000000
--- a/community/shadow/cross-size-checks.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
-From: James Le Cuirot <chewi@aura-online.co.uk>
-Date: Sat, 23 Aug 2014 09:46:39 +0100
-Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
-This built-in check is simpler than the previous method and, most
-importantly, works when cross-compiling.
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
- configure.in | 14 ++++----------
- 1 file changed, 4 insertions(+), 10 deletions(-)
-diff --git a/configure.in b/configure.in
-index 1a3f841..4a4d6d0 100644
--- a/configure.in
-+++ b/configure.in
-@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
-        dnl
-        dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
-        dnl
-       AC_RUN_IFELSE([AC_LANG_SOURCE([
-#include <sys/types.h>
-int main(void) {
-       uid_t u;
-       gid_t g;
-       return (sizeof u < 4) || (sizeof g < 4);
-}
-       ])], [id32bit="yes"], [id32bit="no"])
-
-       if test "x$id32bit" = "xyes"; then
-+       AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
-+       AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
-+
-+       if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
-                AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
-                enable_subids="yes"
-        else
-- 
-2.3.6
diff --git a/community/shadow/verbose-error-when-uid-doesnt-match.patch b/community/shadow/verbose-error-when-uid-doesnt-match.patch
deleted file mode 100644
index 6f104b438c..0000000000
--- a/community/shadow/verbose-error-when-uid-doesnt-match.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From: Hank Leininger <hlein@korelogic.com>
-Date: Mon, 6 Apr 2015 08:22:48 -0500
-Subject: [PATCH] Expand the error message when newuidmap / newgidmap do not
- like the user/group ownership of their target process.
-Currently the error is just:
-newuidmap: Target [pid] is owned by a different user
-With this patch it will be like:
-newuidmap: Target [pid] is owned by a different user: uid:0 pw_uid:0 st_uid:0, gid:0 pw_gid:0 st_gid:99
-Why is this useful?  Well, in my case...
-The grsecurity kernel-hardening patch includes an option to make parts
-of /proc unreadable, such as /proc/pid/ dirs for processes not owned by
-the current uid.  This comes with an option to make /proc/pid/
-directories readable by a specific gid; sysadmins and the like are then
-put into that group so they can see a full 'ps'.
-This means that the check in new[ug]idmap fails, as in the above quoted
-error - /proc/[targetpid] is owned by root, but the group is 99 so that
-users in group 99 can see the process.
-Some Googling finds dozens of people hitting this problem, but not
-*knowing* that they have hit this problem, because the errors and
-circumstances are non-obvious.
-Some graceful way of handling this and not failing, will be next ;)  But
-in the meantime it'd be nice to have new[ug]idmap emit a more useful
-error, so that it's easier to troubleshoot.
-Thanks!
-Signed-off-by: Hank Leininger <hlein@korelogic.com>
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
- src/newgidmap.c | 6 ++++--
- src/newuidmap.c | 6 ++++--
- 2 files changed, 8 insertions(+), 4 deletions(-)
-diff --git a/src/newgidmap.c b/src/newgidmap.c
-index a532b45..451c6a6 100644
--- a/src/newgidmap.c
-+++ b/src/newgidmap.c
-@@ -161,8 +161,10 @@ int main(int argc, char **argv)
-            (getgid() != pw->pw_gid) ||
-            (pw->pw_uid != st.st_uid) ||
-            (pw->pw_gid != st.st_gid)) {
-               fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
-                       Prog, target);
-+               fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-+                       Prog, target,
-+                       (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-+                       (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
-                return EXIT_FAILURE;
-        }
- 
-diff --git a/src/newuidmap.c b/src/newuidmap.c
-index 5150078..9c8bc1b 100644
--- a/src/newuidmap.c
-+++ b/src/newuidmap.c
-@@ -161,8 +161,10 @@ int main(int argc, char **argv)
-            (getgid() != pw->pw_gid) ||
-            (pw->pw_uid != st.st_uid) ||
-            (pw->pw_gid != st.st_gid)) {
-               fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
-                       Prog, target);
-+               fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
-+                       Prog, target,
-+                       (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
-+                       (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
-                return EXIT_FAILURE;
-        }
-\ No newline at end of file
author	Natanael Copa <ncopa@alpinelinux.org>	2017-11-29 16:22:49 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2017-11-29 16:25:19 +0000
commit	fe20e8da2f8b7fb6f208cccf8f369400d947a6a2 (patch)
tree	70741c6972793be929492690674bf786596f43ca
parent	da5ea802a3975665ace500b89e647ebf4007b232 (diff)
download	alpine_aports-fe20e8da2f8b7fb6f208cccf8f369400d947a6a2.tar.bz2 alpine_aports-fe20e8da2f8b7fb6f208cccf8f369400d947a6a2.tar.xz alpine_aports-fe20e8da2f8b7fb6f208cccf8f369400d947a6a2.zip

diff --git a/community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch b/community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch deleted file mode 100644 index 8f6f4e92e9..0000000000 --- a/community/shadow/301-CVE-2017-2616-su-properly-clear-child-PID.patch +++ /dev/null
@@ -1,59 +0,0 @@
1	From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001
2	From: Tobias Stoeckmann <tobias@stoeckmann.org>
3	Date: Thu, 23 Feb 2017 09:47:29 -0600
4	Subject: [PATCH] su: properly clear child PID
5
6	If su is compiled with PAM support, it is possible for any local user
7	to send SIGKILL to other processes with root privileges. There are
8	only two conditions. First, the user must be able to perform su with
9	a successful login. This does NOT have to be the root user, even using
10	su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
11	can only be sent to processes which were executed after the su process.
12	It is not possible to send SIGKILL to processes which were already
13	running. I consider this as a security vulnerability, because I was
14	able to write a proof of concept which unlocked a screen saver of
15	another user this way.
16	---
17	src/su.c \| 19 +++++++++++++++++--
18	1 file changed, 17 insertions(+), 2 deletions(-)
19
20	--- a/src/su.c
21	+++ b/src/su.c
22	@@ -363,20 +363,35 @@ static void prepare_pam_close_session (v
23	/* wake child when resumed */
24	kill (pid, SIGCONT);
25	stop = false;
26	+ } else {
27	+ pid_child = 0;
28	}
29	} while (!stop);
30	}
31
32	- if (0 != caught) {
33	+ if (0 != caught && 0 != pid_child) {
34	(void) fputs ("\n", stderr);
35	(void) fputs (_("Session terminated, terminating shell..."),
36	stderr);
37	(void) kill (-pid_child, caught);
38
39	(void) signal (SIGALRM, kill_child);
40	+ (void) signal (SIGCHLD, catch_signals);
41	(void) alarm (2);
42
43	- (void) wait (&status);
44	+ sigemptyset (&ourset);
45	+ if ((sigaddset (&ourset, SIGALRM) != 0)
46	+ \|\| (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
47	+ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
48	+ kill_child (0);
49	+ } else {
50	+ while (0 == waitpid (pid_child, &status, WNOHANG)) {
51	+ sigsuspend (&ourset);
52	+ }
53	+ pid_child = 0;
54	+ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
55	+ }
56	+
57	(void) fputs (_(" ...terminated.\n"), stderr);
58	}
59


diff --git a/community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch b/community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch deleted file mode 100644 index 2f2195b401..0000000000 --- a/community/shadow/302-CVE-2016-6252-fix-integer-overflow.patch +++ /dev/null
@@ -1,46 +0,0 @@
1	From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
2	From: Sebastian Krahmer <krahmer@suse.com>
3	Date: Wed, 3 Aug 2016 11:51:07 -0500
4	Subject: [PATCH] Simplify getulong
5
6	Use strtoul to read an unsigned long, rather than reading
7	a signed long long and casting it.
8
9	https://bugzilla.suse.com/show_bug.cgi?id=979282
10	---
11	lib/getulong.c \| 9 +++------
12	1 file changed, 3 insertions(+), 6 deletions(-)
13
14	diff --git a/lib/getulong.c b/lib/getulong.c
15	index 61579ca..08d2c1a 100644
16	--- a/lib/getulong.c
17	+++ b/lib/getulong.c
18	@@ -44,22 +44,19 @@
19	*/
20	int getulong (const char numstr, /@out@/unsigned long int result)
21	{
22	- long long int val;
23	+ unsigned long int val;
24	char *endptr;
25
26	errno = 0;
27	- val = strtoll (numstr, &endptr, 0);
28	+ val = strtoul (numstr, &endptr, 0);
29	if ( ('\0' == *numstr)
30	\|\| ('\0' != *endptr)
31	\|\| (ERANGE == errno)
32	- /@+ignoresigns@/
33	- \|\| (val != (unsigned long int)val)
34	- /@=ignoresigns@/
35	) {
36	return 0;
37	}
38
39	- *result = (unsigned long int)val;
40	+ *result = val;
41	return 1;
42	}
43
44	--
45	2.1.4
46


diff --git a/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch b/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch deleted file mode 100644 index 64aeb34131..0000000000 --- a/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch +++ /dev/null
@@ -1,29 +0,0 @@
1	From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
2	From: Tobias Stoeckmann <tobias@stoeckmann.org>
3	Date: Sun, 14 May 2017 17:58:10 +0200
4	Subject: [PATCH] Reset pid_child only if waitpid was successful.
5
6	Do not reset the pid_child to 0 if the child process is still
7	running. This else-condition can be reached with pid being -1,
8	therefore explicitly test this condition.
9
10	This is a regression fix for CVE-2017-2616. If su receives a
11	signal like SIGTERM, it is not propagated to the child.
12
13	Reported-by: Radu Duta <raduduta@gmail.com>
14	Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
15	---
16	src/su.c \| 2 +-
17	1 file changed, 1 insertion(+), 1 deletion(-)
18
19	--- a/src/su.c
20	+++ b/src/su.c
21	@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
22	/* wake child when resumed */
23	kill (pid, SIGCONT);
24	stop = false;
25	- } else {
26	+ } else if ( (pid_t)-1 != pid) {
27	pid_child = 0;
28	}
29	} while (!stop);


diff --git a/community/shadow/APKBUILD b/community/shadow/APKBUILD index 3264772979..13dc98d7ae 100644 --- a/community/shadow/APKBUILD +++ b/community/shadow/APKBUILD
@@ -2,8 +2,8 @@
2	# Contributor: Jakub Jirutka <jakub@jirutka.cz>	2	# Contributor: Jakub Jirutka <jakub@jirutka.cz>
3	# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>	3	# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
4	pkgname=shadow	4	pkgname=shadow
5	pkgver=4.2.1	5	pkgver=4.5
6	pkgrel=11	6	pkgrel=0
7	pkgdesc="PAM-using login and passwd utilities (usermod, useradd, ...)"	7	pkgdesc="PAM-using login and passwd utilities (usermod, useradd, ...)"
8	url="http://pkg-shadow.alioth.debian.org/"	8	url="http://pkg-shadow.alioth.debian.org/"
9	arch="all"	9	arch="all"
@@ -11,20 +11,19 @@ license="GPL"
11	depends=""	11	depends=""
12	makedepends="linux-pam-dev"	12	makedepends="linux-pam-dev"
13	subpackages="$pkgname-doc $pkgname-dbg $pkgname-uidmap"	13	subpackages="$pkgname-doc $pkgname-dbg $pkgname-uidmap"
14	source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz	14	source="https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz
15	login.pamd	15	login.pamd
16	dots-in-usernames.patch	16	dots-in-usernames.patch
17	cross-size-checks.patch
18	verbose-error-when-uid-doesnt-match.patch
19	301-CVE-2017-2616-su-properly-clear-child-PID.patch
20	302-CVE-2016-6252-fix-integer-overflow.patch
21	303-Reset-pid_child-only-if-waitpid-was-successful.patch
22	useradd-usergroups.patch	17	useradd-usergroups.patch
23	pam-useradd.patch	18	pam-useradd.patch
24	"	19	"
25	# secfixes:	20	# secfixes:
26	# - CVE-2016-6252	21	# 4.5-r0:
27	# - CVE-2017-2616 (+ regression fix)	22	# - CVE-2017-12424
		23	# 4.2.1-r11:
		24	# - CVE-2017-2616
		25	# 4.2.1-r7:
		26	# - CVE-2016-6252
28		27
29	options="suid"	28	options="suid"
30	builddir="$srcdir/shadow-$pkgver"	29	builddir="$srcdir/shadow-$pkgver"
@@ -104,13 +103,8 @@ uidmap() {
104	touch etc/subuid etc/subgid	103	touch etc/subuid etc/subgid
105	}	104	}
106		105
107	sha512sums="7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0 shadow-4.2.1.tar.xz	106	sha512sums="e57f8db54df23301c229d4be30d4cbb67efa1d1809cffcff79adc480b6019fb2b5fd09e112e82a3f00ad5a6b2994592adac93f70a631cf666b6f4723b61c87b5 shadow-4.5.tar.xz
108	46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d login.pamd	107	46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d login.pamd
109	745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d dots-in-usernames.patch	108	745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d dots-in-usernames.patch
110	c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4 cross-size-checks.patch
111	1b3513772a7a0294b587723213e4464cc5a1a42ae6a79e9b9f9ea20083684a21d81e362f44d87ce2e6de2daf396d8422b39019923c0b0cbb44fa4c4c24613c0c verbose-error-when-uid-doesnt-match.patch
112	0954920ce9307948848d8f9ca5ea5bba4db8394793ef314ab5c6770948e96071748192b52ba8c31d543fe71ce0e6e2a7f3a2a92862966a940639a19df1048634 301-CVE-2017-2616-su-properly-clear-child-PID.patch
113	36f494347cb980d85ea82331ec620a949be45f5f2c400a3b13f409a8d9c932c0f822cb0baa2ee78c6f356e7bf93de51c1b0f20730e8f3af36a746a5632d19bbe 302-CVE-2016-6252-fix-integer-overflow.patch
114	e36d54759b71d48c62aefc4032e63deccafa69d22f8bae772b4c0ca135b431db9cd35a1a2a2adf5c76996e76e13ab82e1cf19bba70c6ca4414b3979a43c292c2 303-Reset-pid_child-only-if-waitpid-was-successful.patch
115	49f1d5ded82d2d479805c77d7cc6274c30233596e375b28306b31a33f8fbfc3611dbc77d606081b8300247908c267297dbb6c5d1a30d56095dda53c6a636fb56 useradd-usergroups.patch	109	49f1d5ded82d2d479805c77d7cc6274c30233596e375b28306b31a33f8fbfc3611dbc77d606081b8300247908c267297dbb6c5d1a30d56095dda53c6a636fb56 useradd-usergroups.patch
116	0b4587e263cb6be12fa5ae6bc3b3fc4d3696dae355bc67d085dc58c52ff96edb4d163b95db2092b8c2f3310839430cac03c7af356641b42e24ee4aa6410f5cf1 pam-useradd.patch"	110	0b4587e263cb6be12fa5ae6bc3b3fc4d3696dae355bc67d085dc58c52ff96edb4d163b95db2092b8c2f3310839430cac03c7af356641b42e24ee4aa6410f5cf1 pam-useradd.patch"


diff --git a/community/shadow/cross-size-checks.patch b/community/shadow/cross-size-checks.patch deleted file mode 100644 index bd451ba1bb..0000000000 --- a/community/shadow/cross-size-checks.patch +++ /dev/null
@@ -1,42 +0,0 @@
1	From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
2	From: James Le Cuirot <chewi@aura-online.co.uk>
3	Date: Sat, 23 Aug 2014 09:46:39 +0100
4	Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
5
6	This built-in check is simpler than the previous method and, most
7	importantly, works when cross-compiling.
8
9	Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
10	---
11	configure.in \| 14 ++++----------
12	1 file changed, 4 insertions(+), 10 deletions(-)
13
14	diff --git a/configure.in b/configure.in
15	index 1a3f841..4a4d6d0 100644
16	--- a/configure.in
17	+++ b/configure.in
18	@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
19	dnl
20	dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
21	dnl
22	- AC_RUN_IFELSE([AC_LANG_SOURCE([
23	-#include <sys/types.h>
24	-int main(void) {
25	- uid_t u;
26	- gid_t g;
27	- return (sizeof u < 4) \|\| (sizeof g < 4);
28	-}
29	- ])], [id32bit="yes"], [id32bit="no"])
30	-
31	- if test "x$id32bit" = "xyes"; then
32	+ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
33	+ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
34	+
35	+ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
36	AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
37	enable_subids="yes"
38	else
39	--
40	2.3.6
41
42


diff --git a/community/shadow/verbose-error-when-uid-doesnt-match.patch b/community/shadow/verbose-error-when-uid-doesnt-match.patch deleted file mode 100644 index 6f104b438c..0000000000 --- a/community/shadow/verbose-error-when-uid-doesnt-match.patch +++ /dev/null
@@ -1,75 +0,0 @@
1	From: Hank Leininger <hlein@korelogic.com>
2	Date: Mon, 6 Apr 2015 08:22:48 -0500
3	Subject: [PATCH] Expand the error message when newuidmap / newgidmap do not
4	like the user/group ownership of their target process.
5
6	Currently the error is just:
7
8	newuidmap: Target [pid] is owned by a different user
9
10	With this patch it will be like:
11
12	newuidmap: Target [pid] is owned by a different user: uid:0 pw_uid:0 st_uid:0, gid:0 pw_gid:0 st_gid:99
13
14	Why is this useful? Well, in my case...
15
16	The grsecurity kernel-hardening patch includes an option to make parts
17	of /proc unreadable, such as /proc/pid/ dirs for processes not owned by
18	the current uid. This comes with an option to make /proc/pid/
19	directories readable by a specific gid; sysadmins and the like are then
20	put into that group so they can see a full 'ps'.
21
22	This means that the check in new[ug]idmap fails, as in the above quoted
23	error - /proc/[targetpid] is owned by root, but the group is 99 so that
24	users in group 99 can see the process.
25
26	Some Googling finds dozens of people hitting this problem, but not
27	knowing that they have hit this problem, because the errors and
28	circumstances are non-obvious.
29
30	Some graceful way of handling this and not failing, will be next ;) But
31	in the meantime it'd be nice to have new[ug]idmap emit a more useful
32	error, so that it's easier to troubleshoot.
33
34	Thanks!
35
36	Signed-off-by: Hank Leininger <hlein@korelogic.com>
37	Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
38	---
39	src/newgidmap.c \| 6 ++++--
40	src/newuidmap.c \| 6 ++++--
41	2 files changed, 8 insertions(+), 4 deletions(-)
42
43	diff --git a/src/newgidmap.c b/src/newgidmap.c
44	index a532b45..451c6a6 100644
45	--- a/src/newgidmap.c
46	+++ b/src/newgidmap.c
47	@@ -161,8 +161,10 @@ int main(int argc, char **argv)
48	(getgid() != pw->pw_gid) \|\|
49	(pw->pw_uid != st.st_uid) \|\|
50	(pw->pw_gid != st.st_gid)) {
51	- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
52	- Prog, target);
53	+ fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
54	+ Prog, target,
55	+ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
56	+ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
57	return EXIT_FAILURE;
58	}
59
60	diff --git a/src/newuidmap.c b/src/newuidmap.c
61	index 5150078..9c8bc1b 100644
62	--- a/src/newuidmap.c
63	+++ b/src/newuidmap.c
64	@@ -161,8 +161,10 @@ int main(int argc, char **argv)
65	(getgid() != pw->pw_gid) \|\|
66	(pw->pw_uid != st.st_uid) \|\|
67	(pw->pw_gid != st.st_gid)) {
68	- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
69	- Prog, target);
70	+ fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
71	+ Prog, target,
72	+ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
73	+ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
74	return EXIT_FAILURE;
75	} \ No newline at end of file