Package: shadow / 1:4.4-4.1

Metadata

Package Version Patches format
shadow 1:4.4-4.1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Typos fix in german translation of man pages.patch | (download)

man/po/de.po | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch 1/2] typos fix in german translation of man pages

Reported to Debian BTS in #734609

0002 Last bits of enabling subuids.patch | (download)

src/newusers.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch 2/2] last bits of enabling subuids

This patch has been carried by Debian, originally
submitted to BTS in #739981

0003 Dutch translation update.patch | (download)

po/nl.po | 1370 737 + 633 - 0 !
1 file changed, 737 insertions(+), 633 deletions(-)

 [patch 3/3] dutch translation update


0004 Updated Czech translation.patch | (download)

po/cs.po | 760 350 + 410 - 0 !
1 file changed, 350 insertions(+), 410 deletions(-)

 [patch 4/4] updated czech translation


0005 Update for German man pages.patch | (download)

po/de.po | 858 27 + 831 - 0 !
1 file changed, 27 insertions(+), 831 deletions(-)

 [patch 5/5] update for german man pages


0006 French manpage translation.patch | (download)

po/fr.po | 12797 10223 + 2574 - 0 !
1 file changed, 10223 insertions(+), 2574 deletions(-)

 [patch 6/6] french manpage translation


0007 Fix some spelling issues in the Norwegian translatio.patch | (download)

po/nb.po | 13 7 + 6 - 0 !
po/nl.po | 8 4 + 4 - 0 !
2 files changed, 11 insertions(+), 10 deletions(-)

 [patch 7/7] fix some spelling issues in the norwegian translation


0008 su properly clear child PID.patch | (download)

src/su.c | 19 17 + 2 - 0 !
1 file changed, 17 insertions(+), 2 deletions(-)

 [patch] su: properly clear child pid

If su is compiled with PAM support, it is possible for any local user
to send SIGKILL to other processes with root privileges. There are
only two conditions. First, the user must be able to perform su with
a successful login. This does NOT have to be the root user, even using
su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
can only be sent to processes which were executed after the su process.
It is not possible to send SIGKILL to processes which were already
running. I consider this as a security vulnerability, because I was
able to write a proof of concept which unlocked a screen saver of
another user this way.

301 Reset pid_child only if waitpid was successful.patch | (download)

src/su.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] reset pid_child only if waitpid was successful.

Do not reset the pid_child to 0 if the child process is still
running. This else-condition can be reached with pid being -1,
therefore explicitly test this condition.

This is a regression fix for CVE-2017-2616. If su receives a
signal like SIGTERM, it is not propagated to the child.

Reported-by: Radu Duta <raduduta@gmail.com>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

503_shadowconfig.8 | (download)

man/fr/shadowconfig.8 | 26 26 + 0 - 0 !
man/ja/shadowconfig.8 | 25 25 + 0 - 0 !
man/pl/shadowconfig.8 | 27 27 + 0 - 0 !
man/shadowconfig.8 | 41 41 + 0 - 0 !
man/shadowconfig.8.xml | 52 52 + 0 - 0 !
5 files changed, 171 insertions(+)

---
008_login_log_failure_in_FTMP | (download)

lib/getdef.c | 2 1 + 1 - 0 !
src/login.c | 18 18 + 0 - 0 !
2 files changed, 19 insertions(+), 1 deletion(-)

---
429_login_FAILLOG_ENAB | (download)

lib/getdef.c | 1 1 + 0 - 0 !
src/login.c | 19 18 + 1 - 0 !
2 files changed, 19 insertions(+), 1 deletion(-)

---
401_cppw_src.dpatch | (download)

po/POTFILES.in | 1 1 + 0 - 0 !
src/Makefile.am | 2 2 + 0 - 0 !
src/cppw.c | 238 238 + 0 - 0 !
3 files changed, 241 insertions(+)

---
402_cppw_selinux | (download)

src/cppw.c | 28 28 + 0 - 0 !
1 file changed, 28 insertions(+)

---
506_relaxed_usernames | (download)

libmisc/chkname.c | 21 21 + 0 - 0 !
man/groupadd.8.xml | 8 7 + 1 - 0 !
man/useradd.8.xml | 10 9 + 1 - 0 !
3 files changed, 37 insertions(+), 2 deletions(-)

---
542_useradd O_option | (download)

man/useradd.8.xml | 5 5 + 0 - 0 !
src/useradd.c | 5 3 + 2 - 0 !
2 files changed, 8 insertions(+), 2 deletions(-)

---
463_login_delay_obeys_to_PAM | (download)

lib/getdef.c | 1 0 + 1 - 0 !
src/login.c | 19 5 + 14 - 0 !
2 files changed, 5 insertions(+), 15 deletions(-)

---
523_su_arguments_are_concatenated | (download)

src/su.c | 29 29 + 0 - 0 !
1 file changed, 29 insertions(+)

---
523_su_arguments_are_no_more_concatenated_by_default | (download)

src/su.c | 17 16 + 1 - 0 !
1 file changed, 16 insertions(+), 1 deletion(-)

---
508_nologin_in_usr_sbin | (download)

src/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
505_useradd_recommend_adduser | (download)

man/useradd.8.xml | 6 6 + 0 - 0 !
man/userdel.8.xml | 6 6 + 0 - 0 !
2 files changed, 12 insertions(+)

---
501_commonio_group_shadow | (download)

lib/commonio.c | 12 12 + 0 - 0 !
lib/sgroupio.c | 2 1 + 1 - 0 !
lib/shadowio.c | 2 1 + 1 - 0 !
3 files changed, 14 insertions(+), 2 deletions(-)

---
1010_vietnamese_translation | (download)

po/vi.po | 1420 545 + 875 - 0 !
1 file changed, 545 insertions(+), 875 deletions(-)

 [patch] update vietnamese translations