util-linux: add patch for CVE-2017-2616

adds CVE-2017-2616.patch taken from upstream commit f1b8b84d3476ac910d922c63a50a4129adbaf584 to fix the corresponding security issue. Closes: #5824 [via git-merge-pr]
2017-02-25 13:39:26 +01:00 · 2017-02-25 13:39:26 +01:00 · 2fb179d50c
parent 0e9b60638f
commit 2fb179d50c
2 changed files with 38 additions and 1 deletions
--- a/srcpkgs/util-linux/patches/CVE-2017-2616.patch
+++ b/srcpkgs/util-linux/patches/CVE-2017-2616.patch
@ -0,0 +1,37 @@
+--- login-utils/su-common.c
+++ login-utils/su-common.c
+@@ -368,6 +368,9 @@ create_watching_parent (void)
+             }
+           else
+             status = WEXITSTATUS (status);
+
+	  /* child is gone, don't use the PID anymore */
+	  child = (pid_t) -1;
+         }
+       else if (caught_signal)
+         status = caught_signal + 128;
+@@ -377,7 +380,7 @@ create_watching_parent (void)
+   else
+     status = 1;
+ 
+-  if (caught_signal)
+  if (caught_signal && child != (pid_t)-1)
+     {
+       fprintf (stderr, _("\nSession terminated, killing shell..."));
+       kill (child, SIGTERM);
+@@ -387,9 +390,12 @@ create_watching_parent (void)
+ 
+   if (caught_signal)
+     {
+-      sleep (2);
+-      kill (child, SIGKILL);
+-      fprintf (stderr, _(" ...killed.\n"));
+      if (child != (pid_t)-1)
+	{
+	  sleep (2);
+	  kill (child, SIGKILL);
+	  fprintf (stderr, _(" ...killed.\n"));
+	}
+ 
+       /* Let's terminate itself with the received signal.
+        *
--- a/srcpkgs/util-linux/template
+++ b/srcpkgs/util-linux/template
@ -1,7 +1,7 @@
 # Template file for 'util-linux'
 pkgname=util-linux
 version=2.28.2
-revision=3
+revision=4
 short_desc="Miscellaneous linux utilities"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 homepage="https://www.kernel.org/pub/linux/utils/util-linux/"