diff --git a/libuser-0.62-Do-not-use-deprecated-includes.patch b/libuser-0.62-Do-not-use-deprecated-includes.patch new file mode 100644 index 0000000..e5602a9 --- /dev/null +++ b/libuser-0.62-Do-not-use-deprecated-includes.patch @@ -0,0 +1,78 @@ +From 29d9996dd200916db888d41196f87609bce329ff Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Apr 07 2020 11:55:38 +0000 +Subject: Do not use deprecated flask.h and av_permissions.h + + +selinux/flask.h and selinux/av_permissions.h will be completely dropped in the +next SELinux release. + +Use string_to_security_class() and string_to_av_perm() to get class and +permission values. The original hardcoded values could be invalid and are +deprecated as the whole flask.h and av_permissions.h header files. + +Fixes: https://pagure.io/libuser/issue/44 + +--- + +diff --git a/apps/apputil.c b/apps/apputil.c +index 1937645..7413ab5 100644 +--- a/apps/apputil.c ++++ b/apps/apputil.c +@@ -26,8 +26,6 @@ + #include + #ifdef WITH_SELINUX + #include +-#include +-#include + #include + #endif + #include "../lib/error.h" +@@ -57,7 +55,7 @@ check_access(const char *chuser, access_vector_t access) + + retval = security_compute_av(user_context, + user_context, +- SECCLASS_PASSWD, ++ string_to_security_class("passwd"), + access, &avd); + + if (retval == 0 && (avd.allowed & access) == access) +@@ -221,19 +219,25 @@ lu_authenticate_unprivileged(struct lu_context *ctx, const char *user, + #ifdef WITH_SELINUX + if (is_selinux_enabled() > 0) { + /* FIXME: PASSWD_CHSH, PASSWD_PASSWD ? */ +- if (getuid() == 0 && check_access(user, PASSWD__CHFN) != 0) { +- security_context_t user_context; ++ if (getuid() == 0) { ++ security_class_t class; ++ access_vector_t perm; ++ class = string_to_security_class("passwd"); ++ perm = string_to_av_perm(class, "chfn"); ++ if (check_access(user, perm) != 0) { ++ security_context_t user_context; + +- if (getprevcon(&user_context) < 0) +- user_context = NULL; +- /* FIXME: "change the finger info?" */ +- fprintf(stderr, +- _("%s is not authorized to change the finger " +- "info of %s\n"), user_context ? user_context +- : _("Unknown user context"), user); +- if (user_context != NULL) +- freecon(user_context); +- goto err; ++ if (getprevcon(&user_context) < 0) ++ user_context = NULL; ++ /* FIXME: "change the finger info?" */ ++ fprintf(stderr, ++ _("%s is not authorized to change the finger " ++ "info of %s\n"), user_context ? user_context ++ : _("Unknown user context"), user); ++ if (user_context != NULL) ++ freecon(user_context); ++ goto err; ++ } + } + /* FIXME: is this right for lpasswd? */ + if (!lu_util_fscreate_from_file("/etc/passwd", NULL)) { + diff --git a/libuser.spec b/libuser.spec index b001537..afc3b24 100644 --- a/libuser.spec +++ b/libuser.spec @@ -1,6 +1,6 @@ Name: libuser Version: 0.62 -Release: 28%{?dist} +Release: 29%{?dist} License: LGPLv2+ URL: https://pagure.io/libuser Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz @@ -27,6 +27,9 @@ Summary: A user and group account administration library # Patch to address format-security. # Submitted upstream at https://pagure.io/libuser/pull-request/17 Patch1: 0001-Fix-errors-with-Werror-format-security.patch +# Patch to fix FTBFS by stopping the use of deprecated flask.h and av_permissions.h +# Submitted upstream at https://pagure.io/libuser/pull-request/45 +Patch2: libuser-0.62-Do-not-use-deprecated-includes.patch %description The libuser library implements a standardized interface for manipulating @@ -60,6 +63,7 @@ administering user and group accounts. %prep %setup -qn libuser-%{version} %patch1 -p1 +%patch2 -p1 %build %configure --with-selinux --with-ldap --with-html-dir=%{_datadir}/gtk-doc/html \ @@ -114,6 +118,9 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' %{_datadir}/gtk-doc/html/* %changelog +* Wed Sep 02 2020 Merlin Mathesius - 0.62-29 +- Pull in upstream patch that fixes FTBFS for Rawhide and ELN + * Sat Aug 01 2020 Fedora Release Engineering - 0.62-28 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild