Pull in upstream patch that fixes FTBFS for Rawhide and ELN
Signed-off-by: Merlin Mathesius <mmathesi@redhat.com>
This commit is contained in:
Merlin Mathesius
parent
2a8d42b308
commit
480650e15c
78
libuser-0.62-Do-not-use-deprecated-includes.patch
Normal file
78
libuser-0.62-Do-not-use-deprecated-includes.patch
Normal file
@ -0,0 +1,78 @@
|
||||
From 29d9996dd200916db888d41196f87609bce329ff Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Apr 07 2020 11:55:38 +0000
|
||||
Subject: Do not use deprecated flask.h and av_permissions.h
|
||||
|
||||
|
||||
selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
|
||||
next SELinux release.
|
||||
|
||||
Use string_to_security_class() and string_to_av_perm() to get class and
|
||||
permission values. The original hardcoded values could be invalid and are
|
||||
deprecated as the whole flask.h and av_permissions.h header files.
|
||||
|
||||
Fixes: https://pagure.io/libuser/issue/44
|
||||
|
||||
---
|
||||
|
||||
diff --git a/apps/apputil.c b/apps/apputil.c
|
||||
index 1937645..7413ab5 100644
|
||||
--- a/apps/apputil.c
|
||||
+++ b/apps/apputil.c
|
||||
@@ -26,8 +26,6 @@
|
||||
#include <unistd.h>
|
||||
#ifdef WITH_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
-#include <selinux/av_permissions.h>
|
||||
-#include <selinux/flask.h>
|
||||
#include <selinux/context.h>
|
||||
#endif
|
||||
#include "../lib/error.h"
|
||||
@@ -57,7 +55,7 @@ check_access(const char *chuser, access_vector_t access)
|
||||
|
||||
retval = security_compute_av(user_context,
|
||||
user_context,
|
||||
- SECCLASS_PASSWD,
|
||||
+ string_to_security_class("passwd"),
|
||||
access, &avd);
|
||||
|
||||
if (retval == 0 && (avd.allowed & access) == access)
|
||||
@@ -221,19 +219,25 @@ lu_authenticate_unprivileged(struct lu_context *ctx, const char *user,
|
||||
#ifdef WITH_SELINUX
|
||||
if (is_selinux_enabled() > 0) {
|
||||
/* FIXME: PASSWD_CHSH, PASSWD_PASSWD ? */
|
||||
- if (getuid() == 0 && check_access(user, PASSWD__CHFN) != 0) {
|
||||
- security_context_t user_context;
|
||||
+ if (getuid() == 0) {
|
||||
+ security_class_t class;
|
||||
+ access_vector_t perm;
|
||||
+ class = string_to_security_class("passwd");
|
||||
+ perm = string_to_av_perm(class, "chfn");
|
||||
+ if (check_access(user, perm) != 0) {
|
||||
+ security_context_t user_context;
|
||||
|
||||
- if (getprevcon(&user_context) < 0)
|
||||
- user_context = NULL;
|
||||
- /* FIXME: "change the finger info?" */
|
||||
- fprintf(stderr,
|
||||
- _("%s is not authorized to change the finger "
|
||||
- "info of %s\n"), user_context ? user_context
|
||||
- : _("Unknown user context"), user);
|
||||
- if (user_context != NULL)
|
||||
- freecon(user_context);
|
||||
- goto err;
|
||||
+ if (getprevcon(&user_context) < 0)
|
||||
+ user_context = NULL;
|
||||
+ /* FIXME: "change the finger info?" */
|
||||
+ fprintf(stderr,
|
||||
+ _("%s is not authorized to change the finger "
|
||||
+ "info of %s\n"), user_context ? user_context
|
||||
+ : _("Unknown user context"), user);
|
||||
+ if (user_context != NULL)
|
||||
+ freecon(user_context);
|
||||
+ goto err;
|
||||
+ }
|
||||
}
|
||||
/* FIXME: is this right for lpasswd? */
|
||||
if (!lu_util_fscreate_from_file("/etc/passwd", NULL)) {
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libuser
|
||||
Version: 0.62
|
||||
Release: 28%{?dist}
|
||||
Release: 29%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: https://pagure.io/libuser
|
||||
Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz
|
||||
@ -27,6 +27,9 @@ Summary: A user and group account administration library
|
||||
# Patch to address format-security.
|
||||
# Submitted upstream at https://pagure.io/libuser/pull-request/17
|
||||
Patch1: 0001-Fix-errors-with-Werror-format-security.patch
|
||||
# Patch to fix FTBFS by stopping the use of deprecated flask.h and av_permissions.h
|
||||
# Submitted upstream at https://pagure.io/libuser/pull-request/45
|
||||
Patch2: libuser-0.62-Do-not-use-deprecated-includes.patch
|
||||
|
||||
%description
|
||||
The libuser library implements a standardized interface for manipulating
|
||||
@ -60,6 +63,7 @@ administering user and group accounts.
|
||||
%prep
|
||||
%setup -qn libuser-%{version}
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
%configure --with-selinux --with-ldap --with-html-dir=%{_datadir}/gtk-doc/html \
|
||||
@ -114,6 +118,9 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
|
||||
%{_datadir}/gtk-doc/html/*
|
||||
|
||||
%changelog
|
||||
* Wed Sep 02 2020 Merlin Mathesius <mmathesi@redhat.com> - 0.62-29
|
||||
- Pull in upstream patch that fixes FTBFS for Rawhide and ELN
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-28
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
Loading…
Reference in New Issue
Block a user