Update to libuser-0.59 (CVE-2012-5630, CVE-2012-5644)

.gitignore

@@ -10,3 +10,4 @@ libuser-0.56.16.tar.xz
 /libuser-0.57.6.tar.xz
 /libuser-0.57.7.tar.xz
 /libuser-0.58.tar.xz
+/libuser-0.59.tar.xz

libuser-force-secure-getenv.patch

@@ -1,49 +0,0 @@
-diff --git a/configure.in b/configure.in
-index b9692c8..28364c3 100644
---- a/configure.in
-+++ b/configure.in
-@@ -13,6 +13,7 @@ AC_CHECK_PROG([YACC], [bison -y], [bison -y], [:])
- AC_PATH_PROG([NSCD], [nscd], [/usr/sbin/nscd],
- 	     [$PATH$PATH_SEPARATOR/usr/sbin$PATH_SEPARATOR/sbin])
- AC_ARG_VAR([NSCD], [Path to nscd])
-+AC_USE_SYSTEM_EXTENSIONS
- 
- LT_INIT([disable-static])
- 
-@@ -115,7 +116,7 @@ AC_TYPE_MODE_T
- AC_TYPE_OFF_T
- AC_TYPE_SIZE_T
- 
--AC_CHECK_FUNCS_ONCE([__secure_getenv])
-+AC_CHECK_FUNCS([__secure_getenv secure_getenv])
- 
- # Modify CFLAGS after all tests are run (some of them could fail because
- # of the -Werror).
-diff --git a/lib/config.c b/lib/config.c
-index 1b30f97..29e7120 100644
---- a/lib/config.c
-+++ b/lib/config.c
-@@ -40,8 +40,12 @@
-  * from the libuser configuration.
-  */
- 
--#ifdef HAVE___SECURE_GETENV
--#define getenv(string) __secure_getenv(string)
-+#if defined(HAVE_SECURE_GETENV)
-+#  define safe_getenv(string) secure_getenv(string)
-+#elif defined(HAVE___SECURE_GETENV)
-+#  define safe_getenv(string) __secure_getenv(string)
-+#else
-+#  error Neither secure_getenv not __secure_getenv are available
- #endif
- 
- struct config_config {
-@@ -266,7 +270,7 @@ lu_cfg_init(struct lu_context *context, struct lu_error **error)
- 	if ((getuid() == geteuid()) && (getgid() == getegid())) {
- 		const char *t;
- 
--		t = getenv("LIBUSER_CONF");
-+		t = safe_getenv("LIBUSER_CONF");
- 		if (t != NULL)
- 			filename = t;
- 	}

libuser.spec

@@ -1,22 +1,18 @@
 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 
 Name: libuser
-Version: 0.58
+Version: 0.59
-Release: 2%{?dist}
+Release: 1%{?dist}
 Group: System Environment/Base
 License: LGPLv2+
 URL: https://fedorahosted.org/libuser/
-# Upstream commit 51e9d56ed656c3aeceb39b7de5a1db7d976d4e51
-Patch0: libuser-force-secure-getenv.patch
 Source: https://fedorahosted.org/releases/l/i/libuser/libuser-%{version}.tar.xz
 BuildRequires: glib2-devel, linuxdoc-tools, pam-devel, popt-devel, python2-devel
 BuildRequires: cyrus-sasl-devel, libselinux-devel, openldap-devel
 # To make sure the configure script can find it
 BuildRequires: nscd
 # For %%check
-BuildRequires: openldap-clients, openldap-servers, openssl
+BuildRequires: fakeroot, openldap-clients, openldap-servers, openssl
-# For regenerating autoconf/automake files
-BuildRequires: gtk-doc, libtool, gettext-devel, automake, autoconf
 Summary: A user and group account administration library
 
 %description
@@ -49,17 +45,8 @@ administering user and group accounts.
 
 %prep
 %setup -q
-%patch0 -p1 -b .force_secure_getenv
 
 %build
-# Copied from upstream autogen.sh
-gtkdocize --docdir docs/reference
-libtoolize --force
-autopoint
-aclocal -I m4
-autoconf -Wall
-autoheader -Wall
-automake -Wall --add-missing
 %configure --with-selinux --with-ldap --with-html-dir=%{_datadir}/gtk-doc/html
 make
 
@@ -109,6 +96,10 @@ python -c "import libuser"
 %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Thu Mar 28 2013 Miloslav Trmač <mitr@redhat.com> - 0.59-1
+- Update to libuser-0.59 (CVE-2012-5630, CVE-2012-5644)
+  Resolves: #928846
+
 * Mon Feb  4 2013 Miloslav Trmač <mitr@redhat.com> - 0.58-2
 - Always use secure_getenv() or __secure_getenv(), fail build if neither is
   available.  Patch by Viktor Hercinger <vhercing@redhat.com>.

sources

@@ -1 +1 @@
-1fc3ef3f3a3955b2d78562ff4daed793  libuser-0.58.tar.xz
+22835cbfec894b1e9491845ed5023244  libuser-0.59.tar.xz