- Provide a switch to restore pre-CVE-2020-10737 behavior
- Always set the home directory permissions according to HOME_MODE
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
From 0.34.6:
- update license on src/buffer.h
- change /var/run -> /run in systemd service file (Orion Poplawski)
From 0.34.5:
- apply patch from Matthias Gerstner of the SUSE security team to fix a
possible race condition in the mkhomedir helper (CVE-2020-10737)
- only process SELinux contexts if SELinux is not disabled (Alexander Bokovoy)
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
- Drop Python 2 build-time dependency, which hasn't been used since we turned
off building the python bindings years ago (#1595853, #1642502).
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
- documentation updates
- update "prepend_user_name" behavior to be less surprising when used in
combination with "argument_passing_method" set to "cmdline"
- update pointers to pagure.io hosting
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
- tweak initialization so that we set up for providing our D-Bus APIs
before we register our names with the bus, so that we can handle any
requests that arrive before the acknowledgement of that registration,
which should make system activation a viable option
- fix a crasher in pam_oddjob_mkhomedir.so: remove an initialization step that
should have been removed when the module was modified to accept larger
replies (#1236970)
- open a connection to the bus for every service we're serving, instead of
using just one for the lot of them, so that we can tell which service a
client was attempting to contact if it sends a message to our unique
connection address instead of a well-known name, like dbus-python does
- tweak the logic for guessing which interface name is right when a request
doesn't include one, so that it has a better chance of finding the right one
- increase the initial size of the buffer that we pass to getpwnam_r in the
pam_oddjob_mkhomedir module (#1198812)
- catch calls to the method invocation helper function that mistakenly
didn't include the newly-required timeout value (#1089655,#1089656)
- stop overriding the system-wide UMASK default in our default
oddjobd-mkhomedir.conf file (#995097)