rpms/shadow-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

gpasswd: fix password leak

Browse Source 
Resolves: #2215947

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa 2023-07-12 10:17:39 +02:00
parent 1c073900c8
commit 334560bfdd
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
shadow-4.6-gpasswd-fix-password-leak.patch Normal file
View File

@ -0,0 +1,11 @@
diff -up shadow-4.9/src/gpasswd.c.gpasswd-fix-password-leak shadow-4.9/src/gpasswd.c
--- shadow-4.9/src/gpasswd.c.gpasswd-fix-password-leak 2023-07-12 09:38:32.062546006 +0200
+++ shadow-4.9/src/gpasswd.c 2023-07-12 09:42:33.194154548 +0200
@@ -857,6 +857,7 @@ static void change_passwd (struct group
strzero (cp);
cp = getpass (_("Re-enter new password: "));
if (NULL == cp) {
+ memzero (pass, sizeof pass);
exit (1);
}

8
shadow-utils.spec
View File

@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils Name: shadow-utils
Version: 4.6 Version: 4.6
Release: 18%{?dist} Release: 19%{?dist}
Epoch: 2 Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/ URL: http://pkg-shadow.alioth.debian.org/
Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
@ -98,6 +98,8 @@ Patch64: shadow-4.9-subordinateio-compare-owner-ID.patch
Patch65: shadow-4.6-useradd-check-if-subid-range-exists.patch Patch65: shadow-4.6-useradd-check-if-subid-range-exists.patch
# https://github.com/shadow-maint/shadow/commit/baae5b4a06c905d9f52ed1f922a0d7d0625d11cf # https://github.com/shadow-maint/shadow/commit/baae5b4a06c905d9f52ed1f922a0d7d0625d11cf
Patch66: shadow-4.6-skip-over-reserved-ids.patch Patch66: shadow-4.6-skip-over-reserved-ids.patch
# https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
Patch67: shadow-4.6-gpasswd-fix-password-leak.patch
License: BSD and GPLv2+ License: BSD and GPLv2+
Group: System Environment/Base Group: System Environment/Base
@ -200,6 +202,7 @@ Development files for shadow-utils-subid.
%patch64 -p1 -b .subordinateio-compare-owner-ID %patch64 -p1 -b .subordinateio-compare-owner-ID
%patch65 -p1 -b .useradd-check-if-subid-range-exists %patch65 -p1 -b .useradd-check-if-subid-range-exists
%patch66 -p1 -b .skip-over-reserved-ids %patch66 -p1 -b .skip-over-reserved-ids
%patch67 -p1 -b .gpasswd-fix-password-leak
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO cp -f doc/HOWTO.utf8 doc/HOWTO
@ -370,6 +373,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%{_libdir}/libsubid.so %{_libdir}/libsubid.so
%changelog %changelog
* Wed Jul 12 2023 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-19
- gpasswd: fix password leak. Resolves: #2215947
* Wed May 17 2023 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-18 * Wed May 17 2023 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-18
- Update patch to close label to reset libselinux state. Resolves: #1984740 - Update patch to close label to reset libselinux state. Resolves: #1984740
- useradd: check if subid range exists for user. Resolves: #2012929 - useradd: check if subid range exists for user. Resolves: #2012929