update to current upstream release 4.6
This commit is contained in:
parent
4cb5077b68
commit
38a12ac864
2
.gitignore
vendored
2
.gitignore
vendored
@ -8,3 +8,5 @@ shadow-4.1.4.2.tar.bz2
|
||||
/shadow-4.3.1.tar.gz
|
||||
/shadow-4.5.tar.xz
|
||||
/shadow-4.5.tar.xz.asc
|
||||
/shadow-4.6.tar.xz
|
||||
/shadow-4.6.tar.xz.asc
|
||||
|
@ -1,102 +0,0 @@
|
||||
Index: shadow-4.5/src/grpconv.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/grpconv.c
|
||||
+++ shadow-4.5/src/grpconv.c
|
||||
@@ -143,6 +143,7 @@ int main (int argc, char **argv)
|
||||
struct group grent;
|
||||
const struct sgrp *sg;
|
||||
struct sgrp sgent;
|
||||
+ char *np;
|
||||
|
||||
Prog = Basename (argv[0]);
|
||||
|
||||
@@ -184,20 +185,25 @@ int main (int argc, char **argv)
|
||||
* Remove /etc/gshadow entries for groups not in /etc/group.
|
||||
*/
|
||||
(void) sgr_rewind ();
|
||||
- while ((sg = sgr_next ()) != NULL) {
|
||||
- if (gr_locate (sg->sg_name) != NULL) {
|
||||
- continue;
|
||||
- }
|
||||
-
|
||||
- if (sgr_remove (sg->sg_name) == 0) {
|
||||
- /*
|
||||
- * This shouldn't happen (the entry exists) but...
|
||||
- */
|
||||
- fprintf (stderr,
|
||||
- _("%s: cannot remove entry '%s' from %s\n"),
|
||||
- Prog, sg->sg_name, sgr_dbname ());
|
||||
- fail_exit (3);
|
||||
+ sg = sgr_next ();
|
||||
+ np=NULL;
|
||||
+ while (sg != NULL) {
|
||||
+ np = strdup(sg->sg_name);
|
||||
+ sg = sgr_next ();
|
||||
+
|
||||
+ if(gr_locate (np) == NULL) {
|
||||
+ if (sgr_remove (np) == 0) {
|
||||
+ /*
|
||||
+ * This shouldn't happen (the entry exists) but...
|
||||
+ */
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot remove entry '%s' from %s\n"),
|
||||
+ Prog, np, sgr_dbname ());
|
||||
+ free(np);
|
||||
+ fail_exit (3);
|
||||
+ }
|
||||
}
|
||||
+ free(np);
|
||||
}
|
||||
|
||||
/*
|
||||
Index: shadow-4.5/src/pwconv.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/pwconv.c
|
||||
+++ shadow-4.5/src/pwconv.c
|
||||
@@ -173,6 +173,7 @@ int main (int argc, char **argv)
|
||||
struct passwd pwent;
|
||||
const struct spwd *sp;
|
||||
struct spwd spent;
|
||||
+ char *np;
|
||||
|
||||
Prog = Basename (argv[0]);
|
||||
|
||||
@@ -223,20 +224,25 @@ int main (int argc, char **argv)
|
||||
* Remove /etc/shadow entries for users not in /etc/passwd.
|
||||
*/
|
||||
(void) spw_rewind ();
|
||||
- while ((sp = spw_next ()) != NULL) {
|
||||
- if (pw_locate (sp->sp_namp) != NULL) {
|
||||
- continue;
|
||||
- }
|
||||
-
|
||||
- if (spw_remove (sp->sp_namp) == 0) {
|
||||
- /*
|
||||
- * This shouldn't happen (the entry exists) but...
|
||||
- */
|
||||
- fprintf (stderr,
|
||||
- _("%s: cannot remove entry '%s' from %s\n"),
|
||||
- Prog, sp->sp_namp, spw_dbname ());
|
||||
- fail_exit (E_FAILURE);
|
||||
+ sp = spw_next ();
|
||||
+ np = NULL;
|
||||
+ while (sp != NULL) {
|
||||
+ np = strdup(sp->sp_namp);
|
||||
+ sp = spw_next ();
|
||||
+
|
||||
+ if (pw_locate (np) == NULL) {
|
||||
+ if (spw_remove (np) == 0) {
|
||||
+ /*
|
||||
+ * This shouldn't happen (the entry exists) but...
|
||||
+ */
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot remove entry '%s' from %s\n"),
|
||||
+ Prog, np, spw_dbname ());
|
||||
+ free(np);
|
||||
+ fail_exit (E_FAILURE);
|
||||
+ }
|
||||
}
|
||||
+ free(np);
|
||||
}
|
||||
|
||||
/*
|
@ -1,64 +0,0 @@
|
||||
Index: shadow-4.5/src/newgrp.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/newgrp.c
|
||||
+++ shadow-4.5/src/newgrp.c
|
||||
@@ -83,15 +83,29 @@ static void usage (void)
|
||||
}
|
||||
}
|
||||
|
||||
+static bool ingroup(const char *name, struct group *gr)
|
||||
+{
|
||||
+ char **look;
|
||||
+ bool notfound = true;
|
||||
+
|
||||
+ look = gr->gr_mem;
|
||||
+ while (*look && notfound)
|
||||
+ notfound = strcmp (*look++, name);
|
||||
+
|
||||
+ return !notfound;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
- * find_matching_group - search all groups of a given group id for
|
||||
+ * find_matching_group - search all groups of a gr's group id for
|
||||
* membership of a given username
|
||||
+ * but check gr itself first
|
||||
*/
|
||||
-static /*@null@*/struct group *find_matching_group (const char *name, gid_t gid)
|
||||
+static /*@null@*/struct group *find_matching_group (const char *name, struct group *gr)
|
||||
{
|
||||
- struct group *gr;
|
||||
- char **look;
|
||||
- bool notfound = true;
|
||||
+ gid_t gid = gr->gr_gid;
|
||||
+
|
||||
+ if (ingroup(name, gr))
|
||||
+ return gr;
|
||||
|
||||
setgrent ();
|
||||
while ((gr = getgrent ()) != NULL) {
|
||||
@@ -103,14 +117,8 @@ static /*@null@*/struct group *find_matc
|
||||
* A group with matching GID was found.
|
||||
* Test for membership of 'name'.
|
||||
*/
|
||||
- look = gr->gr_mem;
|
||||
- while ((NULL != *look) && notfound) {
|
||||
- notfound = (strcmp (*look, name) != 0);
|
||||
- look++;
|
||||
- }
|
||||
- if (!notfound) {
|
||||
+ if (ingroup(name, gr))
|
||||
break;
|
||||
- }
|
||||
}
|
||||
endgrent ();
|
||||
return gr;
|
||||
@@ -630,7 +638,7 @@ int main (int argc, char **argv)
|
||||
* groups of the same GID like the requested group for
|
||||
* membership of the current user.
|
||||
*/
|
||||
- grp = find_matching_group (name, grp->gr_gid);
|
||||
+ grp = find_matching_group (name, grp);
|
||||
if (NULL == grp) {
|
||||
/*
|
||||
* No matching group found. As we already know that
|
@ -1,16 +0,0 @@
|
||||
Index: shadow-4.5/src/usermod.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/usermod.c
|
||||
+++ shadow-4.5/src/usermod.c
|
||||
@@ -1814,6 +1814,11 @@ static void move_home (void)
|
||||
Prog, user_home, user_newhome);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
+ } else {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: The previous home directory (%s) does "
|
||||
+ "not exist or is inaccessible. Move cannot be completed.\n"),
|
||||
+ Prog, user_home);
|
||||
}
|
||||
}
|
||||
|
@ -1,71 +0,0 @@
|
||||
Index: shadow-4.5/src/newgrp.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/newgrp.c
|
||||
+++ shadow-4.5/src/newgrp.c
|
||||
@@ -396,6 +396,7 @@ int main (int argc, char **argv)
|
||||
{
|
||||
bool initflag = false;
|
||||
int i;
|
||||
+ bool is_member = false;
|
||||
bool cflag = false;
|
||||
int err = 0;
|
||||
gid_t gid;
|
||||
@@ -645,22 +646,36 @@ int main (int argc, char **argv)
|
||||
goto failure;
|
||||
}
|
||||
|
||||
+#ifdef HAVE_SETGROUPS
|
||||
+ /* when using pam_group, she will not be listed in the groups
|
||||
+ * database. However getgroups() will return the group. So
|
||||
+ * if she is listed there already it is ok to grant membership.
|
||||
+ */
|
||||
+ for (i = 0; i < ngroups; i++) {
|
||||
+ if (grp->gr_gid == grouplist[i]) {
|
||||
+ is_member = true;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* HAVE_SETGROUPS */
|
||||
/*
|
||||
* For splitted groups (due to limitations of NIS), check all
|
||||
* groups of the same GID like the requested group for
|
||||
* membership of the current user.
|
||||
*/
|
||||
- grp = find_matching_group (name, grp);
|
||||
- if (NULL == grp) {
|
||||
- /*
|
||||
- * No matching group found. As we already know that
|
||||
- * the group exists, this happens only in the case
|
||||
- * of a requested group where the user is not member.
|
||||
- *
|
||||
- * Re-read the group entry for further processing.
|
||||
- */
|
||||
- grp = xgetgrnam (group);
|
||||
- assert (NULL != grp);
|
||||
+ if (!is_member) {
|
||||
+ grp = find_matching_group (name, grp);
|
||||
+ if (NULL == grp) {
|
||||
+ /*
|
||||
+ * No matching group found. As we already know that
|
||||
+ * the group exists, this happens only in the case
|
||||
+ * of a requested group where the user is not member.
|
||||
+ *
|
||||
+ * Re-read the group entry for further processing.
|
||||
+ */
|
||||
+ grp = xgetgrnam (group);
|
||||
+ assert (NULL != grp);
|
||||
+ }
|
||||
}
|
||||
#ifdef SHADOWGRP
|
||||
sgrp = getsgnam (group);
|
||||
@@ -673,7 +688,9 @@ int main (int argc, char **argv)
|
||||
/*
|
||||
* Check if the user is allowed to access this group.
|
||||
*/
|
||||
- check_perms (grp, pwd, group);
|
||||
+ if (!is_member) {
|
||||
+ check_perms (grp, pwd, group);
|
||||
+ }
|
||||
|
||||
/*
|
||||
* all successful validations pass through this point. The group id
|
@ -1,74 +0,0 @@
|
||||
Index: shadow-4.5/lib/selinux.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/lib/selinux.c
|
||||
+++ shadow-4.5/lib/selinux.c
|
||||
@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
|
||||
}
|
||||
return 0;
|
||||
error:
|
||||
- if (security_getenforce () != 0) {
|
||||
+ if (security_getenforce () > 0) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
|
||||
selinux_checked = true;
|
||||
}
|
||||
if (selinux_enabled) {
|
||||
- if (setfscreatecon (NULL) != 0) {
|
||||
+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
Index: shadow-4.5/src/userdel.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/userdel.c
|
||||
+++ shadow-4.5/src/userdel.c
|
||||
@@ -96,6 +96,7 @@ static char *user_home;
|
||||
static bool fflg = false;
|
||||
static bool rflg = false;
|
||||
static bool Zflg = false;
|
||||
+static bool Rflg = false;
|
||||
|
||||
static bool is_shadow_pwd;
|
||||
|
||||
@@ -958,6 +959,7 @@ int main (int argc, char **argv)
|
||||
rflg = true;
|
||||
break;
|
||||
case 'R': /* no-op, handled in process_root_flag () */
|
||||
+ Rflg = true;
|
||||
break;
|
||||
#ifdef WITH_SELINUX
|
||||
case 'Z':
|
||||
@@ -1032,9 +1034,12 @@ int main (int argc, char **argv)
|
||||
*/
|
||||
user_name = argv[argc - 1];
|
||||
{
|
||||
- struct passwd *pwd;
|
||||
- pwd = getpwnam (user_name); /* local, no need for xgetpwnam */
|
||||
+ const struct passwd *pwd;
|
||||
+
|
||||
+ pw_open(O_RDONLY);
|
||||
+ pwd = pw_locate (user_name); /* we care only about local users */
|
||||
if (NULL == pwd) {
|
||||
+ pw_close();
|
||||
fprintf (stderr, _("%s: user '%s' does not exist\n"),
|
||||
Prog, user_name);
|
||||
#ifdef WITH_AUDIT
|
||||
@@ -1048,6 +1053,7 @@ int main (int argc, char **argv)
|
||||
user_id = pwd->pw_uid;
|
||||
user_gid = pwd->pw_gid;
|
||||
user_home = xstrdup (pwd->pw_dir);
|
||||
+ pw_close();
|
||||
}
|
||||
#ifdef WITH_TCB
|
||||
if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) {
|
||||
@@ -1079,7 +1085,7 @@ int main (int argc, char **argv)
|
||||
* Note: This is a best effort basis. The user may log in between,
|
||||
* a cron job may be started on her behalf, etc.
|
||||
*/
|
||||
- if (user_busy (user_name, user_id) != 0) {
|
||||
+ if (!Rflg && user_busy (user_name, user_id) != 0) {
|
||||
if (!fflg) {
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
File diff suppressed because it is too large
Load Diff
21
shadow-4.6-getenforce.patch
Normal file
21
shadow-4.6-getenforce.patch
Normal file
@ -0,0 +1,21 @@
|
||||
diff -up shadow-4.6/lib/selinux.c.getenforce shadow-4.6/lib/selinux.c
|
||||
--- shadow-4.6/lib/selinux.c.getenforce 2018-05-28 15:10:15.870315221 +0200
|
||||
+++ shadow-4.6/lib/selinux.c 2018-05-28 15:10:15.894315731 +0200
|
||||
@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
|
||||
}
|
||||
return 0;
|
||||
error:
|
||||
- if (security_getenforce () != 0) {
|
||||
+ if (security_getenforce () > 0) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
|
||||
selinux_checked = true;
|
||||
}
|
||||
if (selinux_enabled) {
|
||||
- if (setfscreatecon (NULL) != 0) {
|
||||
+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
|
||||
return 1;
|
||||
}
|
||||
}
|
15
shadow-4.6-move-home.patch
Normal file
15
shadow-4.6-move-home.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff -up shadow-4.6/src/usermod.c.move-home shadow-4.6/src/usermod.c
|
||||
--- shadow-4.6/src/usermod.c.move-home 2018-05-28 14:59:05.594076665 +0200
|
||||
+++ shadow-4.6/src/usermod.c 2018-05-28 15:00:28.479837392 +0200
|
||||
@@ -1845,6 +1845,11 @@ static void move_home (void)
|
||||
Prog, prefix_user_home, prefix_user_newhome);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
+ } else {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: The previous home directory (%s) does "
|
||||
+ "not exist or is inaccessible. Move cannot be completed.\n"),
|
||||
+ Prog, prefix_user_home);
|
||||
}
|
||||
}
|
||||
|
@ -1,8 +1,7 @@
|
||||
Index: shadow-4.5/lib/commonio.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/lib/commonio.c
|
||||
+++ shadow-4.5/lib/commonio.c
|
||||
@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db *
|
||||
diff -up shadow-4.6/lib/commonio.c.orig-context shadow-4.6/lib/commonio.c
|
||||
--- shadow-4.6/lib/commonio.c.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/lib/commonio.c 2018-05-28 14:56:37.287929667 +0200
|
||||
@@ -961,7 +961,7 @@ int commonio_close (struct commonio_db *
|
||||
snprintf (buf, sizeof buf, "%s-", db->filename);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
@ -11,7 +10,7 @@ Index: shadow-4.5/lib/commonio.c
|
||||
errors++;
|
||||
}
|
||||
#endif
|
||||
@@ -974,7 +974,7 @@ int commonio_close (struct commonio_db *
|
||||
@@ -994,7 +994,7 @@ int commonio_close (struct commonio_db *
|
||||
snprintf (buf, sizeof buf, "%s+", db->filename);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
@ -20,10 +19,9 @@ Index: shadow-4.5/lib/commonio.c
|
||||
errors++;
|
||||
}
|
||||
#endif
|
||||
Index: shadow-4.5/libmisc/copydir.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/libmisc/copydir.c
|
||||
+++ shadow-4.5/libmisc/copydir.c
|
||||
diff -up shadow-4.6/libmisc/copydir.c.orig-context shadow-4.6/libmisc/copydir.c
|
||||
--- shadow-4.6/libmisc/copydir.c.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/libmisc/copydir.c 2018-05-28 14:56:37.287929667 +0200
|
||||
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
|
||||
*/
|
||||
|
||||
@ -60,11 +58,10 @@ Index: shadow-4.5/libmisc/copydir.c
|
||||
return -1;
|
||||
}
|
||||
#endif /* WITH_SELINUX */
|
||||
Index: shadow-4.5/lib/prototypes.h
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/lib/prototypes.h
|
||||
+++ shadow-4.5/lib/prototypes.h
|
||||
@@ -311,7 +311,7 @@ extern /*@observer@*/const char *crypt_m
|
||||
diff -up shadow-4.6/lib/prototypes.h.orig-context shadow-4.6/lib/prototypes.h
|
||||
--- shadow-4.6/lib/prototypes.h.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/lib/prototypes.h 2018-05-28 14:56:37.287929667 +0200
|
||||
@@ -326,7 +326,7 @@ extern /*@observer@*/const char *crypt_m
|
||||
|
||||
/* selinux.c */
|
||||
#ifdef WITH_SELINUX
|
||||
@ -73,10 +70,9 @@ Index: shadow-4.5/lib/prototypes.h
|
||||
extern int reset_selinux_file_context (void);
|
||||
#endif
|
||||
|
||||
Index: shadow-4.5/lib/selinux.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/lib/selinux.c
|
||||
+++ shadow-4.5/lib/selinux.c
|
||||
diff -up shadow-4.6/lib/selinux.c.orig-context shadow-4.6/lib/selinux.c
|
||||
--- shadow-4.6/lib/selinux.c.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/lib/selinux.c 2018-05-28 14:56:37.287929667 +0200
|
||||
@@ -50,7 +50,7 @@ static bool selinux_enabled;
|
||||
* Callers may have to Reset SELinux to create files with default
|
||||
* contexts with reset_selinux_file_context
|
||||
@ -118,16 +114,15 @@ Index: shadow-4.5/lib/selinux.c
|
||||
}
|
||||
|
||||
/*
|
||||
Index: shadow-4.5/src/useradd.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/useradd.c
|
||||
+++ shadow-4.5/src/useradd.c
|
||||
@@ -1945,7 +1945,7 @@ static void create_home (void)
|
||||
diff -up shadow-4.6/src/useradd.c.orig-context shadow-4.6/src/useradd.c
|
||||
--- shadow-4.6/src/useradd.c.orig-context 2018-05-28 14:56:37.288929688 +0200
|
||||
+++ shadow-4.6/src/useradd.c 2018-05-28 14:58:02.242730903 +0200
|
||||
@@ -2020,7 +2020,7 @@ static void create_home (void)
|
||||
{
|
||||
if (access (user_home, F_OK) != 0) {
|
||||
if (access (prefix_user_home, F_OK) != 0) {
|
||||
#ifdef WITH_SELINUX
|
||||
- if (set_selinux_file_context (user_home) != 0) {
|
||||
+ if (set_selinux_file_context (user_home, NULL) != 0) {
|
||||
- if (set_selinux_file_context (prefix_user_home) != 0) {
|
||||
+ if (set_selinux_file_context (prefix_user_home, NULL) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot set SELinux context for home directory %s\n"),
|
||||
Prog, user_home);
|
@ -1,7 +1,6 @@
|
||||
Index: shadow-4.5/src/useradd.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/useradd.c
|
||||
+++ shadow-4.5/src/useradd.c
|
||||
diff -up shadow-4.6/src/useradd.c.redhat shadow-4.6/src/useradd.c
|
||||
--- shadow-4.6/src/useradd.c.redhat 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/src/useradd.c 2018-05-28 13:37:16.695651258 +0200
|
||||
@@ -98,7 +98,7 @@ const char *Prog;
|
||||
static gid_t def_group = 100;
|
||||
static const char *def_gname = "other";
|
||||
@ -20,19 +19,19 @@ Index: shadow-4.5/src/useradd.c
|
||||
static uid_t user_id;
|
||||
static gid_t user_gid;
|
||||
static const char *user_comment = "";
|
||||
@@ -1059,9 +1059,9 @@ static void process_flags (int argc, cha
|
||||
@@ -1114,9 +1114,9 @@ static void process_flags (int argc, cha
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:",
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:UZ:",
|
||||
#else /* !WITH_SELINUX */
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U",
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:U",
|
||||
#endif /* !WITH_SELINUX */
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
@@ -1212,6 +1212,7 @@ static void process_flags (int argc, cha
|
||||
@@ -1267,6 +1267,7 @@ static void process_flags (int argc, cha
|
||||
case 'M':
|
||||
Mflg = true;
|
||||
break;
|
@ -1,7 +1,6 @@
|
||||
Index: shadow-4.5/lib/semanage.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/lib/semanage.c
|
||||
+++ shadow-4.5/lib/semanage.c
|
||||
diff -up shadow-4.6/lib/semanage.c.selinux shadow-4.6/lib/semanage.c
|
||||
--- shadow-4.6/lib/semanage.c.selinux 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/lib/semanage.c 2018-05-28 13:38:20.551008911 +0200
|
||||
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
|
||||
|
||||
ret = 0;
|
||||
@ -23,11 +22,10 @@ Index: shadow-4.5/lib/semanage.c
|
||||
done:
|
||||
semanage_handle_destroy (handle);
|
||||
return ret;
|
||||
Index: shadow-4.5/src/useradd.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/useradd.c
|
||||
+++ shadow-4.5/src/useradd.c
|
||||
@@ -2042,6 +2042,7 @@ static void create_mail (void)
|
||||
diff -up shadow-4.6/src/useradd.c.selinux shadow-4.6/src/useradd.c
|
||||
--- shadow-4.6/src/useradd.c.selinux 2018-05-28 13:43:30.996748997 +0200
|
||||
+++ shadow-4.6/src/useradd.c 2018-05-28 13:44:04.645486199 +0200
|
||||
@@ -2120,6 +2120,7 @@ static void create_mail (void)
|
||||
*/
|
||||
int main (int argc, char **argv)
|
||||
{
|
||||
@ -35,14 +33,14 @@ Index: shadow-4.5/src/useradd.c
|
||||
#ifdef ACCT_TOOLS_SETUID
|
||||
#ifdef USE_PAM
|
||||
pam_handle_t *pamh = NULL;
|
||||
@@ -2262,27 +2263,11 @@ int main (int argc, char **argv)
|
||||
@@ -2342,27 +2343,11 @@ int main (int argc, char **argv)
|
||||
|
||||
usr_update ();
|
||||
|
||||
- if (mflg) {
|
||||
- create_home ();
|
||||
- if (home_added) {
|
||||
- copy_tree (def_template, user_home, false, false,
|
||||
- copy_tree (def_template, prefix_user_home, false, false,
|
||||
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||
- } else {
|
||||
- fprintf (stderr,
|
||||
@ -66,7 +64,7 @@ Index: shadow-4.5/src/useradd.c
|
||||
/*
|
||||
* tallylog_reset needs to be able to lookup
|
||||
* a valid existing user name,
|
||||
@@ -2293,8 +2278,9 @@ int main (int argc, char **argv)
|
||||
@@ -2373,8 +2358,9 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
@ -78,7 +76,7 @@ Index: shadow-4.5/src/useradd.c
|
||||
fprintf (stderr,
|
||||
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
Prog, user_name, user_selinux);
|
||||
@@ -2303,14 +2289,31 @@ int main (int argc, char **argv)
|
||||
@@ -2383,14 +2369,31 @@ int main (int argc, char **argv)
|
||||
"adding SELinux user mapping",
|
||||
user_name, (unsigned int) user_id, 0);
|
||||
#endif /* WITH_AUDIT */
|
||||
@ -95,7 +93,7 @@ Index: shadow-4.5/src/useradd.c
|
||||
+ if (mflg) {
|
||||
+ create_home ();
|
||||
+ if (home_added) {
|
||||
+ copy_tree (def_template, user_home, false, true,
|
||||
+ copy_tree (def_template, prefix_user_home, false, true,
|
||||
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||
+ } else {
|
||||
+ fprintf (stderr,
|
42
shadow-4.6-usermod-crash.patch
Normal file
42
shadow-4.6-usermod-crash.patch
Normal file
@ -0,0 +1,42 @@
|
||||
diff -up shadow-4.6/libmisc/prefix_flag.c.usermod-crash shadow-4.6/libmisc/prefix_flag.c
|
||||
--- shadow-4.6/libmisc/prefix_flag.c.usermod-crash 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/libmisc/prefix_flag.c 2018-05-28 15:14:10.642302440 +0200
|
||||
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gi
|
||||
{
|
||||
long long int gid;
|
||||
char *endptr;
|
||||
+ struct group *g;
|
||||
|
||||
if (NULL == grname) {
|
||||
return NULL;
|
||||
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gi
|
||||
&& (gid == (gid_t)gid)) {
|
||||
return prefix_getgrgid ((gid_t) gid);
|
||||
}
|
||||
- return prefix_getgrnam (grname);
|
||||
+ g = prefix_getgrnam (grname);
|
||||
+ return g ? __gr_dup(g) : NULL;
|
||||
}
|
||||
else
|
||||
return getgr_nam_gid(grname);
|
||||
diff -up shadow-4.6/src/usermod.c.usermod-crash shadow-4.6/src/usermod.c
|
||||
--- shadow-4.6/src/usermod.c.usermod-crash 2018-05-28 15:12:37.920332763 +0200
|
||||
+++ shadow-4.6/src/usermod.c 2018-05-28 15:15:50.337422470 +0200
|
||||
@@ -1276,11 +1276,13 @@ static void process_flags (int argc, cha
|
||||
prefix_user_home = xmalloc(len);
|
||||
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
|
||||
assert (wlen == (int) len -1);
|
||||
+ if (user_newhome) {
|
||||
+ len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||
+ prefix_user_newhome = xmalloc(len);
|
||||
+ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||
+ assert (wlen == (int) len -1);
|
||||
+ }
|
||||
|
||||
- len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||
- prefix_user_newhome = xmalloc(len);
|
||||
- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||
- assert (wlen == (int) len -1);
|
||||
}
|
||||
else {
|
||||
prefix_user_home = user_home;
|
@ -1,7 +1,7 @@
|
||||
Summary: Utilities for managing accounts and shadow password files
|
||||
Name: shadow-utils
|
||||
Version: 4.5
|
||||
Release: 10%{?dist}
|
||||
Version: 4.6
|
||||
Release: 1%{?dist}
|
||||
Epoch: 2
|
||||
URL: http://pkg-shadow.alioth.debian.org/
|
||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||
@ -10,28 +10,26 @@ Source2: shadow-utils.useradd
|
||||
Source3: shadow-utils.login.defs
|
||||
Source4: shadow-bsd.txt
|
||||
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
||||
Patch0: shadow-4.1.5-redhat.patch
|
||||
Patch0: shadow-4.6-redhat.patch
|
||||
Patch1: shadow-4.5-goodname.patch
|
||||
Patch2: shadow-4.1.5.1-info-parent-dir.patch
|
||||
Patch6: shadow-4.5-selinux.patch
|
||||
Patch7: shadow-4.1.5-2ndskip.patch
|
||||
Patch10: shadow-4.5-orig-context.patch
|
||||
Patch6: shadow-4.6-selinux.patch
|
||||
Patch10: shadow-4.6-orig-context.patch
|
||||
Patch11: shadow-4.1.5.1-logmsg.patch
|
||||
Patch14: shadow-4.1.5.1-default-range.patch
|
||||
Patch15: shadow-4.3.1-manfix.patch
|
||||
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
|
||||
Patch19: shadow-4.2.1-date-parsing.patch
|
||||
Patch20: shadow-4.1.5.1-ingroup.patch
|
||||
Patch21: shadow-4.1.5.1-move-home.patch
|
||||
Patch22: shadow-4.3.1-audit-update.patch
|
||||
Patch21: shadow-4.6-move-home.patch
|
||||
Patch22: shadow-4.6-audit-update.patch
|
||||
Patch23: shadow-4.5-usermod-unlock.patch
|
||||
Patch24: shadow-4.2.1-no-lock-dos.patch
|
||||
Patch28: shadow-4.3.1-selinux-perms.patch
|
||||
Patch29: shadow-4.2.1-null-tm.patch
|
||||
Patch30: shadow-4.1.5.1-newgrp-grouplist.patch
|
||||
Patch31: shadow-4.5-userdel-chroot.patch
|
||||
Patch31: shadow-4.6-getenforce.patch
|
||||
Patch32: shadow-4.5-crypt_h.patch
|
||||
Patch33: shadow-4.5-long-entry.patch
|
||||
Patch34: shadow-4.6-usermod-crash.patch
|
||||
|
||||
License: BSD and GPLv2+
|
||||
Group: System Environment/Base
|
||||
@ -67,24 +65,22 @@ are used for managing group accounts.
|
||||
%patch1 -p1 -b .goodname
|
||||
%patch2 -p1 -b .info-parent-dir
|
||||
%patch6 -p1 -b .selinux
|
||||
%patch7 -p1 -b .2ndskip
|
||||
%patch10 -p1 -b .orig-context
|
||||
%patch11 -p1 -b .logmsg
|
||||
%patch14 -p1 -b .default-range
|
||||
%patch15 -p1 -b .manfix
|
||||
%patch17 -p1 -b .userdel
|
||||
%patch19 -p1 -b .date-parsing
|
||||
%patch20 -p1 -b .ingroup
|
||||
%patch21 -p1 -b .move-home
|
||||
%patch22 -p1 -b .audit-update
|
||||
%patch23 -p1 -b .unlock
|
||||
%patch24 -p1 -b .no-lock-dos
|
||||
%patch28 -p1 -b .selinux-perms
|
||||
%patch29 -p1 -b .null-tm
|
||||
%patch30 -p1 -b .grouplist
|
||||
%patch31 -p1 -b .userdel-chroot
|
||||
%patch31 -p1 -b .getenforce
|
||||
%patch32 -p1 -b .crypt_h
|
||||
%patch33 -p1 -b .long-entry
|
||||
%patch34 -p1 -b .usermod-crash
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||
@ -237,6 +233,9 @@ done
|
||||
%{_mandir}/man8/vigr.8*
|
||||
|
||||
%changelog
|
||||
* Mon May 28 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-1
|
||||
- update to current upstream release 4.6
|
||||
|
||||
* Fri Apr 20 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-10
|
||||
- Raise limit for passwd and shadow entry length but also prevent
|
||||
writing longer entries (#1422497)
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (shadow-4.5.tar.xz) = e57f8db54df23301c229d4be30d4cbb67efa1d1809cffcff79adc480b6019fb2b5fd09e112e82a3f00ad5a6b2994592adac93f70a631cf666b6f4723b61c87b5
|
||||
SHA512 (shadow-4.5.tar.xz.asc) = 42739e5e36e0dd1ff8e9d8721f5b4b222113afd91c927b580bc0b587d59dcdecdf938c978405b80f15a70b17f2d0589f8b6277e0e9bd23a5f3c2fc924c9b1e24
|
||||
SHA512 (shadow-4.6.tar.xz) = e8eee52c649d9973f724bc2d5aeee71fa2e6a2e41ec3487cd6cf6d47af70c32e0cdf304df29b32eae2b6eb6f9066866b5f2c891add0ec87ba583bea3207b3631
|
||||
SHA512 (shadow-4.6.tar.xz.asc) = 8728bff5544db6ea123f758cce5bd5c2d346489570c33092e4e97db35c274d7aba01580018f120e4ad80b8f79cfe296a33bccbe9bf68df51bf9b2004c6bfffed
|
||||
|
Loading…
Reference in New Issue
Block a user