- getsubids: provide system binary and man page

- useradd: generate home and mail directories with selinux user attribute
- useradd: revert fix memleak of grp
- groupdel: fix SIGSEGV when passwd does not exist
- pwck: fix segfault when calling fprintf()
- newgrp: fix segmentation fault
- Clean spec file: organize dependencies and move License location

Resolves: #2013015
Resolves: #1993081
Resolves: #2020238
Resolves: #2024834

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa 2021-12-02 13:13:28 +01:00
parent c565b30bac
commit 4b31c38f8e
9 changed files with 517 additions and 21 deletions

245
shadow-4.9-getsubids.patch Normal file
View File

@ -0,0 +1,245 @@
diff -up shadow-4.9/man/getsubids.1.xml.getsubids shadow-4.9/man/getsubids.1.xml
--- shadow-4.9/man/getsubids.1.xml.getsubids 2021-11-18 16:27:33.951053120 +0100
+++ shadow-4.9/man/getsubids.1.xml 2021-11-18 16:27:33.951053120 +0100
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (c) 2021 Iker Pedrosa
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the copyright holders or contributors may not be used to
+ endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!-- SHADOW-CONFIG-HERE -->
+]>
+
+<refentry id='getsubids.1'>
+ <refentryinfo>
+ <author>
+ <firstname>Iker</firstname>
+ <surname>Pedrosa</surname>
+ <contrib>Creation, 2021</contrib>
+ </author>
+ </refentryinfo>
+ <refmeta>
+ <refentrytitle>getsubids</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
+ </refmeta>
+ <refnamediv id='name'>
+ <refname>getsubids</refname>
+ <refpurpose>get the subordinate id ranges for a user</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv id='synopsis'>
+ <cmdsynopsis>
+ <command>getsubids</command>
+ <arg choice='opt'>
+ <replaceable>options</replaceable>
+ </arg>
+ <arg choice='plain'>
+ <replaceable>USER</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <command>getsubids</command> command lists the subordinate user ID
+ ranges for a given user. The subordinate group IDs can be listed using
+ the <option>-g</option> option.
+ </para>
+ </refsect1>
+
+ <refsect1 id='options'>
+ <title>OPTIONS</title>
+ <para>
+ The options which apply to the <command>getsubids</command> command are:
+ </para>
+ <variablelist remap='IP'>
+ <varlistentry>
+ <term>
+ <option>-g</option>
+ </term>
+ <listitem>
+ <para>
+ List the subordinate group ID ranges.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='example'>
+ <title>EXAMPLE</title>
+ <para>
+ For example, to obtain the subordinate UIDs of the testuser:
+ </para>
+ <para>
+<programlisting>
+$ getsubids testuser
+0: testuser 100000 65536
+</programlisting>
+ </para>
+ <para>
+ This command output provides (in order from left to right) the list
+ index, username, UID range start, and number of UIDs in range.
+ </para>
+ </refsect1>
+
+ <refsect1 id='see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ <citerefentry>
+ <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ </para>
+ </refsect1>
+</refentry>
diff -up shadow-4.9/man/Makefile.am.getsubids shadow-4.9/man/Makefile.am
--- shadow-4.9/man/Makefile.am.getsubids 2021-07-22 23:55:35.000000000 +0200
+++ shadow-4.9/man/Makefile.am 2021-11-18 16:27:33.951053120 +0100
@@ -62,6 +62,7 @@ man_MANS += $(man_nopam)
endif
man_subids = \
+ man1/getsubids.1 \
man1/newgidmap.1 \
man1/newuidmap.1 \
man5/subgid.5 \
@@ -80,6 +81,7 @@ man_XMANS = \
expiry.1.xml \
faillog.5.xml \
faillog.8.xml \
+ getsubids.1.xml \
gpasswd.1.xml \
groupadd.8.xml \
groupdel.8.xml \
diff -up shadow-4.9/src/getsubids.c.getsubids shadow-4.9/src/getsubids.c
--- shadow-4.9/src/getsubids.c.getsubids 2021-11-18 16:27:33.951053120 +0100
+++ shadow-4.9/src/getsubids.c 2021-11-18 16:27:33.951053120 +0100
@@ -0,0 +1,46 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "subid.h"
+#include "prototypes.h"
+
+const char *Prog;
+FILE *shadow_logfd = NULL;
+
+void usage(void)
+{
+ fprintf(stderr, "Usage: %s [-g] user\n", Prog);
+ fprintf(stderr, " list subuid ranges for user\n");
+ fprintf(stderr, " pass -g to list subgid ranges\n");
+ exit(EXIT_FAILURE);
+}
+
+int main(int argc, char *argv[])
+{
+ int i, count=0;
+ struct subid_range *ranges;
+ const char *owner;
+
+ Prog = Basename (argv[0]);
+ shadow_logfd = stderr;
+ if (argc < 2)
+ usage();
+ owner = argv[1];
+ if (argc == 3 && strcmp(argv[1], "-g") == 0) {
+ owner = argv[2];
+ count = get_subgid_ranges(owner, &ranges);
+ } else if (argc == 2 && strcmp(argv[1], "-h") == 0) {
+ usage();
+ } else {
+ count = get_subuid_ranges(owner, &ranges);
+ }
+ if (!ranges) {
+ fprintf(stderr, "Error fetching ranges\n");
+ exit(1);
+ }
+ for (i = 0; i < count; i++) {
+ printf("%d: %s %lu %lu\n", i, owner,
+ ranges[i].start, ranges[i].count);
+ }
+ return 0;
+}
diff -up shadow-4.9/src/list_subid_ranges.c.getsubids shadow-4.9/src/list_subid_ranges.c
diff -up shadow-4.9/src/Makefile.am.getsubids shadow-4.9/src/Makefile.am
--- shadow-4.9/src/Makefile.am.getsubids 2021-11-18 16:27:33.943053061 +0100
+++ shadow-4.9/src/Makefile.am 2021-11-18 16:28:03.647272392 +0100
@@ -157,8 +157,8 @@ if FCAPS
setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap
endif
-noinst_PROGRAMS += list_subid_ranges \
- get_subid_owners \
+bin_PROGRAMS += getsubids
+noinst_PROGRAMS += get_subid_owners \
new_subid_range \
free_subid_range \
check_subid_range
@@ -174,13 +174,13 @@ MISCLIBS = \
$(LIBCRYPT) \
$(LIBTCB)
-list_subid_ranges_LDADD = \
+getsubids_LDADD = \
$(top_builddir)/lib/libshadow.la \
$(top_builddir)/libmisc/libmisc.la \
$(top_builddir)/libsubid/libsubid.la \
$(MISCLIBS) -ldl
-list_subid_ranges_CPPFLAGS = \
+getsubids_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
-I$(top_srcdir)/libsubid

View File

@ -0,0 +1,13 @@
diff -up shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist shadow-4.9/libmisc/prefix_flag.c
--- shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist 2021-11-19 09:21:36.997091941 +0100
+++ shadow-4.9/libmisc/prefix_flag.c 2021-11-19 09:22:19.001341010 +0100
@@ -288,6 +288,9 @@ extern struct passwd* prefix_getpwent()
if(!passwd_db_file) {
return getpwent();
}
+ if (!fp_pwent) {
+ return NULL;
+ }
return fgetpwent(fp_pwent);
}
extern void prefix_endpwent()

View File

@ -1,8 +1,22 @@
From 09c752f00f9dfc610f66d68be38c9e5be8ca7f15 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 8 Oct 2021 13:09:59 +0200
Subject: [PATCH] useradd: create directories after the SELinux user
Create the home and mail folders after the SELinux user has been set for
the added user. This will allow the folders to be created with the
SELinux user label.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/useradd.c | 46 +++++++++++++++++++++++-----------------------
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index baeffb35..02e1402c 100644
index 6269c01c..b463a170 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2644,27 +2644,12 @@ int main (int argc, char **argv)
@@ -2670,27 +2670,12 @@ int main (int argc, char **argv)
usr_update ();
@ -34,17 +48,14 @@ index baeffb35..02e1402c 100644
/*
* tallylog_reset needs to be able to lookup
* a valid existing user name,
@@ -2695,9 +2680,24 @@ int main (int argc, char **argv)
exit(1);
@@ -2716,15 +2701,30 @@ int main (int argc, char **argv)
}
#endif /* WITH_SELINUX */
- nscd_flush_cache ("passwd");
- nscd_flush_cache ("group");
- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
+ if (mflg) {
+ create_home ();
+ if (home_added) {
+ copy_tree (def_template, prefix_user_home, false, true,
+ copy_tree (def_template, prefix_user_home, false, false,
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
+ } else {
+ fprintf (stderr,
@ -59,6 +70,19 @@ index baeffb35..02e1402c 100644
+ if (!rflg) {
+ create_mail ();
+ }
+
if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name,
"useradd")) {
exit(1);
}
- nscd_flush_cache ("passwd");
- nscd_flush_cache ("group");
- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
-
return E_SUCCESS;
}
--
2.31.1

View File

@ -0,0 +1,35 @@
From 497e90751bc0d95cc998b0f06305040563903948 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Wed, 10 Nov 2021 12:02:04 +0100
Subject: [PATCH] newgrp: fix segmentation fault
Fix segmentation fault in newgrp when xgetspnam() returns a NULL value
that is immediately freed.
The error was committed in
https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019553
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/newgrp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/newgrp.c b/src/newgrp.c
index 730f47e8..566f1c89 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -163,8 +163,8 @@ static void check_perms (const struct group *grp,
spwd = xgetspnam (pwd->pw_name);
if (NULL != spwd) {
pwd->pw_passwd = xstrdup (spwd->sp_pwdp);
+ spw_free (spwd);
}
- spw_free (spwd);
if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) {
needspasswd = true;
--
2.31.1

View File

@ -0,0 +1,30 @@
From d8e54618feea201987c1f3cb402ed50d1d8b604f Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Mon, 15 Nov 2021 12:40:15 +0100
Subject: [PATCH] pwck: fix segfault when calling fprintf()
As shadow_logfd variable is not set at the beginning of the program if
something fails and fprintf() is called a segmentation fault happens.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/pwck.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/pwck.c b/src/pwck.c
index 4248944a..4ce86af2 100644
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -857,6 +857,7 @@ int main (int argc, char **argv)
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
+ shadow_logfd = stderr;
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
--
2.31.1

View File

@ -0,0 +1,30 @@
From 4624e9fca1b02b64e25e8b2280a0186182ab73ba Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge@hallyn.com>
Date: Sat, 14 Aug 2021 19:37:24 -0500
Subject: [PATCH] Revert "useradd.c:fix memleaks of grp"
In some cases, the value which was being freed is not actually
safe to free.
Closes #394
This reverts commit c44b71cec25d60efc51aec9de3abce1f6efbfcf5.
---
src/useradd.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/useradd.c b/src/useradd.c
index f90127cd..0d3f390d 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -413,7 +413,6 @@ static void get_defaults (void)
} else {
def_group = grp->gr_gid;
def_gname = xstrdup (grp->gr_name);
- gr_free(grp);
}
}
--
2.31.1

View File

@ -0,0 +1,61 @@
From 234af5cf67fc1a3ba99fc246ba65869a3c416545 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 8 Oct 2021 13:13:13 +0200
Subject: [PATCH] semanage: close the selabel handle
Close the selabel handle to update the file_context. This means that the
file_context will be remmaped and used by selabel_lookup() to return
the appropriate context to label the home folder.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1993081
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
lib/prototypes.h | 1 +
lib/selinux.c | 5 +++++
lib/semanage.c | 1 +
3 files changed, 7 insertions(+)
diff --git a/lib/prototypes.h b/lib/prototypes.h
index 1d1586d4..b697e0ec 100644
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -392,6 +392,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
/* selinux.c */
#ifdef WITH_SELINUX
extern int set_selinux_file_context (const char *dst_name, mode_t mode);
+extern void reset_selinux_handle (void);
extern int reset_selinux_file_context (void);
extern int check_selinux_permit (const char *perm_name);
#endif
diff --git a/lib/selinux.c b/lib/selinux.c
index c83545f9..b075d4c0 100644
--- a/lib/selinux.c
+++ b/lib/selinux.c
@@ -50,6 +50,11 @@ static void cleanup(void)
}
}
+void reset_selinux_handle (void)
+{
+ cleanup();
+}
+
/*
* set_selinux_file_context - Set the security context before any file or
* directory creation.
diff --git a/lib/semanage.c b/lib/semanage.c
index 0d30456a..a5bf9218 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -293,6 +293,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
}
ret = 0;
+ reset_selinux_handle();
done:
semanage_seuser_key_free (key);
--
2.31.1

View File

@ -0,0 +1,13 @@
diff --git a/src/useradd.c b/src/useradd.c
index b463a170..f7c97958 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2704,7 +2704,7 @@ int main (int argc, char **argv)
if (mflg) {
create_home ();
if (home_added) {
- copy_tree (def_template, prefix_user_home, false, false,
+ copy_tree (def_template, prefix_user_home, false, true,
(uid_t)-1, user_id, (gid_t)-1, user_gid);
} else {
fprintf (stderr,

View File

@ -1,8 +1,9 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.9
Release: 2%{?dist}
Release: 3%{?dist}
Epoch: 2
License: BSD and GPLv2+
URL: https://github.com/shadow-maint/shadow
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
@ -20,7 +21,7 @@ Source6: shadow-utils.HOME_MODE.xml
Patch0: shadow-4.9-redhat.patch
# Be more lenient with acceptable user/group names - non upstreamable
Patch1: shadow-4.8-goodname.patch
# Move create home to the end of main - upstreamability unknown
# https://github.com/shadow-maint/shadow/commit/09c752f00f9dfc610f66d68be38c9e5be8ca7f15
Patch2: shadow-4.9-move-create-home.patch
# SElinux related - upstreamability unknown
Patch3: shadow-4.9-default-range.patch
@ -52,20 +53,46 @@ Patch15: shadow-4.9-usermod-allow-all-group-types.patch
Patch16: shadow-4.9-useradd-avoid-generating-empty-subid-range.patch
# https://github.com/shadow-maint/shadow/commit/234e8fa7b134d1ebabfdad980a3ae5b63c046c62
Patch17: shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
# https://github.com/shadow-maint/shadow/commit/234af5cf67fc1a3ba99fc246ba65869a3c416545
Patch18: shadow-4.9-semanage-close-the-selabel-handle.patch
# https://github.com/shadow-maint/shadow/commit/4624e9fca1b02b64e25e8b2280a0186182ab73ba
Patch19: shadow-4.9-revert-useradd-fix-memleak.patch
# https://github.com/shadow-maint/shadow/commit/06eb4e4d76ac7f1ac86e68a89b2dc9be7c7323a2
Patch20: shadow-4.9-useradd-copy-tree-argument.patch
# https://github.com/shadow-maint/shadow/commit/d8e54618feea201987c1f3cb402ed50d1d8b604f
Patch21: shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
# https://github.com/shadow-maint/shadow/commit/497e90751bc0d95cc998b0f06305040563903948
Patch22: shadow-4.9-newgrp-fix-segmentation-fault.patch
# https://github.com/shadow-maint/shadow/commit/3b6ccf642c6bb2b7db087f09ee563ae9318af734
Patch23: shadow-4.9-getsubids.patch
# https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83
Patch24: shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
License: BSD and GPLv2+
BuildRequires: make
BuildRequires: gcc
BuildRequires: libselinux-devel >= 1.25.2-1
BuildRequires: audit-libs-devel >= 1.6.5
BuildRequires: libsemanage-devel
BuildRequires: libacl-devel, libattr-devel
BuildRequires: bison, flex, docbook-style-xsl, docbook-dtds
BuildRequires: autoconf, automake, libtool, gettext-devel
BuildRequires: /usr/bin/xsltproc, /usr/bin/itstool
Requires: libselinux >= 1.25.2-1
### Dependencies ###
Requires: audit-libs >= 1.6.5
Requires: libselinux >= 1.25.2-1
Requires: setup
### Build Dependencies ###
BuildRequires: audit-libs-devel >= 1.6.5
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison
BuildRequires: docbook-dtds
BuildRequires: docbook-style-xsl
BuildRequires: flex
BuildRequires: gcc
BuildRequires: gettext-devel
BuildRequires: itstool
BuildRequires: libacl-devel
BuildRequires: libattr-devel
BuildRequires: libselinux-devel >= 1.25.2-1
BuildRequires: libsemanage-devel
BuildRequires: libtool
BuildRequires: libxslt
BuildRequires: make
### Provides ###
Provides: shadow = %{epoch}:%{version}-%{release}
%description
@ -117,6 +144,13 @@ Development files for shadow-utils-subid.
%patch15 -p1 -b .usermod-allow-all-group-types
%patch16 -p1 -b .useradd-avoid-generating-empty-subid-range
%patch17 -p1 -b .libmisc-fix-default-value-in-SHA_get_salt_rounds
%patch18 -p1 -b .semanage-close-the-selabel-handle
%patch19 -p1 -b .revert-useradd-fix-memleak
%patch20 -p1 -b .useradd-copy-tree-argument
%patch21 -p1 -b .pwck-fix-segfault-when-calling-fprintf
%patch22 -p1 -b .newgrp-fix-segmentation-fault
%patch23 -p1 -b .getsubids
%patch24 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
@ -279,12 +313,23 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%files subid
%{_libdir}/libsubid.so.*
%{_bindir}/getsubids
%{_mandir}/man1/getsubids.1*
%files subid-devel
%{includesubiddir}/subid.h
%{_libdir}/libsubid.so
%changelog
* Thu Dec 2 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-3
- getsubids: provide system binary and man page. Resolves: #2013015
- useradd: generate home and mail directories with selinux user attribute. Resolves: #1993081
- useradd: revert fix memleak of grp. Resolves: #2020238
- groupdel: fix SIGSEGV when passwd does not exist. Resolves: #2024834
- pwck: fix segfault when calling fprintf()
- newgrp: fix segmentation fault
- Clean spec file: organize dependencies and move License location
* Tue Aug 17 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-2
- libmisc: fix default value in SHA_get_salt_rounds(). Resolves: #1993919