diff --git a/SOURCES/usermode-1.113-manpage_typo.patch b/SOURCES/usermode-1.113-manpage_typo.patch new file mode 100644 index 0000000..a17b1f3 --- /dev/null +++ b/SOURCES/usermode-1.113-manpage_typo.patch @@ -0,0 +1,22 @@ +From 79c1ddd9fbea9cdc2bc973a3d271e9c9617d5eb7 Mon Sep 17 00:00:00 2001 +From: Jiri Kucera +Date: Apr 28 2021 08:24:20 +0000 +Subject: Fix typo + + +--- + +diff --git a/pam-panel-icon.1 b/pam-panel-icon.1 +index 5f891dc..2563627 100644 +--- a/pam-panel-icon.1 ++++ b/pam-panel-icon.1 +@@ -40,7 +40,7 @@ timestamp status. + If the + .B pam_timestamp + authorization is active, +-allowing an unprivileted user to temporarily authenticate as the ++allowing an unprivileged user to temporarily authenticate as the + .B root + user without providing a password, + an icon in the notification area of the panel is displayed. + diff --git a/SOURCES/usermode-1.113-selinux.patch b/SOURCES/usermode-1.113-selinux.patch new file mode 100644 index 0000000..995d5ca --- /dev/null +++ b/SOURCES/usermode-1.113-selinux.patch @@ -0,0 +1,65 @@ +From 48c4085004caad1ec928fa103b7f3e3fe684c826 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Apr 07 2020 11:16:48 +0000 +Subject: Do not use deprecated flask.h and av_permissions.h + + +selinux/flask.h and selinux/av_permissions.h will be completely dropped in the +next SELinux release. + +Use string_to_security_class() and string_to_av_perm() to get class and +permission values. The original hardcoded values could be invalid and are +deprecated as the whole flask.h and av_permissions.h header files. + +--- + +diff --git a/userhelper.c b/userhelper.c +index 4177c89..f2afde7 100644 +--- a/userhelper.c ++++ b/userhelper.c +@@ -48,8 +48,6 @@ + + #ifdef WITH_SELINUX + #include +-#include +-#include + #endif + + #include "shvar.h" +@@ -111,7 +109,7 @@ static int checkAccess(unsigned int selaccess) { + struct av_decision avd; + int retval = security_compute_av(user_context, + user_context, +- SECCLASS_PASSWD, ++ string_to_security_class("passwd"), + selaccess, + &avd); + +@@ -2267,7 +2265,8 @@ main(int argc, char **argv) + const char *new_home_phone; + const char *new_shell; + #ifdef WITH_SELINUX +- unsigned perm; ++ security_class_t class; ++ access_vector_t perm; + #endif + + /* State variable we pass around. */ +@@ -2426,12 +2425,13 @@ main(int argc, char **argv) + user_name = g_strdup(argv[optind]); + + #ifdef WITH_SELINUX ++ class = string_to_security_class("passwd"); + if (c_flag) +- perm = PASSWD__PASSWD; ++ perm = string_to_av_perm(class, "passwd"); + else if (s_flag) +- perm = PASSWD__CHSH; ++ perm = string_to_av_perm(class, "chsh"); + else +- perm = PASSWD__CHFN; ++ perm = string_to_av_perm(class, "chfn"); + + if (is_selinux_enabled() > 0 && + checkAccess(perm)!= 0) { + diff --git a/SPECS/usermode.spec b/SPECS/usermode.spec index 87a37f6..3bb6496 100644 --- a/SPECS/usermode.spec +++ b/SPECS/usermode.spec @@ -1,12 +1,15 @@ Summary: Tools for certain user account management tasks Name: usermode Version: 1.113 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: Applications/System URL: https://pagure.io/%{name}/ Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz Source1: config-util +# Do not use deprecated API +Patch1: usermode-1.113-selinux.patch +Patch2: usermode-1.113-manpage_typo.patch Requires: pam, passwd, util-linux # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/ BuildRequires: gcc @@ -39,9 +42,11 @@ graphical tools for certain account management tasks. %prep %setup -q +%patch1 -p1 +%patch2 -p1 %build -%configure --with-fexecve=yes --with-selinux +%configure --with-fexecve=no --with-selinux make %{?_smp_mflags} @@ -92,6 +97,12 @@ done %{_datadir}/applications/* %changelog +* Tue Aug 03 2021 Jiri Kucera - 1.113-2 +- Fix typo in pam-panel-icon manpage + Do not use deprecated selinux API + Do not use fexecve + Resolves: #1775931 + * Mon Nov 05 2018 Jiri Kucera - 1.113-1 - Rebase to usermode-1.113 (fixes static scanner issues) Resolves #1602722