import usermode-1.113-2.el8

SOURCES/usermode-1.113-manpage_typo.patch

@@ -0,0 +1,22 @@
+From 79c1ddd9fbea9cdc2bc973a3d271e9c9617d5eb7 Mon Sep 17 00:00:00 2001
+From: Jiri Kucera <jkucera@redhat.com>
+Date: Apr 28 2021 08:24:20 +0000
+Subject: Fix typo
+
+
+---
+
+diff --git a/pam-panel-icon.1 b/pam-panel-icon.1
+index 5f891dc..2563627 100644
+--- a/pam-panel-icon.1
++++ b/pam-panel-icon.1
+@@ -40,7 +40,7 @@ timestamp status.
+ If the
+ .B pam_timestamp
+ authorization is active,
+-allowing an unprivileted user to temporarily authenticate as the
++allowing an unprivileged user to temporarily authenticate as the
+ .B root
+ user without providing a password,
+ an icon in the notification area of the panel is displayed.
+

SOURCES/usermode-1.113-selinux.patch

@@ -0,0 +1,65 @@
+From 48c4085004caad1ec928fa103b7f3e3fe684c826 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Apr 07 2020 11:16:48 +0000
+Subject: Do not use deprecated flask.h and av_permissions.h
+
+
+selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
+next SELinux release.
+
+Use string_to_security_class() and string_to_av_perm() to get class and
+permission values. The original hardcoded values could be invalid and are
+deprecated as the whole flask.h and av_permissions.h header files.
+
+---
+
+diff --git a/userhelper.c b/userhelper.c
+index 4177c89..f2afde7 100644
+--- a/userhelper.c
++++ b/userhelper.c
+@@ -48,8 +48,6 @@
+ 
+ #ifdef WITH_SELINUX
+ #include <selinux/selinux.h>
+-#include <selinux/flask.h>
+-#include <selinux/av_permissions.h>
+ #endif
+ 
+ #include "shvar.h"
+@@ -111,7 +109,7 @@ static int checkAccess(unsigned int selaccess) {
+     struct av_decision avd;
+     int retval = security_compute_av(user_context,
+ 				     user_context,
+-				     SECCLASS_PASSWD,
++				     string_to_security_class("passwd"),
+ 				     selaccess,
+ 				     &avd);
+ 	  
+@@ -2267,7 +2265,8 @@ main(int argc, char **argv)
+ 	const char *new_home_phone;
+ 	const char *new_shell;
+ #ifdef WITH_SELINUX
+-	unsigned perm;
++	security_class_t class;
++	access_vector_t perm;
+ #endif
+ 
+ 	/* State variable we pass around. */
+@@ -2426,12 +2425,13 @@ main(int argc, char **argv)
+ 			user_name = g_strdup(argv[optind]);
+ 
+ #ifdef WITH_SELINUX
++			class = string_to_security_class("passwd");
+ 			if (c_flag) 
+-			  perm = PASSWD__PASSWD;
++			  perm = string_to_av_perm(class, "passwd");
+ 			else if (s_flag)
+-			  perm = PASSWD__CHSH;
++			  perm = string_to_av_perm(class, "chsh");
+ 			else
+-			  perm = PASSWD__CHFN;
++			  perm = string_to_av_perm(class, "chfn");
+ 
+ 			if (is_selinux_enabled() > 0 &&
+ 			    checkAccess(perm)!= 0) {
+

SPECS/usermode.spec

@@ -1,12 +1,15 @@
 Summary: Tools for certain user account management tasks
 Name: usermode
 Version: 1.113
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: https://pagure.io/%{name}/
 Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
 Source1: config-util
+# Do not use deprecated API
+Patch1: usermode-1.113-selinux.patch
+Patch2: usermode-1.113-manpage_typo.patch
 Requires: pam, passwd, util-linux
 # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
 BuildRequires: gcc
@@ -39,9 +42,11 @@ graphical tools for certain account management tasks.
 
 %prep
 %setup -q
+%patch1 -p1
+%patch2 -p1
 
 %build
-%configure --with-fexecve=yes --with-selinux
+%configure --with-fexecve=no --with-selinux
 
 make %{?_smp_mflags}
 
@@ -92,6 +97,12 @@ done
 %{_datadir}/applications/*
 
 %changelog
+* Tue Aug 03 2021 Jiri Kucera <jkucera@redhat.com> - 1.113-2
+- Fix typo in pam-panel-icon manpage
+  Do not use deprecated selinux API
+  Do not use fexecve
+  Resolves: #1775931
+
 * Mon Nov 05 2018 Jiri Kucera <jkucera@redhat.com> - 1.113-1
 - Rebase to usermode-1.113 (fixes static scanner issues)
   Resolves #1602722