From b920793dc34903bf623714fa90e22c90f4283e20 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 14 May 2025 19:32:14 +0000 Subject: [PATCH] import UBI usermode-1.114-12.el10 --- .gitignore | 2 +- gating.yaml | 6 -- sources | 2 +- usermode-1.113-manpage_typo.patch | 22 ---- usermode-1.113-selinux.patch | 65 ------------ usermode-1.114-fixfree.patch | 163 ++++++++++++++++++++++++++++++ usermode.spec | 135 ++++++++++++++++++++----- 7 files changed, 273 insertions(+), 122 deletions(-) delete mode 100644 gating.yaml delete mode 100644 usermode-1.113-manpage_typo.patch delete mode 100644 usermode-1.113-selinux.patch create mode 100644 usermode-1.114-fixfree.patch diff --git a/.gitignore b/.gitignore index c55b193..f15a105 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/usermode-1.113.tar.xz +usermode-1.114.tar.xz diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index eb7c84f..0000000 --- a/gating.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- !Policy -product_versions: - - rhel-8 -decision_context: osci_compose_gate -rules: - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} diff --git a/sources b/sources index ee6f411..5065b51 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (usermode-1.113.tar.xz) = 0653da8cff94b86bd67ca1bed50bb77a929f5da1c047e6c627273fc319cc3bf6df7c5af1b5be160b2068632199d194bd00bcf43f702927a34b884149800c7f21 +SHA512 (usermode-1.114.tar.xz) = 703eb218704c7a11cdce25a71f4fc91bf4f042a8b185f79f3954699081c0db8a6234ad6f11738d8b2fe6a492a03d029cbe01762a47869edc473e4fbaa6e0ee32 diff --git a/usermode-1.113-manpage_typo.patch b/usermode-1.113-manpage_typo.patch deleted file mode 100644 index a17b1f3..0000000 --- a/usermode-1.113-manpage_typo.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 79c1ddd9fbea9cdc2bc973a3d271e9c9617d5eb7 Mon Sep 17 00:00:00 2001 -From: Jiri Kucera -Date: Apr 28 2021 08:24:20 +0000 -Subject: Fix typo - - ---- - -diff --git a/pam-panel-icon.1 b/pam-panel-icon.1 -index 5f891dc..2563627 100644 ---- a/pam-panel-icon.1 -+++ b/pam-panel-icon.1 -@@ -40,7 +40,7 @@ timestamp status. - If the - .B pam_timestamp - authorization is active, --allowing an unprivileted user to temporarily authenticate as the -+allowing an unprivileged user to temporarily authenticate as the - .B root - user without providing a password, - an icon in the notification area of the panel is displayed. - diff --git a/usermode-1.113-selinux.patch b/usermode-1.113-selinux.patch deleted file mode 100644 index 995d5ca..0000000 --- a/usermode-1.113-selinux.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 48c4085004caad1ec928fa103b7f3e3fe684c826 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Apr 07 2020 11:16:48 +0000 -Subject: Do not use deprecated flask.h and av_permissions.h - - -selinux/flask.h and selinux/av_permissions.h will be completely dropped in the -next SELinux release. - -Use string_to_security_class() and string_to_av_perm() to get class and -permission values. The original hardcoded values could be invalid and are -deprecated as the whole flask.h and av_permissions.h header files. - ---- - -diff --git a/userhelper.c b/userhelper.c -index 4177c89..f2afde7 100644 ---- a/userhelper.c -+++ b/userhelper.c -@@ -48,8 +48,6 @@ - - #ifdef WITH_SELINUX - #include --#include --#include - #endif - - #include "shvar.h" -@@ -111,7 +109,7 @@ static int checkAccess(unsigned int selaccess) { - struct av_decision avd; - int retval = security_compute_av(user_context, - user_context, -- SECCLASS_PASSWD, -+ string_to_security_class("passwd"), - selaccess, - &avd); - -@@ -2267,7 +2265,8 @@ main(int argc, char **argv) - const char *new_home_phone; - const char *new_shell; - #ifdef WITH_SELINUX -- unsigned perm; -+ security_class_t class; -+ access_vector_t perm; - #endif - - /* State variable we pass around. */ -@@ -2426,12 +2425,13 @@ main(int argc, char **argv) - user_name = g_strdup(argv[optind]); - - #ifdef WITH_SELINUX -+ class = string_to_security_class("passwd"); - if (c_flag) -- perm = PASSWD__PASSWD; -+ perm = string_to_av_perm(class, "passwd"); - else if (s_flag) -- perm = PASSWD__CHSH; -+ perm = string_to_av_perm(class, "chsh"); - else -- perm = PASSWD__CHFN; -+ perm = string_to_av_perm(class, "chfn"); - - if (is_selinux_enabled() > 0 && - checkAccess(perm)!= 0) { - diff --git a/usermode-1.114-fixfree.patch b/usermode-1.114-fixfree.patch new file mode 100644 index 0000000..387aab9 --- /dev/null +++ b/usermode-1.114-fixfree.patch @@ -0,0 +1,163 @@ +diff -up usermode-1.114/userhelper.c.fixfree usermode-1.114/userhelper.c +--- usermode-1.114/userhelper.c.fixfree 2025-01-23 23:33:24.778721387 +0100 ++++ usermode-1.114/userhelper.c 2025-01-23 23:57:54.375799100 +0100 +@@ -1749,7 +1755,6 @@ wrap(const char *user, const char *progr + displaying any unwanted GUI dialogs. */ + retval = pipe_conv_exec_start(data); + if (retval != 0) { +- g_strfreev(environ); + environ = environ_save; + die(data, retval); + } +@@ -1802,7 +1808,6 @@ wrap(const char *user, const char *progr + /* Nope, not there, either. */ + debug_msg("userhelper: couldn't find wrapped " + "binary\n"); +- g_strfreev(environ); + environ = environ_save; + die(data, ERR_NO_PROGRAM); + } +@@ -1837,7 +1843,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + die(data, ERR_NO_USER); + } +@@ -1934,7 +1940,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + fail_exit(data, retval); + } +@@ -1957,7 +1963,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + fail_exit(data, retval); + } else +@@ -1965,7 +1971,6 @@ wrap(const char *user, const char *progr + /* Reset the user's environment so that the + * application can run normally. */ + argv[optind - 1] = strdup(program); +- g_strfreev(environ); + environ = environ_save; + become_normal(data, user); + if (data->input != NULL) { +@@ -2008,7 +2014,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + fail_exit(data, retval); + } +@@ -2022,7 +2028,6 @@ wrap(const char *user, const char *progr + close(fd); + #endif + pam_end(data->pamh, retval); +- g_strfreev(environ); + environ = environ_save; + fail_exit(data, retval); + } +@@ -2030,7 +2036,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + die(data, ERR_UNK_ERROR); + } +@@ -2043,7 +2049,6 @@ wrap(const char *user, const char *progr + close(fd); + #endif + pam_end(data->pamh, retval); +- g_strfreev(environ); + environ = environ_save; + fail_exit(data, retval); + } +@@ -2056,7 +2062,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + die(data, ERR_NO_USER); + } +@@ -2081,7 +2087,6 @@ wrap(const char *user, const char *progr + close(fd); + #endif + pam_end(data->pamh, retval); +- g_strfreev(environ); + environ = environ_save; + fail_exit(data, retval); + } +@@ -2094,7 +2100,6 @@ wrap(const char *user, const char *progr + close(fd); + #endif + pam_end(data->pamh, retval); +- g_strfreev(environ); + environ = environ_save; + fail_exit(data, retval); + } +@@ -2105,7 +2111,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + die(data, ERR_EXEC_FAILED); + } +@@ -2143,7 +2149,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + die(data, retval); + } +@@ -2175,7 +2181,6 @@ wrap(const char *user, const char *progr + cmdline, user, strerror(errno)); + if (data->output != NULL) + pipe_conv_exec_fail(data); +- g_strfreev(environ); + environ = environ_save; + die(data, ERR_EXEC_FAILED); + } +@@ -2197,7 +2203,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + fail_exit(data, retval); + } +@@ -2207,7 +2213,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + if (WIFEXITED(status)) + exit(WEXITSTATUS(status)); +@@ -2241,7 +2247,6 @@ wrap(const char *user, const char *progr + #ifdef HAVE_FEXECVE + close(fd); + #endif +- g_strfreev(environ); + environ = environ_save; + die(data, retval); + } +@@ -2270,7 +2276,6 @@ wrap(const char *user, const char *progr + "root privileges on behalf of '%s': %s", + cmdline, user, strerror(errno)); + pipe_conv_exec_fail(data); +- g_strfreev(environ); + environ = environ_save; + die(data, ERR_EXEC_FAILED); + } diff --git a/usermode.spec b/usermode.spec index 3bb6496..1403723 100644 --- a/usermode.spec +++ b/usermode.spec @@ -1,27 +1,38 @@ +# Add `--without gtk' option (enable gtk by default): +# No GTK 2 in RHEL 10 +%if 0%{?rhel} > 9 +%bcond_with gtk +%else +%bcond_without gtk +%endif + Summary: Tools for certain user account management tasks Name: usermode -Version: 1.113 -Release: 2%{?dist} -License: GPLv2+ -Group: Applications/System +Version: 1.114 +Release: 12%{?dist} +License: GPL-2.0-or-later URL: https://pagure.io/%{name}/ Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz Source1: config-util -# Do not use deprecated API -Patch1: usermode-1.113-selinux.patch -Patch2: usermode-1.113-manpage_typo.patch +# do not free environ as glibc may want to do that, RHEL-73769 +Patch2: usermode-1.114-fixfree.patch Requires: pam, passwd, util-linux # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/ +BuildRequires: make BuildRequires: gcc -BuildRequires: desktop-file-utils, gettext, glib2-devel, gtk2-devel, intltool -BuildRequires: libblkid-devel, libSM-devel, libselinux-devel, libuser-devel -BuildRequires: pam-devel, perl-XML-Parser, startup-notification-devel +BuildRequires: gettext, glib2-devel, intltool +%if %{with gtk} +BuildRequires: desktop-file-utils, gtk2-devel, startup-notification-devel, libSM-devel +%endif +BuildRequires: libblkid-devel, libselinux-devel, libuser-devel +BuildRequires: pam-devel, perl-XML-Parser BuildRequires: util-linux +%if %{with gtk} %package gtk Summary: Graphical tools for certain user account management tasks -Group: Applications/System Requires: %{name} = %{version}-%{release} +%endif %global _hardened_build 1 @@ -30,6 +41,7 @@ The usermode package contains the userhelper program, which can be used to allow configured programs to be run with superuser privileges by ordinary users. +%if %{with gtk} %description gtk The usermode-gtk package contains several graphical tools for users: userinfo, usermount and userpasswd. Userinfo allows users to change @@ -39,28 +51,31 @@ passwords. Install the usermode-gtk package if you would like to provide users with graphical tools for certain account management tasks. +%endif %prep %setup -q -%patch1 -p1 -%patch2 -p1 +%patch -P 2 -p1 -b .fixfree %build -%configure --with-fexecve=no --with-selinux +%configure --with-selinux --without-fexecve %{!?with_gtk:--without-gtk} -make %{?_smp_mflags} +%make_build %install -make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' +%make_install +%if %{with gtk} # make userformat symlink to usermount ln -sf usermount $RPM_BUILD_ROOT%{_bindir}/userformat ln -s usermount.1 $RPM_BUILD_ROOT%{_mandir}/man1/userformat.1 +%endif mkdir -p $RPM_BUILD_ROOT/etc/security/console.apps install -p -m 644 %{SOURCE1} \ $RPM_BUILD_ROOT/etc/security/console.apps/config-util +%if %{with gtk} for i in redhat-userinfo.desktop redhat-userpasswd.desktop \ redhat-usermount.desktop; do echo 'NotShowIn=GNOME;KDE;' >>$RPM_BUILD_ROOT%{_datadir}/applications/$i @@ -68,17 +83,20 @@ for i in redhat-userinfo.desktop redhat-userpasswd.desktop \ --dir $RPM_BUILD_ROOT%{_datadir}/applications \ $RPM_BUILD_ROOT%{_datadir}/applications/$i done +%endif %find_lang %{name} %files -f %{name}.lang -%doc COPYING ChangeLog NEWS README +%license COPYING +%doc ChangeLog NEWS README %attr(4711,root,root) /usr/sbin/userhelper %{_bindir}/consolehelper %{_mandir}/man8/userhelper.8* %{_mandir}/man8/consolehelper.8* %config(noreplace) /etc/security/console.apps/config-util +%if %{with gtk} %files gtk %{_bindir}/usermount %{_mandir}/man1/usermount.1* @@ -95,24 +113,87 @@ done %{_datadir}/%{name} %{_datadir}/pixmaps/* %{_datadir}/applications/* +%endif %changelog -* Tue Aug 03 2021 Jiri Kucera - 1.113-2 -- Fix typo in pam-panel-icon manpage - Do not use deprecated selinux API - Do not use fexecve - Resolves: #1775931 +* Wed Jan 22 2025 Michal Hlavinka - 1.114-12 +- do not (double) free environ as glibc may want to do that (RHEL-73769) -* Mon Nov 05 2018 Jiri Kucera - 1.113-1 -- Rebase to usermode-1.113 (fixes static scanner issues) - Resolves #1602722 +* Tue Oct 29 2024 Troy Dawson - 1.114-11 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 -* Wed Aug 08 2018 Jiri Kucera - 1.112-2 +* Mon Jun 24 2024 Troy Dawson - 1.114-10 +- Bump release for June 2024 mass rebuild + +* Sat Jan 27 2024 Fedora Release Engineering - 1.114-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jul 22 2023 Fedora Release Engineering - 1.114-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sat Jan 21 2023 Fedora Release Engineering - 1.114-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Fri Jan 06 2023 Tomas Popela - 1.114-6 +- Don't build GTK 2 bits on RHEL 10 as GTK 2 won't be available there + +* Sat Jul 23 2022 Fedora Release Engineering - 1.114-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 1.114-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Jul 23 2021 Fedora Release Engineering - 1.114-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jun 16 2021 Jiri Kucera - 1.114-2 +- Do not use fexecve + Script executed via fexecve has a file descriptor number in + argv[0]. This results in unexpected output: when displaying + the script help, a user see "Usage: [options]" + instead of "Usage: [options]". + Resolves: #1969918 + +* Tue May 04 2021 Jiri Kucera - 1.114-1 +- Update to usermode-1.114 +- Allow to optionally disable GTK + +* Mon May 03 2021 Jiri Kucera - 1.113-1 +- Update to usermode-1.113 + +* Wed Jan 27 2021 Fedora Release Engineering - 1.112-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Sep 09 2020 Jiri Kucera - 1.112-9 +- Do not use deprecated selinux headers + Resolves #1865598 + +* Sat Aug 01 2020 Fedora Release Engineering - 1.112-8 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 1.112-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jan 31 2020 Fedora Release Engineering - 1.112-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jul 27 2019 Fedora Release Engineering - 1.112-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Feb 03 2019 Fedora Release Engineering - 1.112-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Aug 07 2018 Jiri Kucera - 1.112-3 - Dropped need to run autotools - must be now included manually - Resolves #1611752 + Resolves #1606624 - Fixed bad FSF address +* Sat Jul 14 2018 Fedora Release Engineering - 1.112-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Thu Feb 22 2018 Jiri Kucera - 1.112-1 - Update to usermode-1.112 Resolves #1269643