.gitignore

@@ -1 +1,11 @@
-SOURCES/usermode-1.113.tar.xz
+usermode-1.105.tar.xz
+/usermode-1.106.tar.xz
+/usermode-1.106.1.tar.xz
+/usermode-1.107.tar.xz
+/usermode-1.108.tar.xz
+/usermode-1.109.tar.xz
+/usermode-1.110.tar.xz
+/usermode-1.111.tar.xz
+/usermode-1.112.tar.xz
+/usermode-1.112.autotoolized.tar.xz
+/usermode-1.114.tar.xz

.usermode.metadata

@@ -1 +1 @@
-81e05318f28e42352410a3ece3334d62350f802f SOURCES/usermode-1.113.tar.xz
+8566e6c180ba5a6635c92d7a76f3e4410dab7dc8 usermode-1.114.tar.xz

SOURCES/usermode-1.113-manpage_typo.patch

@@ -1,22 +0,0 @@
-From 79c1ddd9fbea9cdc2bc973a3d271e9c9617d5eb7 Mon Sep 17 00:00:00 2001
-From: Jiri Kucera <jkucera@redhat.com>
-Date: Apr 28 2021 08:24:20 +0000
-Subject: Fix typo
-
-
----
-
-diff --git a/pam-panel-icon.1 b/pam-panel-icon.1
-index 5f891dc..2563627 100644
---- a/pam-panel-icon.1
-+++ b/pam-panel-icon.1
-@@ -40,7 +40,7 @@ timestamp status.
- If the
- .B pam_timestamp
- authorization is active,
--allowing an unprivileted user to temporarily authenticate as the
-+allowing an unprivileged user to temporarily authenticate as the
- .B root
- user without providing a password,
- an icon in the notification area of the panel is displayed.
-

SOURCES/usermode-1.113-selinux.patch

@@ -1,65 +0,0 @@
-From 48c4085004caad1ec928fa103b7f3e3fe684c826 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Apr 07 2020 11:16:48 +0000
-Subject: Do not use deprecated flask.h and av_permissions.h
-
-
-selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
-next SELinux release.
-
-Use string_to_security_class() and string_to_av_perm() to get class and
-permission values. The original hardcoded values could be invalid and are
-deprecated as the whole flask.h and av_permissions.h header files.
-
----
-
-diff --git a/userhelper.c b/userhelper.c
-index 4177c89..f2afde7 100644
---- a/userhelper.c
-+++ b/userhelper.c
-@@ -48,8 +48,6 @@
- 
- #ifdef WITH_SELINUX
- #include <selinux/selinux.h>
--#include <selinux/flask.h>
--#include <selinux/av_permissions.h>
- #endif
- 
- #include "shvar.h"
-@@ -111,7 +109,7 @@ static int checkAccess(unsigned int selaccess) {
-     struct av_decision avd;
-     int retval = security_compute_av(user_context,
- 				     user_context,
--				     SECCLASS_PASSWD,
-+				     string_to_security_class("passwd"),
- 				     selaccess,
- 				     &avd);
- 	  
-@@ -2267,7 +2265,8 @@ main(int argc, char **argv)
- 	const char *new_home_phone;
- 	const char *new_shell;
- #ifdef WITH_SELINUX
--	unsigned perm;
-+	security_class_t class;
-+	access_vector_t perm;
- #endif
- 
- 	/* State variable we pass around. */
-@@ -2426,12 +2425,13 @@ main(int argc, char **argv)
- 			user_name = g_strdup(argv[optind]);
- 
- #ifdef WITH_SELINUX
-+			class = string_to_security_class("passwd");
- 			if (c_flag) 
--			  perm = PASSWD__PASSWD;
-+			  perm = string_to_av_perm(class, "passwd");
- 			else if (s_flag)
--			  perm = PASSWD__CHSH;
-+			  perm = string_to_av_perm(class, "chsh");
- 			else
--			  perm = PASSWD__CHFN;
-+			  perm = string_to_av_perm(class, "chfn");
- 
- 			if (is_selinux_enabled() > 0 &&
- 			    checkAccess(perm)!= 0) {
-

gating.yaml

@@ -0,0 +1,7 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
+

sources

@@ -0,0 +1 @@
+SHA512 (usermode-1.114.tar.xz) = 703eb218704c7a11cdce25a71f4fc91bf4f042a8b185f79f3954699081c0db8a6234ad6f11738d8b2fe6a492a03d029cbe01762a47869edc473e4fbaa6e0ee32

usermode.spec

@@ -1,27 +1,31 @@
+# Add `--without gtk' option (enable gtk by default):
+%bcond_without gtk
+
 Summary: Tools for certain user account management tasks
 Name: usermode
-Version: 1.113
+Version: 1.114
-Release: 2%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
-Group: Applications/System
 URL: https://pagure.io/%{name}/
 Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
 Source1: config-util
-# Do not use deprecated API
-Patch1: usermode-1.113-selinux.patch
-Patch2: usermode-1.113-manpage_typo.patch
 Requires: pam, passwd, util-linux
 # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
+BuildRequires: make
 BuildRequires: gcc
-BuildRequires: desktop-file-utils, gettext, glib2-devel, gtk2-devel, intltool
+BuildRequires: gettext, glib2-devel, intltool
-BuildRequires: libblkid-devel, libSM-devel, libselinux-devel, libuser-devel
+%if %{with gtk}
-BuildRequires: pam-devel, perl-XML-Parser, startup-notification-devel
+BuildRequires: desktop-file-utils, gtk2-devel, startup-notification-devel, libSM-devel
+%endif
+BuildRequires: libblkid-devel, libselinux-devel, libuser-devel
+BuildRequires: pam-devel, perl-XML-Parser
 BuildRequires: util-linux
 
+%if %{with gtk}
 %package gtk
 Summary: Graphical tools for certain user account management tasks
-Group: Applications/System
 Requires: %{name} = %{version}-%{release}
+%endif
 
 %global _hardened_build 1
 
@@ -30,6 +34,7 @@ The usermode package contains the userhelper program, which can be
 used to allow configured programs to be run with superuser privileges
 by ordinary users.
 
+%if %{with gtk}
 %description gtk
 The usermode-gtk package contains several graphical tools for users:
 userinfo, usermount and userpasswd.  Userinfo allows users to change
@@ -39,28 +44,30 @@ passwords.
 
 Install the usermode-gtk package if you would like to provide users with
 graphical tools for certain account management tasks.
+%endif
 
 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
 
 %build
-%configure --with-fexecve=no --with-selinux
+%configure --with-selinux --without-fexecve %{!?with_gtk:--without-gtk}
 
-make %{?_smp_mflags}
+%make_build
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
+%make_install INSTALL='install -p'
 
+%if %{with gtk}
 # make userformat symlink to usermount
 ln -sf usermount $RPM_BUILD_ROOT%{_bindir}/userformat
 ln -s usermount.1 $RPM_BUILD_ROOT%{_mandir}/man1/userformat.1
+%endif
 
 mkdir -p $RPM_BUILD_ROOT/etc/security/console.apps
 install -p -m 644 %{SOURCE1} \
 	$RPM_BUILD_ROOT/etc/security/console.apps/config-util
 
+%if %{with gtk}
 for i in redhat-userinfo.desktop redhat-userpasswd.desktop \
 	redhat-usermount.desktop; do
 	echo 'NotShowIn=GNOME;KDE;' >>$RPM_BUILD_ROOT%{_datadir}/applications/$i
@@ -68,17 +75,20 @@ for i in redhat-userinfo.desktop redhat-userpasswd.desktop \
 		--dir $RPM_BUILD_ROOT%{_datadir}/applications \
 		$RPM_BUILD_ROOT%{_datadir}/applications/$i
 done
+%endif
 
 %find_lang %{name}
 
 %files -f %{name}.lang
-%doc COPYING ChangeLog NEWS README
+%license COPYING
+%doc ChangeLog NEWS README
 %attr(4711,root,root) /usr/sbin/userhelper
 %{_bindir}/consolehelper
 %{_mandir}/man8/userhelper.8*
 %{_mandir}/man8/consolehelper.8*
 %config(noreplace) /etc/security/console.apps/config-util
 
+%if %{with gtk}
 %files gtk
 %{_bindir}/usermount
 %{_mandir}/man1/usermount.1*
@@ -95,24 +105,64 @@ done
 %{_datadir}/%{name}
 %{_datadir}/pixmaps/*
 %{_datadir}/applications/*
+%endif
 
 %changelog
-* Tue Aug 03 2021 Jiri Kucera <jkucera@redhat.com> - 1.113-2
+* Thu Dec 09 2021 Jiri Kucera <jkucera@redhat.com> - 1.114-4
-- Fix typo in pam-panel-icon manpage
+- Rebuild with new annobin
-  Do not use deprecated selinux API
+  Related: #1984417
-  Do not use fexecve
-  Resolves: #1775931
 
-* Mon Nov 05 2018 Jiri Kucera <jkucera@redhat.com> - 1.113-1
+* Tue Dec 07 2021 Jiri Kucera <jkucera@redhat.com> - 1.114-3
-- Rebase to usermode-1.113 (fixes static scanner issues)
+- Do not use fexecve
-  Resolves #1602722
+  Script executed via fexecve has a file descriptor number in
+  argv[0]. This results in unexpected output: when displaying
+  the script help, a user see "Usage: <number> [options]"
+  instead of "Usage: <scriptname> [options]".
+  Resolves: #1984417
 
-* Wed Aug 08 2018 Jiri Kucera <jkucera@redhat.com> - 1.112-2
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.114-2
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri May 14 2021 Jiri Kucera <jkucera@redhat.com> - 1.114-1
+- Update to usermode-1.114
+  Resolves: #1938893
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.112-11
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Sep 09 2020 Jiri Kucera <jkucera@redhat.com> - 1.112-9
+- Do not use deprecated selinux headers
+  Resolves #1865598
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-8
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Aug 07 2018 Jiri Kucera <jkucera@redhat.com> - 1.112-3
 - Dropped need to run autotools
 - <sys/sysmacros.h> must be now included manually
-  Resolves #1611752
+  Resolves #1606624
 - Fixed bad FSF address
 
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
 * Thu Feb 22 2018 Jiri Kucera <jkucera@redhat.com> - 1.112-1
 - Update to usermode-1.112
   Resolves #1269643