8 changed files with 117 additions and 128 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -1 +0,0 @@
-1
--- a/.gitignore
+++ b/.gitignore
@ -1,12 +1 @@
-usermode-1.105.tar.xz
-/usermode-1.106.tar.xz
-/usermode-1.106.1.tar.xz
-/usermode-1.107.tar.xz
-/usermode-1.108.tar.xz
-/usermode-1.109.tar.xz
-/usermode-1.110.tar.xz
-/usermode-1.111.tar.xz
-/usermode-1.112.tar.xz
-/usermode-1.112.autotoolized.tar.xz
 /usermode-1.113.tar.xz
-/usermode-1.114.tar.xz
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +1,6 @@
 --- !Policy
 product_versions:
-  - rhel-10
+  - rhel-8
 decision_context: osci_compose_gate
 rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/plans/tier1.fmf
+++ b/plans/tier1.fmf
@ -1,15 +0,0 @@
---
-summary: Tier1 plan for usermode
-
-discover:
-  how: fmf
-  url: https://pkgs.devel.redhat.com/git/tests/usermode
-  ref: master
-  filter: tier:1
-
-execute:
-  how: tmt
-
-adjust:
-    enabled: false
-    when: distro == centos-stream or distro == fedora
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (usermode-1.114.tar.xz) = 703eb218704c7a11cdce25a71f4fc91bf4f042a8b185f79f3954699081c0db8a6234ad6f11738d8b2fe6a492a03d029cbe01762a47869edc473e4fbaa6e0ee32
+SHA512 (usermode-1.113.tar.xz) = 0653da8cff94b86bd67ca1bed50bb77a929f5da1c047e6c627273fc319cc3bf6df7c5af1b5be160b2068632199d194bd00bcf43f702927a34b884149800c7f21
--- a/usermode-1.113-manpage_typo.patch
+++ b/usermode-1.113-manpage_typo.patch
@ -0,0 +1,22 @@
+From 79c1ddd9fbea9cdc2bc973a3d271e9c9617d5eb7 Mon Sep 17 00:00:00 2001
+From: Jiri Kucera <jkucera@redhat.com>
+Date: Apr 28 2021 08:24:20 +0000
+Subject: Fix typo
+
+
+---
+
+diff --git a/pam-panel-icon.1 b/pam-panel-icon.1
+index 5f891dc..2563627 100644
+--- a/pam-panel-icon.1
+++ b/pam-panel-icon.1
+@@ -40,7 +40,7 @@ timestamp status.
+ If the
+ .B pam_timestamp
+ authorization is active,
+-allowing an unprivileted user to temporarily authenticate as the
+allowing an unprivileged user to temporarily authenticate as the
+ .B root
+ user without providing a password,
+ an icon in the notification area of the panel is displayed.
+
--- a/usermode-1.113-selinux.patch
+++ b/usermode-1.113-selinux.patch
@ -0,0 +1,65 @@
+From 48c4085004caad1ec928fa103b7f3e3fe684c826 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Apr 07 2020 11:16:48 +0000
+Subject: Do not use deprecated flask.h and av_permissions.h
+
+
+selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
+next SELinux release.
+
+Use string_to_security_class() and string_to_av_perm() to get class and
+permission values. The original hardcoded values could be invalid and are
+deprecated as the whole flask.h and av_permissions.h header files.
+
+---
+
+diff --git a/userhelper.c b/userhelper.c
+index 4177c89..f2afde7 100644
+--- a/userhelper.c
+++ b/userhelper.c
+@@ -48,8 +48,6 @@
+ 
+ #ifdef WITH_SELINUX
+ #include <selinux/selinux.h>
+-#include <selinux/flask.h>
+-#include <selinux/av_permissions.h>
+ #endif
+ 
+ #include "shvar.h"
+@@ -111,7 +109,7 @@ static int checkAccess(unsigned int selaccess) {
+     struct av_decision avd;
+     int retval = security_compute_av(user_context,
+ 				     user_context,
+-				     SECCLASS_PASSWD,
+				     string_to_security_class("passwd"),
+ 				     selaccess,
+ 				     &avd);
+ 	  
+@@ -2267,7 +2265,8 @@ main(int argc, char **argv)
+ 	const char *new_home_phone;
+ 	const char *new_shell;
+ #ifdef WITH_SELINUX
+-	unsigned perm;
+	security_class_t class;
+	access_vector_t perm;
+ #endif
+ 
+ 	/* State variable we pass around. */
+@@ -2426,12 +2425,13 @@ main(int argc, char **argv)
+ 			user_name = g_strdup(argv[optind]);
+ 
+ #ifdef WITH_SELINUX
+			class = string_to_security_class("passwd");
+ 			if (c_flag) 
+-			  perm = PASSWD__PASSWD;
+			  perm = string_to_av_perm(class, "passwd");
+ 			else if (s_flag)
+-			  perm = PASSWD__CHSH;
+			  perm = string_to_av_perm(class, "chsh");
+ 			else
+-			  perm = PASSWD__CHFN;
+			  perm = string_to_av_perm(class, "chfn");
+ 
+ 			if (is_selinux_enabled() > 0 &&
+ 			    checkAccess(perm)!= 0) {
+
--- a/usermode.spec
+++ b/usermode.spec
@ -1,36 +1,27 @@
-# Add `--without gtk' option (enable gtk by default):
-# No GTK 2 in RHEL 10
-%if 0%{?rhel} > 9
-%bcond_with gtk
-%else
-%bcond_without gtk
-%endif
-
 Summary: Tools for certain user account management tasks
 Name: usermode
-Version: 1.114
-Release: 10%{?dist}
-License: GPL-2.0-or-later
+Version: 1.113
+Release: 2%{?dist}
+License: GPLv2+
+Group: Applications/System
 URL: https://pagure.io/%{name}/
 Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
 Source1: config-util
+# Do not use deprecated API
+Patch1: usermode-1.113-selinux.patch
+Patch2: usermode-1.113-manpage_typo.patch
 Requires: pam, passwd, util-linux
 # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
-BuildRequires: make
 BuildRequires: gcc
-BuildRequires: gettext, glib2-devel, intltool
-%if %{with gtk}
-BuildRequires: desktop-file-utils, gtk2-devel, startup-notification-devel, libSM-devel
-%endif
-BuildRequires: libblkid-devel, libselinux-devel, libuser-devel
-BuildRequires: pam-devel, perl-XML-Parser
+BuildRequires: desktop-file-utils, gettext, glib2-devel, gtk2-devel, intltool
+BuildRequires: libblkid-devel, libSM-devel, libselinux-devel, libuser-devel
+BuildRequires: pam-devel, perl-XML-Parser, startup-notification-devel
 BuildRequires: util-linux

-%if %{with gtk}
 %package gtk
 Summary: Graphical tools for certain user account management tasks
+Group: Applications/System
 Requires: %{name} = %{version}-%{release}
-%endif

 %global _hardened_build 1

@ -39,7 +30,6 @@ The usermode package contains the userhelper program, which can be
 used to allow configured programs to be run with superuser privileges
 by ordinary users.

-%if %{with gtk}
 %description gtk
 The usermode-gtk package contains several graphical tools for users:
 userinfo, usermount and userpasswd.  Userinfo allows users to change
@ -49,30 +39,28 @@ passwords.

 Install the usermode-gtk package if you would like to provide users with
 graphical tools for certain account management tasks.
-%endif

 %prep
 %setup -q
+%patch1 -p1
+%patch2 -p1

 %build
-%configure --with-selinux --without-fexecve %{!?with_gtk:--without-gtk}
+%configure --with-fexecve=no --with-selinux

-%make_build
+make %{?_smp_mflags}

 %install
-%make_install
+make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'

-%if %{with gtk}
 # make userformat symlink to usermount
 ln -sf usermount $RPM_BUILD_ROOT%{_bindir}/userformat
 ln -s usermount.1 $RPM_BUILD_ROOT%{_mandir}/man1/userformat.1
-%endif

 mkdir -p $RPM_BUILD_ROOT/etc/security/console.apps
 install -p -m 644 %{SOURCE1} \
 	$RPM_BUILD_ROOT/etc/security/console.apps/config-util

-%if %{with gtk}
 for i in redhat-userinfo.desktop redhat-userpasswd.desktop \
 	redhat-usermount.desktop; do
 	echo 'NotShowIn=GNOME;KDE;' >>$RPM_BUILD_ROOT%{_datadir}/applications/$i
@ -80,20 +68,17 @@ for i in redhat-userinfo.desktop redhat-userpasswd.desktop \
 		--dir $RPM_BUILD_ROOT%{_datadir}/applications \
 		$RPM_BUILD_ROOT%{_datadir}/applications/$i
 done
-%endif

 %find_lang %{name}

 %files -f %{name}.lang
-%license COPYING
-%doc ChangeLog NEWS README
+%doc COPYING ChangeLog NEWS README
 %attr(4711,root,root) /usr/sbin/userhelper
 %{_bindir}/consolehelper
 %{_mandir}/man8/userhelper.8*
 %{_mandir}/man8/consolehelper.8*
 %config(noreplace) /etc/security/console.apps/config-util

-%if %{with gtk}
 %files gtk
 %{_bindir}/usermount
 %{_mandir}/man1/usermount.1*
@ -110,80 +95,24 @@ done
 %{_datadir}/%{name}
 %{_datadir}/pixmaps/*
 %{_datadir}/applications/*
-%endif

 %changelog
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.114-10
- Bump release for June 2024 mass rebuild
+* Tue Aug 03 2021 Jiri Kucera <jkucera@redhat.com> - 1.113-2
+- Fix typo in pam-panel-icon manpage
+  Do not use deprecated selinux API
+  Do not use fexecve
+  Resolves: #1775931

-* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.114-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+* Mon Nov 05 2018 Jiri Kucera <jkucera@redhat.com> - 1.113-1
+- Rebase to usermode-1.113 (fixes static scanner issues)
+  Resolves #1602722

-* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.114-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.114-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Fri Jan 06 2023 Tomas Popela <tpopela@redhat.com> - 1.114-6
- Don't build GTK 2 bits on RHEL 10 as GTK 2 won't be available there
-
-* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.114-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.114-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.114-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Wed Jun 16 2021 Jiri Kucera <jkucera@redhat.com> - 1.114-2
- Do not use fexecve
-  Script executed via fexecve has a file descriptor number in
-  argv[0]. This results in unexpected output: when displaying
-  the script help, a user see "Usage: <number> [options]"
-  instead of "Usage: <scriptname> [options]".
-  Resolves: #1969918
-
-* Tue May 04 2021 Jiri Kucera <jkucera@redhat.com> - 1.114-1
- Update to usermode-1.114
- Allow to optionally disable GTK
-
-* Mon May 03 2021 Jiri Kucera <jkucera@redhat.com> - 1.113-1
- Update to usermode-1.113
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Wed Sep 09 2020 Jiri Kucera <jkucera@redhat.com> - 1.112-9
- Do not use deprecated selinux headers
-  Resolves #1865598
-
-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-8
- Second attempt - Rebuilt for
-  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Tue Aug 07 2018 Jiri Kucera <jkucera@redhat.com> - 1.112-3
+* Wed Aug 08 2018 Jiri Kucera <jkucera@redhat.com> - 1.112-2
 - Dropped need to run autotools
 - <sys/sysmacros.h> must be now included manually
-  Resolves #1606624
+  Resolves #1611752
 - Fixed bad FSF address

-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.112-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
 * Thu Feb 22 2018 Jiri Kucera <jkucera@redhat.com> - 1.112-1
 - Update to usermode-1.112
  Resolves #1269643