update to current upstream release 4.6
This commit is contained in:
parent
4cb5077b68
commit
38a12ac864
15 changed files with 312 additions and 581 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -8,3 +8,5 @@ shadow-4.1.4.2.tar.bz2
|
||||||
/shadow-4.3.1.tar.gz
|
/shadow-4.3.1.tar.gz
|
||||||
/shadow-4.5.tar.xz
|
/shadow-4.5.tar.xz
|
||||||
/shadow-4.5.tar.xz.asc
|
/shadow-4.5.tar.xz.asc
|
||||||
|
/shadow-4.6.tar.xz
|
||||||
|
/shadow-4.6.tar.xz.asc
|
||||||
|
|
|
@ -1,102 +0,0 @@
|
||||||
Index: shadow-4.5/src/grpconv.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/grpconv.c
|
|
||||||
+++ shadow-4.5/src/grpconv.c
|
|
||||||
@@ -143,6 +143,7 @@ int main (int argc, char **argv)
|
|
||||||
struct group grent;
|
|
||||||
const struct sgrp *sg;
|
|
||||||
struct sgrp sgent;
|
|
||||||
+ char *np;
|
|
||||||
|
|
||||||
Prog = Basename (argv[0]);
|
|
||||||
|
|
||||||
@@ -184,20 +185,25 @@ int main (int argc, char **argv)
|
|
||||||
* Remove /etc/gshadow entries for groups not in /etc/group.
|
|
||||||
*/
|
|
||||||
(void) sgr_rewind ();
|
|
||||||
- while ((sg = sgr_next ()) != NULL) {
|
|
||||||
- if (gr_locate (sg->sg_name) != NULL) {
|
|
||||||
- continue;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (sgr_remove (sg->sg_name) == 0) {
|
|
||||||
- /*
|
|
||||||
- * This shouldn't happen (the entry exists) but...
|
|
||||||
- */
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: cannot remove entry '%s' from %s\n"),
|
|
||||||
- Prog, sg->sg_name, sgr_dbname ());
|
|
||||||
- fail_exit (3);
|
|
||||||
+ sg = sgr_next ();
|
|
||||||
+ np=NULL;
|
|
||||||
+ while (sg != NULL) {
|
|
||||||
+ np = strdup(sg->sg_name);
|
|
||||||
+ sg = sgr_next ();
|
|
||||||
+
|
|
||||||
+ if(gr_locate (np) == NULL) {
|
|
||||||
+ if (sgr_remove (np) == 0) {
|
|
||||||
+ /*
|
|
||||||
+ * This shouldn't happen (the entry exists) but...
|
|
||||||
+ */
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot remove entry '%s' from %s\n"),
|
|
||||||
+ Prog, np, sgr_dbname ());
|
|
||||||
+ free(np);
|
|
||||||
+ fail_exit (3);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
+ free(np);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
Index: shadow-4.5/src/pwconv.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/pwconv.c
|
|
||||||
+++ shadow-4.5/src/pwconv.c
|
|
||||||
@@ -173,6 +173,7 @@ int main (int argc, char **argv)
|
|
||||||
struct passwd pwent;
|
|
||||||
const struct spwd *sp;
|
|
||||||
struct spwd spent;
|
|
||||||
+ char *np;
|
|
||||||
|
|
||||||
Prog = Basename (argv[0]);
|
|
||||||
|
|
||||||
@@ -223,20 +224,25 @@ int main (int argc, char **argv)
|
|
||||||
* Remove /etc/shadow entries for users not in /etc/passwd.
|
|
||||||
*/
|
|
||||||
(void) spw_rewind ();
|
|
||||||
- while ((sp = spw_next ()) != NULL) {
|
|
||||||
- if (pw_locate (sp->sp_namp) != NULL) {
|
|
||||||
- continue;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (spw_remove (sp->sp_namp) == 0) {
|
|
||||||
- /*
|
|
||||||
- * This shouldn't happen (the entry exists) but...
|
|
||||||
- */
|
|
||||||
- fprintf (stderr,
|
|
||||||
- _("%s: cannot remove entry '%s' from %s\n"),
|
|
||||||
- Prog, sp->sp_namp, spw_dbname ());
|
|
||||||
- fail_exit (E_FAILURE);
|
|
||||||
+ sp = spw_next ();
|
|
||||||
+ np = NULL;
|
|
||||||
+ while (sp != NULL) {
|
|
||||||
+ np = strdup(sp->sp_namp);
|
|
||||||
+ sp = spw_next ();
|
|
||||||
+
|
|
||||||
+ if (pw_locate (np) == NULL) {
|
|
||||||
+ if (spw_remove (np) == 0) {
|
|
||||||
+ /*
|
|
||||||
+ * This shouldn't happen (the entry exists) but...
|
|
||||||
+ */
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot remove entry '%s' from %s\n"),
|
|
||||||
+ Prog, np, spw_dbname ());
|
|
||||||
+ free(np);
|
|
||||||
+ fail_exit (E_FAILURE);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
+ free(np);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
|
@ -1,64 +0,0 @@
|
||||||
Index: shadow-4.5/src/newgrp.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/newgrp.c
|
|
||||||
+++ shadow-4.5/src/newgrp.c
|
|
||||||
@@ -83,15 +83,29 @@ static void usage (void)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+static bool ingroup(const char *name, struct group *gr)
|
|
||||||
+{
|
|
||||||
+ char **look;
|
|
||||||
+ bool notfound = true;
|
|
||||||
+
|
|
||||||
+ look = gr->gr_mem;
|
|
||||||
+ while (*look && notfound)
|
|
||||||
+ notfound = strcmp (*look++, name);
|
|
||||||
+
|
|
||||||
+ return !notfound;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
- * find_matching_group - search all groups of a given group id for
|
|
||||||
+ * find_matching_group - search all groups of a gr's group id for
|
|
||||||
* membership of a given username
|
|
||||||
+ * but check gr itself first
|
|
||||||
*/
|
|
||||||
-static /*@null@*/struct group *find_matching_group (const char *name, gid_t gid)
|
|
||||||
+static /*@null@*/struct group *find_matching_group (const char *name, struct group *gr)
|
|
||||||
{
|
|
||||||
- struct group *gr;
|
|
||||||
- char **look;
|
|
||||||
- bool notfound = true;
|
|
||||||
+ gid_t gid = gr->gr_gid;
|
|
||||||
+
|
|
||||||
+ if (ingroup(name, gr))
|
|
||||||
+ return gr;
|
|
||||||
|
|
||||||
setgrent ();
|
|
||||||
while ((gr = getgrent ()) != NULL) {
|
|
||||||
@@ -103,14 +117,8 @@ static /*@null@*/struct group *find_matc
|
|
||||||
* A group with matching GID was found.
|
|
||||||
* Test for membership of 'name'.
|
|
||||||
*/
|
|
||||||
- look = gr->gr_mem;
|
|
||||||
- while ((NULL != *look) && notfound) {
|
|
||||||
- notfound = (strcmp (*look, name) != 0);
|
|
||||||
- look++;
|
|
||||||
- }
|
|
||||||
- if (!notfound) {
|
|
||||||
+ if (ingroup(name, gr))
|
|
||||||
break;
|
|
||||||
- }
|
|
||||||
}
|
|
||||||
endgrent ();
|
|
||||||
return gr;
|
|
||||||
@@ -630,7 +638,7 @@ int main (int argc, char **argv)
|
|
||||||
* groups of the same GID like the requested group for
|
|
||||||
* membership of the current user.
|
|
||||||
*/
|
|
||||||
- grp = find_matching_group (name, grp->gr_gid);
|
|
||||||
+ grp = find_matching_group (name, grp);
|
|
||||||
if (NULL == grp) {
|
|
||||||
/*
|
|
||||||
* No matching group found. As we already know that
|
|
|
@ -1,16 +0,0 @@
|
||||||
Index: shadow-4.5/src/usermod.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/usermod.c
|
|
||||||
+++ shadow-4.5/src/usermod.c
|
|
||||||
@@ -1814,6 +1814,11 @@ static void move_home (void)
|
|
||||||
Prog, user_home, user_newhome);
|
|
||||||
fail_exit (E_HOMEDIR);
|
|
||||||
}
|
|
||||||
+ } else {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: The previous home directory (%s) does "
|
|
||||||
+ "not exist or is inaccessible. Move cannot be completed.\n"),
|
|
||||||
+ Prog, user_home);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,71 +0,0 @@
|
||||||
Index: shadow-4.5/src/newgrp.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/newgrp.c
|
|
||||||
+++ shadow-4.5/src/newgrp.c
|
|
||||||
@@ -396,6 +396,7 @@ int main (int argc, char **argv)
|
|
||||||
{
|
|
||||||
bool initflag = false;
|
|
||||||
int i;
|
|
||||||
+ bool is_member = false;
|
|
||||||
bool cflag = false;
|
|
||||||
int err = 0;
|
|
||||||
gid_t gid;
|
|
||||||
@@ -645,22 +646,36 @@ int main (int argc, char **argv)
|
|
||||||
goto failure;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef HAVE_SETGROUPS
|
|
||||||
+ /* when using pam_group, she will not be listed in the groups
|
|
||||||
+ * database. However getgroups() will return the group. So
|
|
||||||
+ * if she is listed there already it is ok to grant membership.
|
|
||||||
+ */
|
|
||||||
+ for (i = 0; i < ngroups; i++) {
|
|
||||||
+ if (grp->gr_gid == grouplist[i]) {
|
|
||||||
+ is_member = true;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif /* HAVE_SETGROUPS */
|
|
||||||
/*
|
|
||||||
* For splitted groups (due to limitations of NIS), check all
|
|
||||||
* groups of the same GID like the requested group for
|
|
||||||
* membership of the current user.
|
|
||||||
*/
|
|
||||||
- grp = find_matching_group (name, grp);
|
|
||||||
- if (NULL == grp) {
|
|
||||||
- /*
|
|
||||||
- * No matching group found. As we already know that
|
|
||||||
- * the group exists, this happens only in the case
|
|
||||||
- * of a requested group where the user is not member.
|
|
||||||
- *
|
|
||||||
- * Re-read the group entry for further processing.
|
|
||||||
- */
|
|
||||||
- grp = xgetgrnam (group);
|
|
||||||
- assert (NULL != grp);
|
|
||||||
+ if (!is_member) {
|
|
||||||
+ grp = find_matching_group (name, grp);
|
|
||||||
+ if (NULL == grp) {
|
|
||||||
+ /*
|
|
||||||
+ * No matching group found. As we already know that
|
|
||||||
+ * the group exists, this happens only in the case
|
|
||||||
+ * of a requested group where the user is not member.
|
|
||||||
+ *
|
|
||||||
+ * Re-read the group entry for further processing.
|
|
||||||
+ */
|
|
||||||
+ grp = xgetgrnam (group);
|
|
||||||
+ assert (NULL != grp);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
sgrp = getsgnam (group);
|
|
||||||
@@ -673,7 +688,9 @@ int main (int argc, char **argv)
|
|
||||||
/*
|
|
||||||
* Check if the user is allowed to access this group.
|
|
||||||
*/
|
|
||||||
- check_perms (grp, pwd, group);
|
|
||||||
+ if (!is_member) {
|
|
||||||
+ check_perms (grp, pwd, group);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/*
|
|
||||||
* all successful validations pass through this point. The group id
|
|
|
@ -1,74 +0,0 @@
|
||||||
Index: shadow-4.5/lib/selinux.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/lib/selinux.c
|
|
||||||
+++ shadow-4.5/lib/selinux.c
|
|
||||||
@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
error:
|
|
||||||
- if (security_getenforce () != 0) {
|
|
||||||
+ if (security_getenforce () > 0) {
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
|
|
||||||
selinux_checked = true;
|
|
||||||
}
|
|
||||||
if (selinux_enabled) {
|
|
||||||
- if (setfscreatecon (NULL) != 0) {
|
|
||||||
+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Index: shadow-4.5/src/userdel.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.5.orig/src/userdel.c
|
|
||||||
+++ shadow-4.5/src/userdel.c
|
|
||||||
@@ -96,6 +96,7 @@ static char *user_home;
|
|
||||||
static bool fflg = false;
|
|
||||||
static bool rflg = false;
|
|
||||||
static bool Zflg = false;
|
|
||||||
+static bool Rflg = false;
|
|
||||||
|
|
||||||
static bool is_shadow_pwd;
|
|
||||||
|
|
||||||
@@ -958,6 +959,7 @@ int main (int argc, char **argv)
|
|
||||||
rflg = true;
|
|
||||||
break;
|
|
||||||
case 'R': /* no-op, handled in process_root_flag () */
|
|
||||||
+ Rflg = true;
|
|
||||||
break;
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
case 'Z':
|
|
||||||
@@ -1032,9 +1034,12 @@ int main (int argc, char **argv)
|
|
||||||
*/
|
|
||||||
user_name = argv[argc - 1];
|
|
||||||
{
|
|
||||||
- struct passwd *pwd;
|
|
||||||
- pwd = getpwnam (user_name); /* local, no need for xgetpwnam */
|
|
||||||
+ const struct passwd *pwd;
|
|
||||||
+
|
|
||||||
+ pw_open(O_RDONLY);
|
|
||||||
+ pwd = pw_locate (user_name); /* we care only about local users */
|
|
||||||
if (NULL == pwd) {
|
|
||||||
+ pw_close();
|
|
||||||
fprintf (stderr, _("%s: user '%s' does not exist\n"),
|
|
||||||
Prog, user_name);
|
|
||||||
#ifdef WITH_AUDIT
|
|
||||||
@@ -1048,6 +1053,7 @@ int main (int argc, char **argv)
|
|
||||||
user_id = pwd->pw_uid;
|
|
||||||
user_gid = pwd->pw_gid;
|
|
||||||
user_home = xstrdup (pwd->pw_dir);
|
|
||||||
+ pw_close();
|
|
||||||
}
|
|
||||||
#ifdef WITH_TCB
|
|
||||||
if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) {
|
|
||||||
@@ -1079,7 +1085,7 @@ int main (int argc, char **argv)
|
|
||||||
* Note: This is a best effort basis. The user may log in between,
|
|
||||||
* a cron job may be started on her behalf, etc.
|
|
||||||
*/
|
|
||||||
- if (user_busy (user_name, user_id) != 0) {
|
|
||||||
+ if (!Rflg && user_busy (user_name, user_id) != 0) {
|
|
||||||
if (!fflg) {
|
|
||||||
#ifdef WITH_AUDIT
|
|
||||||
audit_logger (AUDIT_DEL_USER, Prog,
|
|
File diff suppressed because it is too large
Load diff
21
shadow-4.6-getenforce.patch
Normal file
21
shadow-4.6-getenforce.patch
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
diff -up shadow-4.6/lib/selinux.c.getenforce shadow-4.6/lib/selinux.c
|
||||||
|
--- shadow-4.6/lib/selinux.c.getenforce 2018-05-28 15:10:15.870315221 +0200
|
||||||
|
+++ shadow-4.6/lib/selinux.c 2018-05-28 15:10:15.894315731 +0200
|
||||||
|
@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
error:
|
||||||
|
- if (security_getenforce () != 0) {
|
||||||
|
+ if (security_getenforce () > 0) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
|
||||||
|
selinux_checked = true;
|
||||||
|
}
|
||||||
|
if (selinux_enabled) {
|
||||||
|
- if (setfscreatecon (NULL) != 0) {
|
||||||
|
+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
15
shadow-4.6-move-home.patch
Normal file
15
shadow-4.6-move-home.patch
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
diff -up shadow-4.6/src/usermod.c.move-home shadow-4.6/src/usermod.c
|
||||||
|
--- shadow-4.6/src/usermod.c.move-home 2018-05-28 14:59:05.594076665 +0200
|
||||||
|
+++ shadow-4.6/src/usermod.c 2018-05-28 15:00:28.479837392 +0200
|
||||||
|
@@ -1845,6 +1845,11 @@ static void move_home (void)
|
||||||
|
Prog, prefix_user_home, prefix_user_newhome);
|
||||||
|
fail_exit (E_HOMEDIR);
|
||||||
|
}
|
||||||
|
+ } else {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: The previous home directory (%s) does "
|
||||||
|
+ "not exist or is inaccessible. Move cannot be completed.\n"),
|
||||||
|
+ Prog, prefix_user_home);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
Index: shadow-4.5/lib/commonio.c
|
diff -up shadow-4.6/lib/commonio.c.orig-context shadow-4.6/lib/commonio.c
|
||||||
===================================================================
|
--- shadow-4.6/lib/commonio.c.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||||
--- shadow-4.5.orig/lib/commonio.c
|
+++ shadow-4.6/lib/commonio.c 2018-05-28 14:56:37.287929667 +0200
|
||||||
+++ shadow-4.5/lib/commonio.c
|
@@ -961,7 +961,7 @@ int commonio_close (struct commonio_db *
|
||||||
@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db *
|
|
||||||
snprintf (buf, sizeof buf, "%s-", db->filename);
|
snprintf (buf, sizeof buf, "%s-", db->filename);
|
||||||
|
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
|
@ -11,7 +10,7 @@ Index: shadow-4.5/lib/commonio.c
|
||||||
errors++;
|
errors++;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -974,7 +974,7 @@ int commonio_close (struct commonio_db *
|
@@ -994,7 +994,7 @@ int commonio_close (struct commonio_db *
|
||||||
snprintf (buf, sizeof buf, "%s+", db->filename);
|
snprintf (buf, sizeof buf, "%s+", db->filename);
|
||||||
|
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
|
@ -20,10 +19,9 @@ Index: shadow-4.5/lib/commonio.c
|
||||||
errors++;
|
errors++;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
Index: shadow-4.5/libmisc/copydir.c
|
diff -up shadow-4.6/libmisc/copydir.c.orig-context shadow-4.6/libmisc/copydir.c
|
||||||
===================================================================
|
--- shadow-4.6/libmisc/copydir.c.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||||
--- shadow-4.5.orig/libmisc/copydir.c
|
+++ shadow-4.6/libmisc/copydir.c 2018-05-28 14:56:37.287929667 +0200
|
||||||
+++ shadow-4.5/libmisc/copydir.c
|
|
||||||
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
|
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -60,11 +58,10 @@ Index: shadow-4.5/libmisc/copydir.c
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#endif /* WITH_SELINUX */
|
#endif /* WITH_SELINUX */
|
||||||
Index: shadow-4.5/lib/prototypes.h
|
diff -up shadow-4.6/lib/prototypes.h.orig-context shadow-4.6/lib/prototypes.h
|
||||||
===================================================================
|
--- shadow-4.6/lib/prototypes.h.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||||
--- shadow-4.5.orig/lib/prototypes.h
|
+++ shadow-4.6/lib/prototypes.h 2018-05-28 14:56:37.287929667 +0200
|
||||||
+++ shadow-4.5/lib/prototypes.h
|
@@ -326,7 +326,7 @@ extern /*@observer@*/const char *crypt_m
|
||||||
@@ -311,7 +311,7 @@ extern /*@observer@*/const char *crypt_m
|
|
||||||
|
|
||||||
/* selinux.c */
|
/* selinux.c */
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
|
@ -73,10 +70,9 @@ Index: shadow-4.5/lib/prototypes.h
|
||||||
extern int reset_selinux_file_context (void);
|
extern int reset_selinux_file_context (void);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
Index: shadow-4.5/lib/selinux.c
|
diff -up shadow-4.6/lib/selinux.c.orig-context shadow-4.6/lib/selinux.c
|
||||||
===================================================================
|
--- shadow-4.6/lib/selinux.c.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||||
--- shadow-4.5.orig/lib/selinux.c
|
+++ shadow-4.6/lib/selinux.c 2018-05-28 14:56:37.287929667 +0200
|
||||||
+++ shadow-4.5/lib/selinux.c
|
|
||||||
@@ -50,7 +50,7 @@ static bool selinux_enabled;
|
@@ -50,7 +50,7 @@ static bool selinux_enabled;
|
||||||
* Callers may have to Reset SELinux to create files with default
|
* Callers may have to Reset SELinux to create files with default
|
||||||
* contexts with reset_selinux_file_context
|
* contexts with reset_selinux_file_context
|
||||||
|
@ -118,16 +114,15 @@ Index: shadow-4.5/lib/selinux.c
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Index: shadow-4.5/src/useradd.c
|
diff -up shadow-4.6/src/useradd.c.orig-context shadow-4.6/src/useradd.c
|
||||||
===================================================================
|
--- shadow-4.6/src/useradd.c.orig-context 2018-05-28 14:56:37.288929688 +0200
|
||||||
--- shadow-4.5.orig/src/useradd.c
|
+++ shadow-4.6/src/useradd.c 2018-05-28 14:58:02.242730903 +0200
|
||||||
+++ shadow-4.5/src/useradd.c
|
@@ -2020,7 +2020,7 @@ static void create_home (void)
|
||||||
@@ -1945,7 +1945,7 @@ static void create_home (void)
|
|
||||||
{
|
{
|
||||||
if (access (user_home, F_OK) != 0) {
|
if (access (prefix_user_home, F_OK) != 0) {
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
- if (set_selinux_file_context (user_home) != 0) {
|
- if (set_selinux_file_context (prefix_user_home) != 0) {
|
||||||
+ if (set_selinux_file_context (user_home, NULL) != 0) {
|
+ if (set_selinux_file_context (prefix_user_home, NULL) != 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot set SELinux context for home directory %s\n"),
|
_("%s: cannot set SELinux context for home directory %s\n"),
|
||||||
Prog, user_home);
|
Prog, user_home);
|
|
@ -1,7 +1,6 @@
|
||||||
Index: shadow-4.5/src/useradd.c
|
diff -up shadow-4.6/src/useradd.c.redhat shadow-4.6/src/useradd.c
|
||||||
===================================================================
|
--- shadow-4.6/src/useradd.c.redhat 2018-04-29 18:42:37.000000000 +0200
|
||||||
--- shadow-4.5.orig/src/useradd.c
|
+++ shadow-4.6/src/useradd.c 2018-05-28 13:37:16.695651258 +0200
|
||||||
+++ shadow-4.5/src/useradd.c
|
|
||||||
@@ -98,7 +98,7 @@ const char *Prog;
|
@@ -98,7 +98,7 @@ const char *Prog;
|
||||||
static gid_t def_group = 100;
|
static gid_t def_group = 100;
|
||||||
static const char *def_gname = "other";
|
static const char *def_gname = "other";
|
||||||
|
@ -20,19 +19,19 @@ Index: shadow-4.5/src/useradd.c
|
||||||
static uid_t user_id;
|
static uid_t user_id;
|
||||||
static gid_t user_gid;
|
static gid_t user_gid;
|
||||||
static const char *user_comment = "";
|
static const char *user_comment = "";
|
||||||
@@ -1059,9 +1059,9 @@ static void process_flags (int argc, cha
|
@@ -1114,9 +1114,9 @@ static void process_flags (int argc, cha
|
||||||
};
|
};
|
||||||
while ((c = getopt_long (argc, argv,
|
while ((c = getopt_long (argc, argv,
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
|
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
|
||||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:",
|
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:UZ:",
|
||||||
#else /* !WITH_SELINUX */
|
#else /* !WITH_SELINUX */
|
||||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
|
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
|
||||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U",
|
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:U",
|
||||||
#endif /* !WITH_SELINUX */
|
#endif /* !WITH_SELINUX */
|
||||||
long_options, NULL)) != -1) {
|
long_options, NULL)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
@@ -1212,6 +1212,7 @@ static void process_flags (int argc, cha
|
@@ -1267,6 +1267,7 @@ static void process_flags (int argc, cha
|
||||||
case 'M':
|
case 'M':
|
||||||
Mflg = true;
|
Mflg = true;
|
||||||
break;
|
break;
|
|
@ -1,7 +1,6 @@
|
||||||
Index: shadow-4.5/lib/semanage.c
|
diff -up shadow-4.6/lib/semanage.c.selinux shadow-4.6/lib/semanage.c
|
||||||
===================================================================
|
--- shadow-4.6/lib/semanage.c.selinux 2018-04-29 18:42:37.000000000 +0200
|
||||||
--- shadow-4.5.orig/lib/semanage.c
|
+++ shadow-4.6/lib/semanage.c 2018-05-28 13:38:20.551008911 +0200
|
||||||
+++ shadow-4.5/lib/semanage.c
|
|
||||||
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
|
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
@ -23,11 +22,10 @@ Index: shadow-4.5/lib/semanage.c
|
||||||
done:
|
done:
|
||||||
semanage_handle_destroy (handle);
|
semanage_handle_destroy (handle);
|
||||||
return ret;
|
return ret;
|
||||||
Index: shadow-4.5/src/useradd.c
|
diff -up shadow-4.6/src/useradd.c.selinux shadow-4.6/src/useradd.c
|
||||||
===================================================================
|
--- shadow-4.6/src/useradd.c.selinux 2018-05-28 13:43:30.996748997 +0200
|
||||||
--- shadow-4.5.orig/src/useradd.c
|
+++ shadow-4.6/src/useradd.c 2018-05-28 13:44:04.645486199 +0200
|
||||||
+++ shadow-4.5/src/useradd.c
|
@@ -2120,6 +2120,7 @@ static void create_mail (void)
|
||||||
@@ -2042,6 +2042,7 @@ static void create_mail (void)
|
|
||||||
*/
|
*/
|
||||||
int main (int argc, char **argv)
|
int main (int argc, char **argv)
|
||||||
{
|
{
|
||||||
|
@ -35,14 +33,14 @@ Index: shadow-4.5/src/useradd.c
|
||||||
#ifdef ACCT_TOOLS_SETUID
|
#ifdef ACCT_TOOLS_SETUID
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
pam_handle_t *pamh = NULL;
|
pam_handle_t *pamh = NULL;
|
||||||
@@ -2262,27 +2263,11 @@ int main (int argc, char **argv)
|
@@ -2342,27 +2343,11 @@ int main (int argc, char **argv)
|
||||||
|
|
||||||
usr_update ();
|
usr_update ();
|
||||||
|
|
||||||
- if (mflg) {
|
- if (mflg) {
|
||||||
- create_home ();
|
- create_home ();
|
||||||
- if (home_added) {
|
- if (home_added) {
|
||||||
- copy_tree (def_template, user_home, false, false,
|
- copy_tree (def_template, prefix_user_home, false, false,
|
||||||
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||||
- } else {
|
- } else {
|
||||||
- fprintf (stderr,
|
- fprintf (stderr,
|
||||||
|
@ -66,7 +64,7 @@ Index: shadow-4.5/src/useradd.c
|
||||||
/*
|
/*
|
||||||
* tallylog_reset needs to be able to lookup
|
* tallylog_reset needs to be able to lookup
|
||||||
* a valid existing user name,
|
* a valid existing user name,
|
||||||
@@ -2293,8 +2278,9 @@ int main (int argc, char **argv)
|
@@ -2373,8 +2358,9 @@ int main (int argc, char **argv)
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
|
@ -78,7 +76,7 @@ Index: shadow-4.5/src/useradd.c
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||||
Prog, user_name, user_selinux);
|
Prog, user_name, user_selinux);
|
||||||
@@ -2303,14 +2289,31 @@ int main (int argc, char **argv)
|
@@ -2383,14 +2369,31 @@ int main (int argc, char **argv)
|
||||||
"adding SELinux user mapping",
|
"adding SELinux user mapping",
|
||||||
user_name, (unsigned int) user_id, 0);
|
user_name, (unsigned int) user_id, 0);
|
||||||
#endif /* WITH_AUDIT */
|
#endif /* WITH_AUDIT */
|
||||||
|
@ -95,7 +93,7 @@ Index: shadow-4.5/src/useradd.c
|
||||||
+ if (mflg) {
|
+ if (mflg) {
|
||||||
+ create_home ();
|
+ create_home ();
|
||||||
+ if (home_added) {
|
+ if (home_added) {
|
||||||
+ copy_tree (def_template, user_home, false, true,
|
+ copy_tree (def_template, prefix_user_home, false, true,
|
||||||
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||||
+ } else {
|
+ } else {
|
||||||
+ fprintf (stderr,
|
+ fprintf (stderr,
|
42
shadow-4.6-usermod-crash.patch
Normal file
42
shadow-4.6-usermod-crash.patch
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
diff -up shadow-4.6/libmisc/prefix_flag.c.usermod-crash shadow-4.6/libmisc/prefix_flag.c
|
||||||
|
--- shadow-4.6/libmisc/prefix_flag.c.usermod-crash 2018-04-29 18:42:37.000000000 +0200
|
||||||
|
+++ shadow-4.6/libmisc/prefix_flag.c 2018-05-28 15:14:10.642302440 +0200
|
||||||
|
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gi
|
||||||
|
{
|
||||||
|
long long int gid;
|
||||||
|
char *endptr;
|
||||||
|
+ struct group *g;
|
||||||
|
|
||||||
|
if (NULL == grname) {
|
||||||
|
return NULL;
|
||||||
|
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gi
|
||||||
|
&& (gid == (gid_t)gid)) {
|
||||||
|
return prefix_getgrgid ((gid_t) gid);
|
||||||
|
}
|
||||||
|
- return prefix_getgrnam (grname);
|
||||||
|
+ g = prefix_getgrnam (grname);
|
||||||
|
+ return g ? __gr_dup(g) : NULL;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
return getgr_nam_gid(grname);
|
||||||
|
diff -up shadow-4.6/src/usermod.c.usermod-crash shadow-4.6/src/usermod.c
|
||||||
|
--- shadow-4.6/src/usermod.c.usermod-crash 2018-05-28 15:12:37.920332763 +0200
|
||||||
|
+++ shadow-4.6/src/usermod.c 2018-05-28 15:15:50.337422470 +0200
|
||||||
|
@@ -1276,11 +1276,13 @@ static void process_flags (int argc, cha
|
||||||
|
prefix_user_home = xmalloc(len);
|
||||||
|
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
|
||||||
|
assert (wlen == (int) len -1);
|
||||||
|
+ if (user_newhome) {
|
||||||
|
+ len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||||
|
+ prefix_user_newhome = xmalloc(len);
|
||||||
|
+ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||||
|
+ assert (wlen == (int) len -1);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||||
|
- prefix_user_newhome = xmalloc(len);
|
||||||
|
- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||||
|
- assert (wlen == (int) len -1);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
prefix_user_home = user_home;
|
|
@ -1,7 +1,7 @@
|
||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.5
|
Version: 4.6
|
||||||
Release: 10%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
URL: http://pkg-shadow.alioth.debian.org/
|
URL: http://pkg-shadow.alioth.debian.org/
|
||||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||||
|
@ -10,28 +10,26 @@ Source2: shadow-utils.useradd
|
||||||
Source3: shadow-utils.login.defs
|
Source3: shadow-utils.login.defs
|
||||||
Source4: shadow-bsd.txt
|
Source4: shadow-bsd.txt
|
||||||
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
||||||
Patch0: shadow-4.1.5-redhat.patch
|
Patch0: shadow-4.6-redhat.patch
|
||||||
Patch1: shadow-4.5-goodname.patch
|
Patch1: shadow-4.5-goodname.patch
|
||||||
Patch2: shadow-4.1.5.1-info-parent-dir.patch
|
Patch2: shadow-4.1.5.1-info-parent-dir.patch
|
||||||
Patch6: shadow-4.5-selinux.patch
|
Patch6: shadow-4.6-selinux.patch
|
||||||
Patch7: shadow-4.1.5-2ndskip.patch
|
Patch10: shadow-4.6-orig-context.patch
|
||||||
Patch10: shadow-4.5-orig-context.patch
|
|
||||||
Patch11: shadow-4.1.5.1-logmsg.patch
|
Patch11: shadow-4.1.5.1-logmsg.patch
|
||||||
Patch14: shadow-4.1.5.1-default-range.patch
|
Patch14: shadow-4.1.5.1-default-range.patch
|
||||||
Patch15: shadow-4.3.1-manfix.patch
|
Patch15: shadow-4.3.1-manfix.patch
|
||||||
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
|
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
|
||||||
Patch19: shadow-4.2.1-date-parsing.patch
|
Patch19: shadow-4.2.1-date-parsing.patch
|
||||||
Patch20: shadow-4.1.5.1-ingroup.patch
|
Patch21: shadow-4.6-move-home.patch
|
||||||
Patch21: shadow-4.1.5.1-move-home.patch
|
Patch22: shadow-4.6-audit-update.patch
|
||||||
Patch22: shadow-4.3.1-audit-update.patch
|
|
||||||
Patch23: shadow-4.5-usermod-unlock.patch
|
Patch23: shadow-4.5-usermod-unlock.patch
|
||||||
Patch24: shadow-4.2.1-no-lock-dos.patch
|
Patch24: shadow-4.2.1-no-lock-dos.patch
|
||||||
Patch28: shadow-4.3.1-selinux-perms.patch
|
Patch28: shadow-4.3.1-selinux-perms.patch
|
||||||
Patch29: shadow-4.2.1-null-tm.patch
|
Patch29: shadow-4.2.1-null-tm.patch
|
||||||
Patch30: shadow-4.1.5.1-newgrp-grouplist.patch
|
Patch31: shadow-4.6-getenforce.patch
|
||||||
Patch31: shadow-4.5-userdel-chroot.patch
|
|
||||||
Patch32: shadow-4.5-crypt_h.patch
|
Patch32: shadow-4.5-crypt_h.patch
|
||||||
Patch33: shadow-4.5-long-entry.patch
|
Patch33: shadow-4.5-long-entry.patch
|
||||||
|
Patch34: shadow-4.6-usermod-crash.patch
|
||||||
|
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
|
@ -67,24 +65,22 @@ are used for managing group accounts.
|
||||||
%patch1 -p1 -b .goodname
|
%patch1 -p1 -b .goodname
|
||||||
%patch2 -p1 -b .info-parent-dir
|
%patch2 -p1 -b .info-parent-dir
|
||||||
%patch6 -p1 -b .selinux
|
%patch6 -p1 -b .selinux
|
||||||
%patch7 -p1 -b .2ndskip
|
|
||||||
%patch10 -p1 -b .orig-context
|
%patch10 -p1 -b .orig-context
|
||||||
%patch11 -p1 -b .logmsg
|
%patch11 -p1 -b .logmsg
|
||||||
%patch14 -p1 -b .default-range
|
%patch14 -p1 -b .default-range
|
||||||
%patch15 -p1 -b .manfix
|
%patch15 -p1 -b .manfix
|
||||||
%patch17 -p1 -b .userdel
|
%patch17 -p1 -b .userdel
|
||||||
%patch19 -p1 -b .date-parsing
|
%patch19 -p1 -b .date-parsing
|
||||||
%patch20 -p1 -b .ingroup
|
|
||||||
%patch21 -p1 -b .move-home
|
%patch21 -p1 -b .move-home
|
||||||
%patch22 -p1 -b .audit-update
|
%patch22 -p1 -b .audit-update
|
||||||
%patch23 -p1 -b .unlock
|
%patch23 -p1 -b .unlock
|
||||||
%patch24 -p1 -b .no-lock-dos
|
%patch24 -p1 -b .no-lock-dos
|
||||||
%patch28 -p1 -b .selinux-perms
|
%patch28 -p1 -b .selinux-perms
|
||||||
%patch29 -p1 -b .null-tm
|
%patch29 -p1 -b .null-tm
|
||||||
%patch30 -p1 -b .grouplist
|
%patch31 -p1 -b .getenforce
|
||||||
%patch31 -p1 -b .userdel-chroot
|
|
||||||
%patch32 -p1 -b .crypt_h
|
%patch32 -p1 -b .crypt_h
|
||||||
%patch33 -p1 -b .long-entry
|
%patch33 -p1 -b .long-entry
|
||||||
|
%patch34 -p1 -b .usermod-crash
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||||
|
@ -237,6 +233,9 @@ done
|
||||||
%{_mandir}/man8/vigr.8*
|
%{_mandir}/man8/vigr.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 28 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-1
|
||||||
|
- update to current upstream release 4.6
|
||||||
|
|
||||||
* Fri Apr 20 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-10
|
* Fri Apr 20 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-10
|
||||||
- Raise limit for passwd and shadow entry length but also prevent
|
- Raise limit for passwd and shadow entry length but also prevent
|
||||||
writing longer entries (#1422497)
|
writing longer entries (#1422497)
|
||||||
|
|
4
sources
4
sources
|
@ -1,2 +1,2 @@
|
||||||
SHA512 (shadow-4.5.tar.xz) = e57f8db54df23301c229d4be30d4cbb67efa1d1809cffcff79adc480b6019fb2b5fd09e112e82a3f00ad5a6b2994592adac93f70a631cf666b6f4723b61c87b5
|
SHA512 (shadow-4.6.tar.xz) = e8eee52c649d9973f724bc2d5aeee71fa2e6a2e41ec3487cd6cf6d47af70c32e0cdf304df29b32eae2b6eb6f9066866b5f2c891add0ec87ba583bea3207b3631
|
||||||
SHA512 (shadow-4.5.tar.xz.asc) = 42739e5e36e0dd1ff8e9d8721f5b4b222113afd91c927b580bc0b587d59dcdecdf938c978405b80f15a70b17f2d0589f8b6277e0e9bd23a5f3c2fc924c9b1e24
|
SHA512 (shadow-4.6.tar.xz.asc) = 8728bff5544db6ea123f758cce5bd5c2d346489570c33092e4e97db35c274d7aba01580018f120e4ad80b8f79cfe296a33bccbe9bf68df51bf9b2004c6bfffed
|
||||||
|
|
Loading…
Reference in a new issue