update to current upstream release 4.6

This commit is contained in:
Tomas Mraz 2018-05-28 15:25:08 +02:00
parent 4cb5077b68
commit 38a12ac864
15 changed files with 312 additions and 581 deletions

2
.gitignore vendored
View file

@ -8,3 +8,5 @@ shadow-4.1.4.2.tar.bz2
/shadow-4.3.1.tar.gz /shadow-4.3.1.tar.gz
/shadow-4.5.tar.xz /shadow-4.5.tar.xz
/shadow-4.5.tar.xz.asc /shadow-4.5.tar.xz.asc
/shadow-4.6.tar.xz
/shadow-4.6.tar.xz.asc

View file

@ -1,102 +0,0 @@
Index: shadow-4.5/src/grpconv.c
===================================================================
--- shadow-4.5.orig/src/grpconv.c
+++ shadow-4.5/src/grpconv.c
@@ -143,6 +143,7 @@ int main (int argc, char **argv)
struct group grent;
const struct sgrp *sg;
struct sgrp sgent;
+ char *np;
Prog = Basename (argv[0]);
@@ -184,20 +185,25 @@ int main (int argc, char **argv)
* Remove /etc/gshadow entries for groups not in /etc/group.
*/
(void) sgr_rewind ();
- while ((sg = sgr_next ()) != NULL) {
- if (gr_locate (sg->sg_name) != NULL) {
- continue;
- }
-
- if (sgr_remove (sg->sg_name) == 0) {
- /*
- * This shouldn't happen (the entry exists) but...
- */
- fprintf (stderr,
- _("%s: cannot remove entry '%s' from %s\n"),
- Prog, sg->sg_name, sgr_dbname ());
- fail_exit (3);
+ sg = sgr_next ();
+ np=NULL;
+ while (sg != NULL) {
+ np = strdup(sg->sg_name);
+ sg = sgr_next ();
+
+ if(gr_locate (np) == NULL) {
+ if (sgr_remove (np) == 0) {
+ /*
+ * This shouldn't happen (the entry exists) but...
+ */
+ fprintf (stderr,
+ _("%s: cannot remove entry '%s' from %s\n"),
+ Prog, np, sgr_dbname ());
+ free(np);
+ fail_exit (3);
+ }
}
+ free(np);
}
/*
Index: shadow-4.5/src/pwconv.c
===================================================================
--- shadow-4.5.orig/src/pwconv.c
+++ shadow-4.5/src/pwconv.c
@@ -173,6 +173,7 @@ int main (int argc, char **argv)
struct passwd pwent;
const struct spwd *sp;
struct spwd spent;
+ char *np;
Prog = Basename (argv[0]);
@@ -223,20 +224,25 @@ int main (int argc, char **argv)
* Remove /etc/shadow entries for users not in /etc/passwd.
*/
(void) spw_rewind ();
- while ((sp = spw_next ()) != NULL) {
- if (pw_locate (sp->sp_namp) != NULL) {
- continue;
- }
-
- if (spw_remove (sp->sp_namp) == 0) {
- /*
- * This shouldn't happen (the entry exists) but...
- */
- fprintf (stderr,
- _("%s: cannot remove entry '%s' from %s\n"),
- Prog, sp->sp_namp, spw_dbname ());
- fail_exit (E_FAILURE);
+ sp = spw_next ();
+ np = NULL;
+ while (sp != NULL) {
+ np = strdup(sp->sp_namp);
+ sp = spw_next ();
+
+ if (pw_locate (np) == NULL) {
+ if (spw_remove (np) == 0) {
+ /*
+ * This shouldn't happen (the entry exists) but...
+ */
+ fprintf (stderr,
+ _("%s: cannot remove entry '%s' from %s\n"),
+ Prog, np, spw_dbname ());
+ free(np);
+ fail_exit (E_FAILURE);
+ }
}
+ free(np);
}
/*

View file

@ -1,64 +0,0 @@
Index: shadow-4.5/src/newgrp.c
===================================================================
--- shadow-4.5.orig/src/newgrp.c
+++ shadow-4.5/src/newgrp.c
@@ -83,15 +83,29 @@ static void usage (void)
}
}
+static bool ingroup(const char *name, struct group *gr)
+{
+ char **look;
+ bool notfound = true;
+
+ look = gr->gr_mem;
+ while (*look && notfound)
+ notfound = strcmp (*look++, name);
+
+ return !notfound;
+}
+
/*
- * find_matching_group - search all groups of a given group id for
+ * find_matching_group - search all groups of a gr's group id for
* membership of a given username
+ * but check gr itself first
*/
-static /*@null@*/struct group *find_matching_group (const char *name, gid_t gid)
+static /*@null@*/struct group *find_matching_group (const char *name, struct group *gr)
{
- struct group *gr;
- char **look;
- bool notfound = true;
+ gid_t gid = gr->gr_gid;
+
+ if (ingroup(name, gr))
+ return gr;
setgrent ();
while ((gr = getgrent ()) != NULL) {
@@ -103,14 +117,8 @@ static /*@null@*/struct group *find_matc
* A group with matching GID was found.
* Test for membership of 'name'.
*/
- look = gr->gr_mem;
- while ((NULL != *look) && notfound) {
- notfound = (strcmp (*look, name) != 0);
- look++;
- }
- if (!notfound) {
+ if (ingroup(name, gr))
break;
- }
}
endgrent ();
return gr;
@@ -630,7 +638,7 @@ int main (int argc, char **argv)
* groups of the same GID like the requested group for
* membership of the current user.
*/
- grp = find_matching_group (name, grp->gr_gid);
+ grp = find_matching_group (name, grp);
if (NULL == grp) {
/*
* No matching group found. As we already know that

View file

@ -1,16 +0,0 @@
Index: shadow-4.5/src/usermod.c
===================================================================
--- shadow-4.5.orig/src/usermod.c
+++ shadow-4.5/src/usermod.c
@@ -1814,6 +1814,11 @@ static void move_home (void)
Prog, user_home, user_newhome);
fail_exit (E_HOMEDIR);
}
+ } else {
+ fprintf (stderr,
+ _("%s: The previous home directory (%s) does "
+ "not exist or is inaccessible. Move cannot be completed.\n"),
+ Prog, user_home);
}
}

View file

@ -1,71 +0,0 @@
Index: shadow-4.5/src/newgrp.c
===================================================================
--- shadow-4.5.orig/src/newgrp.c
+++ shadow-4.5/src/newgrp.c
@@ -396,6 +396,7 @@ int main (int argc, char **argv)
{
bool initflag = false;
int i;
+ bool is_member = false;
bool cflag = false;
int err = 0;
gid_t gid;
@@ -645,22 +646,36 @@ int main (int argc, char **argv)
goto failure;
}
+#ifdef HAVE_SETGROUPS
+ /* when using pam_group, she will not be listed in the groups
+ * database. However getgroups() will return the group. So
+ * if she is listed there already it is ok to grant membership.
+ */
+ for (i = 0; i < ngroups; i++) {
+ if (grp->gr_gid == grouplist[i]) {
+ is_member = true;
+ break;
+ }
+ }
+#endif /* HAVE_SETGROUPS */
/*
* For splitted groups (due to limitations of NIS), check all
* groups of the same GID like the requested group for
* membership of the current user.
*/
- grp = find_matching_group (name, grp);
- if (NULL == grp) {
- /*
- * No matching group found. As we already know that
- * the group exists, this happens only in the case
- * of a requested group where the user is not member.
- *
- * Re-read the group entry for further processing.
- */
- grp = xgetgrnam (group);
- assert (NULL != grp);
+ if (!is_member) {
+ grp = find_matching_group (name, grp);
+ if (NULL == grp) {
+ /*
+ * No matching group found. As we already know that
+ * the group exists, this happens only in the case
+ * of a requested group where the user is not member.
+ *
+ * Re-read the group entry for further processing.
+ */
+ grp = xgetgrnam (group);
+ assert (NULL != grp);
+ }
}
#ifdef SHADOWGRP
sgrp = getsgnam (group);
@@ -673,7 +688,9 @@ int main (int argc, char **argv)
/*
* Check if the user is allowed to access this group.
*/
- check_perms (grp, pwd, group);
+ if (!is_member) {
+ check_perms (grp, pwd, group);
+ }
/*
* all successful validations pass through this point. The group id

View file

@ -1,74 +0,0 @@
Index: shadow-4.5/lib/selinux.c
===================================================================
--- shadow-4.5.orig/lib/selinux.c
+++ shadow-4.5/lib/selinux.c
@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
}
return 0;
error:
- if (security_getenforce () != 0) {
+ if (security_getenforce () > 0) {
return 1;
}
return 0;
@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
selinux_checked = true;
}
if (selinux_enabled) {
- if (setfscreatecon (NULL) != 0) {
+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
return 1;
}
}
Index: shadow-4.5/src/userdel.c
===================================================================
--- shadow-4.5.orig/src/userdel.c
+++ shadow-4.5/src/userdel.c
@@ -96,6 +96,7 @@ static char *user_home;
static bool fflg = false;
static bool rflg = false;
static bool Zflg = false;
+static bool Rflg = false;
static bool is_shadow_pwd;
@@ -958,6 +959,7 @@ int main (int argc, char **argv)
rflg = true;
break;
case 'R': /* no-op, handled in process_root_flag () */
+ Rflg = true;
break;
#ifdef WITH_SELINUX
case 'Z':
@@ -1032,9 +1034,12 @@ int main (int argc, char **argv)
*/
user_name = argv[argc - 1];
{
- struct passwd *pwd;
- pwd = getpwnam (user_name); /* local, no need for xgetpwnam */
+ const struct passwd *pwd;
+
+ pw_open(O_RDONLY);
+ pwd = pw_locate (user_name); /* we care only about local users */
if (NULL == pwd) {
+ pw_close();
fprintf (stderr, _("%s: user '%s' does not exist\n"),
Prog, user_name);
#ifdef WITH_AUDIT
@@ -1048,6 +1053,7 @@ int main (int argc, char **argv)
user_id = pwd->pw_uid;
user_gid = pwd->pw_gid;
user_home = xstrdup (pwd->pw_dir);
+ pw_close();
}
#ifdef WITH_TCB
if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) {
@@ -1079,7 +1085,7 @@ int main (int argc, char **argv)
* Note: This is a best effort basis. The user may log in between,
* a cron job may be started on her behalf, etc.
*/
- if (user_busy (user_name, user_id) != 0) {
+ if (!Rflg && user_busy (user_name, user_id) != 0) {
if (!fflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,

View file

@ -0,0 +1,21 @@
diff -up shadow-4.6/lib/selinux.c.getenforce shadow-4.6/lib/selinux.c
--- shadow-4.6/lib/selinux.c.getenforce 2018-05-28 15:10:15.870315221 +0200
+++ shadow-4.6/lib/selinux.c 2018-05-28 15:10:15.894315731 +0200
@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
}
return 0;
error:
- if (security_getenforce () != 0) {
+ if (security_getenforce () > 0) {
return 1;
}
return 0;
@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
selinux_checked = true;
}
if (selinux_enabled) {
- if (setfscreatecon (NULL) != 0) {
+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
return 1;
}
}

View file

@ -0,0 +1,15 @@
diff -up shadow-4.6/src/usermod.c.move-home shadow-4.6/src/usermod.c
--- shadow-4.6/src/usermod.c.move-home 2018-05-28 14:59:05.594076665 +0200
+++ shadow-4.6/src/usermod.c 2018-05-28 15:00:28.479837392 +0200
@@ -1845,6 +1845,11 @@ static void move_home (void)
Prog, prefix_user_home, prefix_user_newhome);
fail_exit (E_HOMEDIR);
}
+ } else {
+ fprintf (stderr,
+ _("%s: The previous home directory (%s) does "
+ "not exist or is inaccessible. Move cannot be completed.\n"),
+ Prog, prefix_user_home);
}
}

View file

@ -1,8 +1,7 @@
Index: shadow-4.5/lib/commonio.c diff -up shadow-4.6/lib/commonio.c.orig-context shadow-4.6/lib/commonio.c
=================================================================== --- shadow-4.6/lib/commonio.c.orig-context 2018-04-29 18:42:37.000000000 +0200
--- shadow-4.5.orig/lib/commonio.c +++ shadow-4.6/lib/commonio.c 2018-05-28 14:56:37.287929667 +0200
+++ shadow-4.5/lib/commonio.c @@ -961,7 +961,7 @@ int commonio_close (struct commonio_db *
@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db *
snprintf (buf, sizeof buf, "%s-", db->filename); snprintf (buf, sizeof buf, "%s-", db->filename);
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
@ -11,7 +10,7 @@ Index: shadow-4.5/lib/commonio.c
errors++; errors++;
} }
#endif #endif
@@ -974,7 +974,7 @@ int commonio_close (struct commonio_db * @@ -994,7 +994,7 @@ int commonio_close (struct commonio_db *
snprintf (buf, sizeof buf, "%s+", db->filename); snprintf (buf, sizeof buf, "%s+", db->filename);
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
@ -20,10 +19,9 @@ Index: shadow-4.5/lib/commonio.c
errors++; errors++;
} }
#endif #endif
Index: shadow-4.5/libmisc/copydir.c diff -up shadow-4.6/libmisc/copydir.c.orig-context shadow-4.6/libmisc/copydir.c
=================================================================== --- shadow-4.6/libmisc/copydir.c.orig-context 2018-04-29 18:42:37.000000000 +0200
--- shadow-4.5.orig/libmisc/copydir.c +++ shadow-4.6/libmisc/copydir.c 2018-05-28 14:56:37.287929667 +0200
+++ shadow-4.5/libmisc/copydir.c
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co @@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
*/ */
@ -60,11 +58,10 @@ Index: shadow-4.5/libmisc/copydir.c
return -1; return -1;
} }
#endif /* WITH_SELINUX */ #endif /* WITH_SELINUX */
Index: shadow-4.5/lib/prototypes.h diff -up shadow-4.6/lib/prototypes.h.orig-context shadow-4.6/lib/prototypes.h
=================================================================== --- shadow-4.6/lib/prototypes.h.orig-context 2018-04-29 18:42:37.000000000 +0200
--- shadow-4.5.orig/lib/prototypes.h +++ shadow-4.6/lib/prototypes.h 2018-05-28 14:56:37.287929667 +0200
+++ shadow-4.5/lib/prototypes.h @@ -326,7 +326,7 @@ extern /*@observer@*/const char *crypt_m
@@ -311,7 +311,7 @@ extern /*@observer@*/const char *crypt_m
/* selinux.c */ /* selinux.c */
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
@ -73,10 +70,9 @@ Index: shadow-4.5/lib/prototypes.h
extern int reset_selinux_file_context (void); extern int reset_selinux_file_context (void);
#endif #endif
Index: shadow-4.5/lib/selinux.c diff -up shadow-4.6/lib/selinux.c.orig-context shadow-4.6/lib/selinux.c
=================================================================== --- shadow-4.6/lib/selinux.c.orig-context 2018-04-29 18:42:37.000000000 +0200
--- shadow-4.5.orig/lib/selinux.c +++ shadow-4.6/lib/selinux.c 2018-05-28 14:56:37.287929667 +0200
+++ shadow-4.5/lib/selinux.c
@@ -50,7 +50,7 @@ static bool selinux_enabled; @@ -50,7 +50,7 @@ static bool selinux_enabled;
* Callers may have to Reset SELinux to create files with default * Callers may have to Reset SELinux to create files with default
* contexts with reset_selinux_file_context * contexts with reset_selinux_file_context
@ -118,16 +114,15 @@ Index: shadow-4.5/lib/selinux.c
} }
/* /*
Index: shadow-4.5/src/useradd.c diff -up shadow-4.6/src/useradd.c.orig-context shadow-4.6/src/useradd.c
=================================================================== --- shadow-4.6/src/useradd.c.orig-context 2018-05-28 14:56:37.288929688 +0200
--- shadow-4.5.orig/src/useradd.c +++ shadow-4.6/src/useradd.c 2018-05-28 14:58:02.242730903 +0200
+++ shadow-4.5/src/useradd.c @@ -2020,7 +2020,7 @@ static void create_home (void)
@@ -1945,7 +1945,7 @@ static void create_home (void)
{ {
if (access (user_home, F_OK) != 0) { if (access (prefix_user_home, F_OK) != 0) {
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
- if (set_selinux_file_context (user_home) != 0) { - if (set_selinux_file_context (prefix_user_home) != 0) {
+ if (set_selinux_file_context (user_home, NULL) != 0) { + if (set_selinux_file_context (prefix_user_home, NULL) != 0) {
fprintf (stderr, fprintf (stderr,
_("%s: cannot set SELinux context for home directory %s\n"), _("%s: cannot set SELinux context for home directory %s\n"),
Prog, user_home); Prog, user_home);

View file

@ -1,7 +1,6 @@
Index: shadow-4.5/src/useradd.c diff -up shadow-4.6/src/useradd.c.redhat shadow-4.6/src/useradd.c
=================================================================== --- shadow-4.6/src/useradd.c.redhat 2018-04-29 18:42:37.000000000 +0200
--- shadow-4.5.orig/src/useradd.c +++ shadow-4.6/src/useradd.c 2018-05-28 13:37:16.695651258 +0200
+++ shadow-4.5/src/useradd.c
@@ -98,7 +98,7 @@ const char *Prog; @@ -98,7 +98,7 @@ const char *Prog;
static gid_t def_group = 100; static gid_t def_group = 100;
static const char *def_gname = "other"; static const char *def_gname = "other";
@ -20,19 +19,19 @@ Index: shadow-4.5/src/useradd.c
static uid_t user_id; static uid_t user_id;
static gid_t user_gid; static gid_t user_gid;
static const char *user_comment = ""; static const char *user_comment = "";
@@ -1059,9 +1059,9 @@ static void process_flags (int argc, cha @@ -1114,9 +1114,9 @@ static void process_flags (int argc, cha
}; };
while ((c = getopt_long (argc, argv, while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:", + "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:UZ:",
#else /* !WITH_SELINUX */ #else /* !WITH_SELINUX */
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U", + "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:U",
#endif /* !WITH_SELINUX */ #endif /* !WITH_SELINUX */
long_options, NULL)) != -1) { long_options, NULL)) != -1) {
switch (c) { switch (c) {
@@ -1212,6 +1212,7 @@ static void process_flags (int argc, cha @@ -1267,6 +1267,7 @@ static void process_flags (int argc, cha
case 'M': case 'M':
Mflg = true; Mflg = true;
break; break;

View file

@ -1,7 +1,6 @@
Index: shadow-4.5/lib/semanage.c diff -up shadow-4.6/lib/semanage.c.selinux shadow-4.6/lib/semanage.c
=================================================================== --- shadow-4.6/lib/semanage.c.selinux 2018-04-29 18:42:37.000000000 +0200
--- shadow-4.5.orig/lib/semanage.c +++ shadow-4.6/lib/semanage.c 2018-05-28 13:38:20.551008911 +0200
+++ shadow-4.5/lib/semanage.c
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name, @@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
ret = 0; ret = 0;
@ -23,11 +22,10 @@ Index: shadow-4.5/lib/semanage.c
done: done:
semanage_handle_destroy (handle); semanage_handle_destroy (handle);
return ret; return ret;
Index: shadow-4.5/src/useradd.c diff -up shadow-4.6/src/useradd.c.selinux shadow-4.6/src/useradd.c
=================================================================== --- shadow-4.6/src/useradd.c.selinux 2018-05-28 13:43:30.996748997 +0200
--- shadow-4.5.orig/src/useradd.c +++ shadow-4.6/src/useradd.c 2018-05-28 13:44:04.645486199 +0200
+++ shadow-4.5/src/useradd.c @@ -2120,6 +2120,7 @@ static void create_mail (void)
@@ -2042,6 +2042,7 @@ static void create_mail (void)
*/ */
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
@ -35,14 +33,14 @@ Index: shadow-4.5/src/useradd.c
#ifdef ACCT_TOOLS_SETUID #ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
@@ -2262,27 +2263,11 @@ int main (int argc, char **argv) @@ -2342,27 +2343,11 @@ int main (int argc, char **argv)
usr_update (); usr_update ();
- if (mflg) { - if (mflg) {
- create_home (); - create_home ();
- if (home_added) { - if (home_added) {
- copy_tree (def_template, user_home, false, false, - copy_tree (def_template, prefix_user_home, false, false,
- (uid_t)-1, user_id, (gid_t)-1, user_gid); - (uid_t)-1, user_id, (gid_t)-1, user_gid);
- } else { - } else {
- fprintf (stderr, - fprintf (stderr,
@ -66,7 +64,7 @@ Index: shadow-4.5/src/useradd.c
/* /*
* tallylog_reset needs to be able to lookup * tallylog_reset needs to be able to lookup
* a valid existing user name, * a valid existing user name,
@@ -2293,8 +2278,9 @@ int main (int argc, char **argv) @@ -2373,8 +2358,9 @@ int main (int argc, char **argv)
} }
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
@ -78,7 +76,7 @@ Index: shadow-4.5/src/useradd.c
fprintf (stderr, fprintf (stderr,
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux); Prog, user_name, user_selinux);
@@ -2303,14 +2289,31 @@ int main (int argc, char **argv) @@ -2383,14 +2369,31 @@ int main (int argc, char **argv)
"adding SELinux user mapping", "adding SELinux user mapping",
user_name, (unsigned int) user_id, 0); user_name, (unsigned int) user_id, 0);
#endif /* WITH_AUDIT */ #endif /* WITH_AUDIT */
@ -95,7 +93,7 @@ Index: shadow-4.5/src/useradd.c
+ if (mflg) { + if (mflg) {
+ create_home (); + create_home ();
+ if (home_added) { + if (home_added) {
+ copy_tree (def_template, user_home, false, true, + copy_tree (def_template, prefix_user_home, false, true,
+ (uid_t)-1, user_id, (gid_t)-1, user_gid); + (uid_t)-1, user_id, (gid_t)-1, user_gid);
+ } else { + } else {
+ fprintf (stderr, + fprintf (stderr,

View file

@ -0,0 +1,42 @@
diff -up shadow-4.6/libmisc/prefix_flag.c.usermod-crash shadow-4.6/libmisc/prefix_flag.c
--- shadow-4.6/libmisc/prefix_flag.c.usermod-crash 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/prefix_flag.c 2018-05-28 15:14:10.642302440 +0200
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gi
{
long long int gid;
char *endptr;
+ struct group *g;
if (NULL == grname) {
return NULL;
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gi
&& (gid == (gid_t)gid)) {
return prefix_getgrgid ((gid_t) gid);
}
- return prefix_getgrnam (grname);
+ g = prefix_getgrnam (grname);
+ return g ? __gr_dup(g) : NULL;
}
else
return getgr_nam_gid(grname);
diff -up shadow-4.6/src/usermod.c.usermod-crash shadow-4.6/src/usermod.c
--- shadow-4.6/src/usermod.c.usermod-crash 2018-05-28 15:12:37.920332763 +0200
+++ shadow-4.6/src/usermod.c 2018-05-28 15:15:50.337422470 +0200
@@ -1276,11 +1276,13 @@ static void process_flags (int argc, cha
prefix_user_home = xmalloc(len);
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
assert (wlen == (int) len -1);
+ if (user_newhome) {
+ len = strlen(prefix) + strlen(user_newhome) + 2;
+ prefix_user_newhome = xmalloc(len);
+ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
+ assert (wlen == (int) len -1);
+ }
- len = strlen(prefix) + strlen(user_newhome) + 2;
- prefix_user_newhome = xmalloc(len);
- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
- assert (wlen == (int) len -1);
}
else {
prefix_user_home = user_home;

View file

@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils Name: shadow-utils
Version: 4.5 Version: 4.6
Release: 10%{?dist} Release: 1%{?dist}
Epoch: 2 Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/ URL: http://pkg-shadow.alioth.debian.org/
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@ -10,28 +10,26 @@ Source2: shadow-utils.useradd
Source3: shadow-utils.login.defs Source3: shadow-utils.login.defs
Source4: shadow-bsd.txt Source4: shadow-bsd.txt
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Patch0: shadow-4.1.5-redhat.patch Patch0: shadow-4.6-redhat.patch
Patch1: shadow-4.5-goodname.patch Patch1: shadow-4.5-goodname.patch
Patch2: shadow-4.1.5.1-info-parent-dir.patch Patch2: shadow-4.1.5.1-info-parent-dir.patch
Patch6: shadow-4.5-selinux.patch Patch6: shadow-4.6-selinux.patch
Patch7: shadow-4.1.5-2ndskip.patch Patch10: shadow-4.6-orig-context.patch
Patch10: shadow-4.5-orig-context.patch
Patch11: shadow-4.1.5.1-logmsg.patch Patch11: shadow-4.1.5.1-logmsg.patch
Patch14: shadow-4.1.5.1-default-range.patch Patch14: shadow-4.1.5.1-default-range.patch
Patch15: shadow-4.3.1-manfix.patch Patch15: shadow-4.3.1-manfix.patch
Patch17: shadow-4.1.5.1-userdel-helpfix.patch Patch17: shadow-4.1.5.1-userdel-helpfix.patch
Patch19: shadow-4.2.1-date-parsing.patch Patch19: shadow-4.2.1-date-parsing.patch
Patch20: shadow-4.1.5.1-ingroup.patch Patch21: shadow-4.6-move-home.patch
Patch21: shadow-4.1.5.1-move-home.patch Patch22: shadow-4.6-audit-update.patch
Patch22: shadow-4.3.1-audit-update.patch
Patch23: shadow-4.5-usermod-unlock.patch Patch23: shadow-4.5-usermod-unlock.patch
Patch24: shadow-4.2.1-no-lock-dos.patch Patch24: shadow-4.2.1-no-lock-dos.patch
Patch28: shadow-4.3.1-selinux-perms.patch Patch28: shadow-4.3.1-selinux-perms.patch
Patch29: shadow-4.2.1-null-tm.patch Patch29: shadow-4.2.1-null-tm.patch
Patch30: shadow-4.1.5.1-newgrp-grouplist.patch Patch31: shadow-4.6-getenforce.patch
Patch31: shadow-4.5-userdel-chroot.patch
Patch32: shadow-4.5-crypt_h.patch Patch32: shadow-4.5-crypt_h.patch
Patch33: shadow-4.5-long-entry.patch Patch33: shadow-4.5-long-entry.patch
Patch34: shadow-4.6-usermod-crash.patch
License: BSD and GPLv2+ License: BSD and GPLv2+
Group: System Environment/Base Group: System Environment/Base
@ -67,24 +65,22 @@ are used for managing group accounts.
%patch1 -p1 -b .goodname %patch1 -p1 -b .goodname
%patch2 -p1 -b .info-parent-dir %patch2 -p1 -b .info-parent-dir
%patch6 -p1 -b .selinux %patch6 -p1 -b .selinux
%patch7 -p1 -b .2ndskip
%patch10 -p1 -b .orig-context %patch10 -p1 -b .orig-context
%patch11 -p1 -b .logmsg %patch11 -p1 -b .logmsg
%patch14 -p1 -b .default-range %patch14 -p1 -b .default-range
%patch15 -p1 -b .manfix %patch15 -p1 -b .manfix
%patch17 -p1 -b .userdel %patch17 -p1 -b .userdel
%patch19 -p1 -b .date-parsing %patch19 -p1 -b .date-parsing
%patch20 -p1 -b .ingroup
%patch21 -p1 -b .move-home %patch21 -p1 -b .move-home
%patch22 -p1 -b .audit-update %patch22 -p1 -b .audit-update
%patch23 -p1 -b .unlock %patch23 -p1 -b .unlock
%patch24 -p1 -b .no-lock-dos %patch24 -p1 -b .no-lock-dos
%patch28 -p1 -b .selinux-perms %patch28 -p1 -b .selinux-perms
%patch29 -p1 -b .null-tm %patch29 -p1 -b .null-tm
%patch30 -p1 -b .grouplist %patch31 -p1 -b .getenforce
%patch31 -p1 -b .userdel-chroot
%patch32 -p1 -b .crypt_h %patch32 -p1 -b .crypt_h
%patch33 -p1 -b .long-entry %patch33 -p1 -b .long-entry
%patch34 -p1 -b .usermod-crash
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO cp -f doc/HOWTO.utf8 doc/HOWTO
@ -237,6 +233,9 @@ done
%{_mandir}/man8/vigr.8* %{_mandir}/man8/vigr.8*
%changelog %changelog
* Mon May 28 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-1
- update to current upstream release 4.6
* Fri Apr 20 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-10 * Fri Apr 20 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-10
- Raise limit for passwd and shadow entry length but also prevent - Raise limit for passwd and shadow entry length but also prevent
writing longer entries (#1422497) writing longer entries (#1422497)

View file

@ -1,2 +1,2 @@
SHA512 (shadow-4.5.tar.xz) = e57f8db54df23301c229d4be30d4cbb67efa1d1809cffcff79adc480b6019fb2b5fd09e112e82a3f00ad5a6b2994592adac93f70a631cf666b6f4723b61c87b5 SHA512 (shadow-4.6.tar.xz) = e8eee52c649d9973f724bc2d5aeee71fa2e6a2e41ec3487cd6cf6d47af70c32e0cdf304df29b32eae2b6eb6f9066866b5f2c891add0ec87ba583bea3207b3631
SHA512 (shadow-4.5.tar.xz.asc) = 42739e5e36e0dd1ff8e9d8721f5b4b222113afd91c927b580bc0b587d59dcdecdf938c978405b80f15a70b17f2d0589f8b6277e0e9bd23a5f3c2fc924c9b1e24 SHA512 (shadow-4.6.tar.xz.asc) = 8728bff5544db6ea123f758cce5bd5c2d346489570c33092e4e97db35c274d7aba01580018f120e4ad80b8f79cfe296a33bccbe9bf68df51bf9b2004c6bfffed