diff --git a/.gitignore b/.gitignore index d99615d..5e224dd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ shadow-4.1.4.2.tar.bz2 /shadow-4.1.4.3.tar.bz2 +/shadow-4.1.5.tar.bz2 diff --git a/shadow-4.1.4.2-acl.patch b/shadow-4.1.4.2-acl.patch deleted file mode 100644 index 0071c31..0000000 --- a/shadow-4.1.4.2-acl.patch +++ /dev/null @@ -1,151 +0,0 @@ -diff -up shadow-4.1.4.2/libmisc/copydir.c.acl shadow-4.1.4.2/libmisc/copydir.c ---- shadow-4.1.4.2/libmisc/copydir.c.acl 2011-02-09 17:35:23.455413575 +0100 -+++ shadow-4.1.4.2/libmisc/copydir.c 2011-02-09 17:49:17.606330202 +0100 -@@ -45,6 +45,9 @@ - #ifdef WITH_SELINUX - #include - #endif -+#include -+#include -+ - static /*@null@*/const char *src_orig; - static /*@null@*/const char *dst_orig; - -@@ -70,7 +73,7 @@ static int copy_symlink (const char *src - #endif - static int copy_hardlink (const char *src, const char *dst, - struct link_name *lp); --static int copy_special (const char *dst, -+static int copy_special (const char *src, const char *dst, - const struct stat *statp, const struct timeval mt[], - long int uid, long int gid); - static int copy_file (const char *src, const char *dst, -@@ -78,6 +81,28 @@ static int copy_file (const char *src, c - long int uid, long int gid); - - #ifdef WITH_SELINUX -+ -+void error (struct error_context *ctx, const char *fmt, ...) -+{ -+ va_list ap; -+ -+ /* ignore the case when destination does not support ACLs */ -+ if(errno==EOPNOTSUPP) -+ return; -+ -+ va_start (ap, fmt); -+ (void) fprintf (stderr, _("%s: "), Prog); -+ if (vfprintf (stderr, fmt, ap) != 0) { -+ (void) fputs (_(": "), stderr); -+ } -+ (void) fprintf (stderr, "%s\n", strerror (errno)); -+ va_end (ap); -+} -+ -+struct error_context ctx = { -+ error -+}; -+ - /* - * selinux_file_context - Set the security context before any file or - * directory creation. -@@ -369,7 +394,7 @@ static int copy_entry (const char *src, - */ - - else if (!S_ISREG (sb.st_mode)) { -- err = copy_special (dst, &sb, mt, uid, gid); -+ err = copy_special (src, dst, &sb, mt, uid, gid); - } - - /* -@@ -413,8 +438,20 @@ static int copy_dir (const char *src, co - || (chown (dst, - (uid == - 1) ? statp->st_uid : (uid_t) uid, - (gid == - 1) ? statp->st_gid : (gid_t) gid) != 0) -- || (chmod (dst, statp->st_mode) != 0) -- || (copy_tree (src, dst, uid, gid) != 0) -+ || (chmod (dst, statp->st_mode) != 0)) { -+ err = -1; -+ return err; -+ } -+ -+ /* ignore the case when destination does not support ACLs */ -+ if (perm_copy_file (src, dst, &ctx) != 0) { -+ if (errno!=EOPNOTSUPP) { -+ err = -1; -+ return err; -+ } -+ } -+ -+ if ((copy_tree (src, dst, uid, gid) != 0) - || (utimes (dst, mt) != 0)) { - err = -1; - } -@@ -514,6 +551,13 @@ static int copy_symlink (const char *src - || (lchown (dst, - (uid == -1) ? statp->st_uid : (uid_t) uid, - (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)) { -+ /* FIXME: there are no modes on symlinks, right? -+ * ACL could be copied, but this would be much more -+ * complex than calling perm_copy_file. -+ * Ditto for Extended Attributes. -+ * We currently only document that ACL and Extended -+ * Attributes are not copied. -+ */ - free (oldlink); - return -1; - } -@@ -542,7 +586,7 @@ static int copy_symlink (const char *src - static int copy_hardlink (const char *src, const char *dst, - struct link_name *lp) - { -- /* TODO: selinux needed? */ -+ /* TODO: selinux, ACL, Extended Attributes needed? */ - - if (link (lp->ln_name, dst) != 0) { - return -1; -@@ -574,7 +618,7 @@ static int copy_hardlink (const char *sr - * - * Return 0 on success, -1 on error. - */ --static int copy_special (const char *dst, -+static int copy_special (const char *src, const char *dst, - const struct stat *statp, const struct timeval mt[], - long int uid, long int gid) - { -@@ -628,11 +672,18 @@ static int copy_file (const char *src, c - || (fchown (ofd, - (uid == -1) ? statp->st_uid : (uid_t) uid, - (gid == -1) ? statp->st_gid : (gid_t) gid) != 0) -- || (fchmod (ofd, statp->st_mode & 07777) != 0)) { -+ || (fchmod (ofd, statp->st_mode & 07777) != 0)) { - (void) close (ifd); - return -1; - } - -+ if (perm_copy_fd (src, ifd, dst, ofd, &ctx) != 0) { -+ if (errno!=EOPNOTSUPP) { -+ (void) close (ifd); -+ return -1; -+ } -+ } -+ - while ((cnt = read (ifd, buf, sizeof buf)) > 0) { - if (write (ofd, buf, (size_t)cnt) != cnt) { - return -1; -diff -up shadow-4.1.4.2/src/Makefile.in.acl shadow-4.1.4.2/src/Makefile.in ---- shadow-4.1.4.2/src/Makefile.in.acl 2009-07-24 03:16:00.000000000 +0200 -+++ shadow-4.1.4.2/src/Makefile.in 2011-02-09 17:35:23.470411800 +0100 -@@ -430,9 +430,9 @@ su_SOURCES = \ - - su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - sulogin_LDADD = $(LDADD) $(LIBCRYPT) --useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) --userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) --usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl -+userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl -+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl - vipw_LDADD = $(LDADD) $(LIBSELINUX) - all: all-am - diff --git a/shadow-4.1.4.2-fixes.patch b/shadow-4.1.4.2-fixes.patch deleted file mode 100644 index 8451675..0000000 --- a/shadow-4.1.4.2-fixes.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff -up shadow-4.1.4.2/libmisc/cleanup.c.fixes shadow-4.1.4.2/libmisc/cleanup.c ---- shadow-4.1.4.2/libmisc/cleanup.c.fixes 2009-09-07 15:52:22.449035388 +0200 -+++ shadow-4.1.4.2/libmisc/cleanup.c 2009-09-07 15:55:06.632033653 +0200 -@@ -107,7 +107,7 @@ void del_cleanup (cleanup_function pcf) - assert (i limit) { -- SYSLOG ((LOG_WARN, "Too many logins (max %d) for %s\n", -+ SYSLOG ((LOG_WARN, "Too many logins (max %lu) for %s\n", - limit, name)); - return LOGIN_ERROR_LOGIN; - } -diff -up shadow-4.1.4.2/libmisc/utmp.c.fixes shadow-4.1.4.2/libmisc/utmp.c ---- shadow-4.1.4.2/libmisc/utmp.c.fixes 2009-09-07 15:56:30.534033865 +0200 -+++ shadow-4.1.4.2/libmisc/utmp.c 2009-09-07 16:11:23.049069289 +0200 -@@ -56,7 +56,7 @@ static bool is_my_tty (const char *tty) - /* full_tty shall be at least sizeof utmp.ut_line + 5 */ - char full_tty[200]; - /* tmptty shall be bigger than full_tty */ -- static char tmptty[sizeof (full_tty)+1]; -+ static char tmptty[sizeof (full_tty)+1] = ""; - - if ('/' != *tty) { - (void) snprintf (full_tty, sizeof full_tty, "/dev/%s", tty); -@@ -71,7 +71,7 @@ static bool is_my_tty (const char *tty) - } - } - -- if (NULL == tmptty) { -+ if ('\0' == tmptty[0]) { - (void) puts (_("Unable to determine your tty name.")); - exit (EXIT_FAILURE); - } else if (strncmp (tty, tmptty, sizeof (tmptty)) != 0) { -@@ -200,7 +200,6 @@ static void updwtmpx (const char *filena - strcpy (hostname, host); - #ifdef HAVE_STRUCT_UTMP_UT_HOST - } else if ( (NULL != ut) -- && (NULL != ut->ut_host) - && ('\0' != ut->ut_host[0])) { - hostname = (char *) xmalloc (sizeof (ut->ut_host) + 1); - strncpy (hostname, ut->ut_host, sizeof (ut->ut_host)); diff --git a/shadow-4.1.4.2-gshadow.patch b/shadow-4.1.4.2-gshadow.patch deleted file mode 100644 index 1cf5ba6..0000000 --- a/shadow-4.1.4.2-gshadow.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -up shadow-4.1.4.2/lib/gshadow.c.gshadow shadow-4.1.4.2/lib/gshadow.c ---- shadow-4.1.4.2/lib/gshadow.c.gshadow 2009-06-12 19:50:23.000000000 +0200 -+++ shadow-4.1.4.2/lib/gshadow.c 2011-01-05 16:28:55.207685148 +0100 -@@ -223,6 +223,7 @@ void endsgent (void) - if (NULL == buf) { - return NULL; - } -+ buflen = BUFSIZ; - } - - if (NULL == fp) { -@@ -230,9 +231,9 @@ void endsgent (void) - } - - #ifdef USE_NIS -- while (fgetsx (buf, (int) sizeof buf, fp) == buf) -+ while (fgetsx (buf, (int) buflen, fp) == buf) - #else -- if (fgetsx (buf, (int) sizeof buf, fp) == buf) -+ if (fgetsx (buf, (int) buflen, fp) == buf) - #endif - { - while ( ((cp = strrchr (buf, '\n')) == NULL) diff --git a/shadow-4.1.4.2-leak.patch b/shadow-4.1.4.2-leak.patch deleted file mode 100644 index 0d6aa09..0000000 --- a/shadow-4.1.4.2-leak.patch +++ /dev/null @@ -1,108 +0,0 @@ -diff -up shadow-4.1.4.2/lib/groupmem.c.leak shadow-4.1.4.2/lib/groupmem.c ---- shadow-4.1.4.2/lib/groupmem.c.leak 2009-04-23 19:43:27.000000000 +0200 -+++ shadow-4.1.4.2/lib/groupmem.c 2009-09-07 15:43:23.314129427 +0200 -@@ -51,10 +51,13 @@ - *gr = *grent; - gr->gr_name = strdup (grent->gr_name); - if (NULL == gr->gr_name) { -+ free(gr); - return NULL; - } - gr->gr_passwd = strdup (grent->gr_passwd); - if (NULL == gr->gr_passwd) { -+ free(gr->gr_name); -+ free(gr); - return NULL; - } - -@@ -62,11 +65,21 @@ - - gr->gr_mem = (char **) malloc ((i + 1) * sizeof (char *)); - if (NULL == gr->gr_mem) { -+ free(gr->gr_passwd); -+ free(gr->gr_name); -+ free(gr); - return NULL; - } - for (i = 0; grent->gr_mem[i]; i++) { - gr->gr_mem[i] = strdup (grent->gr_mem[i]); - if (NULL == gr->gr_mem[i]) { -+ int j; -+ for (j=0; jgr_mem[j]); -+ free(gr->gr_mem); -+ free(gr->gr_passwd); -+ free(gr->gr_name); -+ free(gr); - return NULL; - } - } -diff -up shadow-4.1.4.2/libmisc/copydir.c.leak shadow-4.1.4.2/libmisc/copydir.c ---- shadow-4.1.4.2/libmisc/copydir.c.leak 2009-05-22 12:16:14.000000000 +0200 -+++ shadow-4.1.4.2/libmisc/copydir.c 2009-09-07 15:41:49.217192095 +0200 -@@ -443,6 +443,7 @@ static char *readlink_malloc (const char - nchars = readlink (filename, buffer, size); - - if (nchars < 0) { -+ free(buffer); - return NULL; - } - -diff -up shadow-4.1.4.2/lib/pwmem.c.leak shadow-4.1.4.2/lib/pwmem.c ---- shadow-4.1.4.2/lib/pwmem.c.leak 2009-04-23 19:43:27.000000000 +0200 -+++ shadow-4.1.4.2/lib/pwmem.c 2009-09-07 15:41:49.218203063 +0200 -@@ -51,22 +51,37 @@ - *pw = *pwent; - pw->pw_name = strdup (pwent->pw_name); - if (NULL == pw->pw_name) { -+ free(pw); - return NULL; - } - pw->pw_passwd = strdup (pwent->pw_passwd); - if (NULL == pw->pw_passwd) { -+ free(pw->pw_name); -+ free(pw); - return NULL; - } - pw->pw_gecos = strdup (pwent->pw_gecos); - if (NULL == pw->pw_gecos) { -+ free(pw->pw_passwd); -+ free(pw->pw_name); -+ free(pw); - return NULL; - } - pw->pw_dir = strdup (pwent->pw_dir); - if (NULL == pw->pw_dir) { -+ free(pw->pw_gecos); -+ free(pw->pw_passwd); -+ free(pw->pw_name); -+ free(pw); - return NULL; - } - pw->pw_shell = strdup (pwent->pw_shell); - if (NULL == pw->pw_shell) { -+ free(pw->pw_dir); -+ free(pw->pw_gecos); -+ free(pw->pw_passwd); -+ free(pw->pw_name); -+ free(pw); - return NULL; - } - -diff -up shadow-4.1.4.2/lib/shadowmem.c.leak shadow-4.1.4.2/lib/shadowmem.c ---- shadow-4.1.4.2/lib/shadowmem.c.leak 2009-04-23 19:43:27.000000000 +0200 -+++ shadow-4.1.4.2/lib/shadowmem.c 2009-09-07 15:41:49.218203063 +0200 -@@ -52,10 +52,13 @@ - *sp = *spent; - sp->sp_namp = strdup (spent->sp_namp); - if (NULL == sp->sp_namp) { -+ free(sp); - return NULL; - } - sp->sp_pwdp = strdup (spent->sp_pwdp); - if (NULL == sp->sp_pwdp) { -+ free(sp->sp_namp); -+ free(sp); - return NULL; - } - diff --git a/shadow-4.1.4.2-redhat.patch b/shadow-4.1.4.2-redhat.patch deleted file mode 100644 index fb2a437..0000000 --- a/shadow-4.1.4.2-redhat.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff -up shadow-4.1.4.2/man/useradd.8.redhat shadow-4.1.4.2/man/useradd.8 ---- shadow-4.1.4.2/man/useradd.8.redhat 2009-07-24 03:16:44.000000000 +0200 -+++ shadow-4.1.4.2/man/useradd.8 2011-02-09 11:04:24.851151246 +0100 -@@ -211,7 +211,7 @@ Create the user\'s home directory if it - \fB\-k\fR - option) will be copied to the home directory\&. - .sp --By default, no home directories are created\&. -+The home directories are created by default on RHEL/Fedora systems because of /etc/login.defs (\fBCREATE_HOME\fR) setting\&. - .RE - .PP - \fB\-M\fR -diff -up shadow-4.1.4.2/src/useradd.c.redhat shadow-4.1.4.2/src/useradd.c ---- shadow-4.1.4.2/src/useradd.c.redhat 2009-06-06 00:16:58.000000000 +0200 -+++ shadow-4.1.4.2/src/useradd.c 2011-02-09 11:04:06.031036886 +0100 -@@ -90,7 +90,7 @@ char *Prog; - static gid_t def_group = 100; - static const char *def_gname = "other"; - static const char *def_home = "/home"; --static const char *def_shell = ""; -+static const char *def_shell = "/sbin/nologin"; - static const char *def_template = SKEL_DIR; - static const char *def_create_mail_spool = "no"; - -@@ -102,7 +102,7 @@ static char def_file[] = USER_DEFAULTS_F - #define VALID(s) (strcspn (s, ":\n") == strlen (s)) - - static const char *user_name = ""; --static const char *user_pass = "!"; -+static const char *user_pass = "!!"; - static uid_t user_id; - static gid_t user_gid; - static const char *user_comment = ""; -@@ -989,9 +989,9 @@ static void process_flags (int argc, cha - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:", -+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:", - #else -- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U", -+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U", - #endif - long_options, NULL)) != -1) { - switch (c) { -@@ -1141,6 +1141,7 @@ static void process_flags (int argc, cha - case 'M': - Mflg = true; - break; -+ case 'n': - case 'N': - Nflg = true; - break; diff --git a/shadow-4.1.4.2-underflow.patch b/shadow-4.1.4.2-underflow.patch deleted file mode 100644 index 8553f8f..0000000 --- a/shadow-4.1.4.2-underflow.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff -up shadow-4.1.4.3/src/faillog.c.underflow shadow-4.1.4.3/src/faillog.c ---- shadow-4.1.4.3/src/faillog.c.underflow 2011-02-13 12:58:16.000000000 -0500 -+++ shadow-4.1.4.3/src/faillog.c 2011-05-30 17:48:55.000000000 -0400 -@@ -106,8 +106,8 @@ static void print_one (/*@null@*/const s - return; - } - -- offset = pw->pw_uid * sizeof (fl); -- if (offset <= (statbuf.st_size - sizeof (fl))) { -+ offset = (off_t) pw->pw_uid * sizeof (fl); -+ if (offset + sizeof (fl) <= statbuf.st_size) { - /* fseeko errors are not really relevant for us. */ - int err = fseeko (fail, offset, SEEK_SET); - assert (0 == err); -@@ -206,8 +206,8 @@ static bool reset_one (uid_t uid) - off_t offset; - struct faillog fl; - -- offset = uid * sizeof (fl); -- if (offset <= (statbuf.st_size - sizeof (fl))) { -+ offset = (off_t) uid * sizeof (fl); -+ if (offset + sizeof (fl) <= statbuf.st_size) { - /* fseeko errors are not really relevant for us. */ - int err = fseeko (fail, offset, SEEK_SET); - assert (0 == err); -@@ -294,7 +294,7 @@ static bool setmax_one (uid_t uid, int m - struct faillog fl; - - offset = (off_t) uid * sizeof (fl); -- if (offset <= (statbuf.st_size - sizeof (fl))) { -+ if (offset + sizeof (fl) <= statbuf.st_size) { - /* fseeko errors are not really relevant for us. */ - int err = fseeko (fail, offset, SEEK_SET); - assert (0 == err); -@@ -385,7 +385,7 @@ static bool set_locktime_one (uid_t uid, - struct faillog fl; - - offset = (off_t) uid * sizeof (fl); -- if (offset <= (statbuf.st_size - sizeof (fl))) { -+ if (offset + sizeof (fl) <= statbuf.st_size) { - /* fseeko errors are not really relevant for us. */ - int err = fseeko (fail, offset, SEEK_SET); - assert (0 == err); -diff -up shadow-4.1.4.3/src/lastlog.c.underflow shadow-4.1.4.3/src/lastlog.c ---- shadow-4.1.4.3/src/lastlog.c.underflow 2011-05-31 03:52:25.000000000 -0400 -+++ shadow-4.1.4.3/src/lastlog.c 2011-05-31 03:53:32.000000000 -0400 -@@ -102,9 +102,8 @@ static void print_one (/*@null@*/const s - } - - -- offset = pw->pw_uid * sizeof (ll); -- -- if (offset <= (statbuf.st_size - sizeof (ll))) { -+ offset = (off_t) pw->pw_uid * sizeof (ll); -+ if (offset + sizeof (ll) <= statbuf.st_size) { - /* fseeko errors are not really relevant for us. */ - int err = fseeko (lastlogfile, offset, SEEK_SET); - assert (0 == err); diff --git a/shadow-4.1.4.3-IDs.patch b/shadow-4.1.4.3-IDs.patch deleted file mode 100644 index 6d26f74..0000000 --- a/shadow-4.1.4.3-IDs.patch +++ /dev/null @@ -1,115 +0,0 @@ -diff -up shadow-4.1.4.3/libmisc/find_new_gid.c.IDs shadow-4.1.4.3/libmisc/find_new_gid.c ---- shadow-4.1.4.3/libmisc/find_new_gid.c.IDs 2011-12-20 13:28:13.042668305 +0100 -+++ shadow-4.1.4.3/libmisc/find_new_gid.c 2011-12-20 13:35:40.011817589 +0100 -@@ -32,6 +32,7 @@ - - #include - #include -+#include - - #include "prototypes.h" - #include "groupio.h" -@@ -65,8 +66,6 @@ int find_new_gid (bool sys_group, - gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1; - gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max); - } -- used_gids = alloca (sizeof (bool) * (gid_max +1)); -- memset (used_gids, false, sizeof (bool) * (gid_max + 1)); - - if ( (NULL != preferred_gid) - && (*preferred_gid >= gid_min) -@@ -80,6 +79,14 @@ int find_new_gid (bool sys_group, - return 0; - } - -+ used_gids = malloc (sizeof (bool) * (gid_max +1)); -+ if(used_gids==NULL) { -+ fprintf (stderr, -+ _("%s: failed to allocate memory. %s\n"), Prog, strerror (errno)); -+ return -1; -+ } -+ memset (used_gids, false, sizeof (bool) * (gid_max + 1)); -+ - /* if we did not find free preffered system gid, we start to look for - * one in the range assigned to dynamic system IDs */ - if (sys_group) -@@ -162,6 +169,7 @@ int find_new_gid (bool sys_group, - Prog); - SYSLOG ((LOG_WARN, - "no more available GID on the system")); -+ free(used_gids); - return -1; - } - } -@@ -177,12 +185,14 @@ int find_new_gid (bool sys_group, - _("%s: Can't get unique GID (no more available GIDs)\n"), - Prog); - SYSLOG ((LOG_WARN, "no more available GID on the system")); -+ free(used_gids); - return -1; - } - } - } - - *gid = group_id; -+ free(used_gids); - return 0; - } - -diff -up shadow-4.1.4.3/libmisc/find_new_uid.c.IDs shadow-4.1.4.3/libmisc/find_new_uid.c ---- shadow-4.1.4.3/libmisc/find_new_uid.c.IDs 2011-02-13 18:58:11.000000000 +0100 -+++ shadow-4.1.4.3/libmisc/find_new_uid.c 2011-12-20 13:37:27.415023688 +0100 -@@ -32,6 +32,7 @@ - - #include - #include -+#include - - #include "prototypes.h" - #include "pwio.h" -@@ -65,8 +66,6 @@ int find_new_uid (bool sys_user, - uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1; - uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max); - } -- used_uids = alloca (sizeof (bool) * (uid_max +1)); -- memset (used_uids, false, sizeof (bool) * (uid_max + 1)); - - if ( (NULL != preferred_uid) - && (*preferred_uid >= uid_min) -@@ -80,6 +79,13 @@ int find_new_uid (bool sys_user, - return 0; - } - -+ used_uids = malloc (sizeof (bool) * (uid_max +1)); -+ if(used_uids==NULL) { -+ fprintf (stderr, -+ _("%s: failed to allocate memory. %s\n"), Prog, strerror (errno)); -+ return -1; -+ } -+ memset (used_uids, false, sizeof (bool) * (uid_max + 1)); - - /* - * Search the entire password file, -@@ -158,6 +164,7 @@ int find_new_uid (bool sys_user, - Prog); - SYSLOG ((LOG_WARN, - "no more available UID on the system")); -+ free(used_uids); - return -1; - } - } -@@ -173,12 +180,14 @@ int find_new_uid (bool sys_user, - _("%s: Can't get unique UID (no more available UIDs)\n"), - Prog); - SYSLOG ((LOG_WARN, "no more available UID on the system")); -+ free(used_uids); - return -1; - } - } - } - - *uid = user_id; -+ free(used_uids); - return 0; - } - diff --git a/shadow-4.1.4.3-libsemanage.patch b/shadow-4.1.4.3-libsemanage.patch deleted file mode 100644 index 8323e1f..0000000 --- a/shadow-4.1.4.3-libsemanage.patch +++ /dev/null @@ -1,640 +0,0 @@ -diff -up shadow-4.1.4.3/lib/Makefile.in.libsemanage shadow-4.1.4.3/lib/Makefile.in ---- shadow-4.1.4.3/lib/Makefile.in.libsemanage 2011-02-15 23:18:15.000000000 +0100 -+++ shadow-4.1.4.3/lib/Makefile.in 2011-11-09 14:11:26.455362101 +0100 -@@ -52,7 +52,7 @@ am_libshadow_la_OBJECTS = commonio.lo en - groupio.lo groupmem.lo gshadow.lo lockpw.lo nscd.lo port.lo \ - pwauth.lo pwio.lo pwmem.lo sgetgrent.lo sgetpwent.lo \ - sgetspent.lo sgroupio.lo shadow.lo shadowio.lo shadowmem.lo \ -- utent.lo -+ utent.lo selinux.lo - libshadow_la_OBJECTS = $(am_libshadow_la_OBJECTS) - libshadow_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -@@ -202,7 +202,6 @@ libdir = @libdir@ - libexecdir = @libexecdir@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -261,7 +260,8 @@ libshadow_la_SOURCES = \ - shadowio.c \ - shadowio.h \ - shadowmem.c \ -- utent.c -+ utent.c \ -+ selinux.c - - - # These files are unneeded for some reason, listed in -@@ -349,6 +349,7 @@ distclean-compile: - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shadow.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shadowio.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shadowmem.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/selinux.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utent.Plo@am__quote@ - - .c.o: -diff -up shadow-4.1.4.3/libmisc/Makefile.in.libsemanage shadow-4.1.4.3/libmisc/Makefile.in ---- shadow-4.1.4.3/libmisc/Makefile.in.libsemanage 2011-02-15 23:18:16.000000000 +0100 -+++ shadow-4.1.4.3/libmisc/Makefile.in 2011-11-09 14:11:26.456362098 +0100 -@@ -64,7 +64,7 @@ am_libmisc_a_OBJECTS = addgrps.$(OBJEXT) - pam_pass_non_interractive.$(OBJEXT) pwd2spwd.$(OBJEXT) \ - pwdcheck.$(OBJEXT) pwd_init.$(OBJEXT) rlogin.$(OBJEXT) \ - salt.$(OBJEXT) setugid.$(OBJEXT) setupenv.$(OBJEXT) \ -- shell.$(OBJEXT) system.$(OBJEXT) strtoday.$(OBJEXT) \ -+ shell.$(OBJEXT) strtoday.$(OBJEXT) \ - sub.$(OBJEXT) sulog.$(OBJEXT) ttytype.$(OBJEXT) tz.$(OBJEXT) \ - ulimit.$(OBJEXT) user_busy.$(OBJEXT) utmp.$(OBJEXT) \ - valid.$(OBJEXT) xgetpwnam.$(OBJEXT) xgetpwuid.$(OBJEXT) \ -@@ -284,7 +284,6 @@ libmisc_a_SOURCES = \ - setugid.c \ - setupenv.c \ - shell.c \ -- system.c \ - strtoday.c \ - sub.c \ - sulog.c \ -@@ -394,7 +393,6 @@ distclean-compile: - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strtoday.Po@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sub.Po@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sulog.Po@am__quote@ --@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system.Po@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ttytype.Po@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tz.Po@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ulimit.Po@am__quote@ -diff -up shadow-4.1.4.3/libmisc/system.c.libsemanage shadow-4.1.4.3/libmisc/system.c ---- shadow-4.1.4.3/libmisc/system.c.libsemanage 2011-02-13 18:58:11.000000000 +0100 -+++ shadow-4.1.4.3/libmisc/system.c 2011-11-09 14:11:26.457362095 +0100 -@@ -1,72 +0,0 @@ --/* -- * Copyright (c) 2009 , Dan Walsh -- * All rights reserved. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. The name of the copyright holders or contributors may not be used to -- * endorse or promote products derived from this software without -- * specific prior written permission. -- * -- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -- * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- */ --#include -- --#ident "$Id: system.c 2849 2009-04-30 21:08:49Z nekral-guest $" -- --#include --#include --#include --#include "prototypes.h" --#include "defines.h" -- --int safe_system (const char *command, -- const char *argv[], -- const char *env[], -- int ignore_stderr) --{ -- int status = -1; -- int fd; -- pid_t pid; -- -- pid = fork(); -- if (pid < 0) { -- return -1; -- } -- -- if (pid) { /* Parent */ -- if (waitpid (pid, &status, 0) > 0) { -- return status; -- } else { -- return -1; -- } -- } -- -- fd = open ("/dev/null", O_RDWR); -- /* Child */ -- dup2 (fd, 0); // Close Stdin -- if (ignore_stderr) { -- dup2 (fd, 2); // Close Stderr -- } -- -- execve (command, (char *const *) argv, (char *const *) env); -- fprintf (stderr, _("Failed to exec '%s'\n"), argv[0]); -- exit (EXIT_FAILURE); --} -- -diff -up shadow-4.1.4.3/lib/prototypes.h.libsemanage shadow-4.1.4.3/lib/prototypes.h ---- shadow-4.1.4.3/lib/prototypes.h.libsemanage 2011-02-13 18:58:23.000000000 +0100 -+++ shadow-4.1.4.3/lib/prototypes.h 2011-11-09 14:11:26.457362095 +0100 -@@ -331,12 +331,6 @@ extern void spw_free (/*@out@*/ /*@only@ - /* shell.c */ - extern int shell (const char *file, /*@null@*/const char *arg, char *const envp[]); - --/* system.c */ --extern int safe_system (const char *command, -- const char *argv[], -- const char *env[], -- int ignore_stderr); -- - /* strtoday.c */ - extern long strtoday (const char *); - -@@ -403,4 +397,8 @@ extern /*@null@*/ /*@only@*/struct spwd - /* yesno.c */ - extern bool yes_or_no (bool read_only); - -+/* selinux.c */ -+int set_seuser(const char *login_name, const char *seuser_name); -+int del_seuser(const char *login_name); -+ - #endif /* _PROTOTYPES_H */ -diff -up shadow-4.1.4.3/lib/selinux.c.libsemanage shadow-4.1.4.3/lib/selinux.c ---- shadow-4.1.4.3/lib/selinux.c.libsemanage 2011-11-09 14:11:26.458362092 +0100 -+++ shadow-4.1.4.3/lib/selinux.c 2011-11-09 14:11:26.458362092 +0100 -@@ -0,0 +1,341 @@ -+/* -+ shadow-utils -+ -+ su-selinux.c -+ -+ Copyright (C) Jakub Hrozek 2010 -+ Copyright (C) Peter Vrabec 2011 -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . -+*/ -+ -+#include -+ -+#include "defines.h" -+ -+#include -+#include -+#include -+ -+ -+#ifndef DEFAULT_SERANGE -+#define DEFAULT_SERANGE "s0" -+#endif -+ -+ -+static void semanage_error_callback(void *varg, -+ semanage_handle_t *handle, -+ const char *fmt, ...) -+{ -+ int ret; -+ char * message = NULL; -+ va_list ap; -+ -+ -+ va_start(ap, fmt); -+ ret = vasprintf(&message, fmt, ap); -+ va_end(ap); -+ if (ret < 0) { -+ /* ENOMEM */ -+ return; -+ } -+ -+ switch (semanage_msg_get_level(handle)) { -+ case SEMANAGE_MSG_ERR: -+ case SEMANAGE_MSG_WARN: -+ fprintf(stderr, "[libsemanage]: %s\n", message); -+ break; -+ case SEMANAGE_MSG_INFO: -+ /* nop */ -+ break; -+ } -+ -+ free(message); -+} -+ -+ -+static semanage_handle_t *semanage_init(void) -+{ -+ int ret; -+ semanage_handle_t *handle = NULL; -+ -+ handle = semanage_handle_create(); -+ if (!handle) { -+ fprintf(stderr, _("Cannot create SELinux management handle\n")); -+ return NULL; -+ } -+ -+ semanage_msg_set_callback(handle, semanage_error_callback, NULL); -+ -+ ret = semanage_is_managed(handle); -+ if (ret != 1) { -+ fprintf(stderr, _("SELinux policy not managed\n")); -+ goto fail; -+ } -+ -+ ret = semanage_access_check(handle); -+ if (ret < SEMANAGE_CAN_READ) { -+ fprintf(stderr, _("Cannot read SELinux policy store\n")); -+ goto fail; -+ } -+ -+ ret = semanage_connect(handle); -+ if (ret != 0) { -+ fprintf(stderr, _("Cannot estabilish SELinux management connection\n")); -+ goto fail; -+ } -+ -+ ret = semanage_begin_transaction(handle); -+ if (ret != 0) { -+ fprintf(stderr, _("Cannot begin SELinux transaction\n")); -+ goto fail; -+ } -+ -+ return handle; -+fail: -+ semanage_handle_destroy(handle); -+ return NULL; -+} -+ -+ -+static int semanage_user_mod(semanage_handle_t *handle, -+ semanage_seuser_key_t *key, -+ const char *login_name, -+ const char *seuser_name) -+{ -+ int ret; -+ semanage_seuser_t *seuser = NULL; -+ -+ semanage_seuser_query(handle, key, &seuser); -+ if (seuser == NULL) { -+ fprintf(stderr, _("Could not query seuser for %s\n"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); -+ if (ret != 0) { -+ fprintf(stderr, _("Could not set serange for %s\n"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_set_sename(handle, seuser, seuser_name); -+ if (ret != 0) { -+ fprintf(stderr, _("Could not set sename for %s\n"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_modify_local(handle, key, seuser); -+ if (ret != 0) { -+ fprintf(stderr, _("Could not modify login mapping for %s\n"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = 0; -+done: -+ semanage_seuser_free(seuser); -+ return ret; -+} -+ -+ -+static int semanage_user_add(semanage_handle_t *handle, -+ semanage_seuser_key_t *key, -+ const char *login_name, -+ const char *seuser_name) -+{ -+ int ret; -+ semanage_seuser_t *seuser = NULL; -+ -+ ret = semanage_seuser_create(handle, &seuser); -+ if (ret != 0) { -+ fprintf(stderr, _("Cannot create SELinux login mapping for %s\n"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_set_name(handle, seuser, login_name); -+ if (ret != 0) { -+ fprintf(stderr, _("Could not set name for %s\n"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); -+ if (ret != 0) { -+ fprintf(stderr, _("Could not set serange for %s\n"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_set_sename(handle, seuser, seuser_name); -+ if (ret != 0) { -+ fprintf(stderr, _("Could not set SELinux user for %s\n"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_modify_local(handle, key, seuser); -+ if (ret != 0) { -+ fprintf(stderr, _("Could not add login mapping for %s\n"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = 0; -+done: -+ semanage_seuser_free(seuser); -+ return ret; -+} -+ -+ -+int set_seuser(const char *login_name, const char *seuser_name) -+{ -+ semanage_handle_t *handle = NULL; -+ semanage_seuser_key_t *key = NULL; -+ int ret; -+ int seuser_exists = 0; -+ -+ if (seuser_name == NULL) { -+ /* don't care, just let system pick the defaults */ -+ return 0; -+ } -+ -+ handle = semanage_init(); -+ if (!handle) { -+ fprintf(stderr, _("Cannot init SELinux management\n")); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_key_create(handle, login_name, &key); -+ if (ret != 0) { -+ fprintf(stderr, _("Cannot create SELinux user key\n")); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_exists(handle, key, &seuser_exists); -+ if (ret < 0) { -+ fprintf(stderr, _("Cannot verify the SELinux user\n")); -+ ret = 1; -+ goto done; -+ } -+ -+ if (seuser_exists) { -+ ret = semanage_user_mod(handle, key, login_name, seuser_name); -+ if (ret != 0) { -+ fprintf(stderr, _("Cannot modify SELinux user mapping\n")); -+ ret = 1; -+ goto done; -+ } -+ } else { -+ ret = semanage_user_add(handle, key, login_name, seuser_name); -+ if (ret != 0) { -+ fprintf(stderr, _("Cannot add SELinux user mapping\n")); -+ ret = 1; -+ goto done; -+ } -+ } -+ -+ ret = semanage_commit(handle); -+ if (ret < 0) { -+ fprintf(stderr,_("Cannot commit SELinux transaction\n")); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = 0; -+ -+done: -+ semanage_seuser_key_free(key); -+ semanage_handle_destroy(handle); -+ return ret; -+} -+ -+ -+ -+ -+ -+int del_seuser(const char *login_name) -+{ -+ semanage_handle_t *handle = NULL; -+ semanage_seuser_key_t *key = NULL; -+ int ret; -+ int exists = 0; -+ -+ handle = semanage_init(); -+ if (!handle) { -+ fprintf(stderr, _("Cannot init SELinux management\n")); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_key_create(handle, login_name, &key); -+ if (ret != 0) { -+ fprintf(stderr, _("Cannot create SELinux user key\n")); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_seuser_exists(handle, key, &exists); -+ if (ret < 0) { -+ fprintf(stderr, _("Cannot verify the SELinux user\n")); -+ ret = 1; -+ goto done; -+ } -+ -+ if (!exists) { -+ fprintf(stderr, _("Login mapping for %s is not defined, OK if default mapping was used\n"), -+ login_name); -+ ret = 0; /* probably default mapping */ -+ goto done; -+ } -+ -+ ret = semanage_seuser_exists_local(handle, key, &exists); -+ if (ret < 0) { -+ fprintf(stderr, _("Cannot verify the SELinux user\n")); -+ ret = 1; -+ goto done; -+ } -+ -+ if (!exists) { -+ fprintf(stderr, _("Login mapping for %s is defined in policy, cannot be deleted\n"), -+ login_name); -+ ret = 0; /* Login mapping defined in policy can't be deleted */ -+ goto done; -+ } -+ -+ ret = semanage_seuser_del_local(handle, key); -+ if (ret != 0) { -+ fprintf(stderr, _("Could not delete login mapping for %s"), login_name); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = semanage_commit(handle); -+ if (ret < 0) { -+ fprintf(stderr, _("Cannot commit SELinux transaction\n")); -+ ret = 1; -+ goto done; -+ } -+ -+ ret = 0; -+done: -+ semanage_handle_destroy(handle); -+ return ret; -+} -+ -diff -up shadow-4.1.4.3/man/userdel.8.libsemanage shadow-4.1.4.3/man/userdel.8 ---- shadow-4.1.4.3/man/userdel.8.libsemanage 2011-11-09 14:19:27.772753117 +0100 -+++ shadow-4.1.4.3/man/userdel.8 2011-11-09 14:21:13.947365740 +0100 -@@ -243,6 +243,11 @@ can\*(Aqt update group file - .RS 4 - can\*(Aqt remove home directory - .RE -+.PP -+\fI14\fR -+.RS 4 -+can\*(Aqt update SELinux user mapping -+.PP - .SH "CAVEATS" - .PP - -diff -up shadow-4.1.4.3/src/Makefile.in.libsemanage shadow-4.1.4.3/src/Makefile.in ---- shadow-4.1.4.3/src/Makefile.in.libsemanage 2011-11-09 14:11:26.431362175 +0100 -+++ shadow-4.1.4.3/src/Makefile.in 2011-11-09 14:11:26.459362089 +0100 -@@ -431,9 +431,9 @@ su_SOURCES = \ - - su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - sulogin_LDADD = $(LDADD) $(LIBCRYPT) --useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl --userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl --usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl -+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl -lsemanage -+userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl -lsemanage -+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl -lsemanage - vipw_LDADD = $(LDADD) $(LIBSELINUX) - all: all-am - -diff -up shadow-4.1.4.3/src/useradd.c.libsemanage shadow-4.1.4.3/src/useradd.c ---- shadow-4.1.4.3/src/useradd.c.libsemanage 2011-11-09 14:11:26.424362196 +0100 -+++ shadow-4.1.4.3/src/useradd.c 2011-11-09 14:11:26.460362086 +0100 -@@ -1999,16 +1999,7 @@ int main (int argc, char **argv) - #ifdef WITH_SELINUX - if (Zflg && *user_selinux) { - if (is_selinux_enabled () > 0) { -- const char *argv[7]; -- -- argv[0] = "/usr/sbin/semanage"; -- argv[1] = "login"; -- argv[2] = "-a"; -- argv[3] = "-s"; -- argv[4] = user_selinux; -- argv[5] = user_name; -- argv[6] = NULL; -- if (safe_system (argv[0], argv, NULL, 0)) { -+ if (set_seuser(user_name, user_selinux)) { - fprintf (stderr, - _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), - Prog, user_name, user_selinux); -diff -up shadow-4.1.4.3/src/userdel.c.libsemanage shadow-4.1.4.3/src/userdel.c ---- shadow-4.1.4.3/src/userdel.c.libsemanage 2011-11-09 14:11:26.425362193 +0100 -+++ shadow-4.1.4.3/src/userdel.c 2011-11-09 14:18:59.274855167 +0100 -@@ -70,6 +70,7 @@ - #define E_USER_BUSY 8 /* user currently logged in */ - #define E_GRP_UPDATE 10 /* can't update group file */ - #define E_HOMEDIR 12 /* can't remove home directory */ -+#define E_SE_UPDATE 14 /* can't update SELinux user mapping */ - - /* - * Global variables -@@ -1002,13 +1003,17 @@ int main (int argc, char **argv) - #ifdef WITH_SELINUX - if (Zflg) { - if (is_selinux_enabled () > 0) { -- const char *args[5]; -- args[0] = "/usr/sbin/semanage"; -- args[1] = "login"; -- args[2] = "-d"; -- args[3] = user_name; -- args[4] = NULL; -- safe_system (args[0], args, NULL, 1); -+ if (del_seuser(user_name)) { -+ fprintf (stderr, -+ _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), -+ Prog, user_name); -+ #ifdef WITH_AUDIT -+ audit_logger (AUDIT_ADD_USER, Prog, -+ "removing SELinux user mapping", -+ user_name, (unsigned int) user_id, 0); -+ #endif -+ fail_exit (E_SE_UPDATE); -+ } - } - } - #endif -diff -up shadow-4.1.4.3/src/usermod.c.libsemanage shadow-4.1.4.3/src/usermod.c ---- shadow-4.1.4.3/src/usermod.c.libsemanage 2011-11-09 14:11:26.426362190 +0100 -+++ shadow-4.1.4.3/src/usermod.c 2011-11-09 14:11:26.463362076 +0100 -@@ -1787,28 +1787,16 @@ int main (int argc, char **argv) - #ifdef WITH_SELINUX - if (Zflg && *user_selinux) { - if (is_selinux_enabled () > 0) { -- const char *argv[7]; -- -- argv[0] = "/usr/sbin/semanage"; -- argv[1] = "login"; -- argv[2] = "-m"; -- argv[3] = "-s"; -- argv[4] = user_selinux; -- argv[5] = user_name; -- argv[6] = NULL; -- if (safe_system (argv[0], argv, NULL, 1)) { -- argv[2] = "-a"; -- if (safe_system (argv[0], argv, NULL, 0)) { -- fprintf (stderr, -- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -- Prog, user_name, user_selinux); -+ if (set_seuser(user_name, user_selinux)) { -+ fprintf (stderr, -+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -+ Prog, user_name, user_selinux); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "modifying User mapping ", -- user_name, (unsigned int) user_id, 0); -+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ "modifying User mapping ", -+ user_name, (unsigned int) user_id, 0); - #endif -- fail_exit (E_SE_UPDATE); -- } -+ fail_exit (E_SE_UPDATE); - } - } - } diff --git a/shadow-4.1.4.3-man.patch b/shadow-4.1.4.3-man.patch deleted file mode 100644 index 8bca143..0000000 --- a/shadow-4.1.4.3-man.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up shadow-4.1.4.3/man/useradd.8.man shadow-4.1.4.3/man/useradd.8 ---- shadow-4.1.4.3/man/useradd.8.man 2011-11-09 14:30:51.402072168 +0100 -+++ shadow-4.1.4.3/man/useradd.8 2011-11-10 11:09:14.266810444 +0100 -@@ -220,12 +220,12 @@ Create the user\*(Aqs home directory if - \fB\-k\fR - option) will be copied to the home directory\&. - .sp --The home directories are created by default on RHEL/Fedora systems because of /etc/login.defs (\fBCREATE_HOME\fR) setting\&. -+useradd will create the home directory unless \fBCREATE_HOME\fR in /etc/login.defs is set to no\&. - .RE - .PP - \fB\-M\fR - .RS 4 --Do no create the user\*(Aqs home directory, even if the system wide setting from -+Do not create the user\*(Aqs home directory, even if the system wide setting from - /etc/login\&.defs - (\fBCREATE_HOME\fR) is set to - \fIyes\fR\&. -@@ -255,7 +255,7 @@ variable in - Allow the creation of a user account with a duplicate (non\-unique) UID\&. - .sp - This option is only valid in combination with the --\fB\-o\fR -+\fB\-u\fR - option\&. - .RE - .PP diff --git a/shadow-4.1.4.3-nopam.patch b/shadow-4.1.4.3-nopam.patch deleted file mode 100644 index 8307f7e..0000000 --- a/shadow-4.1.4.3-nopam.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up shadow-4.1.4.3/man/ru/Makefile.in.nopam shadow-4.1.4.3/man/ru/Makefile.in ---- shadow-4.1.4.3/man/ru/Makefile.in.nopam 2011-05-20 22:42:23.145018292 +0200 -+++ shadow-4.1.4.3/man/ru/Makefile.in 2011-05-20 22:43:56.654017229 +0200 -@@ -150,7 +150,6 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ - PACKAGE_NAME = @PACKAGE_NAME@ - PACKAGE_STRING = @PACKAGE_STRING@ - PACKAGE_TARNAME = @PACKAGE_TARNAME@ --PACKAGE_URL = @PACKAGE_URL@ - PACKAGE_VERSION = @PACKAGE_VERSION@ - PATH_SEPARATOR = @PATH_SEPARATOR@ - POSUB = @POSUB@ -@@ -222,13 +221,13 @@ target_alias = @target_alias@ - top_build_prefix = @top_build_prefix@ - top_builddir = @top_builddir@ - top_srcdir = @top_srcdir@ --man_MANS = $(man_nopam) chage.1 chfn.1 chgpasswd.8 chpasswd.8 chsh.1 \ -- expiry.1 faillog.5 faillog.8 getspnam.3 gpasswd.1 groupadd.8 \ -- groupdel.8 groupmems.8 groupmod.8 groups.1 grpck.8 grpconv.8 \ -- grpunconv.8 gshadow.5 lastlog.8 login.1 login.defs.5 logoutd.8 \ -- newgrp.1 newusers.8 nologin.8 passwd.1 passwd.5 pwck.8 \ -- pwconv.8 pwunconv.8 sg.1 shadow.3 shadow.5 su.1 suauth.5 \ -- useradd.8 userdel.8 usermod.8 vigr.8 vipw.8 $(am__append_1) -+man_MANS = chage.1 chfn.1 chgpasswd.8 chpasswd.8 chsh.1 expiry.1 \ -+ faillog.5 faillog.8 getspnam.3 gpasswd.1 groupadd.8 groupdel.8 \ -+ groupmems.8 groupmod.8 groups.1 grpck.8 grpconv.8 grpunconv.8 \ -+ gshadow.5 lastlog.8 login.1 login.defs.5 logoutd.8 newgrp.1 \ -+ newusers.8 nologin.8 passwd.1 passwd.5 pwck.8 pwconv.8 \ -+ pwunconv.8 sg.1 shadow.3 shadow.5 su.1 suauth.5 useradd.8 \ -+ userdel.8 usermod.8 vigr.8 vipw.8 $(am__append_1) - man_nopam = \ - limits.5 \ - login.access.5 \ diff --git a/shadow-4.1.4.3-selinux.patch b/shadow-4.1.4.3-selinux.patch deleted file mode 100644 index 25404b3..0000000 --- a/shadow-4.1.4.3-selinux.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up shadow-4.1.4.3/lib/commonio.c.selinux shadow-4.1.4.3/lib/commonio.c ---- shadow-4.1.4.3/lib/commonio.c.selinux 2011-02-13 18:58:23.000000000 +0100 -+++ shadow-4.1.4.3/lib/commonio.c 2011-11-16 17:09:46.615837659 +0100 -@@ -921,10 +921,10 @@ int commonio_close (struct commonio_db * - - #ifdef WITH_SELINUX - if (db->scontext != NULL) { -- if (NULL != old_context) { - if (setfscreatecon (old_context) < 0) { - errors++; - } -+ if (NULL != old_context) { - freecon (old_context); - old_context = NULL; - } diff --git a/shadow-4.1.4.3-semange.patch b/shadow-4.1.4.3-semange.patch deleted file mode 100644 index b10efd0..0000000 --- a/shadow-4.1.4.3-semange.patch +++ /dev/null @@ -1,294 +0,0 @@ -diff -up shadow-4.1.4.3/man/useradd.8.semange shadow-4.1.4.3/man/useradd.8 ---- shadow-4.1.4.3/man/useradd.8.semange 2011-08-02 12:57:47.971838218 +0200 -+++ shadow-4.1.4.3/man/useradd.8 2011-08-02 12:57:47.985838145 +0200 -@@ -640,6 +640,11 @@ can\*(Aqt create home directory - .RS 4 - can\*(Aqt create mail spool - .RE -+.PP -+\fI14\fR -+.RS 4 -+can\'t update SELinux user mapping -+.RE - .SH "SEE ALSO" - .PP - -diff -up shadow-4.1.4.3/man/userdel.8.semange shadow-4.1.4.3/man/userdel.8 ---- shadow-4.1.4.3/man/userdel.8.semange 2011-02-16 00:14:13.000000000 +0100 -+++ shadow-4.1.4.3/man/userdel.8 2011-08-02 12:57:47.985838145 +0200 -@@ -76,6 +76,11 @@ variable in the - login\&.defs - file\&. - .RE -+.PP -+\fB\-Z\fR, \fB\-\-selinux-user\fR -+.RS 4 -+Remove SELinux user assigned to the userĀ“s login from SELinux login mapping. -+.RE - .SH "CONFIGURATION" - .PP - The following configuration variables in -diff -up shadow-4.1.4.3/src/useradd.c.semange shadow-4.1.4.3/src/useradd.c ---- shadow-4.1.4.3/src/useradd.c.semange 2011-08-02 12:57:47.968838234 +0200 -+++ shadow-4.1.4.3/src/useradd.c 2011-08-02 12:58:17.626684439 +0200 -@@ -164,6 +164,7 @@ static bool home_added = false; - #define E_GRP_UPDATE 10 /* can't update group file */ - #define E_HOMEDIR 12 /* can't create home directory */ - #define E_MAIL_SPOOL 13 /* can't create mail spool */ -+#define E_SE_UPDATE 14 /* can't update SELinux user mapping */ - - #define DGROUP "GROUP=" - #define HOME "HOME=" -@@ -181,9 +182,6 @@ static int set_defaults (void); - static int get_groups (char *); - static void usage (void); - static void new_pwent (struct passwd *); --#ifdef WITH_SELINUX --static void selinux_update_mapping (void); --#endif - - static long scale_age (long); - static void new_spent (struct spwd *); -@@ -1710,32 +1708,6 @@ static void usr_update (void) - } - } - --#ifdef WITH_SELINUX --static void selinux_update_mapping (void) { -- if (is_selinux_enabled () <= 0) return; -- -- if (*user_selinux) { /* must be done after passwd write() */ -- const char *argv[7]; -- argv[0] = "/usr/sbin/semanage"; -- argv[1] = "login"; -- argv[2] = "-a"; -- argv[3] = "-s"; -- argv[4] = user_selinux; -- argv[5] = user_name; -- argv[6] = NULL; -- if (safe_system (argv[0], argv, NULL, 0)) { -- fprintf (stderr, -- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -- Prog, user_name, user_selinux); --#ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, -- "adding SELinux user mapping", -- user_name, (unsigned int) user_id, 0); --#endif -- } -- } --} --#endif - /* - * create_home - create the user's home directory - * -@@ -2025,7 +1997,30 @@ int main (int argc, char **argv) - close_files (); - - #ifdef WITH_SELINUX -- selinux_update_mapping (); -+ if (Zflg && *user_selinux) { -+ if (is_selinux_enabled () > 0) { -+ const char *argv[7]; -+ -+ argv[0] = "/usr/sbin/semanage"; -+ argv[1] = "login"; -+ argv[2] = "-a"; -+ argv[3] = "-s"; -+ argv[4] = user_selinux; -+ argv[5] = user_name; -+ argv[6] = NULL; -+ if (safe_system (argv[0], argv, NULL, 0)) { -+ fprintf (stderr, -+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -+ Prog, user_name, user_selinux); -+ #ifdef WITH_AUDIT -+ audit_logger (AUDIT_ADD_USER, Prog, -+ "adding SELinux user mapping", -+ user_name, (unsigned int) user_id, 0); -+ #endif -+ fail_exit (E_SE_UPDATE); -+ } -+ } -+ } - #endif - - nscd_flush_cache ("passwd"); -diff -up shadow-4.1.4.3/src/userdel.c.semange shadow-4.1.4.3/src/userdel.c ---- shadow-4.1.4.3/src/userdel.c.semange 2011-02-13 18:58:16.000000000 +0100 -+++ shadow-4.1.4.3/src/userdel.c 2011-08-02 12:57:47.988838130 +0200 -@@ -82,6 +82,7 @@ static char *user_home; - - static bool fflg = false; - static bool rflg = false; -+static bool Zflg = false; - - static bool is_shadow_pwd; - -@@ -120,6 +121,9 @@ static void usage (void) - " even if not owned by user\n" - " -h, --help display this help message and exit\n" - " -r, --remove remove home directory and mail spool\n" -+#ifdef WITH_SELINUX -+ " -Z, --selinux-user remove SELinux user from SELinux user mapping\n" -+#endif - "\n"), stderr); - exit (E_USAGE); - } -@@ -766,9 +770,17 @@ int main (int argc, char **argv) - {"force", no_argument, NULL, 'f'}, - {"help", no_argument, NULL, 'h'}, - {"remove", no_argument, NULL, 'r'}, -+#ifdef WITH_SELINUX -+ {"selinux-user", required_argument, NULL, 'Z'}, -+#endif - {NULL, 0, NULL, '\0'} - }; -- while ((c = getopt_long (argc, argv, "fhr", -+ while ((c = getopt_long (argc, argv, -+#ifdef WITH_SELINUX -+ "fhrZ", -+#else -+ "fhr", -+#endif - long_options, NULL)) != -1) { - switch (c) { - case 'f': /* force remove even if not owned by user */ -@@ -777,6 +789,19 @@ int main (int argc, char **argv) - case 'r': /* remove home dir and mailbox */ - rflg = true; - break; -+#ifdef WITH_SELINUX -+ case 'Z': -+ if (is_selinux_enabled () > 0) { -+ Zflg = true; -+ } else { -+ fprintf (stderr, -+ _("%s: -Z requires SELinux enabled kernel\n"), -+ Prog); -+ -+ exit (E_BAD_ARG); -+ } -+ break; -+#endif - default: - usage (); - } -@@ -975,14 +1000,16 @@ int main (int argc, char **argv) - #endif - - #ifdef WITH_SELINUX -- if (is_selinux_enabled () > 0) { -- const char *args[5]; -- args[0] = "/usr/sbin/semanage"; -- args[1] = "login"; -- args[2] = "-d"; -- args[3] = user_name; -- args[4] = NULL; -- safe_system (args[0], args, NULL, 1); -+ if (Zflg) { -+ if (is_selinux_enabled () > 0) { -+ const char *args[5]; -+ args[0] = "/usr/sbin/semanage"; -+ args[1] = "login"; -+ args[2] = "-d"; -+ args[3] = user_name; -+ args[4] = NULL; -+ safe_system (args[0], args, NULL, 1); -+ } - } - #endif - -diff -up shadow-4.1.4.3/src/usermod.c.semange shadow-4.1.4.3/src/usermod.c ---- shadow-4.1.4.3/src/usermod.c.semange 2011-02-13 18:58:16.000000000 +0100 -+++ shadow-4.1.4.3/src/usermod.c 2011-08-02 12:57:47.989838125 +0200 -@@ -82,6 +82,9 @@ - #define E_GRP_UPDATE 10 /* can't update group file */ - /* #define E_NOSPACE 11 insufficient space to move home dir */ - #define E_HOMEDIR 12 /* unable to complete home dir move */ -+#define E_SE_UPDATE 13 /* can't update SELinux user mapping */ -+ -+ - #define VALID(s) (strcspn (s, ":\n") == strlen (s)) - /* - * Global variables -@@ -151,9 +154,6 @@ static void date_to_str (char *buf, size - static int get_groups (char *); - static void usage (void); - static void new_pwent (struct passwd *); --#ifdef WITH_SELINUX --static void selinux_update_mapping (void); --#endif - - static void new_spent (struct spwd *); - static void fail_exit (int); -@@ -1785,8 +1785,32 @@ int main (int argc, char **argv) - nscd_flush_cache ("group"); - - #ifdef WITH_SELINUX -- if (Zflg) { -- selinux_update_mapping (); -+ if (Zflg && *user_selinux) { -+ if (is_selinux_enabled () > 0) { -+ const char *argv[7]; -+ -+ argv[0] = "/usr/sbin/semanage"; -+ argv[1] = "login"; -+ argv[2] = "-m"; -+ argv[3] = "-s"; -+ argv[4] = user_selinux; -+ argv[5] = user_name; -+ argv[6] = NULL; -+ if (safe_system (argv[0], argv, NULL, 1)) { -+ argv[2] = "-a"; -+ if (safe_system (argv[0], argv, NULL, 0)) { -+ fprintf (stderr, -+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -+ Prog, user_name, user_selinux); -+ #ifdef WITH_AUDIT -+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ "modifying User mapping ", -+ user_name, (unsigned int) user_id, 0); -+ #endif -+ fail_exit (E_SE_UPDATE); -+ } -+ } -+ } - } - #endif - -@@ -1816,34 +1840,3 @@ int main (int argc, char **argv) - return E_SUCCESS; - } - --#ifdef WITH_SELINUX --static void selinux_update_mapping (void) { -- const char *argv[7]; -- -- if (is_selinux_enabled () <= 0) return; -- -- if (*user_selinux) { -- argv[0] = "/usr/sbin/semanage"; -- argv[1] = "login"; -- argv[2] = "-m"; -- argv[3] = "-s"; -- argv[4] = user_selinux; -- argv[5] = user_name; -- argv[6] = NULL; -- if (safe_system (argv[0], argv, NULL, 1)) { -- argv[2] = "-a"; -- if (safe_system (argv[0], argv, NULL, 0)) { -- fprintf (stderr, -- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -- Prog, user_name, user_selinux); --#ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "modifying User mapping ", -- user_name, (unsigned int) user_id, 0); --#endif -- } -- } -- } --} --#endif -- diff --git a/shadow-4.1.4.3-goodname.patch b/shadow-4.1.5-goodname.patch similarity index 71% rename from shadow-4.1.4.3-goodname.patch rename to shadow-4.1.5-goodname.patch index 7e1ba24..81f27b0 100644 --- a/shadow-4.1.4.3-goodname.patch +++ b/shadow-4.1.5-goodname.patch @@ -1,6 +1,6 @@ -diff -up shadow-4.1.4.3/libmisc/chkname.c.goodname shadow-4.1.4.3/libmisc/chkname.c ---- shadow-4.1.4.3/libmisc/chkname.c.goodname 2011-02-13 18:58:11.000000000 +0100 -+++ shadow-4.1.4.3/libmisc/chkname.c 2011-05-18 20:38:50.639341048 +0200 +diff -up shadow-4.1.5/libmisc/chkname.c.goodname shadow-4.1.5/libmisc/chkname.c +--- shadow-4.1.5/libmisc/chkname.c.goodname 2009-04-28 21:14:04.000000000 +0200 ++++ shadow-4.1.5/libmisc/chkname.c 2012-03-19 09:52:12.910605026 +0100 @@ -49,20 +49,28 @@ static bool is_valid_name (const char *name) { @@ -40,24 +40,24 @@ diff -up shadow-4.1.4.3/libmisc/chkname.c.goodname shadow-4.1.4.3/libmisc/chknam return false; } } -diff -up shadow-4.1.4.3/man/groupadd.8.goodname shadow-4.1.4.3/man/groupadd.8 ---- shadow-4.1.4.3/man/groupadd.8.goodname 2011-02-16 00:12:34.000000000 +0100 -+++ shadow-4.1.4.3/man/groupadd.8 2011-05-18 20:42:53.204324534 +0200 -@@ -162,9 +162,7 @@ Shadow password suite configuration\&. +diff -up shadow-4.1.5/man/groupadd.8.goodname shadow-4.1.5/man/groupadd.8 +--- shadow-4.1.5/man/groupadd.8.goodname 2012-02-12 22:27:42.000000000 +0100 ++++ shadow-4.1.5/man/groupadd.8 2012-03-19 09:56:17.113723732 +0100 +@@ -181,9 +181,7 @@ Shadow password suite configuration\&. .RE .SH "CAVEATS" .PP -Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? -.PP --Groupnames may only be up to characters long\&. +-Groupnames may only be up to 16 characters long\&. +Groupnames may only be up to 32 characters long\&. .PP You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&. .PP -diff -up shadow-4.1.4.3/man/useradd.8.goodname shadow-4.1.4.3/man/useradd.8 ---- shadow-4.1.4.3/man/useradd.8.goodname 2011-05-18 20:38:50.635376546 +0200 -+++ shadow-4.1.4.3/man/useradd.8 2011-05-18 20:38:50.641332694 +0200 -@@ -414,8 +414,6 @@ Similarly, if the username already exist +diff -up shadow-4.1.5/man/useradd.8.goodname shadow-4.1.5/man/useradd.8 +--- shadow-4.1.5/man/useradd.8.goodname 2012-02-12 22:28:02.000000000 +0100 ++++ shadow-4.1.5/man/useradd.8 2012-03-19 09:52:12.911605018 +0100 +@@ -421,8 +421,6 @@ Similarly, if the username already exist \fBuseradd\fR will deny the user account creation request\&. .PP diff --git a/shadow-4.1.5-grremove.patch b/shadow-4.1.5-grremove.patch new file mode 100644 index 0000000..09e673a --- /dev/null +++ b/shadow-4.1.5-grremove.patch @@ -0,0 +1,45 @@ +diff -up shadow-4.1.5/src/userdel.c.grremove shadow-4.1.5/src/userdel.c +--- shadow-4.1.5/src/userdel.c.grremove 2012-03-20 12:19:13.260854838 +0100 ++++ shadow-4.1.5/src/userdel.c 2012-03-20 12:38:26.235622957 +0100 +@@ -333,22 +333,22 @@ static void remove_usergroup (void) + * We can remove this group, it is not the primary + * group of any remaining user. + */ +- if (gr_remove (grp->gr_name) == 0) { ++ if (gr_remove (user_name) == 0) { + fprintf (stderr, + _("%s: cannot remove entry '%s' from %s\n"), +- Prog, grp->gr_name, gr_dbname ()); ++ Prog, user_name, gr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + + #ifdef WITH_AUDIT + audit_logger (AUDIT_DEL_GROUP, Prog, + "deleting group", +- grp->gr_name, AUDIT_NO_ID, ++ user_name, AUDIT_NO_ID, + SHADOW_AUDIT_SUCCESS); + #endif /* WITH_AUDIT */ + SYSLOG ((LOG_INFO, + "removed group '%s' owned by '%s'\n", +- grp->gr_name, user_name)); ++ user_name, user_name)); + + #ifdef SHADOWGRP + if (sgr_locate (user_name) != NULL) { +@@ -361,12 +361,12 @@ static void remove_usergroup (void) + #ifdef WITH_AUDIT + audit_logger (AUDIT_DEL_GROUP, Prog, + "deleting shadow group", +- grp->gr_name, AUDIT_NO_ID, ++ user_name, AUDIT_NO_ID, + SHADOW_AUDIT_SUCCESS); + #endif /* WITH_AUDIT */ + SYSLOG ((LOG_INFO, + "removed shadow group '%s' owned by '%s'\n", +- grp->gr_name, user_name)); ++ user_name, user_name)); + + } + #endif /* SHADOWGRP */ diff --git a/shadow-4.1.5-man.patch b/shadow-4.1.5-man.patch new file mode 100644 index 0000000..f0fa089 --- /dev/null +++ b/shadow-4.1.5-man.patch @@ -0,0 +1,12 @@ +diff -up shadow-4.1.5/man/useradd.8.man shadow-4.1.5/man/useradd.8 +--- shadow-4.1.5/man/useradd.8.man 2012-03-19 13:06:48.000000000 +0100 ++++ shadow-4.1.5/man/useradd.8 2012-03-19 13:07:44.540169270 +0100 +@@ -215,7 +215,7 @@ is not enabled, no home directories are + .PP + \fB\-M\fR + .RS 4 +-Do no create the user\*(Aqs home directory, even if the system wide setting from ++Do not create the user\*(Aqs home directory, even if the system wide setting from + /etc/login\&.defs + (\fBCREATE_HOME\fR) is set to + \fIyes\fR\&. diff --git a/shadow-4.1.5-redhat.patch b/shadow-4.1.5-redhat.patch new file mode 100644 index 0000000..a785b29 --- /dev/null +++ b/shadow-4.1.5-redhat.patch @@ -0,0 +1,42 @@ +diff -up shadow-4.1.5/man/useradd.8.redhat shadow-4.1.5/man/useradd.8 +diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c +--- shadow-4.1.5/src/useradd.c.redhat 2011-12-09 23:23:15.000000000 +0100 ++++ shadow-4.1.5/src/useradd.c 2012-03-19 09:50:05.227588669 +0100 +@@ -93,7 +93,7 @@ const char *Prog; + static gid_t def_group = 100; + static const char *def_gname = "other"; + static const char *def_home = "/home"; +-static const char *def_shell = ""; ++static const char *def_shell = "/sbin/nologin"; + static const char *def_template = SKEL_DIR; + static const char *def_create_mail_spool = "no"; + +@@ -103,7 +103,7 @@ static const char *def_expire = ""; + #define VALID(s) (strcspn (s, ":\n") == strlen (s)) + + static const char *user_name = ""; +-static const char *user_pass = "!"; ++static const char *user_pass = "!!"; + static uid_t user_id; + static gid_t user_gid; + static const char *user_comment = ""; +@@ -1011,9 +1011,9 @@ static void process_flags (int argc, cha + }; + while ((c = getopt_long (argc, argv, + #ifdef WITH_SELINUX +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", ++ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:", + #else /* !WITH_SELINUX */ +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", ++ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U", + #endif /* !WITH_SELINUX */ + long_options, NULL)) != -1) { + switch (c) { +@@ -1164,6 +1164,7 @@ static void process_flags (int argc, cha + case 'M': + Mflg = true; + break; ++ case 'n': + case 'N': + Nflg = true; + break; diff --git a/shadow-4.1.4.3-uflg.patch b/shadow-4.1.5-uflg.patch similarity index 52% rename from shadow-4.1.4.3-uflg.patch rename to shadow-4.1.5-uflg.patch index 1c9f58f..f72bca3 100644 --- a/shadow-4.1.4.3-uflg.patch +++ b/shadow-4.1.5-uflg.patch @@ -1,16 +1,16 @@ -diff -up shadow-4.1.4.3/libmisc/find_new_gid.c.uflg shadow-4.1.4.3/libmisc/find_new_gid.c ---- shadow-4.1.4.3/libmisc/find_new_gid.c.uflg 2011-05-20 21:18:24.474018778 +0200 -+++ shadow-4.1.4.3/libmisc/find_new_gid.c 2011-05-20 21:18:43.178018729 +0200 -@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group, - gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL); - gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL); +diff -up shadow-4.1.5/libmisc/find_new_gid.c.uflg shadow-4.1.5/libmisc/find_new_gid.c +--- shadow-4.1.5/libmisc/find_new_gid.c.uflg 2011-07-30 01:10:27.000000000 +0200 ++++ shadow-4.1.5/libmisc/find_new_gid.c 2012-03-19 12:51:46.090554116 +0100 +@@ -68,7 +68,7 @@ int find_new_gid (bool sys_group, + return -1; + } } else { - gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL); + gid_min = (gid_t) 1; gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1; gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max); - } -@@ -80,6 +80,10 @@ int find_new_gid (bool sys_group, + if (gid_max < gid_min) { +@@ -100,6 +100,10 @@ int find_new_gid (bool sys_group, return 0; } diff --git a/shadow-utils.spec b/shadow-utils.spec index e1c6054..11c5f0e 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,29 +1,18 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils -Version: 4.1.4.3 -Release: 14%{?dist} +Version: 4.1.5 +Release: 1%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 Source1: shadow-utils.login.defs Source2: shadow-utils.useradd -Patch0: shadow-4.1.4.2-redhat.patch -Patch1: shadow-4.1.4.3-goodname.patch -Patch2: shadow-4.1.4.2-leak.patch -Patch3: shadow-4.1.4.2-fixes.patch -Patch4: shadow-4.1.4.2-infoParentDir.patch -Patch5: shadow-4.1.4.3-semange.patch -Patch6: shadow-4.1.4.2-acl.patch -Patch7: shadow-4.1.4.2-underflow.patch -Patch8: shadow-4.1.4.3-uflg.patch -Patch9: shadow-4.1.4.2-gshadow.patch -Patch10: shadow-4.1.4.3-nopam.patch -Patch11: shadow-4.1.4.3-IDs.patch -#696213 #674878 #739147 -Patch12: shadow-4.1.4.3-man.patch -#749205 -Patch13: shadow-4.1.4.3-libsemanage.patch -Patch14: shadow-4.1.4.3-selinux.patch +Patch0: shadow-4.1.5-redhat.patch +Patch1: shadow-4.1.5-goodname.patch +Patch2: shadow-4.1.4.2-infoParentDir.patch +Patch3: shadow-4.1.5-uflg.patch +Patch4: shadow-4.1.5-man.patch +Patch5: shadow-4.1.5-grremove.patch License: BSD and GPLv2+ Group: System Environment/Base BuildRequires: libselinux-devel >= 1.25.2-1 @@ -54,19 +43,11 @@ are used for managing group accounts. %setup -q -n shadow-%{version} %patch0 -p1 -b .redhat %patch1 -p1 -b .goodname -%patch2 -p1 -b .leak -%patch3 -p1 -b .fixes -%patch4 -p1 -b .infoParentDir -%patch5 -p1 -b .semange -%patch6 -p1 -b .acl -%patch7 -p1 -b .underflow -%patch8 -p1 -b .uflg -%patch9 -p1 -b .gshadow -%patch10 -p1 -b .nopam -%patch11 -p1 -b .IDs -%patch12 -p1 -b .man -%patch13 -p1 -b .libsemanage -%patch14 -p1 -b .selinux +%patch2 -p1 -b .infoParentDir +%patch3 -p1 -b .uflg +%patch4 -p1 -b .man +%patch5 -p1 -b .grremove + iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -176,23 +157,6 @@ for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do echo "%%lang($lang) $dir/man*/*" >> shadow.lang done -# Make sure old configuration files specifying UID_MIN=500 are not overwritten -# on upgrades. Remove the scriptlets after upgrades from Fedora 15 are no -# longer supported. -%pre -if [ "$1" -gt 1 ]; then - hash=$(md5sum %{_sysconfdir}/login.defs | cut -d ' ' -f 1) - if [ "$hash" = 111354806cbbee33a73fa4d538055510 ]; then - cp -a %{_sysconfdir}/login.defs{,.rpm-saved-in-pre} - fi -fi - -%post -if [ -e %{_sysconfdir}/login.defs.rpm-saved-in-pre ]; then - mv %{_sysconfdir}/login.defs{,.rpmnew} - mv %{_sysconfdir}/login.defs{.rpm-saved-in-pre,} -fi - %clean rm -rf $RPM_BUILD_ROOT @@ -238,6 +202,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Mon Mar 19 2012 Peter Vrabec - 2:4.1.5-1 +- upgrade + * Tue Feb 07 2012 Peter Vrabec - 2:4.1.4.3-14 - compile with PIE and RELRO flags (#784349) diff --git a/sources b/sources index d82ed7b..0afb6c5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b8608d8294ac88974f27b20f991c0e79 shadow-4.1.4.3.tar.bz2 +d5f7a588fadb79faeb4b08b1eee82e9a shadow-4.1.5.tar.bz2