From 6c18d5356b64b72ec7c47962d3d06d70a9b6338d Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 23 Aug 2016 16:06:06 +0200 Subject: [PATCH] Update patches for rebase --- shadow-4.2.1-lastlog-unexpire.patch | 249 ------------------ shadow-4.2.1-user-busy.patch | 48 ---- ...e.patch => shadow-4.3.1-audit-update.patch | 190 ++++++------- ...ot.patch => shadow-4.3.1-defs-chroot.patch | 12 +- ...-manfix.patch => shadow-4.3.1-manfix.patch | 52 ++-- ....patch => shadow-4.3.1-selinux-perms.patch | 35 +-- 6 files changed, 134 insertions(+), 452 deletions(-) delete mode 100644 shadow-4.2.1-lastlog-unexpire.patch delete mode 100644 shadow-4.2.1-user-busy.patch rename shadow-4.2.1-audit-update.patch => shadow-4.3.1-audit-update.patch (92%) rename shadow-4.2.1-defs-chroot.patch => shadow-4.3.1-defs-chroot.patch (60%) rename shadow-4.2.1-manfix.patch => shadow-4.3.1-manfix.patch (81%) rename shadow-4.2.1-selinux-perms.patch => shadow-4.3.1-selinux-perms.patch (79%) diff --git a/shadow-4.2.1-lastlog-unexpire.patch b/shadow-4.2.1-lastlog-unexpire.patch deleted file mode 100644 index 2596820..0000000 --- a/shadow-4.2.1-lastlog-unexpire.patch +++ /dev/null @@ -1,249 +0,0 @@ -diff -up shadow-4.2.1/man/lastlog.8.xml.unexpire shadow-4.2.1/man/lastlog.8.xml ---- shadow-4.2.1/man/lastlog.8.xml.unexpire 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/man/lastlog.8.xml 2016-02-03 11:50:20.481293785 +0100 -@@ -105,6 +105,17 @@ - - - -+ , -+ -+ -+ -+ Clear lastlog record of an user. This option can be used only together -+ with ()). -+ -+ -+ -+ -+ - , - - -@@ -123,6 +134,17 @@ - - - -+ -+ -+ , -+ -+ -+ -+ Set lastlog record of an user to the current time. This option can be -+ used only together with ()). -+ -+ -+ - - - ,  DAYS -diff -up shadow-4.2.1/src/lastlog.c.unexpire shadow-4.2.1/src/lastlog.c ---- shadow-4.2.1/src/lastlog.c.unexpire 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/src/lastlog.c 2016-02-03 11:35:26.971273603 +0100 -@@ -71,6 +71,8 @@ static struct stat statbuf; /* fstat buf - static bool uflg = false; /* print only an user of range of users */ - static bool tflg = false; /* print is restricted to most recent days */ - static bool bflg = false; /* print excludes most recent days */ -+static bool Cflg = false; /* clear record for user */ -+static bool Sflg = false; /* set record for user */ - - #define NOW (time ((time_t *) 0)) - -@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int sta - "Options:\n"), - Prog); - (void) fputs (_(" -b, --before DAYS print only lastlog records older than DAYS\n"), usageout); -+ (void) fputs (_(" -C, --clear clear lastlog record of an user (usable only with -u)\n"), usageout); - (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -+ (void) fputs (_(" -S, --set set lastlog record to current time (usable only with -u)\n"), usageout); - (void) fputs (_(" -t, --time DAYS print only lastlog records more recent than DAYS\n"), usageout); - (void) fputs (_(" -u, --user LOGIN print lastlog record of the specified LOGIN\n"), usageout); - (void) fputs ("\n", usageout); -@@ -194,6 +198,80 @@ static void print (void) - } - } - -+static void update_one (/*@null@*/const struct passwd *pw) -+{ -+ off_t offset; -+ struct lastlog ll; -+ int err; -+ -+ if (NULL == pw) { -+ return; -+ } -+ -+ offset = (off_t) pw->pw_uid * sizeof (ll); -+ /* fseeko errors are not really relevant for us. */ -+ err = fseeko (lastlogfile, offset, SEEK_SET); -+ assert (0 == err); -+ -+ memzero (&ll, sizeof (ll)); -+ -+ if (Sflg) { -+ ll.ll_time = NOW; -+#ifdef HAVE_LL_HOST -+ strcpy (ll.ll_host, "localhost"); -+#endif -+ strcpy (ll.ll_line, "lastlog"); -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_ACCT_UNLOCK, Prog, -+ "clearing-lastlog", -+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS); -+#endif -+ } -+#ifdef WITH_AUDIT -+ else { -+ audit_logger (AUDIT_ACCT_UNLOCK, Prog, -+ "refreshing-lastlog", -+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS); -+ } -+#endif -+ -+ if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) { -+ fprintf (stderr, -+ _("%s: Failed to update the entry for UID %lu\n"), -+ Prog, (unsigned long int)pw->pw_uid); -+ exit (EXIT_FAILURE); -+ } -+} -+ -+static void update (void) -+{ -+ const struct passwd *pwent; -+ -+ if (!uflg) /* safety measure */ -+ return; -+ -+ if (has_umin && has_umax && (umin == umax)) { -+ update_one (getpwuid ((uid_t)umin)); -+ } else { -+ setpwent (); -+ while ( (pwent = getpwent ()) != NULL ) { -+ if ((has_umin && (pwent->pw_uid < (uid_t)umin)) -+ || (has_umax && (pwent->pw_uid > (uid_t)umax))) { -+ continue; -+ } -+ update_one (pwent); -+ } -+ endpwent (); -+ } -+ -+ if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) { -+ fprintf (stderr, -+ _("%s: Failed to update the lastlog file\n"), -+ Prog); -+ exit (EXIT_FAILURE); -+ } -+} -+ - int main (int argc, char **argv) - { - /* -@@ -208,18 +286,24 @@ int main (int argc, char **argv) - - process_root_flag ("-R", argc, argv); - -+#ifdef WITH_AUDIT -+ audit_help_open (); -+#endif -+ - { - int c; - static struct option const longopts[] = { - {"before", required_argument, NULL, 'b'}, -+ {"clear", no_argument, NULL, 'C'}, - {"help", no_argument, NULL, 'h'}, - {"root", required_argument, NULL, 'R'}, -+ {"set", no_argument, NULL, 'S'}, - {"time", required_argument, NULL, 't'}, - {"user", required_argument, NULL, 'u'}, - {NULL, 0, NULL, '\0'} - }; - -- while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts, -+ while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts, - NULL)) != -1) { - switch (c) { - case 'b': -@@ -235,11 +319,21 @@ int main (int argc, char **argv) - bflg = true; - break; - } -+ case 'C': -+ { -+ Cflg = true; -+ break; -+ } - case 'h': - usage (EXIT_SUCCESS); - /*@notreached@*/break; - case 'R': /* no-op, handled in process_root_flag () */ - break; -+ case 'S': -+ { -+ Sflg = true; -+ break; -+ } - case 't': - { - unsigned long days; -@@ -294,9 +388,21 @@ int main (int argc, char **argv) - Prog, argv[optind]); - usage (EXIT_FAILURE); - } -+ if (Cflg && Sflg) { -+ fprintf (stderr, -+ _("%s: Option -C cannot be used together with option -S\n"), -+ Prog); -+ usage (EXIT_FAILURE); -+ } -+ if ((Cflg || Sflg) && !uflg) { -+ fprintf (stderr, -+ _("%s: Options -C and -S require option -u to specify the user\n"), -+ Prog); -+ usage (EXIT_FAILURE); -+ } - } - -- lastlogfile = fopen (LASTLOG_FILE, "r"); -+ lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r"); - if (NULL == lastlogfile) { - perror (LASTLOG_FILE); - exit (EXIT_FAILURE); -@@ -310,7 +416,10 @@ int main (int argc, char **argv) - exit (EXIT_FAILURE); - } - -- print (); -+ if (Cflg || Sflg) -+ update (); -+ else -+ print (); - - (void) fclose (lastlogfile); - -diff -up shadow-4.2.1/src/Makefile.am.unexpire shadow-4.2.1/src/Makefile.am ---- shadow-4.2.1/src/Makefile.am.unexpire 2014-05-08 10:43:11.000000000 +0200 -+++ shadow-4.2.1/src/Makefile.am 2016-02-03 11:35:26.971273603 +0100 -@@ -95,6 +95,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) - grpck_LDADD = $(LDADD) $(LIBSELINUX) - grpconv_LDADD = $(LDADD) $(LIBSELINUX) - grpunconv_LDADD = $(LDADD) $(LIBSELINUX) -+lastlog_LDADD = $(LDADD) $(LIBAUDIT) - login_SOURCES = \ - login.c \ - login_nopam.c -diff -up shadow-4.2.1/src/Makefile.in.unexpire shadow-4.2.1/src/Makefile.in ---- shadow-4.2.1/src/Makefile.in.unexpire 2014-05-09 18:49:48.000000000 +0200 -+++ shadow-4.2.1/src/Makefile.in 2016-02-03 11:35:26.972273609 +0100 -@@ -197,7 +197,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1) - $(top_builddir)/lib/libshadow.la - lastlog_SOURCES = lastlog.c - lastlog_OBJECTS = lastlog.$(OBJEXT) --lastlog_LDADD = $(LDADD) -+lastlog_LDADD = $(LDADD) $(LIBAUDIT) - lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(top_builddir)/libmisc/libmisc.a \ - $(top_builddir)/lib/libshadow.la diff --git a/shadow-4.2.1-user-busy.patch b/shadow-4.2.1-user-busy.patch deleted file mode 100644 index ee7e41a..0000000 --- a/shadow-4.2.1-user-busy.patch +++ /dev/null @@ -1,48 +0,0 @@ -From d2fa8c5d4b0b19445562daf78d3a62421fe8d6b8 Mon Sep 17 00:00:00 2001 -From: Bastian Blank -Date: Tue, 17 Nov 2015 10:52:24 -0600 -Subject: [PATCH] Fix user busy errors at userdel - -From: Bastian Blank -Acked-by: Serge Hallyn ---- - libmisc/user_busy.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/libmisc/user_busy.c b/libmisc/user_busy.c -index db7174a..0db32c3 100644 ---- a/libmisc/user_busy.c -+++ b/libmisc/user_busy.c -@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid) - if (stat ("/", &sbroot) != 0) { - perror ("stat (\"/\")"); - (void) closedir (proc); -+#ifdef ENABLE_SUBIDS -+ sub_uid_close(); -+#endif - return 0; - } - -@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid) - - if (check_status (name, tmp_d_name, uid) != 0) { - (void) closedir (proc); -+#ifdef ENABLE_SUBIDS -+ sub_uid_close(); -+#endif - fprintf (stderr, - _("%s: user %s is currently used by process %d\n"), - Prog, name, pid); -@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid) - } - if (check_status (name, task_path+6, uid) != 0) { - (void) closedir (proc); -+#ifdef ENABLE_SUBIDS -+ sub_uid_close(); -+#endif - fprintf (stderr, - _("%s: user %s is currently used by process %d\n"), - Prog, name, pid); --- -2.5.0 - diff --git a/shadow-4.2.1-audit-update.patch b/shadow-4.3.1-audit-update.patch similarity index 92% rename from shadow-4.2.1-audit-update.patch rename to shadow-4.3.1-audit-update.patch index 8f2edf8..e708f75 100644 --- a/shadow-4.2.1-audit-update.patch +++ b/shadow-4.3.1-audit-update.patch @@ -1,6 +1,6 @@ -diff -up shadow-4.2.1/libmisc/audit_help.c.audit-update shadow-4.2.1/libmisc/audit_help.c ---- shadow-4.2.1/libmisc/audit_help.c.audit-update 2014-03-01 18:50:05.000000000 +0100 -+++ shadow-4.2.1/libmisc/audit_help.c 2014-11-26 15:06:24.663660558 +0100 +diff -up shadow-4.3.1/libmisc/audit_help.c.audit-update shadow-4.3.1/libmisc/audit_help.c +--- shadow-4.3.1/libmisc/audit_help.c.audit-update 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/libmisc/audit_help.c 2016-08-22 17:21:15.442291139 +0200 @@ -68,7 +68,7 @@ void audit_help_open (void) * This function will log a message to the audit system using a predefined * message format. Parameter usage is as follows: @@ -50,9 +50,9 @@ diff -up shadow-4.2.1/libmisc/audit_help.c.audit-update shadow-4.2.1/libmisc/aud void audit_logger_message (const char *message, shadow_audit_result result) { if (audit_fd < 0) { -diff -up shadow-4.2.1/libmisc/cleanup_group.c.audit-update shadow-4.2.1/libmisc/cleanup_group.c ---- shadow-4.2.1/libmisc/cleanup_group.c.audit-update 2014-03-01 18:50:05.000000000 +0100 -+++ shadow-4.2.1/libmisc/cleanup_group.c 2014-11-26 15:06:24.663660558 +0100 +diff -up shadow-4.3.1/libmisc/cleanup_group.c.audit-update shadow-4.3.1/libmisc/cleanup_group.c +--- shadow-4.3.1/libmisc/cleanup_group.c.audit-update 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/libmisc/cleanup_group.c 2016-08-22 17:21:15.443291142 +0200 @@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle gr_dbname (), info->action)); @@ -131,9 +131,9 @@ diff -up shadow-4.2.1/libmisc/cleanup_group.c.audit-update shadow-4.2.1/libmisc/ SHADOW_AUDIT_FAILURE); #endif } -diff -up shadow-4.2.1/libmisc/cleanup_user.c.audit-update shadow-4.2.1/libmisc/cleanup_user.c ---- shadow-4.2.1/libmisc/cleanup_user.c.audit-update 2014-03-01 18:50:05.000000000 +0100 -+++ shadow-4.2.1/libmisc/cleanup_user.c 2014-11-26 15:06:24.663660558 +0100 +diff -up shadow-4.3.1/libmisc/cleanup_user.c.audit-update shadow-4.3.1/libmisc/cleanup_user.c +--- shadow-4.3.1/libmisc/cleanup_user.c.audit-update 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/libmisc/cleanup_user.c 2016-08-22 17:21:15.443291142 +0200 @@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl pw_dbname (), info->action)); @@ -181,9 +181,9 @@ diff -up shadow-4.2.1/libmisc/cleanup_user.c.audit-update shadow-4.2.1/libmisc/c SHADOW_AUDIT_FAILURE); #endif } -diff -up shadow-4.2.1/lib/prototypes.h.audit-update shadow-4.2.1/lib/prototypes.h ---- shadow-4.2.1/lib/prototypes.h.audit-update 2014-11-26 15:06:24.644660498 +0100 -+++ shadow-4.2.1/lib/prototypes.h 2014-11-26 15:06:24.663660558 +0100 +diff -up shadow-4.3.1/lib/prototypes.h.audit-update shadow-4.3.1/lib/prototypes.h +--- shadow-4.3.1/lib/prototypes.h.audit-update 2016-08-22 17:21:15.406291044 +0200 ++++ shadow-4.3.1/lib/prototypes.h 2016-08-22 17:21:15.443291142 +0200 @@ -208,12 +208,21 @@ extern int audit_fd; extern void audit_help_open (void); /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */ @@ -206,9 +206,9 @@ diff -up shadow-4.2.1/lib/prototypes.h.audit-update shadow-4.2.1/lib/prototypes. void audit_logger_message (const char *message, shadow_audit_result result); #endif -diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c ---- shadow-4.2.1/src/gpasswd.c.audit-update 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/src/gpasswd.c 2014-11-26 15:06:24.664660561 +0100 +diff -up shadow-4.3.1/src/gpasswd.c.audit-update shadow-4.3.1/src/gpasswd.c +--- shadow-4.3.1/src/gpasswd.c.audit-update 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/src/gpasswd.c 2016-08-22 17:21:15.444291144 +0200 @@ -137,7 +137,7 @@ static void usage (int status) (void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); @@ -218,7 +218,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c (void) fputs (_(" -R, --restrict restrict access to GROUP to its members\n"), usageout); (void) fputs (_(" -M, --members USER,... set the list of members of GROUP\n"), usageout); #ifdef SHADOWGRP -@@ -397,21 +397,14 @@ static void open_files (void) +@@ -396,21 +396,14 @@ static void open_files (void) static void log_gpasswd_failure (const char *suffix) { @@ -243,7 +243,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (dflg) { -@@ -419,13 +412,9 @@ static void log_gpasswd_failure (const c +@@ -418,13 +411,9 @@ static void log_gpasswd_failure (const c "%s failed to remove user %s from group %s%s", myname, user, group, suffix)); #ifdef WITH_AUDIT @@ -260,7 +260,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (rflg) { -@@ -433,13 +422,9 @@ static void log_gpasswd_failure (const c +@@ -432,13 +421,9 @@ static void log_gpasswd_failure (const c "%s failed to remove password of group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT @@ -277,7 +277,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (Rflg) { -@@ -447,13 +432,9 @@ static void log_gpasswd_failure (const c +@@ -446,13 +431,9 @@ static void log_gpasswd_failure (const c "%s failed to restrict access to group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT @@ -294,7 +294,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (Aflg || Mflg) { -@@ -463,13 +444,9 @@ static void log_gpasswd_failure (const c +@@ -462,13 +443,9 @@ static void log_gpasswd_failure (const c "%s failed to set the administrators of group %s to %s%s", myname, group, admins, suffix)); #ifdef WITH_AUDIT @@ -311,7 +311,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } -@@ -479,13 +456,9 @@ static void log_gpasswd_failure (const c +@@ -478,13 +455,9 @@ static void log_gpasswd_failure (const c "%s failed to set the members of group %s to %s%s", myname, group, members, suffix)); #ifdef WITH_AUDIT @@ -328,7 +328,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } -@@ -494,13 +467,9 @@ static void log_gpasswd_failure (const c +@@ -493,13 +466,9 @@ static void log_gpasswd_failure (const c "%s failed to change password of group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT @@ -345,7 +345,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } -@@ -531,21 +500,14 @@ static void log_gpasswd_failure_gshadow +@@ -530,21 +499,14 @@ static void log_gpasswd_failure_gshadow static void log_gpasswd_success (const char *suffix) { @@ -370,7 +370,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (dflg) { -@@ -553,13 +515,9 @@ static void log_gpasswd_success (const c +@@ -552,13 +514,9 @@ static void log_gpasswd_success (const c "user %s removed by %s from group %s%s", user, myname, group, suffix)); #ifdef WITH_AUDIT @@ -387,7 +387,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (rflg) { -@@ -567,13 +525,9 @@ static void log_gpasswd_success (const c +@@ -566,13 +524,9 @@ static void log_gpasswd_success (const c "password of group %s removed by %s%s", group, myname, suffix)); #ifdef WITH_AUDIT @@ -404,7 +404,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (Rflg) { -@@ -581,13 +535,9 @@ static void log_gpasswd_success (const c +@@ -580,13 +534,9 @@ static void log_gpasswd_success (const c "access to group %s restricted by %s%s", group, myname, suffix)); #ifdef WITH_AUDIT @@ -421,7 +421,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (Aflg || Mflg) { -@@ -597,13 +547,9 @@ static void log_gpasswd_success (const c +@@ -596,13 +546,9 @@ static void log_gpasswd_success (const c "administrators of group %s set by %s to %s%s", group, myname, admins, suffix)); #ifdef WITH_AUDIT @@ -438,7 +438,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -@@ -613,13 +559,9 @@ static void log_gpasswd_success (const c +@@ -612,13 +558,9 @@ static void log_gpasswd_success (const c "members of group %s set by %s to %s%s", group, myname, members, suffix)); #ifdef WITH_AUDIT @@ -455,7 +455,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -@@ -628,13 +570,9 @@ static void log_gpasswd_success (const c +@@ -627,13 +569,9 @@ static void log_gpasswd_success (const c "password of group %s changed by %s%s", group, myname, suffix)); #ifdef WITH_AUDIT @@ -472,9 +472,9 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c ---- shadow-4.2.1/src/groupadd.c.audit-update 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/src/groupadd.c 2014-11-26 15:06:24.664660561 +0100 +diff -up shadow-4.3.1/src/groupadd.c.audit-update shadow-4.3.1/src/groupadd.c +--- shadow-4.3.1/src/groupadd.c.audit-update 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/src/groupadd.c 2016-08-22 17:21:15.444291144 +0200 @@ -127,6 +127,15 @@ static /*@noreturn@*/void usage (int sta exit (status); } @@ -579,7 +579,7 @@ diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c add_cleanup (cleanup_unlock_gshadow, NULL); } @@ -349,7 +352,7 @@ static void open_files (void) - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); - exit (E_GRP_UPDATE); @@ -650,10 +650,10 @@ diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c } } -diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c ---- shadow-4.2.1/src/groupdel.c.audit-update 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/src/groupdel.c 2014-11-26 15:06:24.665660564 +0100 -@@ -100,6 +100,15 @@ static /*@noreturn@*/void usage (int sta +diff -up shadow-4.3.1/src/groupdel.c.audit-update shadow-4.3.1/src/groupdel.c +--- shadow-4.3.1/src/groupdel.c.audit-update 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/src/groupdel.c 2016-08-22 17:21:15.445291147 +0200 +@@ -102,6 +102,15 @@ static /*@noreturn@*/void usage (int sta exit (status); } @@ -669,7 +669,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c /* * grp_update - update group file entries * -@@ -126,7 +135,7 @@ static void grp_update (void) +@@ -128,7 +137,7 @@ static void grp_update (void) fprintf (stderr, _("%s: cannot remove entry '%s' from %s\n"), Prog, group_name, gr_dbname ()); @@ -678,7 +678,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } #ifdef SHADOWGRP -@@ -138,7 +147,7 @@ static void grp_update (void) +@@ -140,7 +149,7 @@ static void grp_update (void) fprintf (stderr, _("%s: cannot remove entry '%s' from %s\n"), Prog, group_name, sgr_dbname ()); @@ -687,7 +687,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } } #endif /* SHADOWGRP */ -@@ -157,12 +166,12 @@ static void close_files (void) +@@ -159,12 +168,12 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); @@ -702,7 +702,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -182,12 +191,12 @@ static void close_files (void) +@@ -184,12 +193,12 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); @@ -718,7 +718,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -201,13 +210,6 @@ static void close_files (void) +@@ -203,13 +212,6 @@ static void close_files (void) } #endif /* SHADOWGRP */ @@ -732,7 +732,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name)); del_cleanup (cleanup_report_del_group); } -@@ -224,7 +226,7 @@ static void open_files (void) +@@ -226,7 +228,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -741,7 +741,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } add_cleanup (cleanup_unlock_group, NULL); #ifdef SHADOWGRP -@@ -233,7 +235,7 @@ static void open_files (void) +@@ -235,7 +237,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -750,7 +750,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } add_cleanup (cleanup_unlock_gshadow, NULL); } -@@ -251,7 +253,7 @@ static void open_files (void) +@@ -253,7 +255,7 @@ static void open_files (void) _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); @@ -759,7 +759,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } #ifdef SHADOWGRP if (is_shadow_grp) { -@@ -260,7 +262,7 @@ static void open_files (void) +@@ -262,7 +264,7 @@ static void open_files (void) _("%s: cannot open %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); @@ -768,7 +768,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } } #endif /* SHADOWGRP */ -@@ -301,7 +303,7 @@ static void group_busy (gid_t gid) +@@ -303,7 +305,7 @@ static void group_busy (gid_t gid) fprintf (stderr, _("%s: cannot remove the primary group of user '%s'\n"), Prog, pwd->pw_name); @@ -777,7 +777,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } /* -@@ -379,7 +381,7 @@ int main (int argc, char **argv) +@@ -384,7 +386,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot setup cleanup service.\n"), Prog); @@ -786,7 +786,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } process_flags (argc, argv); -@@ -393,7 +395,7 @@ int main (int argc, char **argv) +@@ -398,7 +400,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); @@ -795,7 +795,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh); -@@ -414,7 +416,7 @@ int main (int argc, char **argv) +@@ -419,7 +421,7 @@ int main (int argc, char **argv) if (NULL != pamh) { (void) pam_end (pamh, retval); } @@ -804,7 +804,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } (void) pam_end (pamh, retval); #endif /* USE_PAM */ -@@ -434,7 +436,7 @@ int main (int argc, char **argv) +@@ -439,7 +441,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group '%s' does not exist\n"), Prog, group_name); @@ -813,7 +813,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } group_id = grp->gr_gid; -@@ -458,7 +460,7 @@ int main (int argc, char **argv) +@@ -463,7 +465,7 @@ int main (int argc, char **argv) _("%s: %s is the NIS master\n"), Prog, nis_master); } @@ -822,9 +822,9 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c } #endif -diff -up shadow-4.2.1/src/groupmod.c.audit-update shadow-4.2.1/src/groupmod.c ---- shadow-4.2.1/src/groupmod.c.audit-update 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/src/groupmod.c 2014-11-26 15:06:24.665660564 +0100 +diff -up shadow-4.3.1/src/groupmod.c.audit-update shadow-4.3.1/src/groupmod.c +--- shadow-4.3.1/src/groupmod.c.audit-update 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/src/groupmod.c 2016-08-22 17:21:15.445291147 +0200 @@ -438,7 +438,7 @@ static void close_files (void) exit (E_GRP_UPDATE); } @@ -1018,9 +1018,9 @@ diff -up shadow-4.2.1/src/groupmod.c.audit-update shadow-4.2.1/src/groupmod.c // FIXME: add a system cleanup add_cleanup (cleanup_report_mod_group, &info_group); -diff -up shadow-4.2.1/src/chage.c.audit-update shadow-4.2.1/src/chage.c ---- shadow-4.2.1/src/chage.c.audit-update 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/src/chage.c 2014-11-26 15:06:24.663660558 +0100 +diff -up shadow-4.3.1/src/chage.c.audit-update shadow-4.3.1/src/chage.c +--- shadow-4.3.1/src/chage.c.audit-update 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/src/chage.c 2016-08-22 17:21:15.446291149 +0200 @@ -126,9 +126,10 @@ static /*@noreturn@*/void fail_exit (int #ifdef WITH_AUDIT @@ -1108,9 +1108,9 @@ diff -up shadow-4.2.1/src/chage.c.audit-update shadow-4.2.1/src/chage.c user_name, (unsigned int) user_uid, 1); } #endif -diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c ---- shadow-4.2.1/src/newgrp.c.audit-update 2014-11-26 15:06:24.660660548 +0100 -+++ shadow-4.2.1/src/newgrp.c 2014-11-26 15:06:24.666660567 +0100 +diff -up shadow-4.3.1/src/newgrp.c.audit-update shadow-4.3.1/src/newgrp.c +--- shadow-4.3.1/src/newgrp.c.audit-update 2016-08-22 17:21:15.439291131 +0200 ++++ shadow-4.3.1/src/newgrp.c 2016-08-22 17:21:15.446291149 +0200 @@ -206,11 +206,12 @@ static void check_perms (const struct gr strcmp (cpasswd, grp->gr_passwd) != 0) { #ifdef WITH_AUDIT @@ -1161,7 +1161,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c exit (EXIT_FAILURE); } -@@ -317,15 +306,27 @@ static void syslog_sg (const char *name, +@@ -320,15 +309,27 @@ static void syslog_sg (const char *name, is_newgrp ? "newgrp" : "sg", strerror (errno)); #ifdef WITH_AUDIT if (group) { @@ -1193,7 +1193,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -451,7 +452,7 @@ int main (int argc, char **argv) +@@ -456,7 +457,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL, @@ -1202,7 +1202,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c #endif SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)", (unsigned long) getuid ())); -@@ -567,15 +568,26 @@ int main (int argc, char **argv) +@@ -572,15 +573,26 @@ int main (int argc, char **argv) perror ("getgroups"); #ifdef WITH_AUDIT if (group) { @@ -1233,7 +1233,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -716,10 +728,10 @@ int main (int argc, char **argv) +@@ -721,10 +733,10 @@ int main (int argc, char **argv) perror ("setgid"); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1246,7 +1246,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c #endif exit (EXIT_FAILURE); } -@@ -728,10 +740,10 @@ int main (int argc, char **argv) +@@ -733,10 +745,10 @@ int main (int argc, char **argv) perror ("setuid"); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1259,7 +1259,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c #endif exit (EXIT_FAILURE); } -@@ -745,10 +757,10 @@ int main (int argc, char **argv) +@@ -750,10 +762,10 @@ int main (int argc, char **argv) execl (SHELL, "sh", "-c", command, (char *) 0); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1272,7 +1272,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c #endif perror (SHELL); exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC); -@@ -812,11 +824,11 @@ int main (int argc, char **argv) +@@ -817,11 +829,11 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT @@ -1286,7 +1286,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c #endif /* * Exec the login shell and go away. We are trying to get back to -@@ -840,15 +852,24 @@ int main (int argc, char **argv) +@@ -845,15 +857,24 @@ int main (int argc, char **argv) closelog (); #ifdef WITH_AUDIT if (NULL != group) { @@ -1315,9 +1315,9 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c } #endif exit (EXIT_FAILURE); -diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c ---- shadow-4.2.1/src/useradd.c.audit-update 2014-11-26 15:06:24.648660511 +0100 -+++ shadow-4.2.1/src/useradd.c 2014-11-26 15:14:02.446087183 +0100 +diff -up shadow-4.3.1/src/useradd.c.audit-update shadow-4.3.1/src/useradd.c +--- shadow-4.3.1/src/useradd.c.audit-update 2016-08-22 17:21:15.410291055 +0200 ++++ shadow-4.3.1/src/useradd.c 2016-08-22 17:21:15.447291152 +0200 @@ -222,6 +222,8 @@ static void create_mail (void); */ static void fail_exit (int code) @@ -1636,7 +1636,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -2098,12 +2034,6 @@ int main (int argc, char **argv) +@@ -2100,12 +2036,6 @@ int main (int argc, char **argv) */ if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */ fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name); @@ -1649,7 +1649,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c fail_exit (E_NAME_IN_USE); } -@@ -2119,12 +2049,6 @@ int main (int argc, char **argv) +@@ -2121,12 +2051,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group %s exists - if you want to add this user to that group, use -g.\n"), Prog, user_name); @@ -1662,7 +1662,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c fail_exit (E_NAME_IN_USE); } } -@@ -2154,12 +2078,6 @@ int main (int argc, char **argv) +@@ -2156,12 +2080,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: UID %lu is not unique\n"), Prog, (unsigned long) user_id); @@ -1675,7 +1675,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c fail_exit (E_UID_IN_USE); } } -@@ -2223,9 +2141,10 @@ int main (int argc, char **argv) +@@ -2225,9 +2143,10 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT @@ -1689,9 +1689,9 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c #endif /* WITH_AUDIT */ rv = E_SE_UPDATE; } -diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c ---- shadow-4.2.1/src/userdel.c.audit-update 2014-11-26 15:06:24.655660533 +0100 -+++ shadow-4.2.1/src/userdel.c 2014-11-26 15:16:01.892459425 +0100 +diff -up shadow-4.3.1/src/userdel.c.audit-update shadow-4.3.1/src/userdel.c +--- shadow-4.3.1/src/userdel.c.audit-update 2016-08-22 17:21:15.418291076 +0200 ++++ shadow-4.3.1/src/userdel.c 2016-08-22 17:21:15.447291152 +0200 @@ -214,9 +214,9 @@ static void update_groups (void) * Update the DBM group file with the new entry as well. */ @@ -1766,7 +1766,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c fail_exit (E_PW_UPDATE); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); -#ifdef WITH_AUDIT @@ -1817,7 +1817,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c fail_exit (E_GRP_UPDATE); } gr_locked = true; - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); -#ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, @@ -1841,7 +1841,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c fail_exit (E_GRP_UPDATE); } sgr_locked= true; - if (sgr_open (O_RDWR) == 0) { + if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); -#ifdef WITH_AUDIT @@ -1866,7 +1866,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c fail_exit (E_SUB_UID_UPDATE); } sub_uid_locked = true; - if (sub_uid_open (O_RDWR) == 0) { + if (sub_uid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); -#ifdef WITH_AUDIT @@ -1891,7 +1891,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c fail_exit (E_SUB_GID_UPDATE); } sub_gid_locked = true; - if (sub_gid_open (O_RDWR) == 0) { + if (sub_gid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_gid_dbname ()); -#ifdef WITH_AUDIT @@ -2019,9 +2019,9 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c ---- shadow-4.2.1/src/usermod.c.audit-update 2014-11-26 15:06:24.661660551 +0100 -+++ shadow-4.2.1/src/usermod.c 2014-11-26 15:17:38.580760741 +0100 +diff -up shadow-4.3.1/src/usermod.c.audit-update shadow-4.3.1/src/usermod.c +--- shadow-4.3.1/src/usermod.c.audit-update 2016-08-22 17:21:15.441291136 +0200 ++++ shadow-4.3.1/src/usermod.c 2016-08-22 17:21:15.448291155 +0200 @@ -447,8 +447,8 @@ static char *new_pw_passwd (char *pw_pas #ifdef WITH_AUDIT @@ -2256,7 +2256,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'", user_newname, nsgrp->sg_name)); -@@ -1810,8 +1821,8 @@ static void move_home (void) +@@ -1758,8 +1769,8 @@ static void move_home (void) #ifdef WITH_AUDIT if (uflg || gflg) { @@ -2267,7 +2267,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -1829,8 +1840,8 @@ static void move_home (void) +@@ -1777,8 +1788,8 @@ static void move_home (void) fail_exit (E_HOMEDIR); } #ifdef WITH_AUDIT @@ -2278,7 +2278,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif -@@ -1849,9 +1860,9 @@ static void move_home (void) +@@ -1797,9 +1808,9 @@ static void move_home (void) Prog, user_home); } #ifdef WITH_AUDIT @@ -2290,7 +2290,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); -@@ -2055,8 +2066,8 @@ static void move_mailbox (void) +@@ -2003,8 +2014,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { @@ -2301,7 +2301,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -2074,8 +2085,8 @@ static void move_mailbox (void) +@@ -2022,8 +2033,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { @@ -2312,7 +2312,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -2217,8 +2228,8 @@ int main (int argc, char **argv) +@@ -2215,8 +2226,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT @@ -2323,7 +2323,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -2230,8 +2241,8 @@ int main (int argc, char **argv) +@@ -2228,8 +2239,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT @@ -2334,7 +2334,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -2269,8 +2280,8 @@ int main (int argc, char **argv) +@@ -2267,8 +2278,8 @@ int main (int argc, char **argv) */ #ifdef WITH_AUDIT if (uflg || gflg) { diff --git a/shadow-4.2.1-defs-chroot.patch b/shadow-4.3.1-defs-chroot.patch similarity index 60% rename from shadow-4.2.1-defs-chroot.patch rename to shadow-4.3.1-defs-chroot.patch index 827ad40..e57fac8 100644 --- a/shadow-4.2.1-defs-chroot.patch +++ b/shadow-4.3.1-defs-chroot.patch @@ -1,18 +1,18 @@ -diff -up shadow-4.2.1/src/useradd.c.defs-chroot shadow-4.2.1/src/useradd.c ---- shadow-4.2.1/src/useradd.c.defs-chroot 2014-12-01 15:14:58.000000000 +0100 -+++ shadow-4.2.1/src/useradd.c 2015-08-27 15:46:21.935698862 +0200 +diff -up shadow-4.3.1/src/useradd.c.defs-chroot shadow-4.3.1/src/useradd.c +--- shadow-4.3.1/src/useradd.c.defs-chroot 2016-08-22 17:13:29.420068883 +0200 ++++ shadow-4.3.1/src/useradd.c 2016-08-22 17:15:14.040343275 +0200 @@ -1938,8 +1938,8 @@ int main (int argc, char **argv) #endif /* ACCT_TOOLS_SETUID */ - /* Needed for userns check */ + #ifdef ENABLE_SUBIDS - uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); - uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); + uid_t uid_min; + uid_t uid_max; + #endif /* - * Get my name so that I can use it to report errors. -@@ -1957,6 +1957,9 @@ int main (int argc, char **argv) +@@ -1958,6 +1958,9 @@ int main (int argc, char **argv) audit_help_open (); #endif diff --git a/shadow-4.2.1-manfix.patch b/shadow-4.3.1-manfix.patch similarity index 81% rename from shadow-4.2.1-manfix.patch rename to shadow-4.3.1-manfix.patch index 2ca84b3..2aeb0a8 100644 --- a/shadow-4.2.1-manfix.patch +++ b/shadow-4.3.1-manfix.patch @@ -1,6 +1,6 @@ -diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xml ---- shadow-4.2.1/man/groupmems.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/man/groupmems.8.xml 2015-11-06 14:21:03.013060324 +0100 +diff -up shadow-4.3.1/man/groupmems.8.xml.manfix shadow-4.3.1/man/groupmems.8.xml +--- shadow-4.3.1/man/groupmems.8.xml.manfix 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/man/groupmems.8.xml 2016-08-22 17:08:48.486332066 +0200 @@ -179,20 +179,10 @@ SETUP @@ -25,9 +25,9 @@ diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xm -diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml ---- shadow-4.2.1/man/chage.1.xml.manfix 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/man/chage.1.xml 2014-11-26 15:34:51.256978960 +0100 +diff -up shadow-4.3.1/man/chage.1.xml.manfix shadow-4.3.1/man/chage.1.xml +--- shadow-4.3.1/man/chage.1.xml.manfix 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/man/chage.1.xml 2016-08-22 17:08:48.486332066 +0200 @@ -102,6 +102,9 @@ Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format @@ -38,9 +38,9 @@ diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml -diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/login.defs.5 ---- shadow-4.2.1/man/ja/man5/login.defs.5.manfix 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/man/ja/man5/login.defs.5 2016-01-08 09:58:29.591702354 +0100 +diff -up shadow-4.3.1/man/ja/man5/login.defs.5.manfix shadow-4.3.1/man/ja/man5/login.defs.5 +--- shadow-4.3.1/man/ja/man5/login.defs.5.manfix 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/man/ja/man5/login.defs.5 2016-08-22 17:08:48.486332066 +0200 @@ -147,10 +147,6 @@ 以下の参照表は、 shadow パスワード機能のどのプログラムが どのパラメータを使用するかを示したものである。 @@ -52,9 +52,9 @@ diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/l .IP groupadd 12 GID_MAX GID_MIN .IP newusers 12 -diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.xml ---- shadow-4.2.1/man/login.defs.5.xml.manfix 2014-03-13 06:52:55.000000000 +0100 -+++ shadow-4.2.1/man/login.defs.5.xml 2016-01-08 09:59:35.854169787 +0100 +diff -up shadow-4.3.1/man/login.defs.5.xml.manfix shadow-4.3.1/man/login.defs.5.xml +--- shadow-4.3.1/man/login.defs.5.xml.manfix 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/man/login.defs.5.xml 2016-08-22 17:08:48.487332069 +0200 @@ -162,6 +162,17 @@ long numeric parameters is machine-dependent. @@ -105,7 +105,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5. -@@ -350,34 +342,6 @@ +@@ -350,34 +343,6 @@ @@ -191,9 +191,9 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5. useradd -diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml ---- shadow-4.2.1/man/shadow.5.xml.manfix 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/man/shadow.5.xml 2015-10-27 16:54:29.304231353 +0100 +diff -up shadow-4.3.1/man/shadow.5.xml.manfix shadow-4.3.1/man/shadow.5.xml +--- shadow-4.3.1/man/shadow.5.xml.manfix 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/man/shadow.5.xml 2016-08-22 17:08:48.487332069 +0200 @@ -208,8 +208,8 @@ @@ -205,10 +205,10 @@ diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml An empty field means that there are no enforcement of an -diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml ---- shadow-4.2.1/man/useradd.8.xml.manfix 2014-11-26 15:34:51.234978891 +0100 -+++ shadow-4.2.1/man/useradd.8.xml 2014-11-26 15:34:51.257978963 +0100 -@@ -347,11 +347,16 @@ +diff -up shadow-4.3.1/man/useradd.8.xml.manfix shadow-4.3.1/man/useradd.8.xml +--- shadow-4.3.1/man/useradd.8.xml.manfix 2016-08-22 17:08:48.446331961 +0200 ++++ shadow-4.3.1/man/useradd.8.xml 2016-08-22 17:08:48.487332069 +0200 +@@ -347,6 +347,11 @@ is not enabled, no home directories are created. @@ -220,15 +220,9 @@ diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml - -- -+ , - - - -diff -up shadow-4.2.1/man/usermod.8.xml.manfix shadow-4.2.1/man/usermod.8.xml ---- shadow-4.2.1/man/usermod.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/man/usermod.8.xml 2014-11-26 15:34:51.257978963 +0100 +diff -up shadow-4.3.1/man/usermod.8.xml.manfix shadow-4.3.1/man/usermod.8.xml +--- shadow-4.3.1/man/usermod.8.xml.manfix 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/man/usermod.8.xml 2016-08-22 17:08:48.487332069 +0200 @@ -132,7 +132,8 @@ If the option is given, the contents of the current home directory will diff --git a/shadow-4.2.1-selinux-perms.patch b/shadow-4.3.1-selinux-perms.patch similarity index 79% rename from shadow-4.2.1-selinux-perms.patch rename to shadow-4.3.1-selinux-perms.patch index 7e7f70e..9469a7e 100644 --- a/shadow-4.2.1-selinux-perms.patch +++ b/shadow-4.3.1-selinux-perms.patch @@ -1,6 +1,6 @@ -diff -up shadow-4.2.1/src/chgpasswd.c.selinux-perms shadow-4.2.1/src/chgpasswd.c ---- shadow-4.2.1/src/chgpasswd.c.selinux-perms 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/src/chgpasswd.c 2016-05-30 11:57:53.635841186 +0200 +diff -up shadow-4.3.1/src/chgpasswd.c.selinux-perms shadow-4.3.1/src/chgpasswd.c +--- shadow-4.3.1/src/chgpasswd.c.selinux-perms 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/src/chgpasswd.c 2016-08-22 17:25:46.825011776 +0200 @@ -39,6 +39,13 @@ #include #include @@ -147,9 +147,9 @@ diff -up shadow-4.2.1/src/chgpasswd.c.selinux-perms shadow-4.2.1/src/chgpasswd.c /* * The updated group file entry is then put back and will * be written to the group file later, after all the -diff -up shadow-4.2.1/src/chpasswd.c.selinux-perms shadow-4.2.1/src/chpasswd.c ---- shadow-4.2.1/src/chpasswd.c.selinux-perms 2014-03-01 19:59:51.000000000 +0100 -+++ shadow-4.2.1/src/chpasswd.c 2016-05-30 11:58:23.034484807 +0200 +diff -up shadow-4.3.1/src/chpasswd.c.selinux-perms shadow-4.3.1/src/chpasswd.c +--- shadow-4.3.1/src/chpasswd.c.selinux-perms 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/src/chpasswd.c 2016-08-22 17:25:46.825011776 +0200 @@ -39,6 +39,13 @@ #include #include @@ -257,10 +257,10 @@ diff -up shadow-4.2.1/src/chpasswd.c.selinux-perms shadow-4.2.1/src/chpasswd.c /* * The updated password file entry is then put back and will * be written to the password file later, after all the -diff -up shadow-4.2.1/src/Makefile.am.selinux-perms shadow-4.2.1/src/Makefile.am ---- shadow-4.2.1/src/Makefile.am.selinux-perms 2016-05-27 16:04:00.896475284 +0200 -+++ shadow-4.2.1/src/Makefile.am 2016-05-27 16:04:00.899475353 +0200 -@@ -84,9 +84,9 @@ chage_LDADD = $(LDADD) $(LIBPAM_SUID) +diff -up shadow-4.3.1/src/Makefile.am.selinux-perms shadow-4.3.1/src/Makefile.am +--- shadow-4.3.1/src/Makefile.am.selinux-perms 2016-08-15 06:00:59.000000000 +0200 ++++ shadow-4.3.1/src/Makefile.am 2016-08-22 17:25:46.825011776 +0200 +@@ -87,9 +87,9 @@ chage_LDADD = $(LDADD) $(LIBPAM_SUID) newuidmap_LDADD = $(LDADD) $(LIBSELINUX) newgidmap_LDADD = $(LDADD) $(LIBSELINUX) chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) @@ -272,18 +272,3 @@ diff -up shadow-4.2.1/src/Makefile.am.selinux-perms shadow-4.2.1/src/Makefile.am gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -diff -up shadow-4.2.1/src/Makefile.in.selinux-perms shadow-4.2.1/src/Makefile.in ---- shadow-4.2.1/src/Makefile.in.selinux-perms 2016-05-27 16:04:00.896475284 +0200 -+++ shadow-4.2.1/src/Makefile.in 2016-05-27 16:04:00.899475353 +0200 -@@ -521,9 +521,9 @@ chage_LDADD = $(LDADD) $(LIBPAM_SUID) $( - newuidmap_LDADD = $(LDADD) $(LIBSELINUX) - newgidmap_LDADD = $(LDADD) $(LIBSELINUX) - chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) --chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) -+chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) --chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) -+chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT) - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)