diff --git a/shadow-4.1.5.1-orig-context.patch b/shadow-4.1.5.1-orig-context.patch new file mode 100644 index 0000000..63523df --- /dev/null +++ b/shadow-4.1.5.1-orig-context.patch @@ -0,0 +1,128 @@ +diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.c +--- shadow-4.1.5.1/lib/commonio.c.orig-context 2012-09-19 20:27:16.000000000 +0200 ++++ shadow-4.1.5.1/lib/commonio.c 2013-02-20 15:20:55.064962324 +0100 +@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db * + snprintf (buf, sizeof buf, "%s-", db->filename); + + #ifdef WITH_SELINUX +- if (set_selinux_file_context (buf) != 0) { ++ if (set_selinux_file_context (buf, db->filename) != 0) { + errors++; + } + #endif +@@ -975,7 +975,7 @@ int commonio_close (struct commonio_db * + snprintf (buf, sizeof buf, "%s+", db->filename); + + #ifdef WITH_SELINUX +- if (set_selinux_file_context (buf) != 0) { ++ if (set_selinux_file_context (buf, db->filename) != 0) { + errors++; + } + #endif +diff -up shadow-4.1.5.1/libmisc/copydir.c.orig-context shadow-4.1.5.1/libmisc/copydir.c +--- shadow-4.1.5.1/libmisc/copydir.c.orig-context 2012-02-13 20:16:32.000000000 +0100 ++++ shadow-4.1.5.1/libmisc/copydir.c 2013-02-20 15:19:01.495623232 +0100 +@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co + */ + + #ifdef WITH_SELINUX +- if (set_selinux_file_context (dst) != 0) { ++ if (set_selinux_file_context (dst, NULL) != 0) { + return -1; + } + #endif /* WITH_SELINUX */ +@@ -605,7 +605,7 @@ static int copy_symlink (const char *src + } + + #ifdef WITH_SELINUX +- if (set_selinux_file_context (dst) != 0) { ++ if (set_selinux_file_context (dst, NULL) != 0) { + free (oldlink); + return -1; + } +@@ -684,7 +684,7 @@ static int copy_special (const char *src + int err = 0; + + #ifdef WITH_SELINUX +- if (set_selinux_file_context (dst) != 0) { ++ if (set_selinux_file_context (dst, NULL) != 0) { + return -1; + } + #endif /* WITH_SELINUX */ +@@ -744,7 +744,7 @@ static int copy_file (const char *src, c + return -1; + } + #ifdef WITH_SELINUX +- if (set_selinux_file_context (dst) != 0) { ++ if (set_selinux_file_context (dst, NULL) != 0) { + return -1; + } + #endif /* WITH_SELINUX */ +diff -up shadow-4.1.5.1/lib/prototypes.h.orig-context shadow-4.1.5.1/lib/prototypes.h +--- shadow-4.1.5.1/lib/prototypes.h.orig-context 2012-01-08 17:04:29.000000000 +0100 ++++ shadow-4.1.5.1/lib/prototypes.h 2013-02-20 15:24:17.251126575 +0100 +@@ -295,7 +295,7 @@ extern /*@observer@*/const char *crypt_m + + /* selinux.c */ + #ifdef WITH_SELINUX +-extern int set_selinux_file_context (const char *dst_name); ++extern int set_selinux_file_context (const char *dst_name, const char *orig_name); + extern int reset_selinux_file_context (void); + #endif + +diff -up shadow-4.1.5.1/lib/selinux.c.orig-context shadow-4.1.5.1/lib/selinux.c +--- shadow-4.1.5.1/lib/selinux.c.orig-context 2012-01-08 17:35:44.000000000 +0100 ++++ shadow-4.1.5.1/lib/selinux.c 2013-02-20 15:16:40.383716877 +0100 +@@ -50,7 +50,7 @@ static bool selinux_enabled; + * Callers may have to Reset SELinux to create files with default + * contexts with reset_selinux_file_context + */ +-int set_selinux_file_context (const char *dst_name) ++int set_selinux_file_context (const char *dst_name, const char *orig_name) + { + /*@null@*/security_context_t scontext = NULL; + +@@ -62,19 +62,23 @@ int set_selinux_file_context (const char + if (selinux_enabled) { + /* Get the default security context for this file */ + if (matchpathcon (dst_name, 0, &scontext) < 0) { +- if (security_getenforce () != 0) { +- return 1; +- } ++ /* We could not get the default, copy the original */ ++ if (orig_name == NULL) ++ goto error; ++ if (getfilecon (orig_name, &scontext) < 0) ++ goto error; + } + /* Set the security context for the next created file */ +- if (setfscreatecon (scontext) < 0) { +- if (security_getenforce () != 0) { +- return 1; +- } +- } ++ if (setfscreatecon (scontext) < 0) ++ goto errror; + freecon (scontext); + } + return 0; ++ error: ++ if (security_getenforce () != 0) { ++ return 1; ++ } ++ return 0; + } + + /* +diff -up shadow-4.1.5.1/src/useradd.c.orig-context shadow-4.1.5.1/src/useradd.c +--- shadow-4.1.5.1/src/useradd.c.orig-context 2012-09-19 20:23:33.000000000 +0200 ++++ shadow-4.1.5.1/src/useradd.c 2013-02-20 15:19:31.221235459 +0100 +@@ -1759,7 +1759,7 @@ static void create_home (void) + { + if (access (user_home, F_OK) != 0) { + #ifdef WITH_SELINUX +- if (set_selinux_file_context (user_home) != 0) { ++ if (set_selinux_file_context (user_home, NULL) != 0) { + fail_exit (E_HOMEDIR); + } + #endif diff --git a/shadow-utils.spec b/shadow-utils.spec index d654df3..266aaec 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.1.5.1 -Release: 3%{?dist} +Release: 4%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 @@ -16,6 +16,7 @@ Patch6: shadow-4.1.5.1-selinux.patch Patch7: shadow-4.1.5-2ndskip.patch Patch8: shadow-4.1.5.1-backup-mode.patch Patch9: shadow-4.1.5.1-merge-group.patch +Patch10: shadow-4.1.5.1-orig-context.patch License: BSD and GPLv2+ Group: System Environment/Base BuildRequires: libselinux-devel >= 1.25.2-1 @@ -52,6 +53,7 @@ are used for managing group accounts. %patch7 -p1 -b .2ndskip %patch8 -p1 -b .backup-mode %patch9 -p1 -b .merge-group +%patch10 -p1 -b .orig-context iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -205,6 +207,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Wed Feb 20 2013 Tomas Mraz - 2:4.1.5.1-4 +- keep the original context if matchpathcon() fails (#912399) + * Tue Jan 29 2013 Tomas Mraz - 2:4.1.5.1-3 - fix bugs in merge_group_entries()